move authenticate to library as ykpiv_authenticate()

This commit is contained in:
Klas Lindfors
2014-06-17 09:33:46 +02:00
parent 6dcb6798e6
commit cb60c782f5
5 changed files with 96 additions and 84 deletions
+1 -84
View File
@@ -90,89 +90,6 @@ static bool sign_data(ykpiv_state*, unsigned char*, int, unsigned char, unsigned
ASN1_BIT_STRING*);
static int get_object_id(enum enum_slot slot);
static bool authenticate(ykpiv_state *state, unsigned const char *key) {
APDU apdu;
unsigned char data[0xff];
DES_cblock challenge;
unsigned long recv_len = sizeof(data);
int sw;
DES_key_schedule ks1, ks2, ks3;
/* set up our key */
{
const_DES_cblock key_tmp;
memcpy(key_tmp, key, 8);
DES_set_key_unchecked(&key_tmp, &ks1);
memcpy(key_tmp, key + 8, 8);
DES_set_key_unchecked(&key_tmp, &ks2);
memcpy(key_tmp, key + 16, 8);
DES_set_key_unchecked(&key_tmp, &ks3);
}
/* get a challenge from the card */
{
memset(apdu.raw, 0, sizeof(apdu));
apdu.st.ins = 0x87;
apdu.st.p1 = 0x03; /* triple des */
apdu.st.p2 = 0x9b; /* management key */
apdu.st.lc = 0x04;
apdu.st.data[0] = 0x7c;
apdu.st.data[1] = 0x02;
apdu.st.data[2] = 0x80;
if(ykpiv_send_data(state, apdu.raw, data, &recv_len, &sw) != YKPIV_OK) {
return false;
} else if(sw != 0x9000) {
return false;
}
memcpy(challenge, data + 4, 8);
}
/* send a response to the cards challenge and a challenge of our own. */
{
unsigned char *dataptr = apdu.st.data;
DES_cblock response;
DES_ecb3_encrypt(&challenge, &response, &ks1, &ks2, &ks3, 0);
recv_len = 0xff;
memset(apdu.raw, 0, sizeof(apdu));
apdu.st.ins = 0x87;
apdu.st.p1 = 0x03; /* triple des */
apdu.st.p2 = 0x9b; /* management key */
*dataptr++ = 0x7c;
*dataptr++ = 20; /* 2 + 8 + 2 +8 */
*dataptr++ = 0x80;
*dataptr++ = 8;
memcpy(dataptr, response, 8);
dataptr += 8;
*dataptr++ = 0x81;
*dataptr++ = 8;
if(RAND_pseudo_bytes(dataptr, 8) == -1) {
fprintf(stderr, "Failed getting randomness for authentication.\n");
return false;
}
memcpy(challenge, dataptr, 8);
dataptr += 8;
apdu.st.lc = dataptr - apdu.st.data;
if(ykpiv_send_data(state, apdu.raw, data, &recv_len, &sw) != YKPIV_OK) {
return false;
} else if(sw != 0x9000) {
return false;
}
}
/* compare the response from the card with our challenge */
{
DES_cblock response;
DES_ecb3_encrypt(&challenge, &response, &ks1, &ks2, &ks3, 1);
if(memcmp(response, data + 4, 8) == 0) {
return true;
} else {
return false;
}
}
}
static void print_version(ykpiv_state *state) {
APDU apdu;
unsigned char data[0xff];
@@ -1288,7 +1205,7 @@ int main(int argc, char *argv[]) {
return EXIT_FAILURE;
}
if(authenticate(state, key) == false) {
if(ykpiv_authenticate(state, key) != YKPIV_OK) {
fprintf(stderr, "Failed authentication with the applet.\n");
return EXIT_FAILURE;
}