[pkg-opensc-commit] [libp11] 59/239: add real auth example. add getrandom example.

Eric Dorland eric at moszumanska.debian.org
Sat Oct 17 06:21:08 UTC 2015 

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository libp11.

commit 8de4861898b8e482447b44f07e56302e9f47d20b
Author: Andreas Jellinghaus <andreas at ionisiert.de>
Date:   Thu Oct 13 15:14:20 2005 +0000

    add real auth example. add getrandom example.
---
 examples/Makefile                |   6 +-
 examples/auth.c                  | 176 ++++++++++++++++++++++++++++++++++-----
 examples/{auth.c => getrandom.c} |  23 +++--
 3 files changed, 174 insertions(+), 31 deletions(-)

diff --git a/examples/Makefile b/examples/Makefile
index fbe6529..8f1d4c6 100644
--- a/examples/Makefile
+++ b/examples/Makefile
@@ -1,7 +1,7 @@
-CFLAGS=$(shell pkg-config --cflags libp11)
+CFLAGS=-O2 -g $(shell pkg-config --cflags libp11)
 LDFLAGS=$(shell pkg-config --libs libp11)
 
-all: auth
+all: auth getrandom
 
 clean:
-	rm auth
+	rm auth getrandom
diff --git a/examples/auth.c b/examples/auth.c
index 474ea9a..699a21d 100644
--- a/examples/auth.c
+++ b/examples/auth.c
@@ -1,15 +1,40 @@
+/* libp11 example code: auth.c
+ *
+ * This examply simply connects to your smart card
+ * and does a public key authentication.
+ *
+ * Feel free to copy all of the code as needed.
+ *
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <termios.h>
 #include <stdio.h>
 #include <libp11.h>
 
+#define RANDOM_SOURCE "/dev/urandom"
+#define RANDOM_SIZE 128
+#define MAX_SIGSIZE 256
+
 int main(int argc, char *argv[])
 {
 	PKCS11_CTX *ctx;
 	PKCS11_SLOT *slots, *slot;
-	unsigned char random[10];
-	int rc = 0, i, len, nslots;
+	PKCS11_CERT *certs;
+	
+	PKCS11_KEY *authkey;
+	PKCS11_CERT *authcert;
+	EVP_PKEY *pubkey;
+
+	unsigned char *random, *signature;
+
+	char password[20];
+	int rc = 0, fd, i, len, nslots, ncerts, siglen;
 
 	if (argc != 2) {
-		fprintf(stderr,"usage: auth /usr/lib/opensc-pkcs11.so\n");
+		fprintf(stderr, "usage: auth /usr/lib/opensc-pkcs11.so\n");
 		return 1;
 	}
 
@@ -46,32 +71,141 @@ int main(int argc, char *argv[])
 	printf("Slot token model.......: %s\n", slot->token->model);
 	printf("Slot token serialnr....: %s\n", slot->token->serialnr);
 
-	/* get 10 random bytes */
-	len = sizeof(random);
-	rc = PKCS11_generate_random(slot, random, len);
+	/* get all certs */
+	rc = PKCS11_enumerate_certs(slot->token, &certs, &ncerts);
+	if (rc) {
+		fprintf(stderr, "PKCS11_enumerate_certs failed\n");
+		goto failed;
+	}
+	if (ncerts <= 0) {
+		fprintf(stderr, "no certificates found\n");
+		goto failed;
+	}
+
+	/* use the first cert */
+	authcert=&certs[0];
+
+	if (!slot->token->loginRequired)
+		goto loggedin;
+
+	/* get password */
+	struct termios old, new;
+	int nread;
+
+	/* Turn echoing off and fail if we can't. */
+	if (tcgetattr(0, &old) != 0)
+		goto failed;
+
+	new = old;
+	new.c_lflag &= ~ECHO;
+	if (tcsetattr(0, TCSAFLUSH, &new) != 0)
+		goto failed;
+
+	/* Read the password. */
+	printf("Password for token %.32s: ", slot->token->label);
+	fgets(password, sizeof(password), stdin);
+
+	/* Restore terminal. */
+	(void)tcsetattr(0, TCSAFLUSH, &old);
+
+	/* strip tailing \n from password */
+	rc = strlen(password);
+	if (rc <= 0)
+		goto failed;
+	password[rc-1]=0;
+
+	/* perform pkcs #11 login */
+	rc = PKCS11_login(slot, 0, password);
+	memset(password, 0, strlen(password));
+	if (rc != 0) {
+		fprintf(stderr, "PKCS11_login failed\n");
+		goto failed;
+	}
+
+      loggedin:
+	/* get random bytes */
+	random = malloc(RANDOM_SIZE);
+	if (!random)
+		goto failed;
+
+	fd = open(RANDOM_SOURCE, O_RDONLY);
+	if (fd < 0) {
+		fprintf(stderr, "fatal: cannot open RANDOM_SOURCE: %s\n",
+				strerror(errno));
+		goto failed;
+	}
+
+	rc = read(fd, random, RANDOM_SIZE);
 	if (rc < 0) {
-		fprintf(stderr, "generate_random failed: %s\n",
-			ERR_reason_error_string(ERR_get_error()));
-		rc = 4;
-		goto norandom;
+		fprintf(stderr, "fatal: read from random source failed: %s\n",
+			strerror(errno));
+		close(fd);
+		goto failed;
+	}
+
+	if (rc < RANDOM_SIZE) {
+		fprintf(stderr, "fatal: read returned less than %d<%d bytes\n",
+		       rc, RANDOM_SIZE);
+		close(fd);
+		goto failed;
+	}
+
+	close(fd);
+
+	authkey = PKCS11_find_key(authcert);
+	if (!authkey) {
+		fprintf(stderr, "no key matching certificate available\n");
+		goto failed;
+	}
+
+	/* ask for a sha1 hash of the random data, signed by the key */
+	siglen = MAX_SIGSIZE;
+	signature = malloc(MAX_SIGSIZE);
+	if (!signature)
+		goto failed;
+
+	rc = PKCS11_sign(NID_sha1, random, RANDOM_SIZE, signature, &siglen,
+			 authkey);
+	if (rc != 1) {
+		fprintf(stderr, "fatal: pkcs11_sign failed\n");
+		goto failed;
 	}
 
-	printf("\nRandom numbers generated by the token: ");
-	for (i=0; i<len; i++)
-		printf("%02X ", random[i]);
-	printf("\n");
+	/* verify the signature */
+	pubkey = X509_get_pubkey(authcert->x509);
+	if (pubkey == NULL) {
+		fprintf(stderr, "could not extract public key\n");
+		goto failed;
+	}
+
+	/* now verify the result */
+	rc = RSA_verify(NID_sha1, random, RANDOM_SIZE,
+			signature, siglen, pubkey->pkey.rsa);
+	if (rc != 1) {
+		fprintf(stderr, "fatal: RSA_verify failed\n");
+		goto failed;
+	}
+
+	PKCS11_release_all_slots(ctx, slots, nslots);
+	PKCS11_CTX_unload(ctx);
+	PKCS11_CTX_free(ctx);
+
+	printf("authentication successfull.\n");
+	return 0;
 
-	rc = 0;
 
-norandom:
-notoken:
+      failed:
+      norandom:
+      notoken:
 	PKCS11_release_all_slots(ctx, slots, nslots);
 
-noslots:
+      noslots:
 	PKCS11_CTX_unload(ctx);
 
-nolib:
+      nolib:
 	PKCS11_CTX_free(ctx);
-	return rc;
-}
+	
 
+	printf("authentication failed.\n");
+	return 1;
+}
diff --git a/examples/auth.c b/examples/getrandom.c
similarity index 82%
copy from examples/auth.c
copy to examples/getrandom.c
index 474ea9a..b17f6f6 100644
--- a/examples/auth.c
+++ b/examples/getrandom.c
@@ -1,3 +1,12 @@
+/* libp11 example code: getrandom.c 
+ *
+ * This examply simply connects to your smart card and 
+ * asks for a few random bytes.
+ * 
+ * Feel free to copy all of the code as needed.
+ *
+ */
+
 #include <stdio.h>
 #include <libp11.h>
 
@@ -9,10 +18,11 @@ int main(int argc, char *argv[])
 	int rc = 0, i, len, nslots;
 
 	if (argc != 2) {
-		fprintf(stderr,"usage: auth /usr/lib/opensc-pkcs11.so\n");
+		fprintf(stderr, "usage: getrandom /usr/lib/opensc-pkcs11.so\n");
 		return 1;
 	}
 
+	/* new context */
 	ctx = PKCS11_CTX_new();
 
 	/* load pkcs #11 module */
@@ -57,21 +67,20 @@ int main(int argc, char *argv[])
 	}
 
 	printf("\nRandom numbers generated by the token: ");
-	for (i=0; i<len; i++)
+	for (i = 0; i < len; i++)
 		printf("%02X ", random[i]);
 	printf("\n");
 
 	rc = 0;
 
-norandom:
-notoken:
+      norandom:
+      notoken:
 	PKCS11_release_all_slots(ctx, slots, nslots);
 
-noslots:
+      noslots:
 	PKCS11_CTX_unload(ctx);
 
-nolib:
+      nolib:
 	PKCS11_CTX_free(ctx);
 	return rc;
 }
-

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git

More information about the pkg-opensc-commit mailing list