[pkg-opensc-commit] [libp11] 62/239: add an example for decryption. however it doesn't work, will ask nils for advice how to get the openssl part right.
Eric Dorland
eric at moszumanska.debian.org
Sat Oct 17 06:21:09 UTC 2015
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository libp11.
commit 8dd2bca092fe92a2b8198265b0999ddc94fc987f
Author: Andreas Jellinghaus <andreas at ionisiert.de>
Date: Thu Oct 20 14:11:53 2005 +0000
add an example for decryption. however it doesn't work,
will ask nils for advice how to get the openssl part
right.
---
examples/Makefile | 4 +-
examples/decrypt.c | 227 +++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 229 insertions(+), 2 deletions(-)
diff --git a/examples/Makefile b/examples/Makefile
index 8f1d4c6..6a8cdf5 100644
--- a/examples/Makefile
+++ b/examples/Makefile
@@ -1,7 +1,7 @@
CFLAGS=-O2 -g $(shell pkg-config --cflags libp11)
LDFLAGS=$(shell pkg-config --libs libp11)
-all: auth getrandom
+all: auth decrypt getrandom
clean:
- rm auth getrandom
+ rm auth decrypt getrandom
diff --git a/examples/decrypt.c b/examples/decrypt.c
new file mode 100644
index 0000000..7d8fcaf
--- /dev/null
+++ b/examples/decrypt.c
@@ -0,0 +1,227 @@
+/* libp11 example code: auth.c
+ *
+ * This examply simply connects to your smart card
+ * and does a public key authentication.
+ *
+ * Feel free to copy all of the code as needed.
+ *
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <termios.h>
+#include <stdio.h>
+#include <string.h>
+#include <libp11.h>
+
+#define RANDOM_SOURCE "/dev/urandom"
+#define RANDOM_SIZE 128
+#define MAX_SIGSIZE 256
+
+int main(int argc, char *argv[])
+{
+ PKCS11_CTX *ctx;
+ PKCS11_SLOT *slots, *slot;
+ PKCS11_CERT *certs;
+
+ PKCS11_KEY *authkey;
+ PKCS11_CERT *authcert;
+ EVP_PKEY *pubkey;
+
+ unsigned char *random, *encrypted, *decrypted;
+
+ char password[20];
+ int rc = 0, fd, i, len;
+ unsigned int nslots, ncerts, siglen;
+
+ if (argc != 2) {
+ fprintf(stderr, "usage: auth /usr/lib/opensc-pkcs11.so\n");
+ return 1;
+ }
+
+ ctx = PKCS11_CTX_new();
+
+ /* load pkcs #11 module */
+ rc = PKCS11_CTX_load(ctx, argv[1]);
+ if (rc) {
+ fprintf(stderr, "loading pkcs11 engine failed: %s\n",
+ ERR_reason_error_string(ERR_get_error()));
+ rc = 1;
+ goto nolib;
+ }
+
+ /* get information on all slots */
+ rc = PKCS11_enumerate_slots(ctx, &slots, &nslots);
+ if (rc < 0) {
+ fprintf(stderr, "no slots available\n");
+ rc = 2;
+ goto noslots;
+ }
+
+ /* get first slot with a token */
+ slot = PKCS11_find_token(ctx, slots, nslots);
+ if (!slot || !slot->token) {
+ fprintf(stderr, "no token available\n");
+ rc = 3;
+ goto notoken;
+ }
+ printf("Slot manufacturer......: %s\n", slot->manufacturer);
+ printf("Slot description.......: %s\n", slot->description);
+ printf("Slot token label.......: %s\n", slot->token->label);
+ printf("Slot token manufacturer: %s\n", slot->token->manufacturer);
+ printf("Slot token model.......: %s\n", slot->token->model);
+ printf("Slot token serialnr....: %s\n", slot->token->serialnr);
+
+ /* get all certs */
+ rc = PKCS11_enumerate_certs(slot->token, &certs, &ncerts);
+ if (rc) {
+ fprintf(stderr, "PKCS11_enumerate_certs failed\n");
+ goto failed;
+ }
+ if (ncerts <= 0) {
+ fprintf(stderr, "no certificates found\n");
+ goto failed;
+ }
+
+ /* use the first cert */
+ authcert=&certs[0];
+
+ /* get random bytes */
+ random = malloc(RANDOM_SIZE);
+ if (!random)
+ goto failed;
+
+ fd = open(RANDOM_SOURCE, O_RDONLY);
+ if (fd < 0) {
+ fprintf(stderr, "fatal: cannot open RANDOM_SOURCE: %s\n",
+ strerror(errno));
+ goto failed;
+ }
+
+ rc = read(fd, random, RANDOM_SIZE);
+ if (rc < 0) {
+ fprintf(stderr, "fatal: read from random source failed: %s\n",
+ strerror(errno));
+ close(fd);
+ goto failed;
+ }
+
+ if (rc < RANDOM_SIZE) {
+ fprintf(stderr, "fatal: read returned less than %d<%d bytes\n",
+ rc, RANDOM_SIZE);
+ close(fd);
+ goto failed;
+ }
+
+ close(fd);
+
+ /* get RSA key */
+ pubkey = X509_get_pubkey(authcert->x509);
+ if (pubkey == NULL) {
+ fprintf(stderr, "could not extract public key\n");
+ goto failed;
+ }
+
+ /* allocate destination buffer */
+ encrypted = malloc(RSA_size(pubkey->pkey.rsa));
+ if (!encrypted) {
+ fprintf(stderr,"out of memory for encrypted data");
+ goto failed;
+ }
+
+ /* use public key for encryption */
+ rc = RSA_public_encrypt(RANDOM_SIZE, random, encrypted,
+ pubkey->pkey.rsa, RSA_PKCS1_PADDING);
+ if (rc != 1) {
+ fprintf(stderr, "fatal: RSA_public_encrypt failed\n");
+ goto failed;
+ }
+
+ /* now decrypt */
+ if (!slot->token->loginRequired)
+ goto loggedin;
+
+ /* get password */
+ struct termios old, new;
+ int nread;
+
+ /* Turn echoing off and fail if we can't. */
+ if (tcgetattr(0, &old) != 0)
+ goto failed;
+
+ new = old;
+ new.c_lflag &= ~ECHO;
+ if (tcsetattr(0, TCSAFLUSH, &new) != 0)
+ goto failed;
+
+ /* Read the password. */
+ printf("Password for token %.32s: ", slot->token->label);
+ fgets(password, sizeof(password), stdin);
+
+ /* Restore terminal. */
+ (void)tcsetattr(0, TCSAFLUSH, &old);
+
+ /* strip tailing \n from password */
+ rc = strlen(password);
+ if (rc <= 0)
+ goto failed;
+ password[rc-1]=0;
+
+ /* perform pkcs #11 login */
+ rc = PKCS11_login(slot, 0, password);
+ memset(password, 0, strlen(password));
+ if (rc != 0) {
+ fprintf(stderr, "PKCS11_login failed\n");
+ goto failed;
+ }
+
+ loggedin:
+
+ authkey = PKCS11_find_key(authcert);
+ if (!authkey) {
+ fprintf(stderr, "no key matching certificate available\n");
+ goto failed;
+ }
+
+ /* allocate space for decrypted. */
+ decrypted = malloc(RANDOM_SIZE);
+ if (!decrypted)
+ goto failed;
+
+ rc = PKCS11_private_decrypt(RSA_size(pubkey->pkey.rsa), encrypted,
+ decrypted, authkey, RSA_PKCS1_PADDING);
+ if (rc != 1) {
+ fprintf(stderr, "fatal: PKCS11_private_decrypt failed\n");
+ goto failed;
+ }
+
+ /* check if original matches decypted */
+ if (memcmp(random, decrypted, RANDOM_SIZE) != 0) {
+ fprintf(stderr, "fatal: decrypted data does not match original\n");
+ goto failed;
+ }
+
+ PKCS11_release_all_slots(ctx, slots, nslots);
+ PKCS11_CTX_unload(ctx);
+ PKCS11_CTX_free(ctx);
+
+ printf("decryption successfull.\n");
+ return 0;
+
+
+ failed:
+ norandom:
+ notoken:
+ PKCS11_release_all_slots(ctx, slots, nslots);
+
+ noslots:
+ PKCS11_CTX_unload(ctx);
+
+ nolib:
+ PKCS11_CTX_free(ctx);
+
+
+ printf("decryption failed.\n");
+ return 1;
+}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git
More information about the pkg-opensc-commit
mailing list