oxidize: Factor into standard Rust crate structure

- Adds initial `Cargo.toml` (and `Cargo.lock` to `.gitignore`)
- Deletes `tool` (it seems hard to `corrode`)
- Moves `lib/tests` => `tests` (we should figure out how to translate them)
- Moves `lib` => `src` to match Rust conventions
- Renames `lib/ykpiv.rs` => `src/lib.rs` to match Rust conventions
- Adds copyright from `ykpiv.h` to the top of all `*.rs` files
This commit is contained in:
Tony Arcieri
2019-08-10 11:14:18 -07:00
parent 45ba342f57
commit 29fe670896
39 changed files with 144 additions and 6475 deletions
+1
View File
@@ -1,2 +1,3 @@
/target
**/*.rs.bk
Cargo.lock
+8
View File
@@ -0,0 +1,8 @@
[package]
name = "yubikey-piv"
version = "0.0.0"
authors = ["Tony Arcieri <bascule@gmail.com>", "Yubico AB"]
edition = "2018"
license = "BSD"
[dependencies]
-2473
View File
File diff suppressed because it is too large Load Diff
-59
View File
@@ -1,59 +0,0 @@
# Copyright (c) 2014-2016 Yubico AB
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
SUBDIRS = . tests
AM_CFLAGS = $(WERROR_CFLAGS) $(WARN_CFLAGS)
AM_CPPFLAGS = $(OPENSSL_CFLAGS) $(PCSC_CFLAGS)
lib_LTLIBRARIES = libykpiv.la
libykpiv_la_SOURCES = ykpiv.c util.c internal.c internal.h version.c ykpiv.pc.in ykpiv.map
libykpiv_la_SOURCES += error.c
libykpiv_la_includedir = $(includedir)/ykpiv
libykpiv_la_include_HEADERS = ykpiv.h ykpiv-version.h
EXTRA_libykpiv_la_DEPENDENCIES = ykpiv.map
libykpiv_la_LIBADD = $(OPENSSL_LIBS) $(PCSC_LIBS)
libykpiv_la_LIBADD += $(PCSC_WIN_LIBS) $(PCSC_MACOSX_LIBS) $(PCSC_CUSTOM_LIBS)
libykpiv_la_LDFLAGS = -no-undefined
libykpiv_la_LDFLAGS += -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
if HAVE_LD_VERSION_SCRIPT
libykpiv_la_LDFLAGS += -Wl,--version-script=$(srcdir)/ykpiv.map
else
libykpiv_la_LDFLAGS += -export-symbols-regex '^ykpiv_.*'
endif
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = ykpiv.pc
if ENABLE_COV
AM_CFLAGS += --coverage
AM_LDFLAGS = --coverage
endif
-121
View File
@@ -1,121 +0,0 @@
# Copyright (c) 2014-2016 Yubico AB
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
YKPIV_0.1.0
{
global:
ykpiv_check_version;
ykpiv_strerror_name;
ykpiv_strerror;
ykpiv_init;
ykpiv_done;
ykpiv_connect;
ykpiv_disconnect;
ykpiv_transfer_data;
ykpiv_authenticate;
ykpiv_set_mgmkey;
ykpiv_sign_data;
ykpiv_get_version;
ykpiv_verify;
ykpiv_fetch_object;
ykpiv_save_object;
ykpiv_hex_decode;
local:
*;
};
YKPIV_0.2.0
{
global:
ykpiv_decipher_data;
} YKPIV_0.1.0;
YKPIV_1.1.0
{
global:
ykpiv_set_mgmkey2;
ykpiv_list_readers;
} YKPIV_0.2.0;
YKPIV_1.2.0
{
global:
ykpiv_import_private_key;
} YKPIV_1.1.0;
YKPIV_1.3.0
{
global:
ykpiv_change_pin;
ykpiv_change_puk;
ykpiv_unblock_pin;
} YKPIV_1.2.0;
YKPIV_1.5.0
{
global:
ykpiv_attest;
ykpiv_auth_getchallenge;
ykpiv_auth_verifyresponse;
ykpiv_connect_with_external_card;
ykpiv_done_with_external_card;
ykpiv_get_pin_retries;
ykpiv_init_with_allocator;
ykpiv_set_pin_retries;
ykpiv_util_block_puk;
ykpiv_util_delete_cert;
ykpiv_util_devicemodel;
ykpiv_util_free;
ykpiv_util_generate_key;
ykpiv_util_get_cardid;
ykpiv_util_get_cccid;
ykpiv_util_get_config;
ykpiv_util_get_derived_mgm;
ykpiv_util_get_protected_mgm;
ykpiv_util_list_keys;
ykpiv_util_list_keys;
ykpiv_util_read_cert;
ykpiv_util_read_mscmap;
ykpiv_util_read_msroots;
ykpiv_util_reset;
ykpiv_util_set_cardid;
ykpiv_util_set_cccid;
ykpiv_util_set_pin_last_changed;
ykpiv_util_set_protected_mgm;
ykpiv_util_slot_object;
ykpiv_util_write_cert;
ykpiv_util_write_mscmap;
ykpiv_util_write_msroots;
ykpiv_verify_select;
} YKPIV_1.3.0;
YKPIV_1.6.0
{
global:
ykpiv_get_serial;
} YKPIV_1.5.0;
-40
View File
@@ -1,40 +0,0 @@
# Copyright (c) 2014-2016 Yubico AB
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
prefix=@prefix@
exec_prefix=@exec_prefix@
libdir=@libdir@
includedir=@includedir@
Name: @PACKAGE@
Description: Yubico PIV C Library
URL: https://www.yubico.com/
Version: @VERSION@
Requires.private: libcrypto
Libs: -L${libdir} -lykpiv
Cflags: -I${includedir}/ykpiv
View File
+27
View File
@@ -1,3 +1,30 @@
// Copyright (c) 2014-2016 Yubico AB
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
// * Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
//
// * Redistributions in binary form must reproduce the above
// copyright notice, this list of conditions and the following
// disclaimer in the documentation and/or other materials provided
// with the distribution.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#[derive(Clone, Copy)]
#[repr(i32)]
pub enum Enum2 {
View File
View File
+27
View File
@@ -1,3 +1,30 @@
// Copyright (c) 2014-2016 Yubico AB
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
// * Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
//
// * Redistributions in binary form must reproduce the above
// copyright notice, this list of conditions and the following
// disclaimer in the documentation and/or other materials provided
// with the distribution.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
extern {
fn DES_ecb3_encrypt(
input : *mut [u8; 8],
+27
View File
@@ -1,3 +1,30 @@
// Copyright (c) 2014-2016 Yubico AB
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
// * Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
//
// * Redistributions in binary form must reproduce the above
// copyright notice, this list of conditions and the following
// disclaimer in the documentation and/or other materials provided
// with the distribution.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
extern {
fn SCardBeginTransaction(hCard : i32) -> i32;
fn SCardConnect(
View File
+27
View File
@@ -1,3 +1,30 @@
// Copyright (c) 2014-2016 Yubico AB
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
// * Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
//
// * Redistributions in binary form must reproduce the above
// copyright notice, this list of conditions and the following
// disclaimer in the documentation and/or other materials provided
// with the distribution.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
extern {
static mut _DefaultRuneLocale : Struct1;
fn __maskrune(arg1 : i32, arg2 : usize) -> i32;
View File
+27
View File
@@ -1,3 +1,30 @@
// Copyright (c) 2014-2016 Yubico AB
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
// * Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
//
// * Redistributions in binary form must reproduce the above
// copyright notice, this list of conditions and the following
// disclaimer in the documentation and/or other materials provided
// with the distribution.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
extern {
fn strcmp(__s1 : *const u8, __s2 : *const u8) -> i32;
fn strcspn(__s : *const u8, __charset : *const u8) -> usize;
View File
View File
View File
View File
-66
View File
@@ -1,66 +0,0 @@
# Copyright (c) 2014-2016 Yubico AB
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
SUBDIRS = . tests
AM_CFLAGS = $(WERROR_CFLAGS) $(WARN_CFLAGS)
AM_CPPFLAGS = $(OPENSSL_CFLAGS)
AM_CPPFLAGS += -I$(top_srcdir)/lib -I$(top_builddir)/lib
bin_PROGRAMS = yubico-piv-tool
yubico_piv_tool_SOURCES = yubico-piv-tool.c yubico-piv-tool.h2m
yubico_piv_tool_LDADD = $(OPENSSL_LIBS) $(top_builddir)/lib/libykpiv.la
yubico_piv_tool_LDADD += libpiv_cmd.la libpiv_util.la
noinst_LTLIBRARIES = libpiv_cmd.la libpiv_util.la
libpiv_cmd_la_SOURCES = cmdline.ggo cmdline.c cmdline.h
libpiv_cmd_la_CFLAGS =
libpiv_util_la_SOURCES = util.c util.h openssl-compat.c openssl-compat.h
libpiv_util_la_LIBADD = $(top_builddir)/lib/libykpiv.la $(OPENSSL_LIBS)
cmdline.c cmdline.h: cmdline.ggo Makefile.am $(top_srcdir)/configure.ac
$(GENGETOPT) --input $^
BUILT_SOURCES = cmdline.c cmdline.h
MAINTAINERCLEANFILES = $(BUILT_SOURCES)
# Doc.
dist_man_MANS = yubico-piv-tool.1
MAINTAINERCLEANFILES += $(dist_man_MANS)
yubico-piv-tool.1: $(yubico_piv_tool_SOURCES) $(libpiv_cmd_la_SOURCES) $(top_srcdir)/configure.ac | $(builddir)/yubico-piv-tool$(EXEEXT)
$(HELP2MAN) --no-info \
--name="Yubico PIV tool" \
--include=$(srcdir)/yubico-piv-tool.h2m \
--output=$@ $(builddir)/yubico-piv-tool$(EXEEXT)
if ENABLE_COV
AM_CFLAGS += --coverage
AM_LDFLAGS = --coverage
endif
-70
View File
@@ -1,70 +0,0 @@
# Copyright (c) 2014-2016 Yubico AB
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
option "verbose" v "Print more information" int optional default="0" argoptional
option "reader" r "Only use a matching reader" string optional default="Yubikey"
option "key" k "Management key to use, if no value is specified key will be asked for" string optional default="010203040506070801020304050607080102030405060708" argoptional
option "action" a "Action to take" values="version","generate","set-mgm-key",
"reset","pin-retries","import-key","import-certificate","set-chuid",
"request-certificate","verify-pin","change-pin","change-puk","unblock-pin",
"selfsign-certificate","delete-certificate","read-certificate","status",
"test-signature","test-decipher","list-readers","set-ccc","write-object",
"read-object","attest" enum multiple
text "
Multiple actions may be given at once and will be executed in order
for example --action=verify-pin --action=request-certificate\n"
option "slot" s "What key slot to operate on" values="9a","9c","9d","9e","82","83","84","85","86","87","88","89","8a","8b","8c","8d","8e","8f","90","91","92","93","94","95","f9" enum optional
text "
9a is for PIV Authentication
9c is for Digital Signature (PIN always checked)
9d is for Key Management
9e is for Card Authentication (PIN never checked)
82-95 is for Retired Key Management
f9 is for Attestation\n"
option "algorithm" A "What algorithm to use" values="RSA1024","RSA2048","ECCP256","ECCP384" enum optional default="RSA2048"
option "hash" H "Hash to use for signatures" values="SHA1","SHA256","SHA384","SHA512" enum optional default="SHA256"
option "new-key" n "New management key to use for action set-mgm-key, if omitted key will be asked for" string optional
option "pin-retries" - "Number of retries before the pin code is blocked" int optional dependon="puk-retries"
option "puk-retries" - "Number of retries before the puk code is blocked" int optional dependon="pin-retries"
option "input" i "Filename to use as input, - for stdin" string optional default="-"
option "output" o "Filename to use as output, - for stdout" string optional default="-"
option "key-format" K "Format of the key being read/written" values="PEM","PKCS12","GZIP","DER","SSH" enum optional default="PEM"
option "password" p "Password for decryption of private key file, if omitted password will be asked for" string optional
option "subject" S "The subject to use for certificate request" string optional
text "
The subject must be written as:
/CN=host.example.com/OU=test/O=example.com/\n"
option "serial" - "Serial number of the self-signed certificate" int optional
option "valid-days" - "Time (in days) until the self-signed certificate expires" int optional default="365"
option "pin" P "Pin/puk code for verification, if omitted pin/puk will be asked for" string optional
option "new-pin" N "New pin/puk code for changing, if omitted pin/puk will be asked for" string optional dependon="pin"
option "pin-policy" - "Set pin policy for action generate or import-key. Only available on YubiKey 4" values="never","once","always" enum optional
option "touch-policy" - "Set touch policy for action generate, import-key or set-mgm-key. Only available on YubiKey 4" values="never","always","cached" enum optional
option "id" - "Id of object for write/read object" int optional
option "format" f "Format of data for write/read object" values="hex","base64","binary" enum optional default="hex"
option "sign" - "Sign data" flag off hidden
option "stdin-input" - "Read sensitive values from stdin" flag off hidden
-83
View File
@@ -1,83 +0,0 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "openssl-compat.h"
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
#include <string.h>
#include <openssl/engine.h>
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
{
/* If the fields n and e in r are NULL, the corresponding input
* parameters MUST be non-NULL for n and e. d may be
* left NULL (in case only the public key is used).
*/
if ((r->n == NULL && n == NULL)
|| (r->e == NULL && e == NULL))
return 0;
if (n != NULL) {
BN_free(r->n);
r->n = n;
}
if (e != NULL) {
BN_free(r->e);
r->e = e;
}
if (d != NULL) {
BN_free(r->d);
r->d = d;
}
return 1;
}
void RSA_get0_key(const RSA *r,
const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
{
if (n != NULL)
*n = r->n;
if (e != NULL)
*e = r->e;
if (d != NULL)
*d = r->d;
}
void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
{
if (p != NULL)
*p = r->p;
if (q != NULL)
*q = r->q;
}
void RSA_get0_crt_params(const RSA *r,
const BIGNUM **dmp1, const BIGNUM **dmq1,
const BIGNUM **iqmp)
{
if (dmp1 != NULL)
*dmp1 = r->dmp1;
if (dmq1 != NULL)
*dmq1 = r->dmq1;
if (iqmp != NULL)
*iqmp = r->iqmp;
}
void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
ASN1_OCTET_STRING **pdigest)
{
if (palg)
*palg = sig->algor;
if (pdigest)
*pdigest = sig->digest;
}
#endif /* OPENSSL_VERSION_NUMBER || LIBRESSL_VERSION_NUMBER */
-37
View File
@@ -1,37 +0,0 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef LIBCRYPTO_COMPAT_H
#define LIBCRYPTO_COMPAT_H
#ifndef _WINDOWS
#include <openssl/opensslv.h>
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/ecdsa.h>
#include <openssl/dh.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
void RSA_get0_key(const RSA *r,
const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
void RSA_get0_crt_params(const RSA *r,
const BIGNUM **dmp1, const BIGNUM **dmq1,
const BIGNUM **iqmp);
void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
ASN1_OCTET_STRING **pdigest);
#endif /* _WINDOWS */
#endif /* OPENSSL_VERSION_NUMBER || LIBRESSL_VERSION_NUMBER */
#endif /* LIBCRYPTO_COMPAT_H */
-53
View File
@@ -1,53 +0,0 @@
# Copyright (c) 2014-2016 Yubico AB
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
TESTS_ENVIRONMENT = export VERSION=$(PACKAGE_VERSION); export EXEEXT=$(EXEEXT);
LOG_COMPILER = $(VALGRIND)
AM_CFLAGS = $(WARN_CFLAGS) @CHECK_CFLAGS@
AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_builddir)/lib
AM_CPPFLAGS += -I$(top_srcdir)/tool -I$(top_builddir)/tool
AM_CPPFLAGS += $(OPENSSL_CFLAGS)
AM_LDFLAGS = @CHECK_LIBS@
if COMPILER_CLANG
AM_LDFLAGS += -no-fast-install
else
AM_LDFLAGS += -no-install
endif
parse_name_LDADD = ../libpiv_util.la $(OPENSSL_LIBS)
test_inout_LDADD = ../libpiv_util.la
check_PROGRAMS = parse_name test_inout
TESTS = basic.sh $(check_PROGRAMS)
if ENABLE_COV
AM_LDFLAGS += --coverage
endif
-138
View File
@@ -1,138 +0,0 @@
#!/bin/bash
# Copyright (c) 2014-2016 Yubico AB
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# This is a _very_ simple test shell script, really only verifying
# that we managed to build a binary and it can execute.
set -e
BIN="../yubico-piv-tool${EXEEXT}"
ROOT_MAKEFILE="../../Makefile"
HELP_OUTPUT=$($BIN --help)
expected="yubico-piv-tool $VERSION"
VERSION_OUTPUT=$($BIN --version | sed 's/\r//')
if [ "x$VERSION_OUTPUT" != "x$expected" ]; then
echo "Version ($VERSION_OUTPUT) not matching expected output $expected."
exit 1
fi
################################################################################
################################################################################
# HARDWARE TESTS
################################################################################
################################################################################
#
# Tests below here require a Yubikey to be connected.
# These tests are destructive.
#
################################################################################
################################################################################
# Verify that --enable-hardware-tests was a build flag.
! $(set -e && cat "$ROOT_MAKEFILE" |grep "^DEFS =" | grep -- "-DHW_TESTS" >/dev/null)
HW_TESTS=$?
if [[ $HW_TESTS -eq 0 ]]; then
exit 0
fi
# Verify that user has confirmed destructive hw-tests
if [ "x$YKPIV_ENV_HWTESTS_CONFIRMED" != "x1" ]; then
printf "\n***\n*** Hardware tests skipped. Run \"make hwcheck\".\n***\n\n" >&0
exit 77 # exit code 77 == skipped tests
fi
#
# Run basic import/validation tests on included keys/certs. Test keys generated
# with the following commands:
#
# $ openssl genrsa -out private.pem 2048
# $ openssl rsa -in private.pem -outform PEM -pubout -out public.pem
# $ openssl req -x509 -key private.pem -out cert.pem -subj "/CN=YubicoTest/OU=YubicoTestUnit/O=yubico.com/" -new
#
# Reset
$BIN -averify-pin -P000000 || true
$BIN -averify-pin -P000000 || true
$BIN -averify-pin -P000000 || true
$BIN -averify-pin -P000000 || true
$BIN -averify-pin -P000000 || true
$BIN -achange-puk -P000000 -N00000000 || true
$BIN -achange-puk -P000000 -N00000000 || true
$BIN -achange-puk -P000000 -N00000000 || true
$BIN -achange-puk -P000000 -N00000000 || true
$BIN -achange-puk -P000000 -N00000000 || true
$BIN -areset
# Generate key on-board, issue certificate, and verify it
$BIN -agenerate -s9a -AECCP256 -o key_9a.pub
$BIN -averify -P123456 -s9a -S'/CN=YubicoTest/OU=YubicoGenerated/O=yubico.com/' -aselfsign -i key_9a.pub -o cert_9a.pem
$BIN -averify -P123456 -s9a -atest-signature -i cert_9a.pem
$BIN -aimport-certificate -P123456 -s9a -i cert_9a.pem
# Import key, generate self-signed certificate, and verify it
$BIN -aimport-key -P123456 -s9e -iprivate.pem
$BIN -arequest-certificate -s9e -S"/CN=bar/OU=test/O=example.com/" -i public.pem -o req_9e.pem
$BIN -averify -P123456 -s9e -S'/CN=bar/OU=test/O=example.com/' -aselfsign -i public.pem -o cert_9e.pem
$BIN -atest-decipher -s9e -i cert_9e.pem
$BIN -aimport-certificate -P123456 -s9e -i cert.pem
# Read status and validate fields
STATUS=$($BIN -astatus)
echo "$STATUS"
ALGO_9A=$(echo "$STATUS" |grep "Slot 9a" -A 6 |grep "Algorithm" |tr -d "[:blank:]")
if [[ "x$ALGO_9A" != "xAlgorithm:ECCP256" ]]; then
echo "$ALGO_9A"
echo "Generated algorithm incorrect." >/dev/stderr
exit 1
fi
ALGO_9E=$(echo "$STATUS" |grep "Slot 9e" -A 6 |grep "Algorithm" |tr -d "[:blank:]")
if [[ "x$ALGO_9E" != "xAlgorithm:RSA2048" ]]; then
echo "$ALGO_9E"
echo "Generated algorithm incorrect." >/dev/stderr
exit 1
fi
SUBJECT_9A=$(echo "$STATUS" |grep "Slot 9a" -A 6 |grep "Subject DN" |tr -d "[:blank:]")
if [[ "x$SUBJECT_9A" != "xSubjectDN:CN=YubicoTest,OU=YubicoGenerated,O=yubico.com" ]]; then
echo "$SUBJECT_9A"
echo "Certificate subject incorrect." >/dev/stderr
exit 1
fi
SUBJECT_9E=$(echo "$STATUS" |grep "Slot 9e" -A 6 |grep "Subject DN" |tr -d "[:blank:]")
if [[ "x$SUBJECT_9E" != "xSubjectDN:CN=YubicoTest,OU=YubicoTestUnit,O=yubico.com" ]]; then
echo "$SUBJECT_9E"
echo "Certificate subject incorrect." >/dev/stderr
exit 1
fi
-22
View File
@@ -1,22 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDrzCCApegAwIBAgIJAM1blQIJfeuCMA0GCSqGSIb3DQEBBQUAMEMxEzARBgNV
BAMTCll1Ymljb1Rlc3QxFzAVBgNVBAsTDll1Ymljb1Rlc3RVbml0MRMwEQYDVQQK
Ewp5dWJpY28uY29tMB4XDTE3MDkyNzEzMzYxNFoXDTE3MTAyNzEzMzYxNFowQzET
MBEGA1UEAxMKWXViaWNvVGVzdDEXMBUGA1UECxMOWXViaWNvVGVzdFVuaXQxEzAR
BgNVBAoTCnl1Ymljby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDKRTcyy2rVuV6cex5GdRT3VWntbqVPC4p6BcATEAeSXDgORaWhQOnv7WF9a8Rc
bsWH0j807f+CvqirtFZHbSBsMYlxyko4Mer/gxb2uqy08B4fWeOxeTpNNQ63gfHZ
g4tqnDmFulAiZilVnuiimAdC0iLliXaowkFEcPFGPEmjV/lWTgalgFOe/utySbVs
vUp2EjeBDcOdUqc1oHH1GVoMRKMm7PTT9/8SVawVUneCqOFCNNxyW7PjRpTr5qPq
1ucMOmz2UIPwJVHIQEbL5IL3NtkozmbZ0G9cqnRrYSXGmlBrdcq5fH7qrMcifIMW
QXVinhzbIcrRpW0Vm653efxDAgMBAAGjgaUwgaIwHQYDVR0OBBYEFKEF2ASXCBPt
+4Wh0o36Ee6+HvRRMHMGA1UdIwRsMGqAFKEF2ASXCBPt+4Wh0o36Ee6+HvRRoUek
RTBDMRMwEQYDVQQDEwpZdWJpY29UZXN0MRcwFQYDVQQLEw5ZdWJpY29UZXN0VW5p
dDETMBEGA1UEChMKeXViaWNvLmNvbYIJAM1blQIJfeuCMAwGA1UdEwQFMAMBAf8w
DQYJKoZIhvcNAQEFBQADggEBADaeHhj7vjZ8OGIAOd86UAqJrqyQ6Lhu133pBRoV
4qQprZFRXxsxVyAqKDAWMF/GTidMRlVRAQNnR9kHYuG7zpy+NjlK2khAEflAa6Z5
nGMntv0+y7NLkKGAAk9qxqpNwj90VzFcvopDFA70FVnWtgkuJuFf5n+fHTUMOzTk
p6+BMRUjJqu7weK+QUI8b9zl7pSzWbcHqxyrJSNRW87xvEQhyJzFqbqQprYGheZk
py5wUX22HBhAuw7cvakeUMIX133UJI7Yxwy5DKoiqsESKGr/oXIU3+M0kqzDwQCA
HI1y9cIY/3Zi3Y7HgQnHX2Oos3k2SY0VpYtO47Ja/oIkolc=
-----END CERTIFICATE-----
-109
View File
@@ -1,109 +0,0 @@
/*
* Copyright (c) 2014-2016 Yubico AB
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <check.h>
#include <string.h>
#include <stdbool.h>
#ifdef _WIN32
#include <windows.h>
#endif
#include <openssl/x509.h>
#include "util.h"
struct name {
const char *name;
const char *parsed_name;
bool valid;
} names[] = {
{"/CN=test foo/", "CN = test foo", true},
{"/CN=test/OU=bar/O=EXAMPLE/", "CN = test, OU = bar, O = EXAMPLE", true},
{"/CN=test/OU=bar/O=EXAMPLE/", "CN = test, OU = wrong, O = EXAMPLE", false},
{"/foo/", "", false},
{"/CN=test/foobar/", "", false},
{"/CN=test/foo=bar/", "", false},
};
static bool test_name(const char *name, const char *expected) {
char buf[1024];
BIO *bio;
const char none[] = {0};
X509_NAME *parsed = parse_name(name);
if(parsed == NULL) {
return false;
}
bio = BIO_new(BIO_s_mem());
X509_NAME_print_ex(bio, parsed, 0, XN_FLAG_ONELINE);
BIO_write(bio, none, 1);
BIO_read(bio, buf, 1024);
BIO_free(bio);
X509_NAME_free(parsed);
if(strcmp(buf, expected) != 0) {
fprintf(stderr, "Names not matching: '%s' != '%s'\n", expected, buf);
return false;
}
return true;
}
START_TEST(test_parse_name) {
ck_assert(test_name(names[_i].name, names[_i].parsed_name) == names[_i].valid);
}
END_TEST
Suite *test_suite(void) {
Suite *s;
TCase *tc;
s = suite_create("yubico-piv-tool parse_name");
tc = tcase_create("parse_name");
tcase_add_loop_test(tc, test_parse_name, 0, sizeof(names) / sizeof(struct name));
suite_add_tcase(s, tc);
return s;
}
int main(void)
{
int number_failed;
Suite *s;
SRunner *sr;
s = test_suite();
sr = srunner_create(s);
srunner_run_all(sr, CK_NORMAL);
number_failed = srunner_ntests_failed(sr);
srunner_free(sr);
return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
}
-27
View File
@@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAykU3Mstq1blenHseRnUU91Vp7W6lTwuKegXAExAHklw4DkWl
oUDp7+1hfWvEXG7Fh9I/NO3/gr6oq7RWR20gbDGJccpKODHq/4MW9rqstPAeH1nj
sXk6TTUOt4Hx2YOLapw5hbpQImYpVZ7oopgHQtIi5Yl2qMJBRHDxRjxJo1f5Vk4G
pYBTnv7rckm1bL1KdhI3gQ3DnVKnNaBx9RlaDESjJuz00/f/ElWsFVJ3gqjhQjTc
cluz40aU6+aj6tbnDDps9lCD8CVRyEBGy+SC9zbZKM5m2dBvXKp0a2ElxppQa3XK
uXx+6qzHInyDFkF1Yp4c2yHK0aVtFZuud3n8QwIDAQABAoIBAE1Q9c+Bt/2oFMUl
vqXZ/UCpsorif2felnkcF5ZxyyMkAv1Zm/0ujf17NIe3mOBoKzNGp4h47PEyJdE0
ZsJ4sSsKKGqJk6M1WYl/t1hqdLfZDPqY5pMhLqryfASjNCobwT/oJYi7dgQgHu6u
hmgYSrY9Er/Ass3BKyeZMHDTfKZlvM8GZ/oF8bhkD1P/fi6xU1bhs1XCTQpkkING
eESbD5ZGMZU4HYusdmOmf2Y4LXqVZkag86Fw7XAg6b80FDR8Af6S9fzoPA7Aapmg
uvH19BHeSH/DiLTQ6d31GijSsx+rW/F5mrs5wldGO/htTJwRx0YoccUMPF2mMx+d
ShOlzckCgYEA9p9rT7kkj1ZglNB1gwo+IdbEZydlK3NvHmXMFa3IkmBg1nK1dpnM
0DK0Ycyb7LIuBN3sc2QV5+D3Yv8LspeTMBVajddts/dIJKQb51hRsC3PvQVUnaMD
3YYqDmZUlIv9bKfvAbOuNUOg4FXkaXFkkNNsLxv92bARKHPLo6eE7UcCgYEA0fYU
ImTKv9W8rpPcc7lf8Ffhw7mRrMTA/qFNSdJvjED9UXzH7Dp0abQ9nK8XxTWEl0oe
l0h+5H5YiV6Li8BXcWgnferbpi0Jwkdvh2Qc7LmJ/o278KLPKIqDItRd0gEgC9hR
H1M91Y1pNcv1Mj95hKx3L0ROXhwBAy4ohddjRyUCgYEAp8VFdEOHynbBVxsEhfNm
1xBKJb5YBZoOgohPsIO7SVCFL/1y0s7H1O5ZZZqSjA+eXLM30jvI5yhUQqUsKP8S
IwizxIBD4cSb8Ekvrk6Xq5lOk9DXgjFORNmrLIaSjUc6TDtlzSuVnCh4fYQQ0WZR
OnCJTPbm1rr+wR0c8CTauasCgYEAqie7eYQlrAITv4elCUQaNDWEiZJCNLnfjnw6
nrEkJY4lvXxaqV9WKLQhmnFr2i7dHZ672+6sp5CdP/aXMNLYCthV6P4EtE+bsQ8j
m53OsypKYzmKLiJDsJ9QV1G0FxVCW1cbpz9WxVKtCSQZuncmjBcZH/1DZZFcYK9v
t8gudOECgYEAh3hlXVeMv2/oEW21G7D0s3Cv2vOSvBogdwVRP8EGOkn43rh5GXZm
7NVJjJNwURwLcowb0F4B/RILxArtjW2srUo1nbq5UoCiFNJ/00JoRSzAz1ad7S2o
0nRuVLQ50WYG/HBTP2M4yQbpP/E+5PCNMGx2kgyuTUyeCl+LEE8bg5k=
-----END RSA PRIVATE KEY-----
-9
View File
@@ -1,9 +0,0 @@
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAykU3Mstq1blenHseRnUU
91Vp7W6lTwuKegXAExAHklw4DkWloUDp7+1hfWvEXG7Fh9I/NO3/gr6oq7RWR20g
bDGJccpKODHq/4MW9rqstPAeH1njsXk6TTUOt4Hx2YOLapw5hbpQImYpVZ7oopgH
QtIi5Yl2qMJBRHDxRjxJo1f5Vk4GpYBTnv7rckm1bL1KdhI3gQ3DnVKnNaBx9Rla
DESjJuz00/f/ElWsFVJ3gqjhQjTccluz40aU6+aj6tbnDDps9lCD8CVRyEBGy+SC
9zbZKM5m2dBvXKp0a2ElxppQa3XKuXx+6qzHInyDFkF1Yp4c2yHK0aVtFZuud3n8
QwIDAQAB
-----END PUBLIC KEY-----
-99
View File
@@ -1,99 +0,0 @@
/*
* Copyright (c) 2015-2016 Yubico AB
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <check.h>
#include <stdbool.h>
#include <stdio.h>
#include <string.h>
#include <assert.h>
#include <unistd.h>
#include "util.h"
#ifdef _WIN32
#define pipe(fds) _pipe(fds,4096, 0)
#endif
enum enum_format formats[] = {
format_arg_base64,
format_arg_hex,
format_arg_binary,
};
static bool inout(enum enum_format format) {
const unsigned char buf[] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08};
unsigned char buf2[sizeof(buf)];
int pipefd[2];
FILE *tmp1, *tmp2;
if (pipe(pipefd) != 0)
return false;
tmp1 = fdopen(pipefd[1], "w");
dump_data(buf, sizeof(buf), tmp1, false, format);
fclose(tmp1);
tmp2 = fdopen(pipefd[0], "r");
read_data(buf2, sizeof(buf2), tmp2, format);
if (memcmp(buf, buf2, sizeof(buf)) != 0)
return false;
fclose(tmp2);
return true;
}
START_TEST(test_inout) {
ck_assert(inout(formats[_i]));
}
END_TEST
Suite *test_suite(void) {
Suite *s;
TCase *tc;
s = suite_create("yubico-piv-tool inout");
tc = tcase_create("inout");
tcase_add_loop_test(tc, test_inout, 0, sizeof(formats) / sizeof(*formats));
suite_add_tcase(s, tc);
return s;
}
int main(void)
{
int number_failed;
Suite *s;
SRunner *sr;
s = test_suite();
sr = srunner_create(s);
srunner_run_all(sr, CK_NORMAL);
number_failed = srunner_ntests_failed(sr);
srunner_free(sr);
return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
}
-594
View File
@@ -1,594 +0,0 @@
/*
* Copyright (c) 2014-2016 Yubico AB
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <stdbool.h>
#include <string.h>
#ifdef _WIN32
#include <windows.h>
#endif
#include "openssl-compat.h"
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/rsa.h>
#include <ykpiv.h>
#include "cmdline.h"
#include "util.h"
FILE *open_file(const char *file_name, enum file_mode mode) {
FILE *file;
const char *mod;
if(!strcmp(file_name, "-")) {
file = (mode == INPUT_TEXT || mode == INPUT_BIN) ? stdin : stdout;
} else {
switch (mode) {
case INPUT_TEXT:
mod = "r";
break;
case INPUT_BIN:
mod = "rb";
break;
case OUTPUT_TEXT:
mod = "w";
break;
case OUTPUT_BIN:
mod = "wb";
break;
default:
fprintf(stderr, "Invalid file mode.\n");
return NULL;
break;
}
file = fopen(file_name, mod);
if(!file) {
fprintf(stderr, "Failed opening '%s'!\n", file_name);
return NULL;
}
}
return file;
}
unsigned char get_algorithm(EVP_PKEY *key) {
int type = EVP_PKEY_type(EVP_PKEY_id(key));
switch(type) {
case EVP_PKEY_RSA:
{
RSA *rsa = EVP_PKEY_get1_RSA(key);
int size = RSA_size(rsa);
if(size == 256) {
return YKPIV_ALGO_RSA2048;
} else if(size == 128) {
return YKPIV_ALGO_RSA1024;
} else {
fprintf(stderr, "Unusable key of %d bits, only 1024 and 2048 are supported.\n", size * 8);
return 0;
}
}
case EVP_PKEY_EC:
{
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
const EC_GROUP *group = EC_KEY_get0_group(ec);
int curve = EC_GROUP_get_curve_name(group);
if(curve == NID_X9_62_prime256v1) {
return YKPIV_ALGO_ECCP256;
} else if(curve == NID_secp384r1) {
return YKPIV_ALGO_ECCP384;
} else {
fprintf(stderr, "Unknown EC curve %d\n", curve);
return 0;
}
}
default:
fprintf(stderr, "Unknown algorithm %d.\n", type);
return 0;
}
}
X509_NAME *parse_name(const char *orig_name) {
char name[1025];
X509_NAME *parsed = NULL;
char *ptr = name;
char *part;
if(strlen(orig_name) > 1024) {
fprintf(stderr, "Name is too long!\n");
return NULL;
}
strcpy(name, orig_name);
if(*name != '/') {
fprintf(stderr, "Name does not start with '/'!\n");
return NULL;
}
parsed = X509_NAME_new();
if(!parsed) {
fprintf(stderr, "Failed to allocate memory\n");
return NULL;
}
while((part = strtok(ptr, "/"))) {
char *key;
char *value;
char *equals = strchr(part, '=');
if(!equals) {
fprintf(stderr, "The part '%s' doesn't seem to contain a =.\n", part);
goto parse_err;
}
*equals++ = '\0';
value = equals;
key = part;
ptr = NULL;
if(!key) {
fprintf(stderr, "Malformed name (%s)\n", part);
goto parse_err;
}
if(!value) {
fprintf(stderr, "Malformed name (%s)\n", part);
goto parse_err;
}
if(!X509_NAME_add_entry_by_txt(parsed, key, MBSTRING_UTF8, (unsigned char*)value, -1, -1, 0)) {
fprintf(stderr, "Failed adding %s=%s to name.\n", key, value);
goto parse_err;
}
}
return parsed;
parse_err:
X509_NAME_free(parsed);
return NULL;
}
size_t read_data(unsigned char *buf, size_t len, FILE* input, enum enum_format format) {
char raw_buf[3072 * 2];
size_t raw_len = sizeof(raw_buf);
raw_len = fread(raw_buf, 1, raw_len, input);
switch(format) {
case format_arg_hex:
if(raw_buf[raw_len - 1] == '\n') {
raw_len -= 1;
}
if(ykpiv_hex_decode(raw_buf, raw_len, buf, &len) != YKPIV_OK) {
return 0;
}
return len;
case format_arg_base64:
{
int read;
BIO *b64 = BIO_new(BIO_f_base64());
BIO *bio = BIO_new_mem_buf(raw_buf, raw_len);
BIO_push(b64, bio);
read = BIO_read(b64, buf, len);
BIO_free_all(b64);
if(read <= 0) {
return 0;
} else {
return (size_t)read;
}
}
break;
case format_arg_binary:
if(raw_len > len) {
return 0;
}
memcpy(buf, raw_buf, raw_len);
return raw_len;
case format__NULL:
default:
return 0;
}
}
void dump_data(const unsigned char *buf, unsigned int len, FILE *output, bool space, enum enum_format format) {
switch(format) {
case format_arg_hex:
{
char tmp[3072 * 3 + 1];
unsigned int i;
unsigned int step = 2;
if(space) step += 1;
if(len > 3072) {
return;
}
for (i = 0; i < len; i++) {
sprintf(tmp + i * step, "%02x%s", buf[i], space == true ? " " : "");
}
fprintf(output, "%s\n", tmp);
}
return;
case format_arg_base64:
{
BIO *b64 = BIO_new(BIO_f_base64());
BIO *bio = BIO_new_fp(output, BIO_NOCLOSE);
BIO_push(b64, bio);
BIO_write(b64, buf, (int)len);
BIO_flush(b64);
BIO_free_all(b64);
}
return;
case format_arg_binary:
fwrite(buf, 1, len, output);
return;
case format__NULL:
default:
return;
}
}
int get_length(const unsigned char *buffer, int *len) {
if(buffer[0] < 0x81) {
*len = buffer[0];
return 1;
} else if((*buffer & 0x7f) == 1) {
*len = buffer[1];
return 2;
} else if((*buffer & 0x7f) == 2) {
*len = (buffer[1] << 8) + buffer[2];
return 3;
}
return 0;
}
int set_length(unsigned char *buffer, int length) {
if(length < 0x80) {
*buffer++ = length;
return 1;
} else if(length < 0xff) {
*buffer++ = 0x81;
*buffer++ = length;
return 2;
} else {
*buffer++ = 0x82;
*buffer++ = (length >> 8) & 0xff;
*buffer++ = length & 0xff;
return 3;
}
}
int get_slot_hex(enum enum_slot slot_enum) {
int slot = -1;
switch (slot_enum) {
case slot_arg_9a:
slot = 0x9a;
break;
case slot_arg_9c:
case slot_arg_9d:
case slot_arg_9e:
slot = 0x9c + ((int)slot_enum - (int)slot_arg_9c);
break;
case slot_arg_82:
case slot_arg_83:
case slot_arg_84:
case slot_arg_85:
case slot_arg_86:
case slot_arg_87:
case slot_arg_88:
case slot_arg_89:
case slot_arg_8a:
case slot_arg_8b:
case slot_arg_8c:
case slot_arg_8d:
case slot_arg_8e:
case slot_arg_8f:
case slot_arg_90:
case slot_arg_91:
case slot_arg_92:
case slot_arg_93:
case slot_arg_94:
case slot_arg_95:
slot = 0x82 + ((int)slot_enum - (int)slot_arg_82);
break;
case slot_arg_f9:
slot = 0xf9;
break;
case slot__NULL:
default:
slot = -1;
}
return slot;
}
bool set_component(unsigned char *in_ptr, const BIGNUM *bn, int element_len) {
int real_len = BN_num_bytes(bn);
if(real_len > element_len) {
return false;
}
memset(in_ptr, 0, (size_t)(element_len - real_len));
in_ptr += element_len - real_len;
BN_bn2bin(bn, in_ptr);
return true;
}
bool prepare_rsa_signature(const unsigned char *in, unsigned int in_len, unsigned char *out, unsigned int *out_len, int nid) {
X509_SIG *digestInfo;
X509_ALGOR *algor;
ASN1_OCTET_STRING *digest;
unsigned char data[1024];
memcpy(data, in, in_len);
digestInfo = X509_SIG_new();
X509_SIG_getm(digestInfo, &algor, &digest);
algor->algorithm = OBJ_nid2obj(nid);
X509_ALGOR_set0(algor, OBJ_nid2obj(nid), V_ASN1_NULL, NULL);
ASN1_STRING_set(digest, data, in_len);
*out_len = (unsigned int)i2d_X509_SIG(digestInfo, &out);
X509_SIG_free(digestInfo);
return true;
}
bool read_pw(const char *name, char *pwbuf, size_t pwbuflen, int verify, int stdin_input) {
#define READ_PW_PROMPT_BASE "Enter %s: "
char prompt[sizeof(READ_PW_PROMPT_BASE) + 32] = {0};
int ret;
if (pwbuflen < 1) {
fprintf(stderr, "Failed to read %s: buffer too small.", name);
return false;
}
if(stdin_input) {
fprintf(stdout, "%s\n", name);
if(fgets(pwbuf, pwbuflen, stdin)) {
if(pwbuf[strlen(pwbuf) - 1] == '\n') {
pwbuf[strlen(pwbuf) - 1] = '\0';
}
return true;
} else {
return false;
}
}
ret = snprintf(prompt, sizeof(prompt), READ_PW_PROMPT_BASE, name);
if (ret < 0 || ((unsigned int) ret) > (sizeof(prompt)-1)) {
fprintf(stderr, "Failed to read %s: snprintf failed.\n", name);
return false;
}
if (0 != EVP_read_pw_string(pwbuf, pwbuflen-1, prompt, verify)) {
fprintf(stderr, "Retrieving %s failed.\n", name);
return false;
}
return true;
}
static unsigned const char sha1oid[] = {
0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00,
0x04, 0x14
};
static unsigned const char sha256oid[] = {
0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
0x02, 0x01, 0x05, 0x00, 0x04, 0x20
};
static unsigned const char sha384oid[] = {
0x30, 0x41, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
0x02, 0x02, 0x05, 0x00, 0x04, 0x30
};
static unsigned const char sha512oid[] = {
0x30, 0x51, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
0x02, 0x03, 0x05, 0x00, 0x04, 0x40
};
const EVP_MD *get_hash(enum enum_hash hash, const unsigned char **oid, size_t *oid_len) {
switch(hash) {
case hash_arg_SHA1:
if(oid) {
*oid = sha1oid;
*oid_len = sizeof(sha1oid);
}
return EVP_sha1();
case hash_arg_SHA256:
if(oid) {
*oid = sha256oid;
*oid_len = sizeof(sha256oid);
}
return EVP_sha256();
case hash_arg_SHA384:
if(oid) {
*oid = sha384oid;
*oid_len = sizeof(sha384oid);
}
return EVP_sha384();
case hash_arg_SHA512:
if(oid) {
*oid = sha512oid;
*oid_len = sizeof(sha512oid);
}
return EVP_sha512();
case hash__NULL:
default:
return NULL;
}
}
int get_hashnid(enum enum_hash hash, unsigned char algorithm) {
switch(algorithm) {
case YKPIV_ALGO_RSA1024:
case YKPIV_ALGO_RSA2048:
switch(hash) {
case hash_arg_SHA1:
return NID_sha1WithRSAEncryption;
case hash_arg_SHA256:
return NID_sha256WithRSAEncryption;
case hash_arg_SHA384:
return NID_sha384WithRSAEncryption;
case hash_arg_SHA512:
return NID_sha512WithRSAEncryption;
case hash__NULL:
default:
return 0;
}
case YKPIV_ALGO_ECCP256:
case YKPIV_ALGO_ECCP384:
switch(hash) {
case hash_arg_SHA1:
return NID_ecdsa_with_SHA1;
case hash_arg_SHA256:
return NID_ecdsa_with_SHA256;
case hash_arg_SHA384:
return NID_ecdsa_with_SHA384;
case hash_arg_SHA512:
return NID_ecdsa_with_SHA512;
case hash__NULL:
default:
return 0;
}
default:
return 0;
}
}
unsigned char get_piv_algorithm(enum enum_algorithm algorithm) {
switch(algorithm) {
case algorithm_arg_RSA2048:
return YKPIV_ALGO_RSA2048;
case algorithm_arg_RSA1024:
return YKPIV_ALGO_RSA1024;
case algorithm_arg_ECCP256:
return YKPIV_ALGO_ECCP256;
case algorithm_arg_ECCP384:
return YKPIV_ALGO_ECCP384;
case algorithm__NULL:
default:
return 0;
}
}
unsigned char get_pin_policy(enum enum_pin_policy policy) {
switch(policy) {
case pin_policy_arg_never:
return YKPIV_PINPOLICY_NEVER;
case pin_policy_arg_once:
return YKPIV_PINPOLICY_ONCE;
case pin_policy_arg_always:
return YKPIV_PINPOLICY_ALWAYS;
case pin_policy__NULL:
default:
return 0;
}
}
unsigned char get_touch_policy(enum enum_touch_policy policy) {
switch(policy) {
case touch_policy_arg_never:
return YKPIV_TOUCHPOLICY_NEVER;
case touch_policy_arg_always:
return YKPIV_TOUCHPOLICY_ALWAYS;
case touch_policy_arg_cached:
return YKPIV_TOUCHPOLICY_CACHED;
case touch_policy__NULL:
default:
return 0;
}
}
int SSH_write_X509(FILE *fp, X509 *x) {
EVP_PKEY *pkey = NULL;
int ret = 0;
pkey = X509_get_pubkey(x);
if (pkey == NULL) {
return ret;
}
switch (EVP_PKEY_id(pkey)) {
case EVP_PKEY_RSA:
case EVP_PKEY_RSA2: {
RSA *rsa;
unsigned char n[256];
const BIGNUM *bn_n;
char rsa_id[] = "\x00\x00\x00\x07ssh-rsa";
char rsa_f4[] = "\x00\x00\x00\x03\x01\x00\x01";
rsa = EVP_PKEY_get1_RSA(pkey);
RSA_get0_key(rsa, &bn_n, NULL, NULL);
if (!set_component(n, bn_n, RSA_size(rsa))) {
break;
}
uint32_t bytes = BN_num_bytes(bn_n);
char len_buf[5];
int len = 4;
len_buf[0] = (bytes >> 24) & 0x000000ff;
len_buf[1] = (bytes << 16) & 0x000000ff;
len_buf[2] = (bytes >> 8) & 0x000000ff;
len_buf[3] = (bytes) & 0x000000ff;
if (n[0] >= 0x80) {
// High bit set, need an extra byte
len++;
len_buf[3]++;
len_buf[4] = 0;
}
fprintf(fp, "ssh-rsa ");
BIO *b64 = BIO_new(BIO_f_base64());
BIO *bio = BIO_new_fp(fp, BIO_NOCLOSE);
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
BIO_push(b64, bio);
BIO_write(b64, rsa_id, sizeof(rsa_id) - 1);
BIO_write(b64, rsa_f4, sizeof(rsa_f4) - 1);
BIO_write(b64, len_buf, len);
BIO_write(b64, n, RSA_size(rsa));
BIO_flush(b64);
BIO_free_all(b64);
ret = 1;
} break;
case EVP_PKEY_EC:
break;
}
EVP_PKEY_free(pkey);
return ret;
}
-66
View File
@@ -1,66 +0,0 @@
/*
* Copyright (c) 2014-2016 Yubico AB
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef YUBICO_PIV_TOOL_INTERNAL_H
#define YUBICO_PIV_TOOL_INTERNAL_H
#include <stdbool.h>
#include <openssl/x509.h>
#include "cmdline.h"
enum file_mode {
INPUT_TEXT,
OUTPUT_TEXT,
INPUT_BIN,
OUTPUT_BIN,
};
size_t read_data(unsigned char*, size_t, FILE*, enum enum_format);
void dump_data(unsigned const char*, unsigned int, FILE*, bool, enum enum_format);
int set_length(unsigned char*, int);
int get_length(const unsigned char*, int*);
X509_NAME *parse_name(const char*);
unsigned char get_algorithm(EVP_PKEY*);
FILE *open_file(const char *file_name, enum file_mode mode);
int get_slot_hex(enum enum_slot slot_enum);
bool set_component(unsigned char *in_ptr, const BIGNUM *bn, int element_len);
bool prepare_rsa_signature(const unsigned char*, unsigned int, unsigned char*,
unsigned int*, int);
bool read_pw(const char*, char*, size_t, int, int);
const EVP_MD *get_hash(enum enum_hash, const unsigned char**, size_t*);
int get_hashnid(enum enum_hash, unsigned char);
unsigned char get_piv_algorithm(enum enum_algorithm);
unsigned char get_pin_policy(enum enum_pin_policy);
unsigned char get_touch_policy(enum enum_touch_policy);
int SSH_write_X509(FILE *fp, X509 *x);
#endif
File diff suppressed because it is too large Load Diff
-90
View File
@@ -1,90 +0,0 @@
# Copyright (c) 2014-2016 Yubico AB
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
[EXAMPLES]
For more information about what's happening \-\-verbose can be added
to any command. For much more information \-\-verbose=2 may be used.
Display what version of the application is running on the YubiKey:
yubico\-piv\-tool \-aversion
Generate a new ECC\-P256 key on device in slot 9a, will print the public
key on stdout:
yubico\-piv\-tool \-s9a \-AECCP256 \-agenerate
Generate a certificate request with public key from stdin, will print
the resulting request on stdout:
yubico\-piv\-tool \-s9a \-S'/CN=foo/OU=test/O=example.com/' \-averify \\
\-arequest
Generate a self\-signed certificate with public key from stdin, will print
the certificate, for later import, on stdout:
yubico\-piv\-tool \-s9a \-S'/CN=bar/OU=test/O=example.com/' \-averify \\
\-aselfsign
Import a certificate from stdin:
yubico\-piv\-tool \-s9a \-aimport\-certificate
Set a random chuid, import a key and import a certificate from a PKCS12
file, into slot 9c:
yubico\-piv\-tool \-s9c \-itest.pfx \-KPKCS12 \-aset\-chuid \\
\-aimport\-key \-aimport\-cert
Import a certificate which is larger than 2048 bytes and thus requires
compression in order to fit:
openssl x509 \-in cert.pem \-outform DER | gzip \-9 > der.gz
yubico\-piv\-tool \-s9c \-ider.gz \-KGZIP \-aimport\-cert
Change the management key used for administrative authentication:
yubico\-piv\-tool \-aset\-mgm\-key
Delete a certificate in slot 9a, with management key being asked for:
yubico\-piv\-tool \-adelete\-certificate \-s9a \-k
Show some information on certificates and other data:
yubico\-piv\-tool \-astatus
Read out the certificate from a slot and then run a signature test:
yubico\-piv\-tool \-aread\-cert \-s9a
yubico\-piv\-tool \-averify\-pin \-atest\-signature \-s9a
Import a key into slot 85 (only available on YubiKey 4) and set the
touch policy (also only available on YubiKey 4):
yubico-piv-tool \-aimport\-key \-s85 \-\-touch-policy=always \-ikey.pem