Branch: master

640e6672 2015-09-17 16:43:10 Timothy Pearson 
v2.0 Release
Use TDE builtins for almost all functions
This package now only provides the initramfs LUKS configuration and related program(s)
A build_cardpincheck
A src/cardpincheck.c
M Makefile
M src/Makefile
M usr/bin/cryptosmartcard.sh
M usr/share/initramfs-tools/hooks/cryptlukssc
R build_ckpasswd
R etc/init/smartauthlogin.conf
R etc/smartauth/smartauth.sh.in
R etc/smartauth/smartauthmon.sh.in
R include/inn/buffer.h
R include/inn/confparse.h
R include/inn/defines.h
R include/inn/hashtab.h
R include/inn/history.h
R include/inn/innconf.h
R include/inn/list.h
R include/inn/md5.h
R include/inn/messages.h
R include/inn/mmap.h
R include/inn/qio.h
R include/inn/sequence.h
R include/inn/timer.h
R include/inn/tst.h
R include/inn/vector.h
R include/inn/wire.h
R scriptor_standalone.pl
R src/ckpass.c
R src/ckpasswd.c
R src/messages.c
R src/smartauthmon.cpp
R src/xmalloc.c
R usr/bin/setupcard.sh
R usr/bin/setupslavecard.sh
R usr/bin/smartauth.sh
R usr/share/applications/smartcardauth.desktop
R usr/share/applications/smartcardrestrict.desktop
R usr/share/icons/hicolor/16x16/apps/smartcardauth.png
R usr/share/icons/hicolor/32x32/apps/smartcardauth.png
 
diff --git a/Makefile b/Makefile
index 9259b90..9d083e5 100755
--- a/Makefile
+++ b/Makefile
@@ -1,21 +1,15 @@
 FPACKAGE = smartcardauth
-VERSION = 1.0
+VERSION = 2.0
 
 build:
 
 clean:
 
 install:
-	sed -i "s#scriptor#scriptor_standalone#g" scriptor_standalone.pl
-	/usr/bin/pp -a /usr/lib/perl5/Chipcard -a /usr/lib/perl5/Chipcard -o scriptor_standalone scriptor_standalone.pl
-	rm scriptor_standalone.pl
-	mv scriptor_standalone usr/bin/scriptor_standalone
-
-	./build_ckpasswd
+	./build_cardpincheck
 
 	mkdir -p $(DESTDIR)/usr
-	cp -Rp src/ckpasswd usr/bin/smartauthckpasswd
-	cp -Rp src/smartauthmon usr/bin/smartauthmon
+	cp -Rp src/cardpincheck usr/bin/cardpincheck
 	cp -Rp usr/*  $(DESTDIR)/usr/
 
 	mkdir -p $(DESTDIR)/etc
diff --git a/build_cardpincheck b/build_cardpincheck
new file mode 100755
index 0000000..b354c1f
--- /dev/null
+++ b/build_cardpincheck
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+cd src/
+make
+cd .. 
diff --git a/build_ckpasswd b/build_ckpasswd
deleted file mode 100755
index b354c1f..0000000
--- a/build_ckpasswd
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-
-cd src/
-make
-cd .. 
diff --git a/etc/init/smartauthlogin.conf b/etc/init/smartauthlogin.conf
deleted file mode 100755
index ac03e57..0000000
--- a/etc/init/smartauthlogin.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-# smartauthlogin - smart card login manager
-#
-
-description	"smart card login monitor"
-
-start on (filesystem
-	  and started tdm-trinity)
-stop on stopping tdm-trinity
-
-script
-	if [ -e /usr/bin/smartauthmon ]; then
-		/usr/bin/smartauthmon
-	fi
-end script
diff --git a/etc/smartauth/smartauth.sh.in b/etc/smartauth/smartauth.sh.in
deleted file mode 100644
index 92a9c56..0000000
--- a/etc/smartauth/smartauth.sh.in
+++ /dev/null
@@ -1,177 +0,0 @@
-#!/bin/bash
-
-# Smart Card Authentication Helper (c) 2009 Timothy Pearson
-#
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-get_file () {
-	if [[ $COMMAND_MODE == "acos" ]]; then
-		# Select EF $1 under DF 1000
-		echo "$SELECT_FILE $1" > query
-		scriptor_standalone query 1> response2
-		echo $(cat response2)
-
-		# Read binary
-		echo "$READ_BINARY" > query
-		scriptor_standalone query 1> response2
-		authokresponse="90 00 : Normal processing"
-		response1=$(cat response2 | grep "$authokresponse")
-		if [[ $response1 != "" ]]; then
-			cat response2 | tr -d '\n' > response4
-			stringtoreplace="Using T=0 protocol00 B0 00 00 FF> 00 B0 00 00 FF< "
-			newstring=""
-			sed -i "s#${stringtoreplace}#${newstring}#g" response4
-			stringtoreplace=" 90 00 : Normal processing."
-			newstring=""
-			sed -i "s#${stringtoreplace}#${newstring}#g" response4
-			if [[ $2 == "text" ]]; then
-				stringtoreplace=" 00"
-				newstring=""
-				sed -i "s#${stringtoreplace}#${newstring}#g" response4
-			fi
-			echo $(cat response4)
-			rm -f lukskey
-			xxd -r -p response4 lukskey
-			RESPONSE=lukskey
-		fi
-	fi
-
-	if [[ $COMMAND_MODE == "cryptoflex" ]]; then
-		echo "get $1" | opensc-explorer
-		RESPONSE="3F00_$1"
-	fi
-}
-
-# Initialize pcscd
-killall pcscd &
-sleep 1
-pcscd &
-sleep 1
-
-# Get card ATR
-echo "RESET" > query
-scriptor_standalone query 1> response2
-authokresponse="OK: "
-response1=$(cat response2 | grep "$authokresponse")
-if [[ $response1 != "" ]]; then
-	cat response2 | tr -d '\n' > response4
-	stringtoreplace="Using T=0 protocolRESET> RESET< OK: "
-	newstring=""
-	sed -i "s#${stringtoreplace}#${newstring}#g" response4
-	smartatr=$(cat response4)
-	echo "Got ATR: $smartatr"
-	if [[ $smartatr == "3B BE 18 00 00 41 05 10 00 00 00 00 00 00 00 00 00 90 00 " ]]; then
-		echo "Detected ACOS5 card"
-		COMMAND_MODE="acos"
-	fi
-	if [[ $smartatr == "3B 02 14 50 " ]]; then
-		echo "Detected Schlumberger CryptoFlex card"
-		COMMAND_MODE="cryptoflex"
-	fi
-else
-	echo "No card detected!"
-	exit 1
-fi
-
-if [[ $COMMAND_MODE == "cryptoflex" ]]; then
-	GET_CHALLENGE="C0 84 00 00 08"
-	EXTERNAL_AUTH="C0 82 00 00 07 01"
-	SELECT_FILE="C0 A4 00 00 02"
-	DELETE_FILE="F0 E4 00 00 02"
-fi
-
-if [[ $COMMAND_MODE == "acos" ]]; then
-	GET_CHALLENGE="00 84 00 00 08"
-	EXTERNAL_AUTH="00 82 00 83 08"		# Key 3
-	SELECT_FILE="00 A4 00 00 02"
-	DELETE_FILE="00 E4 00 00 00"
-	READ_BINARY="00 B0 00 00 FF"
-	UPDATE_BINARY="00 D6 00 00 FF"
-	ACTIVATE_FILE="00 44 00 00 02"
-fi
-
-# Authenticate card
-if [[ $COMMAND_MODE == "acos" ]]; then
-	# Select MF
-	echo "00 A4 00 00 00" > query
-	scriptor_standalone query 1> response2
-	echo $(cat response2)
-
-	# Select DF 1000 under MF
-	echo "$SELECT_FILE 10 00" > query
-	scriptor_standalone query 1> response2
-	echo $(cat response2)
-fi
-
-echo $GET_CHALLENGE > authscript
-
-scriptor_standalone authscript | grep 'Normal processing' > challenge
-perl -pi -e 's/ //g' challenge
-perl -pi -e 's/:Normalprocessing.//g' challenge
-perl -pi -e 's/<//g' challenge
-xxd -r -p challenge challenge
-
-# Now DES encrypt the challenge
-# Later, change the initialization vector to random if possible
-openssl des-ecb -in challenge -out response -K <your key in hexidecimal> -iv 1
-
-if [[ $COMMAND_MODE == "acos" ]]; then
-	# Truncate to 8 bytes
-	dd if=response of=response2 bs=1 count=8
-
-	# Expand to standard hex listing format
-	xxd -g 1 response2 response
-	dd if=response of=response2 bs=1 count=23 skip=9
-fi
-
-if [[ $COMMAND_MODE == "cryptoflex" ]]; then
-	# Truncate to 6 bytes
-	dd if=response of=response2 bs=1 count=6
-
-	# Expand to standard hex listing format
-	xxd -g 1 response2 response
-	dd if=response of=response2 bs=1 count=17 skip=9
-fi
-
-# Assemble the response file
-response2=$(cat response2)
-response1="$EXTERNAL_AUTH ${response2}"
-echo $response1 > response
-
-# Send the response!
-scriptor_standalone response > response2
-
-# Get the result
-authokresponse="< 90 00 : Normal processing"
-response1=$(cat response2 | grep "$authokresponse")
-echo $response1
-if [[ $response1 != "" ]]; then
-	echo "Smart card validation successfull!"
-	# Get encryption key
-	if [[ $COMMAND_MODE == "acos" ]]; then
-		get_file "10 01"
-	fi
-
-	if [[ $COMMAND_MODE == "cryptoflex" ]]; then
-		get_file "1001"
-	fi
-	mv $RESPONSE smart.key
-else
-	echo "Authentication failed!"
-fi
-
 ** Diff limit reached (max: 250 lines) **