static char *tpm_engine_get_auth(UI_METHOD *ui_method, char *auth, int maxlen,
char *input_string, void *cb_data)
{
UI *ui;
DBG("%s", __FUNCTION__);
ui = UI_new();
if (ui_method)
UI_set_method(ui, ui_method);
UI_add_user_data(ui, cb_data);
if (!UI_add_input_string(ui, input_string, 0, auth, 0, maxlen)) {
TSSerr(TPM_F_TPM_ENGINE_GET_AUTH, TPM_R_UI_METHOD_FAILED);
UI_free(ui);
return NULL;
}
if (UI_process(ui)) {
TSSerr(TPM_F_TPM_ENGINE_GET_AUTH, TPM_R_UI_METHOD_FAILED);
UI_free(ui);
return NULL;
}
UI_free(ui);
return auth;
}
/* Get the PIN via asking user interface. The supplied call-back data are
* passed to the user interface implemented by an application. Only the
* application knows how to interpret the call-back data.
* A (strdup'ed) copy of the PIN code will be stored in the pin variable. */
static int get_pin(ENGINE_CTX *ctx, UI_METHOD *ui_method, void *callback_data)
{
UI *ui;
/* call ui to ask for a pin */
ui = UI_new();
if (ui == NULL) {
fprintf(stderr, "UI_new failed\n");
return 0;
}
if (ui_method != NULL)
UI_set_method(ui, ui_method);
if (callback_data != NULL)
UI_add_user_data(ui, callback_data);
destroy_pin(ctx);
ctx->pin = OPENSSL_malloc(MAX_PIN_LENGTH * sizeof(char));
if (ctx->pin == NULL)
return 0;
memset(ctx->pin, 0, MAX_PIN_LENGTH * sizeof(char));
ctx->pin_length = MAX_PIN_LENGTH;
if (!UI_add_input_string(ui, "PKCS#11 token PIN: ",
UI_INPUT_FLAG_DEFAULT_PWD, ctx->pin, 1, MAX_PIN_LENGTH)) {
fprintf(stderr, "UI_add_input_string failed\n");
UI_free(ui);
return 0;
}
if (UI_process(ui)) {
fprintf(stderr, "UI_process failed\n");
UI_free(ui);
return 0;
}
UI_free(ui);
return 1;
}
static int ui_close(UI *ui)
{
struct ui_data *ui_data = UI_get0_user_data(ui);
struct ui_form_opt *opt, *next_opt;
opt = (struct ui_form_opt *)ui_data->form.opts;
while (opt) {
next_opt = (struct ui_form_opt *)opt->opt.next;
if (opt->opt.value)
free(opt->opt.value);
free(opt);
opt = next_opt;
}
free(ui_data);
UI_add_user_data(ui, NULL);
return 1;
}
/*
* Authenticate a private the key operation if needed
*/
int pkcs11_authenticate(PKCS11_KEY *key)
{
PKCS11_KEY_private *kpriv = PRIVKEY(key);
PKCS11_TOKEN *token = KEY2TOKEN(key);
PKCS11_SLOT *slot = TOKEN2SLOT(token);
PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
PKCS11_CTX *ctx = SLOT2CTX(slot);
char pin[MAX_PIN_LENGTH+1];
UI *ui;
int rv;
/* Handle CKF_PROTECTED_AUTHENTICATION_PATH */
if (token->secureLogin) {
rv = CRYPTOKI_call(ctx,
C_Login(spriv->session, CKU_CONTEXT_SPECIFIC, NULL, 0));
return rv == CKR_USER_ALREADY_LOGGED_IN ? 0 : rv;
}
/* Call UI to ask for a PIN */
ui = UI_new_method(kpriv->ui_method);
if (ui == NULL)
return PKCS11_UI_FAILED;
if (kpriv->ui_user_data != NULL)
UI_add_user_data(ui, kpriv->ui_user_data);
memset(pin, 0, MAX_PIN_LENGTH+1);
if (!UI_add_input_string(ui, "PKCS#11 key PIN: ",
UI_INPUT_FLAG_DEFAULT_PWD, pin, 4, MAX_PIN_LENGTH)) {
UI_free(ui);
return PKCS11_UI_FAILED;
}
if (UI_process(ui)) {
UI_free(ui);
return PKCS11_UI_FAILED;
}
UI_free(ui);
/* Login with the PIN */
rv = CRYPTOKI_call(ctx,
C_Login(spriv->session, CKU_CONTEXT_SPECIFIC,
(CK_UTF8CHAR *)pin, strlen(pin)));
OPENSSL_cleanse(pin, MAX_PIN_LENGTH+1);
return rv == CKR_USER_ALREADY_LOGGED_IN ? 0 : rv;
}
static char *file_get_pass(const UI_METHOD *ui_method, char *pass,
size_t maxsize, const char *prompt_info, void *data)
{
UI *ui = UI_new();
char *prompt = NULL;
if (ui == NULL) {
OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE);
return NULL;
}
if (ui_method != NULL)
UI_set_method(ui, ui_method);
UI_add_user_data(ui, data);
if ((prompt = UI_construct_prompt(ui, "pass phrase",
prompt_info)) == NULL) {
OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE);
pass = NULL;
} else if (!UI_add_input_string(ui, prompt, UI_INPUT_FLAG_DEFAULT_PWD,
pass, 0, maxsize - 1)) {
OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB);
pass = NULL;
} else {
switch (UI_process(ui)) {
case -2:
OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS,
OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED);
pass = NULL;
break;
case -1:
OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB);
pass = NULL;
break;
default:
break;
}
}
OPENSSL_free(prompt);
UI_free(ui);
return pass;
}
/*
* Test wrapping old style PEM password callback in a UI method through the
* use of UI utility functions
*/
static int test_old()
{
UI_METHOD *ui_method = NULL;
UI *ui = NULL;
char defpass[] = "password";
char pass[16];
int ok = 0;
if ((ui_method =
UI_UTIL_wrap_read_pem_callback(test_pem_password_cb, 0)) == NULL
|| (ui = UI_new_method(ui_method)) == NULL)
goto err;
/* The wrapper passes the UI userdata as the callback userdata param */
UI_add_user_data(ui, defpass);
if (!UI_add_input_string(ui, "prompt", UI_INPUT_FLAG_DEFAULT_PWD,
pass, 0, sizeof(pass) - 1))
goto err;
switch (UI_process(ui)) {
case -2:
BIO_printf(bio_err, "test_old: UI process interrupted or cancelled\n");
/* fall through */
case -1:
goto err;
default:
break;
}
if (strcmp(pass, defpass) == 0)
ok = 1;
else
BIO_printf(bio_err, "test_old: password failure\n");
err:
if (!ok)
ERR_print_errors_fp(stderr);
UI_free(ui);
UI_destroy_method(ui_method);
return ok;
}
static int ui_open(UI *ui)
{
struct openconnect_info *vpninfo = ui_vpninfo; /* Ick */
struct ui_data *ui_data;
if (!vpninfo || !vpninfo->process_auth_form)
return 0;
ui_data = malloc(sizeof(*ui_data));
if (!ui_data)
return 0;
memset(ui_data, 0, sizeof(*ui_data));
ui_data->last_opt = &ui_data->form.opts;
ui_data->vpninfo = vpninfo;
ui_data->form.auth_id = (char *)"openssl_ui";
UI_add_user_data(ui, ui_data);
return 1;
}
int UI_dup_user_data(UI *ui, void *user_data)
{
void *duplicate = NULL;
if (ui->meth->ui_duplicate_data == NULL
|| ui->meth->ui_destroy_data == NULL) {
UIerr(UI_F_UI_DUP_USER_DATA, UI_R_USER_DATA_DUPLICATION_UNSUPPORTED);
return -1;
}
duplicate = ui->meth->ui_duplicate_data(ui, user_data);
if (duplicate == NULL) {
UIerr(UI_F_UI_DUP_USER_DATA, ERR_R_MALLOC_FAILURE);
return -1;
}
(void)UI_add_user_data(ui, duplicate);
ui->flags |= UI_FLAG_DUPL_DATA;
return 0;
}
/*
* Test wrapping old style PEM password callback in a UI method through the
* use of UI utility functions
*/
static int test_old(void)
{
UI_METHOD *ui_method = NULL;
UI *ui = NULL;
char defpass[] = "password";
char pass[16];
int ok = 0;
if (!TEST_ptr(ui_method =
UI_UTIL_wrap_read_pem_callback( test_pem_password_cb, 0))
|| !TEST_ptr(ui = UI_new_method(ui_method)))
goto err;
/* The wrapper passes the UI userdata as the callback userdata param */
UI_add_user_data(ui, defpass);
if (!UI_add_input_string(ui, "prompt", UI_INPUT_FLAG_DEFAULT_PWD,
pass, 0, sizeof(pass) - 1))
goto err;
switch (UI_process(ui)) {
case -2:
TEST_info("test_old: UI process interrupted or cancelled");
/* fall through */
case -1:
goto err;
default:
break;
}
if (TEST_str_eq(pass, defpass))
ok = 1;
err:
UI_free(ui);
UI_destroy_method(ui_method);
return ok;
}
static int hwcrhk_insert_card(const char *prompt_info,
const char *wrong_info,
HWCryptoHook_PassphraseContext *ppctx,
HWCryptoHook_CallerContext *cactx)
{
int ok = -1;
UI *ui;
void *callback_data = NULL;
UI_METHOD *ui_method = NULL;
if (cactx)
{
if (cactx->ui_method)
ui_method = cactx->ui_method;
if (cactx->callback_data)
callback_data = cactx->callback_data;
}
if (ppctx)
{
if (ppctx->ui_method)
ui_method = ppctx->ui_method;
if (ppctx->callback_data)
callback_data = ppctx->callback_data;
}
if (ui_method == NULL)
{
HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD,
HWCRHK_R_NO_CALLBACK);
return -1;
}
ui = UI_new_method(ui_method);
if (ui)
{
char answer;
char buf[BUFSIZ];
/* Despite what the documentation says wrong_info can be
* an empty string.
*/
if (wrong_info && *wrong_info)
BIO_snprintf(buf, sizeof(buf)-1,
"Current card: \"%s\"\n", wrong_info);
else
buf[0] = 0;
ok = UI_dup_info_string(ui, buf);
if (ok >= 0 && prompt_info)
{
BIO_snprintf(buf, sizeof(buf)-1,
"Insert card \"%s\"", prompt_info);
ok = UI_dup_input_boolean(ui, buf,
"\n then hit <enter> or C<enter> to cancel\n",
"\r\n", "Cc", UI_INPUT_FLAG_ECHO, &answer);
}
UI_add_user_data(ui, callback_data);
if (ok >= 0)
ok = UI_process(ui);
UI_free(ui);
if (ok == -2 || (ok >= 0 && answer == 'C'))
ok = 1;
else if (ok < 0)
ok = -1;
else
ok = 0;
}
return ok;
}
static int hwcrhk_get_pass(const char *prompt_info,
int *len_io, char *buf,
HWCryptoHook_PassphraseContext *ppctx,
HWCryptoHook_CallerContext *cactx)
{
pem_password_cb *callback = NULL;
void *callback_data = NULL;
UI_METHOD *ui_method = NULL;
/* Despite what the documentation says prompt_info can be
* an empty string.
*/
if (prompt_info && !*prompt_info)
prompt_info = NULL;
if (cactx)
{
if (cactx->ui_method)
ui_method = cactx->ui_method;
if (cactx->password_callback)
callback = cactx->password_callback;
if (cactx->callback_data)
callback_data = cactx->callback_data;
}
if (ppctx)
{
if (ppctx->ui_method)
{
ui_method = ppctx->ui_method;
callback = NULL;
}
if (ppctx->callback_data)
callback_data = ppctx->callback_data;
}
if (callback == NULL && ui_method == NULL)
{
HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS,HWCRHK_R_NO_CALLBACK);
return -1;
}
if (ui_method)
{
UI *ui = UI_new_method(ui_method);
if (ui)
{
int ok;
char *prompt = UI_construct_prompt(ui,
"pass phrase", prompt_info);
ok = UI_add_input_string(ui,prompt,
UI_INPUT_FLAG_DEFAULT_PWD,
buf,0,(*len_io) - 1);
UI_add_user_data(ui, callback_data);
UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
if (ok >= 0)
do
{
ok=UI_process(ui);
}
while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
if (ok >= 0)
*len_io = strlen(buf);
UI_free(ui);
OPENSSL_free(prompt);
}
}
else
{
*len_io = callback(buf, *len_io, 0, callback_data);
}
if(!*len_io)
return -1;
return 0;
}
