p11tool: added options to initialize a user and admin's PIN

4 files changed, 70 insertions, 3 deletions

diff --git a/src/p11tool-args.def b/src/p11tool-args.def
index 9342d6ead0..f6910d8842 100644
--- a/src/p11tool-args.def
+++ b/src/p11tool-args.def
@@ -50,6 +50,18 @@ flag = {
 };
 
 flag = {
+    name      = initialize-pin;
+    descrip   = "Initializes/Resets a PKCS #11 token user PIN";
+    doc = "";
+};
+
+flag = {
+    name      = initialize-so-pin;
+    descrip   = "Initializes/Resets a PKCS #11 token security officer PIN";
+    doc = "";
+};
+
+flag = {
     name      = set-pin;
     arg-type  = string;
     descrip   = "Specify the PIN to use on token initialization";
diff --git a/src/p11tool.c b/src/p11tool.c
index 80bcad039c..ff247835cd 100644
--- a/src/p11tool.c
+++ b/src/p11tool.c
@@ -298,9 +298,13 @@ static void cmd_parser(int argc, char **argv)
 			     flags, &cinfo);
 	} else if (HAVE_OPT(TEST_SIGN)) {
 		pkcs11_test_sign(outfile, url, flags, &cinfo);
-	} else if (HAVE_OPT(INITIALIZE))
+	} else if (HAVE_OPT(INITIALIZE)) {
 		pkcs11_init(outfile, url, label, &cinfo);
-	else if (HAVE_OPT(DELETE))
+	} else if (HAVE_OPT(INITIALIZE_PIN)) {
+		pkcs11_set_pin(outfile, url, &cinfo, 0);
+	} else if (HAVE_OPT(INITIALIZE_SO_PIN)) {
+		pkcs11_set_pin(outfile, url, &cinfo, 1);
+	} else if (HAVE_OPT(DELETE))
 		pkcs11_delete(outfile, url, flags, &cinfo);
 	else if (HAVE_OPT(GENERATE_ECC)) {
 		key_type = GNUTLS_PK_EC;
diff --git a/src/p11tool.h b/src/p11tool.h
index e80c875476..dda598bb78 100644
--- a/src/p11tool.h
+++ b/src/p11tool.h
@@ -49,6 +49,7 @@ void pkcs11_delete(FILE * outfile, const char *pkcs11_url,
 		   unsigned int flags, common_info_st *);
 void pkcs11_init(FILE * outfile, const char *pkcs11_url, const char *label,
 		 common_info_st *);
+void pkcs11_set_pin(FILE * outfile, const char *pkcs11_url, common_info_st *, unsigned so);
 void pkcs11_generate(FILE * outfile, const char *url,
 		     gnutls_pk_algorithm_t type, unsigned int bits,
 		     const char *label, const char *id, int detailed,
diff --git a/src/pkcs11.c b/src/pkcs11.c
index 7334118252..6f028ed9d8 100644
--- a/src/pkcs11.c
+++ b/src/pkcs11.c
@@ -906,7 +906,7 @@ pkcs11_init(FILE * outfile, const char *url, const char *label,
 	} else {
 		pin = getenv("GNUTLS_PIN");
 		if (pin == NULL && info->batch == 0)
-			pin = getpass("Enter new User's PIN: ");
+			pin = getpass("Enter User's new PIN: ");
 		if (pin == NULL)
 			exit(1);
 	}
@@ -927,6 +927,56 @@ pkcs11_init(FILE * outfile, const char *url, const char *label,
 	return;
 }
 
+void
+pkcs11_set_pin(FILE * outfile, const char *url, common_info_st * info, unsigned so)
+{
+	int ret;
+	const char *pin;
+
+	pkcs11_common(info);
+
+	if (url == NULL) {
+		fprintf(stderr, "error: no token URL given to initialize!\n");
+		exit(1);
+	}
+
+	fprintf(stderr, "Setting token's user PIN...\n");
+
+	if (so) {
+		if (info->so_pin != NULL) {
+			pin = info->so_pin;
+		} else {
+			pin = getenv("GNUTLS_SO_PIN");
+			if (pin == NULL && info->batch == 0)
+				pin = getpass("Enter Administrators's new PIN: ");
+			if (pin == NULL)
+				exit(1);
+		}
+	} else {
+		if (info->pin != NULL) {
+			pin = info->pin;
+		} else {
+			pin = getenv("GNUTLS_PIN");
+			if (pin == NULL && info->batch == 0)
+				pin = getpass("Enter User's new PIN: ");
+			if (pin == NULL)
+				exit(1);
+		}
+	}
+
+	if (pin == NULL || pin[0] == '\n')
+		exit(1);
+
+	ret = gnutls_pkcs11_token_set_pin(url, NULL, pin, (so!=0)?GNUTLS_PIN_SO:GNUTLS_PIN_USER);
+	if (ret < 0) {
+		fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+			gnutls_strerror(ret));
+		exit(1);
+	}
+
+	return;
+}
+
 const char *mech_list[] = {
 	[0] = "CKM_RSA_PKCS_KEY_PAIR_GEN",
 	[1] = "CKM_RSA_PKCS",