pkcs15-init tool: use Ctrl-C sensible 'getpass'
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4252 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
a10bf0e356
commit
3c813ce57b
|
@ -847,7 +847,7 @@ static void list_objects(CK_SESSION_HANDLE sess)
|
|||
static int login(CK_SESSION_HANDLE session, int login_type)
|
||||
{
|
||||
char *pin = NULL;
|
||||
size_t len;
|
||||
size_t len = 0;
|
||||
int pin_allocated = 0, r;
|
||||
CK_TOKEN_INFO info;
|
||||
CK_RV rv;
|
||||
|
@ -874,7 +874,7 @@ static int login(CK_SESSION_HANDLE session, int login_type)
|
|||
printf("Please enter User PIN: ");
|
||||
else if (login_type == CKU_CONTEXT_SPECIFIC)
|
||||
printf("Please enter Specific Context Secret Code: ");
|
||||
r = util_getpass(&pin,&len,stdin);
|
||||
r = util_getpass(&pin, &len, stdin);
|
||||
if (r < 0)
|
||||
util_fatal("No PIN entered, exiting!\n");
|
||||
pin_allocated = 1;
|
||||
|
@ -899,7 +899,7 @@ static void init_token(CK_SLOT_ID slot)
|
|||
{
|
||||
unsigned char token_label[33];
|
||||
char new_buf[21], *new_pin = NULL;
|
||||
size_t len;
|
||||
size_t len = 0;
|
||||
int pin_allocated = 0, r;
|
||||
CK_TOKEN_INFO info;
|
||||
CK_RV rv;
|
||||
|
@ -913,7 +913,7 @@ static void init_token(CK_SLOT_ID slot)
|
|||
if (!(info.flags & CKF_PROTECTED_AUTHENTICATION_PATH)) {
|
||||
if (opt_so_pin == NULL) {
|
||||
printf("Please enter the new SO PIN: ");
|
||||
r = util_getpass(&new_pin,&len,stdin);
|
||||
r = util_getpass(&new_pin, &len, stdin);
|
||||
if (r < 0)
|
||||
util_fatal("No PIN entered, exiting\n");
|
||||
if (!new_pin || !*new_pin || strlen(new_pin) > 20)
|
||||
|
@ -921,7 +921,7 @@ static void init_token(CK_SLOT_ID slot)
|
|||
strcpy(new_buf, new_pin);
|
||||
free(new_pin); new_pin = NULL;
|
||||
printf("Please enter the new SO PIN (again): ");
|
||||
r = util_getpass(&new_pin,&len,stdin);
|
||||
r = util_getpass(&new_pin, &len, stdin);
|
||||
if (r < 0)
|
||||
util_fatal("No PIN entered, exiting\n");
|
||||
if (!new_pin || !*new_pin ||
|
||||
|
@ -948,9 +948,8 @@ static void init_token(CK_SLOT_ID slot)
|
|||
static void init_pin(CK_SLOT_ID slot, CK_SESSION_HANDLE sess)
|
||||
{
|
||||
char *pin;
|
||||
char *new_pin1 = NULL;
|
||||
char *new_pin2 = NULL;
|
||||
size_t len1, len2;
|
||||
char *new_pin1 = NULL, *new_pin2 = NULL;
|
||||
size_t len1 = 0, len2 = 0;
|
||||
int r;
|
||||
CK_TOKEN_INFO info;
|
||||
CK_RV rv;
|
||||
|
@ -966,7 +965,7 @@ static void init_pin(CK_SLOT_ID slot, CK_SESSION_HANDLE sess)
|
|||
if (!new_pin1 || !*new_pin1 || strlen(new_pin1) > 20)
|
||||
util_fatal("Invalid User PIN\n");
|
||||
printf("Please enter the new PIN again: ");
|
||||
r = util_getpass(&new_pin2,&len2,stdin);
|
||||
r = util_getpass(&new_pin2, &len2, stdin);
|
||||
if (r < 0)
|
||||
util_fatal("No PIN entered, aborting.\n");
|
||||
if (!new_pin2 || !*new_pin2 ||
|
||||
|
@ -1002,7 +1001,7 @@ static int change_pin(CK_SLOT_ID slot, CK_SESSION_HANDLE sess)
|
|||
CK_TOKEN_INFO info;
|
||||
CK_RV rv;
|
||||
int r;
|
||||
size_t len;
|
||||
size_t len = 0;
|
||||
|
||||
get_token_info(slot, &info);
|
||||
|
||||
|
@ -1050,7 +1049,7 @@ static int unlock_pin(CK_SLOT_ID slot, CK_SESSION_HANDLE sess, int login_type)
|
|||
CK_TOKEN_INFO info;
|
||||
CK_RV rv;
|
||||
int r;
|
||||
size_t len;
|
||||
size_t len = 0;
|
||||
|
||||
get_token_info(slot, &info);
|
||||
|
||||
|
@ -1067,7 +1066,7 @@ static int unlock_pin(CK_SLOT_ID slot, CK_SESSION_HANDLE sess, int login_type)
|
|||
else if (login_type == -1)
|
||||
printf("Please enter unblock code for User PIN: ");
|
||||
|
||||
r = util_getpass(&unlock_code,&len,stdin);
|
||||
r = util_getpass(&unlock_code, &len, stdin);
|
||||
if (r < 0)
|
||||
return 1;
|
||||
if (!unlock_code || !*unlock_code || strlen(unlock_code) > 20)
|
||||
|
@ -2572,7 +2571,7 @@ static int test_signature(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
|
|||
CK_SESSION_INFO sessionInfo;
|
||||
CK_ULONG i, j;
|
||||
unsigned char data[256];
|
||||
CK_ULONG modLenBytes;
|
||||
CK_ULONG modLenBytes = 0;
|
||||
CK_ULONG dataLen;
|
||||
unsigned char sig1[1024], sig2[1024];
|
||||
CK_ULONG sigLen1, sigLen2;
|
||||
|
|
|
@ -59,7 +59,6 @@
|
|||
#endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L */
|
||||
|
||||
#include "common/compat_strlcpy.h"
|
||||
#include "common/compat_getpass.h"
|
||||
#include "libopensc/cardctl.h"
|
||||
#include "libopensc/pkcs15.h"
|
||||
#include "libopensc/log.h"
|
||||
|
@ -1214,7 +1213,6 @@ static int do_delete_crypto_objects(sc_pkcs15_card_t *myp15card,
|
|||
unsigned int which)
|
||||
{
|
||||
sc_pkcs15_object_t *objs[10]; /* 1 priv + 1 pub + chain of at most 8 certs, should be enough */
|
||||
sc_context_t *myctx = myp15card->card->ctx;
|
||||
int i, r = 0, count = 0, del_cert = 0;
|
||||
|
||||
if (which & SC_PKCS15INIT_TYPE_PRKEY) {
|
||||
|
@ -1394,7 +1392,11 @@ do_generate_key(struct sc_profile *profile, const char *spec)
|
|||
|
||||
if ((r = init_keyargs(&keygen_args.prkey_args)) < 0)
|
||||
return r;
|
||||
keygen_args.prkey_args.access_flags |= SC_PKCS15_PRKEY_ACCESS_SENSITIVE|SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE|SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE|SC_PKCS15_PRKEY_ACCESS_LOCAL;
|
||||
keygen_args.prkey_args.access_flags |=
|
||||
SC_PKCS15_PRKEY_ACCESS_SENSITIVE
|
||||
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
|
||||
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
|
||||
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
|
||||
|
||||
/* Parse the key spec given on the command line */
|
||||
if (!strncasecmp(spec, "rsa", 3)) {
|
||||
|
@ -1729,15 +1731,16 @@ get_pin_callback(struct sc_profile *profile,
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int get_key_callback(struct sc_profile *profile,
|
||||
|
||||
static int
|
||||
get_key_callback(struct sc_profile *profile,
|
||||
int method, int reference,
|
||||
const u8 *def_key, size_t def_key_size,
|
||||
u8 *key_buf, size_t *buf_size)
|
||||
{
|
||||
const char *kind, *prompt, *key;
|
||||
const char *kind, *prompt, *key = NULL;
|
||||
|
||||
if (def_key_size && opt_use_defkeys) {
|
||||
use_default_key:
|
||||
if (*buf_size < def_key_size)
|
||||
return SC_ERROR_BUFFER_TOO_SMALL;
|
||||
memcpy(key_buf, def_key, def_key_size);
|
||||
|
@ -1794,12 +1797,19 @@ use_default_key:
|
|||
prompt = buffer;
|
||||
}
|
||||
|
||||
#ifdef GET_KEY_ECHO_OFF
|
||||
/* Read key with echo off - will users really manage? */
|
||||
key = getpass(prompt);
|
||||
#else
|
||||
printf("%s: ", prompt);
|
||||
fflush(stdout);
|
||||
#ifdef GET_KEY_ECHO_OFF
|
||||
do {
|
||||
size_t len = 0;
|
||||
int r;
|
||||
|
||||
/* Read key with echo off - will users really manage? */
|
||||
r = util_getpass(&key, &len, stdin);
|
||||
if (r < 0 || !key)
|
||||
return SC_ERROR_INTERNAL;
|
||||
} while(0);
|
||||
#else
|
||||
key = fgets(buffer, sizeof(buffer), stdin);
|
||||
if (key)
|
||||
buffer[strcspn(buffer, "\r\n")] = '\0';
|
||||
|
@ -1807,8 +1817,13 @@ use_default_key:
|
|||
if (key == NULL)
|
||||
return SC_ERROR_INTERNAL;
|
||||
|
||||
if (key[0] == '\0' && def_key_size)
|
||||
goto use_default_key;
|
||||
if (key[0] == '\0' && def_key_size) {
|
||||
if (*buf_size < def_key_size)
|
||||
return SC_ERROR_BUFFER_TOO_SMALL;
|
||||
memcpy(key_buf, def_key, def_key_size);
|
||||
*buf_size = def_key_size;
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (sc_hex_to_bin(key, key_buf, buf_size) >= 0)
|
||||
return 0;
|
||||
|
@ -1860,15 +1875,18 @@ static int do_generate_key_soft(int algorithm, unsigned int bits,
|
|||
*/
|
||||
static int pass_cb(char *buf, int len, int flags, void *d)
|
||||
{
|
||||
int plen;
|
||||
char *pass;
|
||||
if (d)
|
||||
pass = (char *)d;
|
||||
else
|
||||
pass = getpass("Please enter passphrase "
|
||||
"to unlock secret key: ");
|
||||
if (!pass)
|
||||
return 0;
|
||||
size_t pass_len = 0;
|
||||
int plen, r;
|
||||
char *pass = (char *)d;
|
||||
|
||||
if (!pass) {
|
||||
printf("Please enter passphrase to unlock secret key: ");
|
||||
r = util_getpass(&pass, &pass_len, stdin);
|
||||
printf("\n");
|
||||
if (r < 0 || !pass)
|
||||
return 0;
|
||||
}
|
||||
|
||||
plen = strlen(pass);
|
||||
if (plen <= 0)
|
||||
return 0;
|
||||
|
@ -1951,6 +1969,7 @@ static int
|
|||
do_read_private_key(const char *filename, const char *format,
|
||||
EVP_PKEY **pk, X509 **certs, unsigned int max_certs)
|
||||
{
|
||||
size_t len = 0;
|
||||
char *passphrase = NULL;
|
||||
int r;
|
||||
|
||||
|
@ -1971,8 +1990,11 @@ do_read_private_key(const char *filename, const char *format,
|
|||
* the PEM interface
|
||||
* see OpenSSL: crypto/pkcs12/p12_kiss.c
|
||||
*/
|
||||
passphrase = getpass("Please enter passphrase "
|
||||
"to unlock secret key: ");
|
||||
printf("Please enter passphrase to unlock secret key: ");
|
||||
r = util_getpass(&passphrase, &len, stdin);
|
||||
printf("\n");
|
||||
if (r < 0 || !passphrase)
|
||||
return SC_ERROR_INTERNAL;
|
||||
r = do_read_pkcs12_private_key(filename,
|
||||
passphrase, pk, certs, max_certs);
|
||||
}
|
||||
|
@ -2756,28 +2778,28 @@ int get_pin(sc_ui_hints_t *hints, char **out)
|
|||
|
||||
*out = NULL;
|
||||
while (1) {
|
||||
char buffer[64], *pin;
|
||||
size_t len;
|
||||
char *pin = NULL;
|
||||
size_t len = 0;
|
||||
int r;
|
||||
|
||||
snprintf(buffer, sizeof(buffer),
|
||||
"Please enter %s: ", label);
|
||||
|
||||
if ((pin = getpass(buffer)) == NULL)
|
||||
printf("Please enter %s: ", label);
|
||||
r = util_getpass(&pin, &len, stdin);
|
||||
printf("\n");
|
||||
if (r < 0 || !pin)
|
||||
return SC_ERROR_INTERNAL;
|
||||
|
||||
len = strlen(pin);
|
||||
if (len == 0 && (flags & SC_UI_PIN_OPTIONAL))
|
||||
if (!strlen(pin) && (flags & SC_UI_PIN_OPTIONAL))
|
||||
return 0;
|
||||
|
||||
if (pin_info && (flags & SC_UI_PIN_CHECK_LENGTH)) {
|
||||
if (len < pin_info->min_length) {
|
||||
if (strlen(pin) < pin_info->min_length) {
|
||||
fprintf(stderr,
|
||||
"PIN too short (min %lu characters)\n",
|
||||
(unsigned long) pin_info->min_length);
|
||||
continue;
|
||||
}
|
||||
if (pin_info->max_length
|
||||
&& len > pin_info->max_length) {
|
||||
&& strlen(pin) > pin_info->max_length) {
|
||||
fprintf(stderr,
|
||||
"PIN too long (max %lu characters)\n",
|
||||
(unsigned long) pin_info->max_length);
|
||||
|
@ -2791,7 +2813,11 @@ int get_pin(sc_ui_hints_t *hints, char **out)
|
|||
if (!(flags & SC_UI_PIN_RETYPE))
|
||||
break;
|
||||
|
||||
pin = getpass("Please type again to verify: ");
|
||||
printf("Please type again to verify: ");
|
||||
r = util_getpass(&pin, &len, stdin);
|
||||
printf("\n");
|
||||
if (r < 0 || !pin)
|
||||
return SC_ERROR_INTERNAL;
|
||||
if (!strcmp(*out, pin)) {
|
||||
sc_mem_clear(pin, len);
|
||||
break;
|
||||
|
|
Loading…
Reference in New Issue