tools: Add util_get_pin helper function

Using this helper PINs can be passed via the command line, stdin and an environment variable. For now only used in the openpgp tool. closes OpenSC#289
estieux-tehtri-security · Nov 4, 2014 · e63f40c · e63f40c
1 parent 7a5f9b2
commit e63f40c
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 7 deletions.
diff --git a/doc/tools/openpgp-tool.1.xml b/doc/tools/openpgp-tool.1.xml
@@ -113,7 +113,10 @@
  </term>
  <listitem>
  <para>
- The PIN text to verify.
+ The PIN text to verify. If set to
+ env:<replaceable>VARIABLE</replaceable>, the value of
+ the environment variable
+ <replaceable>VARIABLE</replaceable> is used.
  </para>
  </listitem>
  </varlistentry>

diff --git a/src/tools/openpgp-tool.c b/src/tools/openpgp-tool.c
@@ -74,7 +74,7 @@ static unsigned int key_len = 2048;
 static int opt_verify = 0;
 static char *verifytype = NULL;
 static int opt_pin = 0;
-static char *pin = NULL;
+static const char *pin = NULL;
 static int opt_dump_do = 0;
 static u8 do_dump_idx;
 
@@ -113,7 +113,7 @@ static const char *option_help[] = {
 /* v */ "Verbose operation. Use several times to enable debug output.",
 /* V */ "Show version number",
  "Verify PIN (CHV1, CHV2, CHV3...)",
- "PIN string",
+ "PIN string. <arg> can be: 'env:<var>' to get PIN from the environment, otherwise <arg> is used.",
 /* d */ "Dump private data object number <arg> (i.e. PRIVATE-DO-<arg>)"
 };
 
@@ -256,9 +256,7 @@ static int decode_options(int argc, char **argv)
  break;
  case OPT_PIN:
  opt_pin++;
- if (pin)
- free(pin);
- pin = strdup(optarg);
+ util_get_pin(optarg, (const char **) &pin);
  break;
  case 'C':
  opt_cardinfo++;
@@ -421,7 +419,7 @@ int do_genkey(sc_card_t *card, u8 key_id, unsigned int key_len)
  return 0;
 }
 
-int do_verify(sc_card_t *card, char *type, char *pin)
+int do_verify(sc_card_t *card, char *type, const char *pin)
 {
  struct sc_pin_cmd_data data;
  int tries_left;

diff --git a/src/tools/util.c b/src/tools/util.c
@@ -432,3 +432,20 @@ util_getpass (char **lineptr, size_t *len, FILE *stream)
  return i;
 }
 
+size_t
+util_get_pin(const char *input, const char **pin)
+{
+ size_t inputlen = strlen(input);
+ size_t pinlen = 0;
+
+ if(inputlen > 4 && strncasecmp(input, "env:", 4) == 0) {
+ // Get a PIN from a environment variable
+ *pin = getenv(input + 4);
+ pinlen = *pin ? strlen(*pin) : 0;
+ } else {
+ //Just use the input
+ *pin = input;
+ pinlen = inputlen;
+ }
+ return pinlen;
+}
diff --git a/src/tools/util.h b/src/tools/util.h
@@ -37,6 +37,12 @@ int util_connect_card(struct sc_context *, struct sc_card **, const char *reader
 
 int util_getpass (char **lineptr, size_t *n, FILE *stream);
 
+/* Get a PIN (technically just a string). The source depends on the value of *input:
+ * env:<var> - get from the environment variable <var>
+ * otherwise - use input
+ */
+size_t util_get_pin(const char *input, const char **pin);
+
 #ifdef __cplusplus
 }
 #endif