[Opendnssec-develop] PIN daemon

Rick van Rein rick at openfortress.nl
Tue Aug 30 13:41:15 UTC 2011


Hello Rickard,

The API looks like it'll work.  It was not immediately
clear as a result of naming, so perhaps I may suggest
a few changes?  Also, the overview/introduction was at
the end of your explanation :)

> You could have two functions:
> hsm_prompt_pin(unsigned int id, const char *repository, void *data, int mode);
> hsm_block_pin(unsigned int id, const char *repository, void *data, int mode);

The second name confuses me.
Blocking a PIN sounds like making it unusable on the token.
May I suggest a name like hsm_await_pin() instead?

Should there not be a function hsm_forget_pin() as well?
I can imagine an operator wanting to do this without having
to resort to SYSV cmdline tools that forget to clear the
shared memory before setting it free!  The matching control
operation would be called "logout" I suppose.

> - "mode" is the type of mode the function should run in.

It is an enumerated value, right, not a set of OR-ed flags?

> hsm_prompt_pin() + HSM_PIN_FIRST = Return the PIN from the shared
> memory if there is one. If not, then prompt for one.
> hsm_prompt_pin() + HSM_PIN_RETRY = Prompt and return a PIN.
> hsm_prompt_pin() + HSM_PIN_SAVE = If we have prompted for a PIN, then
> save it in the shared memory.

Shouldn't you speak in terms of the PIN daemon with these flags?
That is, _MAY_PROMPT for _FIRST and _MUST_PROMPT for _RETRY?
Instead of hsm_prompt_pin() I would use a name hsm_retrieve_pin().

In the _SAVE's explanation, "we" would best be the same process,
in order to avoid DoS risks by other processes running it to
confuse our process.

Is it not clearer to have a separate hsm_save_pin() function
instead of a "mode" in a function called hsm_prompt_pin()?

> The daemons would initialize libhsm with the hsm_block_pin() and the
> other applications would use hsm_prompt_pin().

What happens if multiple calls from "other applications" try to get
the PIN entered at the same time?  I suspect it'll work, but it is
worth some explicit attention.

Hope this helps,


Cheers,
 -Rick



More information about the Opendnssec-develop mailing list