static int ocsp_resp_cb(SSL *s, void *arg)
{
const unsigned char *p;
int len;
OCSP_RESPONSE *rsp;
len = SSL_get_tlsext_status_ocsp_resp(s, &p);
BIO_puts(arg, "OCSP response: ");
if (!p)
{
BIO_puts(arg, "no response sent\n");
return 1;
}
rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
if (!rsp)
{
BIO_puts(arg, "response parse error\n");
BIO_dump_indent(arg, (char *)p, len, 4);
return 0;
}
BIO_puts(arg, "\n======================================\n");
OCSP_RESPONSE_print(arg, rsp, 0);
BIO_puts(arg, "======================================\n");
OCSP_RESPONSE_free(rsp);
return 1;
}
int
BUF_MEM_print(BIO *out, const BUF_MEM *buf, int indent)
{
if (buf) {
if (!BIO_dump_indent(out, buf->data, buf->length, indent))
return 0;
} else {
if (!BIO_indent(out, indent, 80)
|| !BIO_printf(out, "<ABSENT>\n"))
return 0;
}
return 1;
}
void openssl_bioBS_asnl()
{
int len;
BIO *bp;
FILE *fp;
char buf[MAX4_LEN];
memset(buf, 0, sizeof(buf));
bp = BIO_new(BIO_s_file());
BIO_set_fp(bp, stdout, BIO_NOCLOSE);
fp = fopen(RCERTF, "rb");
len = fread(buf, 1, sizeof(buf) - 1, fp);
fclose(fp);
printf("\nBIO_ASNL info:\n");
BIO_dump_indent(bp, buf, len, 5);
BIO_free(bp);
}
int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
{
unsigned int i;
const char *s;
if (x == NULL) goto err;
if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
if (x->ssl_version == SSL2_VERSION)
s="SSLv2";
else if (x->ssl_version == SSL3_VERSION)
s="SSLv3";
else if (x->ssl_version == TLS1_VERSION)
s="TLSv1";
else
s="unknown";
if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err;
if (x->cipher == NULL)
{
if (((x->cipher_id) & 0xff000000) == 0x02000000)
{
if (BIO_printf(bp," Cipher : %06lX\n",x->cipher_id&0xffffff) <= 0)
goto err;
}
else
{
if (BIO_printf(bp," Cipher : %04lX\n",x->cipher_id&0xffff) <= 0)
goto err;
}
}
else
{
if (BIO_printf(bp," Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0)
goto err;
}
if (BIO_puts(bp," Session-ID: ") <= 0) goto err;
for (i=0; i<x->session_id_length; i++)
{
if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err;
}
if (BIO_puts(bp,"\n Session-ID-ctx: ") <= 0) goto err;
for (i=0; i<x->sid_ctx_length; i++)
{
if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0)
goto err;
}
if (BIO_puts(bp,"\n Master-Key: ") <= 0) goto err;
for (i=0; i<(unsigned int)x->master_key_length; i++)
{
if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err;
}
if (BIO_puts(bp,"\n Key-Arg : ") <= 0) goto err;
if (x->key_arg_length == 0)
{
if (BIO_puts(bp,"None") <= 0) goto err;
}
else
for (i=0; i<x->key_arg_length; i++)
{
if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err;
}
#ifndef OPENSSL_NO_KRB5
if (BIO_puts(bp,"\n Krb5 Principal: ") <= 0) goto err;
if (x->krb5_client_princ_len == 0)
{
if (BIO_puts(bp,"None") <= 0) goto err;
}
else
for (i=0; i<x->krb5_client_princ_len; i++)
{
if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err;
}
#endif /* OPENSSL_NO_KRB5 */
#ifndef OPENSSL_NO_TLSEXT
if (x->tlsext_tick_lifetime_hint)
{
if (BIO_printf(bp,
"\n TLS session ticket lifetime hint: %ld (seconds)",
x->tlsext_tick_lifetime_hint) <=0)
goto err;
}
if (x->tlsext_tick)
{
if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err;
if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0)
goto err;
}
#endif
#ifndef OPENSSL_NO_COMP
if (x->compress_meth != 0)
{
SSL_COMP *comp = NULL;
ssl_cipher_get_evp(x,NULL,NULL,&comp);
if (comp == NULL)
{
if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err;
}
else
{
if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;
}
}
#endif
if (x->time != 0L)
{
if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err;
}
if (x->timeout != 0L)
{
if (BIO_printf(bp, "\n Timeout : %ld (sec)",x->timeout) <= 0) goto err;
}
if (BIO_puts(bp,"\n") <= 0) goto err;
if (BIO_puts(bp, " Verify return code: ") <= 0) goto err;
if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
X509_verify_cert_error_string(x->verify_result)) <= 0) goto err;
return(1);
err:
return(0);
}
static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
int offset, int depth, int indent, int dump)
{
const unsigned char *p, *ep, *tot, *op, *opp;
long len;
int tag, xclass, ret = 0;
int nl, hl, j, r;
ASN1_OBJECT *o = NULL;
ASN1_OCTET_STRING *os = NULL;
/* ASN1_BMPSTRING *bmp=NULL; */
int dump_indent, dump_cont = 0;
if (depth > ASN1_PARSE_MAXDEPTH) {
BIO_puts(bp, "BAD RECURSION DEPTH\n");
return 0;
}
dump_indent = 6; /* Because we know BIO_dump_indent() */
p = *pp;
tot = p + length;
while (length > 0) {
op = p;
j = ASN1_get_object(&p, &len, &tag, &xclass, length);
if (j & 0x80) {
if (BIO_write(bp, "Error in encoding\n", 18) <= 0)
goto end;
ret = 0;
goto end;
}
hl = (p - op);
length -= hl;
/*
* if j == 0x21 it is a constructed indefinite length object
*/
if (BIO_printf(bp, "%5ld:", (long)offset + (long)(op - *pp))
<= 0)
goto end;
if (j != (V_ASN1_CONSTRUCTED | 1)) {
if (BIO_printf(bp, "d=%-2d hl=%ld l=%4ld ",
depth, (long)hl, len) <= 0)
goto end;
} else {
if (BIO_printf(bp, "d=%-2d hl=%ld l=inf ", depth, (long)hl) <= 0)
goto end;
}
if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0))
goto end;
if (j & V_ASN1_CONSTRUCTED) {
const unsigned char *sp = p;
ep = p + len;
if (BIO_write(bp, "\n", 1) <= 0)
goto end;
if (len > length) {
BIO_printf(bp, "length is greater than %ld\n", length);
ret = 0;
goto end;
}
if ((j == 0x21) && (len == 0)) {
for (;;) {
r = asn1_parse2(bp, &p, (long)(tot - p),
offset + (p - *pp), depth + 1,
indent, dump);
if (r == 0) {
ret = 0;
goto end;
}
if ((r == 2) || (p >= tot)) {
len = p - sp;
break;
}
}
} else {
long tmp = len;
while (p < ep) {
sp = p;
r = asn1_parse2(bp, &p, tmp,
offset + (p - *pp), depth + 1,
indent, dump);
if (r == 0) {
ret = 0;
goto end;
}
tmp -= p - sp;
}
}
} else if (xclass != 0) {
p += len;
if (BIO_write(bp, "\n", 1) <= 0)
goto end;
} else {
nl = 0;
if ((tag == V_ASN1_PRINTABLESTRING) ||
(tag == V_ASN1_T61STRING) ||
(tag == V_ASN1_IA5STRING) ||
(tag == V_ASN1_VISIBLESTRING) ||
(tag == V_ASN1_NUMERICSTRING) ||
(tag == V_ASN1_UTF8STRING) ||
(tag == V_ASN1_UTCTIME) || (tag == V_ASN1_GENERALIZEDTIME)) {
if (BIO_write(bp, ":", 1) <= 0)
goto end;
if ((len > 0) && BIO_write(bp, (const char *)p, (int)len)
!= (int)len)
goto end;
} else if (tag == V_ASN1_OBJECT) {
opp = op;
if (d2i_ASN1_OBJECT(&o, &opp, len + hl) != NULL) {
if (BIO_write(bp, ":", 1) <= 0)
goto end;
i2a_ASN1_OBJECT(bp, o);
} else {
if (BIO_puts(bp, ":BAD OBJECT") <= 0)
goto end;
dump_cont = 1;
}
} else if (tag == V_ASN1_BOOLEAN) {
if (len != 1) {
if (BIO_puts(bp, ":BAD BOOLEAN") <= 0)
goto end;
dump_cont = 1;
}
if (len > 0)
BIO_printf(bp, ":%u", p[0]);
} else if (tag == V_ASN1_BMPSTRING) {
/* do the BMP thang */
} else if (tag == V_ASN1_OCTET_STRING) {
int i, printable = 1;
opp = op;
os = d2i_ASN1_OCTET_STRING(NULL, &opp, len + hl);
if (os != NULL && os->length > 0) {
opp = os->data;
/*
* testing whether the octet string is printable
*/
for (i = 0; i < os->length; i++) {
if (((opp[i] < ' ') &&
(opp[i] != '\n') &&
(opp[i] != '\r') &&
(opp[i] != '\t')) || (opp[i] > '~')) {
printable = 0;
break;
}
}
if (printable)
/* printable string */
{
if (BIO_write(bp, ":", 1) <= 0)
goto end;
if (BIO_write(bp, (const char *)opp, os->length) <= 0)
goto end;
} else if (!dump)
/*
* not printable => print octet string as hex dump
*/
{
if (BIO_write(bp, "[HEX DUMP]:", 11) <= 0)
goto end;
for (i = 0; i < os->length; i++) {
if (BIO_printf(bp, "%02X", opp[i]) <= 0)
goto end;
}
} else
/* print the normal dump */
{
if (!nl) {
if (BIO_write(bp, "\n", 1) <= 0)
goto end;
}
if (BIO_dump_indent(bp,
(const char *)opp,
((dump == -1 || dump >
os->
length) ? os->length : dump),
dump_indent) <= 0)
goto end;
nl = 1;
}
}
ASN1_OCTET_STRING_free(os);
os = NULL;
} else if (tag == V_ASN1_INTEGER) {
ASN1_INTEGER *bs;
int i;
opp = op;
bs = d2i_ASN1_INTEGER(NULL, &opp, len + hl);
if (bs != NULL) {
if (BIO_write(bp, ":", 1) <= 0)
goto end;
if (bs->type == V_ASN1_NEG_INTEGER)
if (BIO_write(bp, "-", 1) <= 0)
goto end;
for (i = 0; i < bs->length; i++) {
if (BIO_printf(bp, "%02X", bs->data[i]) <= 0)
goto end;
}
if (bs->length == 0) {
if (BIO_write(bp, "00", 2) <= 0)
goto end;
}
} else {
if (BIO_puts(bp, ":BAD INTEGER") <= 0)
goto end;
dump_cont = 1;
}
ASN1_INTEGER_free(bs);
} else if (tag == V_ASN1_ENUMERATED) {
ASN1_ENUMERATED *bs;
int i;
opp = op;
bs = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl);
if (bs != NULL) {
if (BIO_write(bp, ":", 1) <= 0)
goto end;
if (bs->type == V_ASN1_NEG_ENUMERATED)
if (BIO_write(bp, "-", 1) <= 0)
goto end;
for (i = 0; i < bs->length; i++) {
if (BIO_printf(bp, "%02X", bs->data[i]) <= 0)
goto end;
}
if (bs->length == 0) {
if (BIO_write(bp, "00", 2) <= 0)
goto end;
}
} else {
if (BIO_puts(bp, ":BAD ENUMERATED") <= 0)
goto end;
dump_cont = 1;
}
ASN1_ENUMERATED_free(bs);
} else if (len > 0 && dump) {
if (!nl) {
if (BIO_write(bp, "\n", 1) <= 0)
goto end;
}
if (BIO_dump_indent(bp, (const char *)p,
((dump == -1 || dump > len) ? len : dump),
dump_indent) <= 0)
goto end;
nl = 1;
}
if (dump_cont) {
int i;
const unsigned char *tmp = op + hl;
if (BIO_puts(bp, ":[") <= 0)
goto end;
for (i = 0; i < len; i++) {
if (BIO_printf(bp, "%02X", tmp[i]) <= 0)
goto end;
}
if (BIO_puts(bp, "]") <= 0)
goto end;
}
if (!nl) {
if (BIO_write(bp, "\n", 1) <= 0)
goto end;
}
p += len;
if ((tag == V_ASN1_EOC) && (xclass == 0)) {
ret = 2; /* End of sequence */
goto end;
}
}
length -= len;
}
ret = 1;
end:
ASN1_OBJECT_free(o);
ASN1_OCTET_STRING_free(os);
*pp = p;
return (ret);
}
int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
{
unsigned int i;
const char *s;
if (x == NULL)
goto err;
if (BIO_puts(bp, "SSL-Session:\n") <= 0)
goto err;
if (x->ssl_version == SSL3_VERSION)
s = "SSLv3";
else if (x->ssl_version == TLS1_2_VERSION)
s = "TLSv1.2";
else if (x->ssl_version == TLS1_1_VERSION)
s = "TLSv1.1";
else if (x->ssl_version == TLS1_VERSION)
s = "TLSv1";
else if (x->ssl_version == DTLS1_VERSION)
s = "DTLSv1";
else if (x->ssl_version == DTLS1_2_VERSION)
s = "DTLSv1.2";
else if (x->ssl_version == DTLS1_BAD_VER)
s = "DTLSv1-bad";
else
s = "unknown";
if (BIO_printf(bp, " Protocol : %s\n", s) <= 0)
goto err;
if (x->cipher == NULL) {
if (((x->cipher_id) & 0xff000000) == 0x02000000) {
if (BIO_printf
(bp, " Cipher : %06lX\n", x->cipher_id & 0xffffff) <= 0)
goto err;
} else {
if (BIO_printf
(bp, " Cipher : %04lX\n", x->cipher_id & 0xffff) <= 0)
goto err;
}
} else {
if (BIO_printf
(bp, " Cipher : %s\n",
((x->cipher == NULL) ? "unknown" : x->cipher->name)) <= 0)
goto err;
}
if (BIO_puts(bp, " Session-ID: ") <= 0)
goto err;
for (i = 0; i < x->session_id_length; i++) {
if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0)
goto err;
}
if (BIO_puts(bp, "\n Session-ID-ctx: ") <= 0)
goto err;
for (i = 0; i < x->sid_ctx_length; i++) {
if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0)
goto err;
}
if (BIO_puts(bp, "\n Master-Key: ") <= 0)
goto err;
for (i = 0; i < (unsigned int)x->master_key_length; i++) {
if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0)
goto err;
}
#ifndef OPENSSL_NO_PSK
if (BIO_puts(bp, "\n PSK identity: ") <= 0)
goto err;
if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0)
goto err;
if (BIO_puts(bp, "\n PSK identity hint: ") <= 0)
goto err;
if (BIO_printf
(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0)
goto err;
#endif
#ifndef OPENSSL_NO_SRP
if (BIO_puts(bp, "\n SRP username: "******"%s", x->srp_username ? x->srp_username : "******") <= 0)
goto err;
#endif
#ifndef OPENSSL_NO_TLSEXT
if (x->tlsext_tick_lifetime_hint) {
if (BIO_printf(bp,
"\n TLS session ticket lifetime hint: %ld (seconds)",
x->tlsext_tick_lifetime_hint) <= 0)
goto err;
}
if (x->tlsext_tick) {
if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0)
goto err;
if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4)
<= 0)
goto err;
}
#endif
#ifndef OPENSSL_NO_COMP
if (x->compress_meth != 0) {
SSL_COMP *comp = NULL;
if (!ssl_cipher_get_evp(x, NULL, NULL, NULL, NULL, &comp, 0))
goto err;
if (comp == NULL) {
if (BIO_printf(bp, "\n Compression: %d", x->compress_meth) <=
0)
goto err;
} else {
if (BIO_printf(bp, "\n Compression: %d (%s)", comp->id,
comp->name) <= 0)
goto err;
}
}
#endif
if (x->time != 0L) {
if (BIO_printf(bp, "\n Start Time: %ld", x->time) <= 0)
goto err;
}
if (x->timeout != 0L) {
if (BIO_printf(bp, "\n Timeout : %ld (sec)", x->timeout) <= 0)
goto err;
}
if (BIO_puts(bp, "\n") <= 0)
goto err;
if (BIO_puts(bp, " Verify return code: ") <= 0)
goto err;
if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
X509_verify_cert_error_string(x->verify_result)) <= 0)
goto err;
if (BIO_printf(bp, " Extended master secret: %s\n",
x->flags & SSL_SESS_FLAG_EXTMS ? "yes" : "no") <= 0)
goto err;
return (1);
err:
return (0);
}
int
SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
{
unsigned int i;
const char *s;
if (x == NULL)
goto err;
if (BIO_puts(bp, "SSL-Session:\n") <= 0)
goto err;
s = ssl_version_string(x->ssl_version);
if (BIO_printf(bp, " Protocol : %s\n", s) <= 0)
goto err;
if (x->cipher == NULL) {
if (((x->cipher_id) & 0xff000000) == 0x02000000) {
if (BIO_printf(bp, " Cipher : %06lX\n", x->cipher_id&0xffffff) <= 0)
goto err;
} else {
if (BIO_printf(bp, " Cipher : %04lX\n", x->cipher_id&0xffff) <= 0)
goto err;
}
} else {
if (BIO_printf(bp, " Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0)
goto err;
}
if (BIO_puts(bp, " Session-ID: ") <= 0)
goto err;
for (i = 0; i < x->session_id_length; i++) {
if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0)
goto err;
}
if (BIO_puts(bp, "\n Session-ID-ctx: ") <= 0)
goto err;
for (i = 0; i < x->sid_ctx_length; i++) {
if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0)
goto err;
}
if (BIO_puts(bp, "\n Master-Key: ") <= 0)
goto err;
for (i = 0; i < (unsigned int)x->master_key_length; i++) {
if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0)
goto err;
}
if (x->tlsext_tick_lifetime_hint) {
if (BIO_printf(bp,
"\n TLS session ticket lifetime hint: %ld (seconds)",
x->tlsext_tick_lifetime_hint) <= 0)
goto err;
}
if (x->tlsext_tick) {
if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0)
goto err;
if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0)
goto err;
}
if (x->time != 0) {
if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) <= 0)
goto err;
}
if (x->timeout != 0L) {
if (BIO_printf(bp, "\n Timeout : %ld (sec)", x->timeout) <= 0)
goto err;
}
if (BIO_puts(bp, "\n") <= 0)
goto err;
if (BIO_puts(bp, " Verify return code: ") <= 0)
goto err;
if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
X509_verify_cert_error_string(x->verify_result)) <= 0)
goto err;
return (1);
err:
return (0);
}
static int ssl_print_extension(BIO *bio, int indent, int server, int extype,
const unsigned char *ext, size_t extlen)
{
size_t xlen;
BIO_indent(bio, indent, 80);
BIO_printf(bio, "extension_type=%s(%d), length=%d\n",
ssl_trace_str(extype, ssl_exts_tbl),
extype, (int)extlen);
switch(extype)
{
case TLSEXT_TYPE_ec_point_formats:
if (extlen < 1)
return 0;
xlen = ext[0];
if (extlen != xlen + 1)
return 0;
return ssl_trace_list(bio, indent + 2,
ext + 1, xlen, 1, ssl_point_tbl);
case TLSEXT_TYPE_elliptic_curves:
if (extlen < 2)
return 0;
xlen = (ext[0] << 8) | ext[1];
if (extlen != xlen + 2)
return 0;
return ssl_trace_list(bio, indent + 2,
ext + 2, xlen, 2, ssl_curve_tbl);
case TLSEXT_TYPE_signature_algorithms:
if (extlen < 2)
return 0;
xlen = (ext[0] << 8) | ext[1];
if (extlen != xlen + 2)
return 0;
if (xlen & 1)
return 0;
ext += 2;
while(xlen > 0)
{
BIO_indent(bio, indent + 2, 80);
BIO_printf(bio, "%s+%s (%d+%d)\n",
ssl_trace_str(ext[0], ssl_md_tbl),
ssl_trace_str(ext[1], ssl_sig_tbl),
ext[0], ext[1]);
xlen-= 2;
ext+= 2;
}
break;
case TLSEXT_TYPE_renegotiate:
if (extlen < 1)
return 0;
xlen = ext[0];
if (xlen + 1 != extlen)
return 0;
ext++;
if (xlen)
{
if (server)
{
if (xlen & 1)
return 0;
xlen >>= 1;
}
ssl_print_hex(bio, indent + 4, "client_verify_data",
ext, xlen);
if (server)
{
ext += xlen;
ssl_print_hex(bio, indent + 4,
"server_verify_data",
ext, xlen);
}
}
else
{
BIO_indent(bio, indent + 4, 80);
BIO_puts(bio, "<EMPTY>\n");
}
break;
case TLSEXT_TYPE_heartbeat:
if (extlen != 1)
return 0;
BIO_indent(bio, indent + 2, 80);
BIO_printf(bio, "HeartbeatMode: %s\n",
ssl_trace_str(ext[0], ssl_hb_tbl));
break;
case TLSEXT_TYPE_session_ticket:
if (extlen != 0)
ssl_print_hex(bio, indent + 4, "ticket", ext, extlen);
break;
default:
BIO_dump_indent(bio, (char *)ext, extlen, indent + 2);
}
int main(int argc, char *argv[])
{
int r;
BIO *bio = NULL;
PACE_SEC *secret = NULL;
EAC_CTX *picc_ctx = NULL, *pcd_ctx = NULL;
BUF_MEM *enc_nonce = NULL, *pcd_mapping_data = NULL,
*picc_mapping_data = NULL, *pcd_ephemeral_pubkey = NULL,
*picc_ephemeral_pubkey = NULL, *pcd_token = NULL,
*picc_token = NULL;
EAC_init();
puts("EF.CardAccess:");
bio = BIO_new_fp(stdout, BIO_NOCLOSE|BIO_FP_TEXT);
BIO_dump_indent(bio, (char *) EF_CARDACCESS, sizeof EF_CARDACCESS, 4);
secret = PACE_SEC_new(PIN, strlen(PIN), PACE_PIN);
puts("Secret:");
PACE_SEC_print_private(bio, secret, 4);
picc_ctx = EAC_CTX_new();
pcd_ctx = EAC_CTX_new();
EAC_CTX_init_ef_cardaccess(EF_CARDACCESS, sizeof EF_CARDACCESS, pcd_ctx);
EAC_CTX_init_ef_cardaccess(EF_CARDACCESS, sizeof EF_CARDACCESS, picc_ctx);
puts("PACE step 1");
enc_nonce = PACE_STEP1_enc_nonce(picc_ctx, secret);
puts("PACE step 2");
PACE_STEP2_dec_nonce(pcd_ctx, secret, enc_nonce);
puts("PACE step 3A");
pcd_mapping_data = PACE_STEP3A_generate_mapping_data(pcd_ctx);
picc_mapping_data = PACE_STEP3A_generate_mapping_data(picc_ctx);
PACE_STEP3A_map_generator(pcd_ctx, picc_mapping_data);
PACE_STEP3A_map_generator(picc_ctx, pcd_mapping_data);
puts("PACE step 3B");
pcd_ephemeral_pubkey = PACE_STEP3B_generate_ephemeral_key(pcd_ctx);
picc_ephemeral_pubkey = PACE_STEP3B_generate_ephemeral_key(picc_ctx);
PACE_STEP3B_compute_shared_secret(pcd_ctx, picc_ephemeral_pubkey);
PACE_STEP3B_compute_shared_secret(picc_ctx, pcd_ephemeral_pubkey);
puts("PACE step 3C");
PACE_STEP3C_derive_keys(pcd_ctx);
PACE_STEP3C_derive_keys(picc_ctx);
puts("PACE step 3D");
pcd_token = PACE_STEP3D_compute_authentication_token(pcd_ctx, picc_ephemeral_pubkey);
picc_token = PACE_STEP3D_compute_authentication_token(picc_ctx, pcd_ephemeral_pubkey);
r = PACE_STEP3D_verify_authentication_token(pcd_ctx, picc_token);
if (r == 1)
r = PACE_STEP3D_verify_authentication_token(picc_ctx, pcd_token);
puts("PICC's EAC_CTX:");
EAC_CTX_print_private(bio, picc_ctx, 4);
puts("PCD's EAC_CTX:");
EAC_CTX_print_private(bio, pcd_ctx, 4);
EAC_CTX_clear_free(pcd_ctx);
EAC_CTX_clear_free(picc_ctx);
PACE_SEC_clear_free(secret);
EAC_cleanup();
EAC_CTX_clear_free(pcd_ctx);
EAC_CTX_clear_free(picc_ctx);
PACE_SEC_clear_free(secret);
if (bio)
BIO_free_all(bio);
if (enc_nonce)
BUF_MEM_free(enc_nonce);
if (pcd_mapping_data)
BUF_MEM_free(pcd_mapping_data);
if (picc_mapping_data)
BUF_MEM_free(picc_mapping_data);
if (pcd_ephemeral_pubkey)
BUF_MEM_free(pcd_ephemeral_pubkey);
if (picc_ephemeral_pubkey)
BUF_MEM_free(picc_ephemeral_pubkey);
if (pcd_token)
BUF_MEM_free(pcd_token);
if (picc_token)
BUF_MEM_free(picc_token);
if (r != 1)
return 1;
return 0;
}
static int ssl_print_extension(BIO *bio, int indent, int server, int extype,
const unsigned char *ext, size_t extlen)
{
size_t xlen, share_len;
BIO_indent(bio, indent, 80);
BIO_printf(bio, "extension_type=%s(%d), length=%d\n",
ssl_trace_str(extype, ssl_exts_tbl), extype, (int)extlen);
switch (extype) {
case TLSEXT_TYPE_ec_point_formats:
if (extlen < 1)
return 0;
xlen = ext[0];
if (extlen != xlen + 1)
return 0;
return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_point_tbl);
case TLSEXT_TYPE_supported_groups:
if (extlen < 2)
return 0;
xlen = (ext[0] << 8) | ext[1];
if (extlen != xlen + 2)
return 0;
return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_groups_tbl);
case TLSEXT_TYPE_signature_algorithms:
if (extlen < 2)
return 0;
xlen = (ext[0] << 8) | ext[1];
if (extlen != xlen + 2)
return 0;
if (xlen & 1)
return 0;
ext += 2;
while (xlen > 0) {
BIO_indent(bio, indent + 2, 80);
BIO_printf(bio, "%s+%s (%d+%d)\n",
ssl_trace_str(ext[0], ssl_md_tbl),
ssl_trace_str(ext[1], ssl_sig_tbl), ext[0], ext[1]);
xlen -= 2;
ext += 2;
}
break;
case TLSEXT_TYPE_renegotiate:
if (extlen < 1)
return 0;
xlen = ext[0];
if (xlen + 1 != extlen)
return 0;
ext++;
if (xlen) {
if (server) {
if (xlen & 1)
return 0;
xlen >>= 1;
}
ssl_print_hex(bio, indent + 4, "client_verify_data", ext, xlen);
if (server) {
ext += xlen;
ssl_print_hex(bio, indent + 4, "server_verify_data", ext, xlen);
}
} else {
BIO_indent(bio, indent + 4, 80);
BIO_puts(bio, "<EMPTY>\n");
}
break;
case TLSEXT_TYPE_heartbeat:
return 0;
case TLSEXT_TYPE_session_ticket:
if (extlen != 0)
ssl_print_hex(bio, indent + 4, "ticket", ext, extlen);
break;
case TLSEXT_TYPE_key_share:
if (extlen < 2)
return 0;
if (server) {
xlen = extlen;
} else {
xlen = (ext[0] << 8) | ext[1];
if (extlen != xlen + 2)
return 0;
ext += 2;
}
for (; xlen > 0; ext += share_len, xlen -= share_len) {
int group_id;
if (xlen < 4)
return 0;
group_id = (ext[0] << 8) | ext[1];
share_len = (ext[2] << 8) | ext[3];
ext += 4;
xlen -= 4;
if (xlen < share_len)
return 0;
BIO_indent(bio, indent + 4, 80);
BIO_printf(bio, "NamedGroup: %s\n",
ssl_trace_str(group_id, ssl_groups_tbl));
ssl_print_hex(bio, indent + 4, "key_exchange: ", ext, share_len);
}
break;
case TLSEXT_TYPE_supported_versions:
if (extlen < 1)
return 0;
xlen = ext[0];
if (extlen != xlen + 1)
return 0;
return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 2,
ssl_version_tbl);
default:
BIO_dump_indent(bio, (const char *)ext, extlen, indent + 2);
}
static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
int depth, int indent, int dump)
{
unsigned char *p,*ep,*tot,*op,*opp;
long len;
int tag,xclass,ret=0;
int nl,hl,j,r;
ASN1_OBJECT *o=NULL;
ASN1_OCTET_STRING *os=NULL;
/* ASN1_BMPSTRING *bmp=NULL;*/
int dump_indent;
#if 0
dump_indent = indent;
#else
dump_indent = 6; /* Because we know BIO_dump_indent() */
#endif
p= *pp;
tot=p+length;
op=p-1;
while ((p < tot) && (op < p))
{
op=p;
j=ASN1_get_object(&p,&len,&tag,&xclass,length);
#ifdef LINT
j=j;
#endif
if (j & 0x80)
{
if (BIO_write(bp,"Error in encoding\n",18) <= 0)
goto end;
ret=0;
goto end;
}
hl=(p-op);
length-=hl;
/* if j == 0x21 it is a constructed indefinite length object */
if (BIO_printf(bp,"%5ld:",(long)offset+(long)(op- *pp))
<= 0) goto end;
if (j != (V_ASN1_CONSTRUCTED | 1))
{
if (BIO_printf(bp,"d=%-2d hl=%ld l=%4ld ",
depth,(long)hl,len) <= 0)
goto end;
}
else
{
if (BIO_printf(bp,"d=%-2d hl=%ld l=inf ",
depth,(long)hl) <= 0)
goto end;
}
if (!asn1_print_info(bp,tag,xclass,j,(indent)?depth:0))
goto end;
if (j & V_ASN1_CONSTRUCTED)
{
ep=p+len;
if (BIO_write(bp,"\n",1) <= 0) goto end;
if (len > length)
{
BIO_printf(bp,
"length is greater than %ld\n",length);
ret=0;
goto end;
}
if ((j == 0x21) && (len == 0))
{
for (;;)
{
r=asn1_parse2(bp,&p,(long)(tot-p),
offset+(p - *pp),depth+1,
indent,dump);
if (r == 0) { ret=0; goto end; }
if ((r == 2) || (p >= tot)) break;
}
}
else
while (p < ep)
{
r=asn1_parse2(bp,&p,(long)len,
offset+(p - *pp),depth+1,
indent,dump);
if (r == 0) { ret=0; goto end; }
}
}
else if (xclass != 0)
{
p+=len;
if (BIO_write(bp,"\n",1) <= 0) goto end;
}
else
{
nl=0;
if ( (tag == V_ASN1_PRINTABLESTRING) ||
(tag == V_ASN1_T61STRING) ||
(tag == V_ASN1_IA5STRING) ||
(tag == V_ASN1_VISIBLESTRING) ||
(tag == V_ASN1_UTCTIME) ||
(tag == V_ASN1_GENERALIZEDTIME))
{
if (BIO_write(bp,":",1) <= 0) goto end;
if ((len > 0) &&
BIO_write(bp,(char *)p,(int)len)
!= (int)len)
goto end;
}
else if (tag == V_ASN1_OBJECT)
{
opp=op;
if (d2i_ASN1_OBJECT(&o,&opp,len+hl) != NULL)
{
if (BIO_write(bp,":",1) <= 0) goto end;
i2a_ASN1_OBJECT(bp,o);
}
else
{
if (BIO_write(bp,":BAD OBJECT",11) <= 0)
goto end;
}
}
else if (tag == V_ASN1_BOOLEAN)
{
int ii;
opp=op;
ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl);
if (ii < 0)
{
if (BIO_write(bp,"Bad boolean\n",12))
goto end;
}
BIO_printf(bp,":%d",ii);
}
else if (tag == V_ASN1_BMPSTRING)
{
/* do the BMP thang */
}
else if (tag == V_ASN1_OCTET_STRING)
{
int i,printable=1;
opp=op;
os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl);
if (os != NULL)
{
opp=os->data;
for (i=0; i<os->length; i++)
{
if (( (opp[i] < ' ') &&
(opp[i] != '\n') &&
(opp[i] != '\r') &&
(opp[i] != '\t')) ||
(opp[i] > '~'))
{
printable=0;
break;
}
}
if (printable && (os->length > 0))
{
if (BIO_write(bp,":",1) <= 0)
goto end;
if (BIO_write(bp,(char *)opp,
os->length) <= 0)
goto end;
}
if (!printable && (os->length > 0)
&& dump)
{
if (!nl)
{
if (BIO_write(bp,"\n",1) <= 0)
goto end;
}
if (BIO_dump_indent(bp,(char *)opp,
((dump == -1 || dump > os->length)?os->length:dump),
dump_indent) <= 0)
goto end;
nl=1;
}
M_ASN1_OCTET_STRING_free(os);
os=NULL;
}
}
else if (tag == V_ASN1_INTEGER)
{
ASN1_INTEGER *bs;
int i;
opp=op;
bs=d2i_ASN1_INTEGER(NULL,&opp,len+hl);
if (bs != NULL)
{
if (BIO_write(bp,":",1) <= 0) goto end;
if (bs->type == V_ASN1_NEG_INTEGER)
if (BIO_write(bp,"-",1) <= 0)
goto end;
for (i=0; i<bs->length; i++)
{
if (BIO_printf(bp,"%02X",
bs->data[i]) <= 0)
goto end;
}
if (bs->length == 0)
{
if (BIO_write(bp,"00",2) <= 0)
goto end;
}
}
else
{
if (BIO_write(bp,"BAD INTEGER",11) <= 0)
goto end;
}
M_ASN1_INTEGER_free(bs);
}
else if (tag == V_ASN1_ENUMERATED)
{
ASN1_ENUMERATED *bs;
int i;
opp=op;
bs=d2i_ASN1_ENUMERATED(NULL,&opp,len+hl);
if (bs != NULL)
{
if (BIO_write(bp,":",1) <= 0) goto end;
if (bs->type == V_ASN1_NEG_ENUMERATED)
if (BIO_write(bp,"-",1) <= 0)
goto end;
for (i=0; i<bs->length; i++)
{
if (BIO_printf(bp,"%02X",
bs->data[i]) <= 0)
goto end;
}
if (bs->length == 0)
{
if (BIO_write(bp,"00",2) <= 0)
goto end;
}
}
else
{
if (BIO_write(bp,"BAD ENUMERATED",11) <= 0)
goto end;
}
M_ASN1_ENUMERATED_free(bs);
}
else if (len > 0 && dump)
{
if (!nl)
{
if (BIO_write(bp,"\n",1) <= 0)
goto end;
}
if (BIO_dump_indent(bp,(char *)p,
((dump == -1 || dump > len)?len:dump),
dump_indent) <= 0)
goto end;
nl=1;
}
if (!nl)
{
if (BIO_write(bp,"\n",1) <= 0) goto end;
}
p+=len;
if ((tag == V_ASN1_EOC) && (xclass == 0))
{
ret=2; /* End of sequence */
goto end;
}
}
length-=len;
}
ret=1;
end:
if (o != NULL) ASN1_OBJECT_free(o);
if (os != NULL) M_ASN1_OCTET_STRING_free(os);
*pp=p;
return(ret);
}
static int GRSTasn1Parse2(BIO *bp, unsigned char **pp, long length, int offset,
int depth, int indent, int dump, char *treecoords,
struct GRSTasn1TagList taglist[], int maxtag, int *lasttag)
{
int sibling = 0;
char sibtreecoords[512];
unsigned char *p,*ep,*tot,*op,*opp;
long len;
int tag,xclass,ret=0;
int nl,hl,j,r;
ASN1_OBJECT *o=NULL;
ASN1_OCTET_STRING *os=NULL;
int dump_indent;
dump_indent = 6; /* Because we know BIO_dump_indent() */
p= *pp;
tot=p+length;
op=p-1;
while ((p < tot) && (op < p))
{
op=p;
j=ASN1_get_object(&p,&len,&tag,&xclass,length);
if (j & 0x80)
{
if ((bp != NULL) &&
(BIO_write(bp,"Error in encoding\n",18) <= 0))
goto end;
ret=0;
goto end;
}
hl=(p-op);
length-=hl;
++sibling;
sprintf(sibtreecoords, "%s-%d", treecoords, sibling);
GRSTasn1AddToTaglist(taglist, maxtag, lasttag, sibtreecoords,
(int)offset+(int)(op - *pp),
(int) hl, len, tag);
if (bp != NULL)
{
BIO_printf(bp, " %s %ld %ld %d %d ", sibtreecoords,
(long)offset+(long)(op - *pp), hl, len, tag);
GRSTasn1PrintPrintable(bp, p,
// &((*pp)[(long)offset+(long)(op - *pp)+hl]),
(len > 30) ? 30 : len);
BIO_printf(bp, "\n");
}
/* if j == 0x21 it is a constructed indefinite length object */
if ((bp != NULL) &&
(BIO_printf(bp,"%5ld:",(long)offset+(long)(op- *pp))
<= 0)) goto end;
if (j != (V_ASN1_CONSTRUCTED | 1))
{
if ((bp != NULL) &&
(BIO_printf(bp,"d=%-2d hl=%ld l=%4ld ",
depth,(long)hl,len) <= 0))
goto end;
}
else
{
if ((bp != NULL) &&
(BIO_printf(bp,"d=%-2d hl=%ld l=inf ",
depth,(long)hl) <= 0))
goto end;
}
if ((bp != NULL) &&
!asn1_print_info(bp,tag,xclass,j,(indent)?depth:0))
goto end;
if (j & V_ASN1_CONSTRUCTED)
{
ep=p+len;
if ((bp != NULL) &&
(BIO_write(bp,"\n",1) <= 0)) goto end;
if (len > length)
{
if (bp != NULL) BIO_printf(bp,
"length is greater than %ld\n",length);
ret=0;
goto end;
}
if ((j == 0x21) && (len == 0))
{
for (;;)
{
r=GRSTasn1Parse2(bp,&p,(long)(tot-p),
offset+(p - *pp),depth+1,
indent,dump,sibtreecoords,
taglist, maxtag, lasttag);
if (r == 0) { ret=0; goto end; }
if ((r == 2) || (p >= tot)) break;
}
}
else
while (p < ep)
{
r=GRSTasn1Parse2(bp,&p,(long)len,
offset+(p - *pp),depth+1,
indent,dump,sibtreecoords,
taglist, maxtag, lasttag);
if (r == 0) { ret=0; goto end; }
}
}
else if (xclass != 0)
{
p+=len;
if ((bp != NULL) &&
(BIO_write(bp,"\n",1) <= 0)) goto end;
}
else
{
nl=0;
if ( (tag == V_ASN1_PRINTABLESTRING) ||
(tag == V_ASN1_T61STRING) ||
(tag == V_ASN1_IA5STRING) ||
(tag == V_ASN1_VISIBLESTRING) ||
(tag == V_ASN1_UTCTIME) ||
(tag == V_ASN1_GENERALIZEDTIME))
{
if ((bp != NULL) &&
(BIO_write(bp,":",1) <= 0)) goto end;
if ((len > 0) && (bp != NULL) &&
BIO_write(bp,(char *)p,(int)len)
!= (int)len)
goto end;
}
else if (tag == V_ASN1_OBJECT)
{
opp=op;
if (d2i_ASN1_OBJECT(&o,&opp,len+hl) != NULL)
{
if (bp != NULL)
{
if (BIO_write(bp,":",1) <= 0) goto end;
i2a_ASN1_OBJECT(bp,o);
}
}
else
{
if ((bp != NULL) &&
(BIO_write(bp,":BAD OBJECT",11) <= 0))
goto end;
}
}
else if (tag == V_ASN1_BOOLEAN)
{
int ii;
ii = (int)*p;
if (ii < 0 || (int)len != 1)
{
if ((bp != NULL) &&
(BIO_write(bp,"Bad boolean\n",12)))
goto end;
}
if (bp != NULL) BIO_printf(bp,":%d",ii);
}
else if (tag == V_ASN1_BMPSTRING)
{
/* do the BMP thang */
}
else if (tag == V_ASN1_OCTET_STRING)
{
int i;
opp=op;
os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl);
if (os != NULL)
{
opp=os->data;
if (os->length > 0)
{
if ((bp != NULL) &&
(BIO_write(bp,":",1) <= 0))
goto end;
if ((bp != NULL) &&
(GRSTasn1PrintPrintable(bp,
opp,
os->length) <= 0))
goto end;
}
ASN1_OCTET_STRING_free(os);
os=NULL;
}
}
else if (tag == V_ASN1_INTEGER)
{
ASN1_INTEGER *bs;
int i;
opp=op;
bs=d2i_ASN1_INTEGER(NULL,&opp,len+hl);
if (bs != NULL)
{
if ((bp != NULL) &&
(BIO_write(bp,":",1) <= 0)) goto end;
if (bs->type == V_ASN1_NEG_INTEGER)
if ((bp != NULL) &&
(BIO_write(bp,"-",1) <= 0))
goto end;
for (i=0; i<bs->length; i++)
{
if ((bp != NULL) &&
(BIO_printf(bp,"%02X",
bs->data[i]) <= 0))
goto end;
}
if (bs->length == 0)
{
if ((bp != NULL) &&
(BIO_write(bp,"00",2) <= 0))
goto end;
}
}
else
{
if ((bp != NULL) &&
(BIO_write(bp,"BAD INTEGER",11) <= 0))
goto end;
}
ASN1_INTEGER_free(bs);
}
else if (tag == V_ASN1_ENUMERATED)
{
ASN1_ENUMERATED *bs;
int i;
opp=op;
bs=d2i_ASN1_ENUMERATED(NULL,&opp,len+hl);
if (bs != NULL)
{
if ((bp != NULL) &&
(BIO_write(bp,":",1) <= 0)) goto end;
if (bs->type == V_ASN1_NEG_ENUMERATED)
if ((bp != NULL) &&
(BIO_write(bp,"-",1) <= 0))
goto end;
for (i=0; i<bs->length; i++)
{
if ((bp != NULL) &&
(BIO_printf(bp,"%02X",
bs->data[i]) <= 0))
goto end;
}
if (bs->length == 0)
{
if ((bp != NULL) &&
(BIO_write(bp,"00",2) <= 0))
goto end;
}
}
else
{
if ((bp != NULL) &&
(BIO_write(bp,"BAD ENUMERATED",11) <= 0))
goto end;
}
ASN1_ENUMERATED_free(bs);
}
else if (len > 0 && dump)
{
if (!nl)
{
if ((bp != NULL) &&
(BIO_write(bp,"\n",1) <= 0))
goto end;
}
if ((bp != NULL) &&
(BIO_dump_indent(bp,(char *)p,
((dump == -1 || dump > len)?len:dump),
dump_indent) <= 0))
goto end;
nl=1;
}
if (!nl)
{
if ((bp != NULL) &&
(BIO_write(bp,"\n",1) <= 0)) goto end;
}
p+=len;
if ((tag == V_ASN1_EOC) && (xclass == 0))
{
ret=2; /* End of sequence */
goto end;
}
}
length-=len;
}
ret=1;
end:
if (o != NULL) ASN1_OBJECT_free(o);
if (os != NULL) ASN1_OCTET_STRING_free(os);
*pp=p;
return(ret);
}
