dist/tools/pin.c

ba9bdd8bSchristos/*
ba9bdd8bSchristos * Copyright (c) 2018 Yubico AB. All rights reserved.
ba9bdd8bSchristos * Use of this source code is governed by a BSD-style
ba9bdd8bSchristos * license that can be found in the LICENSE file.
*2d40c451Schristos * SPDX-License-Identifier: BSD-2-Clause
ba9bdd8bSchristos */
ba9bdd8bSchristos
ba9bdd8bSchristos#include <fido.h>
ba9bdd8bSchristos#include <stdbool.h>
ba9bdd8bSchristos#include <stdio.h>
ba9bdd8bSchristos#include <stdlib.h>
ba9bdd8bSchristos#include <string.h>
ba9bdd8bSchristos#ifdef HAVE_UNISTD_H
ba9bdd8bSchristos#include <unistd.h>
ba9bdd8bSchristos#endif
ba9bdd8bSchristos
ba9bdd8bSchristos#include "../openbsd-compat/openbsd-compat.h"
ba9bdd8bSchristos#include "extern.h"
ba9bdd8bSchristos
ba9bdd8bSchristosint
ba9bdd8bSchristospin_set(char *path)
ba9bdd8bSchristos{
ba9bdd8bSchristos	fido_dev_t *dev = NULL;
ba9bdd8bSchristos	char prompt[1024];
*2d40c451Schristos	char pin1[128];
*2d40c451Schristos	char pin2[128];
ba9bdd8bSchristos	int r;
ba9bdd8bSchristos	int status = 1;
ba9bdd8bSchristos
ba9bdd8bSchristos	dev = open_dev(path);
ba9bdd8bSchristos
ba9bdd8bSchristos	r = snprintf(prompt, sizeof(prompt), "Enter new PIN for %s: ", path);
ba9bdd8bSchristos	if (r < 0 || (size_t)r >= sizeof(prompt)) {
ba9bdd8bSchristos		warnx("snprintf");
ba9bdd8bSchristos		goto out;
ba9bdd8bSchristos	}
ba9bdd8bSchristos
ba9bdd8bSchristos	if (!readpassphrase(prompt, pin1, sizeof(pin1), RPP_ECHO_OFF)) {
ba9bdd8bSchristos		warnx("readpassphrase");
ba9bdd8bSchristos		goto out;
ba9bdd8bSchristos	}
ba9bdd8bSchristos
ba9bdd8bSchristos	r = snprintf(prompt, sizeof(prompt), "Enter the same PIN again: ");
ba9bdd8bSchristos	if (r < 0 || (size_t)r >= sizeof(prompt)) {
ba9bdd8bSchristos		warnx("snprintf");
ba9bdd8bSchristos		goto out;
ba9bdd8bSchristos	}
ba9bdd8bSchristos
ba9bdd8bSchristos	if (!readpassphrase(prompt, pin2, sizeof(pin2), RPP_ECHO_OFF)) {
ba9bdd8bSchristos		warnx("readpassphrase");
ba9bdd8bSchristos		goto out;
ba9bdd8bSchristos	}
ba9bdd8bSchristos
ba9bdd8bSchristos	if (strcmp(pin1, pin2) != 0) {
ba9bdd8bSchristos		fprintf(stderr, "PINs do not match. Try again.\n");
ba9bdd8bSchristos		goto out;
ba9bdd8bSchristos	}
ba9bdd8bSchristos
*2d40c451Schristos	if (strlen(pin1) < 4 || strlen(pin1) > 63) {
*2d40c451Schristos		fprintf(stderr, "invalid PIN length\n");
*2d40c451Schristos		goto out;
*2d40c451Schristos	}
*2d40c451Schristos
ba9bdd8bSchristos	if ((r = fido_dev_set_pin(dev, pin1, NULL)) != FIDO_OK) {
ba9bdd8bSchristos		warnx("fido_dev_set_pin: %s", fido_strerr(r));
ba9bdd8bSchristos		goto out;
ba9bdd8bSchristos	}
ba9bdd8bSchristos
ba9bdd8bSchristos	fido_dev_close(dev);
ba9bdd8bSchristos	fido_dev_free(&dev);
ba9bdd8bSchristos
ba9bdd8bSchristos	status = 0;
ba9bdd8bSchristosout:
ba9bdd8bSchristos	explicit_bzero(pin1, sizeof(pin1));
ba9bdd8bSchristos	explicit_bzero(pin2, sizeof(pin2));
ba9bdd8bSchristos
ba9bdd8bSchristos	exit(status);
ba9bdd8bSchristos}
ba9bdd8bSchristos
ba9bdd8bSchristosint
ba9bdd8bSchristospin_change(char *path)
ba9bdd8bSchristos{
ba9bdd8bSchristos	fido_dev_t *dev = NULL;
ba9bdd8bSchristos	char prompt[1024];
*2d40c451Schristos	char pin0[128];
*2d40c451Schristos	char pin1[128];
*2d40c451Schristos	char pin2[128];
ba9bdd8bSchristos	int r;
ba9bdd8bSchristos	int status = 1;
ba9bdd8bSchristos
ba9bdd8bSchristos	if (path == NULL)
ba9bdd8bSchristos		usage();
ba9bdd8bSchristos
ba9bdd8bSchristos	dev = open_dev(path);
ba9bdd8bSchristos
ba9bdd8bSchristos	r = snprintf(prompt, sizeof(prompt), "Enter current PIN for %s: ", path);
ba9bdd8bSchristos	if (r < 0 || (size_t)r >= sizeof(prompt)) {
ba9bdd8bSchristos		warnx("snprintf");
ba9bdd8bSchristos		goto out;
ba9bdd8bSchristos	}
ba9bdd8bSchristos
ba9bdd8bSchristos	if (!readpassphrase(prompt, pin0, sizeof(pin0), RPP_ECHO_OFF)) {
ba9bdd8bSchristos		warnx("readpassphrase");
ba9bdd8bSchristos		goto out;
ba9bdd8bSchristos	}
ba9bdd8bSchristos
*2d40c451Schristos	if (strlen(pin0) < 4 || strlen(pin0) > 63) {
*2d40c451Schristos		warnx("invalid PIN length");
*2d40c451Schristos		goto out;
*2d40c451Schristos	}
*2d40c451Schristos
ba9bdd8bSchristos	r = snprintf(prompt, sizeof(prompt), "Enter new PIN for %s: ", path);
ba9bdd8bSchristos	if (r < 0 || (size_t)r >= sizeof(prompt)) {
ba9bdd8bSchristos		warnx("snprintf");
ba9bdd8bSchristos		goto out;
ba9bdd8bSchristos	}
ba9bdd8bSchristos
ba9bdd8bSchristos	if (!readpassphrase(prompt, pin1, sizeof(pin1), RPP_ECHO_OFF)) {
ba9bdd8bSchristos		warnx("readpassphrase");
ba9bdd8bSchristos		goto out;
ba9bdd8bSchristos	}
ba9bdd8bSchristos
ba9bdd8bSchristos	r = snprintf(prompt, sizeof(prompt), "Enter the same PIN again: ");
ba9bdd8bSchristos	if (r < 0 || (size_t)r >= sizeof(prompt)) {
ba9bdd8bSchristos		warnx("snprintf");
ba9bdd8bSchristos		goto out;
ba9bdd8bSchristos	}
ba9bdd8bSchristos
ba9bdd8bSchristos	if (!readpassphrase(prompt, pin2, sizeof(pin2), RPP_ECHO_OFF)) {
ba9bdd8bSchristos		warnx("readpassphrase");
ba9bdd8bSchristos		goto out;
ba9bdd8bSchristos	}
ba9bdd8bSchristos
ba9bdd8bSchristos	if (strcmp(pin1, pin2) != 0) {
ba9bdd8bSchristos		fprintf(stderr, "PINs do not match. Try again.\n");
ba9bdd8bSchristos		goto out;
ba9bdd8bSchristos	}
ba9bdd8bSchristos
*2d40c451Schristos	if (strlen(pin1) < 4 || strlen(pin1) > 63) {
*2d40c451Schristos		fprintf(stderr, "invalid PIN length\n");
*2d40c451Schristos		goto out;
*2d40c451Schristos	}
*2d40c451Schristos
ba9bdd8bSchristos	if ((r = fido_dev_set_pin(dev, pin1, pin0)) != FIDO_OK) {
ba9bdd8bSchristos		warnx("fido_dev_set_pin: %s", fido_strerr(r));
ba9bdd8bSchristos		goto out;
ba9bdd8bSchristos	}
ba9bdd8bSchristos
ba9bdd8bSchristos	fido_dev_close(dev);
ba9bdd8bSchristos	fido_dev_free(&dev);
ba9bdd8bSchristos
ba9bdd8bSchristos	status = 0;
ba9bdd8bSchristosout:
ba9bdd8bSchristos	explicit_bzero(pin0, sizeof(pin0));
ba9bdd8bSchristos	explicit_bzero(pin1, sizeof(pin1));
ba9bdd8bSchristos	explicit_bzero(pin2, sizeof(pin2));
ba9bdd8bSchristos
ba9bdd8bSchristos	exit(status);
ba9bdd8bSchristos}