640e6672 | 2015-09-17 16:43:10 | Timothy Pearson |
v2.0 Release Use TDE builtins for almost all functions This package now only provides the initramfs LUKS configuration and related program(s) |
||
A build_cardpincheck A src/cardpincheck.c M Makefile M src/Makefile M usr/bin/cryptosmartcard.sh M usr/share/initramfs-tools/hooks/cryptlukssc R build_ckpasswd R etc/init/smartauthlogin.conf R etc/smartauth/smartauth.sh.in R etc/smartauth/smartauthmon.sh.in R include/inn/buffer.h R include/inn/confparse.h R include/inn/defines.h R include/inn/hashtab.h R include/inn/history.h R include/inn/innconf.h R include/inn/list.h R include/inn/md5.h R include/inn/messages.h R include/inn/mmap.h R include/inn/qio.h R include/inn/sequence.h R include/inn/timer.h R include/inn/tst.h R include/inn/vector.h R include/inn/wire.h R scriptor_standalone.pl R src/ckpass.c R src/ckpasswd.c R src/messages.c R src/smartauthmon.cpp R src/xmalloc.c R usr/bin/setupcard.sh R usr/bin/setupslavecard.sh R usr/bin/smartauth.sh R usr/share/applications/smartcardauth.desktop R usr/share/applications/smartcardrestrict.desktop R usr/share/icons/hicolor/16x16/apps/smartcardauth.png R usr/share/icons/hicolor/32x32/apps/smartcardauth.png |
||
diff --git a/Makefile b/Makefile index 9259b90..9d083e5 100755 --- a/Makefile +++ b/Makefile @@ -1,21 +1,15 @@ FPACKAGE = smartcardauth -VERSION = 1.0 +VERSION = 2.0 build: clean: install: - sed -i "s#scriptor#scriptor_standalone#g" scriptor_standalone.pl - /usr/bin/pp -a /usr/lib/perl5/Chipcard -a /usr/lib/perl5/Chipcard -o scriptor_standalone scriptor_standalone.pl - rm scriptor_standalone.pl - mv scriptor_standalone usr/bin/scriptor_standalone - - ./build_ckpasswd + ./build_cardpincheck mkdir -p $(DESTDIR)/usr - cp -Rp src/ckpasswd usr/bin/smartauthckpasswd - cp -Rp src/smartauthmon usr/bin/smartauthmon + cp -Rp src/cardpincheck usr/bin/cardpincheck cp -Rp usr/* $(DESTDIR)/usr/ mkdir -p $(DESTDIR)/etc diff --git a/build_cardpincheck b/build_cardpincheck new file mode 100755 index 0000000..b354c1f --- /dev/null +++ b/build_cardpincheck @@ -0,0 +1,5 @@ +#!/bin/bash + +cd src/ +make +cd .. diff --git a/build_ckpasswd b/build_ckpasswd deleted file mode 100755 index b354c1f..0000000 --- a/build_ckpasswd +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -cd src/ -make -cd .. diff --git a/etc/init/smartauthlogin.conf b/etc/init/smartauthlogin.conf deleted file mode 100755 index ac03e57..0000000 --- a/etc/init/smartauthlogin.conf +++ /dev/null @@ -1,14 +0,0 @@ -# smartauthlogin - smart card login manager -# - -description "smart card login monitor" - -start on (filesystem - and started tdm-trinity) -stop on stopping tdm-trinity - -script - if [ -e /usr/bin/smartauthmon ]; then - /usr/bin/smartauthmon - fi -end script diff --git a/etc/smartauth/smartauth.sh.in b/etc/smartauth/smartauth.sh.in deleted file mode 100644 index 92a9c56..0000000 --- a/etc/smartauth/smartauth.sh.in +++ /dev/null @@ -1,177 +0,0 @@ -#!/bin/bash - -# Smart Card Authentication Helper (c) 2009 Timothy Pearson -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. - -get_file () { - if [[ $COMMAND_MODE == "acos" ]]; then - # Select EF $1 under DF 1000 - echo "$SELECT_FILE $1" > query - scriptor_standalone query 1> response2 - echo $(cat response2) - - # Read binary - echo "$READ_BINARY" > query - scriptor_standalone query 1> response2 - authokresponse="90 00 : Normal processing" - response1=$(cat response2 | grep "$authokresponse") - if [[ $response1 != "" ]]; then - cat response2 | tr -d '\n' > response4 - stringtoreplace="Using T=0 protocol00 B0 00 00 FF> 00 B0 00 00 FF< " - newstring="" - sed -i "s#${stringtoreplace}#${newstring}#g" response4 - stringtoreplace=" 90 00 : Normal processing." - newstring="" - sed -i "s#${stringtoreplace}#${newstring}#g" response4 - if [[ $2 == "text" ]]; then - stringtoreplace=" 00" - newstring="" - sed -i "s#${stringtoreplace}#${newstring}#g" response4 - fi - echo $(cat response4) - rm -f lukskey - xxd -r -p response4 lukskey - RESPONSE=lukskey - fi - fi - - if [[ $COMMAND_MODE == "cryptoflex" ]]; then - echo "get $1" | opensc-explorer - RESPONSE="3F00_$1" - fi -} - -# Initialize pcscd -killall pcscd & -sleep 1 -pcscd & -sleep 1 - -# Get card ATR -echo "RESET" > query -scriptor_standalone query 1> response2 -authokresponse="OK: " -response1=$(cat response2 | grep "$authokresponse") -if [[ $response1 != "" ]]; then - cat response2 | tr -d '\n' > response4 - stringtoreplace="Using T=0 protocolRESET> RESET< OK: " - newstring="" - sed -i "s#${stringtoreplace}#${newstring}#g" response4 - smartatr=$(cat response4) - echo "Got ATR: $smartatr" - if [[ $smartatr == "3B BE 18 00 00 41 05 10 00 00 00 00 00 00 00 00 00 90 00 " ]]; then - echo "Detected ACOS5 card" - COMMAND_MODE="acos" - fi - if [[ $smartatr == "3B 02 14 50 " ]]; then - echo "Detected Schlumberger CryptoFlex card" - COMMAND_MODE="cryptoflex" - fi -else - echo "No card detected!" - exit 1 -fi - -if [[ $COMMAND_MODE == "cryptoflex" ]]; then - GET_CHALLENGE="C0 84 00 00 08" - EXTERNAL_AUTH="C0 82 00 00 07 01" - SELECT_FILE="C0 A4 00 00 02" - DELETE_FILE="F0 E4 00 00 02" -fi - -if [[ $COMMAND_MODE == "acos" ]]; then - GET_CHALLENGE="00 84 00 00 08" - EXTERNAL_AUTH="00 82 00 83 08" # Key 3 - SELECT_FILE="00 A4 00 00 02" - DELETE_FILE="00 E4 00 00 00" - READ_BINARY="00 B0 00 00 FF" - UPDATE_BINARY="00 D6 00 00 FF" - ACTIVATE_FILE="00 44 00 00 02" -fi - -# Authenticate card -if [[ $COMMAND_MODE == "acos" ]]; then - # Select MF - echo "00 A4 00 00 00" > query - scriptor_standalone query 1> response2 - echo $(cat response2) - - # Select DF 1000 under MF - echo "$SELECT_FILE 10 00" > query - scriptor_standalone query 1> response2 - echo $(cat response2) -fi - -echo $GET_CHALLENGE > authscript - -scriptor_standalone authscript | grep 'Normal processing' > challenge -perl -pi -e 's/ //g' challenge -perl -pi -e 's/:Normalprocessing.//g' challenge -perl -pi -e 's/<//g' challenge -xxd -r -p challenge challenge - -# Now DES encrypt the challenge -# Later, change the initialization vector to random if possible -openssl des-ecb -in challenge -out response -K <your key in hexidecimal> -iv 1 - -if [[ $COMMAND_MODE == "acos" ]]; then - # Truncate to 8 bytes - dd if=response of=response2 bs=1 count=8 - - # Expand to standard hex listing format - xxd -g 1 response2 response - dd if=response of=response2 bs=1 count=23 skip=9 -fi - -if [[ $COMMAND_MODE == "cryptoflex" ]]; then - # Truncate to 6 bytes - dd if=response of=response2 bs=1 count=6 - - # Expand to standard hex listing format - xxd -g 1 response2 response - dd if=response of=response2 bs=1 count=17 skip=9 -fi - -# Assemble the response file -response2=$(cat response2) -response1="$EXTERNAL_AUTH ${response2}" -echo $response1 > response - -# Send the response! -scriptor_standalone response > response2 - -# Get the result -authokresponse="< 90 00 : Normal processing" -response1=$(cat response2 | grep "$authokresponse") -echo $response1 -if [[ $response1 != "" ]]; then - echo "Smart card validation successfull!" - # Get encryption key - if [[ $COMMAND_MODE == "acos" ]]; then - get_file "10 01" - fi - - if [[ $COMMAND_MODE == "cryptoflex" ]]; then - get_file "1001" - fi - mv $RESPONSE smart.key -else - echo "Authentication failed!" -fi - ** Diff limit reached (max: 250 lines) ** |