diff --git a/src/tools/gids-tool.c b/src/tools/gids-tool.c index 0d1128ff..ee2051ce 100644 --- a/src/tools/gids-tool.c +++ b/src/tools/gids-tool.c @@ -92,9 +92,6 @@ static const char *option_help[] = { "Verbose operation. Use several times to enable debug output.", }; -static sc_context_t *ctx = NULL; -static sc_card_t *card = NULL; - static int initialize(sc_card_t *card, const char *so_pin, const char *user_pin, const char* serial) { sc_cardctl_gids_init_param_t param; @@ -479,6 +476,8 @@ int main(int argc, char * argv[]) const char *opt_serial_number = NULL; const char *opt_new_key = NULL; sc_context_param_t ctx_param; + sc_context_t *ctx = NULL; + sc_card_t *card = NULL; while (1) { c = getopt_long(argc, argv, "XUCr:wv", options, &long_optind); diff --git a/src/tools/openpgp-tool.c b/src/tools/openpgp-tool.c index 25174ee2..1da7f1dc 100644 --- a/src/tools/openpgp-tool.c +++ b/src/tools/openpgp-tool.c @@ -663,7 +663,7 @@ static int do_dump_do(sc_card_t *card, unsigned int tag) return EXIT_SUCCESS; } -int do_genkey(sc_card_t *card, u8 key_id, const char *keytype) +int do_genkey(sc_card_t *card, u8 in_key_id, const char *keytype) { int r; sc_cardctl_openpgp_keygen_info_t key_info; @@ -671,9 +671,9 @@ int do_genkey(sc_card_t *card, u8 key_id, const char *keytype) sc_path_t path; sc_file_t *file; - /* validate key_id */ - if (key_id < 1 || key_id > 3) { - util_error("unknown key ID %d", key_id); + /* validate in_key_id */ + if (in_key_id < 1 || in_key_id > 3) { + util_error("unknown key ID %d", in_key_id); return SC_ERROR_INVALID_ARGUMENTS; } @@ -701,7 +701,7 @@ int do_genkey(sc_card_t *card, u8 key_id, const char *keytype) } /* set key_info */ - key_info.key_id = key_id; + key_info.key_id = in_key_id; key_info.algorithm = SC_OPENPGP_KEYALGO_RSA; key_info.rsa.modulus_len = keylen; key_info.rsa.modulus = malloc((keylen + 7) / 8); @@ -730,17 +730,17 @@ int do_genkey(sc_card_t *card, u8 key_id, const char *keytype) util_error("failed to retrieve fingerprints: %s", sc_strerror(r)); return EXIT_FAILURE; } - printf("Fingerprint:\n%s\n", (char *)sc_dump_hex(fingerprints + 20*(key_id - 1), 20)); + printf("Fingerprint:\n%s\n", (char *)sc_dump_hex(fingerprints + 20*(in_key_id - 1), 20)); return EXIT_SUCCESS; } -int do_verify(sc_card_t *card, char *type, const char *pin) +int do_verify(sc_card_t *card, char *type, const char *in_pin) { struct sc_pin_cmd_data data; int tries_left; int r; - if (!type || !pin) + if (!type || !in_pin) return SC_ERROR_INVALID_ARGUMENTS; if (strncasecmp("CHV", type, 3) != 0) { @@ -757,8 +757,8 @@ int do_verify(sc_card_t *card, char *type, const char *pin) data.cmd = SC_PIN_CMD_VERIFY; data.pin_type = SC_AC_CHV; data.pin_reference = type[3] - '0'; - data.pin1.data = (unsigned char *) pin; - data.pin1.len = (int)strlen(pin); + data.pin1.data = (unsigned char *) in_pin; + data.pin1.len = (int)strlen(in_pin); r = sc_pin_cmd(card, &data, &tries_left); return r; } @@ -767,7 +767,7 @@ int do_verify(sc_card_t *card, char *type, const char *pin) * Delete key, for OpenPGP card. * This function is not complete and is reserved for future version (> 2) of OpenPGP card. **/ -int delete_key_openpgp(sc_card_t *card, u8 key_id) +int delete_key_openpgp(sc_card_t *card, u8 in_key_id) { char *del_fingerprint = "00:DA:00:C6:14:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"; char *del_creationtime = "00:DA:00:CD:04:00:00:00:00"; @@ -790,7 +790,7 @@ int delete_key_openpgp(sc_card_t *card, u8 key_id) sc_hex_to_bin(apdustring, buf, &len0); /* Replace DO tag, subject to key ID */ - buf[3] = buf[3] + key_id; + buf[3] = buf[3] + in_key_id; /* Build APDU from binary array */ r = sc_bytes2apdu(card->ctx, buf, len0, &apdu); @@ -813,7 +813,7 @@ int delete_key_openpgp(sc_card_t *card, u8 key_id) return r; } -int do_delete_key(sc_card_t *card, u8 key_id) +int do_delete_key(sc_card_t *card, u8 in_key_id) { sc_path_t path; int r = SC_SUCCESS; @@ -824,20 +824,20 @@ int do_delete_key(sc_card_t *card, u8 key_id) return SC_ERROR_NOT_SUPPORTED; } - if (key_id < 1 || (key_id > 3 && key_id != 'a')) { - util_error("invalid key id %d", key_id); + if (in_key_id < 1 || (in_key_id > 3 && in_key_id != 'a')) { + util_error("invalid key id %d", in_key_id); return SC_ERROR_INVALID_ARGUMENTS; } - if (key_id == 1 || key_id == 'a') { + if (in_key_id == 1 || in_key_id == 'a') { sc_format_path("B601", &path); r |= sc_delete_file(card, &path); } - if (key_id == 2 || key_id == 'a') { + if (in_key_id == 2 || in_key_id == 'a') { sc_format_path("B801", &path); r |= sc_delete_file(card, &path); } - if (key_id == 3 || key_id == 'a') { + if (in_key_id == 3 || in_key_id == 'a') { sc_format_path("A401", &path); r |= sc_delete_file(card, &path); } diff --git a/src/tools/pkcs15-init.c b/src/tools/pkcs15-init.c index a6cce3b0..ad74f42f 100644 --- a/src/tools/pkcs15-init.c +++ b/src/tools/pkcs15-init.c @@ -353,9 +353,9 @@ struct secret { #define SC_PKCS15INIT_TYPE_DATA 16 #define SC_PKCS15INIT_TYPE_SKEY 32 -static sc_context_t * ctx = NULL; -static sc_card_t * card = NULL; -static struct sc_pkcs15_card * p15card = NULL; +static sc_context_t * g_ctx = NULL; +static sc_card_t * g_card = NULL; +static struct sc_pkcs15_card * g_p15card = NULL; static char * opt_reader = NULL; static unsigned int opt_actions; static int opt_extractable = 0, @@ -496,7 +496,7 @@ main(int argc, char **argv) sc_pkcs15init_set_callbacks(&callbacks); /* Bind the card-specific operations and load the profile */ - r = sc_pkcs15init_bind(card, opt_profile, opt_card_profile, NULL, &profile); + r = sc_pkcs15init_bind(g_card, opt_profile, opt_card_profile, NULL, &profile); if (r < 0) { printf("Couldn't bind to the card: %s\n", sc_strerror(r)); return 1; @@ -515,7 +515,7 @@ main(int argc, char **argv) if (action != ACTION_ERASE && action != ACTION_INIT && action != ACTION_ASSERT_PRISTINE - && p15card == NULL) { + && g_p15card == NULL) { /* Read the PKCS15 structure from the card */ if (opt_bind_to_aid) { struct sc_aid aid; @@ -526,16 +526,16 @@ main(int argc, char **argv) return 1; } - r = sc_pkcs15init_finalize_profile(card, profile, &aid); + r = sc_pkcs15init_finalize_profile(g_card, profile, &aid); if (r < 0) { fprintf(stderr, "Finalize profile error %s\n", sc_strerror(r)); break; } - r = sc_pkcs15_bind(card, &aid, &p15card); + r = sc_pkcs15_bind(g_card, &aid, &g_p15card); } else { - r = sc_pkcs15_bind(card, NULL, &p15card); + r = sc_pkcs15_bind(g_card, NULL, &g_p15card); } if (r) { fprintf(stderr, "PKCS#15 binding failed: %s\n", sc_strerror(r)); @@ -546,12 +546,12 @@ main(int argc, char **argv) * sure we're not messing things up */ if (verbose) - printf("Found %s\n", p15card->tokeninfo->label); + printf("Found %s\n", g_p15card->tokeninfo->label); - sc_pkcs15init_set_p15card(profile, p15card); + sc_pkcs15init_set_p15card(profile, g_p15card); if (opt_verify_pin) { - r = verify_pin(p15card, opt_authid); + r = verify_pin(g_p15card, opt_authid); if (r) { fprintf(stderr, "Failed to verify User PIN : %s\n", sc_strerror(r)); @@ -569,11 +569,11 @@ main(int argc, char **argv) break; case ACTION_ASSERT_PRISTINE: /* skip printing error message */ - if ((r = do_assert_pristine(card)) < 0) + if ((r = do_assert_pristine(g_card)) < 0) goto out; continue; case ACTION_ERASE: - r = do_erase(card, profile); + r = do_erase(g_card, profile); break; case ACTION_INIT: r = do_init_app(profile); @@ -611,7 +611,7 @@ main(int argc, char **argv) r = do_generate_skey(profile, opt_newkey); break; case ACTION_FINALIZE_CARD: - r = do_finalize_card(card, profile); + r = do_finalize_card(g_card, profile); break; case ACTION_SANITY_CHECK: r = do_sanity_check(profile); @@ -620,7 +620,7 @@ main(int argc, char **argv) profile->dirty = 1; break; case ACTION_ERASE_APPLICATION: - r = do_erase_application(card, profile); + r = do_erase_application(g_card, profile); break; default: util_fatal("Action not yet implemented\n"); @@ -641,13 +641,13 @@ out: if (profile) { sc_pkcs15init_unbind(profile); } - if (p15card) { - sc_pkcs15_unbind(p15card); + if (g_p15card) { + sc_pkcs15_unbind(g_p15card); } - if (card) { - sc_disconnect_card(card); + if (g_card) { + sc_disconnect_card(g_card); } - sc_release_context(ctx); + sc_release_context(g_ctx); return r < 0? 1 : 0; } @@ -661,13 +661,13 @@ open_reader_and_card(char *reader) ctx_param.ver = 0; ctx_param.app_name = app_name; - r = sc_context_create(&ctx, &ctx_param); + r = sc_context_create(&g_ctx, &ctx_param); if (r) { util_error("Failed to establish context: %s\n", sc_strerror(r)); return 0; } - if (util_connect_card_ex(ctx, &card, reader, opt_wait, 0, verbose)) + if (util_connect_card_ex(g_ctx, &g_card, reader, opt_wait, 0, verbose)) return 0; return 1; @@ -855,7 +855,7 @@ do_init_app(struct sc_profile *profile) hints.flags = SC_UI_PIN_RETYPE | SC_UI_PIN_CHECK_LENGTH | SC_UI_PIN_MISMATCH_RETRY; - hints.card = card; + hints.card = g_card; hints.p15card = NULL; hints.info.pin = &info; @@ -915,11 +915,11 @@ do_init_app(struct sc_profile *profile) args.serial = (const char *) opt_serial; args.label = opt_label; - r = sc_lock(card); + r = sc_lock(g_card); if (r < 0) return r; - r = sc_pkcs15init_add_app(card, profile, &args); - sc_unlock(card); + r = sc_pkcs15init_add_app(g_card, profile, &args); + sc_unlock(g_card); return r; failed: fprintf(stderr, "Failed to read PIN: %s\n", sc_strerror(r)); @@ -943,8 +943,8 @@ do_store_pin(struct sc_profile *profile) hints.flags = SC_UI_PIN_RETYPE | SC_UI_PIN_CHECK_LENGTH | SC_UI_PIN_MISMATCH_RETRY; - hints.card = card; - hints.p15card = p15card; + hints.card = g_card; + hints.p15card = g_p15card; hints.info.pin = &info; pin_id = opt_objectid ? opt_objectid : opt_authid; @@ -988,11 +988,11 @@ do_store_pin(struct sc_profile *profile) args.puk = (u8 *) opt_pins[1]; args.puk_len = opt_pins[1]? strlen(opt_pins[1]) : 0; - r = sc_lock(p15card->card); + r = sc_lock(g_p15card->card); if (r < 0) return r; - r = sc_pkcs15init_store_pin(p15card, profile, &args); - sc_unlock(p15card->card); + r = sc_pkcs15init_store_pin(g_p15card, profile, &args); + sc_unlock(g_p15card->card); return r; failed: fprintf(stderr, "Failed to read PIN: %s\n", sc_strerror(r)); @@ -1077,12 +1077,12 @@ do_store_private_key(struct sc_profile *profile) args.access_flags |= SC_PKCS15_PRKEY_ACCESS_SENSITIVE; - r = sc_lock(p15card->card); + r = sc_lock(g_p15card->card); if (r < 0) return r; - r = sc_pkcs15init_store_private_key(p15card, profile, &args, NULL); + r = sc_pkcs15init_store_private_key(g_p15card, profile, &args, NULL); if (r < 0) { - sc_unlock(p15card->card); + sc_unlock(g_p15card->card); return r; } @@ -1126,7 +1126,7 @@ do_store_private_key(struct sc_profile *profile) cargs.authority = 1; } - r = sc_pkcs15init_store_certificate(p15card, profile, &cargs, NULL); + r = sc_pkcs15init_store_certificate(g_p15card, profile, &cargs, NULL); next_cert: free(cargs.der_encoded.value); } @@ -1135,7 +1135,7 @@ next_cert: if (ncerts == 0) r = do_store_public_key(profile, pkey); - sc_unlock(p15card->card); + sc_unlock(g_p15card->card); return r; } @@ -1150,7 +1150,7 @@ is_cacert_already_present(struct sc_pkcs15init_certargs *args) sc_pkcs15_cert_t *cert; int i, count, r; - r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_CERT_X509, objs, 32); + r = sc_pkcs15_get_objects(g_p15card, SC_PKCS15_TYPE_CERT_X509, objs, 32); if (r <= 0) return 0; @@ -1165,7 +1165,7 @@ is_cacert_already_present(struct sc_pkcs15init_certargs *args) /* XXX we should also match the usage field here */ /* Compare the DER representation of the certificates */ - r = sc_pkcs15_read_certificate(p15card, cinfo, &cert); + r = sc_pkcs15_read_certificate(g_p15card, cinfo, &cert); if (r < 0 || !cert) continue; @@ -1207,11 +1207,11 @@ do_store_public_key(struct sc_profile *profile, EVP_PKEY *pkey) init_gost_params(&args.params.gost, pkey); } if (r >= 0) { - r = sc_lock(p15card->card); + r = sc_lock(g_p15card->card); if (r < 0) return r; - r = sc_pkcs15init_store_public_key(p15card, profile, &args, &dummy); - sc_unlock(p15card->card); + r = sc_pkcs15init_store_public_key(g_p15card, profile, &args, &dummy); + sc_unlock(g_p15card->card); } return r; @@ -1249,11 +1249,11 @@ do_store_secret_key(struct sc_profile *profile) args.value_len = keybits; args.access_flags |= SC_PKCS15_PRKEY_ACCESS_SENSITIVE; - r = sc_lock(p15card->card); + r = sc_lock(g_p15card->card); if (r < 0) return r; - r = sc_pkcs15init_store_secret_key(p15card, profile, &args, NULL); - sc_unlock(p15card->card); + r = sc_pkcs15init_store_secret_key(g_p15card, profile, &args, NULL); + sc_unlock(g_p15card->card); return r; } @@ -1282,11 +1282,11 @@ do_store_certificate(struct sc_profile *profile) if (r >= 0) r = do_convert_cert(&args.der_encoded, cert); if (r >= 0) { - r = sc_lock(p15card->card); + r = sc_lock(g_p15card->card); if (r < 0) return r; - r = sc_pkcs15init_store_certificate(p15card, profile, &args, NULL); - sc_unlock(p15card->card); + r = sc_pkcs15init_store_certificate(g_p15card, profile, &args, NULL); + sc_unlock(g_p15card->card); } if (args.der_encoded.value) @@ -1383,17 +1383,17 @@ do_update_certificate(struct sc_profile *profile) sc_pkcs15_format_id(opt_objectid, &id); - if (sc_pkcs15_find_cert_by_id(p15card, &id, &obj) != 0) { + if (sc_pkcs15_find_cert_by_id(g_p15card, &id, &obj) != 0) { util_error("Couldn't find the cert with ID %s\n", opt_objectid); return SC_ERROR_OBJECT_NOT_FOUND; } - r = sc_lock(p15card->card); + r = sc_lock(g_p15card->card); if (r < 0) return r; certinfo = (sc_pkcs15_cert_info_t *) obj->data; - r = sc_pkcs15_read_certificate(p15card, certinfo, &oldcert); + r = sc_pkcs15_read_certificate(g_p15card, certinfo, &oldcert); if (r < 0) goto err; @@ -1403,14 +1403,14 @@ do_update_certificate(struct sc_profile *profile) if (r < 0) goto err; - r = sc_pkcs15init_update_certificate(p15card, profile, obj, + r = sc_pkcs15init_update_certificate(g_p15card, profile, obj, newcert_raw.value, newcert_raw.len); if (newcert_raw.value) free(newcert_raw.value); err: - sc_unlock(p15card->card); + sc_unlock(g_p15card->card); return r; } @@ -1446,13 +1446,13 @@ do_store_data_object(struct sc_profile *profile) /* der_encoded contains the plain data, nothing DER encoded */ args.der_encoded.value = data; args.der_encoded.len = datalen; - r = sc_lock(p15card->card); + r = sc_lock(g_p15card->card); if (r < 0) { free(data); return r; } - r = sc_pkcs15init_store_data_object(p15card, profile, &args, NULL); - sc_unlock(p15card->card); + r = sc_pkcs15init_store_data_object(g_p15card, profile, &args, NULL); + sc_unlock(g_p15card->card); } if (data) @@ -1467,11 +1467,11 @@ static int do_sanity_check(struct sc_profile *profile) { int r; - r = sc_lock(p15card->card); + r = sc_lock(g_p15card->card); if (r < 0) return r; - r = sc_pkcs15init_sanity_check(p15card, profile); - sc_unlock(p15card->card); + r = sc_pkcs15init_sanity_check(g_p15card, profile); + sc_unlock(g_p15card->card); return r; } @@ -1627,7 +1627,7 @@ do_delete_objects(struct sc_profile *profile, unsigned int myopt_delete_flags) { int r = 0, count = 0; - r = sc_lock(p15card->card); + r = sc_lock(g_p15card->card); if (r < 0) return r; @@ -1638,17 +1638,17 @@ do_delete_objects(struct sc_profile *profile, unsigned int myopt_delete_flags) if (opt_application_id != NULL) { sc_format_oid(&app_oid, opt_application_id); - r = sc_pkcs15_find_data_object_by_app_oid(p15card, &app_oid, &obj); + r = sc_pkcs15_find_data_object_by_app_oid(g_p15card, &app_oid, &obj); } else if (opt_application_name != NULL && opt_label != NULL) { - r = sc_pkcs15_find_data_object_by_name(p15card, opt_application_name, opt_label, &obj); + r = sc_pkcs15_find_data_object_by_name(g_p15card, opt_application_name, opt_label, &obj); } else { util_fatal("Specify the --application-id or --application-name and --label for the data object to be deleted\n"); } if (r >= 0) { - r = sc_pkcs15init_delete_object(p15card, profile, obj); + r = sc_pkcs15init_delete_object(g_p15card, profile, obj); if (r >= 0) count++; } @@ -1660,12 +1660,12 @@ do_delete_objects(struct sc_profile *profile, unsigned int myopt_delete_flags) util_fatal("Specify the --id for key(s) or cert(s) to be deleted\n"); sc_pkcs15_format_id(opt_objectid, &id); - r = do_delete_crypto_objects(p15card, profile, &id, myopt_delete_flags); + r = do_delete_crypto_objects(g_p15card, profile, &id, myopt_delete_flags); if (r >= 0) count += r; } - sc_unlock(p15card->card); + sc_unlock(g_p15card->card); printf("Deleted %d objects\n", count); return r; @@ -1692,23 +1692,23 @@ do_change_attributes(struct sc_profile *profile, unsigned int myopt_type) switch(myopt_type) { case SC_PKCS15INIT_TYPE_PRKEY: - if ((r = sc_pkcs15_find_prkey_by_id(p15card, &id, &obj)) != 0) + if ((r = sc_pkcs15_find_prkey_by_id(g_p15card, &id, &obj)) != 0) return r; break; case SC_PKCS15INIT_TYPE_PUBKEY: - if ((r = sc_pkcs15_find_pubkey_by_id(p15card, &id, &obj)) != 0) + if ((r = sc_pkcs15_find_pubkey_by_id(g_p15card, &id, &obj)) != 0) return r; break; case SC_PKCS15INIT_TYPE_CERT: - if ((r = sc_pkcs15_find_cert_by_id(p15card, &id, &obj)) != 0) + if ((r = sc_pkcs15_find_cert_by_id(g_p15card, &id, &obj)) != 0) return r; break; case SC_PKCS15INIT_TYPE_DATA: - if ((r = sc_pkcs15_find_data_object_by_id(p15card, &id, &obj)) != 0) + if ((r = sc_pkcs15_find_data_object_by_id(g_p15card, &id, &obj)) != 0) return r; break; case SC_PKCS15INIT_TYPE_SKEY: - if ((r = sc_pkcs15_find_skey_by_id(p15card, &id, &obj)) != 0) + if ((r = sc_pkcs15_find_skey_by_id(g_p15card, &id, &obj)) != 0) return r; break; } @@ -1722,11 +1722,11 @@ do_change_attributes(struct sc_profile *profile, unsigned int myopt_type) strlcpy(obj->label, opt_label, sizeof(obj->label)); } - r = sc_lock(p15card->card); + r = sc_lock(g_p15card->card); if (r < 0) return r; - r = sc_pkcs15init_update_any_df(p15card, profile, obj->df, 0); - sc_unlock(p15card->card); + r = sc_pkcs15init_update_any_df(g_p15card, profile, obj->df, 0); + sc_unlock(g_p15card->card); return r; } @@ -1767,10 +1767,10 @@ do_generate_key(struct sc_profile *profile, const char *spec) break; } - r = sc_lock(p15card->card); + r = sc_lock(g_p15card->card); if (r == 0) - r = sc_pkcs15init_generate_key(p15card, profile, &keygen_args, keybits, NULL); - sc_unlock(p15card->card); + r = sc_pkcs15init_generate_key(g_p15card, profile, &keygen_args, keybits, NULL); + sc_unlock(g_p15card->card); return r; } @@ -1795,10 +1795,10 @@ do_generate_skey(struct sc_profile *profile, const char *spec) } skey_args.value_len = keybits; - r = sc_lock(p15card->card); + r = sc_lock(g_p15card->card); if (r == 0) - r = sc_pkcs15init_generate_secret_key(p15card, profile, &skey_args, NULL); - sc_unlock(p15card->card); + r = sc_pkcs15init_generate_secret_key(g_p15card, profile, &skey_args, NULL); + sc_unlock(g_p15card->card); return r; } @@ -2080,8 +2080,8 @@ get_pin_callback(struct sc_profile *profile, hints.prompt = prompt; hints.obj_label = name; hints.usage = SC_UI_USAGE_OTHER; - hints.card = card; - hints.p15card = p15card; + hints.card = g_card; + hints.p15card = g_p15card; if ((r = get_pin(&hints, &secret)) < 0) { fprintf(stderr, @@ -3176,7 +3176,7 @@ static int verify_pin(struct sc_pkcs15_card *p15card, char *auth_id_str) hints.prompt = "User PIN required"; hints.obj_label = pin_label; hints.usage = SC_UI_USAGE_OTHER; - hints.card = card; + hints.card = g_card; hints.p15card = p15card; get_pin(&hints, &pin); diff --git a/src/tools/sc-hsm-tool.c b/src/tools/sc-hsm-tool.c index 2642c000..a6cacb5b 100644 --- a/src/tools/sc-hsm-tool.c +++ b/src/tools/sc-hsm-tool.c @@ -137,9 +137,6 @@ typedef struct { BIGNUM * y; } secret_share_t; -static sc_context_t *ctx = NULL; -static sc_card_t *card = NULL; - @@ -195,10 +192,10 @@ static void calculatePolynomialValue(const BIGNUM *x, BIGNUM **polynomial, const BIGNUM *exponent; unsigned long exp; - BN_CTX *ctx; + BN_CTX *bn_ctx; // Create context for temporary variables of OpenSSL engine - ctx = BN_CTX_new(); + bn_ctx = BN_CTX_new(); temp = BN_new(); exponent = BN_new(); @@ -218,19 +215,19 @@ static void calculatePolynomialValue(const BIGNUM *x, BIGNUM **polynomial, const BN_set_word(exponent, exp); // temp = x^exponent mod prime - BN_mod_exp(temp, x, exponent, prime, ctx); + BN_mod_exp(temp, x, exponent, prime, bn_ctx); // exponent = temp * a = a * x^exponent mod prime - BN_mod_mul(exponent, temp, *pp, prime, ctx); + BN_mod_mul(exponent, temp, *pp, prime, bn_ctx); // add the temp value from exponent to y BN_copy(temp, y); - BN_mod_add(y, temp, exponent, prime, ctx); + BN_mod_add(y, temp, exponent, prime, bn_ctx); pp++; } BN_clear_free(temp); BN_clear_free(exponent); - BN_CTX_free(ctx); + BN_CTX_free(bn_ctx); } @@ -784,7 +781,7 @@ static int recreate_password_from_shares(char **pwd, int *pwdlen, int num_of_pas static int import_dkek_share(sc_card_t *card, const char *inf, int iter, const char *password, int num_of_password_shares) { sc_cardctl_sc_hsm_dkek_t dkekinfo; - EVP_CIPHER_CTX *ctx = NULL; + EVP_CIPHER_CTX *bn_ctx = NULL; FILE *in = NULL; u8 filebuff[64],key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH],outbuff[64]; char *pwd = NULL; @@ -842,14 +839,14 @@ static int import_dkek_share(sc_card_t *card, const char *inf, int iter, const c free(pwd); } - ctx = EVP_CIPHER_CTX_new(); - EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv); - if (!EVP_DecryptUpdate(ctx, outbuff, &outlen, filebuff + 16, sizeof(filebuff) - 16)) { + bn_ctx = EVP_CIPHER_CTX_new(); + EVP_DecryptInit_ex(bn_ctx, EVP_aes_256_cbc(), NULL, key, iv); + if (!EVP_DecryptUpdate(bn_ctx, outbuff, &outlen, filebuff + 16, sizeof(filebuff) - 16)) { fprintf(stderr, "Error decrypting DKEK share. Password correct ?\n"); return -1; } - if (!EVP_DecryptFinal_ex(ctx, outbuff + outlen, &r)) { + if (!EVP_DecryptFinal_ex(bn_ctx, outbuff + outlen, &r)) { fprintf(stderr, "Error decrypting DKEK share. Password correct ?\n"); return -1; } @@ -863,7 +860,7 @@ static int import_dkek_share(sc_card_t *card, const char *inf, int iter, const c r = sc_card_ctl(card, SC_CARDCTL_SC_HSM_IMPORT_DKEK_SHARE, (void *)&dkekinfo); OPENSSL_cleanse(&dkekinfo.dkek_share, sizeof(dkekinfo.dkek_share)); - EVP_CIPHER_CTX_free(ctx); + EVP_CIPHER_CTX_free(bn_ctx); if (r == SC_ERROR_INS_NOT_SUPPORTED) { // Not supported or not initialized for key shares fprintf(stderr, "Not supported by card or card not initialized for key share usage\n"); @@ -884,7 +881,7 @@ static int print_dkek_share(sc_card_t *card, const char *inf, int iter, const ch // hex output can be used in the SCSH shell with the // decrypt_keyblob.js file sc_cardctl_sc_hsm_dkek_t dkekinfo; - EVP_CIPHER_CTX *ctx = NULL; + EVP_CIPHER_CTX *bn_ctx = NULL; FILE *in = NULL; u8 filebuff[64],key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH],outbuff[64]; char *pwd = NULL; @@ -943,14 +940,14 @@ static int print_dkek_share(sc_card_t *card, const char *inf, int iter, const ch free(pwd); } - ctx = EVP_CIPHER_CTX_new(); - EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv); - if (!EVP_DecryptUpdate(ctx, outbuff, &outlen, filebuff + 16, sizeof(filebuff) - 16)) { + bn_ctx = EVP_CIPHER_CTX_new(); + EVP_DecryptInit_ex(bn_ctx, EVP_aes_256_cbc(), NULL, key, iv); + if (!EVP_DecryptUpdate(bn_ctx, outbuff, &outlen, filebuff + 16, sizeof(filebuff) - 16)) { fprintf(stderr, "Error decrypting DKEK share. Password correct ?\n"); return -1; } - if (!EVP_DecryptFinal_ex(ctx, outbuff + outlen, &r)) { + if (!EVP_DecryptFinal_ex(bn_ctx, outbuff + outlen, &r)) { fprintf(stderr, "Error decrypting DKEK share. Password correct ?\n"); return -1; } @@ -970,7 +967,7 @@ static int print_dkek_share(sc_card_t *card, const char *inf, int iter, const ch printf("\n\n"); OPENSSL_cleanse(&dkekinfo.dkek_share, sizeof(dkekinfo.dkek_share)); - EVP_CIPHER_CTX_free(ctx); + EVP_CIPHER_CTX_free(bn_ctx); if (r == SC_ERROR_INS_NOT_SUPPORTED) { // Not supported or not initialized for key shares fprintf(stderr, "Not supported by card or card not initialized for key share usage\n"); @@ -1155,7 +1152,7 @@ static int generate_pwd_shares(sc_card_t *card, char **pwd, int *pwdlen, int pas static int create_dkek_share(sc_card_t *card, const char *outf, int iter, const char *password, int password_shares_threshold, int password_shares_total) { - EVP_CIPHER_CTX *ctx = NULL; + EVP_CIPHER_CTX *c_ctx = NULL; FILE *out = NULL; u8 filebuff[64], key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; u8 dkek_share[32]; @@ -1206,14 +1203,14 @@ static int create_dkek_share(sc_card_t *card, const char *outf, int iter, const return -1; } - ctx = EVP_CIPHER_CTX_new(); - EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv); - if (!EVP_EncryptUpdate(ctx, filebuff + 16, &outlen, dkek_share, sizeof(dkek_share))) { + c_ctx = EVP_CIPHER_CTX_new(); + EVP_EncryptInit_ex(c_ctx, EVP_aes_256_cbc(), NULL, key, iv); + if (!EVP_EncryptUpdate(c_ctx, filebuff + 16, &outlen, dkek_share, sizeof(dkek_share))) { fprintf(stderr, "Error encrypting DKEK share\n"); return -1; } - if (!EVP_EncryptFinal_ex(ctx, filebuff + 16 + outlen, &r)) { + if (!EVP_EncryptFinal_ex(c_ctx, filebuff + 16 + outlen, &r)) { fprintf(stderr, "Error encrypting DKEK share\n"); return -1; } @@ -1234,7 +1231,7 @@ static int create_dkek_share(sc_card_t *card, const char *outf, int iter, const fclose(out); OPENSSL_cleanse(filebuff, sizeof(filebuff)); - EVP_CIPHER_CTX_free(ctx); + EVP_CIPHER_CTX_free(c_ctx); printf("DKEK share created and saved to %s\n", outf); return 0; @@ -1302,7 +1299,7 @@ static int wrap_with_tag(u8 tag, u8 *indata, size_t inlen, u8 **outdata, size_t -static int wrap_key(sc_card_t *card, int keyid, const char *outf, const char *pin) +static int wrap_key(sc_context_t *ctx, sc_card_t *card, int keyid, const char *outf, const char *pin) { sc_cardctl_sc_hsm_wrapped_key_t wrapped_key; struct sc_pin_cmd_data data; @@ -1706,6 +1703,8 @@ int main(int argc, char *argv[]) int opt_force = 0; int opt_iter = 10000000; sc_context_param_t ctx_param; + sc_context_t *ctx = NULL; + sc_card_t *card = NULL; while (1) { c = getopt_long(argc, argv, "XC:I:P:W:U:s:i:fr:wv", options, &long_optind); @@ -1839,7 +1838,7 @@ int main(int argc, char *argv[]) if (do_print_dkek_share && print_dkek_share(card, opt_filename, opt_iter, opt_password, opt_password_shares_total)) goto fail; - if (do_wrap_key && wrap_key(card, opt_key_reference, opt_filename, opt_pin)) + if (do_wrap_key && wrap_key(ctx, card, opt_key_reference, opt_filename, opt_pin)) goto fail; if (do_unwrap_key && unwrap_key(card, opt_key_reference, opt_filename, opt_pin, opt_force)) diff --git a/src/tools/westcos-tool.c b/src/tools/westcos-tool.c index 4bcf9fdf..d56ba571 100644 --- a/src/tools/westcos-tool.c +++ b/src/tools/westcos-tool.c @@ -292,13 +292,13 @@ static int unlock_pin(sc_card_t *card, return 0; } -static int cert2der(X509 *cert, u8 **value) +static int cert2der(X509 *in_cert, u8 **value) { int len; u8 *p; - len = i2d_X509(cert, NULL); + len = i2d_X509(in_cert, NULL); p = *value = malloc(len); - i2d_X509(cert, &p); + i2d_X509(in_cert, &p); return len; }