static int parse_key(const char *text, const unsigned char *expected, int valid) { unsigned char key[24]; size_t len = sizeof(key); ykpiv_rc res = ykpiv_hex_decode(text, strlen(text), key, &len); if (valid) { ck_assert(res == YKPIV_OK); ck_assert(memcmp(expected, key, 24) == 0); } else { ck_assert(res != YKPIV_OK); } return EXIT_SUCCESS; }
static int parse_key(const char *text, const unsigned char *expected, int valid) { unsigned char key[24]; size_t len = sizeof(key); ykpiv_rc res = ykpiv_hex_decode(text, strlen(text), key, &len); if(res != YKPIV_OK && valid == 1) { printf("key check failed for %s!\n", text); return EXIT_FAILURE; } else if(res != YKPIV_OK && valid == 0) { return EXIT_SUCCESS; } if(memcmp(expected, key, 24) != 0) { printf("keys not matching for %s!\n", text); return EXIT_FAILURE; } return EXIT_SUCCESS; }
static CK_RV COMMON_token_login(ykpiv_state *state, CK_USER_TYPE user, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len) { int tries = 0; // TODO: this is effectively disregarded, should we add a better value in ykpiv_verify? unsigned char key[24]; size_t key_len = sizeof(key); unsigned char *term_pin; ykpiv_rc res; if (user == CKU_USER) { // add null termination for the pin term_pin = malloc(pin_len + 1); if (term_pin == NULL) { return CKR_HOST_MEMORY; } memcpy(term_pin, pin, pin_len); term_pin[pin_len] = 0; res = ykpiv_verify(state, (char *)term_pin, &tries); OPENSSL_cleanse(term_pin, pin_len); free(term_pin); if (res != YKPIV_OK) { DBG("Failed to login"); return CKR_PIN_INCORRECT; } } else if (user == CKU_SO) { if(ykpiv_hex_decode((char *)pin, pin_len, key, &key_len) != YKPIV_OK) { DBG("Failed decoding key"); return CKR_FUNCTION_FAILED; } if(ykpiv_authenticate(state, key) != YKPIV_OK) { DBG("Failed to authenticate"); return CKR_PIN_INCORRECT; } } return CKR_OK; }
size_t read_data(unsigned char *buf, size_t len, FILE* input, enum enum_format format) { char raw_buf[3072 * 2]; size_t raw_len = sizeof(raw_buf); raw_len = fread(raw_buf, 1, raw_len, input); switch(format) { case format_arg_hex: if(raw_buf[raw_len - 1] == '\n') { raw_len -= 1; } if(ykpiv_hex_decode(raw_buf, raw_len, buf, &len) != YKPIV_OK) { return 0; } return len; case format_arg_base64: { int read; BIO *b64 = BIO_new(BIO_f_base64()); BIO *bio = BIO_new_mem_buf(raw_buf, raw_len); BIO_push(b64, bio); read = BIO_read(b64, buf, len); BIO_free_all(b64); if(read <= 0) { return 0; } else { return (size_t)read; } } break; case format_arg_binary: if(raw_len > len) { return 0; } memcpy(buf, raw_buf, raw_len); return raw_len; case format__NULL: default: return 0; } }