diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-10-21 14:53:37 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-10-21 14:53:53 +0200 |
commit | 1b98c73104364c6b57d56b76b9faa01148deaaf1 (patch) | |
tree | 1f2a2e41180977309ff0bbdaa9fd484638767882 | |
parent | 0e75070b189bae947d53360913049248441a84d7 (diff) | |
download | gnutls-1b98c73104364c6b57d56b76b9faa01148deaaf1.tar.gz |
pkcs11: forward token flags to applications
That is, gnutls_pkcs11_token_get_flags() will not return the
most common/useful PKCS#11 token flags, in addition to trusted and HW
flags.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-rw-r--r-- | lib/includes/gnutls/pkcs11.h | 13 | ||||
-rw-r--r-- | lib/pkcs11.c | 46 |
2 files changed, 58 insertions, 1 deletions
diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h index 1ea635ed73..c3db2181aa 100644 --- a/lib/includes/gnutls/pkcs11.h +++ b/lib/includes/gnutls/pkcs11.h @@ -373,6 +373,19 @@ int gnutls_pkcs11_token_get_info(const char *url, #define GNUTLS_PKCS11_TOKEN_HW 1 #define GNUTLS_PKCS11_TOKEN_TRUSTED (1<<1) /* p11-kit trusted */ +#define GNUTLS_PKCS11_TOKEN_RNG (1<<2) /* CKF_RNG */ +#define GNUTLS_PKCS11_TOKEN_LOGIN_REQUIRED (1<<3) /* CKF_LOGIN_REQUIRED */ +#define GNUTLS_PKCS11_TOKEN_PROTECTED_AUTHENTICATION_PATH (1<<4) /* CKF_PROTECTED_AUTHENTICATION_PATH */ +#define GNUTLS_PKCS11_TOKEN_INITIALIZED (1<<5) /* CKF_TOKEN_INITIALIZED */ +#define GNUTLS_PKCS11_TOKEN_USER_PIN_COUNT_LOW (1<<6) /* CKF_USER_PIN_COUNT_LOW */ +#define GNUTLS_PKCS11_TOKEN_USER_PIN_FINAL_TRY (1<<7) /* CKF_USER_PIN_FINAL_TRY */ +#define GNUTLS_PKCS11_TOKEN_USER_PIN_LOCKED (1<<8) /* CKF_USER_PIN_LOCKED */ +#define GNUTLS_PKCS11_TOKEN_SO_PIN_COUNT_LOW (1<<9) /* CKF_SO_PIN_COUNT_LOW */ +#define GNUTLS_PKCS11_TOKEN_SO_PIN_FINAL_TRY (1<<10) /* CKF_SO_PIN_FINAL_TRY */ +#define GNUTLS_PKCS11_TOKEN_SO_PIN_LOCKED (1<<11) /* CKF_SO_PIN_LOCKED */ +#define GNUTLS_PKCS11_TOKEN_USER_PIN_INITIALIZED (1<<12) /* CKF_USER_PIN_INITIALIZED */ +#define GNUTLS_PKCS11_TOKEN_ERROR_STATE (1<<13) /* CKF_ERROR_STATE */ + int gnutls_pkcs11_token_get_flags(const char *url, unsigned int *flags); #define gnutls_pkcs11_obj_list_import_url(p_list, n_list, url, attrs, flags) gnutls_pkcs11_obj_list_import_url3(p_list, n_list, url, attrs|flags) diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 52836fece8..e014a6b5f8 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -59,7 +59,8 @@ struct gnutls_pkcs11_provider_st { struct find_flags_data_st { struct p11_kit_uri *info; - unsigned int slot_flags; + unsigned int slot_flags; /* Slot Information Flags */ + unsigned int token_flags; /* Token Information Flags */ unsigned int trusted; }; @@ -3360,6 +3361,7 @@ find_flags_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo else find_data->trusted = 0; find_data->slot_flags = sinfo->slot_info.flags; + find_data->token_flags = sinfo->tinfo.flags; return 0; } @@ -3402,9 +3404,51 @@ int gnutls_pkcs11_token_get_flags(const char *url, unsigned int *flags) } *flags = 0; + + /* read slot flags */ if (find_data.slot_flags & CKF_HW_SLOT) *flags |= GNUTLS_PKCS11_TOKEN_HW; + /* read token flags */ + if (find_data.token_flags & CKF_RNG) + *flags |= GNUTLS_PKCS11_TOKEN_RNG; + + if (find_data.token_flags & CKF_LOGIN_REQUIRED) + *flags |= GNUTLS_PKCS11_TOKEN_LOGIN_REQUIRED; + + if (find_data.token_flags & CKF_PROTECTED_AUTHENTICATION_PATH) + *flags |= GNUTLS_PKCS11_TOKEN_PROTECTED_AUTHENTICATION_PATH; + + if (find_data.token_flags & CKF_TOKEN_INITIALIZED) + *flags |= GNUTLS_PKCS11_TOKEN_INITIALIZED; + + if (find_data.token_flags & CKF_USER_PIN_COUNT_LOW) + *flags |= GNUTLS_PKCS11_TOKEN_USER_PIN_COUNT_LOW; + + if (find_data.token_flags & CKF_USER_PIN_FINAL_TRY) + *flags |= GNUTLS_PKCS11_TOKEN_USER_PIN_FINAL_TRY; + + if (find_data.token_flags & CKF_USER_PIN_LOCKED) + *flags |= GNUTLS_PKCS11_TOKEN_USER_PIN_LOCKED; + + if (find_data.token_flags & CKF_SO_PIN_COUNT_LOW) + *flags |= GNUTLS_PKCS11_TOKEN_SO_PIN_COUNT_LOW; + + if (find_data.token_flags & CKF_SO_PIN_FINAL_TRY) + *flags |= GNUTLS_PKCS11_TOKEN_SO_PIN_FINAL_TRY; + + if (find_data.token_flags & CKF_SO_PIN_LOCKED) + *flags |= GNUTLS_PKCS11_TOKEN_SO_PIN_LOCKED; + + if (find_data.token_flags & CKF_USER_PIN_INITIALIZED) + *flags |= GNUTLS_PKCS11_TOKEN_USER_PIN_INITIALIZED; + +#ifdef CKF_ERROR_STATE + if (find_data.token_flags & CKF_ERROR_STATE) + *flags |= GNUTLS_PKCS11_TOKEN_ERROR_STATE; +#endif + + /* other flags */ if (find_data.trusted != 0) *flags |= GNUTLS_PKCS11_TOKEN_TRUSTED; |