Wire Sysio Wire Sysion 1.0.0
Loading...
Searching...
No Matches
Macros | Functions
main.c File Reference
#include <ctype.h>
#include <errno.h>
#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <arpa/inet.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include "cmdline.h"
#include "parsing.h"
#include "util.h"
#include <yubihsm.h>
Include dependency graph for main.c:

Go to the source code of this file.

Macros

#define INPUT_BUFSIZE   4096
 
#define WRAPKEY_BUFSIZE   32
 
#define OBJECT_HEADER_SIZE   59
 

Functions

int main (int argc, char *argv[])
 

Macro Definition Documentation

◆ INPUT_BUFSIZE

#define INPUT_BUFSIZE   4096

Definition at line 41 of file main.c.

◆ OBJECT_HEADER_SIZE

#define OBJECT_HEADER_SIZE   59

Definition at line 44 of file main.c.

◆ WRAPKEY_BUFSIZE

#define WRAPKEY_BUFSIZE   32

Definition at line 42 of file main.c.

Function Documentation

◆ main()

int main ( int argc,
char * argv[] )

Definition at line 197 of file main.c.

197 {
198 struct gengetopt_args_info args_info;
199
200 int rc = EXIT_FAILURE;
201 yh_rc yhrc;
202
203 FILE *input_file = NULL;
204 FILE *output_file = NULL;
205 FILE *wrapkey_file = NULL;
206
207#pragma pack(push, 1)
208 union {
209 struct {
210 uint8_t header[OBJECT_HEADER_SIZE];
211 uint8_t body[INPUT_BUFSIZE];
212 };
213 uint8_t buf[1];
214 } wrap_object = {{{0}, {0}}};
215#pragma pack(pop)
216 size_t wrap_object_len = sizeof(wrap_object.body);
217
218 if (cmdline_parser(argc, argv, &args_info) != 0) {
219 goto main_exit;
220 }
221
222 yh_algorithm algorithm;
223 yhrc = yh_string_to_algo(args_info.algorithm_arg, &algorithm);
224 if (yhrc != YHR_SUCCESS) {
225 fprintf(stderr, "Unable to parse algorithm: %s\n", yh_strerror(yhrc));
226 goto main_exit;
227 }
228
229 yh_capabilities capabilities = {{0}};
230 yhrc = yh_string_to_capabilities(args_info.capabilities_arg, &capabilities);
231 if (yhrc != YHR_SUCCESS) {
232 fprintf(stderr, "Unable to parse capabilities: %s\n", yh_strerror(yhrc));
233 goto main_exit;
234 }
235
236 uint16_t domains;
237 yhrc = yh_string_to_domains(args_info.domains_arg, &domains);
238 if (yhrc != YHR_SUCCESS) {
239 fprintf(stderr, "Unable to parse domains: %s\n", yh_strerror(yhrc));
240 goto main_exit;
241 }
242
243 uint16_t id = args_info.id_arg;
244
245 uint8_t label[YH_OBJ_LABEL_LEN] = {0};
246 size_t label_len = strlen(args_info.label_arg);
247 if (label_len > YH_OBJ_LABEL_LEN) {
248 fprintf(stderr,
249 "Unable to parse label: label too long, maximum length is %d\n",
250 YH_OBJ_LABEL_LEN);
251 goto main_exit;
252 }
253 memcpy(label, args_info.label_arg, label_len);
254
255 yh_object_type type;
256 if (algo2type(algorithm, &type) == false) {
257 fprintf(stderr, "Invalid algorithm\n");
258 goto main_exit;
259 }
260
261 yh_capabilities delegated = {{0}};
262 bool has_delegated =
263 ((type == YH_AUTHENTICATION_KEY || type == YH_WRAP_KEY) ? true : false);
264 if (has_delegated == true) {
265 if (!args_info.delegated_given) {
266 fprintf(stderr, "Missing delegated capabilities argument\n");
267 goto main_exit;
268 }
269
270 yhrc = yh_string_to_capabilities(args_info.delegated_arg, &delegated);
271 if (yhrc != YHR_SUCCESS) {
272 fprintf(stderr, "Unable to parse delegated capabilities: %s\n",
273 yh_strerror(yhrc));
274 goto main_exit;
275 }
276 }
277
278 input_file = open_file(args_info.in_arg, true);
279 if (input_file == NULL) {
280 perror("Unable to open input file");
281 goto main_exit;
282 }
283
284 switch (type) {
285 case YH_AUTHENTICATION_KEY: {
286 char password[256] = {0};
287 size_t password_len = sizeof(password);
288
289 if (input_file == stdin) {
290 const char *prompt = "Derivation Password: ";
291 if (EVP_read_pw_string(password, password_len, prompt, 1)) {
292 fprintf(stderr, "Unable to read password prompt\n");
293 goto main_exit;
294 }
295 password_len = strlen(password);
296 } else {
297 if (read_file(input_file, (uint8_t *) password, &password_len) ==
298 false) {
299 fprintf(stderr, "Unable to read input file\n");
300 goto main_exit;
301 }
302 if (password[password_len - 1] == '\n') {
303 password_len--;
304 }
305 if (password[password_len - 1] == '\r') {
306 password_len--;
307 }
308 password[password_len] = '\0';
309 }
310
311 uint8_t key[YH_KEY_LEN * 2];
312 int ret =
313 PKCS5_PBKDF2_HMAC((const char *) password, password_len,
314 (uint8_t *) YH_DEFAULT_SALT, strlen(YH_DEFAULT_SALT),
315 YH_DEFAULT_ITERS, EVP_sha256(), sizeof(key), key);
316 if (ret != 1) {
317 fprintf(stderr, "Unable to derive keys\n");
318 goto main_exit;
319 }
320
321 memcpy(wrap_object.body, delegated.capabilities, YH_CAPABILITIES_LEN);
322 wrap_object_len -= YH_CAPABILITIES_LEN;
323
324 memcpy(wrap_object.body + YH_CAPABILITIES_LEN, key, YH_KEY_LEN);
325 memcpy(wrap_object.body + YH_CAPABILITIES_LEN + YH_KEY_LEN,
326 key + YH_KEY_LEN, YH_KEY_LEN);
327 wrap_object_len = YH_CAPABILITIES_LEN + YH_KEY_LEN * 2;
328 } break;
329
330 case YH_WRAP_KEY: {
331 memcpy(wrap_object.body, delegated.capabilities, YH_CAPABILITIES_LEN);
332 wrap_object_len -= YH_CAPABILITIES_LEN;
333
334 if (read_file(input_file, wrap_object.body + YH_CAPABILITIES_LEN,
335 &wrap_object_len) == false) {
336 fprintf(stderr, "Unable to read input file\n");
337 goto main_exit;
338 }
339 wrap_object_len += YH_CAPABILITIES_LEN;
340 } break;
341
342 case YH_ASYMMETRIC_KEY: {
343 yh_algorithm parsed_algorithm;
344 if (read_file(input_file, wrap_object.body, &wrap_object_len) == false) {
345 fprintf(stderr, "Unable to read input file\n");
346 goto main_exit;
347 }
348
349 if (read_private_key(wrap_object.body, wrap_object_len, &parsed_algorithm,
350 wrap_object.body, &wrap_object_len, true) != true) {
351 fprintf(stderr, "Unable to read asymmetric private key\n");
352 goto main_exit;
353 }
354
355 if (parsed_algorithm != algorithm) {
356 fprintf(stderr, "Mismatched algorithm\n");
357 goto main_exit;
358 }
359 } break;
360
361 case YH_HMAC_KEY: {
362 if (read_file(input_file, wrap_object.body, &wrap_object_len) == false) {
363 fprintf(stderr, "Unable to read input file\n");
364 goto main_exit;
365 }
366
367 if (split_hmac_key(algorithm, wrap_object.body, wrap_object_len,
368 wrap_object.body, &wrap_object_len) != true) {
369 fprintf(stderr, "Unable to format hmac key\n");
370 goto main_exit;
371 }
372 } break;
373
374 default:
375 if (read_file(input_file, wrap_object.body, &wrap_object_len) == false) {
376 fprintf(stderr, "Unable to read input file\n");
377 goto main_exit;
378 }
379 }
380
381 wrapkey_file = open_file(args_info.wrapkey_arg, true);
382 if (wrapkey_file == NULL) {
383 perror("Unable to open wrapkey file");
384 goto main_exit;
385 }
386
387 uint8_t wrapkey_buf[WRAPKEY_BUFSIZE];
388 size_t wrapkey_buf_len = sizeof(wrapkey_buf);
389 if (read_file(wrapkey_file, wrapkey_buf, &wrapkey_buf_len) == false) {
390 fprintf(stderr, "Unable to read wrapkey file\n");
391 }
392
393 yh_algorithm wrapkey_algorithm;
394 switch (wrapkey_buf_len) {
395 case 16:
396 wrapkey_algorithm = YH_ALGO_AES128_CCM_WRAP;
397 break;
398 case 24:
399 wrapkey_algorithm = YH_ALGO_AES192_CCM_WRAP;
400 break;
401 case 32:
402 wrapkey_algorithm = YH_ALGO_AES256_CCM_WRAP;
403 break;
404 default:
405 fprintf(stderr, "Unable to parse wrapkey: invalid length\n");
406 goto main_exit;
407 }
408
409 output_file = open_file(args_info.out_arg, false);
410 if (output_file == NULL) {
411 perror("Unable to open output file");
412 goto main_exit;
413 }
414
415 format_header(wrapkey_algorithm, capabilities, id, wrap_object_len, domains,
416 type, algorithm, label, wrap_object.header);
417
418 uint8_t wrapped[2048] = {0};
419 size_t wrapped_len = sizeof(wrapped);
420
421 if (wrap_data(wrapkey_buf, wrapkey_buf_len, wrap_object.buf,
422 OBJECT_HEADER_SIZE + wrap_object_len, wrapped,
423 &wrapped_len) == false) {
424 fprintf(stderr, "Unable to wrap data\n");
425 goto main_exit;
426 }
427
428 if (getenv("DEBUG") != NULL) {
429 dump_hex(wrap_object.buf, OBJECT_HEADER_SIZE + wrap_object_len);
430 }
431 if (write_file(wrapped, wrapped_len, output_file, _base64) == false ||
432 write_file((uint8_t *) "\n", 1, output_file, _binary) == false) {
433 fprintf(stderr, "Unable to write output file\n");
434 goto main_exit;
435 }
436
437 rc = EXIT_SUCCESS;
438
439main_exit:
440
441 cmdline_parser_free(&args_info);
442
443 if (input_file != NULL) {
444 fclose(input_file);
445 input_file = NULL;
446 }
447
448 if (output_file != NULL) {
449 fclose(output_file);
450 output_file = NULL;
451 }
452
453 if (wrapkey_file != NULL) {
454 fclose(wrapkey_file);
455 wrapkey_file = NULL;
456 }
457
458 return rc;
459}
password
const uint8_t password[]
Definition attest.c:39
argv
char ** argv
Definition hello_driver.cpp:52
yh_strerror
const char * yh_strerror(yh_rc err)
Definition error.c:65
dump_hex
void YH_INTERNAL dump_hex(FILE *file, const uint8_t *ptr, uint16_t len)
Definition lib_util.c:33
uint16_t
unsigned short uint16_t
Definition stdint.h:125
uint8_t
unsigned char uint8_t
Definition stdint.h:124
yh_capabilities
Capabilities representation.
Definition yubihsm.h:162
yh_capabilities::capabilities
uint8_t capabilities[YH_CAPABILITIES_LEN]
Capabilities is represented as an 8 byte uint8_t array.
Definition yubihsm.h:164
split_hmac_key
bool split_hmac_key(yh_algorithm algorithm, uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len)
Definition util.c:653
algo2type
bool algo2type(yh_algorithm algorithm, yh_object_type *type)
Definition util.c:374
read_file
bool read_file(FILE *fp, uint8_t *buf, size_t *buf_len)
Definition util.c:476
write_file
bool write_file(const uint8_t *buf, size_t buf_len, FILE *fp, format_t format)
Definition util.c:559
read_private_key
bool read_private_key(uint8_t *buf, size_t len, yh_algorithm *algo, uint8_t *bytes, size_t *bytes_len, bool internal_repr)
Definition util.c:116
OBJECT_HEADER_SIZE
#define OBJECT_HEADER_SIZE
Definition main.c:44
INPUT_BUFSIZE
#define INPUT_BUFSIZE
Definition main.c:41
WRAPKEY_BUFSIZE
#define WRAPKEY_BUFSIZE
Definition main.c:42
_base64
@ _base64
Definition util.h:28
_binary
@ _binary
Definition util.h:29
yh_string_to_domains
yh_rc yh_string_to_domains(const char *domains, uint16_t *result)
Definition yubihsm.c:4535
yh_string_to_capabilities
yh_rc yh_string_to_capabilities(const char *capability, yh_capabilities *result)
Definition yubihsm.c:4115
yh_string_to_algo
yh_rc yh_string_to_algo(const char *string, yh_algorithm *algo)
Definition yubihsm.c:4403
YH_DEFAULT_ITERS
#define YH_DEFAULT_ITERS
Number of iterations for PBKDF2 key derivation.
Definition yubihsm.h:117
type
yh_object_type type
Definition yubihsm.h:672
yh_object_type
yh_object_type
Definition yubihsm.h:359
YH_WRAP_KEY
@ YH_WRAP_KEY
Definition yubihsm.h:369
YH_HMAC_KEY
@ YH_HMAC_KEY
HMAC Key is a secret key used when computing and verifying HMAC signatures.
Definition yubihsm.h:371
YH_ASYMMETRIC_KEY
@ YH_ASYMMETRIC_KEY
Asymmetric Key is the private key of an asymmetric key-pair.
Definition yubihsm.h:366
YH_AUTHENTICATION_KEY
@ YH_AUTHENTICATION_KEY
Authentication Key is used to establish Sessions with a device.
Definition yubihsm.h:364
YH_OBJ_LABEL_LEN
#define YH_OBJ_LABEL_LEN
Max length of object labels.
Definition yubihsm.h:123
yh_algorithm
yh_algorithm
Definition yubihsm.h:390
YH_ALGO_AES256_CCM_WRAP
@ YH_ALGO_AES256_CCM_WRAP
aes256-ccm-wrap
Definition yubihsm.h:474
YH_ALGO_AES192_CCM_WRAP
@ YH_ALGO_AES192_CCM_WRAP
aes192-ccm-wrap
Definition yubihsm.h:472
YH_ALGO_AES128_CCM_WRAP
@ YH_ALGO_AES128_CCM_WRAP
aes128-ccm-wrap
Definition yubihsm.h:448
algorithm
yh_algorithm algorithm
Definition yubihsm.h:619
YH_DEFAULT_SALT
#define YH_DEFAULT_SALT
Salt to be used for PBKDF2 key derivation.
Definition yubihsm.h:115
YH_KEY_LEN
#define YH_KEY_LEN
Length of authentication keys.
Definition yubihsm.h:95
YH_CAPABILITIES_LEN
#define YH_CAPABILITIES_LEN
Length of capabilities array.
Definition yubihsm.h:119
yh_rc
yh_rc
Definition yubihsm.h:170
YHR_SUCCESS
@ YHR_SUCCESS
Returned value when function was successful.
Definition yubihsm.h:172
capabilities
yh_capabilities capabilities
Definition yubihsm_pkcs11.c:1305
label
char * label
Definition yubihsm_pkcs11.c:1883
ret
CK_RV ret
Definition yubihsm_pkcs11.c:973
domains
uint16_t domains
Definition yubihsm_pkcs11.c:1926
buf
uint8_t buf[2048]
Definition yubihsm_pkcs11.c:4770
rc
yh_rc rc
Definition yubihsm_pkcs11.c:1308
label_len
size_t label_len
Definition yubihsm_pkcs11.c:4938
memcpy
memcpy((char *) pInfo->slotDescription, s, l)
Here is the call graph for this function: