Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sc-hsm-tool: Add options for public key authentication #1711

Closed
wants to merge 23 commits into from
Closed

sc-hsm-tool: Add options for public key authentication #1711

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
eee3f76
pkcs11-tool: Add prime521v1 curve
Mar 29, 2019
4a8d484
pkcs11-tool: Add secp521k1 curve
Mar 29, 2019
81ca015
sc-hsm-tool: Add options for public key auth
May 15, 2018
ccdbc6d
sc-hsm: Initialize card with public key auth
May 15, 2018
dec0dd3
sc-hsm-tool: Add option --export-for-pub-key-auth
Aug 8, 2018
0a074f5
sc-hsm-tool: Add option --register-public-key
Aug 8, 2018
9e5058c
sc-hsm-tool: Add option --public-key-auth-status
Jun 11, 2019
997b2f7
coding style
Jun 18, 2019
e9be520
convert spaces to tabs (consistent coding style)
Jun 20, 2019
ad35788
sc-hsm: use memcpy() instead of strncpy()
Jun 20, 2019
b340b09
sc-hsm: use smaller recvbuf
Jun 20, 2019
99faf14
sc-hsm: use sc_format_apdu_ex()
Jun 20, 2019
bf097e4
sc-hsm-tool: use fread_to_eof()
Jun 20, 2019
1e46ee4
sc-hsm: fix messed up formatting
Jun 20, 2019
60004bb
sc-hsm: fix error message
Jun 20, 2019
6c69699
sc-hsm-tool: improve argument checks
Jun 20, 2019
6287346
Revert "sc-hsm-tool: use fread_to_eof()"
Jun 20, 2019
5f14397
sc-hsm-tool: simplify argument checks
Jun 20, 2019
953b64f
sc-hsm-tool: use goto for error handling
Jun 20, 2019
de3d8e4
sc-hsm: strlen() -> strnlen()
Jun 20, 2019
5729c5e
sc-hsm-tool: check for expected tags (.pka files)
Jun 20, 2019
c06a843
adjust sc_format_apdu_ex() calls
Oct 17, 2019
1eddb58
check for possible out of bounds write
Oct 29, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Revert "sc-hsm-tool: use fread_to_eof()" 
This reverts commit a98d1c5.
  • Loading branch information
Frank Braun committed Oct 29, 2019
commit 6287346ce27b594edbf300c5b934b3de6672efc6
2 changes: 1 addition & 1 deletion src/tools/Makefile.am
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ openpgp_tool_SOURCES = openpgp-tool.c util.c
openpgp_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS)
iasecc_tool_SOURCES = iasecc-tool.c util.c
iasecc_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS)
sc_hsm_tool_SOURCES = sc-hsm-tool.c fread_to_eof.c util.c
sc_hsm_tool_SOURCES = sc-hsm-tool.c util.c
sc_hsm_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS)
dnie_tool_SOURCES = dnie-tool.c util.c
dnie_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS)
Expand Down
5 changes: 0 additions & 5 deletions src/tools/Makefile.mak
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,11 +52,6 @@ pkcs11-register.exe: pkcs11-register-cmdline.obj fread_to_eof.obj $(LIBS)
link $(LINKFLAGS) /pdb:$*.pdb /out:$@ $*.obj pkcs11-register-cmdline.obj fread_to_eof.obj versioninfo-tools.res $(LIBS) gdi32.lib shell32.lib User32.lib ws2_32.lib
mt -manifest exe.manifest -outputresource:$@;1

sc-hsm-tool.c.exe: sc-hsm-tool.obj fread_to_eof.obj $(OBJECTS) $(LIBS)
cl $(COPTS) /c $<
link $(LINKFLAGS) /pdb:$*.pdb /out:$@ $*.obj $(OBJECTS) $(LIBS) $(OPENSSL_LIB) gdi32.lib shell32.lib User32.lib ws2_32.lib
mt -manifest exe.manifest -outputresource:$@;1

.c.exe:
cl $(COPTS) /c $<
link $(LINKFLAGS) /pdb:$*.pdb /out:$@ $*.obj $(OBJECTS) $(LIBS) $(OPENSSL_LIB) gdi32.lib shell32.lib User32.lib ws2_32.lib
Expand Down
36 changes: 27 additions & 9 deletions src/tools/sc-hsm-tool.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,6 @@
#include "libopensc/asn1.h"
#include "libopensc/log.h"
#include "libopensc/card-sc-hsm.h"
#include "fread_to_eof.h"
#include "util.h"

static const char *app_name = "sc-hsm-tool";
Expand Down Expand Up @@ -1883,25 +1882,44 @@ static int register_public_key_with_card(sc_context_t *ctx, sc_card_t *card, con

static int register_public_key(sc_context_t *ctx, sc_card_t *card, const char *inf)
{
FILE *in;
struct stat sb;
u8 *pka;
u8 tag = SC_ASN1_TAG_CONSTRUCTED | SC_ASN1_TAG_SEQUENCE; /* 0x30 */
unsigned int cla_out, tag_out;
const u8 *buf;
const u8 *pk;
const u8 *devcert;
const u8 *dicacert;
size_t pkalen, taglen, pk_len, devcert_len, dicacert_len;
size_t taglen, pk_len, devcert_len, dicacert_len;
int r;

/* read .pka file */
if (fread_to_eof(inf, &pka, &pkalen)) {
if (!(in = fopen(inf, "rb"))) {
frankbraun marked this conversation as resolved.
Show resolved Hide resolved
perror(inf);
return -1;
}
if (fstat(fileno(in), &sb)) {
perror("cannot fstat");
fclose(in);
return -1;
}
if (pkalen == 0) {
if (sb.st_size == 0) {
fprintf(stderr, "File is empty\n");
fclose(in);
return -1;
}
if (!(pka = malloc(sb.st_size))) {
fprintf(stderr, "Malloc failed\n");
fclose(in);
return -1;
}
if (fread(pka, 1, sb.st_size, in) != (size_t)sb.st_size) {
perror(inf);
free(pka);
fclose(in);
return -1;
}
fclose(in);
if (pka[0] != tag) {
fprintf(stderr, "File does not contain a public key with certificates\n");
free(pka);
Expand All @@ -1910,14 +1928,14 @@ static int register_public_key(sc_context_t *ctx, sc_card_t *card, const char *i

/* read ASN.1 sequence */
buf = pka;
if ((r = sc_asn1_read_tag(&buf, pkalen, &cla_out, &tag_out, &taglen)) < 0) {
if ((r = sc_asn1_read_tag(&buf, sb.st_size, &cla_out, &tag_out, &taglen)) < 0) {
fprintf(stderr, "Error reading ASN.1 sequence: %s\n", sc_strerror(r));
free(pka);
return -1;
}

/* read public key */
if ((r = sc_asn1_read_tag(&buf, pkalen, &cla_out, &tag_out, &taglen)) < 0) {
if ((r = sc_asn1_read_tag(&buf, sb.st_size, &cla_out, &tag_out, &taglen)) < 0) {
frankbraun marked this conversation as resolved.
Show resolved Hide resolved
fprintf(stderr, "Error reading ASN.1 sequence: %s\n", sc_strerror(r));
free(pka);
return -1;
Expand All @@ -1927,7 +1945,7 @@ static int register_public_key(sc_context_t *ctx, sc_card_t *card, const char *i
buf += taglen;

/* read device certificate */
if ((r = sc_asn1_read_tag(&buf, pkalen, &cla_out, &tag_out, &taglen)) < 0) {
if ((r = sc_asn1_read_tag(&buf, sb.st_size, &cla_out, &tag_out, &taglen)) < 0) {
fprintf(stderr, "Error reading ASN.1 sequence: %s\n", sc_strerror(r));
free(pka);
return -1;
Expand All @@ -1937,7 +1955,7 @@ static int register_public_key(sc_context_t *ctx, sc_card_t *card, const char *i
buf += taglen;

/* read device CA */
if ((r = sc_asn1_read_tag(&buf, pkalen, &cla_out, &tag_out, &taglen)) < 0) {
if ((r = sc_asn1_read_tag(&buf, sb.st_size, &cla_out, &tag_out, &taglen)) < 0) {
frankbraun marked this conversation as resolved.
Show resolved Hide resolved
fprintf(stderr, "Error reading ASN.1 sequence: %s\n", sc_strerror(r));
free(pka);
return -1;
Expand Down