summaryrefslogtreecommitdiff
path: root/usr.bin/sectok
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2010-10-17 08:43:21 +0000
committerDamien Miller <djm@cvs.openbsd.org>2010-10-17 08:43:21 +0000
commit73dde0a601d4701a93949ab939e297d2f73a8529 (patch)
tree7e31999677ad7f180338c0a78d75144f8fafbb42 /usr.bin/sectok
parent82cd3476882e6ddd3a00618bd8d73c71acce7477 (diff)
remove sectok(1); it hasn't been updated in years and doesn't work
with the current generation of tokens; ok markus@ deraadt@
Diffstat (limited to 'usr.bin/sectok')
-rw-r--r--usr.bin/sectok/Makefile10
-rw-r--r--usr.bin/sectok/cmds.c609
-rw-r--r--usr.bin/sectok/cyberflex.c1095
-rw-r--r--usr.bin/sectok/main.c156
-rw-r--r--usr.bin/sectok/sc.h72
-rw-r--r--usr.bin/sectok/sectok.1275
6 files changed, 0 insertions, 2217 deletions
diff --git a/usr.bin/sectok/Makefile b/usr.bin/sectok/Makefile
deleted file mode 100644
index 08d0e648d85..00000000000
--- a/usr.bin/sectok/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
-# $OpenBSD: Makefile,v 1.4 2010/10/15 10:18:42 jsg Exp $
-
-PROG= sectok
-SRCS= main.c cmds.c cyberflex.c
-DPADD= ${LIBSECTOK} ${LIBCRYPTO}
-LDADD= -lsectok -lcrypto
-
-CFLAGS+=-Wall
-
-.include <bsd.prog.mk>
diff --git a/usr.bin/sectok/cmds.c b/usr.bin/sectok/cmds.c
deleted file mode 100644
index fd3e709c22b..00000000000
--- a/usr.bin/sectok/cmds.c
+++ /dev/null
@@ -1,609 +0,0 @@
-/* $OpenBSD: cmds.c,v 1.21 2003/04/04 00:42:34 deraadt Exp $ */
-
-/*
- * Smartcard commander.
- * Written by Jim Rees and others at University of Michigan.
- */
-
-/*
- * copyright 2001
- * the regents of the university of michigan
- * all rights reserved
- *
- * permission is granted to use, copy, create derivative works
- * and redistribute this software and such derivative works
- * for any purpose, so long as the name of the university of
- * michigan is not used in any advertising or publicity
- * pertaining to the use or distribution of this software
- * without specific, written prior authorization. if the
- * above copyright notice or any other identification of the
- * university of michigan is included in any copy of any
- * portion of this software, then the disclaimer below must
- * also be included.
- *
- * this software is provided as is, without representation
- * from the university of michigan as to its fitness for any
- * purpose, and without warranty by the university of
- * michigan of any kind, either express or implied, including
- * without limitation the implied warranties of
- * merchantability and fitness for a particular purpose. the
- * regents of the university of michigan shall not be liable
- * for any damages, including special, indirect, incidental, or
- * consequential damages, with respect to any claim arising
- * out of or in connection with the use of the software, even
- * if it has been or is hereafter advised of the possibility of
- * such damages.
- */
-
-#ifdef __palmos__
-#pragma pack(2)
-#include <Common.h>
-#include <System/SysAll.h>
-#include <UI/UIAll.h>
-#include <System/Unix/sys_types.h>
-#include <System/Unix/unix_stdio.h>
-#include <System/Unix/unix_stdlib.h>
-#include <System/Unix/unix_string.h>
-#include <string.h>
-#include "getopt.h"
-#include "sectok.h"
-#include "field.h"
-#else
-#include <unistd.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <signal.h>
-#include <string.h>
-#include <sectok.h>
-#endif
-
-#include "sc.h"
-
-#define MAXFILELEN 0xffff
-#define CARDIOSIZE 200
-
-struct dispatchtable dispatch_table[] = {
- /* Non-card commands */
- { "help", "[command]", help },
- { "?", "[command]", help },
- { "reset", "[-1234ivf]", reset },
- { "open", "[-1234ivf]", reset },
- { "close", "", dclose },
- { "quit", "", quit },
-
- /* 7816-4 commands */
- { "apdu", "[-c class] ins p1 p2 p3 data ...", apdu },
- { "fid", "[-v] fid/aid", selfid },
- { "isearch", "", isearch },
- { "csearch", "", csearch },
- { "class", "[class]", class },
- { "read", "[-x] [filesize]", dread },
- { "write", "input-filename", dwrite },
- { "challenge", "[size]", challenge },
- { "pin", "[-k keyno] [PIN]", vfypin },
-#ifndef __palmos__
- { "chpin", "[-k keyno]", chpin },
-#endif
-
- /* Cyberflex commands */
- { "ls", "[-l]", ls },
- { "acl", "[-x] fid [principal: r1 r2 ...]", acl },
- { "create", "fid size", jcreate },
- { "delete", "fid", jdelete },
- { "jdefault", "[-d]", jdefault },
- { "jatr", "", jatr },
- { "jdata", "", jdata },
- { "login", "[-d] [-k keyno] [-v] [-x hex-aut0]", jlogin },
-#ifndef __palmos__
- { "jaut", "", jaut },
- { "jload", "[-p progID] [-c contID] [-s cont_size] [-i inst_size] [-a aid] [-v] filename", jload },
-#endif
- { "junload", "[-p progID] [-c contID]", junload },
-#ifndef __palmos__
- { "setpass", "[-d] [-x hex-aut0]", jsetpass },
-#endif
- { NULL, NULL, NULL }
-};
-
-int curlen;
-
-int
-dispatch(int argc, char *argv[])
-{
- int i;
-
- if (argc < 1)
- return 0;
-
- for (i = 0; dispatch_table[i].cmd; i++) {
- if (!strncmp(argv[0], dispatch_table[i].cmd, strlen(argv[0]))) {
- (dispatch_table[i].action) (argc, argv);
- break;
- }
- }
- if (!dispatch_table[i].cmd) {
- printf("unknown command \"%s\"\n", argv[0]);
- return -1;
- }
- return 0;
-}
-
-int
-help(int argc, char *argv[])
-{
- int i, j;
-
- if (argc < 2) {
- for (i = 0; dispatch_table[i].cmd; i++)
- printf("%s\n", dispatch_table[i].cmd);
- } else {
- for (j = 1; j < argc; j++) {
- for (i = 0; dispatch_table[i].cmd; i++)
- if (!strncmp(argv[j], dispatch_table[i].cmd,
- strlen(argv[j])))
- break;
- if (dispatch_table[i].help)
- printf("%s %s\n", dispatch_table[i].cmd,
- dispatch_table[i].help);
- else
- printf("no help on \"%s\"\n", argv[j]);
- }
- }
-
- return 0;
-}
-
-int
-reset(int argc, char *argv[])
-{
- int i, n, oflags = 0, rflags = 0, vflag = 0, sw;
- unsigned char atr[34];
- struct scparam param;
-
- optind = optreset = 1;
-
- while ((i = getopt(argc, argv, "0123ivf")) != -1) {
- switch (i) {
- case '0':
- case '1':
- case '2':
- case '3':
- port = i - '0';
- break;
- case 'i':
- oflags |= STONOWAIT;
- break;
- case 'v':
- vflag = 1;
- break;
- case 'f':
- rflags |= STRFORCE;
- break;
- }
- }
-
- if (fd < 0) {
- fd = sectok_open(port, oflags, &sw);
- if (fd < 0) {
- sectok_print_sw(sw);
- return -1;
- }
- }
- aut0_vfyd = 0;
-
- n = sectok_reset(fd, rflags, atr, &sw);
- if (vflag) {
-#ifdef __palmos__
- hidefield(printfield->id);
- sectok_parse_atr(fd, STRV, atr, n, &param);
- showfield(printfield->id);
-#else
- sectok_parse_atr(fd, STRV, atr, n, &param);
-#endif
- }
- if (!sectok_swOK(sw)) {
- printf("sectok_reset: %s\n", sectok_get_sw(sw));
- dclose(0, NULL);
- return -1;
- }
- return 0;
-}
-
-int
-dclose(int argc, char *argv[])
-{
- if (fd >= 0) {
- sectok_close(fd);
- fd = -1;
- }
- return 0;
-}
-
-int
-quit(int argc, char *argv[])
-{
- dclose(0, NULL);
-#ifndef __palmos__
- exit(0);
-#else
- return -1;
-#endif
-}
-
-int
-apdu(int argc, char *argv[])
-{
- int i, ilen, olen, n, ins, xcl = cla, p1, p2, p3, sw;
- unsigned char ibuf[256], obuf[256], *bp;
-
- optind = optreset = 1;
-
- while ((i = getopt(argc, argv, "c:")) != -1) {
- switch (i) {
- case 'c':
- sscanf(optarg, "%x", &xcl);
- break;
- }
- }
-
- if (argc - optind < 4) {
- printf("usage: apdu [-c class] ins p1 p2 p3 data ...\n");
- return -1;
- }
- sscanf(argv[optind++], "%x", &ins);
- sscanf(argv[optind++], "%x", &p1);
- sscanf(argv[optind++], "%x", &p2);
- sscanf(argv[optind++], "%x", &p3);
-
- for (bp = ibuf, i = optind, ilen = 0; i < argc; i++) {
- sscanf(argv[i], "%x", &n);
- if (bp == &ibuf[sizeof ibuf-1]) {
- printf("truncation\n");
- break;
- }
- *bp++ = n;
- ilen++;
- }
-
- if (fd < 0 && reset(0, NULL) < 0)
- return -1;
-
- olen = (p3 && !ilen) ? p3 : sizeof obuf;
-
- n = sectok_apdu(fd, xcl, ins, p1, p2, ilen, ibuf, olen, obuf, &sw);
-
- sectok_dump_reply(obuf, n, sw);
-
- return 0;
-}
-
-int
-selfid(int argc, char *argv[])
-{
- unsigned char fid[16], obuf[256];
- char *fname;
- int i, n, sel, fidlen, vflag = 0, sw;
-
- optind = optreset = 1;
-
- while ((i = getopt(argc, argv, "v")) != -1) {
- switch (i) {
- case 'v':
- vflag = 1;
- break;
- }
- }
-
- if (argc - optind == 0) {
- /* No fid/aid given; select null aid (default loader for
- * Cyberflex) */
- sel = 4;
- fidlen = 0;
- } else {
- fname = argv[optind++];
- if (!strcmp(fname, "..")) {
- /* Special case ".." means parent */
- sel = 3;
- fidlen = 0;
- } else
- if (strlen(fname) < 5) {
- /* fid */
- sel = 0;
- fidlen = 2;
- sectok_parse_fname(fname, fid);
- } else {
- /* aid */
- sel = 4;
- fidlen = sectok_parse_input(fname, fid, sizeof fid);
- if (fname[0] == '#') {
- /* Prepend 0xfc to the aid to make it
- * a "proprietary aid". */
- fid[0] = 0xfc;
- }
- }
- }
-
- if (fd < 0 && reset(0, NULL) < 0)
- return -1;
-
- n = sectok_apdu(fd, cla, 0xa4, sel, 0, fidlen, fid, 256, obuf, &sw);
- if (!sectok_swOK(sw)) {
- printf("Select %02x%02x: %s\n", fid[0], fid[1], sectok_get_sw(sw));
- return -1;
- }
- if (vflag && !n && sectok_r1(sw) == 0x61 && sectok_r2(sw)) {
- /* The card has out data but we must explicitly ask for it */
- n = sectok_apdu(fd, cla, 0xc0, 0, 0, 0, NULL, sectok_r2(sw), obuf, &sw);
- }
- if (n >= 4) {
- /* Some cards put the file length here. No guarantees. */
- curlen = (obuf[2] << 8) | obuf[3];
- }
- if (vflag)
- sectok_dump_reply(obuf, n, sw);
-
- return 0;
-}
-
-int
-isearch(int argc, char *argv[])
-{
- int i, r1, sw;
-
- if (fd < 0 && reset(0, NULL) < 0)
- return -1;
-
- /* find instructions */
- for (i = 0; i < 0xff; i += 2) {
- sectok_apdu(fd, cla, i, 0, 0, 0, NULL, 0, NULL, &sw);
- r1 = sectok_r1(sw);
- if (r1 != 0x06 && r1 != 0x6d && r1 != 0x6e)
- printf("%02x %s %s\n", i, sectok_get_ins(i),
- sectok_get_sw(sw));
- }
- return 0;
-}
-
-int
-csearch(int argc, char *argv[])
-{
- int i, r1, sw;
-
- if (fd < 0 && reset(0, NULL) < 0)
- return -1;
-
- /* find app classes */
- for (i = 0; i <= 0xff; i++) {
- sectok_apdu(fd, i, 0xa4, 0, 0, 2, root_fid, 0, NULL, &sw);
- r1 = sectok_r1(sw);
- if (r1 != 0x06 && r1 != 0x6d && r1 != 0x6e)
- printf("%02x %s\n", i, sectok_get_sw(sw));
- }
- return 0;
-}
-
-int
-class(int argc, char *argv[])
-{
- if (argc > 1)
- sscanf(argv[1], "%x", &cla);
- else
- printf("Class %02x\n", cla);
- return 0;
-}
-
-int
-dread(int argc, char *argv[])
-{
- int i, n, col = 0, fsize, xflag = 0, sw;
- unsigned int p3;
- unsigned char buf[CARDIOSIZE + 1];
-
- optind = optreset = 1;
-
- while ((i = getopt(argc, argv, "x")) != -1) {
- switch (i) {
- case 'x':
- xflag = 1;
- break;
- }
- }
-
- if (argc - optind < 1)
- fsize = curlen;
- else
- sscanf(argv[optind++], "%d", &fsize);
-
- if (!fsize) {
- printf("please specify filesize\n");
- return -1;
- }
- if (fd < 0 && reset(0, NULL) < 0)
- return -1;
-
- for (p3 = 0; fsize && p3 < MAXFILELEN; p3 += n) {
- n = (fsize < CARDIOSIZE) ? fsize : CARDIOSIZE;
- n = sectok_apdu(fd, cla, 0xb0, p3 >> 8, p3 & 0xff, 0,
- NULL, n, buf, &sw);
- if (!sectok_swOK(sw)) {
- printf("ReadBinary: %s\n", sectok_get_sw(sw));
- break;
- }
-#ifdef __palmos__
- if (xflag) {
- hidefield(printfield->id);
- for (i = 0; i < n; i++) {
- printf("%02x ", buf[i]);
- if (col++ % 12 == 11)
- printf("\n");
- }
- showfield(printfield->id);
- } else {
- buf[n] = '\0';
- printf("%s", buf);
- }
-#else
- if (xflag) {
- for (i = 0; i < n; i++) {
- printf("%02x ", buf[i]);
- if (col++ % 16 == 15)
- printf("\n");
- }
- } else
- fwrite(buf, 1, n, stdout);
-#endif
- fsize -= n;
- }
-
- if (xflag && col % 16 != 0)
- printf("\n");
-
- return 0;
-}
-
-#ifndef __palmos__
-int
-dwrite(int argc, char *argv[])
-{
- int n, p3, sw;
- FILE *f;
- unsigned char buf[CARDIOSIZE];
-
- if (argc != 2) {
- printf("usage: write input-filename\n");
- return -1;
- }
- if (fd < 0 && reset(0, NULL) < 0)
- return -1;
-
- f = fopen(argv[1], "r");
- if (!f) {
- printf("can't open %s\n", argv[1]);
- return -1;
- }
- n = 0;
- while ((p3 = fread(buf, 1, CARDIOSIZE, f)) > 0) {
- sectok_apdu(fd, cla, 0xd6, n >> 8, n & 0xff, p3, buf, 0, NULL, &sw);
- if (!sectok_swOK(sw)) {
- printf("UpdateBinary: %s\n", sectok_get_sw(sw));
- break;
- }
- n += p3;
- }
- fclose(f);
-
- return (n ? 0 : -1);
-}
-
-#else
-
-int
-dwrite(int argc, char *argv[])
-{
- int n, sw;
- char *s;
-
- if (argc != 2) {
- printf("usage: write text\n");
- return -1;
- }
- s = argv[1];
- n = strlen(s);
- sectok_apdu(fd, cla, 0xd6, 0, 0, n, s, 0, NULL, &sw);
- if (!sectok_swOK(sw)) {
- printf("UpdateBinary: %s\n", sectok_get_sw(sw));
- return -1;
- }
- return 0;
-}
-#endif
-
-int
-challenge(int argc, char *argv[])
-{
- int n = 8, sw;
- unsigned char buf[256];
-
- if (argc > 1)
- n = atoi(argv[1]);
-
- n = sectok_apdu(fd, cla, 0x84, 0, 0, 0, NULL, n, buf, &sw);
-
- if (!sectok_swOK(sw)) {
- printf("GetChallenge: %s\n", sectok_get_sw(sw));
- return -1;
- }
- sectok_dump_reply(buf, n, sw);
- return 0;
-}
-
-int
-vfypin(int argc, char *argv[])
-{
- int keyno = 1, i, sw;
- char *pin;
-
- optind = optreset = 1;
-
- while ((i = getopt(argc, argv, "k:")) != -1) {
- switch (i) {
- case 'k':
- keyno = atoi(optarg);
- break;
- }
- }
-
- if (argc - optind >= 1)
- pin = argv[optind++];
- else {
-#ifndef __palmos__
- pin = getpass("Enter PIN: ");
-#else
- printf("usage: pin PIN\n");
- return -1;
-#endif
- }
-
- sectok_apdu(fd, cla, 0x20, 0, keyno, strlen(pin), pin, 0, NULL, &sw);
- bzero(pin, strlen(pin));
-
- if (!sectok_swOK(sw)) {
- printf("VerifyCHV: %s\n", sectok_get_sw(sw));
- return -1;
- }
- return 0;
-}
-
-#ifndef __palmos__
-int
-chpin(int argc, char *argv[])
-{
- int keyno = 1, i, sw;
- char pin[255];
- char *pass;
-
- optind = optreset = 1;
-
- while ((i = getopt(argc, argv, "k:")) != -1) {
- switch (i) {
- case 'k':
- keyno = atoi(optarg);
- break;
- }
- }
-
- pass = getpass("Enter Old PIN: ");
- strlcpy(pin, pass, sizeof pin);
- pass = getpass("Enter New PIN: ");
- strlcat(pin, pass, sizeof pin);
-
- sectok_apdu(fd, cla, 0x24, 0, keyno, strlen(pin), pin, 0, NULL, &sw);
- bzero(pin, strlen(pin));
-
- if (!sectok_swOK(sw)) {
- printf("UpdateCHV: %s\n", sectok_get_sw(sw));
- return -1;
- }
- return 0;
-}
-#endif
diff --git a/usr.bin/sectok/cyberflex.c b/usr.bin/sectok/cyberflex.c
deleted file mode 100644
index 82988fc8906..00000000000
--- a/usr.bin/sectok/cyberflex.c
+++ /dev/null
@@ -1,1095 +0,0 @@
-/* $OpenBSD: cyberflex.c,v 1.29 2010/10/15 10:18:42 jsg Exp $ */
-
-/*
- * copyright 1999, 2000
- * the regents of the university of michigan
- * all rights reserved
- *
- * permission is granted to use, copy, create derivative works
- * and redistribute this software and such derivative works
- * for any purpose, so long as the name of the university of
- * michigan is not used in any advertising or publicity
- * pertaining to the use or distribution of this software
- * without specific, written prior authorization. if the
- * above copyright notice or any other identification of the
- * university of michigan is included in any copy of any
- * portion of this software, then the disclaimer below must
- * also be included.
- *
- * this software is provided as is, without representation
- * from the university of michigan as to its fitness for any
- * purpose, and without warranty by the university of
- * michigan of any kind, either express or implied, including
- * without limitation the implied warranties of
- * merchantability and fitness for a particular purpose. the
- * regents of the university of michigan shall not be liable
- * for any damages, including special, indirect, incidental, or
- * consequential damages, with respect to any claim arising
- * out of or in connection with the use of the software, even
- * if it has been or is hereafter advised of the possibility of
- * such damages.
- */
-
-#ifndef __palmos__
-#include <sys/types.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <signal.h>
-#include <string.h>
-#include <fcntl.h>
-#include <openssl/des.h>
-#ifdef __linux
-#include <sha.h>
-#define SHA1_CTX SHA_CTX
-#define SHA1Init SHA1_Init
-#define SHA1Update SHA1_Update
-#define SHA1Final SHA1_Final
-#else /* __linux */
-#include <sha1.h>
-#endif
-#else
-#pragma pack(2)
-#include <Common.h>
-#include <System/SysAll.h>
-#include <System/Unix/sys_types.h>
-#include <System/Unix/unix_stdio.h>
-#include <System/Unix/unix_stdlib.h>
-#include <System/Unix/unix_string.h>
-#include <UI/UIAll.h>
-#include "getopt.h"
-#include "field.h"
-#define NO_SHA
-#endif
-#include <sectok.h>
-
-#include "sc.h"
-
-#define MAX_KEY_FILE_SIZE 1024
-#define NUM_RSA_KEY_ELEMENTS 5
-#define RSA_BIT_LEN 1024
-#define KEY_FILE_HEADER_SIZE 8
-
-#define myisprint(x) ((x) >= '!' && (x) <= 'z')
-
-static u_char key_fid[] = {0x00, 0x11};
-static u_char DFLTATR[] = {0x81, 0x10, 0x06, 0x01};
-static u_char DFLTAUT0[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63};
-static u_char AUT0[20];
-
-int aut0_vfyd;
-
-static void print_acl(int isdir, u_char *acl);
-
-#ifndef __palmos__
-/* default signed applet key of Cyberflex Access */
-static DES_cblock app_key = {0x6A, 0x21, 0x36, 0xF5, 0xD8, 0x0C, 0x47, 0x83};
-#endif
-
-static int
-get_AUT0(int argc, char *argv[], char *prompt, int confirm, u_char *digest)
-{
-#ifdef NO_SHA
- memcpy(digest, DFLTAUT0, sizeof DFLTAUT0);
-#else
- int i, dflag = 0, xflag = 0;
- SHA1_CTX ctx;
- char *s, *s2;
-
- optind = optreset = 1;
- opterr = 0;
-
- while ((i = getopt(argc, argv, "dk:x:")) != -1) {
- switch (i) {
- case 'd':
- memcpy(digest, DFLTAUT0, sizeof DFLTAUT0);
- dflag = 1;
- break;
- case 'x':
- if (sectok_parse_input(optarg, digest, 8) != 8) {
- printf("AUT0 must be length 8\n");
- return -1;
- }
- xflag = 1;
- break;
- }
- }
-
- if (!dflag && !xflag) {
- SHA1Init(&ctx);
- /* "-" means DFLTAUT0 */
- s = getpass(prompt);
- if (!strcmp(s, "-"))
- memcpy(digest, DFLTAUT0, sizeof DFLTAUT0);
- else {
- if (confirm) {
- s2 = strdup(s);
- s = getpass("Re-enter passphrase: ");
- if (strcmp(s, s2)) {
- printf("passphrase mismatch\n");
- return -1;
- }
- bzero(s2, strlen(s2));
- free(s2);
- }
- SHA1Update(&ctx, s, strlen(s));
- bzero(s, strlen(s));
- SHA1Final(digest, &ctx);
- }
- }
-#endif
-
- return 0;
-}
-
-int
-jlogin(int argc, char *argv[])
-{
- int i, keyno = 0, vflag = 0, sw;
-
- if (fd < 0 && reset(0, NULL) < 0)
- return -1;
-
- cla = cyberflex_inq_class(fd);
- if (cla < 0) {
- printf("can't determine Cyberflex application class\n");
- return -1;
- }
- optind = optreset = 1;
-
- while ((i = getopt(argc, argv, "dk:vx:")) != -1) {
- switch (i) {
- case 'k':
- keyno = atoi(optarg);
- break;
- case 'v':
- vflag = 1;
- break;
- }
- }
-
- if (get_AUT0(argc, argv, "Enter AUT0 passphrase: ", 0, AUT0) < 0)
- return -1;
-
- if (vflag) {
- printf("Class %02x\n", cla);
- for (i = 0; i < 8; i++)
- printf("%02x ", AUT0[i]);
- printf("\n");
- }
- sectok_apdu(fd, cla, 0x2a, 0, keyno, 8, AUT0, 0, NULL, &sw);
-
- if (!sectok_swOK(sw)) {
- printf("AUT0 failed: %s\n", sectok_get_sw(sw));
- aut0_vfyd = 0;
- return -1;
- }
- aut0_vfyd = 1;
- return 0;
-}
-
-int
-jaut(int argc, char *argv[])
-{
- static char *jlav[] = {"login", "-d", NULL};
-
- return jlogin(2, jlav);
-}
-
-int
-jdefault(int argc, char *argv[])
-{
- u_char buf[8];
- int i, p1 = 4, sw;
-
- optind = optreset = 1;
-
- while ((i = getopt(argc, argv, "d")) != -1) {
- switch (i) {
- case 'd':
- p1 = 5;
- break;
- }
- }
-
- if (fd < 0 && reset(0, NULL) < 0)
- return -1;
- if (!aut0_vfyd)
- jaut(0, NULL);
-
- sectok_apdu(fd, cla, 0x08, p1, 0, 0, buf, 0, NULL, &sw);
- if (!sectok_swOK(sw)) {
- /* error */
- sectok_print_sw(sw);
- return -1;
- }
- return 0;
-}
-
-int
-jatr(int argc, char *argv[])
-{
- u_char buf[64];
- int n = 0, sw;
-
- buf[n++] = 0x90;
- buf[n++] = 0x94; /* TA1 */
- buf[n++] = 0x40; /* TD1 */
- buf[n++] = 0x28; /* TC2 (WWT=4sec) */
- if (argc > 1) {
- /* set historical bytes from command line */
- n += sectok_parse_input(argv[1], &buf[n], 15);
- } else {
- /* no historical bytes given, use default */
- memcpy(&buf[n], DFLTATR, sizeof DFLTATR);
- n += sizeof DFLTATR;
- }
- buf[0] |= ((n - 2) & 0xf);
-
- if (fd < 0 && reset(0, NULL) < 0)
- return -1;
-
- sectok_apdu(fd, cla, 0xfa, 0, 0, n, buf, 0, NULL, &sw);
- if (!sectok_swOK(sw)) {
- /* error */
- sectok_print_sw(sw);
- return -1;
- }
- return 0;
-}
-
-int
-jdata(int argc, char *argv[])
-{
- u_char buf[32];
- int i, sw;
-
- if (fd < 0 && reset(0, NULL) < 0)
- return -1;
-
- cla = cyberflex_inq_class(fd);
- if (cla < 0) {
- printf("can't determine Cyberflex application class\n");
- return -1;
- }
- sectok_apdu(fd, cla, 0xca, 0, 1, 0, NULL, 0x16, buf, &sw);
- if (sectok_swOK(sw)) {
- printf("serno ");
- for (i = 0; i < 6; i++)
- printf("%02x ", buf[i]);
- if (buf[20] == 0x13) {
- /* these cards have a different format */
- printf("scrambled sver %d.%02d ", buf[19], buf[20]);
- if (buf[21] == 0x0c)
- printf("augmented ");
- else
- if (buf[21] != 0x0b)
- printf("unknown ");
- printf("crypto %5.5s class %02x\n", &buf[14],
- cyberflex_inq_class(fd));
- } else {
- printf("batch %02x sver %d.%02d ", buf[6], buf[7], buf[8]);
- if (buf[9] == 0x0c)
- printf("augmented ");
- else
- if (buf[9] != 0x0b)
- printf("unknown ");
- printf("crypto %9.9s class %02x\n", &buf[10], buf[19]);
- }
- } else {
- /* error */
- sectok_print_sw(sw);
- }
- return 0;
-}
-#define JDIRSIZE 40
-
-static char *apptype[] = {
- "?",
- "applet",
- "app",
- "app/applet",
-};
-
-static char *appstat[] = {
- "?",
- "created",
- "installed",
- "registered",
-};
-
-static char *filestruct[] = {
- "binary",
- "fixed rec",
- "variable rec",
- "cyclic",
- "program",
-};
-
-static char *principals[] = {
- "world", "CHV1", "CHV2", "AUT0", "AUT1", "AUT2", "AUT3", "AUT4"
-};
-
-static char *f_rights[] = {
- "r", "w", "x/a", "inval", "rehab", NULL, "dec", "inc"
-};
-
-static char *d_rights[] = {
- "l", "d", "a", NULL, NULL, "i", "manage", NULL
-};
-
-static void
-print_acl(int isdir, u_char *acl)
-{
- int i, j;
- char *as;
-
- for (i = 0; i < 8; i++) {
- if (acl[i]) {
- printf(" %s: ", principals[i]);
- for (j = 0; j < 8; j++)
- if (acl[i] & (1 << j)) {
- as = isdir ? d_rights[j] : f_rights[j];
- if (as)
- printf("%s ", as);
- }
- printf("\n");
- }
- }
-}
-
-void
-sectok_fmt_aidname(char *aidname, int aidlen, u_char *aid, size_t len)
-{
- int i, istext = 1;
-
- for (i = 1; i < aidlen; i++)
- if (!myisprint(aid[i])) {
- istext = 0;
- break;
- }
- if (istext) {
- if (aidlen + 1 > len)
- aidlen = len - 1;
- memcpy(aidname, aid, aidlen);
- aidname[aidlen] = '\0';
- if (aid[0] == 0xfc)
- aidname[0] = '#';
- } else {
- for (i = 0; i < aidlen; i++)
- snprintf(&aidname[i * 2], len - ( i * 2),
- "%02x", aid[i]);
- }
-}
-
-int
-ls(int argc, char *argv[])
-{
- int i, p2, fid, lflag = 0, buflen, sw;
- int isdir, fsize;
- char ftype[32], fname[6], aidname[34];
- u_char buf[JDIRSIZE];
-
- optind = optreset = 1;
-
- while ((i = getopt(argc, argv, "l")) != -1) {
- switch (i) {
- case 'l':
- lflag = 1;
- break;
- }
- }
-
- if (fd < 0 && reset(0, NULL) < 0)
- return -1;
-
- for (p2 = 0;; p2++) {
- buflen = sectok_apdu(fd, cla, 0xa8, 0, p2, 0, NULL,
- JDIRSIZE, buf, &sw);
- if (!sectok_swOK(sw))
- break;
-
- /* Don't show reserved fids */
- fid = sectok_mksw(buf[4], buf[5]);
- if (fid == 0x3f11 || fid == 0x3fff || fid == 0xffff)
- continue;
-
- /* Format name */
- sectok_fmt_fid(fname, sizeof fname, &buf[4]);
-
- /* Format size */
- fsize = (buf[2] << 8) | buf[3];
-
- /* Format file type */
- isdir = 0;
- aidname[0] = '\0';
- if (buf[6] == 1) {
- /* root */
- snprintf(ftype, sizeof ftype, "root");
- isdir = 1;
- } else
- if (buf[6] == 2) {
- /* DF */
- if (buf[12] == 27) {
- /* application */
- snprintf(ftype, sizeof ftype, "%s %s",
- appstat[buf[10]], apptype[buf[9]]);
- if (buflen > 23 && buf[23]) {
- aidname[0] = ' ';
- sectok_fmt_aidname(&aidname[1],
- buf[23], &buf[24],
- sizeof aidname - 1);
- }
- } else
- snprintf(ftype, sizeof ftype,
- "directory");
- isdir = 1;
- } else
- if (buf[6] == 4) {
- /* EF */
- snprintf(ftype, sizeof ftype, "%s",
- filestruct[buf[13]]);
- }
- if (!lflag)
- printf("%-4s\n", fname);
- else
- printf("%-4s %5d %s%s\n", fname, fsize, ftype, aidname);
- }
- return 0;
-}
-
-int
-acl(int argc, char *argv[])
-{
- int i, j, xflag = 0, isdir, prno, rt, sw;
- u_char fid[2], buf[256], acl[8];
- char *prin;
-
- optind = optreset = 1;
-
- while ((i = getopt(argc, argv, "x")) != -1) {
- switch (i) {
- case 'x':
- xflag = 1;
- break;
- }
- }
-
- if (argc - optind < 1) {
- usage:
- printf("usage: acl [-x] fid [principal: r1 r2 ...]\n");
- return -1;
- }
- /* Select the fid */
- sectok_parse_fname(argv[optind++], fid);
- sectok_apdu(fd, cla, 0xa4, 0, 0, 2, fid, sizeof buf, buf, &sw);
- if (!sectok_swOK(sw)) {
- printf("Select: %s\n", sectok_get_sw(sw));
- return -1;
- }
- isdir = (buf[6] == 1 || buf[6] == 2);
-
- /* Get current acl */
- sectok_apdu(fd, cla, 0xfe, 0, 0, 0, NULL, 8, acl, &sw);
- if (!sectok_swOK(sw)) {
- printf("GetFileACL: %s\n", sectok_get_sw(sw));
- return -1;
- }
- if (argc - optind < 1) {
- /* No acl given; print acl and exit */
- if (xflag) {
- for (i = 0; i < 8; i++)
- printf("%02x ", acl[i]);
- printf("\n");
- } else
- print_acl(isdir, acl);
- return 0;
- }
- prin = argv[optind++];
-
- /* strip trailing ':' */
- if (prin[0] != '\0' && prin[strlen(prin) - 1] == ':')
- prin[strlen(prin) - 1] = '\0';
- else
- goto usage;
-
- /* Find principal */
- for (prno = 0; prno < 8; prno++)
- if (!strcasecmp(prin, principals[prno]))
- break;
- if (prno >= 8) {
- printf("unknown principal \"%s\"\n", prin);
- return -1;
- }
- /* Parse new rights */
- rt = 0;
- for (i = optind; i < optind + 8 && i < argc; i++) {
- for (j = 0; j < 8; j++) {
- if ((d_rights[j] && !strcasecmp(argv[i], d_rights[j])) ||
- (f_rights[j] && !strcasecmp(argv[i], f_rights[j])))
- rt |= (1 << j);
- }
- }
- acl[prno] = rt;
-
- /* Set acl */
- sectok_apdu(fd, cla, 0xfc, 0, 0, 8, acl, 0, NULL, &sw);
- if (!sectok_swOK(sw)) {
- printf("ChangeFileACL: %s\n", sectok_get_sw(sw));
- return -1;
- }
- print_acl(isdir, acl);
-
- return 0;
-}
-
-int
-jcreate(int argc, char *argv[])
-{
- u_char fid[2];
- int sw, fsize;
-
- if (argc != 3) {
- printf("usage: create fid size\n");
- return -1;
- }
- sectok_parse_fname(argv[1], fid);
- sscanf(argv[2], "%d", &fsize);
-
- if (fd < 0 && reset(0, NULL) < 0)
- return -1;
- if (!aut0_vfyd)
- jaut(0, NULL);
-
- if (cyberflex_create_file(fd, cla, fid, fsize, 3, &sw) < 0) {
- printf("create_file: %s\n", sectok_get_sw(sw));
- return -1;
- }
- return 0;
-}
-
-int
-jdelete(int argc, char *argv[])
-{
- u_char fid[2];
- int sw;
-
- if (argc != 2) {
- printf("usage: delete fid\n");
- return -1;
- }
- sectok_parse_fname(argv[1], fid);
-
- if (fd < 0 && reset(0, NULL) < 0)
- return -1;
- if (!aut0_vfyd)
- jaut(0, NULL);
-
- if (cyberflex_delete_file(fd, cla, fid, &sw) < 0) {
- printf("delete_file: %s\n", sectok_get_sw(sw));
- return -1;
- }
- return 0;
-}
-#define MAX_BUF_SIZE 256
-#define MAX_APP_SIZE 4096
-#define MAX_APDU_SIZE 0xfa
-#define BLOCK_SIZE 8
-#define MAXTOKENS 16
-
-u_char progID[2], contID[2];
-
-#ifndef __palmos__
-int
-jload(int argc, char *argv[])
-{
- char *cp, *filename, progname[5], contname[5];
- u_char aid[16], app_data[MAX_APP_SIZE], data[MAX_BUF_SIZE];
- int i, j, vflag = 0, gotprog = 0, gotcont = 0, fd_app, size;
- int aidlen = 0, sw;
- int cont_size = 1152, inst_size = 1024;
- DES_cblock tmp;
- DES_key_schedule schedule;
- static u_char acl[] = {0x81, 0, 0, 0xff, 0, 0, 0, 0};
-
- optind = optreset = 1;
-
- while ((i = getopt(argc, argv, "p:c:s:i:a:v")) != -1) {
- switch (i) {
- case 'p':
- sectok_parse_input(optarg, progID, 2);
- gotprog = 1;
- break;
- case 'c':
- sectok_parse_input(optarg, contID, 2);
- gotcont = 1;
- break;
- case 's':
- sscanf(optarg, "%d", &cont_size);
- break;
- case 'i':
- sscanf(optarg, "%d", &inst_size);
- break;
- case 'a':
- aidlen = sectok_parse_input(optarg, aid, sizeof aid);
- break;
- case 'v':
- vflag = 1;
- break;
- default:
- printf("unknown option. command aborted.\n");
- return -1;
- }
- }
-
- if (argc - optind < 1) {
- printf("missing file name\n");
- return -1;
- }
- filename = argv[optind++];
-
- /*
- * We prepend 0xfc to the aid to make it a "proprietary aid".
- * See 7816-5 sec 5.2.4.
- */
- if (aidlen <= 0) {
- /* No aid given, derive from file name */
- cp = strrchr(filename, '/');
- if (cp)
- cp++;
- else
- cp = filename;
- aid[0] = 0xfc;
- strncpy(&aid[1], cp, sizeof aid - 1);
- aidlen = (aid[15] == '\0') ? strlen(aid) : 16;
- } else
- if (aid[0] == '#')
- aid[0] = 0xfc;
-
- if (!gotprog) {
- /* No progID given, derive from aid */
- progID[0] = aid[1];
- progID[1] = 'p';
- }
- if (!gotcont) {
- /* No contID given, derive from aid */
- contID[0] = aid[1];
- contID[1] = 'c';
- }
- if (fd < 0 && reset(0, NULL) < 0)
- return -1;
- if (!aut0_vfyd)
- jaut(0, NULL);
-
- sectok_fmt_fid(progname, sizeof progname, progID);
- sectok_fmt_fid(contname, sizeof contname, contID);
-
- if (vflag) {
- printf("applet file \"%s\"\n", filename);
- printf("program ID %s\n", progname);
- printf("container ID %s\n", contname);
- printf("instance container size %d\n", cont_size);
- printf("instance data size %d\n", inst_size);
- printf("AID ");
- for (i = 0; i < aidlen; i++)
- printf("%02x ", aid[i]);
- printf("\n");
- }
- /* open the input file */
- fd_app = open(filename, O_RDONLY, NULL);
- if (fd_app == -1) {
- fprintf(stderr, "cannot open file \"%s\"\n", filename);
- return -1;
- }
- /* read the input file */
- size = read(fd_app, app_data, MAX_APP_SIZE);
- if (size <= 0) {
- fprintf(stderr, "error reading file %s\n", filename);
- return -1;
- }
- /* size must be able to be divided by BLOCK_SIZE */
- if (size % BLOCK_SIZE != 0) {
- fprintf(stderr, "file \"%s\" size %d not divisible by %d\n", filename, size, BLOCK_SIZE);
- return -1;
- }
- /* compute the signature of the applet */
- /* initialize the result buffer */
- memset(tmp, 0, BLOCK_SIZE);
-
- /* chain. DES encrypt one block, XOR the cyphertext with the next
- * block, ... continues until the end of the buffer */
-
- DES_set_key(&app_key, &schedule);
-
- for (i = 0; i < size / BLOCK_SIZE; i++) {
- for (j = 0; j < BLOCK_SIZE; j++)
- tmp[j] = tmp[j] ^ app_data[i * BLOCK_SIZE + j];
- DES_ecb_encrypt(&tmp, &tmp, &schedule, DES_ENCRYPT);
- }
-
- if (vflag) {
- /* print out the signature */
- printf("signature ");
- for (j = 0; j < BLOCK_SIZE; j++)
- printf("%02x ", tmp[j]);
- printf("\n");
- }
- /* select the default loader */
- sectok_apdu(fd, cla, 0xa4, 0x04, 0, 0, NULL, 0, NULL, &sw);
- if (!sectok_swOK(sw)) {
- /* error */
- printf("can't select default loader: %s\n", sectok_get_sw(sw));
- return -1;
- }
- /* select 3f.00 (root) */
- if (sectok_selectfile(fd, cla, root_fid, &sw) < 0)
- return -1;
-
- /* create program file */
- if (cyberflex_create_file_acl(fd, cla, progID, size, 3, acl, &sw) < 0) {
- /* error */
- printf("can't create %s: %s\n", progname, sectok_get_sw(sw));
- return -1;
- }
- /* update binary */
- for (i = 0; i < size; i += MAX_APDU_SIZE) {
- int send_size;
-
- /* compute the size to be sent */
- if (size - i > MAX_APDU_SIZE)
- send_size = MAX_APDU_SIZE;
- else
- send_size = size - i;
-
- sectok_apdu(fd, cla, 0xd6, i / 256, i % 256, send_size,
- app_data + i, 0, NULL, &sw);
-
- if (!sectok_swOK(sw)) {
- /* error */
- printf("updating binary %s: %s\n", progname,
- sectok_get_sw(sw));
- return -1;
- }
- }
-
- /* manage program .. validate */
- sectok_apdu(fd, cla, 0x0a, 01, 0, 0x08, tmp, 0, NULL, &sw);
-
- if (!sectok_swOK(sw)) {
- /* error */
- printf("validating applet in %s: %s\n", progname,
- sectok_get_sw(sw));
- return -1;
- }
- /* select the default loader */
- sectok_apdu(fd, cla, 0xa4, 0x04, 0, 0, NULL, 0, NULL, &sw);
- if (!sectok_swOK(sw)) {
- /* error */
- printf("selecting default loader: %s\n", sectok_get_sw(sw));
- return -1;
- }
- /* execute method -- call the install() method in the cardlet. cardlet
- * type 01 (applet, not application) */
-
- data[0] = 0x01; /* cardlet type = 1 (applet, not application) */
- data[1] = progID[0]; /* FID, upper */
- data[2] = progID[1]; /* FID, lower */
- data[3] = cont_size >> 8; /* instance container size 0x0800
- * (1152) byte, upper */
- data[4] = cont_size & 0xff; /* instance container size 0x0800
- * (1152) byte, lower */
- data[5] = contID[0]; /* container ID (7778), upper */
- data[6] = contID[1]; /* container ID (7778), lower */
- data[7] = inst_size >> 8; /* instance size 0x0400 (1024) byte,
- * upper */
- data[8] = inst_size & 0xff; /* instance size 0x0400 (1024) byte,
- * lower */
- data[9] = 0x00; /* AID length 0x0005, upper */
- data[10] = aidlen; /* AID length 0x0005, lower */
- memcpy(&data[11], aid, aidlen);
-
- sectok_apdu(fd, cla, 0x0c, 0x13, 0, 11 + aidlen, data, 0, NULL, &sw);
- if (!sectok_swOK(sw)) {
- /* error */
- printf("executing install() method in applet %s: %s\n",
- progname, sectok_get_sw(sw));
- return -1;
- }
- /* That's it! :) */
- return 0;
-}
-#endif
-
-int
-junload(int argc, char *argv[])
-{
- char progname[5], contname[5];
- int i, vflag = 0, gotprog = 0, gotcont = 0, sw;
-
- optind = optreset = 1;
-
- while ((i = getopt(argc, argv, "p:c:v")) != -1) {
- switch (i) {
- case 'p':
- sectok_parse_input(optarg, progID, 2);
- gotprog = 1;
- break;
- case 'c':
- sectok_parse_input(optarg, contID, 2);
- gotcont = 1;
- break;
- case 'v':
- vflag = 1;
- break;
- default:
- printf("unknown option. command aborted.\n");
- return -1;
- }
- }
-
- if (argc - optind >= 1) {
- /* Derive progID and contID from filename */
- if (!gotprog) {
- progID[0] = argv[optind][0];
- progID[1] = 'p';
- gotprog = 1;
- }
- if (!gotcont) {
- contID[0] = argv[optind][0];
- contID[1] = 'c';
- gotcont = 1;
- }
- }
- /* Use old defaults */
- if (!gotprog)
- memcpy(progID, "ww", 2);
- if (!gotcont)
- memcpy(contID, "wx", 2);
-
- if (fd < 0 && reset(0, NULL) < 0)
- return -1;
- if (!aut0_vfyd)
- jaut(0, NULL);
-
- sectok_fmt_fid(progname, sizeof progname, progID);
- sectok_fmt_fid(contname, sizeof contname, contID);
-
- if (vflag) {
- printf("program ID %s\n", progname);
- printf("container ID %s\n", contname);
- }
- /* select 3f.00 (root) */
- if (sectok_selectfile(fd, cla, root_fid, &sw) < 0) {
- printf("can't select root: %s\n", sectok_get_sw(sw));
- return -1;
- }
- /* select program file */
- if (sectok_selectfile(fd, cla, progID, &sw) >= 0) {
-
- /* manage program -- reset */
- sectok_apdu(fd, cla, 0x0a, 02, 0, 0, NULL, 0, NULL, &sw);
- if (!sectok_swOK(sw)) {
- /* error */
- printf("resetting applet: %s\n", sectok_get_sw(sw));
- }
- /* delete program file */
- if (cyberflex_delete_file(fd, cla, progID, &sw) < 0)
- printf("delete_file %s: %s\n", progname, sectok_get_sw(sw));
- } else
- if (vflag)
- printf("no program file... proceed to delete data container\n");
-
- /* delete data container */
- if (cyberflex_delete_file(fd, cla, contID, &sw) < 0)
- printf("delete_file %s: %s\n", contname, sectok_get_sw(sw));
-
- return 0;
-}
-
-#ifndef __palmos__
-#define DELIMITER " :\t\n"
-#define KEY_BLOCK_SIZE 14
-
-/* download DES keys into 3f.00/00.11 */
-int
-cyberflex_load_key(int fd, u_char *buf)
-{
- int sw, argc = 0, i, j, tmp;
- u_char *token;
- u_char data[MAX_BUF_SIZE];
- u_char key[BLOCK_SIZE];
-
-#if 0
- /* select the default loader */
- rv = scwrite(fd, cla, 0xa4, 0x04, 0, 0x00, NULL, &r1, &r2);
- if (r1 != 0x90 && r1 != 0x61) {
- //error
- printf("selecting the default loader: ");
- print_r1r2(r1, r2);
- return -1;
- }
-#endif
-
- printf("ca_load_key buf=%s\n", buf);
- token = strtok(buf, DELIMITER);
- token = strtok(NULL, DELIMITER);
- if (token == NULL) {
- printf("usage: jk number_of_keys\n");
- return -1;
- }
- argc = atoi(token);
-
- if (argc > 2) {
- printf("current Cyberflex Access cannot download more than 2 keys to the key file. Sorry. :(\n");
- return -1;
- }
- if (argc < 0) {
- printf("you want to down load %d keys??\n", argc);
- return -1;
- }
- if (!aut0_vfyd)
- jaut(0, NULL);
-
- /* Now let's do it. :) */
-
- /* add the AUT0 */
- cyberflex_fill_key_block(data, 0, 1, AUT0);
-
- /* add the applet sign key */
- cyberflex_fill_key_block(data + KEY_BLOCK_SIZE, 5, 0, app_key);
-
- /* then add user defined keys */
- for (i = 0; i < argc; i++) {
- printf("key %d : ", i);
- for (j = 0; j < BLOCK_SIZE; j++) {
- fscanf(cmdf, "%02x", &tmp);
- key[j] = (u_char) tmp;
- }
-
- cyberflex_fill_key_block(data + 28 + i * KEY_BLOCK_SIZE,
- 6 + i, 0, key);
- }
-
- /* add the suffix */
- data[28 + argc * KEY_BLOCK_SIZE] = 0;
- data[28 + argc * KEY_BLOCK_SIZE + 1] = 0;
-
- for (i = 0; i < KEY_BLOCK_SIZE * (argc + 2) + 2; i++)
- printf("%02x ", data[i]);
- printf("\n");
-
- /* select 3f.00 (root) */
- if (sectok_selectfile(fd, cla, root_fid, &sw) < 0) {
- printf("select root: %s\n", sectok_get_sw(sw));
- return -1;
- }
- /* select 00.11 (key file) */
- if (sectok_selectfile(fd, cla, key_fid, &sw) < 0) {
- printf("select key file: %s\n", sectok_get_sw(sw));
- return -1;
- }
- /* all righty, now let's send it to the card! :) */
- sectok_apdu(fd, cla, 0xd6, 0, 0, KEY_BLOCK_SIZE * (argc + 2) + 2,
- data, 0, NULL, &sw);
- if (!sectok_swOK(sw)) {
- /* error */
- printf("writing the key file 00.11: %s\n", sectok_get_sw(sw));
- return -1;
- }
- return 0;
-}
-
-/* download AUT0 key into 3f.00/00.11 */
-int
-jsetpass(int argc, char *argv[])
-{
- int sw;
- u_char data[MAX_BUF_SIZE];
- u_char AUT0[20];
-
- if (!aut0_vfyd && jaut(0, NULL) < 0)
- return -1;
-
- if (get_AUT0(argc, argv, "Enter new AUT0 passphrase: ", 1, AUT0) < 0)
- return -1;
-
- cyberflex_fill_key_block(data, 0, 1, AUT0);
-
-#if 0
- /* add the suffix */
- data[KEY_BLOCK_SIZE] = 0;
- data[KEY_BLOCK_SIZE + 1] = 0;
-#endif
-
-#ifdef DEBUG
- for (i = 0; i < KEY_BLOCK_SIZE; i++)
- printf("%02x ", data[i]);
- printf("\n");
-#endif
-
- /* select 3f.00 (root) */
- if (sectok_selectfile(fd, cla, root_fid, &sw) < 0)
- return -1;
-
- /* select 00.11 (key file) */
- if (sectok_selectfile(fd, cla, key_fid, &sw) < 0)
- return -1;
-
- /* all righty, now let's send it to the card! :) */
- sectok_apdu(fd, cla, 0xd6, 0, 0, KEY_BLOCK_SIZE, data, 0, NULL, &sw);
- if (!sectok_swOK(sw)) {
- /* error */
- printf("writing the key file 00.11: %s\n", sectok_get_sw(sw));
- return -1;
- }
- return 0;
-}
-
-/* download RSA private key into 3f.00/00.12 */
-int
-cyberflex_load_rsa(int fd, u_char *buf)
-{
- int sw, i, j, tmp;
- static u_char key_fid[] = {0x00, 0x12};
- static char *key_names[NUM_RSA_KEY_ELEMENTS] = {
- "p", "q", "1/p mod q", "d mod (p-1)", "d mod (q-1)"
- };
- u_char *key_elements[NUM_RSA_KEY_ELEMENTS];
-
- printf("ca_load_rsa_priv buf=%s\n", buf);
-
- printf("input 1024 bit RSA CRT key\n");
- for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++) {
- printf("%s (%d bit == %d byte) : ", key_names[i],
- RSA_BIT_LEN / 2, RSA_BIT_LEN / 2 / 8);
- key_elements[i] = (u_char *) malloc(RSA_BIT_LEN / 8);
- for (j = 0; j < RSA_BIT_LEN / 8 / 2; j++) {
- fscanf(cmdf, "%02x", &tmp);
- key_elements[i][j] = (u_char) tmp;
- }
- }
-
-#ifdef DEBUG
- printf("print RSA CRT key\n");
- for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++) {
- printf("%s : ", key_names[i]);
- for (j = 0; j < RSA_BIT_LEN / 8 / 2; j++) {
- printf("%02x ", key_elements[i][j]);
- }
- }
-#endif
-
- if (!aut0_vfyd)
- jaut(0, NULL);
-
- cyberflex_load_rsa_priv(fd, cla, key_fid, NUM_RSA_KEY_ELEMENTS, RSA_BIT_LEN,
- key_elements, &sw);
-
- if (!sectok_swOK(sw))
- printf("load_rsa_priv: %s\n", sectok_get_sw(sw));
-
- for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
- free(key_elements[i]);
- return 0;
-}
-#endif
diff --git a/usr.bin/sectok/main.c b/usr.bin/sectok/main.c
deleted file mode 100644
index 5eca56468bc..00000000000
--- a/usr.bin/sectok/main.c
+++ /dev/null
@@ -1,156 +0,0 @@
-/* $OpenBSD: main.c,v 1.10 2007/12/30 13:35:27 sobrado Exp $ */
-
-/*
- * Smartcard commander.
- * Written by Jim Rees and others at University of Michigan.
- */
-
-/*
- * copyright 2001
- * the regents of the university of michigan
- * all rights reserved
- *
- * permission is granted to use, copy, create derivative works
- * and redistribute this software and such derivative works
- * for any purpose, so long as the name of the university of
- * michigan is not used in any advertising or publicity
- * pertaining to the use or distribution of this software
- * without specific, written prior authorization. if the
- * above copyright notice or any other identification of the
- * university of michigan is included in any copy of any
- * portion of this software, then the disclaimer below must
- * also be included.
- *
- * this software is provided as is, without representation
- * from the university of michigan as to its fitness for any
- * purpose, and without warranty by the university of
- * michigan of any kind, either express or implied, including
- * without limitation the implied warranties of
- * merchantability and fitness for a particular purpose. the
- * regents of the university of michigan shall not be liable
- * for any damages, including special, indirect, incidental, or
- * consequential damages, with respect to any claim arising
- * out of or in connection with the use of the software, even
- * if it has been or is hereafter advised of the possibility of
- * such damages.
- */
-
-#include <unistd.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <signal.h>
-#include <limits.h>
-#include <string.h>
-#include <errno.h>
-#include <sectok.h>
-
-#include "sc.h"
-
-#define MAXTOKENS 300
-#define CARDIOSIZE 200
-
-void onintr(int sigraised);
-
-int port, fd = -1, cla, sleepytime;
-volatile sig_atomic_t interrupted;
-FILE *cmdf;
-
-static void
-usage(void)
-{
- fprintf(stderr,
- "usage: sectok [-0123] [-f scriptfile] [-s sleeptime] [command [arg ...]]\n");
- exit(1);
-}
-
-int
-main(int argc, char *argv[])
-{
- char buf[_POSIX2_LINE_MAX], *scriptfile = NULL, *tp, *tv[MAXTOKENS];
- int i, tc;
-
- tp = getenv("SCPORT");
- if (tp)
- port = atoi(tp);
-
- while ((i = getopt(argc, argv, "0123f:s:h")) != -1) {
- switch (i) {
- case '0':
- case '1':
- case '2':
- case '3':
- port = i - '0';
- break;
- case 'f':
- scriptfile = optarg;
- break;
- case 's':
- sleepytime = atoi(optarg);
- break;
- case 'h':
- default:
- usage();
- break;
- }
- }
-
- if (optind != argc) {
- /* Dispatch from command line */
- dispatch(argc - optind, &argv[optind]);
- exit(0);
- }
- if (scriptfile != NULL) {
- cmdf = fopen(scriptfile, "r");
- if (cmdf == NULL) {
- perror(scriptfile);
- exit(2);
- }
- } else
- cmdf = stdin;
-
- /* Interactive mode, or script file */
-
- signal(SIGINT, onintr);
-#ifdef __OpenBSD__
- siginterrupt(SIGINT, 1);
-#endif
-
- /* The Main Loop */
- while (1) {
- fflush(stdout);
- interrupted = 0;
- if (sleepytime)
- usleep(sleepytime * 1000);
- if (cmdf == stdin) {
- fprintf(stderr, "sectok> ");
- fflush(stderr);
- }
- if (!fgets(buf, sizeof buf, cmdf)) {
- putchar('\n');
- if (interrupted)
- continue;
- else
- break;
- }
- if (cmdf != stdin)
- printf("sectok> %s", buf);
-
- for ((tp = strtok(buf, " \t\n\r")), tc = 0; tp;
- (tp = strtok(NULL, " \t\n\r")), tc++) {
- if (tc < MAXTOKENS - 1)
- tv[tc] = tp;
- }
- tv[tc] = NULL;
-
- dispatch(tc, tv);
- }
-
- quit(0, NULL);
- return 0;
-}
-
-void
-onintr(int sigraised)
-{
- interrupted++;
-}
diff --git a/usr.bin/sectok/sc.h b/usr.bin/sectok/sc.h
deleted file mode 100644
index 91e8d5012ec..00000000000
--- a/usr.bin/sectok/sc.h
+++ /dev/null
@@ -1,72 +0,0 @@
-/* $OpenBSD: sc.h,v 1.12 2002/06/17 07:10:52 deraadt Exp $ */
-
-/*
- * Smartcard commander.
- * Written by Jim Rees and others at University of Michigan.
- */
-
-/*
- * copyright 2001
- * the regents of the university of michigan
- * all rights reserved
- *
- * permission is granted to use, copy, create derivative works
- * and redistribute this software and such derivative works
- * for any purpose, so long as the name of the university of
- * michigan is not used in any advertising or publicity
- * pertaining to the use or distribution of this software
- * without specific, written prior authorization. if the
- * above copyright notice or any other identification of the
- * university of michigan is included in any copy of any
- * portion of this software, then the disclaimer below must
- * also be included.
- *
- * this software is provided as is, without representation
- * from the university of michigan as to its fitness for any
- * purpose, and without warranty by the university of
- * michigan of any kind, either express or implied, including
- * without limitation the implied warranties of
- * merchantability and fitness for a particular purpose. the
- * regents of the university of michigan shall not be liable
- * for any damages, including special, indirect, incidental, or
- * consequential damages, with respect to any claim arising
- * out of or in connection with the use of the software, even
- * if it has been or is hereafter advised of the possibility of
- * such damages.
- */
-
-extern int port, fd, cla, aut0_vfyd;
-extern FILE *cmdf;
-
-extern struct dispatchtable {
- char *cmd, *help;
- int (*action) (int argc, char *argv[]);
-} dispatch_table[];
-
-int dispatch(int argc, char *argv[]);
-int help(int argc, char *argv[]);
-int reset(int argc, char *argv[]);
-int dclose(int argc, char *argv[]);
-int quit(int argc, char *argv[]);
-int apdu(int argc, char *argv[]);
-int selfid(int argc, char *argv[]);
-int isearch(int argc, char *argv[]);
-int csearch(int argc, char *argv[]);
-int class(int argc, char *argv[]);
-int dread(int argc, char *argv[]);
-int dwrite(int argc, char *argv[]);
-int challenge(int argc, char *argv[]);
-int vfypin(int argc, char *argv[]);
-int chpin(int argc, char *argv[]);
-int ls(int argc, char *argv[]);
-int acl(int argc, char *argv[]);
-int jcreate(int argc, char *argv[]);
-int jdelete(int argc, char *argv[]);
-int jdefault(int argc, char *argv[]);
-int jatr(int argc, char *argv[]);
-int jdata(int argc, char *argv[]);
-int jlogin(int argc, char *argv[]);
-int jaut(int argc, char *argv[]);
-int jload(int argc, char *argv[]);
-int junload(int argc, char *argv[]);
-int jsetpass(int argc, char *argv[]);
diff --git a/usr.bin/sectok/sectok.1 b/usr.bin/sectok/sectok.1
deleted file mode 100644
index 1d50e140ff2..00000000000
--- a/usr.bin/sectok/sectok.1
+++ /dev/null
@@ -1,275 +0,0 @@
-.\" $OpenBSD: sectok.1,v 1.15 2007/12/30 19:23:53 jmc Exp $
-.\"
-.\" Copyright (C) 2001, Jakob Schlyter. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. Neither the name of the project nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: December 30 2007 $
-.Dt SECTOK 1
-.Os
-.\"
-.Sh NAME
-.Nm sectok
-.Nd communicate with smartcards using iso7816
-.\"
-.Sh SYNOPSIS
-.Nm sectok
-.Op Fl 0123
-.Op Fl f Ar scriptfile
-.Op Fl s Ar sleeptime
-.Op Ar command Op Ar arg ...
-.\"
-.Sh DESCRIPTION
-.Nm
-is a command-line-like interface for communicating with smartcards.
-APDUs can be sent to the card, and results are displayed.
-Some commands are card-specific, and focus on the Schlumberger Cyberflex
-Access Javacards.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl 0123
-Select port.
-.Pp
-.It Fl f Ar scriptfile
-Run commands from scriptfile.
-.Pp
-.It Fl s Ar sleeptime
-Set sleep (in milliseconds) between commands in the script.
-.El
-.Sh COMMANDS
-.Ss Non-card commands
-.Bl -tag -width Ds
-.It Xo
-.Cm help
-.Xc
-List all commands.
-.It Xo
-.Cm help
-.Op command
-.Xc
-Show help for
-.Ar command .
-.It Xo
-.Cm \&?
-.Op command
-.Xc
-Show help for
-.Ar command .
-.It Xo
-.Cm reset
-.Op Fl 0123ivf
-.Xc
-Reset smartcard.
-.Bl -tag -width Ds
-.It Fl 0123
-select port
-.It Fl i
-don't wait for card insertion
-.It Fl v
-verbose
-.It Fl f
-open connection even if atr is bad
-.El
-.It Xo
-.Cm open
-.Op Fl 0123ivf
-.Xc
-Synonym for reset.
-.It Xo
-.Cm close
-.Xc
-Close smartcard connection.
-.It Xo
-.Cm quit
-.Xc
-Quit
-.Nm Li .
-.El
-.Ss ISO 7816-4 commands
-.Bl -tag -width Ds
-.It Xo
-.Cm apdu
-.Op Fl c Ar class
-.Ar "ins p1 p2 p3 data ..."
-.Xc
-Send APDU to smartcard.
-.It Xo
-.Cm fid
-.Op Fl v
-.Ar fid/aid
-.Xc
-Select file or aid identified by
-.Ar fid/aid .
-.Ar fid/aid
-can be a numeric fid such as 3f00, a two character name, or an aid in hex or
-ASCII.
-.It Xo
-.Cm isearch
-.Xc
-Try all 256 possible instructions and print results.
-.It Xo
-.Cm class
-.Op Ar class
-.Xc
-Inquire or set default application
-.Ar class .
-.It Xo
-.Cm read
-.Op Fl x
-.Ar filesize
-.Xc
-Read selected fid and write to stdout.
-.It Xo
-.Cm write
-.Ar input-filename
-.Xc
-Read from
-.Ar input-filename
-and write to selected fid.
-.It Xo
-.Cm challenge
-.Op Ar length
-.Xc
-Get a random challenge from the card.
-.It Xo
-.Cm pin
-.Op Fl k Ar keyno
-.Op Ar PIN
-.Xc
-Verify CHV (PIN).
-.It Xo
-.Cm chpin
-.Op Fl k Ar keyno
-.Xc
-Change CHV (PIN).
-.El
-.Ss Cyberflex commands
-.Bl -tag -width Ds
-.It Xo
-.Cm ls
-.Op Fl l
-.Xc
-List all files in current DF.
-.It Xo
-.Cm acl
-.Ar fid
-.Op Ar principal: "r1 r2 ..."
-.Xc
-.Bl -tag -width Ds
-.It principals
-world, CHV1, CHV2, AUT0, AUT1, AUT2, AUT3, AUT4
-.It f_rights
-r, w, x/a, inval, rehab, dec, inc
-.It d_rights
-l, d, a, i, manage
-.El
-.It Xo
-.Cm create
-.Ar fid
-.Ar size
-.Xc
-.It Xo
-.Cm delete
-.Ar fid
-.Xc
-.It Xo
-.Cm jdefault
-.Op Fl d
-.Xc
-Set default applet.
-.Bl -tag -width Ds
-.It Fl d
-set default applet to default loader
-.El
-.It Xo
-.Cm jatr
-.Xc
-Set java atr.
-.It Xo
-.Cm jdata
-.Xc
-Print useful info about the card
-.It Xo
-.Cm login
-.Op Fl d
-.Op Fl k Ar keyno
-.Op Fl v
-.Op Fl x Ar hex-aut0
-.Xc
-"login" (verify AUT0 key)
-.Bl -tag -width Ds
-.It Fl d
-use manufacturer's default AUT0 key
-.El
-.It Xo
-.Cm jload
-.Op Fl p Ar progID
-.Op Fl c Ar contID
-.Op Fl s Ar cont_size
-.Op Fl i Ar inst_size
-.Op Fl v
-.Op Fl a Ar aid
-.Ar filename
-.Xc
-Load an applet to the card.
-If the first byte of the
-.Ar aid
-is '#' it will be converted to 0xfc.
-.It Xo
-.Cm junload
-.Op Fl p Ar progID
-.Op Fl c Ar contID
-.Xc
-.It Xo
-.Cm jselect
-.Op Fl a Ar aid
-.Op Fl d
-.Xc
-Select applet.
-.Bl -tag -width Ds
-.It Fl d
-select default loader
-.El
-.It Xo
-.Cm setpass
-.Op Fl d
-.Op Fl x Ar hex-aut0
-.Xc
-.Bl -tag -width Ds
-.It Fl d
-use manufacturer's default AUT0 key
-.El
-.El
-.\"
-.Sh HISTORY
-.Nm
-first appeared in
-.Ox 3.0 .
-.Sh AUTHORS
-.Nm
-was written by Jim Rees and others at University of Michigan
-Center for Information Technology Integration (CITI).
-.\"