Exemple #1
0
static int parse_key(const char *text, const unsigned char *expected, int valid) {
	unsigned char key[24];
	size_t len = sizeof(key);
	ykpiv_rc res = ykpiv_hex_decode(text, strlen(text), key, &len);
  if (valid) {
    ck_assert(res == YKPIV_OK);
    ck_assert(memcmp(expected, key, 24) == 0);
  } else {
    ck_assert(res != YKPIV_OK);
  }
	return EXIT_SUCCESS;
}
static int parse_key(const char *text, const unsigned char *expected, int valid) {
	unsigned char key[24];
	size_t len = sizeof(key);
	ykpiv_rc res = ykpiv_hex_decode(text, strlen(text), key, &len);
	if(res != YKPIV_OK && valid == 1) {
		printf("key check failed for %s!\n", text);
		return EXIT_FAILURE;
	} else if(res != YKPIV_OK && valid == 0) {
		return EXIT_SUCCESS;
	}

	if(memcmp(expected, key, 24) != 0) {
		printf("keys not matching for %s!\n", text);
		return EXIT_FAILURE;
	}

	return EXIT_SUCCESS;
}
static CK_RV COMMON_token_login(ykpiv_state *state, CK_USER_TYPE user, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len) {

  int tries = 0; // TODO: this is effectively disregarded, should we add a better value in ykpiv_verify?
  unsigned char key[24];
  size_t key_len = sizeof(key);
  unsigned char *term_pin;
  ykpiv_rc res;

  if (user == CKU_USER) {
    // add null termination for the pin
    term_pin = malloc(pin_len + 1);
    if (term_pin == NULL) {
      return CKR_HOST_MEMORY;
    }
    memcpy(term_pin, pin, pin_len);
    term_pin[pin_len] = 0;

    res = ykpiv_verify(state, (char *)term_pin, &tries);

    OPENSSL_cleanse(term_pin, pin_len);
    free(term_pin);

    if (res != YKPIV_OK) {
      DBG("Failed to login");
      return CKR_PIN_INCORRECT;
    }
  }
  else if (user == CKU_SO) {
    if(ykpiv_hex_decode((char *)pin, pin_len, key, &key_len) != YKPIV_OK) {
      DBG("Failed decoding key");
      return CKR_FUNCTION_FAILED;
    }

    if(ykpiv_authenticate(state, key) != YKPIV_OK) {
      DBG("Failed to authenticate");
      return CKR_PIN_INCORRECT;
    }
  }

  return CKR_OK;
}
Exemple #4
0
size_t read_data(unsigned char *buf, size_t len, FILE* input, enum enum_format format) {
  char raw_buf[3072 * 2];
  size_t raw_len = sizeof(raw_buf);
  raw_len = fread(raw_buf, 1, raw_len, input);
  switch(format) {
    case format_arg_hex:
      if(raw_buf[raw_len - 1] == '\n') {
        raw_len -= 1;
      }
      if(ykpiv_hex_decode(raw_buf, raw_len, buf, &len) != YKPIV_OK) {
        return 0;
      }
      return len;
    case format_arg_base64:
      {
        int read;
        BIO *b64 = BIO_new(BIO_f_base64());
        BIO *bio = BIO_new_mem_buf(raw_buf, raw_len);
        BIO_push(b64, bio);
        read = BIO_read(b64, buf, len);
        BIO_free_all(b64);
        if(read <= 0) {
          return 0;
        } else {
          return (size_t)read;
        }
      }
      break;
    case format_arg_binary:
      if(raw_len > len) {
        return 0;
      }
      memcpy(buf, raw_buf, raw_len);
      return raw_len;
    case format__NULL:
    default:
      return 0;
  }
}