src/p11common.c

   1 /*
   2  * Copyright (C) 2011-2012 Free Software Foundation, Inc.
   3  * Author: Nikos Mavrogiannopoulos
   4  *
   5  * This file is part of GnuTLS.
   6  *
   7  * GnuTLS is free software: you can redistribute it and/or modify
   8  * it under the terms of the GNU General Public License as published by
   9  * the Free Software Foundation, either version 3 of the License, or
  10  * (at your option) any later version.
  11  *
  12  * GnuTLS is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  * GNU General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU General Public License
  18  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19  */
  20
  21 #include <config.h>
  22
  23 #include <getpass.h>
  24
  25 #include <stdio.h>
  26 #include <stdlib.h>
  27 #include <string.h>
  28 #include <gnutls/pkcs11.h>
  29 #include <p11common.h>
  30
  31 #ifdef ENABLE_PKCS11
  32
  33 #define MIN(x,y) ((x)<(y))?(x):(y)
  34
  35 #define MAX_CACHE_TRIES 5
  36 static int
  37 pin_callback (void *user, int attempt, const char *token_url,
  38               const char *token_label, unsigned int flags, char *pin,
  39               size_t pin_max)
  40 {
  41   const char *password;
  42   const char * desc;
  43   int len, cache = MAX_CACHE_TRIES;
  44 /* allow caching of PIN */
  45   static char *cached_url = NULL;
  46   static char cached_pin[32] = "";
  47
  48   if (flags & GNUTLS_PKCS11_PIN_SO)
  49     desc = "security officer";
  50   else
  51     desc = "user";
  52
  53   if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY)
  54     {
  55       cache = 0;
  56       printf ("*** This is the final try before locking!\n");
  57     }
  58   if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW)
  59     {
  60       cache = 0;
  61       printf ("*** Only few tries left before locking!\n");
  62     }
  63
  64   if (flags & GNUTLS_PKCS11_PIN_WRONG)
  65     {
  66       cache = 0;
  67       printf ("*** Wrong PIN has been provided!\n");
  68     }
  69
  70   if (cache > 0 && cached_url != NULL)
  71     {
  72       if (strcmp (cached_url, token_url) == 0)
  73         {
  74           if (strlen(pin) >= sizeof(cached_pin))
  75             {
  76               fprintf (stderr, "Too long PIN given\n");
  77               exit (1);
  78             }
  79
  80           fprintf(stderr, "Re-using cached PIN for token '%s'\n", token_label);
  81           strcpy (pin, cached_pin);
  82           cache--;
  83           return 0;
  84         }
  85     }
  86
  87   printf ("Token '%s' with URL '%s' ", token_label, token_url);
  88   printf ("requires %s PIN\n", desc);
  89
  90   password = getpass ("Enter PIN: ");
  91   if (password == NULL || password[0] == 0)
  92     {
  93       fprintf (stderr, "No password given\n");
  94       exit (1);
  95     }
  96
  97   len = MIN (pin_max, strlen (password));
  98   memcpy (pin, password, len);
  99   pin[len] = 0;
 100
 101   /* cache */
 102   strcpy (cached_pin, pin);
 103   free (cached_url);
 104   cached_url = strdup (token_url);
 105   cache = MAX_CACHE_TRIES;
 106
 107   return 0;
 108 }
 109
 110 static int
 111 token_callback (void *user, const char *label, const unsigned retry)
 112 {
 113   char buf[32];
 114
 115   if (retry > 0)
 116     {
 117       fprintf (stderr, "Could not find token %s\n", label);
 118       return -1;
 119     }
 120   printf ("Please insert token '%s' in slot and press enter\n", label);
 121   fgets (buf, sizeof (buf), stdin);
 122
 123   return 0;
 124 }
 125
 126 void
 127 pkcs11_common (void)
 128 {
 129
 130   gnutls_pkcs11_set_pin_function (pin_callback, NULL);
 131   gnutls_pkcs11_set_token_function (token_callback, NULL);
 132
 133 }
 134
 135 #endif