[pkg-opensc-commit] [libp11] 04/13: SET_USER_INTERFACE and SET_CALLBACK_DATA added

Eric Dorland eric at moszumanska.debian.org
Mon May 22 03:43:00 UTC 2017 

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to annotated tag libp11-0.4.5
in repository libp11.

commit ef756be48e7b920eb2d809ba23a6bb06c1571bf9
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date:   Fri Feb 10 23:28:29 2017 +0100

    SET_USER_INTERFACE and SET_CALLBACK_DATA added
    
    Engine control commands added for certificate and CKU_CONTEXT_SPECIFIC PINs
---
 NEWS             |  2 ++
 src/eng_back.c   | 27 ++++++++++++++++++++++++---
 src/eng_front.c  |  8 ++++++++
 src/engine.h     |  2 ++
 src/libp11-int.h |  8 ++++----
 src/libp11.h     |  4 ++--
 src/p11_front.c  |  6 +++---
 src/p11_key.c    | 19 ++++++++++---------
 8 files changed, 55 insertions(+), 21 deletions(-)

diff --git a/NEWS b/NEWS
index 344341c..2f3f0fd 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,8 @@ NEWS for Libp11 -- History of user visible changes
 
 New in 0.4.5; unreleased
 * Prevented destroying existing keys/certs at login (Michał Trojnara)
+* SET_USER_INTERFACE and SET_CALLBACK_DATA engine ctrl commands added
+  for certificate and CKU_CONTEXT_SPECIFIC PINs (Michał Trojnara)
 
 New in 0.4.4; 2017-01-26; Michał Trojnara
 * Fixed a state reset caused by re-login on LOAD_CERT_CTRL engine ctrl;
diff --git a/src/eng_back.c b/src/eng_back.c
index c07d3da..4769d5d 100644
--- a/src/eng_back.c
+++ b/src/eng_back.c
@@ -47,6 +47,8 @@ struct st_engine_ctx {
 	int verbose;
 	char *module;
 	char *init_args;
+	UI_METHOD *ui_method;
+	void *callback_data;
 
 	/* Engine initialization mutex */
 #if OPENSSL_VERSION_NUMBER >= 0x10100004L
@@ -247,6 +249,7 @@ static void ctx_init_libp11_unlocked(ENGINE_CTX *ctx)
 
 	pkcs11_ctx = PKCS11_CTX_new();
 	PKCS11_CTX_init_args(pkcs11_ctx, ctx->init_args);
+	PKCS11_set_ui_method(pkcs11_ctx, ctx->ui_method, ctx->callback_data);
 
 	/* PKCS11_CTX_load() uses C_GetSlotList() via p11-kit */
 	if (PKCS11_CTX_load(pkcs11_ctx, ctx->module) < 0) {
@@ -495,9 +498,9 @@ static X509 *ctx_load_cert(ENGINE_CTX *ctx, const char *s_slot_cert_id,
 		fprintf(stderr, "Found token: %s\n", slot->token->label);
 	}
 
-	/* In several tokens certificates are marked as private.
-	 * We require a cached pin, as no UI method is available. */
-	if (login && ctx->pin && !ctx_login(ctx, slot, tok, NULL, NULL)) {
+	/* In several tokens certificates are marked as private */
+	if (login && !ctx_login(ctx, slot, tok,
+			ctx->ui_method, ctx->callback_data)) {
 		fprintf(stderr, "Login to token failed, returning NULL...\n");
 		return NULL;
 	}
@@ -902,6 +905,18 @@ static int ctx_ctrl_set_init_args(ENGINE_CTX *ctx, const char *init_args_orig)
 	return 1;
 }
 
+static int ctx_ctrl_set_user_interface(ENGINE_CTX *ctx, UI_METHOD *ui_method)
+{
+	ctx->ui_method = ui_method;
+	return 1;
+}
+
+static int ctx_ctrl_set_callback_data(ENGINE_CTX *ctx, void *callback_data)
+{
+	ctx->callback_data = callback_data;
+	return 1;
+}
+
 int ctx_engine_ctrl(ENGINE_CTX *ctx, int cmd, long i, void *p, void (*f)())
 {
 	(void)i; /* We don't currently take integer parameters */
@@ -918,6 +933,12 @@ int ctx_engine_ctrl(ENGINE_CTX *ctx, int cmd, long i, void *p, void (*f)())
 		return ctx_ctrl_load_cert(ctx, p);
 	case CMD_INIT_ARGS:
 		return ctx_ctrl_set_init_args(ctx, (const char *)p);
+	case ENGINE_CTRL_SET_USER_INTERFACE:
+	case CMD_SET_USER_INTERFACE:
+		return ctx_ctrl_set_user_interface(ctx, (UI_METHOD *)p);
+	case ENGINE_CTRL_SET_CALLBACK_DATA:
+	case CMD_SET_CALLBACK_DATA:
+		return ctx_ctrl_set_callback_data(ctx, p);
 	default:
 		break;
 	}
diff --git a/src/eng_front.c b/src/eng_front.c
index 8a8d232..b5464db 100644
--- a/src/eng_front.c
+++ b/src/eng_front.c
@@ -110,6 +110,14 @@ static const ENGINE_CMD_DEFN engine_cmd_defns[] = {
 		"INIT_ARGS",
 		"Specifies additional initialization arguments to the PKCS#11 module",
 		ENGINE_CMD_FLAG_STRING},
+	{CMD_SET_USER_INTERFACE,
+		"SET_USER_INTERFACE",
+		"Set the global user interface (internal)",
+		ENGINE_CMD_FLAG_INTERNAL},
+	{CMD_SET_CALLBACK_DATA,
+		"SET_CALLBACK_DATA",
+		"Set the global user interface extra data (internal)",
+		ENGINE_CMD_FLAG_INTERNAL},
 	{0, NULL, NULL, 0}
 };
 
diff --git a/src/engine.h b/src/engine.h
index 4cfd53b..e8aab25 100644
--- a/src/engine.h
+++ b/src/engine.h
@@ -46,6 +46,8 @@
 #define CMD_QUIET		(ENGINE_CMD_BASE+4)
 #define CMD_LOAD_CERT_CTRL	(ENGINE_CMD_BASE+5)
 #define CMD_INIT_ARGS	(ENGINE_CMD_BASE+6)
+#define CMD_SET_USER_INTERFACE	(ENGINE_CMD_BASE + 7)
+#define CMD_SET_CALLBACK_DATA	(ENGINE_CMD_BASE + 8)
 
 typedef struct st_engine_ctx ENGINE_CTX; /* opaque */
 
diff --git a/src/libp11-int.h b/src/libp11-int.h
index 6232440..f8006eb 100644
--- a/src/libp11-int.h
+++ b/src/libp11-int.h
@@ -47,6 +47,8 @@ typedef struct pkcs11_ctx_private {
 	CK_FUNCTION_LIST_PTR method;
 	void *handle;
 	char *init_args;
+	UI_METHOD *ui_method; /* UI_METHOD for CKU_CONTEXT_SPECIFIC PINs */
+	void *ui_user_data;
 	unsigned int forkid;
 	PKCS11_RWLOCK rwlock;
 } PKCS11_CTX_private;
@@ -94,8 +96,6 @@ typedef struct pkcs11_key_private {
 	PKCS11_TOKEN *parent;
 	CK_OBJECT_HANDLE object;
 	CK_BBOOL always_authenticate;
-	UI_METHOD *ui_method;
-	void *ui_user_data;
 	unsigned char id[255];
 	size_t id_len;
 	PKCS11_KEY_ops *ops;
@@ -276,8 +276,8 @@ extern PKCS11_KEY *pkcs11_find_key_from_key(PKCS11_KEY *key);
 extern int pkcs11_enumerate_certs(PKCS11_TOKEN *token,
 	PKCS11_CERT **certs, unsigned int *ncerts);
 
-/* Set UI method to allow retrieving PIN values interactively */
-extern int pkcs11_set_ui_method(PKCS11_KEY *key,
+/* Set UI method to allow retrieving CKU_CONTEXT_SPECIFIC PINs interactively */
+extern int pkcs11_set_ui_method(PKCS11_CTX *key,
 	UI_METHOD *ui_method, void *ui_user_data);
 
 /* Initialize a token */
diff --git a/src/libp11.h b/src/libp11.h
index bdc0929..f90f4ca 100644
--- a/src/libp11.h
+++ b/src/libp11.h
@@ -281,8 +281,8 @@ extern PKCS11_KEY *PKCS11_find_key_from_key(PKCS11_KEY *);
 /* Get a list of all certificates associated with this token */
 extern int PKCS11_enumerate_certs(PKCS11_TOKEN *, PKCS11_CERT **, unsigned int *);
 
-/* Set UI method to allow retrieving PIN values interactively */
-extern int PKCS11_set_ui_method(PKCS11_KEY *key,
+/* Set UI method to allow retrieving CKU_CONTEXT_SPECIFIC PINs interactively */
+extern int PKCS11_set_ui_method(PKCS11_CTX *ctx,
 	UI_METHOD *ui_method, void *ui_user_data);
 
 /**
diff --git a/src/p11_front.c b/src/p11_front.c
index 6844cb8..0294c87 100644
--- a/src/p11_front.c
+++ b/src/p11_front.c
@@ -379,11 +379,11 @@ int PKCS11_generate_random(PKCS11_SLOT *slot, unsigned char *r, unsigned int r_l
 	return pkcs11_generate_random(slot, r, r_len);
 }
 
-int PKCS11_set_ui_method(PKCS11_KEY *key, UI_METHOD *ui_method, void *ui_user_data)
+int PKCS11_set_ui_method(PKCS11_CTX *ctx, UI_METHOD *ui_method, void *ui_user_data)
 {
-	if (check_key_fork(key) < 0)
+	if (check_fork(ctx) < 0)
 		return -1;
-	return pkcs11_set_ui_method(key, ui_method, ui_user_data);
+	return pkcs11_set_ui_method(ctx, ui_method, ui_user_data);
 }
 
 /* External interface to the deprecated features */
diff --git a/src/p11_key.c b/src/p11_key.c
index 7df1d66..3250846 100644
--- a/src/p11_key.c
+++ b/src/p11_key.c
@@ -38,15 +38,15 @@ static int pkcs11_init_key(PKCS11_CTX *ctx, PKCS11_TOKEN *token,
 static int pkcs11_store_key(PKCS11_TOKEN *, EVP_PKEY *, unsigned int,
 	char *, unsigned char *, size_t, PKCS11_KEY **);
 
-/* Set UI method to allow retrieving PIN values interactively */
-int pkcs11_set_ui_method(PKCS11_KEY *key,
+/* Set UI method to allow retrieving CKU_CONTEXT_SPECIFIC PINs interactively */
+int pkcs11_set_ui_method(PKCS11_CTX *ctx,
 		UI_METHOD *ui_method, void *ui_user_data)
 {
-	PKCS11_KEY_private *kpriv = PRIVKEY(key);
-	if (kpriv == NULL)
+	PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
+	if (cpriv == NULL)
 		return -1;
-	kpriv->ui_method = ui_method;
-	kpriv->ui_user_data = ui_user_data;
+	cpriv->ui_method = ui_method;
+	cpriv->ui_user_data = ui_user_data;
 	return 0;
 }
 
@@ -343,6 +343,7 @@ int pkcs11_authenticate(PKCS11_KEY *key)
 	PKCS11_SLOT *slot = TOKEN2SLOT(token);
 	PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
 	PKCS11_CTX *ctx = SLOT2CTX(slot);
+	PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
 	char pin[MAX_PIN_LENGTH+1];
 	UI *ui;
 	int rv;
@@ -355,11 +356,11 @@ int pkcs11_authenticate(PKCS11_KEY *key)
 	}
 
 	/* Call UI to ask for a PIN */
-	ui = UI_new_method(kpriv->ui_method);
+	ui = UI_new_method(cpriv->ui_method);
 	if (ui == NULL)
 		return PKCS11_UI_FAILED;
-	if (kpriv->ui_user_data != NULL)
-		UI_add_user_data(ui, kpriv->ui_user_data);
+	if (cpriv->ui_user_data != NULL)
+		UI_add_user_data(ui, cpriv->ui_user_data);
 	memset(pin, 0, MAX_PIN_LENGTH+1);
 	if (!UI_add_input_string(ui, "PKCS#11 key PIN: ",
 			UI_INPUT_FLAG_DEFAULT_PWD, pin, 4, MAX_PIN_LENGTH)) {

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git

More information about the pkg-opensc-commit mailing list