2 Copyright (c) 2013 Eugene Crosser
4 This software is provided 'as-is', without any express or implied
5 warranty. In no event will the authors be held liable for any damages
6 arising from the use of this software.
8 Permission is granted to anyone to use this software for any purpose,
9 including commercial applications, and to alter it and redistribute it
10 freely, subject to the following restrictions:
12 1. The origin of this software must not be misrepresented; you must
13 not claim that you wrote the original software. If you use this
14 software in a product, an acknowledgment in the product documentation
15 would be appreciated but is not required.
17 2. Altered source versions must be plainly marked as such, and must
18 not be misrepresented as being the original software.
20 3. This notice may not be removed or altered from any source
37 static struct _auth_chunk
38 token_key(const unsigned char *challenge, const int challengesize)
40 struct _auth_chunk ho = {0};
42 int keysize = sizeof(ho.data);
44 if ((rc = pcsc_cr(challenge, challengesize, ho.data, &keysize))) {
45 ho.err = pcsc_errstr(rc);
50 static char *mynonce = NULL;
52 static void update_nonce(char *nonce, const int nonsize)
55 snprintf(nonce, nonsize, "%s", mynonce);
59 sscanf(nonce, "%d", &n);
60 snprintf(nonce, nonsize, "%d", n+1);
64 static void usage(const char * const cmd)
67 "usage: %s [options] [username]\n"
68 " -h - show this help and exit\n"
69 " -o backend-option - token option \"backend:key=val\"\n"
70 " -f template - template for auth state filepath\n"
71 " -a secret | -A file-with-secret | -A -\n"
72 " - 40-character hexadecimal secret\n"
73 " -s token-serial - public I.D. of the token\n"
74 " -n nonce - initial nonce\n"
75 " -l payload - keyring unlock password\n"
76 " -p password - login password\n"
77 " -v - show returned data\n"
81 int main(int argc, char *argv[])
89 unsigned char bsecret[20];
90 unsigned char *secret = NULL;
93 char *userid = getlogin();
97 while ((c = getopt(argc, argv, "ho:f:a:A:s:n:l:p:v")) != -1)
103 if (pcsc_option(optarg)) {
104 fprintf(stderr, "Option \"%s\" bad", optarg);
109 authfile_template(optarg);
115 fprintf(stderr, "-a and -A are mutually exclusive");
123 fprintf(stderr, "-A and -a are mutually exclusive");
146 if (optind == (argc - 1)) {
147 userid = argv[optind];
150 if (optind != argc) {
155 fprintf(stderr, "cannot determine userid");
162 if (!strcmp(secfn, "-")) sfp = stdin;
163 else sfp = fopen(secfn, "r");
165 fprintf(stderr, "cannot open \"%s\": %s",
166 secfn, strerror(errno));
169 if (!fgets(secbuf, sizeof(secbuf), sfp)) {
170 fprintf(stderr, "cannot read \"%s\": %s",
171 secfn, strerror(errno));
174 for (p = secbuf + strlen(secbuf) - 1;
175 *p == '\n' || *p == '\r'; p--) *p = '\n';
181 if (strlen(hsecret) != 40) {
183 "secret wrong, must be exactly 40 chars\n");
186 if (strspn(hsecret, "0123456789abcdefABCDEF") != 40) {
188 "secret wrong, must be hexadecimal string\n");
191 for (i = 0; i < 20; i++)
192 sscanf(hsecret + i * 2, "%2hhx", &bsecret[i]);
195 ao = authfile(tokenid, userid, password, update_nonce,
196 secret, secret ? sizeof(bsecret) : 0,
197 (unsigned char *)payload, payload ? strlen(payload) : 0,
199 memset(bsecret, 0, sizeof(bsecret));
201 fprintf(stderr, "%s\n", ao.err);
203 } else if (verbose) {
204 printf("userid : \"%.*s\"\n", ao.datasize, ao.data);
205 printf("payload: \"%.*s\"\n", ao.paylsize, ao.payload);
207 if (ao.buffer) free(ao.buffer);