14 static struct _auth_chunk
15 token_key(const unsigned char *challenge, const int challengesize)
17 struct _auth_chunk ho = {0};
19 int keysize = sizeof(ho.data);
21 if ((rc = pcsc_cr(challenge, challengesize, ho.data, &keysize))) {
22 ho.err = pcsc_errstr(rc);
27 static char *mynonce = NULL;
29 static void update_nonce(char *nonce, const int nonsize)
32 snprintf(nonce, nonsize, "%s", mynonce);
36 sscanf(nonce, "%d", &n);
37 snprintf(nonce, nonsize, "%d", n+1);
41 static void usage(const char * const cmd)
44 "usage: %s [options] [username]\n"
45 " -h - show this help and exit\n"
46 " -o backend-option - token option \"backend:key=val\"\n"
47 " -f template - template for auth state filepath\n"
48 " -a secret | -A file-with-secret | -A -\n"
49 " - 40-character hexadecimal secret\n"
50 " -s token-serial - public I.D. of the token\n"
51 " -n nonce - initial nonce\n"
52 " -l payload - keyring unlock password\n"
53 " -p password - login password\n"
54 " -v - show returned data\n"
58 int main(int argc, char *argv[])
66 unsigned char bsecret[20];
67 unsigned char *secret = NULL;
70 char *userid = getlogin();
74 while ((c = getopt(argc, argv, "ho:f:a:A:s:n:l:p:v")) != -1)
80 if (pcsc_option(optarg)) {
81 fprintf(stderr, "Option \"%s\" bad", optarg);
86 authfile_template(optarg);
92 fprintf(stderr, "-a and -A are mutually exclusive");
100 fprintf(stderr, "-A and -a are mutually exclusive");
123 if (optind == (argc - 1)) {
124 userid = argv[optind];
127 if (optind != argc) {
132 fprintf(stderr, "cannot determine userid");
139 if (!strcmp(secfn, "-")) sfp = stdin;
140 else sfp = fopen(secfn, "r");
142 fprintf(stderr, "cannot open \"%s\": %s",
143 secfn, strerror(errno));
146 if (!fgets(secbuf, sizeof(secbuf), sfp)) {
147 fprintf(stderr, "cannot read \"%s\": %s",
148 secfn, strerror(errno));
151 for (p = secbuf + strlen(secbuf) - 1;
152 *p == '\n' || *p == '\r'; p--) *p = '\n';
158 if (strlen(hsecret) != 40) {
160 "secret wrong, must be exactly 40 chars\n");
163 if (strspn(hsecret, "0123456789abcdefABCDEF") != 40) {
165 "secret wrong, must be hexadecimal string\n");
168 for (i = 0; i < 20; i++)
169 sscanf(hsecret + i * 2, "%2hhx", &bsecret[i]);
172 ao = authfile(tokenid, userid, password, update_nonce,
173 secret, secret ? sizeof(bsecret) : 0,
174 (unsigned char *)payload, payload ? strlen(payload) : 0,
176 memset(bsecret, 0, sizeof(bsecret));
178 fprintf(stderr, "%s\n", ao.err);
180 } else if (verbose) {
181 printf("userid : \"%.*s\"\n", ao.datasize, ao.data);
182 printf("payload: \"%.*s\"\n", ao.paylsize, ao.payload);
184 if (ao.buffer) free(ao.buffer);