- markus@cvs.openbsd.org 2002/03/21 16:57:15

[scard.c] remove const
author: Ben Lindstrom <mouring@eviladmin.org> 2002-03-22 03:33:43 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> 2002-03-22 03:33:43 +0000
commit: 70e3ad8231c4b93933bd2c9b05cc705c20013186 (patch)
tree: 5b049b68e4dc0bcc2add533cb0f864596b9bafb5 /scard.c
parent: 0b675b16595b6b84631ab9ebcccb3ecaa311d14e (diff)
1 files changed, 118 insertions, 4 deletions
diff --git a/scard.c b/scard.c
index 1d54df86f..7bd72d8ec 100644
--- a/scard.c
+++ b/scard.c
@@ -24,15 +24,16 @@
 #include "includes.h"
 #ifdef SMARTCARD
-RCSID("$OpenBSD: scard.c,v 1.18 2002/03/21 16:38:06 markus Exp $");
+RCSID("$OpenBSD: scard.c,v 1.20 2002/03/21 16:57:15 markus Exp $");
 #include <openssl/engine.h>
+#include <openssl/evp.h>
 #include <sectok.h>
 #include "key.h"
 #include "log.h"
 #include "xmalloc.h"
 #include "scard.h"
+#include "readpass.h"
 #ifdef OPENSSL_VERSION_NUMBER
 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
@@ -187,7 +188,7 @@ err:
 /* private key operations */
 static int
-sc_private_decrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
+sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa,
    int padding)
 {
        u_char *padded = NULL;
@@ -231,7 +232,7 @@ err:
 }
 static int
-sc_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
+sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa,
    int padding)
 {
        u_char *padded = NULL;
@@ -363,4 +364,117 @@ sc_get_key(const char *id)
        }
        return k;
 }
+#define NUM_RSA_KEY_ELEMENTS 5+1
+#define COPY_RSA_KEY(x, i) \
+        do { \
+                len = BN_num_bytes(prv->rsa->x); \
+                elements[i] = xmalloc(len); \
+                debug("#bytes %d", len); \
+                if (BN_bn2bin(prv->rsa->x, elements[i]) < 0) \
+                        goto done; \
+        } while (0)
+static int
+get_AUT0(char *aut0)
+{
+        const EVP_MD *evp_md = EVP_sha1();
+        EVP_MD_CTX md;
+        char *pass;
+        pass = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN);
+        if (pass == NULL)
+                return -1;
+        EVP_DigestInit(&md, evp_md);
+        EVP_DigestUpdate(&md, pass, strlen(pass));
+        EVP_DigestFinal(&md, aut0, NULL);
+        memset(pass, 0, strlen(pass));
+        xfree(pass);
+        return 0;
+}
+int
+sc_put_key(Key *prv, const char *id)
+{
+        u_char *elements[NUM_RSA_KEY_ELEMENTS];
+        u_char key_fid[2];
+        u_char DEFAUT0[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63};
+        u_char AUT0[EVP_MAX_MD_SIZE];
+        int len, status = -1, i, fd = -1, ret;
+        int sw = 0, cla = 0x00;
+        for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
+                elements[i] = NULL;
+        COPY_RSA_KEY(q, 0);
+        COPY_RSA_KEY(p, 1);
+        COPY_RSA_KEY(iqmp, 2);
+        COPY_RSA_KEY(dmq1, 3);
+        COPY_RSA_KEY(dmp1, 4);
+        COPY_RSA_KEY(n, 5);
+        len = BN_num_bytes(prv->rsa->n);
+        fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw);
+        if (fd < 0) {
+                error("sectok_open failed: %s", sectok_get_sw(sw));
+                goto done;
+        }
+        if (! sectok_cardpresent(fd)) {
+                error("smartcard in reader %s not present",
+                    sc_reader_id);
+                goto done;
+        }
+        ret = sectok_reset(fd, 0, NULL, &sw);
+        if (ret <= 0) {
+                error("sectok_reset failed: %s", sectok_get_sw(sw));
+                goto done;
+        }
+        if ((cla = cyberflex_inq_class(fd)) < 0) {
+                error("cyberflex_inq_class failed");
+                goto done;
+        }
+        memcpy(AUT0, DEFAUT0, sizeof(DEFAUT0));
+        if (cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
+                if (get_AUT0(AUT0) < 0 ||
+                    cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
+                        error("cyberflex_verify_AUT0 failed");
+                        goto done;
+                }
+        }
+        key_fid[0] = 0x00;
+        key_fid[1] = 0x12;
+        if (cyberflex_load_rsa_priv(fd, cla, key_fid, 5, 8*len, elements,
+            &sw) < 0) {
+                error("cyberflex_load_rsa_priv failed: %s", sectok_get_sw(sw));
+                goto done;
+        }
+        if (!sectok_swOK(sw))
+                goto done;
+        log("cyberflex_load_rsa_priv done");
+        key_fid[0] = 0x73;
+        key_fid[1] = 0x68;
+        if (cyberflex_load_rsa_pub(fd, cla, key_fid, len, elements[5],
+            &sw) < 0) {
+                error("cyberflex_load_rsa_pub failed: %s", sectok_get_sw(sw));
+                goto done;
+        }
+        if (!sectok_swOK(sw))
+                goto done;
+        log("cyberflex_load_rsa_pub done");
+        status = 0;
+done:
+        memset(elements[0], '\0', BN_num_bytes(prv->rsa->q));
+        memset(elements[1], '\0', BN_num_bytes(prv->rsa->p));
+        memset(elements[2], '\0', BN_num_bytes(prv->rsa->iqmp));
+        memset(elements[3], '\0', BN_num_bytes(prv->rsa->dmq1));
+        memset(elements[4], '\0', BN_num_bytes(prv->rsa->dmp1));
+        memset(elements[5], '\0', BN_num_bytes(prv->rsa->n));
+        for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
+                if (elements[i])
+                        xfree(elements[i]);
+        if (fd != -1)
+                sectok_close(fd);
+        return (status);
+}
 #endif /* SMARTCARD */
author	Ben Lindstrom <mouring@eviladmin.org>	2002-03-22 03:33:43 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	2002-03-22 03:33:43 +0000
commit	70e3ad8231c4b93933bd2c9b05cc705c20013186 (patch)
tree	5b049b68e4dc0bcc2add533cb0f864596b9bafb5 /scard.c
parent	0b675b16595b6b84631ab9ebcccb3ecaa311d14e (diff)

diff --git a/scard.c b/scard.c index 1d54df86f..7bd72d8ec 100644 --- a/scard.c +++ b/scard.c
@@ -24,15 +24,16 @@
24		24
25	#include "includes.h"	25	#include "includes.h"
26	#ifdef SMARTCARD	26	#ifdef SMARTCARD
27	RCSID("$OpenBSD: scard.c,v 1.18 2002/03/21 16:38:06 markus Exp $");	27	RCSID("$OpenBSD: scard.c,v 1.20 2002/03/21 16:57:15 markus Exp $");
28
29	#include <openssl/engine.h>	28	#include <openssl/engine.h>
		29	#include <openssl/evp.h>
30	#include <sectok.h>	30	#include <sectok.h>
31		31
32	#include "key.h"	32	#include "key.h"
33	#include "log.h"	33	#include "log.h"
34	#include "xmalloc.h"	34	#include "xmalloc.h"
35	#include "scard.h"	35	#include "scard.h"
		36	#include "readpass.h"
36		37
37	#ifdef OPENSSL_VERSION_NUMBER	38	#ifdef OPENSSL_VERSION_NUMBER
38	#if OPENSSL_VERSION_NUMBER >= 0x00907000L	39	#if OPENSSL_VERSION_NUMBER >= 0x00907000L
@@ -187,7 +188,7 @@ err:
187	/* private key operations */	188	/* private key operations */
188		189
189	static int	190	static int
190	sc_private_decrypt(int flen, const u_char from, u_char to, RSA *rsa,	191	sc_private_decrypt(int flen, u_char from, u_char to, RSA *rsa,
191	int padding)	192	int padding)
192	{	193	{
193	u_char *padded = NULL;	194	u_char *padded = NULL;
@@ -231,7 +232,7 @@ err:
231	}	232	}
232		233
233	static int	234	static int
234	sc_private_encrypt(int flen, const u_char from, u_char to, RSA *rsa,	235	sc_private_encrypt(int flen, u_char from, u_char to, RSA *rsa,
235	int padding)	236	int padding)
236	{	237	{
237	u_char *padded = NULL;	238	u_char *padded = NULL;
@@ -363,4 +364,117 @@ sc_get_key(const char *id)
363	}	364	}
364	return k;	365	return k;
365	}	366	}
		367
		368	#define NUM_RSA_KEY_ELEMENTS 5+1
		369	#define COPY_RSA_KEY(x, i) \
		370	do { \
		371	len = BN_num_bytes(prv->rsa->x); \
		372	elements[i] = xmalloc(len); \
		373	debug("#bytes %d", len); \
		374	if (BN_bn2bin(prv->rsa->x, elements[i]) < 0) \
		375	goto done; \
		376	} while (0)
		377
		378	static int
		379	get_AUT0(char *aut0)
		380	{
		381	const EVP_MD *evp_md = EVP_sha1();
		382	EVP_MD_CTX md;
		383	char *pass;
		384
		385	pass = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN);
		386	if (pass == NULL)
		387	return -1;
		388	EVP_DigestInit(&md, evp_md);
		389	EVP_DigestUpdate(&md, pass, strlen(pass));
		390	EVP_DigestFinal(&md, aut0, NULL);
		391	memset(pass, 0, strlen(pass));
		392	xfree(pass);
		393	return 0;
		394	}
		395
		396	int
		397	sc_put_key(Key prv, const char id)
		398	{
		399	u_char *elements[NUM_RSA_KEY_ELEMENTS];
		400	u_char key_fid[2];
		401	u_char DEFAUT0[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63};
		402	u_char AUT0[EVP_MAX_MD_SIZE];
		403	int len, status = -1, i, fd = -1, ret;
		404	int sw = 0, cla = 0x00;
		405
		406	for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
		407	elements[i] = NULL;
		408
		409	COPY_RSA_KEY(q, 0);
		410	COPY_RSA_KEY(p, 1);
		411	COPY_RSA_KEY(iqmp, 2);
		412	COPY_RSA_KEY(dmq1, 3);
		413	COPY_RSA_KEY(dmp1, 4);
		414	COPY_RSA_KEY(n, 5);
		415	len = BN_num_bytes(prv->rsa->n);
		416	fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw);
		417	if (fd < 0) {
		418	error("sectok_open failed: %s", sectok_get_sw(sw));
		419	goto done;
		420	}
		421	if (! sectok_cardpresent(fd)) {
		422	error("smartcard in reader %s not present",
		423	sc_reader_id);
		424	goto done;
		425	}
		426	ret = sectok_reset(fd, 0, NULL, &sw);
		427	if (ret <= 0) {
		428	error("sectok_reset failed: %s", sectok_get_sw(sw));
		429	goto done;
		430	}
		431	if ((cla = cyberflex_inq_class(fd)) < 0) {
		432	error("cyberflex_inq_class failed");
		433	goto done;
		434	}
		435	memcpy(AUT0, DEFAUT0, sizeof(DEFAUT0));
		436	if (cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
		437	if (get_AUT0(AUT0) < 0 \|\|
		438	cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
		439	error("cyberflex_verify_AUT0 failed");
		440	goto done;
		441	}
		442	}
		443	key_fid[0] = 0x00;
		444	key_fid[1] = 0x12;
		445	if (cyberflex_load_rsa_priv(fd, cla, key_fid, 5, 8*len, elements,
		446	&sw) < 0) {
		447	error("cyberflex_load_rsa_priv failed: %s", sectok_get_sw(sw));
		448	goto done;
		449	}
		450	if (!sectok_swOK(sw))
		451	goto done;
		452	log("cyberflex_load_rsa_priv done");
		453	key_fid[0] = 0x73;
		454	key_fid[1] = 0x68;
		455	if (cyberflex_load_rsa_pub(fd, cla, key_fid, len, elements[5],
		456	&sw) < 0) {
		457	error("cyberflex_load_rsa_pub failed: %s", sectok_get_sw(sw));
		458	goto done;
		459	}
		460	if (!sectok_swOK(sw))
		461	goto done;
		462	log("cyberflex_load_rsa_pub done");
		463	status = 0;
		464
		465	done:
		466	memset(elements[0], '\0', BN_num_bytes(prv->rsa->q));
		467	memset(elements[1], '\0', BN_num_bytes(prv->rsa->p));
		468	memset(elements[2], '\0', BN_num_bytes(prv->rsa->iqmp));
		469	memset(elements[3], '\0', BN_num_bytes(prv->rsa->dmq1));
		470	memset(elements[4], '\0', BN_num_bytes(prv->rsa->dmp1));
		471	memset(elements[5], '\0', BN_num_bytes(prv->rsa->n));
		472
		473	for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
		474	if (elements[i])
		475	xfree(elements[i]);
		476	if (fd != -1)
		477	sectok_close(fd);
		478	return (status);
		479	}
366	#endif /* SMARTCARD */	480	#endif /* SMARTCARD */