aboutsummaryrefslogtreecommitdiff
path: root/p11util.c
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2016-05-12 16:13:00 -0400
committerRob Austein <sra@hactrn.net>2016-05-12 16:13:00 -0400
commit63d3f7f29aecf00468025c05bc01723360d86e24 (patch)
tree101a993f35b099cd92e2285c18c1ceb7cd772ffe /p11util.c
parentfcacebf82d87c9dedf45aa130d383102aafc3e16 (diff)
p11util now uses libhal and doesn't need to touch SQL.
"p11util" is now something of a misnomer, since there's no longer anything about it that's specific to PKCS #11. Probably should become a libhal utility program, eventually.
Diffstat (limited to 'p11util.c')
-rw-r--r--p11util.c160
1 files changed, 57 insertions, 103 deletions
diff --git a/p11util.c b/p11util.c
index a08cb14..606e40c 100644
--- a/p11util.c
+++ b/p11util.c
@@ -47,7 +47,7 @@
#include <hal.h>
-#include "sql_common.h"
+#include "p11_common.h"
/*
* Apparently the cool kids don't use getpassword() anymore, and there
@@ -114,7 +114,7 @@ static int getpin_tty(const char *prompt,
OPT_FLG('h', "help", "show help") \
OPT_FLG('s', "set-so-pin", "set Security Officer PIN") \
OPT_FLG('u', "set-user-pin", "set \"user\" PIN") \
- OPT_ARG('i', "set-iterations", "set PBKDF2 iteration count") \
+ OPT_FLG('w', "set-wheel-pin", "set \"wheel\" PIN") \
OPT_FLG('p', "pin-from-stdin", "read PIN from stdin instead of /dev/tty") \
OPT_END
@@ -139,11 +139,9 @@ static void usage(const int code, const char *jane)
static void parse_args(int argc, char *argv[],
int *do_set_so_pin,
int *do_set_user_pin,
- int *do_set_iterations,
- int *read_from_stdin,
- unsigned long *iterations)
+ int *do_set_wheel_pin,
+ int *read_from_stdin)
{
- char *endptr;
int c;
#define OPT_FLG(_short_, _long_, _help_) _short_,
@@ -158,9 +156,7 @@ static void parse_args(int argc, char *argv[],
#undef OPT_ARG
#undef OPT_FLG
- assert(argv != 0 &&
- do_set_so_pin != 0 && do_set_user_pin != 0 && do_set_iterations != NULL &&
- read_from_stdin != NULL && iterations != NULL);
+ assert(argv && do_set_so_pin && do_set_user_pin && do_set_wheel_pin && read_from_stdin);
opterr = 0;
if (argc == 1)
@@ -172,13 +168,6 @@ static void parse_args(int argc, char *argv[],
case 'h':
usage(0, argv[0]);
- case 'i':
- *do_set_iterations = 1;
- *iterations = strtoul(optarg, &endptr, 0);
- if (*optarg == '\0' || *endptr != '\0')
- usage(1, argv[0]);
- continue;
-
case 'p':
*read_from_stdin = 1;
continue;
@@ -191,6 +180,10 @@ static void parse_args(int argc, char *argv[],
*do_set_user_pin = 1;
continue;
+ case 'w':
+ *do_set_wheel_pin = 1;
+ continue;
+
default:
usage(1, argv[0]);
}
@@ -202,47 +195,31 @@ static void parse_args(int argc, char *argv[],
-#define lose(_msg_) \
- do { \
- fprintf(stderr, "%s\n", _msg_); \
- goto fail; \
- } while (0)
-
-static int set_iterations(unsigned long iterations)
+static int set_pin(const hal_user_t user, const int read_from_stdin)
{
- static const char update_query[] =
- " UPDATE global SET pbkdf2_iterations = ?";
+ const char *prompt = NULL, *label = NULL;
+ char pin[P11_MAX_PIN_LENGTH + 1], *p;
- sqlite3_stmt *q = NULL;
- int ok = 0;
+ switch (user) {
- if (!sql_check_ok(sql_prepare(&q, update_query)) ||
- !sql_check_ok(sqlite3_bind_int64(q, 1, iterations)) ||
- !sql_check_done(sqlite3_step(q)))
- lose("Couldn't update database");
+ case HAL_USER_NORMAL:
+ prompt = "Enter user PIN: ";
+ label = "user";
+ break;
- ok = 1;
+ case HAL_USER_SO:
+ prompt = "Enter SO PIN: ";
+ label = "SO";
+ break;
- fail:
- sqlite3_finalize(q);
- return ok;
-}
+ case HAL_USER_WHEEL:
+ prompt = "Enter wheel PIN: ";
+ label = "wheel";
+ break;
-static int set_pin(const char * const pin_type, const int read_from_stdin)
-{
- static const char iterations_query[] =
- " SELECT pbkdf2_iterations FROM global";
-
- static const char update_format[] =
- " UPDATE global SET %s_pin = ?1, %s_pin_salt = ?2";
-
- /* Allow user to change these lengths? */
- uint8_t pinbuf[32], salt[16];
-
- char pin[P11_MAX_PIN_LENGTH + 1], *p;
- sqlite3_stmt *q = NULL;
- hal_error_t err;
- int ok = 0;
+ default:
+ return 0;
+ }
if (read_from_stdin) {
if (fgets(pin, sizeof(pin), stdin) == NULL) {
@@ -254,8 +231,6 @@ static int set_pin(const char * const pin_type, const int read_from_stdin)
}
else {
- char prompt[sizeof("Enter user PIN: ")];
- snprintf(prompt, sizeof(prompt), "Enter %s PIN: ", pin_type);
if (!getpin_tty(prompt, pin, sizeof(pin)))
return 0;
}
@@ -263,73 +238,52 @@ static int set_pin(const char * const pin_type, const int read_from_stdin)
const size_t len = strlen(pin);
if (len < P11_MIN_PIN_LENGTH || len > P11_MAX_PIN_LENGTH) {
- fprintf(stderr, "Unacceptable length %lu for %s PIN, allowd range [%lu, %lu]\n",
- (unsigned long) len, pin_type,
- (unsigned long) P11_MIN_PIN_LENGTH, (unsigned long) P11_MAX_PIN_LENGTH);
+ fprintf(stderr, "Unacceptable length %lu for %s PIN, allowed range [%lu, %lu]\n",
+ (unsigned long) len, label,
+ (unsigned long) P11_MIN_PIN_LENGTH,
+ (unsigned long) P11_MAX_PIN_LENGTH);
+ memset(pin, 0, sizeof(pin));
return 0;
}
- if (!sql_check_ok(sql_prepare(&q, iterations_query)) ||
- !sql_check_row(sqlite3_step(q)) ||
- sqlite3_column_type(q, 0) == SQLITE_NULL)
- lose("Couldn't retrieve PBKDF2 iteration count from SQL");
+ const hal_client_handle_t client = {HAL_HANDLE_NONE};
- if ((err = hal_get_random(NULL, salt, sizeof(salt))) != HAL_OK) {
- fprintf(stderr, "Couldn't generate salt: %s\n", hal_error_string(err));
- goto fail;
- }
+ const hal_error_t err = hal_rpc_set_pin(client, user, pin, len);
- if ((err = hal_pbkdf2(NULL, hal_hash_sha256, (uint8_t *) pin, len, salt, sizeof(salt),
- pinbuf, sizeof(pinbuf), sqlite3_column_int(q, 0))) != HAL_OK) {
- fprintf(stderr, "Couldn't process new PIN: %s\n", hal_error_string(err));
- goto fail;
+ if (err != HAL_OK) {
+ fprintf(stderr, "Couldn't set %s PIN: %s\n", label, hal_error_string(err));
+ memset(pin, 0, sizeof(pin));
+ return 0;
}
- if (!sql_check_ok(sql_finalize_and_clear(&q)) ||
- !sql_check_ok(sql_prepare(&q, update_format, pin_type, pin_type)) ||
- !sql_check_ok(sqlite3_bind_blob(q, 1, pinbuf, sizeof(pinbuf), NULL)) ||
- !sql_check_ok(sqlite3_bind_blob(q, 2, salt, sizeof(salt), NULL)) ||
- !sql_check_done(sqlite3_step(q)))
- lose("Couldn't update database");
-
- ok = 1;
-
- fail:
- sqlite3_finalize(q);
memset(pin, 0, sizeof(pin));
- memset(pinbuf, 0, sizeof(pinbuf));
- memset(salt, 0, sizeof(salt));
- return ok;
+ return 1;
}
+
+
int main(int argc, char *argv[])
{
- int do_set_so_pin = 0, do_set_user_pin = 0, do_set_iterations = 0, read_from_stdin = 0;
- unsigned long iterations;
- int ok = 0;
-
- parse_args(argc, argv, &do_set_so_pin, &do_set_user_pin, &do_set_iterations, &read_from_stdin, &iterations);
-
- if (!sql_init() || !sql_exec("BEGIN"))
- lose("Couldn't initialize SQL, giving up");
-
- if (do_set_iterations && !set_iterations(iterations))
- lose("Couldn't set PBKDF2 iteration count");
+ int do_set_so_pin = 0, do_set_user_pin = 0, do_set_wheel_pin = 0, read_from_stdin = 0;
- if (do_set_so_pin && !set_pin("so", read_from_stdin))
- lose("Couldn't set SO PIN");
+ parse_args(argc, argv, &do_set_so_pin, &do_set_user_pin, &do_set_wheel_pin, &read_from_stdin);
- if (do_set_user_pin && !set_pin("user", read_from_stdin))
- lose("Couldn't set user PIN");
+ if (do_set_wheel_pin && !set_pin(HAL_USER_WHEEL, read_from_stdin)) {
+ fprintf(stderr, "Couldn't set wheel PIN\n");
+ return 1;
+ }
- if (!sql_exec("COMMIT"))
- lose("Couldn't commit SQL transaction");
+ if (do_set_so_pin && !set_pin(HAL_USER_SO, read_from_stdin)) {
+ fprintf(stderr, "Couldn't set SO PIN\n");
+ return 2;
+ }
- ok = 1;
+ if (do_set_user_pin && !set_pin(HAL_USER_NORMAL, read_from_stdin)) {
+ fprintf(stderr, "Couldn't set user PIN\n");
+ return 3;
+ }
- fail:
- sql_fini();
- return !ok;
+ return 0;
}
/*
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 11:10:16 +0000