[pkg-opensc-commit] [libp11] 04/13: SET_USER_INTERFACE and SET_CALLBACK_DATA added
Eric Dorland
eric at moszumanska.debian.org
Mon May 22 03:43:00 UTC 2017
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to annotated tag libp11-0.4.5
in repository libp11.
commit ef756be48e7b920eb2d809ba23a6bb06c1571bf9
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date: Fri Feb 10 23:28:29 2017 +0100
SET_USER_INTERFACE and SET_CALLBACK_DATA added
Engine control commands added for certificate and CKU_CONTEXT_SPECIFIC PINs
---
NEWS | 2 ++
src/eng_back.c | 27 ++++++++++++++++++++++++---
src/eng_front.c | 8 ++++++++
src/engine.h | 2 ++
src/libp11-int.h | 8 ++++----
src/libp11.h | 4 ++--
src/p11_front.c | 6 +++---
src/p11_key.c | 19 ++++++++++---------
8 files changed, 55 insertions(+), 21 deletions(-)
diff --git a/NEWS b/NEWS
index 344341c..2f3f0fd 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,8 @@ NEWS for Libp11 -- History of user visible changes
New in 0.4.5; unreleased
* Prevented destroying existing keys/certs at login (Michał Trojnara)
+* SET_USER_INTERFACE and SET_CALLBACK_DATA engine ctrl commands added
+ for certificate and CKU_CONTEXT_SPECIFIC PINs (Michał Trojnara)
New in 0.4.4; 2017-01-26; Michał Trojnara
* Fixed a state reset caused by re-login on LOAD_CERT_CTRL engine ctrl;
diff --git a/src/eng_back.c b/src/eng_back.c
index c07d3da..4769d5d 100644
--- a/src/eng_back.c
+++ b/src/eng_back.c
@@ -47,6 +47,8 @@ struct st_engine_ctx {
int verbose;
char *module;
char *init_args;
+ UI_METHOD *ui_method;
+ void *callback_data;
/* Engine initialization mutex */
#if OPENSSL_VERSION_NUMBER >= 0x10100004L
@@ -247,6 +249,7 @@ static void ctx_init_libp11_unlocked(ENGINE_CTX *ctx)
pkcs11_ctx = PKCS11_CTX_new();
PKCS11_CTX_init_args(pkcs11_ctx, ctx->init_args);
+ PKCS11_set_ui_method(pkcs11_ctx, ctx->ui_method, ctx->callback_data);
/* PKCS11_CTX_load() uses C_GetSlotList() via p11-kit */
if (PKCS11_CTX_load(pkcs11_ctx, ctx->module) < 0) {
@@ -495,9 +498,9 @@ static X509 *ctx_load_cert(ENGINE_CTX *ctx, const char *s_slot_cert_id,
fprintf(stderr, "Found token: %s\n", slot->token->label);
}
- /* In several tokens certificates are marked as private.
- * We require a cached pin, as no UI method is available. */
- if (login && ctx->pin && !ctx_login(ctx, slot, tok, NULL, NULL)) {
+ /* In several tokens certificates are marked as private */
+ if (login && !ctx_login(ctx, slot, tok,
+ ctx->ui_method, ctx->callback_data)) {
fprintf(stderr, "Login to token failed, returning NULL...\n");
return NULL;
}
@@ -902,6 +905,18 @@ static int ctx_ctrl_set_init_args(ENGINE_CTX *ctx, const char *init_args_orig)
return 1;
}
+static int ctx_ctrl_set_user_interface(ENGINE_CTX *ctx, UI_METHOD *ui_method)
+{
+ ctx->ui_method = ui_method;
+ return 1;
+}
+
+static int ctx_ctrl_set_callback_data(ENGINE_CTX *ctx, void *callback_data)
+{
+ ctx->callback_data = callback_data;
+ return 1;
+}
+
int ctx_engine_ctrl(ENGINE_CTX *ctx, int cmd, long i, void *p, void (*f)())
{
(void)i; /* We don't currently take integer parameters */
@@ -918,6 +933,12 @@ int ctx_engine_ctrl(ENGINE_CTX *ctx, int cmd, long i, void *p, void (*f)())
return ctx_ctrl_load_cert(ctx, p);
case CMD_INIT_ARGS:
return ctx_ctrl_set_init_args(ctx, (const char *)p);
+ case ENGINE_CTRL_SET_USER_INTERFACE:
+ case CMD_SET_USER_INTERFACE:
+ return ctx_ctrl_set_user_interface(ctx, (UI_METHOD *)p);
+ case ENGINE_CTRL_SET_CALLBACK_DATA:
+ case CMD_SET_CALLBACK_DATA:
+ return ctx_ctrl_set_callback_data(ctx, p);
default:
break;
}
diff --git a/src/eng_front.c b/src/eng_front.c
index 8a8d232..b5464db 100644
--- a/src/eng_front.c
+++ b/src/eng_front.c
@@ -110,6 +110,14 @@ static const ENGINE_CMD_DEFN engine_cmd_defns[] = {
"INIT_ARGS",
"Specifies additional initialization arguments to the PKCS#11 module",
ENGINE_CMD_FLAG_STRING},
+ {CMD_SET_USER_INTERFACE,
+ "SET_USER_INTERFACE",
+ "Set the global user interface (internal)",
+ ENGINE_CMD_FLAG_INTERNAL},
+ {CMD_SET_CALLBACK_DATA,
+ "SET_CALLBACK_DATA",
+ "Set the global user interface extra data (internal)",
+ ENGINE_CMD_FLAG_INTERNAL},
{0, NULL, NULL, 0}
};
diff --git a/src/engine.h b/src/engine.h
index 4cfd53b..e8aab25 100644
--- a/src/engine.h
+++ b/src/engine.h
@@ -46,6 +46,8 @@
#define CMD_QUIET (ENGINE_CMD_BASE+4)
#define CMD_LOAD_CERT_CTRL (ENGINE_CMD_BASE+5)
#define CMD_INIT_ARGS (ENGINE_CMD_BASE+6)
+#define CMD_SET_USER_INTERFACE (ENGINE_CMD_BASE + 7)
+#define CMD_SET_CALLBACK_DATA (ENGINE_CMD_BASE + 8)
typedef struct st_engine_ctx ENGINE_CTX; /* opaque */
diff --git a/src/libp11-int.h b/src/libp11-int.h
index 6232440..f8006eb 100644
--- a/src/libp11-int.h
+++ b/src/libp11-int.h
@@ -47,6 +47,8 @@ typedef struct pkcs11_ctx_private {
CK_FUNCTION_LIST_PTR method;
void *handle;
char *init_args;
+ UI_METHOD *ui_method; /* UI_METHOD for CKU_CONTEXT_SPECIFIC PINs */
+ void *ui_user_data;
unsigned int forkid;
PKCS11_RWLOCK rwlock;
} PKCS11_CTX_private;
@@ -94,8 +96,6 @@ typedef struct pkcs11_key_private {
PKCS11_TOKEN *parent;
CK_OBJECT_HANDLE object;
CK_BBOOL always_authenticate;
- UI_METHOD *ui_method;
- void *ui_user_data;
unsigned char id[255];
size_t id_len;
PKCS11_KEY_ops *ops;
@@ -276,8 +276,8 @@ extern PKCS11_KEY *pkcs11_find_key_from_key(PKCS11_KEY *key);
extern int pkcs11_enumerate_certs(PKCS11_TOKEN *token,
PKCS11_CERT **certs, unsigned int *ncerts);
-/* Set UI method to allow retrieving PIN values interactively */
-extern int pkcs11_set_ui_method(PKCS11_KEY *key,
+/* Set UI method to allow retrieving CKU_CONTEXT_SPECIFIC PINs interactively */
+extern int pkcs11_set_ui_method(PKCS11_CTX *key,
UI_METHOD *ui_method, void *ui_user_data);
/* Initialize a token */
diff --git a/src/libp11.h b/src/libp11.h
index bdc0929..f90f4ca 100644
--- a/src/libp11.h
+++ b/src/libp11.h
@@ -281,8 +281,8 @@ extern PKCS11_KEY *PKCS11_find_key_from_key(PKCS11_KEY *);
/* Get a list of all certificates associated with this token */
extern int PKCS11_enumerate_certs(PKCS11_TOKEN *, PKCS11_CERT **, unsigned int *);
-/* Set UI method to allow retrieving PIN values interactively */
-extern int PKCS11_set_ui_method(PKCS11_KEY *key,
+/* Set UI method to allow retrieving CKU_CONTEXT_SPECIFIC PINs interactively */
+extern int PKCS11_set_ui_method(PKCS11_CTX *ctx,
UI_METHOD *ui_method, void *ui_user_data);
/**
diff --git a/src/p11_front.c b/src/p11_front.c
index 6844cb8..0294c87 100644
--- a/src/p11_front.c
+++ b/src/p11_front.c
@@ -379,11 +379,11 @@ int PKCS11_generate_random(PKCS11_SLOT *slot, unsigned char *r, unsigned int r_l
return pkcs11_generate_random(slot, r, r_len);
}
-int PKCS11_set_ui_method(PKCS11_KEY *key, UI_METHOD *ui_method, void *ui_user_data)
+int PKCS11_set_ui_method(PKCS11_CTX *ctx, UI_METHOD *ui_method, void *ui_user_data)
{
- if (check_key_fork(key) < 0)
+ if (check_fork(ctx) < 0)
return -1;
- return pkcs11_set_ui_method(key, ui_method, ui_user_data);
+ return pkcs11_set_ui_method(ctx, ui_method, ui_user_data);
}
/* External interface to the deprecated features */
diff --git a/src/p11_key.c b/src/p11_key.c
index 7df1d66..3250846 100644
--- a/src/p11_key.c
+++ b/src/p11_key.c
@@ -38,15 +38,15 @@ static int pkcs11_init_key(PKCS11_CTX *ctx, PKCS11_TOKEN *token,
static int pkcs11_store_key(PKCS11_TOKEN *, EVP_PKEY *, unsigned int,
char *, unsigned char *, size_t, PKCS11_KEY **);
-/* Set UI method to allow retrieving PIN values interactively */
-int pkcs11_set_ui_method(PKCS11_KEY *key,
+/* Set UI method to allow retrieving CKU_CONTEXT_SPECIFIC PINs interactively */
+int pkcs11_set_ui_method(PKCS11_CTX *ctx,
UI_METHOD *ui_method, void *ui_user_data)
{
- PKCS11_KEY_private *kpriv = PRIVKEY(key);
- if (kpriv == NULL)
+ PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
+ if (cpriv == NULL)
return -1;
- kpriv->ui_method = ui_method;
- kpriv->ui_user_data = ui_user_data;
+ cpriv->ui_method = ui_method;
+ cpriv->ui_user_data = ui_user_data;
return 0;
}
@@ -343,6 +343,7 @@ int pkcs11_authenticate(PKCS11_KEY *key)
PKCS11_SLOT *slot = TOKEN2SLOT(token);
PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
PKCS11_CTX *ctx = SLOT2CTX(slot);
+ PKCS11_CTX_private *cpriv = PRIVCTX(ctx);
char pin[MAX_PIN_LENGTH+1];
UI *ui;
int rv;
@@ -355,11 +356,11 @@ int pkcs11_authenticate(PKCS11_KEY *key)
}
/* Call UI to ask for a PIN */
- ui = UI_new_method(kpriv->ui_method);
+ ui = UI_new_method(cpriv->ui_method);
if (ui == NULL)
return PKCS11_UI_FAILED;
- if (kpriv->ui_user_data != NULL)
- UI_add_user_data(ui, kpriv->ui_user_data);
+ if (cpriv->ui_user_data != NULL)
+ UI_add_user_data(ui, cpriv->ui_user_data);
memset(pin, 0, MAX_PIN_LENGTH+1);
if (!UI_add_input_string(ui, "PKCS#11 key PIN: ",
UI_INPUT_FLAG_DEFAULT_PWD, pin, 4, MAX_PIN_LENGTH)) {
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git
More information about the pkg-opensc-commit
mailing list