diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-07-20 22:07:20 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-07-20 22:07:20 +0200 |
| commit | 9ec660655aa8ff5b311489082c8482c85895f879 (patch) | |
| tree | a8c567479e15b752f79f52647a7bcf7592e18f21 /src/common.c | |
| parent | fc15e91b7bb8cfa4d1744e40a7712d4c457b9a80 (diff) | |
| download | gnutls-9ec660655aa8ff5b311489082c8482c85895f879.tar.gz | |
Eliminated p11common.c.
Diffstat (limited to 'src/common.c')
| -rw-r--r-- | src/common.c | 113 |
1 files changed, 110 insertions, 3 deletions
diff --git a/src/common.c b/src/common.c index 95de4b4af4..4b58d94efa 100644 --- a/src/common.c +++ b/src/common.c @@ -37,9 +37,11 @@ #include <time.h> #include <common.h> -#define SU(x) (x!=NULL?x:"Unknown") +#ifdef ENABLE_PKCS11 +# include <gnutls/pkcs11.h> +#endif -extern int verbose; +#define SU(x) (x!=NULL?x:"Unknown") const char str_unknown[] = "(unknown)"; @@ -579,7 +581,7 @@ print_ecdh_info (gnutls_session_t session, const char *str) } int -print_info (gnutls_session_t session, int print_cert) +print_info (gnutls_session_t session, int print_cert, int verbose) { const char *tmp; gnutls_credentials_type_t cred; @@ -1051,3 +1053,108 @@ int len = strlen(str); } return 0; } + +#define MIN(x,y) ((x)<(y))?(x):(y) +#define MAX_CACHE_TRIES 5 +int +pin_callback (void *user, int attempt, const char *token_url, + const char *token_label, unsigned int flags, char *pin, + size_t pin_max) +{ + const char *password; + const char * desc; + int len, cache = MAX_CACHE_TRIES; +/* allow caching of PIN */ + static char *cached_url = NULL; + static char cached_pin[32] = ""; + + if (flags & GNUTLS_PKCS11_PIN_SO) + desc = "security officer"; + else + desc = "user"; + + if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY) + { + cache = 0; + printf ("*** This is the final try before locking!\n"); + } + if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW) + { + cache = 0; + printf ("*** Only few tries left before locking!\n"); + } + + if (flags & GNUTLS_PKCS11_PIN_WRONG) + { + cache = 0; + printf ("*** Wrong PIN has been provided!\n"); + } + + if (cache > 0 && cached_url != NULL) + { + if (strcmp (cached_url, token_url) == 0) + { + if (strlen(pin) >= sizeof(cached_pin)) + { + fprintf (stderr, "Too long PIN given\n"); + exit (1); + } + + fprintf(stderr, "Re-using cached PIN for token '%s'\n", token_label); + strcpy (pin, cached_pin); + cache--; + return 0; + } + } + + printf ("Token '%s' with URL '%s' ", token_label, token_url); + printf ("requires %s PIN\n", desc); + + password = getpass ("Enter PIN: "); + if (password == NULL || password[0] == 0) + { + fprintf (stderr, "No password given\n"); + exit (1); + } + + len = MIN (pin_max, strlen (password)); + memcpy (pin, password, len); + pin[len] = 0; + + /* cache */ + strcpy (cached_pin, pin); + free (cached_url); + cached_url = strdup (token_url); + cache = MAX_CACHE_TRIES; + + return 0; +} + +#ifdef ENABLE_PKCS11 + +static int +token_callback (void *user, const char *label, const unsigned retry) +{ + char buf[32]; + + if (retry > 0) + { + fprintf (stderr, "Could not find token %s\n", label); + return -1; + } + printf ("Please insert token '%s' in slot and press enter\n", label); + fgets (buf, sizeof (buf), stdin); + + return 0; +} + +void +pkcs11_common (void) +{ + + gnutls_pkcs11_set_pin_function (pin_callback, NULL); + gnutls_pkcs11_set_token_function (token_callback, NULL); + +} + +#endif |