password.c

在卡片上管理密码的工具。密码被标注并集体加密存储在卡片上。因此这是一个安全存储密码的方法

 *****************************************************************************/
bool 
password_remove(const crypt_context * const card_crypt_ctx, const u16 port, 
                char * const description) {
  char key[128];                /* Key for card encryption. */
  u8 *buffer = NULL;            /* Buffer for card-data. */
  char *p = NULL;               /* Pointer for getpass(). */
  char ret;
  int num_removed_characters;   /* Number of removed characters. pass+descr */
  u16 data_size;                /* Used space on the card (in byte). */
  u16 card_size;                /* Card's size. */
  u16 ctn = 0;                  /* Card-terminal handle. */

  /* Initialize & reset card terminal. */
  if ( (card_init_terminal(ctn, port) != POC_SUCCESS) ||
       (card_reset_terminal(ctn) != POC_SUCCESS) ) {

    /* If initialization fails, or resetting, we will return. */
    wipe_out_data();
    card_close_terminal(ctn);
    return(POC_ERROR);
  }

  /* Request ICC and check whether a memory card is inserted. */
  if (card_request_icc(ctn) != MEMORY_CARD) {

    /* If no memory card is present we will return. */
    print_err(STR_NO_MEM_CARD);
    wipe_out_data();
    card_close_terminal(ctn);
    return(POC_ERROR);
  }

  /* Select card's memory for reading and writing. */
  if (card_select_file(ctn) != POC_SUCCESS) {
    wipe_out_data();
    card_close_terminal(ctn);
    return(POC_ERROR);
  }

  /* Allocate 2 byte to read card's size information. */
  if ( (buffer = realloc(buffer, 2)) == NULL) {
    print_err(ERR_PRFX_NM);
    perror("");
    wipe_out_data();
    card_close_terminal(ctn);
    return(POC_ERROR);
  }

  /* Read card's size, which is stored in byte 1 and 2 of the card.
   * If 'ret' is not POC_SUCCESS, we will print an error message if a memory 
   * error occured and return. */
  if ( (ret = card_read_data(ctn, CARD_SIZE_OFFSET, 2, buffer)) !=
       POC_SUCCESS) {
    if (ret == POC_MEM_ERR) {
      print_err(ERR_PRFX_NM);
      perror("");
    }
    wipe_out_data();
    card_close_terminal(ctn);
    return(POC_ERROR);
  }

  /* Convert the 2 chars to an unsigned short. */
  card_size = (buffer[0] << 8) | buffer[1];

  /* Read data size, which is stored in byte 3-4 of the card.
   * If 'ret' is not POC_SUCCESS, we will print an error message if a memory 
   * error occured and return. */
  if ( (ret = card_read_data(ctn, DATA_SIZE_OFFSET, 2, buffer)) !=
       POC_SUCCESS) {
    if (ret == POC_MEM_ERR) {
      print_err(ERR_PRFX_NM);
      perror("");
    }
    wipe_out_data();
    card_close_terminal(ctn);
    return(POC_ERROR);
  }

  /* Convert the 2 chars to an unsigned short. */
  data_size = (buffer[0] << 8) | buffer[1];

  /* data_size == 0 ? No passwords on the card, so we can't remove something.*/
  if (data_size == 0) {    
    print_err(STR_EMPTY_CARD);
    wipe_out_data();
    card_close_terminal(ctn);
    return(POC_ERROR);
  }

  /* Allocate more memory to store card's data. */
  if ( (buffer = realloc(buffer, data_size)) == NULL) {
    print_err(ERR_PRFX_NM);
    perror("");
    wipe_out_data();
    card_close_terminal(ctn);
    return(POC_ERROR);
  }

  /* Read all data. */
  if ( (ret = 
	card_read_data(ctn, DATA_AREA_START_OFFSET, data_size, buffer)) !=
       POC_SUCCESS) {
    if (ret == POC_MEM_ERR) {
      print_err(ERR_PRFX_NM);
      perror("");
    }
    wipe_out_data();
    card_close_terminal(ctn);
    return(POC_ERROR);
  }

  /* If cipher is set to 'plaintext' we don't need to en/decrypt the card's
     memory. */
  if (strcmp(card_crypt_ctx->cipher, "plaintext") != 0) {

    /* Get key to decrypt card's memory. */
    if ((p = getpass(STR_KEY_PROMPT)) == NULL) {
      wipe_out_data();
      card_close_terminal(ctn);
      return(POC_ERROR);
    }
    strncpy(key, p, 128);                         /* Save it in 'key'. */

    /* Call the cipher's key-schedule function. */
    if ( (ret = cipher_setkey(card_crypt_ctx, key, strlen(key))) !=
         POC_SUCCESS) {
      print_err(STR_CIPHER_SETKEY_ERR);
      wipe_out_data();
      card_close_terminal(ctn);
      return(POC_ERROR);
    }

    /* Decrypt. */
    cipher_ofb(card_crypt_ctx, buffer, data_size);

    /*
     * After decrypting the data, we will check whether the key was correct.
     * This is done by checking the buffer for unprintable characters.
     */
    if (check_buffer(buffer, data_size)) {

      /* Wrong key? Buffer contains garbage. */
      printf(STR_WARN_POSSIBLE_WRONG_KEY);
      if (tolower(getchar()) != 'y') {
	wipe_out_data();
	card_close_terminal(ctn);
	return(POC_ERROR);
      }
    }

  }

  /* Remove password+description. Number of removed characters is stored
     in num_removed_characters. */
  if ((num_removed_characters = 
       search_and_remove(description, buffer)) == -1) {

    /* Didn't find a password with the given description. */
    print_err(STR_NO_PASSWORD_FOUND);
    wipe_out_data();
    card_close_terminal(ctn);
    return(POC_ERROR);
  }
 
  /* Defragment card's mem. */
  defrag_card(buffer, data_size, num_removed_characters);
 
  /* Correct data_size. */
  data_size -= num_removed_characters;

  /* Encrypt data if cipher is not 'plaintext'. */
  if (strcmp(card_crypt_ctx->cipher, "plaintext") != 0)
    cipher_ofb(card_crypt_ctx, buffer, data_size);

  /* write data_size information */
  data_size = bswap_16(data_size);
  if ( (ret = card_write_data(ctn, DATA_SIZE_OFFSET, 2, (u8 *) &data_size)) !=
       POC_SUCCESS) {
    if (ret == POC_MEM_ERR) {
      print_err(ERR_PRFX_NM);
      perror("");
    }
    wipe_out_data();
    card_close_terminal(ctn);
    return(POC_ERROR);
  }

  /* Write buffer to card. */
  if ( (ret = 
	card_write_data(ctn, DATA_AREA_START_OFFSET, bswap_16(data_size) + 
			num_removed_characters, buffer)) != POC_SUCCESS) {
    if (ret == POC_MEM_ERR) {
      print_err(ERR_PRFX_NM);
      perror("");
    }
    wipe_out_data();
    card_close_terminal(ctn);
    return(POC_ERROR);
  }

  /* Close terminal. */
  card_close_terminal(ctn);

  /* wipe clean */
  wipe_out_data();

  /* wipe sensetive cipher specific data. */
  cipher_wipe(card_crypt_ctx);

  return(POC_SUCCESS);
}

/******************************************************************************
 *
 * Function    : search_and_print
 *
 * Description : This function searches through a memory image and prints
 *               the entry whose description matches the given one.
 *
 * Input       : [1] description (u8)
 *                   The description to search for.
 *               [2] buffer (u8)
 *                   Card's memory image.
 *               [3] data_size (int)
 *                   Image's size in byte.
 *
 * Return      : nothing is returned.
 *
 *****************************************************************************/
static void 
search_and_print(const u8 * const description, u8 * const buffer,
                 int data_size) {
  int i = 0;                       /* Counter (index for buffer). */
  u8 *ptr;

  data_size--;

  while (i < data_size) {
    
    /* 
     * Search for an entry. (Every entry in the data area starts with
     * a description.
     */
    if (buffer[i] != DESCRIPTION)
      i++;
    else {
      /* Found an entry. */

      ptr = &buffer[i + 1]; 
      i++;
      
      /* Compare both descriptions. */
      if (strncasecmp(description, ptr, strlen(description)) == 0 ||
	  strcmp(description, "all") == 0) {

	/* 
	 * If the descriptions are equal or 'description' is "all" we are
	 * successfull and print the entry.
	 */
	printf(STR_START_MSG_LIST_DESCR);

	/* Output the description, byte by byte. */
	do {
	  printf("%c", *ptr++);
	  i++;
	} while (*ptr != PASSWORD);
	printf("\n");
	
	printf(STR_START_MSG_LIST_PASSWORD);
	/* NOTICE:
	 * -Wall will output a warning like: value computed is not used.
	 * you can ignore it. However, do not remove the following line! 
	 */ 
	*ptr++;

	/* Output the password, byte by byte. */
	do {
	  printf("%c", *ptr++);
	  i++;
	} while (*ptr != DESCRIPTION && i < data_size);
	printf("\n\n");
      }
    }
  }
}

#undef wipe_out_data
/* Clean sensetive data. */
#define wipe_out_data() {                     \
  overwrite_buffer(p);                        \
  overwrite_buffer(key);                      \
  overwrite_buffer(buffer);                   \
  drop_mbuffer(buffer);                       \
}

/******************************************************************************
 *
 * Function    : password_list
 *
 * Description : This function lists an entry of the data area, which matches
 *               the given description.
 *
 * Input       : [1] card_crypt_ctx (crypt_context)
 *                   Information about data encryption (cipher, security-level)
 *               [2] port (u16)
 *                   Com-Port
 *               [3] description (char)
 *                   The description of the entry which shall be listed.
 *
 * Return      : POC_ERROR or POC_SUCCESS
 *
 *****************************************************************************/
bool 
password_list(const crypt_context * const card_crypt_ctx, const u16 port, 
              char * const description) {
  char key[128];         /* Key for card decryption. */
  u8 *buffer = NULL;     /* Buffer for card's data. */  
  char *p = NULL;        /* Pointer for getpass(). */
  char ret;              /* Returns of CT-API calls. */
  u16 data_size;         /* Used space on the card. */
  u16 card_size;         /* Card's size. */
  u16 ctn = 0;           /* Card-terminal handle. */
  
  /* Initialize & reset card terminal. */
  if ( (card_init_terminal(ctn, port) != POC_SUCCESS) ||
       (card_reset_terminal(ctn) != POC_SUCCESS) ) {

    /* If initialization fails, or resetting, we will return. */
    wipe_out_data();
    card_close_terminal(ctn);
    return(POC_ERROR);
  }
  
  /* Request ICC and check whether a memory card is inserted. */
  if (card_request_icc(ctn) != MEMORY_CARD) {
    
    /* If no memory card is present we will return. */
    print_err(STR_NO_MEM_CARD);
    wipe_out_data();
    card_close_terminal(ctn);
    return(POC_ERROR);
  }

  /* Select card's memory for reading. */
  if (card_select_file(ctn) != POC_SUCCESS) {
    wipe_out_data();
    card_close_terminal(ctn);
    return(POC_ERROR);
  }

  /* Allocate 2 byte to read card's size information. */
  if ( (buffer = realloc(buffer, 2)) == NULL) {
    print_err(ERR_PRFX_NM);
    perror("");
    wipe_out_data();
    card_close_terminal(ctn);
    return(POC_ERROR);
  }

  /* Read card's size, which is stored in byte 1 and 2 of the card.
   * If 'ret' is not POC_SUCCESS, we will print an error message if a memory 
   * error occured and return. */
  if ( (ret = card_read_data(ctn, CARD_SIZE_OFFSET, 2, buffer)) !=
       POC_SUCCESS) {
    if (ret == POC_MEM_ERR) {
      print_err(ERR_PRFX_NM);
      perror("");
    }
    wipe_out_data();
    card_close_terminal(ctn);
    return(POC_ERROR);
  }

  /* Convert the 2 chars to an unsigned short. */
  card_size = (buffer[0] << 8) | buffer[1];

  /* Read data size, which is stored in byte 3-4 of the card.
   * If 'ret' is not POC_SUCCESS, we will print an error message if a memory 
   * error occured and return. */
  if ( (ret = card_read_data(ctn, DATA_SIZE_OFFSET, 2, buffer)) !=
       POC_SUCCESS) {
    if (ret == POC_MEM_ERR) {
      print_err(ERR_PRFX_NM);
      perror("");
    }
    wipe_out_data();
    card_close_terminal(ctn);
    return(POC_ERROR);
  }

  /* Convert the 2 chars to an unsigned short. */
  data_size = (buffer[0] << 8) | buffer[1];

  /* Check whether the card is empty. */
  if (data_size == 0) {

    /* The card is empty, so we won't find anything. */
    print_err(STR_EMPTY_CARD);
    wipe_out_data();
    card_close_terminal(ctn);
    return(POC_ERROR);
  }

  /* Allocate more space for card's data. */
  if ( (buffer = realloc(buffer, data_size)) == NULL) {
    print_err(ERR_PRFX_NM);
    perror("");
    wipe_out_data();
    card_close_terminal(ctn);
    return(POC_ERROR);
  }

  /* Read all data. */
  if ( (ret =
	card_read_data(ctn, DATA_AREA_START_OFFSET, data_size, buffer)) !=
       POC_SUCCESS) {
    if (ret == POC_MEM_ERR) {
      print_err(ERR_PRFX_NM);
      perror("");
    }
    wipe_out_data();
    card_close_terminal(ctn);
    return(POC_ERROR);
  }

  /* Is the card's data stored unencrypted? If not, continue. */
  if (strcmp(card_crypt_ctx->cipher, "plaintext") != 0) {

    /* Get key for decryption. */
    if ((p = getpass(STR_KEY_PROMPT)) == NULL) {
      wipe_out_data();
      card_close_terminal(ctn);
      return(POC_ERROR);
    }
    strncpy(key, p, 128);

    /* Call the cipher's key-schedule function. */
    if ( (ret = cipher_setkey(card_crypt_ctx, key, strlen(key))) !=
         POC_SUCCESS) {
      print_err(STR_CIPHER_SETKEY_ERR);
      wipe_out_data();
      card_close_terminal(ctn);
      return(POC_ERROR);
    }

    /* Decrypt data. */
    cipher_ofb(card_crypt_ctx, buffer, data_size);

    /*
     * After decrypting the data, we will check whether the key was correct.
     * This is done by checking the buffer for unprintable characters.
     */
    if (check_buffer(buffer, data_size)) {

      /* Wrong key? Buffer contains garbage. */
      printf(STR_WARN_POSSIBLE_WRONG_KEY);
      if (tolower(getchar()) != 'y') {
	wipe_out_data();
	card_close_terminal(ctn);
	return(POC_ERROR);
      }
    }

  }

  /* Call search_and_print function, which will search and output password +
     description if something can be found. */
  search_and_print(description, buffer, data_size);

  /* Close terminal. */
  card_close_terminal(ctn);
  
  /* wipe clean */
  wipe_out_data();
  
  /* wipe cipher specific data. */
  cipher_wipe(card_crypt_ctx);

  return(POC_SUCCESS);
}