- now uses new sc_ui_get_pin function
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1568 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
5a27b4e81e
commit
ead350c269
|
@ -48,6 +48,7 @@
|
||||||
#include <opensc/pkcs15.h>
|
#include <opensc/pkcs15.h>
|
||||||
#include <opensc/pkcs15-init.h>
|
#include <opensc/pkcs15-init.h>
|
||||||
#include <opensc/log.h>
|
#include <opensc/log.h>
|
||||||
|
#include <opensc/ui.h>
|
||||||
#include "util.h"
|
#include "util.h"
|
||||||
|
|
||||||
|
|
||||||
|
@ -78,8 +79,6 @@ static int do_store_data_object(struct sc_profile *profile);
|
||||||
|
|
||||||
static void set_secrets(struct sc_profile *);
|
static void set_secrets(struct sc_profile *);
|
||||||
static int init_keyargs(struct sc_pkcs15init_prkeyargs *);
|
static int init_keyargs(struct sc_pkcs15init_prkeyargs *);
|
||||||
static int read_one_pin(struct sc_profile *, const char *,
|
|
||||||
const struct sc_pkcs15_pin_info *, int, char **);
|
|
||||||
static int get_pin_callback(struct sc_profile *profile,
|
static int get_pin_callback(struct sc_profile *profile,
|
||||||
int id, const struct sc_pkcs15_pin_info *info,
|
int id, const struct sc_pkcs15_pin_info *info,
|
||||||
const char *label,
|
const char *label,
|
||||||
|
@ -238,10 +237,6 @@ static char * action_names[] = {
|
||||||
"store data object"
|
"store data object"
|
||||||
};
|
};
|
||||||
|
|
||||||
/* Flags for read_one_pin */
|
|
||||||
#define READ_PIN_OPTIONAL 0x01
|
|
||||||
#define READ_PIN_RETYPE 0x02
|
|
||||||
|
|
||||||
#define MAX_CERTS 4
|
#define MAX_CERTS 4
|
||||||
#define MAX_SECRETS 16
|
#define MAX_SECRETS 16
|
||||||
struct secret {
|
struct secret {
|
||||||
|
@ -491,23 +486,42 @@ static int
|
||||||
do_init_app(struct sc_profile *profile)
|
do_init_app(struct sc_profile *profile)
|
||||||
{
|
{
|
||||||
struct sc_pkcs15init_initargs args;
|
struct sc_pkcs15init_initargs args;
|
||||||
struct sc_pkcs15_pin_info info;
|
sc_pkcs15_pin_info_t info;
|
||||||
|
sc_ui_hints_t hints;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
memset(&hints, 0, sizeof(hints));
|
||||||
|
hints.usage = SC_UI_USAGE_NEW_PIN;
|
||||||
|
hints.flags = SC_UI_PIN_RETYPE
|
||||||
|
| SC_UI_PIN_OPTIONAL
|
||||||
|
| SC_UI_PIN_CHECK_LENGTH
|
||||||
|
| SC_UI_PIN_MISMATCH_RETRY;
|
||||||
|
hints.card = card;
|
||||||
|
hints.p15card = NULL;
|
||||||
|
hints.info.pin = &info;
|
||||||
|
|
||||||
memset(&args, 0, sizeof(args));
|
memset(&args, 0, sizeof(args));
|
||||||
if (!opt_pins[2] && !opt_no_prompt && !opt_no_sopin) {
|
if (!opt_pins[2] && !opt_no_prompt && !opt_no_sopin) {
|
||||||
sc_pkcs15init_get_pin_info(profile,
|
sc_pkcs15init_get_pin_info(profile,
|
||||||
SC_PKCS15INIT_SO_PIN, &info);
|
SC_PKCS15INIT_SO_PIN, &info);
|
||||||
if (!read_one_pin(profile, "New security officer (SO) PIN",
|
|
||||||
&info, READ_PIN_RETYPE|READ_PIN_OPTIONAL,
|
hints.dialog_name = "pkcs15init.new_so_pin";
|
||||||
&opt_pins[2]))
|
hints.prompt = "New security officer (SO) PIN";
|
||||||
|
hints.obj_label = "Security Officer PIN";
|
||||||
|
|
||||||
|
if ((r = sc_ui_get_pin(&hints, &opt_pins[2])) < 0)
|
||||||
goto failed;
|
goto failed;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (opt_pins[2] && !opt_pins[3] && !opt_no_prompt) {
|
if (opt_pins[2] && !opt_pins[3] && !opt_no_prompt) {
|
||||||
sc_pkcs15init_get_pin_info(profile,
|
sc_pkcs15init_get_pin_info(profile,
|
||||||
SC_PKCS15INIT_SO_PUK, &info);
|
SC_PKCS15INIT_SO_PUK, &info);
|
||||||
if (!read_one_pin(profile, "Unlock code for new SO PIN",
|
|
||||||
&info, READ_PIN_RETYPE|READ_PIN_OPTIONAL,
|
hints.dialog_name = "pkcs15init.new_so_puk";
|
||||||
&opt_pins[3]))
|
hints.prompt = "Unblock code for new SO PIN";
|
||||||
|
hints.obj_label = "Security Officer Unblock PIN (PUK)";
|
||||||
|
|
||||||
|
if ((r = sc_ui_get_pin(&hints, &opt_pins[3])) < 0)
|
||||||
goto failed;
|
goto failed;
|
||||||
}
|
}
|
||||||
args.so_pin = (const u8 *) opt_pins[2];
|
args.so_pin = (const u8 *) opt_pins[2];
|
||||||
|
@ -521,7 +535,7 @@ do_init_app(struct sc_profile *profile)
|
||||||
|
|
||||||
return sc_pkcs15init_add_app(card, profile, &args);
|
return sc_pkcs15init_add_app(card, profile, &args);
|
||||||
|
|
||||||
failed:
|
failed: sc_error(card->ctx, "Failed to read PIN: %s\n", sc_strerror(r));
|
||||||
return SC_ERROR_PKCS15INIT;
|
return SC_ERROR_PKCS15INIT;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -532,7 +546,18 @@ static int
|
||||||
do_store_pin(struct sc_profile *profile)
|
do_store_pin(struct sc_profile *profile)
|
||||||
{
|
{
|
||||||
struct sc_pkcs15init_pinargs args;
|
struct sc_pkcs15init_pinargs args;
|
||||||
struct sc_pkcs15_pin_info info;
|
sc_pkcs15_pin_info_t info;
|
||||||
|
sc_ui_hints_t hints;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
memset(&hints, 0, sizeof(hints));
|
||||||
|
hints.usage = SC_UI_USAGE_NEW_PIN;
|
||||||
|
hints.flags = SC_UI_PIN_RETYPE
|
||||||
|
| SC_UI_PIN_CHECK_LENGTH
|
||||||
|
| SC_UI_PIN_MISMATCH_RETRY;
|
||||||
|
hints.card = card;
|
||||||
|
hints.p15card = p15card;
|
||||||
|
hints.info.pin = &info;
|
||||||
|
|
||||||
if (!opt_authid) {
|
if (!opt_authid) {
|
||||||
error("No auth id specified\n");
|
error("No auth id specified\n");
|
||||||
|
@ -542,9 +567,12 @@ do_store_pin(struct sc_profile *profile)
|
||||||
if (opt_pins[0] == NULL) {
|
if (opt_pins[0] == NULL) {
|
||||||
sc_pkcs15init_get_pin_info(profile,
|
sc_pkcs15init_get_pin_info(profile,
|
||||||
SC_PKCS15INIT_USER_PIN, &info);
|
SC_PKCS15INIT_USER_PIN, &info);
|
||||||
if (!read_one_pin(profile, "New user PIN", &info,
|
|
||||||
READ_PIN_RETYPE,
|
hints.dialog_name = "pkcs15init.new_user_pin";
|
||||||
&opt_pins[0]))
|
hints.prompt = "New user PIN";
|
||||||
|
hints.obj_label = "New User PIN";
|
||||||
|
|
||||||
|
if ((r = sc_ui_get_pin(&hints, &opt_pins[0])) < 0)
|
||||||
goto failed;
|
goto failed;
|
||||||
}
|
}
|
||||||
if (*opt_pins[0] == '\0') {
|
if (*opt_pins[0] == '\0') {
|
||||||
|
@ -554,10 +582,13 @@ do_store_pin(struct sc_profile *profile)
|
||||||
if (opt_pins[1] == NULL) {
|
if (opt_pins[1] == NULL) {
|
||||||
sc_pkcs15init_get_pin_info(profile,
|
sc_pkcs15init_get_pin_info(profile,
|
||||||
SC_PKCS15INIT_USER_PUK, &info);
|
SC_PKCS15INIT_USER_PUK, &info);
|
||||||
if (!read_one_pin(profile,
|
|
||||||
"Unlock code for new user PIN", &info,
|
hints.dialog_name = "pkcs15init.new_user_pin";
|
||||||
READ_PIN_RETYPE|READ_PIN_OPTIONAL,
|
hints.prompt = "Unblock code for New user PIN";
|
||||||
&opt_pins[1]))
|
hints.obj_label = "New User Unblock PIN (PUK)";
|
||||||
|
hints.flags |= SC_UI_PIN_OPTIONAL;
|
||||||
|
|
||||||
|
if ((r = sc_ui_get_pin(&hints, &opt_pins[1])) < 0)
|
||||||
goto failed;
|
goto failed;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -571,7 +602,7 @@ do_store_pin(struct sc_profile *profile)
|
||||||
|
|
||||||
return sc_pkcs15init_store_pin(p15card, profile, &args);
|
return sc_pkcs15init_store_pin(p15card, profile, &args);
|
||||||
|
|
||||||
failed:
|
failed: sc_error(card->ctx, "Failed to read PIN: %s\n", sc_strerror(r));
|
||||||
return SC_ERROR_PKCS15INIT;
|
return SC_ERROR_PKCS15INIT;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -959,66 +990,8 @@ set_secrets(struct sc_profile *profile)
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Callbacks from the pkcs15init to retrieve PINs
|
* PIN retrieval callback
|
||||||
*/
|
*/
|
||||||
static int
|
|
||||||
read_one_pin(struct sc_profile *profile, const char *name,
|
|
||||||
const struct sc_pkcs15_pin_info *info,
|
|
||||||
int flags, char **out)
|
|
||||||
{
|
|
||||||
char *pin;
|
|
||||||
size_t len;
|
|
||||||
int retries = 5;
|
|
||||||
|
|
||||||
printf("%s required", name);
|
|
||||||
if (flags & READ_PIN_OPTIONAL)
|
|
||||||
printf(" (press return for no PIN)");
|
|
||||||
printf(".\n");
|
|
||||||
|
|
||||||
*out = NULL;
|
|
||||||
while (retries--) {
|
|
||||||
pin = getpass("Please enter PIN: ");
|
|
||||||
if (pin == NULL)
|
|
||||||
return SC_ERROR_INTERNAL;
|
|
||||||
len = strlen(pin);
|
|
||||||
if (len == 0 && (flags & READ_PIN_OPTIONAL))
|
|
||||||
break;
|
|
||||||
|
|
||||||
if (info && len < info->min_length) {
|
|
||||||
error("Password too short (%u characters min)",
|
|
||||||
info->min_length);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
if (info && len > info->max_length) {
|
|
||||||
error("Password too long (%u characters max)",
|
|
||||||
info->max_length);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
*out = strdup(pin);
|
|
||||||
if (flags & READ_PIN_RETYPE) {
|
|
||||||
memset(pin, 0, len);
|
|
||||||
pin = getpass("Please type again to verify: ");
|
|
||||||
if (strcmp(*out, pin)) {
|
|
||||||
fprintf(stderr, "PINs do not match; "
|
|
||||||
"please try again.\n");
|
|
||||||
free(*out);
|
|
||||||
*out = NULL;
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
memset(pin, 0, len);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (retries < 0) {
|
|
||||||
error("Giving up.");
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
get_pin_callback(struct sc_profile *profile,
|
get_pin_callback(struct sc_profile *profile,
|
||||||
int id, const struct sc_pkcs15_pin_info *info,
|
int id, const struct sc_pkcs15_pin_info *info,
|
||||||
|
@ -1074,8 +1047,27 @@ get_pin_callback(struct sc_profile *profile,
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!secret) {
|
if (!secret) {
|
||||||
if (!read_one_pin(profile, name, NULL, 0, &secret))
|
sc_ui_hints_t hints;
|
||||||
return SC_ERROR_INTERNAL;
|
char prompt[128];
|
||||||
|
int r;
|
||||||
|
|
||||||
|
snprintf(prompt, sizeof(prompt), "%s required", name);
|
||||||
|
|
||||||
|
memset(&hints, 0, sizeof(hints));
|
||||||
|
hints.dialog_name = "pkcs15init.get_pin";
|
||||||
|
hints.prompt = prompt;
|
||||||
|
hints.obj_label = name;
|
||||||
|
hints.usage = SC_UI_USAGE_OTHER;
|
||||||
|
hints.card = card;
|
||||||
|
hints.p15card = p15card;
|
||||||
|
|
||||||
|
if ((r = sc_ui_get_pin(&hints, &secret)) < 0) {
|
||||||
|
sc_error(card->ctx,
|
||||||
|
"Failed to read PIN from user: %s\n",
|
||||||
|
sc_strerror(r));
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
len = strlen(secret);
|
len = strlen(secret);
|
||||||
allocated = 1;
|
allocated = 1;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue