diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-07-16 19:51:01 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-07-16 19:51:01 +0200 |
commit | eacb2e35f561f2afe67c26a8939f0ad91d68c935 (patch) | |
tree | 02154616e2b5bddd173fc51295760eb6d3a1cfae | |
parent | 72cd1d2f53f2fe6b1c8b277a5e9a96097239caf9 (diff) | |
download | gnutls-eacb2e35f561f2afe67c26a8939f0ad91d68c935.tar.gz |
PIN callback function was made more generic than PKCS #11.
-rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 61 | ||||
-rw-r--r-- | lib/includes/gnutls/pkcs11.h | 65 | ||||
-rw-r--r-- | lib/pkcs11.c | 14 | ||||
-rw-r--r-- | lib/pkcs11_int.h | 2 | ||||
-rw-r--r-- | lib/pkcs11_privkey.c | 2 | ||||
-rw-r--r-- | lib/pkcs11_write.c | 2 |
6 files changed, 74 insertions, 72 deletions
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index f39813a094..4e2281edfe 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -1742,6 +1742,67 @@ int gnutls_load_file(const char* filename, gnutls_datum_t * data); int gnutls_url_is_supported (const char* url); + /* PIN callback */ +/** + * gnutls_pin_flag_t: + * @GNUTLS_PKCS11_PIN_USER: The PIN for the user. + * @GNUTLS_PKCS11_PIN_SO: The PIN for the security officer. + * @GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC: The PIN is for a specific action and key like signing. + * @GNUTLS_PKCS11_PIN_FINAL_TRY: This is the final try before blocking. + * @GNUTLS_PKCS11_PIN_COUNT_LOW: Few tries remain before token blocks. + * @GNUTLS_PKCS11_PIN_WRONG: Last given PIN was not correct. + * + * Enumeration of different PIN flags. + */ +typedef enum + { + GNUTLS_PKCS11_PIN_USER = (1 << 0), + GNUTLS_PKCS11_PIN_SO = (1 << 1), + GNUTLS_PKCS11_PIN_FINAL_TRY = (1 << 2), + GNUTLS_PKCS11_PIN_COUNT_LOW = (1 << 3), + GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC = (1 << 4), + GNUTLS_PKCS11_PIN_WRONG = (1 << 5), + } gnutls_pin_flag_t; + +/** + * gnutls_pin_callback_t: + * @userdata: user-controlled data from gnutls_pkcs11_set_pin_function(). + * @attempt: pin-attempt counter, initially 0. + * @token_url: PKCS11 URL. + * @token_label: label of PKCS11 token. + * @flags: a #gnutls_pin_flag_t flag. + * @pin: buffer to hold PIN, of size @pin_max. + * @pin_max: size of @pin buffer. + * + * Callback function type for PKCS#11 PIN entry. It is set by + * gnutls_pkcs11_set_pin_function(). + * + * The callback should provides the PIN code to unlock the token with + * label @token_label, specified by the URL @token_url. + * + * The PIN code, as a NUL-terminated ASCII string, should be copied + * into the @pin buffer (of maximum size @pin_max), and return 0 to + * indicate success. Alternatively, the callback may return a + * negative gnutls error code to indicate failure and cancel PIN entry + * (in which case, the contents of the @pin parameter are ignored). + * + * When a PIN is required, the callback will be invoked repeatedly + * (and indefinitely) until either the returned PIN code is correct, + * the callback returns failure, or the token refuses login (e.g. when + * the token is locked due to too many incorrect PINs!). For the + * first such invocation, the @attempt counter will have value zero; + * it will increase by one for each subsequent attempt. + * + * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on error. + * + * Since: 2.12.0 + **/ +typedef int (*gnutls_pin_callback_t) (void *userdata, int attempt, + const char *token_url, + const char *token_label, + unsigned int flags, + char *pin, size_t pin_max); + /* Gnutls error codes. The mapping to a TLS alert is also shown in * comments. */ diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h index e1dd841210..729b4c461a 100644 --- a/lib/includes/gnutls/pkcs11.h +++ b/lib/includes/gnutls/pkcs11.h @@ -57,65 +57,6 @@ typedef int (*gnutls_pkcs11_token_callback_t) (void *const userdata, const char *const label, unsigned retry); -/** - * gnutls_pkcs11_pin_flag_t: - * @GNUTLS_PKCS11_PIN_USER: The PIN for the user. - * @GNUTLS_PKCS11_PIN_SO: The PIN for the security officer. - * @GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC: The PIN is for a specific action and key like signing. - * @GNUTLS_PKCS11_PIN_FINAL_TRY: This is the final try before blocking. - * @GNUTLS_PKCS11_PIN_COUNT_LOW: Few tries remain before token blocks. - * @GNUTLS_PKCS11_PIN_WRONG: Last given PIN was not correct. - * - * Enumeration of different PIN flags. - */ -typedef enum - { - GNUTLS_PKCS11_PIN_USER = (1 << 0), - GNUTLS_PKCS11_PIN_SO = (1 << 1), - GNUTLS_PKCS11_PIN_FINAL_TRY = (1 << 2), - GNUTLS_PKCS11_PIN_COUNT_LOW = (1 << 3), - GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC = (1 << 4), - GNUTLS_PKCS11_PIN_WRONG = (1 << 5), - } gnutls_pkcs11_pin_flag_t; - -/** - * gnutls_pkcs11_pin_callback_t: - * @userdata: user-controlled data from gnutls_pkcs11_set_pin_function(). - * @attempt: pin-attempt counter, initially 0. - * @token_url: PKCS11 URL. - * @token_label: label of PKCS11 token. - * @flags: a #gnutls_pkcs11_pin_flag_t flag. - * @pin: buffer to hold PIN, of size @pin_max. - * @pin_max: size of @pin buffer. - * - * Callback function type for PKCS#11 PIN entry. It is set by - * gnutls_pkcs11_set_pin_function(). - * - * The callback should provides the PIN code to unlock the token with - * label @token_label, specified by the URL @token_url. - * - * The PIN code, as a NUL-terminated ASCII string, should be copied - * into the @pin buffer (of maximum size @pin_max), and return 0 to - * indicate success. Alternatively, the callback may return a - * negative gnutls error code to indicate failure and cancel PIN entry - * (in which case, the contents of the @pin parameter are ignored). - * - * When a PIN is required, the callback will be invoked repeatedly - * (and indefinitely) until either the returned PIN code is correct, - * the callback returns failure, or the token refuses login (e.g. when - * the token is locked due to too many incorrect PINs!). For the - * first such invocation, the @attempt counter will have value zero; - * it will increase by one for each subsequent attempt. - * - * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on error. - * - * Since: 2.12.0 - **/ -typedef int (*gnutls_pkcs11_pin_callback_t) (void *userdata, int attempt, - const char *token_url, - const char *token_label, - unsigned int flags, - char *pin, size_t pin_max); struct gnutls_pkcs11_obj_st; typedef struct gnutls_pkcs11_obj_st *gnutls_pkcs11_obj_t; @@ -135,13 +76,13 @@ void gnutls_pkcs11_deinit (void); void gnutls_pkcs11_set_token_function (gnutls_pkcs11_token_callback_t fn, void *userdata); -void gnutls_pkcs11_set_pin_function (gnutls_pkcs11_pin_callback_t fn, +void gnutls_pkcs11_set_pin_function (gnutls_pin_callback_t fn, void *userdata); void gnutls_pkcs11_advset_token_function (gnutls_pkcs11_token_callback_t fn, void *userdata); -void gnutls_pkcs11_advset_pin_function (gnutls_pkcs11_pin_callback_t fn, +void gnutls_pkcs11_advset_pin_function (gnutls_pin_callback_t fn, void *userdata); int gnutls_pkcs11_add_provider (const char *name, const char *params); @@ -301,7 +242,7 @@ gnutls_pkcs11_token_get_mechanism (const char *url, unsigned int idx, int gnutls_pkcs11_token_set_pin (const char *token_url, const char *oldpin, const char *newpin, - unsigned int flags /*gnutls_pkcs11_pin_flag_t */ + unsigned int flags /*gnutls_pin_flag_t */ ); int gnutls_pkcs11_token_get_url (unsigned int seq, diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 907cfbdc37..b35f8de833 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -74,7 +74,7 @@ static struct gnutls_pkcs11_provider_s providers[MAX_PROVIDERS]; static unsigned int active_providers = 0; static unsigned int initialized_registered = 0; -gnutls_pkcs11_pin_callback_t _gnutls_pin_func; +gnutls_pin_callback_t _gnutls_pin_func; void *_gnutls_pin_data; gnutls_pkcs11_token_callback_t _gnutls_token_func; @@ -641,17 +641,17 @@ gnutls_pkcs11_deinit (void) /** * gnutls_pkcs11_set_pin_function: - * @fn: The PIN callback, a gnutls_pkcs11_pin_callback_t() function. + * @fn: The PIN callback, a gnutls_pin_callback_t() function. * @userdata: data to be supplied to callback * * This function will set a callback function to be used when a PIN is * required for PKCS 11 operations. See - * gnutls_pkcs11_pin_callback_t() on how the callback should behave. + * gnutls_pin_callback_t() on how the callback should behave. * * Since: 2.12.0 **/ void -gnutls_pkcs11_set_pin_function (gnutls_pkcs11_pin_callback_t fn, +gnutls_pkcs11_set_pin_function (gnutls_pin_callback_t fn, void *userdata) { _gnutls_pin_func = fn; @@ -660,12 +660,12 @@ gnutls_pkcs11_set_pin_function (gnutls_pkcs11_pin_callback_t fn, /** * gnutls_pkcs11_advset_pin_function: - * @fn: The PIN callback, a gnutls_pkcs11_pin_callback_t() function. + * @fn: The PIN callback, a gnutls_pin_callback_t() function. * @userdata: data to be supplied to callback * * This function will set a callback function to be used when a PIN is * required for PKCS 11 operations. See - * gnutls_pkcs11_pin_callback_t() on how the callback should behave. + * gnutls_pin_callback_t() on how the callback should behave. * * This function unlike gnutls_pkcs11_set_pin_function() will only * set the provided function if it has not previously been set. @@ -673,7 +673,7 @@ gnutls_pkcs11_set_pin_function (gnutls_pkcs11_pin_callback_t fn, * Since: 3.1.0 **/ void -gnutls_pkcs11_advset_pin_function (gnutls_pkcs11_pin_callback_t fn, +gnutls_pkcs11_advset_pin_function (gnutls_pin_callback_t fn, void *userdata) { if (_gnutls_pin_func == NULL) diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h index 4da4107670..a77e610127 100644 --- a/lib/pkcs11_int.h +++ b/lib/pkcs11_int.h @@ -34,7 +34,7 @@ #include <p11-kit/uri.h> typedef unsigned char ck_bool_t; -extern gnutls_pkcs11_pin_callback_t _gnutls_pin_func; +extern gnutls_pin_callback_t _gnutls_pin_func; extern void *_gnutls_pin_data; struct pkcs11_session_info { diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index 1cc4d18c6b..800a45bd69 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -33,7 +33,7 @@ struct gnutls_pkcs11_privkey_st gnutls_pk_algorithm_t pk_algorithm; unsigned int flags; struct p11_kit_uri *info; - gnutls_pkcs11_pin_callback_t pin_func; + gnutls_pin_callback_t pin_func; void *pin_data; struct pkcs11_session_info sinfo; diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index ca72c8fe78..3549213f9c 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -755,7 +755,7 @@ gnutls_pkcs11_token_init (const char *token_url, * @token_url: A PKCS #11 URL specifying a token * @oldpin: old user's PIN * @newpin: new user's PIN - * @flags: one of #gnutls_pkcs11_pin_flag_t. + * @flags: one of #gnutls_pin_flag_t. * * This function will modify or set a user's PIN for the given token. * If it is called to set a user pin for first time the oldpin must |