diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-02-16 10:17:58 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-02-16 10:31:53 +0100 |
commit | ccdff2dc101e88dfa8662fe2f5bb84c4034d21c8 (patch) | |
tree | 519c5b5c8e7650edcaa487b2fe64542290aadd80 | |
parent | 1216eabdcb81b9d13fb3c422b411a8c1cd700ee7 (diff) | |
download | gnutls-ccdff2dc101e88dfa8662fe2f5bb84c4034d21c8.tar.gz |
cleaned up the PIN calling in TPM
-rw-r--r-- | doc/cha-tokens.texi | 5 | ||||
-rw-r--r-- | lib/gnutls_record.c | 2 | ||||
-rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 5 | ||||
-rw-r--r-- | lib/tpm.c | 16 | ||||
-rw-r--r-- | src/common.c | 8 |
5 files changed, 26 insertions, 10 deletions
diff --git a/doc/cha-tokens.texi b/doc/cha-tokens.texi index dd0de07ec9..eead0001d5 100644 --- a/doc/cha-tokens.texi +++ b/doc/cha-tokens.texi @@ -406,7 +406,10 @@ tpmkey:file=/path/to/file @end verbatim When objects require a PIN to be accessed the same callbacks as with PKCS #11 -objects are expected (see @ref{Accessing objects that require a PIN}). +objects are expected (see @ref{Accessing objects that require a PIN}). Note +that the PIN function may be called multiple times to unlock the SRK and +the specific key in use. The label in the key function will then be set to +`SRK' when unlocking the SRK key, or to `TPM' when unlocking any other key. @node Key generation @subsection Key generation diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index cfcdf351d5..5b7d47e465 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -177,7 +177,7 @@ gnutls_transport_set_int2 (gnutls_session_t session, * **/ void -gnutls_transport_set_ptr (gnutls_session_t session, int i) +gnutls_transport_set_int (gnutls_session_t session, int i) { session->internals.transport_recv_ptr = (gnutls_transport_ptr_t)(long)i; session->internals.transport_send_ptr = (gnutls_transport_ptr_t)(long)i; diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index bb36b1bcaf..872e4fdca0 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -1409,7 +1409,10 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session); const giovec_t * iov, int iovcnt); typedef int (*gnutls_errno_func) (gnutls_transport_ptr_t); - + +/* This will be defined as macro. + void gnutls_transport_set_int (gnutls_session_t session, int r); + */ void gnutls_transport_set_int2 (gnutls_session_t session, int r, int s); #define gnutls_transport_set_int(s, i) gnutls_transport_set_int2(s, i, i) @@ -194,23 +194,29 @@ int ret; if (uuid) { if (memcmp(uuid, &srk_uuid, sizeof(TSS_UUID)) == 0) - label = "SRK"; + { + label = "SRK"; + + ret = encode_tpmkey_url(&url, uuid, storage); + if (ret < 0) + return gnutls_assert_val(ret); + } else { + label = "TPM"; + ret = encode_tpmkey_url(&url, uuid, storage); if (ret < 0) return gnutls_assert_val(ret); - - label = url; } } else label = "unknown"; if (pin_info && pin_info->cb) - ret = pin_info->cb(pin_info->data, attempts, "TPM", label, flags, pin, pin_size); + ret = pin_info->cb(pin_info->data, attempts, url, label, flags, pin, pin_size); else if (_gnutls_pin_func) - ret = _gnutls_pin_func(_gnutls_pin_data, attempts, "TPM", label, flags, pin, pin_size); + ret = _gnutls_pin_func(_gnutls_pin_data, attempts, url, label, flags, pin, pin_size); else ret = gnutls_assert_val(GNUTLS_E_TPM_KEY_PASSWORD_ERROR); /* doesn't really matter */ diff --git a/src/common.c b/src/common.c index 412e776dc8..6a6ede25cf 100644 --- a/src/common.c +++ b/src/common.c @@ -984,7 +984,7 @@ pin_callback (void *user, int attempt, const char *token_url, if (cache > 0 && cached_url != NULL) { - if (strcmp (cached_url, token_url) == 0) + if (token_url != NULL && strcmp (cached_url, token_url) == 0) { if (strlen(pin) >= sizeof(cached_pin)) { @@ -1016,7 +1016,11 @@ pin_callback (void *user, int attempt, const char *token_url, /* cache */ strcpy (cached_pin, pin); free (cached_url); - cached_url = strdup (token_url); + if (token_url) + cached_url = strdup (token_url); + else + cached_url = NULL; + cache = MAX_CACHE_TRIES; return 0; |