pkcs15-init tool: use Ctrl-C sensible 'getpass'

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4252 c6295689-39f2-0310-b995-f0e70906c6a9
2010-04-18 09:45:44 +00:00 · 2010-04-18 09:45:44 +00:00 · 3c813ce57b
parent a10bf0e356
commit 3c813ce57b
2 changed files with 72 additions and 47 deletions
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@ -847,7 +847,7 @@ static void list_objects(CK_SESSION_HANDLE sess)
 static int login(CK_SESSION_HANDLE session, int login_type)
 {
 	char		*pin = NULL;
-	size_t		len;
+	size_t		len = 0;
 	int		pin_allocated = 0, r;
 	CK_TOKEN_INFO	info;
 	CK_RV		rv;
@ -874,7 +874,7 @@ static int login(CK_SESSION_HANDLE session, int login_type)
 			printf("Please enter User PIN: ");
 		else if (login_type == CKU_CONTEXT_SPECIFIC)
 			printf("Please enter Specific Context Secret Code: ");
-		r = util_getpass(&pin,&len,stdin);
+		r = util_getpass(&pin, &len, stdin);
 		if (r < 0)
 			util_fatal("No PIN entered, exiting!\n");
 		pin_allocated = 1;
@ -899,7 +899,7 @@ static void init_token(CK_SLOT_ID slot)
 {
 	unsigned char token_label[33];
 	char new_buf[21], *new_pin = NULL;
-	size_t len;
+	size_t len = 0;
 	int pin_allocated = 0, r;
 	CK_TOKEN_INFO	info;
 	CK_RV rv;
@ -913,7 +913,7 @@ static void init_token(CK_SLOT_ID slot)
 	if (!(info.flags & CKF_PROTECTED_AUTHENTICATION_PATH)) {
 		if (opt_so_pin == NULL) {
 			printf("Please enter the new SO PIN: ");
-			r = util_getpass(&new_pin,&len,stdin);
+			r = util_getpass(&new_pin, &len, stdin);
 			if (r < 0)
 				util_fatal("No PIN entered, exiting\n");
 			if (!new_pin || !*new_pin || strlen(new_pin) > 20)
@ -921,7 +921,7 @@ static void init_token(CK_SLOT_ID slot)
 			strcpy(new_buf, new_pin);
 			free(new_pin); new_pin = NULL;
 			printf("Please enter the new SO PIN (again): ");
-			r = util_getpass(&new_pin,&len,stdin);
+			r = util_getpass(&new_pin, &len, stdin);
 			if (r < 0)
 				util_fatal("No PIN entered, exiting\n");
 			if (!new_pin || !*new_pin ||
@ -948,9 +948,8 @@ static void init_token(CK_SLOT_ID slot)
 static void init_pin(CK_SLOT_ID slot, CK_SESSION_HANDLE sess)
 {
 	char *pin;
-	char *new_pin1 = NULL;
-	char *new_pin2 = NULL;
-	size_t len1, len2;
+	char *new_pin1 = NULL, *new_pin2 = NULL;
+	size_t len1 = 0, len2 = 0;
 	int r;
 	CK_TOKEN_INFO	info;
 	CK_RV rv;
@ -966,7 +965,7 @@ static void init_pin(CK_SLOT_ID slot, CK_SESSION_HANDLE sess)
 			if (!new_pin1 || !*new_pin1 || strlen(new_pin1) > 20)
 				util_fatal("Invalid User PIN\n");
 			printf("Please enter the new PIN again: ");
-			r = util_getpass(&new_pin2,&len2,stdin);
+			r = util_getpass(&new_pin2, &len2, stdin);
 			if (r < 0) 
 				util_fatal("No PIN entered, aborting.\n");
 			if (!new_pin2 || !*new_pin2 ||
@ -1002,7 +1001,7 @@ static int change_pin(CK_SLOT_ID slot, CK_SESSION_HANDLE sess)
 	CK_TOKEN_INFO	info;
 	CK_RV rv;
 	int r;
-	size_t		len;
+	size_t		len = 0;

 	get_token_info(slot, &info);

@ -1050,7 +1049,7 @@ static int unlock_pin(CK_SLOT_ID slot, CK_SESSION_HANDLE sess, int login_type)
 	CK_TOKEN_INFO info;
 	CK_RV rv;
 	int r;
-	size_t len;
+	size_t len = 0;

 	get_token_info(slot, &info);

@ -1067,7 +1066,7 @@ static int unlock_pin(CK_SLOT_ID slot, CK_SESSION_HANDLE sess, int login_type)
 		else if (login_type == -1)
 			printf("Please enter unblock code for User PIN: ");

-		r = util_getpass(&unlock_code,&len,stdin);
+		r = util_getpass(&unlock_code, &len, stdin);
 		if (r < 0)
 			return 1;
 		if (!unlock_code || !*unlock_code || strlen(unlock_code) > 20)
@ -2572,7 +2571,7 @@ static int test_signature(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
 	CK_SESSION_INFO sessionInfo;
 	CK_ULONG        i, j;
 	unsigned char   data[256];
-	CK_ULONG        modLenBytes;
+	CK_ULONG        modLenBytes = 0;
 	CK_ULONG        dataLen;
 	unsigned char   sig1[1024], sig2[1024];
 	CK_ULONG        sigLen1, sigLen2;
--- a/src/tools/pkcs15-init.c
+++ b/src/tools/pkcs15-init.c
@ -59,7 +59,6 @@
 #endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L */

 #include "common/compat_strlcpy.h"
-#include "common/compat_getpass.h"
 #include "libopensc/cardctl.h"
 #include "libopensc/pkcs15.h"
 #include "libopensc/log.h"
@ -1214,7 +1213,6 @@ static int do_delete_crypto_objects(sc_pkcs15_card_t *myp15card,
 				unsigned int which)
 {
 	sc_pkcs15_object_t *objs[10]; /* 1 priv + 1 pub + chain of at most 8 certs, should be enough */
-	sc_context_t *myctx = myp15card->card->ctx;
 	int i, r = 0, count = 0, del_cert = 0;

 	if (which & SC_PKCS15INIT_TYPE_PRKEY) {
@ -1394,7 +1392,11 @@ do_generate_key(struct sc_profile *profile, const char *spec)

 	if ((r = init_keyargs(&keygen_args.prkey_args)) < 0)
 		return r;
-        keygen_args.prkey_args.access_flags |= SC_PKCS15_PRKEY_ACCESS_SENSITIVE|SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE|SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE|SC_PKCS15_PRKEY_ACCESS_LOCAL;
+        keygen_args.prkey_args.access_flags |= 
+		  SC_PKCS15_PRKEY_ACCESS_SENSITIVE 
+		| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE 
+		| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
+		| SC_PKCS15_PRKEY_ACCESS_LOCAL;

 	/* Parse the key spec given on the command line */
 	if (!strncasecmp(spec, "rsa", 3)) {
@ -1729,15 +1731,16 @@ get_pin_callback(struct sc_profile *profile,
 	return 0;
 }

-static int get_key_callback(struct sc_profile *profile,
+
+static int 
+get_key_callback(struct sc_profile *profile,
 			int method, int reference,
 			const u8 *def_key, size_t def_key_size,
 			u8 *key_buf, size_t *buf_size)
 {
-	const char	*kind, *prompt, *key;
+	const char	*kind, *prompt, *key = NULL;

 	if (def_key_size && opt_use_defkeys) {
-use_default_key:
 		if (*buf_size < def_key_size)
 			return SC_ERROR_BUFFER_TOO_SMALL;
 		memcpy(key_buf, def_key, def_key_size);
@ -1794,12 +1797,19 @@ use_default_key:
 			prompt = buffer;
 		}

-#ifdef GET_KEY_ECHO_OFF
-		/* Read key with echo off - will users really manage? */
-		key = getpass(prompt);
-#else
 		printf("%s: ", prompt);
 		fflush(stdout);
+#ifdef GET_KEY_ECHO_OFF
+		do {
+			size_t len = 0;
+			int r;
+
+			/* Read key with echo off - will users really manage? */
+			r = util_getpass(&key, &len, stdin);
+			if (r < 0 || !key)
+				return SC_ERROR_INTERNAL;
+		} while(0);
+#else
 		key = fgets(buffer, sizeof(buffer), stdin);
 		if (key)
 			buffer[strcspn(buffer, "\r\n")] = '\0';
@ -1807,8 +1817,13 @@ use_default_key:
 		if (key == NULL)
 			return SC_ERROR_INTERNAL;

-		if (key[0] == '\0' && def_key_size)
-			goto use_default_key;
+		if (key[0] == '\0' && def_key_size)   {
+			if (*buf_size < def_key_size)
+				return SC_ERROR_BUFFER_TOO_SMALL;
+			memcpy(key_buf, def_key, def_key_size);
+			*buf_size = def_key_size;
+			return 0;
+		}

 		if (sc_hex_to_bin(key, key_buf, buf_size) >= 0)
 			return 0;
@ -1860,15 +1875,18 @@ static int do_generate_key_soft(int algorithm, unsigned int bits,
 */
 static int pass_cb(char *buf, int len, int flags, void *d)
 {
-	int  plen;
-	char *pass;
-	if (d)
-		pass = (char *)d;
-	else
-		pass = getpass("Please enter passphrase "
-				"to unlock secret key: ");
-	if (!pass)
-		return 0;
+	size_t pass_len = 0;
+	int  plen, r;
+	char *pass = (char *)d;
+
+	if (!pass)   {
+		printf("Please enter passphrase to unlock secret key: ");
+		r = util_getpass(&pass, &pass_len, stdin);
+		printf("\n");
+		if (r < 0 || !pass)
+			return 0;
+	}
+
 	plen = strlen(pass);
 	if (plen <= 0)
 		return 0;
@ -1951,6 +1969,7 @@ static int
 do_read_private_key(const char *filename, const char *format,
 			EVP_PKEY **pk, X509 **certs, unsigned int max_certs)
 {
+	size_t len = 0;
 	char	*passphrase = NULL;
 	int	r;

@ -1971,8 +1990,11 @@ do_read_private_key(const char *filename, const char *format,
 			 * the PEM interface
 			 * see OpenSSL: crypto/pkcs12/p12_kiss.c
 			 */
-			passphrase = getpass("Please enter passphrase "
-					     "to unlock secret key: ");
+			printf("Please enter passphrase to unlock secret key: ");
+			r = util_getpass(&passphrase, &len, stdin);
+			printf("\n");
+			if (r < 0 || !passphrase)
+				return SC_ERROR_INTERNAL;
 			r = do_read_pkcs12_private_key(filename,
 					passphrase, pk, certs, max_certs);
 		}
@ -2756,28 +2778,28 @@ int get_pin(sc_ui_hints_t *hints, char **out)

 	*out = NULL;
 	while (1) {
-		char	buffer[64], *pin;
-		size_t	len;
+		char	*pin = NULL;
+		size_t	len = 0;
+		int r;

-		snprintf(buffer, sizeof(buffer),
-				"Please enter %s: ", label);
-		
-		if ((pin = getpass(buffer)) == NULL)
+		printf("Please enter %s: ", label);
+		r = util_getpass(&pin, &len, stdin);
+		printf("\n");
+		if (r < 0 || !pin)
 			return SC_ERROR_INTERNAL;

-		len = strlen(pin);
-		if (len == 0 && (flags & SC_UI_PIN_OPTIONAL))
+		if (!strlen(pin) && (flags & SC_UI_PIN_OPTIONAL))
 			return 0;

 		if (pin_info && (flags & SC_UI_PIN_CHECK_LENGTH)) {
-			if (len < pin_info->min_length) {
+			if (strlen(pin) < pin_info->min_length) {
 				fprintf(stderr,
 					"PIN too short (min %lu characters)\n",
 					(unsigned long) pin_info->min_length);
 				continue;
 			}
 			if (pin_info->max_length
-			 && len > pin_info->max_length) {
+			 && strlen(pin) > pin_info->max_length) {
 				fprintf(stderr,
 					"PIN too long (max %lu characters)\n",
 					(unsigned long) pin_info->max_length);
@ -2791,7 +2813,11 @@ int get_pin(sc_ui_hints_t *hints, char **out)
 		if (!(flags & SC_UI_PIN_RETYPE))
 			break;

-		pin = getpass("Please type again to verify: ");
+		printf("Please type again to verify: ");
+		r = util_getpass(&pin, &len, stdin);
+		printf("\n");
+		if (r < 0 || !pin)
+			return SC_ERROR_INTERNAL;
 		if (!strcmp(*out, pin)) {
 			sc_mem_clear(pin, len);
 			break;