giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

don't hide global variables

This commit is contained in:
Frank Morgner 2019-01-14 10:40:08 +01:00
parent 1991dcea0d
commit 6bf7c0d219
5 changed files with 132 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/tools/gids-tool.c
View File

@ -92,9 +92,6 @@ static const char *option_help[] = {
"Verbose operation. Use several times to enable debug output.",
};
static sc_context_t *ctx = NULL;
static sc_card_t *card = NULL;
static int initialize(sc_card_t *card, const char *so_pin, const char *user_pin, const char* serial)
{
sc_cardctl_gids_init_param_t param;
@ -479,6 +476,8 @@ int main(int argc, char * argv[])
const char *opt_serial_number = NULL;
const char *opt_new_key = NULL;
sc_context_param_t ctx_param;
sc_context_t *ctx = NULL;
sc_card_t *card = NULL;
while (1) {
c = getopt_long(argc, argv, "XUCr:wv", options, &long_optind);

36
src/tools/openpgp-tool.c
View File

@ -663,7 +663,7 @@ static int do_dump_do(sc_card_t *card, unsigned int tag)
return EXIT_SUCCESS;
}
int do_genkey(sc_card_t *card, u8 key_id, const char *keytype)
int do_genkey(sc_card_t *card, u8 in_key_id, const char *keytype)
{
int r;
sc_cardctl_openpgp_keygen_info_t key_info;
@ -671,9 +671,9 @@ int do_genkey(sc_card_t *card, u8 key_id, const char *keytype)
sc_path_t path;
sc_file_t *file;
/* validate key_id */
if (key_id < 1 || key_id > 3) {
util_error("unknown key ID %d", key_id);
/* validate in_key_id */
if (in_key_id < 1 || in_key_id > 3) {
util_error("unknown key ID %d", in_key_id);
return SC_ERROR_INVALID_ARGUMENTS;
}
@ -701,7 +701,7 @@ int do_genkey(sc_card_t *card, u8 key_id, const char *keytype)
}
/* set key_info */
key_info.key_id = key_id;
key_info.key_id = in_key_id;
key_info.algorithm = SC_OPENPGP_KEYALGO_RSA;
key_info.rsa.modulus_len = keylen;
key_info.rsa.modulus = malloc((keylen + 7) / 8);
@ -730,17 +730,17 @@ int do_genkey(sc_card_t *card, u8 key_id, const char *keytype)
util_error("failed to retrieve fingerprints: %s", sc_strerror(r));
return EXIT_FAILURE;
}
printf("Fingerprint:\n%s\n", (char *)sc_dump_hex(fingerprints + 20*(key_id - 1), 20));
printf("Fingerprint:\n%s\n", (char *)sc_dump_hex(fingerprints + 20*(in_key_id - 1), 20));
return EXIT_SUCCESS;
}
int do_verify(sc_card_t *card, char *type, const char *pin)
int do_verify(sc_card_t *card, char *type, const char *in_pin)
{
struct sc_pin_cmd_data data;
int tries_left;
int r;
if (!type || !pin)
if (!type || !in_pin)
return SC_ERROR_INVALID_ARGUMENTS;
if (strncasecmp("CHV", type, 3) != 0) {
@ -757,8 +757,8 @@ int do_verify(sc_card_t *card, char *type, const char *pin)
data.cmd = SC_PIN_CMD_VERIFY;
data.pin_type = SC_AC_CHV;
data.pin_reference = type[3] - '0';
data.pin1.data = (unsigned char *) pin;
data.pin1.len = (int)strlen(pin);
data.pin1.data = (unsigned char *) in_pin;
data.pin1.len = (int)strlen(in_pin);
r = sc_pin_cmd(card, &data, &tries_left);
return r;
}
@ -767,7 +767,7 @@ int do_verify(sc_card_t *card, char *type, const char *pin)
* Delete key, for OpenPGP card.
* This function is not complete and is reserved for future version (> 2) of OpenPGP card.
**/
int delete_key_openpgp(sc_card_t *card, u8 key_id)
int delete_key_openpgp(sc_card_t *card, u8 in_key_id)
{
char *del_fingerprint = "00:DA:00:C6:14:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00";
char *del_creationtime = "00:DA:00:CD:04:00:00:00:00";
@ -790,7 +790,7 @@ int delete_key_openpgp(sc_card_t *card, u8 key_id)
sc_hex_to_bin(apdustring, buf, &len0);
/* Replace DO tag, subject to key ID */
buf[3] = buf[3] + key_id;
buf[3] = buf[3] + in_key_id;
/* Build APDU from binary array */
r = sc_bytes2apdu(card->ctx, buf, len0, &apdu);
@ -813,7 +813,7 @@ int delete_key_openpgp(sc_card_t *card, u8 key_id)
return r;
}
int do_delete_key(sc_card_t *card, u8 key_id)
int do_delete_key(sc_card_t *card, u8 in_key_id)
{
sc_path_t path;
int r = SC_SUCCESS;
@ -824,20 +824,20 @@ int do_delete_key(sc_card_t *card, u8 key_id)
return SC_ERROR_NOT_SUPPORTED;
}
if (key_id < 1 || (key_id > 3 && key_id != 'a')) {
util_error("invalid key id %d", key_id);
if (in_key_id < 1 || (in_key_id > 3 && in_key_id != 'a')) {
util_error("invalid key id %d", in_key_id);
return SC_ERROR_INVALID_ARGUMENTS;
}
if (key_id == 1 || key_id == 'a') {
if (in_key_id == 1 || in_key_id == 'a') {
sc_format_path("B601", &path);
r |= sc_delete_file(card, &path);
}
if (key_id == 2 || key_id == 'a') {
if (in_key_id == 2 || in_key_id == 'a') {
sc_format_path("B801", &path);
r |= sc_delete_file(card, &path);
}
if (key_id == 3 || key_id == 'a') {
if (in_key_id == 3 || in_key_id == 'a') {
sc_format_path("A401", &path);
r |= sc_delete_file(card, &path);
}

162
src/tools/pkcs15-init.c
View File

@ -353,9 +353,9 @@ struct secret {
#define SC_PKCS15INIT_TYPE_DATA 16
#define SC_PKCS15INIT_TYPE_SKEY 32
static sc_context_t * ctx = NULL;
static sc_card_t * card = NULL;
static struct sc_pkcs15_card * p15card = NULL;
static sc_context_t * g_ctx = NULL;
static sc_card_t * g_card = NULL;
static struct sc_pkcs15_card * g_p15card = NULL;
static char * opt_reader = NULL;
static unsigned int opt_actions;
static int opt_extractable = 0,
@ -496,7 +496,7 @@ main(int argc, char **argv)
sc_pkcs15init_set_callbacks(&callbacks);
/* Bind the card-specific operations and load the profile */
r = sc_pkcs15init_bind(card, opt_profile, opt_card_profile, NULL, &profile);
r = sc_pkcs15init_bind(g_card, opt_profile, opt_card_profile, NULL, &profile);
if (r < 0) {
printf("Couldn't bind to the card: %s\n", sc_strerror(r));
return 1;
@ -515,7 +515,7 @@ main(int argc, char **argv)
if (action != ACTION_ERASE
&& action != ACTION_INIT
&& action != ACTION_ASSERT_PRISTINE
&& p15card == NULL) {
&& g_p15card == NULL) {
/* Read the PKCS15 structure from the card */
if (opt_bind_to_aid) {
struct sc_aid aid;
@ -526,16 +526,16 @@ main(int argc, char **argv)
return 1;
}
r = sc_pkcs15init_finalize_profile(card, profile, &aid);
r = sc_pkcs15init_finalize_profile(g_card, profile, &aid);
if (r < 0) {
fprintf(stderr, "Finalize profile error %s\n", sc_strerror(r));
break;
}
r = sc_pkcs15_bind(card, &aid, &p15card);
r = sc_pkcs15_bind(g_card, &aid, &g_p15card);
}
else {
r = sc_pkcs15_bind(card, NULL, &p15card);
r = sc_pkcs15_bind(g_card, NULL, &g_p15card);
}
if (r) {
fprintf(stderr, "PKCS#15 binding failed: %s\n", sc_strerror(r));
@ -546,12 +546,12 @@ main(int argc, char **argv)
* sure we're not messing things up */
if (verbose)
printf("Found %s\n", p15card->tokeninfo->label);
printf("Found %s\n", g_p15card->tokeninfo->label);
sc_pkcs15init_set_p15card(profile, p15card);
sc_pkcs15init_set_p15card(profile, g_p15card);
if (opt_verify_pin) {
r = verify_pin(p15card, opt_authid);
r = verify_pin(g_p15card, opt_authid);
if (r) {
fprintf(stderr, "Failed to verify User PIN : %s\n",
sc_strerror(r));
@ -569,11 +569,11 @@ main(int argc, char **argv)
break;
case ACTION_ASSERT_PRISTINE:
/* skip printing error message */
if ((r = do_assert_pristine(card)) < 0)
if ((r = do_assert_pristine(g_card)) < 0)
goto out;
continue;
case ACTION_ERASE:
r = do_erase(card, profile);
r = do_erase(g_card, profile);
break;
case ACTION_INIT:
r = do_init_app(profile);
@ -611,7 +611,7 @@ main(int argc, char **argv)
r = do_generate_skey(profile, opt_newkey);
break;
case ACTION_FINALIZE_CARD:
r = do_finalize_card(card, profile);
r = do_finalize_card(g_card, profile);
break;
case ACTION_SANITY_CHECK:
r = do_sanity_check(profile);
@ -620,7 +620,7 @@ main(int argc, char **argv)
profile->dirty = 1;
break;
case ACTION_ERASE_APPLICATION:
r = do_erase_application(card, profile);
r = do_erase_application(g_card, profile);
break;
default:
util_fatal("Action not yet implemented\n");
@ -641,13 +641,13 @@ out:
if (profile) {
sc_pkcs15init_unbind(profile);
}
if (p15card) {
sc_pkcs15_unbind(p15card);
if (g_p15card) {
sc_pkcs15_unbind(g_p15card);
}
if (card) {
sc_disconnect_card(card);
if (g_card) {
sc_disconnect_card(g_card);
}
sc_release_context(ctx);
sc_release_context(g_ctx);
return r < 0? 1 : 0;
}
@ -661,13 +661,13 @@ open_reader_and_card(char *reader)
ctx_param.ver = 0;
ctx_param.app_name = app_name;
r = sc_context_create(&ctx, &ctx_param);
r = sc_context_create(&g_ctx, &ctx_param);
if (r) {
util_error("Failed to establish context: %s\n", sc_strerror(r));
return 0;
}
if (util_connect_card_ex(ctx, &card, reader, opt_wait, 0, verbose))
if (util_connect_card_ex(g_ctx, &g_card, reader, opt_wait, 0, verbose))
return 0;
return 1;
@ -855,7 +855,7 @@ do_init_app(struct sc_profile *profile)
hints.flags = SC_UI_PIN_RETYPE
| SC_UI_PIN_CHECK_LENGTH
| SC_UI_PIN_MISMATCH_RETRY;
hints.card = card;
hints.card = g_card;
hints.p15card = NULL;
hints.info.pin = &info;
@ -915,11 +915,11 @@ do_init_app(struct sc_profile *profile)
args.serial = (const char *) opt_serial;
args.label = opt_label;
r = sc_lock(card);
r = sc_lock(g_card);
if (r < 0)
return r;
r = sc_pkcs15init_add_app(card, profile, &args);
sc_unlock(card);
r = sc_pkcs15init_add_app(g_card, profile, &args);
sc_unlock(g_card);
return r;
failed: fprintf(stderr, "Failed to read PIN: %s\n", sc_strerror(r));
@ -943,8 +943,8 @@ do_store_pin(struct sc_profile *profile)
hints.flags = SC_UI_PIN_RETYPE
| SC_UI_PIN_CHECK_LENGTH
| SC_UI_PIN_MISMATCH_RETRY;
hints.card = card;
hints.p15card = p15card;
hints.card = g_card;
hints.p15card = g_p15card;
hints.info.pin = &info;
pin_id = opt_objectid ? opt_objectid : opt_authid;
@ -988,11 +988,11 @@ do_store_pin(struct sc_profile *profile)
args.puk = (u8 *) opt_pins[1];
args.puk_len = opt_pins[1]? strlen(opt_pins[1]) : 0;
r = sc_lock(p15card->card);
r = sc_lock(g_p15card->card);
if (r < 0)
return r;
r = sc_pkcs15init_store_pin(p15card, profile, &args);
sc_unlock(p15card->card);
r = sc_pkcs15init_store_pin(g_p15card, profile, &args);
sc_unlock(g_p15card->card);
return r;
failed: fprintf(stderr, "Failed to read PIN: %s\n", sc_strerror(r));
@ -1077,12 +1077,12 @@ do_store_private_key(struct sc_profile *profile)
args.access_flags |= SC_PKCS15_PRKEY_ACCESS_SENSITIVE;
r = sc_lock(p15card->card);
r = sc_lock(g_p15card->card);
if (r < 0)
return r;
r = sc_pkcs15init_store_private_key(p15card, profile, &args, NULL);
r = sc_pkcs15init_store_private_key(g_p15card, profile, &args, NULL);
if (r < 0) {
sc_unlock(p15card->card);
sc_unlock(g_p15card->card);
return r;
}
@ -1126,7 +1126,7 @@ do_store_private_key(struct sc_profile *profile)
cargs.authority = 1;
}
r = sc_pkcs15init_store_certificate(p15card, profile, &cargs, NULL);
r = sc_pkcs15init_store_certificate(g_p15card, profile, &cargs, NULL);
next_cert:
free(cargs.der_encoded.value);
}
@ -1135,7 +1135,7 @@ next_cert:
if (ncerts == 0)
r = do_store_public_key(profile, pkey);
sc_unlock(p15card->card);
sc_unlock(g_p15card->card);
return r;
}
@ -1150,7 +1150,7 @@ is_cacert_already_present(struct sc_pkcs15init_certargs *args)
sc_pkcs15_cert_t *cert;
int i, count, r;
r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_CERT_X509, objs, 32);
r = sc_pkcs15_get_objects(g_p15card, SC_PKCS15_TYPE_CERT_X509, objs, 32);
if (r <= 0)
return 0;
@ -1165,7 +1165,7 @@ is_cacert_already_present(struct sc_pkcs15init_certargs *args)
/* XXX we should also match the usage field here */
/* Compare the DER representation of the certificates */
r = sc_pkcs15_read_certificate(p15card, cinfo, &cert);
r = sc_pkcs15_read_certificate(g_p15card, cinfo, &cert);
if (r < 0 || !cert)
continue;
@ -1207,11 +1207,11 @@ do_store_public_key(struct sc_profile *profile, EVP_PKEY *pkey)
init_gost_params(&args.params.gost, pkey);
}
if (r >= 0) {
r = sc_lock(p15card->card);
r = sc_lock(g_p15card->card);
if (r < 0)
return r;
r = sc_pkcs15init_store_public_key(p15card, profile, &args, &dummy);
sc_unlock(p15card->card);
r = sc_pkcs15init_store_public_key(g_p15card, profile, &args, &dummy);
sc_unlock(g_p15card->card);
}
return r;
@ -1249,11 +1249,11 @@ do_store_secret_key(struct sc_profile *profile)
args.value_len = keybits;
args.access_flags |= SC_PKCS15_PRKEY_ACCESS_SENSITIVE;
r = sc_lock(p15card->card);
r = sc_lock(g_p15card->card);
if (r < 0)
return r;
r = sc_pkcs15init_store_secret_key(p15card, profile, &args, NULL);
sc_unlock(p15card->card);
r = sc_pkcs15init_store_secret_key(g_p15card, profile, &args, NULL);
sc_unlock(g_p15card->card);
return r;
}
@ -1282,11 +1282,11 @@ do_store_certificate(struct sc_profile *profile)
if (r >= 0)
r = do_convert_cert(&args.der_encoded, cert);
if (r >= 0) {
r = sc_lock(p15card->card);
r = sc_lock(g_p15card->card);
if (r < 0)
return r;
r = sc_pkcs15init_store_certificate(p15card, profile, &args, NULL);
sc_unlock(p15card->card);
r = sc_pkcs15init_store_certificate(g_p15card, profile, &args, NULL);
sc_unlock(g_p15card->card);
}
if (args.der_encoded.value)
@ -1383,17 +1383,17 @@ do_update_certificate(struct sc_profile *profile)
sc_pkcs15_format_id(opt_objectid, &id);
if (sc_pkcs15_find_cert_by_id(p15card, &id, &obj) != 0) {
if (sc_pkcs15_find_cert_by_id(g_p15card, &id, &obj) != 0) {
util_error("Couldn't find the cert with ID %s\n", opt_objectid);
return SC_ERROR_OBJECT_NOT_FOUND;
}
r = sc_lock(p15card->card);
r = sc_lock(g_p15card->card);
if (r < 0)
return r;
certinfo = (sc_pkcs15_cert_info_t *) obj->data;
r = sc_pkcs15_read_certificate(p15card, certinfo, &oldcert);
r = sc_pkcs15_read_certificate(g_p15card, certinfo, &oldcert);
if (r < 0)
goto err;
@ -1403,14 +1403,14 @@ do_update_certificate(struct sc_profile *profile)
if (r < 0)
goto err;
r = sc_pkcs15init_update_certificate(p15card, profile, obj,
r = sc_pkcs15init_update_certificate(g_p15card, profile, obj,
newcert_raw.value, newcert_raw.len);
if (newcert_raw.value)
free(newcert_raw.value);
err:
sc_unlock(p15card->card);
sc_unlock(g_p15card->card);
return r;
}
@ -1446,13 +1446,13 @@ do_store_data_object(struct sc_profile *profile)
/* der_encoded contains the plain data, nothing DER encoded */
args.der_encoded.value = data;
args.der_encoded.len = datalen;
r = sc_lock(p15card->card);
r = sc_lock(g_p15card->card);
if (r < 0) {
free(data);
return r;
}
r = sc_pkcs15init_store_data_object(p15card, profile, &args, NULL);
sc_unlock(p15card->card);
r = sc_pkcs15init_store_data_object(g_p15card, profile, &args, NULL);
sc_unlock(g_p15card->card);
}
if (data)
@ -1467,11 +1467,11 @@ static int
do_sanity_check(struct sc_profile *profile)
{
int r;
r = sc_lock(p15card->card);
r = sc_lock(g_p15card->card);
if (r < 0)
return r;
r = sc_pkcs15init_sanity_check(p15card, profile);
sc_unlock(p15card->card);
r = sc_pkcs15init_sanity_check(g_p15card, profile);
sc_unlock(g_p15card->card);
return r;
}
@ -1627,7 +1627,7 @@ do_delete_objects(struct sc_profile *profile, unsigned int myopt_delete_flags)
{
int r = 0, count = 0;
r = sc_lock(p15card->card);
r = sc_lock(g_p15card->card);
if (r < 0)
return r;
@ -1638,17 +1638,17 @@ do_delete_objects(struct sc_profile *profile, unsigned int myopt_delete_flags)
if (opt_application_id != NULL) {
sc_format_oid(&app_oid, opt_application_id);
r = sc_pkcs15_find_data_object_by_app_oid(p15card, &app_oid, &obj);
r = sc_pkcs15_find_data_object_by_app_oid(g_p15card, &app_oid, &obj);
}
else if (opt_application_name != NULL && opt_label != NULL) {
r = sc_pkcs15_find_data_object_by_name(p15card, opt_application_name, opt_label, &obj);
r = sc_pkcs15_find_data_object_by_name(g_p15card, opt_application_name, opt_label, &obj);
}
else {
util_fatal("Specify the --application-id or --application-name and --label for the data object to be deleted\n");
}
if (r >= 0) {
r = sc_pkcs15init_delete_object(p15card, profile, obj);
r = sc_pkcs15init_delete_object(g_p15card, profile, obj);
if (r >= 0)
count++;
}
@ -1660,12 +1660,12 @@ do_delete_objects(struct sc_profile *profile, unsigned int myopt_delete_flags)
util_fatal("Specify the --id for key(s) or cert(s) to be deleted\n");
sc_pkcs15_format_id(opt_objectid, &id);
r = do_delete_crypto_objects(p15card, profile, &id, myopt_delete_flags);
r = do_delete_crypto_objects(g_p15card, profile, &id, myopt_delete_flags);
if (r >= 0)
count += r;
}
sc_unlock(p15card->card);
sc_unlock(g_p15card->card);
printf("Deleted %d objects\n", count);
return r;
@ -1692,23 +1692,23 @@ do_change_attributes(struct sc_profile *profile, unsigned int myopt_type)
switch(myopt_type) {
case SC_PKCS15INIT_TYPE_PRKEY:
if ((r = sc_pkcs15_find_prkey_by_id(p15card, &id, &obj)) != 0)
if ((r = sc_pkcs15_find_prkey_by_id(g_p15card, &id, &obj)) != 0)
return r;
break;
case SC_PKCS15INIT_TYPE_PUBKEY:
if ((r = sc_pkcs15_find_pubkey_by_id(p15card, &id, &obj)) != 0)
if ((r = sc_pkcs15_find_pubkey_by_id(g_p15card, &id, &obj)) != 0)
return r;
break;
case SC_PKCS15INIT_TYPE_CERT:
if ((r = sc_pkcs15_find_cert_by_id(p15card, &id, &obj)) != 0)
if ((r = sc_pkcs15_find_cert_by_id(g_p15card, &id, &obj)) != 0)
return r;
break;
case SC_PKCS15INIT_TYPE_DATA:
if ((r = sc_pkcs15_find_data_object_by_id(p15card, &id, &obj)) != 0)
if ((r = sc_pkcs15_find_data_object_by_id(g_p15card, &id, &obj)) != 0)
return r;
break;
case SC_PKCS15INIT_TYPE_SKEY:
if ((r = sc_pkcs15_find_skey_by_id(p15card, &id, &obj)) != 0)
if ((r = sc_pkcs15_find_skey_by_id(g_p15card, &id, &obj)) != 0)
return r;
break;
}
@ -1722,11 +1722,11 @@ do_change_attributes(struct sc_profile *profile, unsigned int myopt_type)
strlcpy(obj->label, opt_label, sizeof(obj->label));
}
r = sc_lock(p15card->card);
r = sc_lock(g_p15card->card);
if (r < 0)
return r;
r = sc_pkcs15init_update_any_df(p15card, profile, obj->df, 0);
sc_unlock(p15card->card);
r = sc_pkcs15init_update_any_df(g_p15card, profile, obj->df, 0);
sc_unlock(g_p15card->card);
return r;
}
@ -1767,10 +1767,10 @@ do_generate_key(struct sc_profile *profile, const char *spec)
break;
}
r = sc_lock(p15card->card);
r = sc_lock(g_p15card->card);
if (r == 0)
r = sc_pkcs15init_generate_key(p15card, profile, &keygen_args, keybits, NULL);
sc_unlock(p15card->card);
r = sc_pkcs15init_generate_key(g_p15card, profile, &keygen_args, keybits, NULL);
sc_unlock(g_p15card->card);
return r;
}
@ -1795,10 +1795,10 @@ do_generate_skey(struct sc_profile *profile, const char *spec)
}
skey_args.value_len = keybits;
r = sc_lock(p15card->card);
r = sc_lock(g_p15card->card);
if (r == 0)
r = sc_pkcs15init_generate_secret_key(p15card, profile, &skey_args, NULL);
sc_unlock(p15card->card);
r = sc_pkcs15init_generate_secret_key(g_p15card, profile, &skey_args, NULL);
sc_unlock(g_p15card->card);
return r;
}
@ -2080,8 +2080,8 @@ get_pin_callback(struct sc_profile *profile,
hints.prompt = prompt;
hints.obj_label = name;
hints.usage = SC_UI_USAGE_OTHER;
hints.card = card;
hints.p15card = p15card;
hints.card = g_card;
hints.p15card = g_p15card;
if ((r = get_pin(&hints, &secret)) < 0) {
fprintf(stderr,
@ -3176,7 +3176,7 @@ static int verify_pin(struct sc_pkcs15_card *p15card, char *auth_id_str)
hints.prompt = "User PIN required";
hints.obj_label = pin_label;
hints.usage = SC_UI_USAGE_OTHER;
hints.card = card;
hints.card = g_card;
hints.p15card = p15card;
get_pin(&hints, &pin);

57
src/tools/sc-hsm-tool.c
View File

@ -137,9 +137,6 @@ typedef struct {
BIGNUM * y;
} secret_share_t;
static sc_context_t *ctx = NULL;
static sc_card_t *card = NULL;
@ -195,10 +192,10 @@ static void calculatePolynomialValue(const BIGNUM *x, BIGNUM **polynomial, const
BIGNUM *exponent;
unsigned long exp;
BN_CTX *ctx;
BN_CTX *bn_ctx;
// Create context for temporary variables of OpenSSL engine
ctx = BN_CTX_new();
bn_ctx = BN_CTX_new();
temp = BN_new();
exponent = BN_new();
@ -218,19 +215,19 @@ static void calculatePolynomialValue(const BIGNUM *x, BIGNUM **polynomial, const
BN_set_word(exponent, exp);
// temp = x^exponent mod prime
BN_mod_exp(temp, x, exponent, prime, ctx);
BN_mod_exp(temp, x, exponent, prime, bn_ctx);
// exponent = temp * a = a * x^exponent mod prime
BN_mod_mul(exponent, temp, *pp, prime, ctx);
BN_mod_mul(exponent, temp, *pp, prime, bn_ctx);
// add the temp value from exponent to y
BN_copy(temp, y);
BN_mod_add(y, temp, exponent, prime, ctx);
BN_mod_add(y, temp, exponent, prime, bn_ctx);
pp++;
}
BN_clear_free(temp);
BN_clear_free(exponent);
BN_CTX_free(ctx);
BN_CTX_free(bn_ctx);
}
@ -784,7 +781,7 @@ static int recreate_password_from_shares(char **pwd, int *pwdlen, int num_of_pas
static int import_dkek_share(sc_card_t *card, const char *inf, int iter, const char *password, int num_of_password_shares)
{
sc_cardctl_sc_hsm_dkek_t dkekinfo;
EVP_CIPHER_CTX *ctx = NULL;
EVP_CIPHER_CTX *bn_ctx = NULL;
FILE *in = NULL;
u8 filebuff[64],key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH],outbuff[64];
char *pwd = NULL;
@ -842,14 +839,14 @@ static int import_dkek_share(sc_card_t *card, const char *inf, int iter, const c
free(pwd);
}
ctx = EVP_CIPHER_CTX_new();
EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv);
if (!EVP_DecryptUpdate(ctx, outbuff, &outlen, filebuff + 16, sizeof(filebuff) - 16)) {
bn_ctx = EVP_CIPHER_CTX_new();
EVP_DecryptInit_ex(bn_ctx, EVP_aes_256_cbc(), NULL, key, iv);
if (!EVP_DecryptUpdate(bn_ctx, outbuff, &outlen, filebuff + 16, sizeof(filebuff) - 16)) {
fprintf(stderr, "Error decrypting DKEK share. Password correct ?\n");
return -1;
}
if (!EVP_DecryptFinal_ex(ctx, outbuff + outlen, &r)) {
if (!EVP_DecryptFinal_ex(bn_ctx, outbuff + outlen, &r)) {
fprintf(stderr, "Error decrypting DKEK share. Password correct ?\n");
return -1;
}
@ -863,7 +860,7 @@ static int import_dkek_share(sc_card_t *card, const char *inf, int iter, const c
r = sc_card_ctl(card, SC_CARDCTL_SC_HSM_IMPORT_DKEK_SHARE, (void *)&dkekinfo);
OPENSSL_cleanse(&dkekinfo.dkek_share, sizeof(dkekinfo.dkek_share));
EVP_CIPHER_CTX_free(ctx);
EVP_CIPHER_CTX_free(bn_ctx);
if (r == SC_ERROR_INS_NOT_SUPPORTED) { // Not supported or not initialized for key shares
fprintf(stderr, "Not supported by card or card not initialized for key share usage\n");
@ -884,7 +881,7 @@ static int print_dkek_share(sc_card_t *card, const char *inf, int iter, const ch
// hex output can be used in the SCSH shell with the
// decrypt_keyblob.js file
sc_cardctl_sc_hsm_dkek_t dkekinfo;
EVP_CIPHER_CTX *ctx = NULL;
EVP_CIPHER_CTX *bn_ctx = NULL;
FILE *in = NULL;
u8 filebuff[64],key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH],outbuff[64];
char *pwd = NULL;
@ -943,14 +940,14 @@ static int print_dkek_share(sc_card_t *card, const char *inf, int iter, const ch
free(pwd);
}
ctx = EVP_CIPHER_CTX_new();
EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv);
if (!EVP_DecryptUpdate(ctx, outbuff, &outlen, filebuff + 16, sizeof(filebuff) - 16)) {
bn_ctx = EVP_CIPHER_CTX_new();
EVP_DecryptInit_ex(bn_ctx, EVP_aes_256_cbc(), NULL, key, iv);
if (!EVP_DecryptUpdate(bn_ctx, outbuff, &outlen, filebuff + 16, sizeof(filebuff) - 16)) {
fprintf(stderr, "Error decrypting DKEK share. Password correct ?\n");
return -1;
}
if (!EVP_DecryptFinal_ex(ctx, outbuff + outlen, &r)) {
if (!EVP_DecryptFinal_ex(bn_ctx, outbuff + outlen, &r)) {
fprintf(stderr, "Error decrypting DKEK share. Password correct ?\n");
return -1;
}
@ -970,7 +967,7 @@ static int print_dkek_share(sc_card_t *card, const char *inf, int iter, const ch
printf("\n\n");
OPENSSL_cleanse(&dkekinfo.dkek_share, sizeof(dkekinfo.dkek_share));
EVP_CIPHER_CTX_free(ctx);
EVP_CIPHER_CTX_free(bn_ctx);
if (r == SC_ERROR_INS_NOT_SUPPORTED) { // Not supported or not initialized for key shares
fprintf(stderr, "Not supported by card or card not initialized for key share usage\n");
@ -1155,7 +1152,7 @@ static int generate_pwd_shares(sc_card_t *card, char **pwd, int *pwdlen, int pas
static int create_dkek_share(sc_card_t *card, const char *outf, int iter, const char *password, int password_shares_threshold, int password_shares_total)
{
EVP_CIPHER_CTX *ctx = NULL;
EVP_CIPHER_CTX *c_ctx = NULL;
FILE *out = NULL;
u8 filebuff[64], key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
u8 dkek_share[32];
@ -1206,14 +1203,14 @@ static int create_dkek_share(sc_card_t *card, const char *outf, int iter, const
return -1;
}
ctx = EVP_CIPHER_CTX_new();
EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv);
if (!EVP_EncryptUpdate(ctx, filebuff + 16, &outlen, dkek_share, sizeof(dkek_share))) {
c_ctx = EVP_CIPHER_CTX_new();
EVP_EncryptInit_ex(c_ctx, EVP_aes_256_cbc(), NULL, key, iv);
if (!EVP_EncryptUpdate(c_ctx, filebuff + 16, &outlen, dkek_share, sizeof(dkek_share))) {
fprintf(stderr, "Error encrypting DKEK share\n");
return -1;
}
if (!EVP_EncryptFinal_ex(ctx, filebuff + 16 + outlen, &r)) {
if (!EVP_EncryptFinal_ex(c_ctx, filebuff + 16 + outlen, &r)) {
fprintf(stderr, "Error encrypting DKEK share\n");
return -1;
}
@ -1234,7 +1231,7 @@ static int create_dkek_share(sc_card_t *card, const char *outf, int iter, const
fclose(out);
OPENSSL_cleanse(filebuff, sizeof(filebuff));
EVP_CIPHER_CTX_free(ctx);
EVP_CIPHER_CTX_free(c_ctx);
printf("DKEK share created and saved to %s\n", outf);
return 0;
@ -1302,7 +1299,7 @@ static int wrap_with_tag(u8 tag, u8 *indata, size_t inlen, u8 **outdata, size_t
static int wrap_key(sc_card_t *card, int keyid, const char *outf, const char *pin)
static int wrap_key(sc_context_t *ctx, sc_card_t *card, int keyid, const char *outf, const char *pin)
{
sc_cardctl_sc_hsm_wrapped_key_t wrapped_key;
struct sc_pin_cmd_data data;
@ -1706,6 +1703,8 @@ int main(int argc, char *argv[])
int opt_force = 0;
int opt_iter = 10000000;
sc_context_param_t ctx_param;
sc_context_t *ctx = NULL;
sc_card_t *card = NULL;
while (1) {
c = getopt_long(argc, argv, "XC:I:P:W:U:s:i:fr:wv", options, &long_optind);
@ -1839,7 +1838,7 @@ int main(int argc, char *argv[])
if (do_print_dkek_share && print_dkek_share(card, opt_filename, opt_iter, opt_password, opt_password_shares_total))
goto fail;
if (do_wrap_key && wrap_key(card, opt_key_reference, opt_filename, opt_pin))
if (do_wrap_key && wrap_key(ctx, card, opt_key_reference, opt_filename, opt_pin))
goto fail;
if (do_unwrap_key && unwrap_key(card, opt_key_reference, opt_filename, opt_pin, opt_force))

6
src/tools/westcos-tool.c
View File

@ -292,13 +292,13 @@ static int unlock_pin(sc_card_t *card,
return 0;
}
static int cert2der(X509 *cert, u8 **value)
static int cert2der(X509 *in_cert, u8 **value)
{
int len;
u8 *p;
len = i2d_X509(cert, NULL);
len = i2d_X509(in_cert, NULL);
p = *value = malloc(len);
i2d_X509(cert, &p);
i2d_X509(in_cert, &p);
return len;
}