[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] Callback for PIN prompting per PKCS#11 URI
From: |
Stef Walter |
Subject: |
[PATCH] Callback for PIN prompting per PKCS#11 URI |
Date: |
Thu, 07 Jul 2011 19:32:38 +0200 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110428 Fedora/3.1.10-1.fc15 Thunderbird/3.1.10 |
Hi guys,
Currently in gnutls only one global callback for PIN prompting can be
registered. This causes problems with multiple libraries in the same
process using gnutls.
Attached is a patch which uses p11-kit to solve this problem in a
generic and flexible way [1].
p11-kit (0.2 and later) now allow registering of various callbacks for
different PKCS#11 URIs. It uses the 'pinfile' attribute of the URI to do
this. The PKCS#11 URI specification talks about applications specific
values 'pinfile' URI. These new p11-kit APIs do exactly that.
Usage example: I'm using this to implement support for smart cards in
GLib's new TLS code.
* GLib registers a callback with p11-kit for the 'pinfile' value:
gtls-database
* It includes pinfile=gtls-database in the various PKCS#11 URIs it
passes to gnutls.
* gnutls sees that there's a 'pinfile' attribute, and asks p11-kit to
request the PIN, which it does by calling the callback registered.
Incidentally, I think the name of 'pinfile' in the PKCS#11 URI spec
should be changed to 'pin' but that's a separate issue.
This patch is also available as a branch:
http://cgit.collabora.com/git/user/stefw/gnutls.git/log/?h=pinfile
Let me know if something looks amiss. This patch makes no ABI changes to
gnutls.
Cheers,
Stef
[1] http://p11-glue.freedesktop.org/doc/p11-kit/p11-kit-PIN-Callbacks.html
0001-pkcs11-Use-p11_kit_pin_xxx-functionality-when-pinfil.patch
Description: Text Data
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [PATCH] Callback for PIN prompting per PKCS#11 URI,
Stef Walter <=