[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fwd: LP#929108 support reading PIN from file when using PKCS#11 devi
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: Fwd: LP#929108 support reading PIN from file when using PKCS#11 devices |
Date: |
Mon, 16 Apr 2012 18:28:34 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:10.0.3) Gecko/20120329 Icedove/10.0.3 |
On 04/16/2012 06:02 PM, Stef Walter wrote:
> On 2012-04-15 20:42, Nikos Mavrogiannopoulos wrote:
>> Hello Stef,
>> I see the patch and I think it is based on a misunderstanding of what
>> pinfile is (or was). However, I'm not sure how the "pin" field is used
>> in p11-kit. Is there a way for someone to specify a pin in a file?
>
> p11-kit has functions to coordinate use of the pin-source (which used to
> called the pinfile) of a uri.
>
> Applications or libraries that which to 'provide' a PIN can install
> handlers for different values of pin-source. Gnutls (or other consumers
> of PINs) then call p11_kit_pin_request(), which will redirect to the
> correct pin-source handler.
>
> By default no pin-source handlers are installed. By adding the following
> default handler, p11-kit to default to treating pin-source (or pinfile)
> actual files. It will handle invocations of p11_kit_pin_request() by
> reading actual files:
>
> p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK,
> p11_kit_pin_file_callback,
> NULL, NULL);
>
> It's up to you if you want this as default behavior for gnutls. It may
> make sense.
Indeed it makes sense to be the default. Could this, however, have bad
interactions with other callbacks that may be registered by other
programs or libraries?
> The patch adds that line so I guess that's the real meat of the
> suggested change.
There is also a change to avoid calling retrieve_pin_for_pinfile if
attempts is zero. I've currently included it but although it seems
sensible for a file read, it might break other callbacks. Does the
p11-kit file read callback fail if the attempt is not the first one?
I've currently added the check, but if the file callback fails
I should remove it.
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=c1eddcfe663b9e3cb9a411f855e00f49811ff205
regards,
Nikos
- LP#929108 support reading PIN from file when using PKCS#11 devices, Andreas Metzler, 2012/04/15
- Message not available
- Re: Fwd: LP#929108 support reading PIN from file when using PKCS#11 devices, Stef Walter, 2012/04/16
- Re: Fwd: LP#929108 support reading PIN from file when using PKCS#11 devices, Stef Walter, 2012/04/16
- Re: Fwd: LP#929108 support reading PIN from file when using PKCS#11 devices, Nikos Mavrogiannopoulos, 2012/04/16
- Re: Fwd: LP#929108 support reading PIN from file when using PKCS#11 devices, Stef Walter, 2012/04/16
- Re: Fwd: LP#929108 support reading PIN from file when using PKCS#11 devices, Nikos Mavrogiannopoulos, 2012/04/16