diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-22 03:33:43 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-22 03:33:43 +0000 |
commit | 70e3ad8231c4b93933bd2c9b05cc705c20013186 (patch) | |
tree | 5b049b68e4dc0bcc2add533cb0f864596b9bafb5 /scard.c | |
parent | 0b675b16595b6b84631ab9ebcccb3ecaa311d14e (diff) |
- markus@cvs.openbsd.org 2002/03/21 16:57:15
[scard.c]
remove const
Diffstat (limited to 'scard.c')
-rw-r--r-- | scard.c | 122 |
1 files changed, 118 insertions, 4 deletions
@@ -24,15 +24,16 @@ | |||
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | #ifdef SMARTCARD | 26 | #ifdef SMARTCARD |
27 | RCSID("$OpenBSD: scard.c,v 1.18 2002/03/21 16:38:06 markus Exp $"); | 27 | RCSID("$OpenBSD: scard.c,v 1.20 2002/03/21 16:57:15 markus Exp $"); |
28 | |||
29 | #include <openssl/engine.h> | 28 | #include <openssl/engine.h> |
29 | #include <openssl/evp.h> | ||
30 | #include <sectok.h> | 30 | #include <sectok.h> |
31 | 31 | ||
32 | #include "key.h" | 32 | #include "key.h" |
33 | #include "log.h" | 33 | #include "log.h" |
34 | #include "xmalloc.h" | 34 | #include "xmalloc.h" |
35 | #include "scard.h" | 35 | #include "scard.h" |
36 | #include "readpass.h" | ||
36 | 37 | ||
37 | #ifdef OPENSSL_VERSION_NUMBER | 38 | #ifdef OPENSSL_VERSION_NUMBER |
38 | #if OPENSSL_VERSION_NUMBER >= 0x00907000L | 39 | #if OPENSSL_VERSION_NUMBER >= 0x00907000L |
@@ -187,7 +188,7 @@ err: | |||
187 | /* private key operations */ | 188 | /* private key operations */ |
188 | 189 | ||
189 | static int | 190 | static int |
190 | sc_private_decrypt(int flen, const u_char *from, u_char *to, RSA *rsa, | 191 | sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, |
191 | int padding) | 192 | int padding) |
192 | { | 193 | { |
193 | u_char *padded = NULL; | 194 | u_char *padded = NULL; |
@@ -231,7 +232,7 @@ err: | |||
231 | } | 232 | } |
232 | 233 | ||
233 | static int | 234 | static int |
234 | sc_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, | 235 | sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, |
235 | int padding) | 236 | int padding) |
236 | { | 237 | { |
237 | u_char *padded = NULL; | 238 | u_char *padded = NULL; |
@@ -363,4 +364,117 @@ sc_get_key(const char *id) | |||
363 | } | 364 | } |
364 | return k; | 365 | return k; |
365 | } | 366 | } |
367 | |||
368 | #define NUM_RSA_KEY_ELEMENTS 5+1 | ||
369 | #define COPY_RSA_KEY(x, i) \ | ||
370 | do { \ | ||
371 | len = BN_num_bytes(prv->rsa->x); \ | ||
372 | elements[i] = xmalloc(len); \ | ||
373 | debug("#bytes %d", len); \ | ||
374 | if (BN_bn2bin(prv->rsa->x, elements[i]) < 0) \ | ||
375 | goto done; \ | ||
376 | } while (0) | ||
377 | |||
378 | static int | ||
379 | get_AUT0(char *aut0) | ||
380 | { | ||
381 | const EVP_MD *evp_md = EVP_sha1(); | ||
382 | EVP_MD_CTX md; | ||
383 | char *pass; | ||
384 | |||
385 | pass = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN); | ||
386 | if (pass == NULL) | ||
387 | return -1; | ||
388 | EVP_DigestInit(&md, evp_md); | ||
389 | EVP_DigestUpdate(&md, pass, strlen(pass)); | ||
390 | EVP_DigestFinal(&md, aut0, NULL); | ||
391 | memset(pass, 0, strlen(pass)); | ||
392 | xfree(pass); | ||
393 | return 0; | ||
394 | } | ||
395 | |||
396 | int | ||
397 | sc_put_key(Key *prv, const char *id) | ||
398 | { | ||
399 | u_char *elements[NUM_RSA_KEY_ELEMENTS]; | ||
400 | u_char key_fid[2]; | ||
401 | u_char DEFAUT0[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63}; | ||
402 | u_char AUT0[EVP_MAX_MD_SIZE]; | ||
403 | int len, status = -1, i, fd = -1, ret; | ||
404 | int sw = 0, cla = 0x00; | ||
405 | |||
406 | for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++) | ||
407 | elements[i] = NULL; | ||
408 | |||
409 | COPY_RSA_KEY(q, 0); | ||
410 | COPY_RSA_KEY(p, 1); | ||
411 | COPY_RSA_KEY(iqmp, 2); | ||
412 | COPY_RSA_KEY(dmq1, 3); | ||
413 | COPY_RSA_KEY(dmp1, 4); | ||
414 | COPY_RSA_KEY(n, 5); | ||
415 | len = BN_num_bytes(prv->rsa->n); | ||
416 | fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw); | ||
417 | if (fd < 0) { | ||
418 | error("sectok_open failed: %s", sectok_get_sw(sw)); | ||
419 | goto done; | ||
420 | } | ||
421 | if (! sectok_cardpresent(fd)) { | ||
422 | error("smartcard in reader %s not present", | ||
423 | sc_reader_id); | ||
424 | goto done; | ||
425 | } | ||
426 | ret = sectok_reset(fd, 0, NULL, &sw); | ||
427 | if (ret <= 0) { | ||
428 | error("sectok_reset failed: %s", sectok_get_sw(sw)); | ||
429 | goto done; | ||
430 | } | ||
431 | if ((cla = cyberflex_inq_class(fd)) < 0) { | ||
432 | error("cyberflex_inq_class failed"); | ||
433 | goto done; | ||
434 | } | ||
435 | memcpy(AUT0, DEFAUT0, sizeof(DEFAUT0)); | ||
436 | if (cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) { | ||
437 | if (get_AUT0(AUT0) < 0 || | ||
438 | cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) { | ||
439 | error("cyberflex_verify_AUT0 failed"); | ||
440 | goto done; | ||
441 | } | ||
442 | } | ||
443 | key_fid[0] = 0x00; | ||
444 | key_fid[1] = 0x12; | ||
445 | if (cyberflex_load_rsa_priv(fd, cla, key_fid, 5, 8*len, elements, | ||
446 | &sw) < 0) { | ||
447 | error("cyberflex_load_rsa_priv failed: %s", sectok_get_sw(sw)); | ||
448 | goto done; | ||
449 | } | ||
450 | if (!sectok_swOK(sw)) | ||
451 | goto done; | ||
452 | log("cyberflex_load_rsa_priv done"); | ||
453 | key_fid[0] = 0x73; | ||
454 | key_fid[1] = 0x68; | ||
455 | if (cyberflex_load_rsa_pub(fd, cla, key_fid, len, elements[5], | ||
456 | &sw) < 0) { | ||
457 | error("cyberflex_load_rsa_pub failed: %s", sectok_get_sw(sw)); | ||
458 | goto done; | ||
459 | } | ||
460 | if (!sectok_swOK(sw)) | ||
461 | goto done; | ||
462 | log("cyberflex_load_rsa_pub done"); | ||
463 | status = 0; | ||
464 | |||
465 | done: | ||
466 | memset(elements[0], '\0', BN_num_bytes(prv->rsa->q)); | ||
467 | memset(elements[1], '\0', BN_num_bytes(prv->rsa->p)); | ||
468 | memset(elements[2], '\0', BN_num_bytes(prv->rsa->iqmp)); | ||
469 | memset(elements[3], '\0', BN_num_bytes(prv->rsa->dmq1)); | ||
470 | memset(elements[4], '\0', BN_num_bytes(prv->rsa->dmp1)); | ||
471 | memset(elements[5], '\0', BN_num_bytes(prv->rsa->n)); | ||
472 | |||
473 | for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++) | ||
474 | if (elements[i]) | ||
475 | xfree(elements[i]); | ||
476 | if (fd != -1) | ||
477 | sectok_close(fd); | ||
478 | return (status); | ||
479 | } | ||
366 | #endif /* SMARTCARD */ | 480 | #endif /* SMARTCARD */ |