don't hide global variables
This commit is contained in:
parent
1991dcea0d
commit
6bf7c0d219
|
@ -92,9 +92,6 @@ static const char *option_help[] = {
|
|||
"Verbose operation. Use several times to enable debug output.",
|
||||
};
|
||||
|
||||
static sc_context_t *ctx = NULL;
|
||||
static sc_card_t *card = NULL;
|
||||
|
||||
static int initialize(sc_card_t *card, const char *so_pin, const char *user_pin, const char* serial)
|
||||
{
|
||||
sc_cardctl_gids_init_param_t param;
|
||||
|
@ -479,6 +476,8 @@ int main(int argc, char * argv[])
|
|||
const char *opt_serial_number = NULL;
|
||||
const char *opt_new_key = NULL;
|
||||
sc_context_param_t ctx_param;
|
||||
sc_context_t *ctx = NULL;
|
||||
sc_card_t *card = NULL;
|
||||
|
||||
while (1) {
|
||||
c = getopt_long(argc, argv, "XUCr:wv", options, &long_optind);
|
||||
|
|
|
@ -663,7 +663,7 @@ static int do_dump_do(sc_card_t *card, unsigned int tag)
|
|||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
int do_genkey(sc_card_t *card, u8 key_id, const char *keytype)
|
||||
int do_genkey(sc_card_t *card, u8 in_key_id, const char *keytype)
|
||||
{
|
||||
int r;
|
||||
sc_cardctl_openpgp_keygen_info_t key_info;
|
||||
|
@ -671,9 +671,9 @@ int do_genkey(sc_card_t *card, u8 key_id, const char *keytype)
|
|||
sc_path_t path;
|
||||
sc_file_t *file;
|
||||
|
||||
/* validate key_id */
|
||||
if (key_id < 1 || key_id > 3) {
|
||||
util_error("unknown key ID %d", key_id);
|
||||
/* validate in_key_id */
|
||||
if (in_key_id < 1 || in_key_id > 3) {
|
||||
util_error("unknown key ID %d", in_key_id);
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
}
|
||||
|
||||
|
@ -701,7 +701,7 @@ int do_genkey(sc_card_t *card, u8 key_id, const char *keytype)
|
|||
}
|
||||
|
||||
/* set key_info */
|
||||
key_info.key_id = key_id;
|
||||
key_info.key_id = in_key_id;
|
||||
key_info.algorithm = SC_OPENPGP_KEYALGO_RSA;
|
||||
key_info.rsa.modulus_len = keylen;
|
||||
key_info.rsa.modulus = malloc((keylen + 7) / 8);
|
||||
|
@ -730,17 +730,17 @@ int do_genkey(sc_card_t *card, u8 key_id, const char *keytype)
|
|||
util_error("failed to retrieve fingerprints: %s", sc_strerror(r));
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
printf("Fingerprint:\n%s\n", (char *)sc_dump_hex(fingerprints + 20*(key_id - 1), 20));
|
||||
printf("Fingerprint:\n%s\n", (char *)sc_dump_hex(fingerprints + 20*(in_key_id - 1), 20));
|
||||
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
int do_verify(sc_card_t *card, char *type, const char *pin)
|
||||
int do_verify(sc_card_t *card, char *type, const char *in_pin)
|
||||
{
|
||||
struct sc_pin_cmd_data data;
|
||||
int tries_left;
|
||||
int r;
|
||||
if (!type || !pin)
|
||||
if (!type || !in_pin)
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
|
||||
if (strncasecmp("CHV", type, 3) != 0) {
|
||||
|
@ -757,8 +757,8 @@ int do_verify(sc_card_t *card, char *type, const char *pin)
|
|||
data.cmd = SC_PIN_CMD_VERIFY;
|
||||
data.pin_type = SC_AC_CHV;
|
||||
data.pin_reference = type[3] - '0';
|
||||
data.pin1.data = (unsigned char *) pin;
|
||||
data.pin1.len = (int)strlen(pin);
|
||||
data.pin1.data = (unsigned char *) in_pin;
|
||||
data.pin1.len = (int)strlen(in_pin);
|
||||
r = sc_pin_cmd(card, &data, &tries_left);
|
||||
return r;
|
||||
}
|
||||
|
@ -767,7 +767,7 @@ int do_verify(sc_card_t *card, char *type, const char *pin)
|
|||
* Delete key, for OpenPGP card.
|
||||
* This function is not complete and is reserved for future version (> 2) of OpenPGP card.
|
||||
**/
|
||||
int delete_key_openpgp(sc_card_t *card, u8 key_id)
|
||||
int delete_key_openpgp(sc_card_t *card, u8 in_key_id)
|
||||
{
|
||||
char *del_fingerprint = "00:DA:00:C6:14:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00";
|
||||
char *del_creationtime = "00:DA:00:CD:04:00:00:00:00";
|
||||
|
@ -790,7 +790,7 @@ int delete_key_openpgp(sc_card_t *card, u8 key_id)
|
|||
sc_hex_to_bin(apdustring, buf, &len0);
|
||||
|
||||
/* Replace DO tag, subject to key ID */
|
||||
buf[3] = buf[3] + key_id;
|
||||
buf[3] = buf[3] + in_key_id;
|
||||
|
||||
/* Build APDU from binary array */
|
||||
r = sc_bytes2apdu(card->ctx, buf, len0, &apdu);
|
||||
|
@ -813,7 +813,7 @@ int delete_key_openpgp(sc_card_t *card, u8 key_id)
|
|||
return r;
|
||||
}
|
||||
|
||||
int do_delete_key(sc_card_t *card, u8 key_id)
|
||||
int do_delete_key(sc_card_t *card, u8 in_key_id)
|
||||
{
|
||||
sc_path_t path;
|
||||
int r = SC_SUCCESS;
|
||||
|
@ -824,20 +824,20 @@ int do_delete_key(sc_card_t *card, u8 key_id)
|
|||
return SC_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
if (key_id < 1 || (key_id > 3 && key_id != 'a')) {
|
||||
util_error("invalid key id %d", key_id);
|
||||
if (in_key_id < 1 || (in_key_id > 3 && in_key_id != 'a')) {
|
||||
util_error("invalid key id %d", in_key_id);
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
}
|
||||
|
||||
if (key_id == 1 || key_id == 'a') {
|
||||
if (in_key_id == 1 || in_key_id == 'a') {
|
||||
sc_format_path("B601", &path);
|
||||
r |= sc_delete_file(card, &path);
|
||||
}
|
||||
if (key_id == 2 || key_id == 'a') {
|
||||
if (in_key_id == 2 || in_key_id == 'a') {
|
||||
sc_format_path("B801", &path);
|
||||
r |= sc_delete_file(card, &path);
|
||||
}
|
||||
if (key_id == 3 || key_id == 'a') {
|
||||
if (in_key_id == 3 || in_key_id == 'a') {
|
||||
sc_format_path("A401", &path);
|
||||
r |= sc_delete_file(card, &path);
|
||||
}
|
||||
|
|
|
@ -353,9 +353,9 @@ struct secret {
|
|||
#define SC_PKCS15INIT_TYPE_DATA 16
|
||||
#define SC_PKCS15INIT_TYPE_SKEY 32
|
||||
|
||||
static sc_context_t * ctx = NULL;
|
||||
static sc_card_t * card = NULL;
|
||||
static struct sc_pkcs15_card * p15card = NULL;
|
||||
static sc_context_t * g_ctx = NULL;
|
||||
static sc_card_t * g_card = NULL;
|
||||
static struct sc_pkcs15_card * g_p15card = NULL;
|
||||
static char * opt_reader = NULL;
|
||||
static unsigned int opt_actions;
|
||||
static int opt_extractable = 0,
|
||||
|
@ -496,7 +496,7 @@ main(int argc, char **argv)
|
|||
sc_pkcs15init_set_callbacks(&callbacks);
|
||||
|
||||
/* Bind the card-specific operations and load the profile */
|
||||
r = sc_pkcs15init_bind(card, opt_profile, opt_card_profile, NULL, &profile);
|
||||
r = sc_pkcs15init_bind(g_card, opt_profile, opt_card_profile, NULL, &profile);
|
||||
if (r < 0) {
|
||||
printf("Couldn't bind to the card: %s\n", sc_strerror(r));
|
||||
return 1;
|
||||
|
@ -515,7 +515,7 @@ main(int argc, char **argv)
|
|||
if (action != ACTION_ERASE
|
||||
&& action != ACTION_INIT
|
||||
&& action != ACTION_ASSERT_PRISTINE
|
||||
&& p15card == NULL) {
|
||||
&& g_p15card == NULL) {
|
||||
/* Read the PKCS15 structure from the card */
|
||||
if (opt_bind_to_aid) {
|
||||
struct sc_aid aid;
|
||||
|
@ -526,16 +526,16 @@ main(int argc, char **argv)
|
|||
return 1;
|
||||
}
|
||||
|
||||
r = sc_pkcs15init_finalize_profile(card, profile, &aid);
|
||||
r = sc_pkcs15init_finalize_profile(g_card, profile, &aid);
|
||||
if (r < 0) {
|
||||
fprintf(stderr, "Finalize profile error %s\n", sc_strerror(r));
|
||||
break;
|
||||
}
|
||||
|
||||
r = sc_pkcs15_bind(card, &aid, &p15card);
|
||||
r = sc_pkcs15_bind(g_card, &aid, &g_p15card);
|
||||
}
|
||||
else {
|
||||
r = sc_pkcs15_bind(card, NULL, &p15card);
|
||||
r = sc_pkcs15_bind(g_card, NULL, &g_p15card);
|
||||
}
|
||||
if (r) {
|
||||
fprintf(stderr, "PKCS#15 binding failed: %s\n", sc_strerror(r));
|
||||
|
@ -546,12 +546,12 @@ main(int argc, char **argv)
|
|||
* sure we're not messing things up */
|
||||
|
||||
if (verbose)
|
||||
printf("Found %s\n", p15card->tokeninfo->label);
|
||||
printf("Found %s\n", g_p15card->tokeninfo->label);
|
||||
|
||||
sc_pkcs15init_set_p15card(profile, p15card);
|
||||
sc_pkcs15init_set_p15card(profile, g_p15card);
|
||||
|
||||
if (opt_verify_pin) {
|
||||
r = verify_pin(p15card, opt_authid);
|
||||
r = verify_pin(g_p15card, opt_authid);
|
||||
if (r) {
|
||||
fprintf(stderr, "Failed to verify User PIN : %s\n",
|
||||
sc_strerror(r));
|
||||
|
@ -569,11 +569,11 @@ main(int argc, char **argv)
|
|||
break;
|
||||
case ACTION_ASSERT_PRISTINE:
|
||||
/* skip printing error message */
|
||||
if ((r = do_assert_pristine(card)) < 0)
|
||||
if ((r = do_assert_pristine(g_card)) < 0)
|
||||
goto out;
|
||||
continue;
|
||||
case ACTION_ERASE:
|
||||
r = do_erase(card, profile);
|
||||
r = do_erase(g_card, profile);
|
||||
break;
|
||||
case ACTION_INIT:
|
||||
r = do_init_app(profile);
|
||||
|
@ -611,7 +611,7 @@ main(int argc, char **argv)
|
|||
r = do_generate_skey(profile, opt_newkey);
|
||||
break;
|
||||
case ACTION_FINALIZE_CARD:
|
||||
r = do_finalize_card(card, profile);
|
||||
r = do_finalize_card(g_card, profile);
|
||||
break;
|
||||
case ACTION_SANITY_CHECK:
|
||||
r = do_sanity_check(profile);
|
||||
|
@ -620,7 +620,7 @@ main(int argc, char **argv)
|
|||
profile->dirty = 1;
|
||||
break;
|
||||
case ACTION_ERASE_APPLICATION:
|
||||
r = do_erase_application(card, profile);
|
||||
r = do_erase_application(g_card, profile);
|
||||
break;
|
||||
default:
|
||||
util_fatal("Action not yet implemented\n");
|
||||
|
@ -641,13 +641,13 @@ out:
|
|||
if (profile) {
|
||||
sc_pkcs15init_unbind(profile);
|
||||
}
|
||||
if (p15card) {
|
||||
sc_pkcs15_unbind(p15card);
|
||||
if (g_p15card) {
|
||||
sc_pkcs15_unbind(g_p15card);
|
||||
}
|
||||
if (card) {
|
||||
sc_disconnect_card(card);
|
||||
if (g_card) {
|
||||
sc_disconnect_card(g_card);
|
||||
}
|
||||
sc_release_context(ctx);
|
||||
sc_release_context(g_ctx);
|
||||
return r < 0? 1 : 0;
|
||||
}
|
||||
|
||||
|
@ -661,13 +661,13 @@ open_reader_and_card(char *reader)
|
|||
ctx_param.ver = 0;
|
||||
ctx_param.app_name = app_name;
|
||||
|
||||
r = sc_context_create(&ctx, &ctx_param);
|
||||
r = sc_context_create(&g_ctx, &ctx_param);
|
||||
if (r) {
|
||||
util_error("Failed to establish context: %s\n", sc_strerror(r));
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (util_connect_card_ex(ctx, &card, reader, opt_wait, 0, verbose))
|
||||
if (util_connect_card_ex(g_ctx, &g_card, reader, opt_wait, 0, verbose))
|
||||
return 0;
|
||||
|
||||
return 1;
|
||||
|
@ -855,7 +855,7 @@ do_init_app(struct sc_profile *profile)
|
|||
hints.flags = SC_UI_PIN_RETYPE
|
||||
| SC_UI_PIN_CHECK_LENGTH
|
||||
| SC_UI_PIN_MISMATCH_RETRY;
|
||||
hints.card = card;
|
||||
hints.card = g_card;
|
||||
hints.p15card = NULL;
|
||||
hints.info.pin = &info;
|
||||
|
||||
|
@ -915,11 +915,11 @@ do_init_app(struct sc_profile *profile)
|
|||
args.serial = (const char *) opt_serial;
|
||||
args.label = opt_label;
|
||||
|
||||
r = sc_lock(card);
|
||||
r = sc_lock(g_card);
|
||||
if (r < 0)
|
||||
return r;
|
||||
r = sc_pkcs15init_add_app(card, profile, &args);
|
||||
sc_unlock(card);
|
||||
r = sc_pkcs15init_add_app(g_card, profile, &args);
|
||||
sc_unlock(g_card);
|
||||
return r;
|
||||
|
||||
failed: fprintf(stderr, "Failed to read PIN: %s\n", sc_strerror(r));
|
||||
|
@ -943,8 +943,8 @@ do_store_pin(struct sc_profile *profile)
|
|||
hints.flags = SC_UI_PIN_RETYPE
|
||||
| SC_UI_PIN_CHECK_LENGTH
|
||||
| SC_UI_PIN_MISMATCH_RETRY;
|
||||
hints.card = card;
|
||||
hints.p15card = p15card;
|
||||
hints.card = g_card;
|
||||
hints.p15card = g_p15card;
|
||||
hints.info.pin = &info;
|
||||
|
||||
pin_id = opt_objectid ? opt_objectid : opt_authid;
|
||||
|
@ -988,11 +988,11 @@ do_store_pin(struct sc_profile *profile)
|
|||
args.puk = (u8 *) opt_pins[1];
|
||||
args.puk_len = opt_pins[1]? strlen(opt_pins[1]) : 0;
|
||||
|
||||
r = sc_lock(p15card->card);
|
||||
r = sc_lock(g_p15card->card);
|
||||
if (r < 0)
|
||||
return r;
|
||||
r = sc_pkcs15init_store_pin(p15card, profile, &args);
|
||||
sc_unlock(p15card->card);
|
||||
r = sc_pkcs15init_store_pin(g_p15card, profile, &args);
|
||||
sc_unlock(g_p15card->card);
|
||||
return r;
|
||||
|
||||
failed: fprintf(stderr, "Failed to read PIN: %s\n", sc_strerror(r));
|
||||
|
@ -1077,12 +1077,12 @@ do_store_private_key(struct sc_profile *profile)
|
|||
|
||||
args.access_flags |= SC_PKCS15_PRKEY_ACCESS_SENSITIVE;
|
||||
|
||||
r = sc_lock(p15card->card);
|
||||
r = sc_lock(g_p15card->card);
|
||||
if (r < 0)
|
||||
return r;
|
||||
r = sc_pkcs15init_store_private_key(p15card, profile, &args, NULL);
|
||||
r = sc_pkcs15init_store_private_key(g_p15card, profile, &args, NULL);
|
||||
if (r < 0) {
|
||||
sc_unlock(p15card->card);
|
||||
sc_unlock(g_p15card->card);
|
||||
return r;
|
||||
}
|
||||
|
||||
|
@ -1126,7 +1126,7 @@ do_store_private_key(struct sc_profile *profile)
|
|||
cargs.authority = 1;
|
||||
}
|
||||
|
||||
r = sc_pkcs15init_store_certificate(p15card, profile, &cargs, NULL);
|
||||
r = sc_pkcs15init_store_certificate(g_p15card, profile, &cargs, NULL);
|
||||
next_cert:
|
||||
free(cargs.der_encoded.value);
|
||||
}
|
||||
|
@ -1135,7 +1135,7 @@ next_cert:
|
|||
if (ncerts == 0)
|
||||
r = do_store_public_key(profile, pkey);
|
||||
|
||||
sc_unlock(p15card->card);
|
||||
sc_unlock(g_p15card->card);
|
||||
return r;
|
||||
}
|
||||
|
||||
|
@ -1150,7 +1150,7 @@ is_cacert_already_present(struct sc_pkcs15init_certargs *args)
|
|||
sc_pkcs15_cert_t *cert;
|
||||
int i, count, r;
|
||||
|
||||
r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_CERT_X509, objs, 32);
|
||||
r = sc_pkcs15_get_objects(g_p15card, SC_PKCS15_TYPE_CERT_X509, objs, 32);
|
||||
if (r <= 0)
|
||||
return 0;
|
||||
|
||||
|
@ -1165,7 +1165,7 @@ is_cacert_already_present(struct sc_pkcs15init_certargs *args)
|
|||
/* XXX we should also match the usage field here */
|
||||
|
||||
/* Compare the DER representation of the certificates */
|
||||
r = sc_pkcs15_read_certificate(p15card, cinfo, &cert);
|
||||
r = sc_pkcs15_read_certificate(g_p15card, cinfo, &cert);
|
||||
if (r < 0 || !cert)
|
||||
continue;
|
||||
|
||||
|
@ -1207,11 +1207,11 @@ do_store_public_key(struct sc_profile *profile, EVP_PKEY *pkey)
|
|||
init_gost_params(&args.params.gost, pkey);
|
||||
}
|
||||
if (r >= 0) {
|
||||
r = sc_lock(p15card->card);
|
||||
r = sc_lock(g_p15card->card);
|
||||
if (r < 0)
|
||||
return r;
|
||||
r = sc_pkcs15init_store_public_key(p15card, profile, &args, &dummy);
|
||||
sc_unlock(p15card->card);
|
||||
r = sc_pkcs15init_store_public_key(g_p15card, profile, &args, &dummy);
|
||||
sc_unlock(g_p15card->card);
|
||||
}
|
||||
|
||||
return r;
|
||||
|
@ -1249,11 +1249,11 @@ do_store_secret_key(struct sc_profile *profile)
|
|||
args.value_len = keybits;
|
||||
args.access_flags |= SC_PKCS15_PRKEY_ACCESS_SENSITIVE;
|
||||
|
||||
r = sc_lock(p15card->card);
|
||||
r = sc_lock(g_p15card->card);
|
||||
if (r < 0)
|
||||
return r;
|
||||
r = sc_pkcs15init_store_secret_key(p15card, profile, &args, NULL);
|
||||
sc_unlock(p15card->card);
|
||||
r = sc_pkcs15init_store_secret_key(g_p15card, profile, &args, NULL);
|
||||
sc_unlock(g_p15card->card);
|
||||
return r;
|
||||
}
|
||||
|
||||
|
@ -1282,11 +1282,11 @@ do_store_certificate(struct sc_profile *profile)
|
|||
if (r >= 0)
|
||||
r = do_convert_cert(&args.der_encoded, cert);
|
||||
if (r >= 0) {
|
||||
r = sc_lock(p15card->card);
|
||||
r = sc_lock(g_p15card->card);
|
||||
if (r < 0)
|
||||
return r;
|
||||
r = sc_pkcs15init_store_certificate(p15card, profile, &args, NULL);
|
||||
sc_unlock(p15card->card);
|
||||
r = sc_pkcs15init_store_certificate(g_p15card, profile, &args, NULL);
|
||||
sc_unlock(g_p15card->card);
|
||||
}
|
||||
|
||||
if (args.der_encoded.value)
|
||||
|
@ -1383,17 +1383,17 @@ do_update_certificate(struct sc_profile *profile)
|
|||
|
||||
sc_pkcs15_format_id(opt_objectid, &id);
|
||||
|
||||
if (sc_pkcs15_find_cert_by_id(p15card, &id, &obj) != 0) {
|
||||
if (sc_pkcs15_find_cert_by_id(g_p15card, &id, &obj) != 0) {
|
||||
util_error("Couldn't find the cert with ID %s\n", opt_objectid);
|
||||
return SC_ERROR_OBJECT_NOT_FOUND;
|
||||
}
|
||||
|
||||
r = sc_lock(p15card->card);
|
||||
r = sc_lock(g_p15card->card);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
certinfo = (sc_pkcs15_cert_info_t *) obj->data;
|
||||
r = sc_pkcs15_read_certificate(p15card, certinfo, &oldcert);
|
||||
r = sc_pkcs15_read_certificate(g_p15card, certinfo, &oldcert);
|
||||
if (r < 0)
|
||||
goto err;
|
||||
|
||||
|
@ -1403,14 +1403,14 @@ do_update_certificate(struct sc_profile *profile)
|
|||
if (r < 0)
|
||||
goto err;
|
||||
|
||||
r = sc_pkcs15init_update_certificate(p15card, profile, obj,
|
||||
r = sc_pkcs15init_update_certificate(g_p15card, profile, obj,
|
||||
newcert_raw.value, newcert_raw.len);
|
||||
|
||||
if (newcert_raw.value)
|
||||
free(newcert_raw.value);
|
||||
|
||||
err:
|
||||
sc_unlock(p15card->card);
|
||||
sc_unlock(g_p15card->card);
|
||||
return r;
|
||||
}
|
||||
|
||||
|
@ -1446,13 +1446,13 @@ do_store_data_object(struct sc_profile *profile)
|
|||
/* der_encoded contains the plain data, nothing DER encoded */
|
||||
args.der_encoded.value = data;
|
||||
args.der_encoded.len = datalen;
|
||||
r = sc_lock(p15card->card);
|
||||
r = sc_lock(g_p15card->card);
|
||||
if (r < 0) {
|
||||
free(data);
|
||||
return r;
|
||||
}
|
||||
r = sc_pkcs15init_store_data_object(p15card, profile, &args, NULL);
|
||||
sc_unlock(p15card->card);
|
||||
r = sc_pkcs15init_store_data_object(g_p15card, profile, &args, NULL);
|
||||
sc_unlock(g_p15card->card);
|
||||
}
|
||||
|
||||
if (data)
|
||||
|
@ -1467,11 +1467,11 @@ static int
|
|||
do_sanity_check(struct sc_profile *profile)
|
||||
{
|
||||
int r;
|
||||
r = sc_lock(p15card->card);
|
||||
r = sc_lock(g_p15card->card);
|
||||
if (r < 0)
|
||||
return r;
|
||||
r = sc_pkcs15init_sanity_check(p15card, profile);
|
||||
sc_unlock(p15card->card);
|
||||
r = sc_pkcs15init_sanity_check(g_p15card, profile);
|
||||
sc_unlock(g_p15card->card);
|
||||
return r;
|
||||
}
|
||||
|
||||
|
@ -1627,7 +1627,7 @@ do_delete_objects(struct sc_profile *profile, unsigned int myopt_delete_flags)
|
|||
{
|
||||
int r = 0, count = 0;
|
||||
|
||||
r = sc_lock(p15card->card);
|
||||
r = sc_lock(g_p15card->card);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
@ -1638,17 +1638,17 @@ do_delete_objects(struct sc_profile *profile, unsigned int myopt_delete_flags)
|
|||
if (opt_application_id != NULL) {
|
||||
sc_format_oid(&app_oid, opt_application_id);
|
||||
|
||||
r = sc_pkcs15_find_data_object_by_app_oid(p15card, &app_oid, &obj);
|
||||
r = sc_pkcs15_find_data_object_by_app_oid(g_p15card, &app_oid, &obj);
|
||||
}
|
||||
else if (opt_application_name != NULL && opt_label != NULL) {
|
||||
r = sc_pkcs15_find_data_object_by_name(p15card, opt_application_name, opt_label, &obj);
|
||||
r = sc_pkcs15_find_data_object_by_name(g_p15card, opt_application_name, opt_label, &obj);
|
||||
}
|
||||
else {
|
||||
util_fatal("Specify the --application-id or --application-name and --label for the data object to be deleted\n");
|
||||
}
|
||||
|
||||
if (r >= 0) {
|
||||
r = sc_pkcs15init_delete_object(p15card, profile, obj);
|
||||
r = sc_pkcs15init_delete_object(g_p15card, profile, obj);
|
||||
if (r >= 0)
|
||||
count++;
|
||||
}
|
||||
|
@ -1660,12 +1660,12 @@ do_delete_objects(struct sc_profile *profile, unsigned int myopt_delete_flags)
|
|||
util_fatal("Specify the --id for key(s) or cert(s) to be deleted\n");
|
||||
sc_pkcs15_format_id(opt_objectid, &id);
|
||||
|
||||
r = do_delete_crypto_objects(p15card, profile, &id, myopt_delete_flags);
|
||||
r = do_delete_crypto_objects(g_p15card, profile, &id, myopt_delete_flags);
|
||||
if (r >= 0)
|
||||
count += r;
|
||||
}
|
||||
|
||||
sc_unlock(p15card->card);
|
||||
sc_unlock(g_p15card->card);
|
||||
printf("Deleted %d objects\n", count);
|
||||
|
||||
return r;
|
||||
|
@ -1692,23 +1692,23 @@ do_change_attributes(struct sc_profile *profile, unsigned int myopt_type)
|
|||
|
||||
switch(myopt_type) {
|
||||
case SC_PKCS15INIT_TYPE_PRKEY:
|
||||
if ((r = sc_pkcs15_find_prkey_by_id(p15card, &id, &obj)) != 0)
|
||||
if ((r = sc_pkcs15_find_prkey_by_id(g_p15card, &id, &obj)) != 0)
|
||||
return r;
|
||||
break;
|
||||
case SC_PKCS15INIT_TYPE_PUBKEY:
|
||||
if ((r = sc_pkcs15_find_pubkey_by_id(p15card, &id, &obj)) != 0)
|
||||
if ((r = sc_pkcs15_find_pubkey_by_id(g_p15card, &id, &obj)) != 0)
|
||||
return r;
|
||||
break;
|
||||
case SC_PKCS15INIT_TYPE_CERT:
|
||||
if ((r = sc_pkcs15_find_cert_by_id(p15card, &id, &obj)) != 0)
|
||||
if ((r = sc_pkcs15_find_cert_by_id(g_p15card, &id, &obj)) != 0)
|
||||
return r;
|
||||
break;
|
||||
case SC_PKCS15INIT_TYPE_DATA:
|
||||
if ((r = sc_pkcs15_find_data_object_by_id(p15card, &id, &obj)) != 0)
|
||||
if ((r = sc_pkcs15_find_data_object_by_id(g_p15card, &id, &obj)) != 0)
|
||||
return r;
|
||||
break;
|
||||
case SC_PKCS15INIT_TYPE_SKEY:
|
||||
if ((r = sc_pkcs15_find_skey_by_id(p15card, &id, &obj)) != 0)
|
||||
if ((r = sc_pkcs15_find_skey_by_id(g_p15card, &id, &obj)) != 0)
|
||||
return r;
|
||||
break;
|
||||
}
|
||||
|
@ -1722,11 +1722,11 @@ do_change_attributes(struct sc_profile *profile, unsigned int myopt_type)
|
|||
strlcpy(obj->label, opt_label, sizeof(obj->label));
|
||||
}
|
||||
|
||||
r = sc_lock(p15card->card);
|
||||
r = sc_lock(g_p15card->card);
|
||||
if (r < 0)
|
||||
return r;
|
||||
r = sc_pkcs15init_update_any_df(p15card, profile, obj->df, 0);
|
||||
sc_unlock(p15card->card);
|
||||
r = sc_pkcs15init_update_any_df(g_p15card, profile, obj->df, 0);
|
||||
sc_unlock(g_p15card->card);
|
||||
|
||||
return r;
|
||||
}
|
||||
|
@ -1767,10 +1767,10 @@ do_generate_key(struct sc_profile *profile, const char *spec)
|
|||
break;
|
||||
}
|
||||
|
||||
r = sc_lock(p15card->card);
|
||||
r = sc_lock(g_p15card->card);
|
||||
if (r == 0)
|
||||
r = sc_pkcs15init_generate_key(p15card, profile, &keygen_args, keybits, NULL);
|
||||
sc_unlock(p15card->card);
|
||||
r = sc_pkcs15init_generate_key(g_p15card, profile, &keygen_args, keybits, NULL);
|
||||
sc_unlock(g_p15card->card);
|
||||
return r;
|
||||
}
|
||||
|
||||
|
@ -1795,10 +1795,10 @@ do_generate_skey(struct sc_profile *profile, const char *spec)
|
|||
}
|
||||
skey_args.value_len = keybits;
|
||||
|
||||
r = sc_lock(p15card->card);
|
||||
r = sc_lock(g_p15card->card);
|
||||
if (r == 0)
|
||||
r = sc_pkcs15init_generate_secret_key(p15card, profile, &skey_args, NULL);
|
||||
sc_unlock(p15card->card);
|
||||
r = sc_pkcs15init_generate_secret_key(g_p15card, profile, &skey_args, NULL);
|
||||
sc_unlock(g_p15card->card);
|
||||
return r;
|
||||
}
|
||||
|
||||
|
@ -2080,8 +2080,8 @@ get_pin_callback(struct sc_profile *profile,
|
|||
hints.prompt = prompt;
|
||||
hints.obj_label = name;
|
||||
hints.usage = SC_UI_USAGE_OTHER;
|
||||
hints.card = card;
|
||||
hints.p15card = p15card;
|
||||
hints.card = g_card;
|
||||
hints.p15card = g_p15card;
|
||||
|
||||
if ((r = get_pin(&hints, &secret)) < 0) {
|
||||
fprintf(stderr,
|
||||
|
@ -3176,7 +3176,7 @@ static int verify_pin(struct sc_pkcs15_card *p15card, char *auth_id_str)
|
|||
hints.prompt = "User PIN required";
|
||||
hints.obj_label = pin_label;
|
||||
hints.usage = SC_UI_USAGE_OTHER;
|
||||
hints.card = card;
|
||||
hints.card = g_card;
|
||||
hints.p15card = p15card;
|
||||
|
||||
get_pin(&hints, &pin);
|
||||
|
|
|
@ -137,9 +137,6 @@ typedef struct {
|
|||
BIGNUM * y;
|
||||
} secret_share_t;
|
||||
|
||||
static sc_context_t *ctx = NULL;
|
||||
static sc_card_t *card = NULL;
|
||||
|
||||
|
||||
|
||||
|
||||
|
@ -195,10 +192,10 @@ static void calculatePolynomialValue(const BIGNUM *x, BIGNUM **polynomial, const
|
|||
BIGNUM *exponent;
|
||||
|
||||
unsigned long exp;
|
||||
BN_CTX *ctx;
|
||||
BN_CTX *bn_ctx;
|
||||
|
||||
// Create context for temporary variables of OpenSSL engine
|
||||
ctx = BN_CTX_new();
|
||||
bn_ctx = BN_CTX_new();
|
||||
|
||||
temp = BN_new();
|
||||
exponent = BN_new();
|
||||
|
@ -218,19 +215,19 @@ static void calculatePolynomialValue(const BIGNUM *x, BIGNUM **polynomial, const
|
|||
|
||||
BN_set_word(exponent, exp);
|
||||
// temp = x^exponent mod prime
|
||||
BN_mod_exp(temp, x, exponent, prime, ctx);
|
||||
BN_mod_exp(temp, x, exponent, prime, bn_ctx);
|
||||
// exponent = temp * a = a * x^exponent mod prime
|
||||
BN_mod_mul(exponent, temp, *pp, prime, ctx);
|
||||
BN_mod_mul(exponent, temp, *pp, prime, bn_ctx);
|
||||
// add the temp value from exponent to y
|
||||
BN_copy(temp, y);
|
||||
BN_mod_add(y, temp, exponent, prime, ctx);
|
||||
BN_mod_add(y, temp, exponent, prime, bn_ctx);
|
||||
pp++;
|
||||
}
|
||||
|
||||
BN_clear_free(temp);
|
||||
BN_clear_free(exponent);
|
||||
|
||||
BN_CTX_free(ctx);
|
||||
BN_CTX_free(bn_ctx);
|
||||
}
|
||||
|
||||
|
||||
|
@ -784,7 +781,7 @@ static int recreate_password_from_shares(char **pwd, int *pwdlen, int num_of_pas
|
|||
static int import_dkek_share(sc_card_t *card, const char *inf, int iter, const char *password, int num_of_password_shares)
|
||||
{
|
||||
sc_cardctl_sc_hsm_dkek_t dkekinfo;
|
||||
EVP_CIPHER_CTX *ctx = NULL;
|
||||
EVP_CIPHER_CTX *bn_ctx = NULL;
|
||||
FILE *in = NULL;
|
||||
u8 filebuff[64],key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH],outbuff[64];
|
||||
char *pwd = NULL;
|
||||
|
@ -842,14 +839,14 @@ static int import_dkek_share(sc_card_t *card, const char *inf, int iter, const c
|
|||
free(pwd);
|
||||
}
|
||||
|
||||
ctx = EVP_CIPHER_CTX_new();
|
||||
EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv);
|
||||
if (!EVP_DecryptUpdate(ctx, outbuff, &outlen, filebuff + 16, sizeof(filebuff) - 16)) {
|
||||
bn_ctx = EVP_CIPHER_CTX_new();
|
||||
EVP_DecryptInit_ex(bn_ctx, EVP_aes_256_cbc(), NULL, key, iv);
|
||||
if (!EVP_DecryptUpdate(bn_ctx, outbuff, &outlen, filebuff + 16, sizeof(filebuff) - 16)) {
|
||||
fprintf(stderr, "Error decrypting DKEK share. Password correct ?\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (!EVP_DecryptFinal_ex(ctx, outbuff + outlen, &r)) {
|
||||
if (!EVP_DecryptFinal_ex(bn_ctx, outbuff + outlen, &r)) {
|
||||
fprintf(stderr, "Error decrypting DKEK share. Password correct ?\n");
|
||||
return -1;
|
||||
}
|
||||
|
@ -863,7 +860,7 @@ static int import_dkek_share(sc_card_t *card, const char *inf, int iter, const c
|
|||
r = sc_card_ctl(card, SC_CARDCTL_SC_HSM_IMPORT_DKEK_SHARE, (void *)&dkekinfo);
|
||||
|
||||
OPENSSL_cleanse(&dkekinfo.dkek_share, sizeof(dkekinfo.dkek_share));
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
EVP_CIPHER_CTX_free(bn_ctx);
|
||||
|
||||
if (r == SC_ERROR_INS_NOT_SUPPORTED) { // Not supported or not initialized for key shares
|
||||
fprintf(stderr, "Not supported by card or card not initialized for key share usage\n");
|
||||
|
@ -884,7 +881,7 @@ static int print_dkek_share(sc_card_t *card, const char *inf, int iter, const ch
|
|||
// hex output can be used in the SCSH shell with the
|
||||
// decrypt_keyblob.js file
|
||||
sc_cardctl_sc_hsm_dkek_t dkekinfo;
|
||||
EVP_CIPHER_CTX *ctx = NULL;
|
||||
EVP_CIPHER_CTX *bn_ctx = NULL;
|
||||
FILE *in = NULL;
|
||||
u8 filebuff[64],key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH],outbuff[64];
|
||||
char *pwd = NULL;
|
||||
|
@ -943,14 +940,14 @@ static int print_dkek_share(sc_card_t *card, const char *inf, int iter, const ch
|
|||
free(pwd);
|
||||
}
|
||||
|
||||
ctx = EVP_CIPHER_CTX_new();
|
||||
EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv);
|
||||
if (!EVP_DecryptUpdate(ctx, outbuff, &outlen, filebuff + 16, sizeof(filebuff) - 16)) {
|
||||
bn_ctx = EVP_CIPHER_CTX_new();
|
||||
EVP_DecryptInit_ex(bn_ctx, EVP_aes_256_cbc(), NULL, key, iv);
|
||||
if (!EVP_DecryptUpdate(bn_ctx, outbuff, &outlen, filebuff + 16, sizeof(filebuff) - 16)) {
|
||||
fprintf(stderr, "Error decrypting DKEK share. Password correct ?\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (!EVP_DecryptFinal_ex(ctx, outbuff + outlen, &r)) {
|
||||
if (!EVP_DecryptFinal_ex(bn_ctx, outbuff + outlen, &r)) {
|
||||
fprintf(stderr, "Error decrypting DKEK share. Password correct ?\n");
|
||||
return -1;
|
||||
}
|
||||
|
@ -970,7 +967,7 @@ static int print_dkek_share(sc_card_t *card, const char *inf, int iter, const ch
|
|||
printf("\n\n");
|
||||
|
||||
OPENSSL_cleanse(&dkekinfo.dkek_share, sizeof(dkekinfo.dkek_share));
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
EVP_CIPHER_CTX_free(bn_ctx);
|
||||
|
||||
if (r == SC_ERROR_INS_NOT_SUPPORTED) { // Not supported or not initialized for key shares
|
||||
fprintf(stderr, "Not supported by card or card not initialized for key share usage\n");
|
||||
|
@ -1155,7 +1152,7 @@ static int generate_pwd_shares(sc_card_t *card, char **pwd, int *pwdlen, int pas
|
|||
|
||||
static int create_dkek_share(sc_card_t *card, const char *outf, int iter, const char *password, int password_shares_threshold, int password_shares_total)
|
||||
{
|
||||
EVP_CIPHER_CTX *ctx = NULL;
|
||||
EVP_CIPHER_CTX *c_ctx = NULL;
|
||||
FILE *out = NULL;
|
||||
u8 filebuff[64], key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
|
||||
u8 dkek_share[32];
|
||||
|
@ -1206,14 +1203,14 @@ static int create_dkek_share(sc_card_t *card, const char *outf, int iter, const
|
|||
return -1;
|
||||
}
|
||||
|
||||
ctx = EVP_CIPHER_CTX_new();
|
||||
EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv);
|
||||
if (!EVP_EncryptUpdate(ctx, filebuff + 16, &outlen, dkek_share, sizeof(dkek_share))) {
|
||||
c_ctx = EVP_CIPHER_CTX_new();
|
||||
EVP_EncryptInit_ex(c_ctx, EVP_aes_256_cbc(), NULL, key, iv);
|
||||
if (!EVP_EncryptUpdate(c_ctx, filebuff + 16, &outlen, dkek_share, sizeof(dkek_share))) {
|
||||
fprintf(stderr, "Error encrypting DKEK share\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (!EVP_EncryptFinal_ex(ctx, filebuff + 16 + outlen, &r)) {
|
||||
if (!EVP_EncryptFinal_ex(c_ctx, filebuff + 16 + outlen, &r)) {
|
||||
fprintf(stderr, "Error encrypting DKEK share\n");
|
||||
return -1;
|
||||
}
|
||||
|
@ -1234,7 +1231,7 @@ static int create_dkek_share(sc_card_t *card, const char *outf, int iter, const
|
|||
fclose(out);
|
||||
|
||||
OPENSSL_cleanse(filebuff, sizeof(filebuff));
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
EVP_CIPHER_CTX_free(c_ctx);
|
||||
|
||||
printf("DKEK share created and saved to %s\n", outf);
|
||||
return 0;
|
||||
|
@ -1302,7 +1299,7 @@ static int wrap_with_tag(u8 tag, u8 *indata, size_t inlen, u8 **outdata, size_t
|
|||
|
||||
|
||||
|
||||
static int wrap_key(sc_card_t *card, int keyid, const char *outf, const char *pin)
|
||||
static int wrap_key(sc_context_t *ctx, sc_card_t *card, int keyid, const char *outf, const char *pin)
|
||||
{
|
||||
sc_cardctl_sc_hsm_wrapped_key_t wrapped_key;
|
||||
struct sc_pin_cmd_data data;
|
||||
|
@ -1706,6 +1703,8 @@ int main(int argc, char *argv[])
|
|||
int opt_force = 0;
|
||||
int opt_iter = 10000000;
|
||||
sc_context_param_t ctx_param;
|
||||
sc_context_t *ctx = NULL;
|
||||
sc_card_t *card = NULL;
|
||||
|
||||
while (1) {
|
||||
c = getopt_long(argc, argv, "XC:I:P:W:U:s:i:fr:wv", options, &long_optind);
|
||||
|
@ -1839,7 +1838,7 @@ int main(int argc, char *argv[])
|
|||
if (do_print_dkek_share && print_dkek_share(card, opt_filename, opt_iter, opt_password, opt_password_shares_total))
|
||||
goto fail;
|
||||
|
||||
if (do_wrap_key && wrap_key(card, opt_key_reference, opt_filename, opt_pin))
|
||||
if (do_wrap_key && wrap_key(ctx, card, opt_key_reference, opt_filename, opt_pin))
|
||||
goto fail;
|
||||
|
||||
if (do_unwrap_key && unwrap_key(card, opt_key_reference, opt_filename, opt_pin, opt_force))
|
||||
|
|
|
@ -292,13 +292,13 @@ static int unlock_pin(sc_card_t *card,
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int cert2der(X509 *cert, u8 **value)
|
||||
static int cert2der(X509 *in_cert, u8 **value)
|
||||
{
|
||||
int len;
|
||||
u8 *p;
|
||||
len = i2d_X509(cert, NULL);
|
||||
len = i2d_X509(in_cert, NULL);
|
||||
p = *value = malloc(len);
|
||||
i2d_X509(cert, &p);
|
||||
i2d_X509(in_cert, &p);
|
||||
return len;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue