implement authenticate

This commit is contained in:
Klas Lindfors
2014-02-03 15:08:15 +01:00
parent 8069baa283
commit 013161014b
3 changed files with 68 additions and 4 deletions
+4 -2
View File
@@ -25,12 +25,14 @@
# for the parts of OpenSSL used as well as that of the covered work. # for the parts of OpenSSL used as well as that of the covered work.
AM_CFLAGS = $(WERROR_CFLAGS) $(WARN_CFLAGS) AM_CFLAGS = $(WERROR_CFLAGS) $(WARN_CFLAGS)
AM_CPPFLAGS = $(PCSC_CFLAGS) AM_CPPFLAGS = $(PCSC_CFLAGS) $(OPENSSL_CFLAGS)
ACLOCAL_AMFLAGS = -I m4
bin_PROGRAMS = yubico-piv-tool bin_PROGRAMS = yubico-piv-tool
yubico_piv_tool_SOURCES = yubico-piv-tool.c yubico_piv_tool_SOURCES = yubico-piv-tool.c
yubico_piv_tool_SOURCES += cmdline.ggo cmdline.c cmdline.h yubico_piv_tool_SOURCES += cmdline.ggo cmdline.c cmdline.h
yubico_piv_tool_LDADD = $(PCSC_LIBS) yubico_piv_tool_LDADD = $(PCSC_LIBS) $(OPENSSL_LIBS)
cmdline.c cmdline.h: cmdline.ggo Makefile.am cmdline.c cmdline.h: cmdline.ggo Makefile.am
gengetopt --input $^ gengetopt --input $^
+1
View File
@@ -38,6 +38,7 @@ AM_MISSING_PROG(HELP2MAN, help2man, $missing_dir)
PKG_PROG_PKG_CONFIG PKG_PROG_PKG_CONFIG
PKG_CHECK_MODULES(PCSC, libpcsclite) PKG_CHECK_MODULES(PCSC, libpcsclite)
PKG_CHECK_MODULES(OPENSSL, openssl)
AC_ARG_ENABLE([gcc-warnings], AC_ARG_ENABLE([gcc-warnings],
[AS_HELP_STRING([--enable-gcc-warnings], [AS_HELP_STRING([--enable-gcc-warnings],
+63 -2
View File
@@ -32,6 +32,8 @@
#include <stdbool.h> #include <stdbool.h>
#include <string.h> #include <string.h>
#include <openssl/des.h>
#ifdef __APPLE__ #ifdef __APPLE__
#include <PCSC/wintypes.h> #include <PCSC/wintypes.h>
#else #else
@@ -136,10 +138,9 @@ static bool select_applet(SCARDHANDLE *card, int verbose) {
unsigned long recv_len = sizeof(data); unsigned long recv_len = sizeof(data);
int sw; int sw;
apdu.st.cla = 0x00; memset(apdu.raw, 0, sizeof(apdu));
apdu.st.ins = 0xa4; apdu.st.ins = 0xa4;
apdu.st.p1 = 0x04; apdu.st.p1 = 0x04;
apdu.st.p2 = 0x00;
apdu.st.lc = AID_LEN; apdu.st.lc = AID_LEN;
memcpy(apdu.st.data, aid, AID_LEN); memcpy(apdu.st.data, aid, AID_LEN);
@@ -151,6 +152,62 @@ static bool select_applet(SCARDHANDLE *card, int verbose) {
return false; return false;
} }
static bool authenticate(SCARDHANDLE *card, unsigned char *key, int verbose) {
APDU apdu;
unsigned char data[0xff];
unsigned char challenge[8];
unsigned long recv_len = sizeof(data);
int sw;
DES_key_schedule ks1, ks2, ks3;
{
DES_set_key_unchecked(key, &ks1);
DES_set_key_unchecked(key + 8, &ks2);
DES_set_key_unchecked(key + 16, &ks3);
}
{
memset(apdu.raw, 0, sizeof(apdu));
apdu.st.ins = 0x87;
apdu.st.p1 = 0x03; /* triple des */
apdu.st.p2 = 0x9b; /* management key */
apdu.st.lc = 0x04;
apdu.st.data[0] = 0x7c;
apdu.st.data[1] = 0x02;
apdu.st.data[2] = 0x80;
sw = send_data(card, apdu, 9, data, &recv_len, verbose);
if(sw != 0x9000) {
return false;
}
memcpy(challenge, data + 4, 8);
if(verbose) {
printf("received challenge:\n");
dump_hex(challenge, 8);
}
}
{
recv_len = 0xff;
memset(apdu.raw, 0, sizeof(apdu));
apdu.st.ins = 0x87;
apdu.st.p1 = 0x03; /* triple des */
apdu.st.p2 = 0x9b; /* management key */
apdu.st.lc = 12;
apdu.st.data[0] = 0x7c;
apdu.st.data[1] = 10;
apdu.st.data[2] = 0x80;
apdu.st.data[3] = 8;
DES_ecb3_encrypt(challenge, apdu.st.data + 4, &ks1, &ks2, &ks3, 0);
sw = send_data(card, apdu, 17, data, &recv_len, verbose);
}
if(sw == 0x9000) {
return true;
}
return false;
}
int send_data(SCARDHANDLE *card, APDU apdu, unsigned int send_len, unsigned char *data, unsigned long *recv_len, int verbose) { int send_data(SCARDHANDLE *card, APDU apdu, unsigned int send_len, unsigned char *data, unsigned long *recv_len, int verbose) {
long rc; long rc;
int sw; int sw;
@@ -234,5 +291,9 @@ int main(int argc, char *argv[]) {
return EXIT_FAILURE; return EXIT_FAILURE;
} }
if(authenticate(&card, key, args_info.verbose_flag) == false) {
return EXIT_FAILURE;
}
return EXIT_SUCCESS; return EXIT_SUCCESS;
} }