]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
p11tool: added options to initialize a user and admin's PIN
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Thu, 10 Nov 2016 05:34:50 +0000 (06:34 +0100)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Sun, 13 Nov 2016 09:44:53 +0000 (10:44 +0100)
src/p11tool-args.def
src/p11tool.c
src/p11tool.h
src/pkcs11.c

index 9342d6ead03822909e49efc0c31d25939e96e7c7..f6910d8842b1632d74a7911738b480caa56d6f0d 100644 (file)
@@ -49,6 +49,18 @@ flag = {
     doc = "";
 };
 
+flag = {
+    name      = initialize-pin;
+    descrip   = "Initializes/Resets a PKCS #11 token user PIN";
+    doc = "";
+};
+
+flag = {
+    name      = initialize-so-pin;
+    descrip   = "Initializes/Resets a PKCS #11 token security officer PIN";
+    doc = "";
+};
+
 flag = {
     name      = set-pin;
     arg-type  = string;
index 80bcad039c2e6f6db1f393dede74f843f124f8e5..ff247835cd6b7f7d289fcbf0b2e989267676a8f5 100644 (file)
@@ -298,9 +298,13 @@ static void cmd_parser(int argc, char **argv)
                             flags, &cinfo);
        } else if (HAVE_OPT(TEST_SIGN)) {
                pkcs11_test_sign(outfile, url, flags, &cinfo);
-       } else if (HAVE_OPT(INITIALIZE))
+       } else if (HAVE_OPT(INITIALIZE)) {
                pkcs11_init(outfile, url, label, &cinfo);
-       else if (HAVE_OPT(DELETE))
+       } else if (HAVE_OPT(INITIALIZE_PIN)) {
+               pkcs11_set_pin(outfile, url, &cinfo, 0);
+       } else if (HAVE_OPT(INITIALIZE_SO_PIN)) {
+               pkcs11_set_pin(outfile, url, &cinfo, 1);
+       } else if (HAVE_OPT(DELETE))
                pkcs11_delete(outfile, url, flags, &cinfo);
        else if (HAVE_OPT(GENERATE_ECC)) {
                key_type = GNUTLS_PK_EC;
index e80c87547626edcd2863de8c4d5673f90c047b7a..dda598bb78ee987a9708328860cfad9b56b24c49 100644 (file)
@@ -49,6 +49,7 @@ void pkcs11_delete(FILE * outfile, const char *pkcs11_url,
                   unsigned int flags, common_info_st *);
 void pkcs11_init(FILE * outfile, const char *pkcs11_url, const char *label,
                 common_info_st *);
+void pkcs11_set_pin(FILE * outfile, const char *pkcs11_url, common_info_st *, unsigned so);
 void pkcs11_generate(FILE * outfile, const char *url,
                     gnutls_pk_algorithm_t type, unsigned int bits,
                     const char *label, const char *id, int detailed,
index 73341182521c6b4a9962c502b7bdafedfaf32241..6f028ed9d891161a422b6c8c64f69be423ea7915 100644 (file)
@@ -906,7 +906,7 @@ pkcs11_init(FILE * outfile, const char *url, const char *label,
        } else {
                pin = getenv("GNUTLS_PIN");
                if (pin == NULL && info->batch == 0)
-                       pin = getpass("Enter new User's PIN: ");
+                       pin = getpass("Enter User's new PIN: ");
                if (pin == NULL)
                        exit(1);
        }
@@ -927,6 +927,56 @@ pkcs11_init(FILE * outfile, const char *url, const char *label,
        return;
 }
 
+void
+pkcs11_set_pin(FILE * outfile, const char *url, common_info_st * info, unsigned so)
+{
+       int ret;
+       const char *pin;
+
+       pkcs11_common(info);
+
+       if (url == NULL) {
+               fprintf(stderr, "error: no token URL given to initialize!\n");
+               exit(1);
+       }
+
+       fprintf(stderr, "Setting token's user PIN...\n");
+
+       if (so) {
+               if (info->so_pin != NULL) {
+                       pin = info->so_pin;
+               } else {
+                       pin = getenv("GNUTLS_SO_PIN");
+                       if (pin == NULL && info->batch == 0)
+                               pin = getpass("Enter Administrators's new PIN: ");
+                       if (pin == NULL)
+                               exit(1);
+               }
+       } else {
+               if (info->pin != NULL) {
+                       pin = info->pin;
+               } else {
+                       pin = getenv("GNUTLS_PIN");
+                       if (pin == NULL && info->batch == 0)
+                               pin = getpass("Enter User's new PIN: ");
+                       if (pin == NULL)
+                               exit(1);
+               }
+       }
+
+       if (pin == NULL || pin[0] == '\n')
+               exit(1);
+
+       ret = gnutls_pkcs11_token_set_pin(url, NULL, pin, (so!=0)?GNUTLS_PIN_SO:GNUTLS_PIN_USER);
+       if (ret < 0) {
+               fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
+                       gnutls_strerror(ret));
+               exit(1);
+       }
+
+       return;
+}
+
 const char *mech_list[] = {
        [0] = "CKM_RSA_PKCS_KEY_PAIR_GEN",
        [1] = "CKM_RSA_PKCS",