[kmf-discuss] Extension to the API
Darren J Moffat
Darren.Moffat at Sun.COM
Thu Mar 22 06:36:54 PDT 2007
Massimiliano Pala wrote:
> Hi all,
>
> I think I will definitely need at least two functionality that are not
> present in KMF today. The first one is the possibility to calculate digests
> directly, and the second on is the ability to get random bytes.
>
> I know that for the second I could use a /dev/random, but could you think
> about a very simple function like :
>
> rv = kmf_get_random_bytes (char *bytes, size)
Use PKCS#11 for lower level crypto functionality, in this case:
KMF_HANDLE_T kmf_handle;
CK_SESSION_HANDLE p11session;
KMF_Initialize(kmf_handle, ..., ...);
....
p11session = KMF_GetPK11Handle(kmf_handle);
rv = C_GenerateRandom(p11session, buf, sizeof (buf));
> On the other side, digest functionality, maybe a new data structure is
> required:
>
> rv = kmf_digest_init ( KMF_DIGEST *dgst, KMF_ALGOR_ID algor );
> rv = kmf_digest_update ( KMF_DIGEST *dgst, unsigned char *data,
> size_t len)
> rv = kmf_digest_finalize ( KMF_DIGEST *dgst );
>
> rv = kmf_digest_get ( KMF_DIGEST *dgst, unsigned char *hash,
> size_t *len);
Again use PKCS#11 - please do NOT use libmd directly that is really only
there for existing code that already uses MD5Init SHA1Init etc. Using
libmd will NOT give you access to hardware acceleration but using
PKCS#11 will.
Again use KMF_GetPK11Handle to get the PKCS#11 session handle from the
KMF one and then call:
KMF_HANDLE_T kmf_handle;
CK_SESSION_HANDLE p11session;
CK_MECHANISM mech;
p11session = KMF_GetPK11Handle(kmf_handle);
mech.mechanism = CKM_SHA_1;
rv = C_DigestInit(p11session, &mech);
rv = C_DigestUpdate(p11session, data, len);
rv = C_DigestFinal(p11session, hash, hash_len);
Nice and easy and no need to duplicate this API into KMF space.
--
Darren J Moffat
More information about the kmf-discuss
mailing list