src/p11common.c

   1 /*
   2  * Copyright (C) 2011 Free Software Foundation, Inc.
   3  * Author: Nikos Mavrogiannopoulos
   4  *
   5  * This file is part of GnuTLS.
   6  *
   7  * GnuTLS is free software: you can redistribute it and/or modify
   8  * it under the terms of the GNU General Public License as published by
   9  * the Free Software Foundation, either version 3 of the License, or
  10  * (at your option) any later version.
  11  *
  12  * GnuTLS is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  * GNU General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU General Public License
  18  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19  */
  20
  21 #include <config.h>
  22
  23 #include <getpass.h>
  24
  25 #include <stdio.h>
  26 #include <stdlib.h>
  27 #include <string.h>
  28 #include <gnutls/pkcs11.h>
  29 #include <p11common.h>
  30
  31 #define MIN(x,y) ((x)<(y))?(x):(y)
  32
  33 #define MAX_CACHE_TRIES 5
  34 static int
  35 pin_callback (void *user, int attempt, const char *token_url,
  36               const char *token_label, unsigned int flags, char *pin,
  37               size_t pin_max)
  38 {
  39   const char *password;
  40   const char * desc;
  41   int len, cache = MAX_CACHE_TRIES;
  42 /* allow caching of PIN */
  43   static char *cached_url = NULL;
  44   static char cached_pin[32] = "";
  45
  46   if (flags & GNUTLS_PKCS11_PIN_SO)
  47     desc = "security officer";
  48   else
  49     desc = "user";
  50
  51   if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY)
  52     {
  53       cache = 0;
  54       printf ("*** This is the final try before locking!\n");
  55     }
  56   if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW)
  57     {
  58       cache = 0;
  59       printf ("*** Only few tries left before locking!\n");
  60     }
  61
  62   if (cache > 0 && cached_url != NULL)
  63     {
  64       if (strcmp (cached_url, token_url) == 0)
  65         {
  66           if (strlen(pin) >= sizeof(cached_pin))
  67             {
  68               fprintf (stderr, "Too long PIN given\n");
  69               exit (1);
  70             }
  71
  72           strcpy (pin, cached_pin);
  73           cache--;
  74           return 0;
  75         }
  76     }
  77
  78   printf ("Token '%s' with URL '%s' ", token_label, token_url);
  79   printf ("requires %s PIN\n", desc);
  80
  81   password = getpass ("Enter PIN: ");
  82   if (password == NULL || password[0] == 0)
  83     {
  84       fprintf (stderr, "No password given\n");
  85       exit (1);
  86     }
  87
  88   len = MIN (pin_max, strlen (password));
  89   memcpy (pin, password, len);
  90   pin[len] = 0;
  91
  92   /* cache */
  93   strcpy (cached_pin, pin);
  94   free (cached_url);
  95   cached_url = strdup (token_url);
  96   cache = MAX_CACHE_TRIES;
  97
  98   return 0;
  99 }
 100
 101 static int
 102 token_callback (void *user, const char *label, const unsigned retry)
 103 {
 104   char buf[32];
 105   char *p;
 106
 107   if (retry > 0)
 108     {
 109       fprintf (stderr, "Could not find token %s\n", label);
 110       return -1;
 111     }
 112   printf ("Please insert token '%s' in slot and press enter\n", label);
 113   p = fgets (buf, sizeof (buf), stdin);
 114   if (p==NULL) return -1;
 115
 116   return 0;
 117 }
 118
 119 void
 120 pkcs11_common (void)
 121 {
 122
 123   gnutls_pkcs11_set_pin_function (pin_callback, NULL);
 124   gnutls_pkcs11_set_token_function (token_callback, NULL);
 125
 126 }