oxidize: Factor into standard Rust crate structure
- Adds initial `Cargo.toml` (and `Cargo.lock` to `.gitignore`) - Deletes `tool` (it seems hard to `corrode`) - Moves `lib/tests` => `tests` (we should figure out how to translate them) - Moves `lib` => `src` to match Rust conventions - Renames `lib/ykpiv.rs` => `src/lib.rs` to match Rust conventions - Adds copyright from `ykpiv.h` to the top of all `*.rs` files
This commit is contained in:
@@ -1,2 +1,3 @@
|
||||
/target
|
||||
**/*.rs.bk
|
||||
Cargo.lock
|
||||
|
||||
@@ -0,0 +1,8 @@
|
||||
[package]
|
||||
name = "yubikey-piv"
|
||||
version = "0.0.0"
|
||||
authors = ["Tony Arcieri <bascule@gmail.com>", "Yubico AB"]
|
||||
edition = "2018"
|
||||
license = "BSD"
|
||||
|
||||
[dependencies]
|
||||
-2473
File diff suppressed because it is too large
Load Diff
@@ -1,59 +0,0 @@
|
||||
# Copyright (c) 2014-2016 Yubico AB
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
# met:
|
||||
#
|
||||
# * Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
#
|
||||
# * Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following
|
||||
# disclaimer in the documentation and/or other materials provided
|
||||
# with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
SUBDIRS = . tests
|
||||
|
||||
AM_CFLAGS = $(WERROR_CFLAGS) $(WARN_CFLAGS)
|
||||
AM_CPPFLAGS = $(OPENSSL_CFLAGS) $(PCSC_CFLAGS)
|
||||
|
||||
lib_LTLIBRARIES = libykpiv.la
|
||||
|
||||
libykpiv_la_SOURCES = ykpiv.c util.c internal.c internal.h version.c ykpiv.pc.in ykpiv.map
|
||||
libykpiv_la_SOURCES += error.c
|
||||
libykpiv_la_includedir = $(includedir)/ykpiv
|
||||
libykpiv_la_include_HEADERS = ykpiv.h ykpiv-version.h
|
||||
EXTRA_libykpiv_la_DEPENDENCIES = ykpiv.map
|
||||
|
||||
libykpiv_la_LIBADD = $(OPENSSL_LIBS) $(PCSC_LIBS)
|
||||
libykpiv_la_LIBADD += $(PCSC_WIN_LIBS) $(PCSC_MACOSX_LIBS) $(PCSC_CUSTOM_LIBS)
|
||||
|
||||
libykpiv_la_LDFLAGS = -no-undefined
|
||||
libykpiv_la_LDFLAGS += -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
|
||||
|
||||
if HAVE_LD_VERSION_SCRIPT
|
||||
libykpiv_la_LDFLAGS += -Wl,--version-script=$(srcdir)/ykpiv.map
|
||||
else
|
||||
libykpiv_la_LDFLAGS += -export-symbols-regex '^ykpiv_.*'
|
||||
endif
|
||||
|
||||
pkgconfigdir = $(libdir)/pkgconfig
|
||||
pkgconfig_DATA = ykpiv.pc
|
||||
|
||||
if ENABLE_COV
|
||||
AM_CFLAGS += --coverage
|
||||
AM_LDFLAGS = --coverage
|
||||
endif
|
||||
-121
@@ -1,121 +0,0 @@
|
||||
# Copyright (c) 2014-2016 Yubico AB
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
# met:
|
||||
#
|
||||
# * Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
#
|
||||
# * Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following
|
||||
# disclaimer in the documentation and/or other materials provided
|
||||
# with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
YKPIV_0.1.0
|
||||
{
|
||||
global:
|
||||
ykpiv_check_version;
|
||||
ykpiv_strerror_name;
|
||||
ykpiv_strerror;
|
||||
ykpiv_init;
|
||||
ykpiv_done;
|
||||
ykpiv_connect;
|
||||
ykpiv_disconnect;
|
||||
ykpiv_transfer_data;
|
||||
ykpiv_authenticate;
|
||||
ykpiv_set_mgmkey;
|
||||
ykpiv_sign_data;
|
||||
ykpiv_get_version;
|
||||
ykpiv_verify;
|
||||
ykpiv_fetch_object;
|
||||
ykpiv_save_object;
|
||||
ykpiv_hex_decode;
|
||||
|
||||
local:
|
||||
*;
|
||||
};
|
||||
|
||||
YKPIV_0.2.0
|
||||
{
|
||||
global:
|
||||
ykpiv_decipher_data;
|
||||
} YKPIV_0.1.0;
|
||||
|
||||
YKPIV_1.1.0
|
||||
{
|
||||
global:
|
||||
ykpiv_set_mgmkey2;
|
||||
ykpiv_list_readers;
|
||||
} YKPIV_0.2.0;
|
||||
|
||||
YKPIV_1.2.0
|
||||
{
|
||||
global:
|
||||
ykpiv_import_private_key;
|
||||
} YKPIV_1.1.0;
|
||||
|
||||
YKPIV_1.3.0
|
||||
{
|
||||
global:
|
||||
ykpiv_change_pin;
|
||||
ykpiv_change_puk;
|
||||
ykpiv_unblock_pin;
|
||||
} YKPIV_1.2.0;
|
||||
|
||||
YKPIV_1.5.0
|
||||
{
|
||||
global:
|
||||
ykpiv_attest;
|
||||
ykpiv_auth_getchallenge;
|
||||
ykpiv_auth_verifyresponse;
|
||||
ykpiv_connect_with_external_card;
|
||||
ykpiv_done_with_external_card;
|
||||
ykpiv_get_pin_retries;
|
||||
ykpiv_init_with_allocator;
|
||||
ykpiv_set_pin_retries;
|
||||
ykpiv_util_block_puk;
|
||||
ykpiv_util_delete_cert;
|
||||
ykpiv_util_devicemodel;
|
||||
ykpiv_util_free;
|
||||
ykpiv_util_generate_key;
|
||||
ykpiv_util_get_cardid;
|
||||
ykpiv_util_get_cccid;
|
||||
ykpiv_util_get_config;
|
||||
ykpiv_util_get_derived_mgm;
|
||||
ykpiv_util_get_protected_mgm;
|
||||
ykpiv_util_list_keys;
|
||||
ykpiv_util_list_keys;
|
||||
ykpiv_util_read_cert;
|
||||
ykpiv_util_read_mscmap;
|
||||
ykpiv_util_read_msroots;
|
||||
ykpiv_util_reset;
|
||||
ykpiv_util_set_cardid;
|
||||
ykpiv_util_set_cccid;
|
||||
ykpiv_util_set_pin_last_changed;
|
||||
ykpiv_util_set_protected_mgm;
|
||||
ykpiv_util_slot_object;
|
||||
ykpiv_util_write_cert;
|
||||
ykpiv_util_write_mscmap;
|
||||
ykpiv_util_write_msroots;
|
||||
ykpiv_verify_select;
|
||||
} YKPIV_1.3.0;
|
||||
|
||||
YKPIV_1.6.0
|
||||
{
|
||||
global:
|
||||
ykpiv_get_serial;
|
||||
} YKPIV_1.5.0;
|
||||
@@ -1,40 +0,0 @@
|
||||
# Copyright (c) 2014-2016 Yubico AB
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
# met:
|
||||
#
|
||||
# * Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
#
|
||||
# * Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following
|
||||
# disclaimer in the documentation and/or other materials provided
|
||||
# with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
prefix=@prefix@
|
||||
exec_prefix=@exec_prefix@
|
||||
libdir=@libdir@
|
||||
includedir=@includedir@
|
||||
|
||||
Name: @PACKAGE@
|
||||
Description: Yubico PIV C Library
|
||||
URL: https://www.yubico.com/
|
||||
Version: @VERSION@
|
||||
Requires.private: libcrypto
|
||||
Libs: -L${libdir} -lykpiv
|
||||
Cflags: -I${includedir}/ykpiv
|
||||
|
||||
@@ -1,3 +1,30 @@
|
||||
// Copyright (c) 2014-2016 Yubico AB
|
||||
// All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without
|
||||
// modification, are permitted provided that the following conditions are
|
||||
// met:
|
||||
//
|
||||
// * Redistributions of source code must retain the above copyright
|
||||
// notice, this list of conditions and the following disclaimer.
|
||||
//
|
||||
// * Redistributions in binary form must reproduce the above
|
||||
// copyright notice, this list of conditions and the following
|
||||
// disclaimer in the documentation and/or other materials provided
|
||||
// with the distribution.
|
||||
//
|
||||
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
#[derive(Clone, Copy)]
|
||||
#[repr(i32)]
|
||||
pub enum Enum2 {
|
||||
@@ -1,3 +1,30 @@
|
||||
// Copyright (c) 2014-2016 Yubico AB
|
||||
// All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without
|
||||
// modification, are permitted provided that the following conditions are
|
||||
// met:
|
||||
//
|
||||
// * Redistributions of source code must retain the above copyright
|
||||
// notice, this list of conditions and the following disclaimer.
|
||||
//
|
||||
// * Redistributions in binary form must reproduce the above
|
||||
// copyright notice, this list of conditions and the following
|
||||
// disclaimer in the documentation and/or other materials provided
|
||||
// with the distribution.
|
||||
//
|
||||
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
extern {
|
||||
fn DES_ecb3_encrypt(
|
||||
input : *mut [u8; 8],
|
||||
@@ -1,3 +1,30 @@
|
||||
// Copyright (c) 2014-2016 Yubico AB
|
||||
// All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without
|
||||
// modification, are permitted provided that the following conditions are
|
||||
// met:
|
||||
//
|
||||
// * Redistributions of source code must retain the above copyright
|
||||
// notice, this list of conditions and the following disclaimer.
|
||||
//
|
||||
// * Redistributions in binary form must reproduce the above
|
||||
// copyright notice, this list of conditions and the following
|
||||
// disclaimer in the documentation and/or other materials provided
|
||||
// with the distribution.
|
||||
//
|
||||
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
extern {
|
||||
fn SCardBeginTransaction(hCard : i32) -> i32;
|
||||
fn SCardConnect(
|
||||
@@ -1,3 +1,30 @@
|
||||
// Copyright (c) 2014-2016 Yubico AB
|
||||
// All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without
|
||||
// modification, are permitted provided that the following conditions are
|
||||
// met:
|
||||
//
|
||||
// * Redistributions of source code must retain the above copyright
|
||||
// notice, this list of conditions and the following disclaimer.
|
||||
//
|
||||
// * Redistributions in binary form must reproduce the above
|
||||
// copyright notice, this list of conditions and the following
|
||||
// disclaimer in the documentation and/or other materials provided
|
||||
// with the distribution.
|
||||
//
|
||||
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
extern {
|
||||
static mut _DefaultRuneLocale : Struct1;
|
||||
fn __maskrune(arg1 : i32, arg2 : usize) -> i32;
|
||||
@@ -1,3 +1,30 @@
|
||||
// Copyright (c) 2014-2016 Yubico AB
|
||||
// All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without
|
||||
// modification, are permitted provided that the following conditions are
|
||||
// met:
|
||||
//
|
||||
// * Redistributions of source code must retain the above copyright
|
||||
// notice, this list of conditions and the following disclaimer.
|
||||
//
|
||||
// * Redistributions in binary form must reproduce the above
|
||||
// copyright notice, this list of conditions and the following
|
||||
// disclaimer in the documentation and/or other materials provided
|
||||
// with the distribution.
|
||||
//
|
||||
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
extern {
|
||||
fn strcmp(__s1 : *const u8, __s2 : *const u8) -> i32;
|
||||
fn strcspn(__s : *const u8, __charset : *const u8) -> usize;
|
||||
@@ -1,66 +0,0 @@
|
||||
# Copyright (c) 2014-2016 Yubico AB
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
# met:
|
||||
#
|
||||
# * Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
#
|
||||
# * Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following
|
||||
# disclaimer in the documentation and/or other materials provided
|
||||
# with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
SUBDIRS = . tests
|
||||
|
||||
AM_CFLAGS = $(WERROR_CFLAGS) $(WARN_CFLAGS)
|
||||
AM_CPPFLAGS = $(OPENSSL_CFLAGS)
|
||||
AM_CPPFLAGS += -I$(top_srcdir)/lib -I$(top_builddir)/lib
|
||||
|
||||
bin_PROGRAMS = yubico-piv-tool
|
||||
yubico_piv_tool_SOURCES = yubico-piv-tool.c yubico-piv-tool.h2m
|
||||
yubico_piv_tool_LDADD = $(OPENSSL_LIBS) $(top_builddir)/lib/libykpiv.la
|
||||
yubico_piv_tool_LDADD += libpiv_cmd.la libpiv_util.la
|
||||
|
||||
noinst_LTLIBRARIES = libpiv_cmd.la libpiv_util.la
|
||||
libpiv_cmd_la_SOURCES = cmdline.ggo cmdline.c cmdline.h
|
||||
libpiv_cmd_la_CFLAGS =
|
||||
|
||||
libpiv_util_la_SOURCES = util.c util.h openssl-compat.c openssl-compat.h
|
||||
libpiv_util_la_LIBADD = $(top_builddir)/lib/libykpiv.la $(OPENSSL_LIBS)
|
||||
|
||||
cmdline.c cmdline.h: cmdline.ggo Makefile.am $(top_srcdir)/configure.ac
|
||||
$(GENGETOPT) --input $^
|
||||
|
||||
BUILT_SOURCES = cmdline.c cmdline.h
|
||||
MAINTAINERCLEANFILES = $(BUILT_SOURCES)
|
||||
|
||||
# Doc.
|
||||
|
||||
dist_man_MANS = yubico-piv-tool.1
|
||||
MAINTAINERCLEANFILES += $(dist_man_MANS)
|
||||
|
||||
yubico-piv-tool.1: $(yubico_piv_tool_SOURCES) $(libpiv_cmd_la_SOURCES) $(top_srcdir)/configure.ac | $(builddir)/yubico-piv-tool$(EXEEXT)
|
||||
$(HELP2MAN) --no-info \
|
||||
--name="Yubico PIV tool" \
|
||||
--include=$(srcdir)/yubico-piv-tool.h2m \
|
||||
--output=$@ $(builddir)/yubico-piv-tool$(EXEEXT)
|
||||
|
||||
if ENABLE_COV
|
||||
AM_CFLAGS += --coverage
|
||||
AM_LDFLAGS = --coverage
|
||||
endif
|
||||
@@ -1,70 +0,0 @@
|
||||
# Copyright (c) 2014-2016 Yubico AB
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
# met:
|
||||
#
|
||||
# * Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
#
|
||||
# * Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following
|
||||
# disclaimer in the documentation and/or other materials provided
|
||||
# with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
option "verbose" v "Print more information" int optional default="0" argoptional
|
||||
option "reader" r "Only use a matching reader" string optional default="Yubikey"
|
||||
option "key" k "Management key to use, if no value is specified key will be asked for" string optional default="010203040506070801020304050607080102030405060708" argoptional
|
||||
option "action" a "Action to take" values="version","generate","set-mgm-key",
|
||||
"reset","pin-retries","import-key","import-certificate","set-chuid",
|
||||
"request-certificate","verify-pin","change-pin","change-puk","unblock-pin",
|
||||
"selfsign-certificate","delete-certificate","read-certificate","status",
|
||||
"test-signature","test-decipher","list-readers","set-ccc","write-object",
|
||||
"read-object","attest" enum multiple
|
||||
text "
|
||||
Multiple actions may be given at once and will be executed in order
|
||||
for example --action=verify-pin --action=request-certificate\n"
|
||||
option "slot" s "What key slot to operate on" values="9a","9c","9d","9e","82","83","84","85","86","87","88","89","8a","8b","8c","8d","8e","8f","90","91","92","93","94","95","f9" enum optional
|
||||
text "
|
||||
9a is for PIV Authentication
|
||||
9c is for Digital Signature (PIN always checked)
|
||||
9d is for Key Management
|
||||
9e is for Card Authentication (PIN never checked)
|
||||
82-95 is for Retired Key Management
|
||||
f9 is for Attestation\n"
|
||||
option "algorithm" A "What algorithm to use" values="RSA1024","RSA2048","ECCP256","ECCP384" enum optional default="RSA2048"
|
||||
option "hash" H "Hash to use for signatures" values="SHA1","SHA256","SHA384","SHA512" enum optional default="SHA256"
|
||||
option "new-key" n "New management key to use for action set-mgm-key, if omitted key will be asked for" string optional
|
||||
option "pin-retries" - "Number of retries before the pin code is blocked" int optional dependon="puk-retries"
|
||||
option "puk-retries" - "Number of retries before the puk code is blocked" int optional dependon="pin-retries"
|
||||
option "input" i "Filename to use as input, - for stdin" string optional default="-"
|
||||
option "output" o "Filename to use as output, - for stdout" string optional default="-"
|
||||
option "key-format" K "Format of the key being read/written" values="PEM","PKCS12","GZIP","DER","SSH" enum optional default="PEM"
|
||||
option "password" p "Password for decryption of private key file, if omitted password will be asked for" string optional
|
||||
option "subject" S "The subject to use for certificate request" string optional
|
||||
text "
|
||||
The subject must be written as:
|
||||
/CN=host.example.com/OU=test/O=example.com/\n"
|
||||
option "serial" - "Serial number of the self-signed certificate" int optional
|
||||
option "valid-days" - "Time (in days) until the self-signed certificate expires" int optional default="365"
|
||||
option "pin" P "Pin/puk code for verification, if omitted pin/puk will be asked for" string optional
|
||||
option "new-pin" N "New pin/puk code for changing, if omitted pin/puk will be asked for" string optional dependon="pin"
|
||||
option "pin-policy" - "Set pin policy for action generate or import-key. Only available on YubiKey 4" values="never","once","always" enum optional
|
||||
option "touch-policy" - "Set touch policy for action generate, import-key or set-mgm-key. Only available on YubiKey 4" values="never","always","cached" enum optional
|
||||
option "id" - "Id of object for write/read object" int optional
|
||||
option "format" f "Format of data for write/read object" values="hex","base64","binary" enum optional default="hex"
|
||||
option "sign" - "Sign data" flag off hidden
|
||||
option "stdin-input" - "Read sensitive values from stdin" flag off hidden
|
||||
@@ -1,83 +0,0 @@
|
||||
/*
|
||||
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "openssl-compat.h"
|
||||
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
|
||||
#include <string.h>
|
||||
#include <openssl/engine.h>
|
||||
|
||||
|
||||
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
|
||||
{
|
||||
/* If the fields n and e in r are NULL, the corresponding input
|
||||
* parameters MUST be non-NULL for n and e. d may be
|
||||
* left NULL (in case only the public key is used).
|
||||
*/
|
||||
if ((r->n == NULL && n == NULL)
|
||||
|| (r->e == NULL && e == NULL))
|
||||
return 0;
|
||||
|
||||
if (n != NULL) {
|
||||
BN_free(r->n);
|
||||
r->n = n;
|
||||
}
|
||||
if (e != NULL) {
|
||||
BN_free(r->e);
|
||||
r->e = e;
|
||||
}
|
||||
if (d != NULL) {
|
||||
BN_free(r->d);
|
||||
r->d = d;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
void RSA_get0_key(const RSA *r,
|
||||
const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
|
||||
{
|
||||
if (n != NULL)
|
||||
*n = r->n;
|
||||
if (e != NULL)
|
||||
*e = r->e;
|
||||
if (d != NULL)
|
||||
*d = r->d;
|
||||
}
|
||||
|
||||
void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
|
||||
{
|
||||
if (p != NULL)
|
||||
*p = r->p;
|
||||
if (q != NULL)
|
||||
*q = r->q;
|
||||
}
|
||||
|
||||
void RSA_get0_crt_params(const RSA *r,
|
||||
const BIGNUM **dmp1, const BIGNUM **dmq1,
|
||||
const BIGNUM **iqmp)
|
||||
{
|
||||
if (dmp1 != NULL)
|
||||
*dmp1 = r->dmp1;
|
||||
if (dmq1 != NULL)
|
||||
*dmq1 = r->dmq1;
|
||||
if (iqmp != NULL)
|
||||
*iqmp = r->iqmp;
|
||||
}
|
||||
|
||||
void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
|
||||
ASN1_OCTET_STRING **pdigest)
|
||||
{
|
||||
if (palg)
|
||||
*palg = sig->algor;
|
||||
if (pdigest)
|
||||
*pdigest = sig->digest;
|
||||
}
|
||||
|
||||
#endif /* OPENSSL_VERSION_NUMBER || LIBRESSL_VERSION_NUMBER */
|
||||
@@ -1,37 +0,0 @@
|
||||
/*
|
||||
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#ifndef LIBCRYPTO_COMPAT_H
|
||||
#define LIBCRYPTO_COMPAT_H
|
||||
|
||||
#ifndef _WINDOWS
|
||||
|
||||
#include <openssl/opensslv.h>
|
||||
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/dsa.h>
|
||||
#include <openssl/ecdsa.h>
|
||||
#include <openssl/dh.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/x509.h>
|
||||
|
||||
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
|
||||
void RSA_get0_key(const RSA *r,
|
||||
const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
|
||||
void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
|
||||
void RSA_get0_crt_params(const RSA *r,
|
||||
const BIGNUM **dmp1, const BIGNUM **dmq1,
|
||||
const BIGNUM **iqmp);
|
||||
void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
|
||||
ASN1_OCTET_STRING **pdigest);
|
||||
|
||||
#endif /* _WINDOWS */
|
||||
#endif /* OPENSSL_VERSION_NUMBER || LIBRESSL_VERSION_NUMBER */
|
||||
#endif /* LIBCRYPTO_COMPAT_H */
|
||||
@@ -1,53 +0,0 @@
|
||||
# Copyright (c) 2014-2016 Yubico AB
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
# met:
|
||||
#
|
||||
# * Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
#
|
||||
# * Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following
|
||||
# disclaimer in the documentation and/or other materials provided
|
||||
# with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
TESTS_ENVIRONMENT = export VERSION=$(PACKAGE_VERSION); export EXEEXT=$(EXEEXT);
|
||||
|
||||
LOG_COMPILER = $(VALGRIND)
|
||||
|
||||
AM_CFLAGS = $(WARN_CFLAGS) @CHECK_CFLAGS@
|
||||
AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_builddir)/lib
|
||||
AM_CPPFLAGS += -I$(top_srcdir)/tool -I$(top_builddir)/tool
|
||||
AM_CPPFLAGS += $(OPENSSL_CFLAGS)
|
||||
|
||||
AM_LDFLAGS = @CHECK_LIBS@
|
||||
|
||||
if COMPILER_CLANG
|
||||
AM_LDFLAGS += -no-fast-install
|
||||
else
|
||||
AM_LDFLAGS += -no-install
|
||||
endif
|
||||
|
||||
parse_name_LDADD = ../libpiv_util.la $(OPENSSL_LIBS)
|
||||
test_inout_LDADD = ../libpiv_util.la
|
||||
|
||||
check_PROGRAMS = parse_name test_inout
|
||||
TESTS = basic.sh $(check_PROGRAMS)
|
||||
|
||||
if ENABLE_COV
|
||||
AM_LDFLAGS += --coverage
|
||||
endif
|
||||
@@ -1,138 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Copyright (c) 2014-2016 Yubico AB
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
# met:
|
||||
#
|
||||
# * Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
#
|
||||
# * Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following
|
||||
# disclaimer in the documentation and/or other materials provided
|
||||
# with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
# This is a _very_ simple test shell script, really only verifying
|
||||
# that we managed to build a binary and it can execute.
|
||||
|
||||
set -e
|
||||
|
||||
BIN="../yubico-piv-tool${EXEEXT}"
|
||||
ROOT_MAKEFILE="../../Makefile"
|
||||
|
||||
HELP_OUTPUT=$($BIN --help)
|
||||
|
||||
expected="yubico-piv-tool $VERSION"
|
||||
VERSION_OUTPUT=$($BIN --version | sed 's/\r//')
|
||||
if [ "x$VERSION_OUTPUT" != "x$expected" ]; then
|
||||
echo "Version ($VERSION_OUTPUT) not matching expected output $expected."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
################################################################################
|
||||
################################################################################
|
||||
# HARDWARE TESTS
|
||||
################################################################################
|
||||
################################################################################
|
||||
#
|
||||
# Tests below here require a Yubikey to be connected.
|
||||
# These tests are destructive.
|
||||
#
|
||||
################################################################################
|
||||
################################################################################
|
||||
|
||||
# Verify that --enable-hardware-tests was a build flag.
|
||||
! $(set -e && cat "$ROOT_MAKEFILE" |grep "^DEFS =" | grep -- "-DHW_TESTS" >/dev/null)
|
||||
HW_TESTS=$?
|
||||
if [[ $HW_TESTS -eq 0 ]]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Verify that user has confirmed destructive hw-tests
|
||||
if [ "x$YKPIV_ENV_HWTESTS_CONFIRMED" != "x1" ]; then
|
||||
printf "\n***\n*** Hardware tests skipped. Run \"make hwcheck\".\n***\n\n" >&0
|
||||
exit 77 # exit code 77 == skipped tests
|
||||
fi
|
||||
|
||||
#
|
||||
# Run basic import/validation tests on included keys/certs. Test keys generated
|
||||
# with the following commands:
|
||||
#
|
||||
# $ openssl genrsa -out private.pem 2048
|
||||
# $ openssl rsa -in private.pem -outform PEM -pubout -out public.pem
|
||||
# $ openssl req -x509 -key private.pem -out cert.pem -subj "/CN=YubicoTest/OU=YubicoTestUnit/O=yubico.com/" -new
|
||||
#
|
||||
|
||||
# Reset
|
||||
$BIN -averify-pin -P000000 || true
|
||||
$BIN -averify-pin -P000000 || true
|
||||
$BIN -averify-pin -P000000 || true
|
||||
$BIN -averify-pin -P000000 || true
|
||||
$BIN -averify-pin -P000000 || true
|
||||
$BIN -achange-puk -P000000 -N00000000 || true
|
||||
$BIN -achange-puk -P000000 -N00000000 || true
|
||||
$BIN -achange-puk -P000000 -N00000000 || true
|
||||
$BIN -achange-puk -P000000 -N00000000 || true
|
||||
$BIN -achange-puk -P000000 -N00000000 || true
|
||||
$BIN -areset
|
||||
|
||||
# Generate key on-board, issue certificate, and verify it
|
||||
$BIN -agenerate -s9a -AECCP256 -o key_9a.pub
|
||||
$BIN -averify -P123456 -s9a -S'/CN=YubicoTest/OU=YubicoGenerated/O=yubico.com/' -aselfsign -i key_9a.pub -o cert_9a.pem
|
||||
$BIN -averify -P123456 -s9a -atest-signature -i cert_9a.pem
|
||||
$BIN -aimport-certificate -P123456 -s9a -i cert_9a.pem
|
||||
|
||||
# Import key, generate self-signed certificate, and verify it
|
||||
$BIN -aimport-key -P123456 -s9e -iprivate.pem
|
||||
$BIN -arequest-certificate -s9e -S"/CN=bar/OU=test/O=example.com/" -i public.pem -o req_9e.pem
|
||||
$BIN -averify -P123456 -s9e -S'/CN=bar/OU=test/O=example.com/' -aselfsign -i public.pem -o cert_9e.pem
|
||||
$BIN -atest-decipher -s9e -i cert_9e.pem
|
||||
$BIN -aimport-certificate -P123456 -s9e -i cert.pem
|
||||
|
||||
|
||||
# Read status and validate fields
|
||||
STATUS=$($BIN -astatus)
|
||||
echo "$STATUS"
|
||||
ALGO_9A=$(echo "$STATUS" |grep "Slot 9a" -A 6 |grep "Algorithm" |tr -d "[:blank:]")
|
||||
if [[ "x$ALGO_9A" != "xAlgorithm:ECCP256" ]]; then
|
||||
echo "$ALGO_9A"
|
||||
echo "Generated algorithm incorrect." >/dev/stderr
|
||||
exit 1
|
||||
fi
|
||||
|
||||
ALGO_9E=$(echo "$STATUS" |grep "Slot 9e" -A 6 |grep "Algorithm" |tr -d "[:blank:]")
|
||||
if [[ "x$ALGO_9E" != "xAlgorithm:RSA2048" ]]; then
|
||||
echo "$ALGO_9E"
|
||||
echo "Generated algorithm incorrect." >/dev/stderr
|
||||
exit 1
|
||||
fi
|
||||
|
||||
SUBJECT_9A=$(echo "$STATUS" |grep "Slot 9a" -A 6 |grep "Subject DN" |tr -d "[:blank:]")
|
||||
if [[ "x$SUBJECT_9A" != "xSubjectDN:CN=YubicoTest,OU=YubicoGenerated,O=yubico.com" ]]; then
|
||||
echo "$SUBJECT_9A"
|
||||
echo "Certificate subject incorrect." >/dev/stderr
|
||||
exit 1
|
||||
fi
|
||||
|
||||
SUBJECT_9E=$(echo "$STATUS" |grep "Slot 9e" -A 6 |grep "Subject DN" |tr -d "[:blank:]")
|
||||
if [[ "x$SUBJECT_9E" != "xSubjectDN:CN=YubicoTest,OU=YubicoTestUnit,O=yubico.com" ]]; then
|
||||
echo "$SUBJECT_9E"
|
||||
echo "Certificate subject incorrect." >/dev/stderr
|
||||
exit 1
|
||||
fi
|
||||
@@ -1,22 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDrzCCApegAwIBAgIJAM1blQIJfeuCMA0GCSqGSIb3DQEBBQUAMEMxEzARBgNV
|
||||
BAMTCll1Ymljb1Rlc3QxFzAVBgNVBAsTDll1Ymljb1Rlc3RVbml0MRMwEQYDVQQK
|
||||
Ewp5dWJpY28uY29tMB4XDTE3MDkyNzEzMzYxNFoXDTE3MTAyNzEzMzYxNFowQzET
|
||||
MBEGA1UEAxMKWXViaWNvVGVzdDEXMBUGA1UECxMOWXViaWNvVGVzdFVuaXQxEzAR
|
||||
BgNVBAoTCnl1Ymljby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
|
||||
AQDKRTcyy2rVuV6cex5GdRT3VWntbqVPC4p6BcATEAeSXDgORaWhQOnv7WF9a8Rc
|
||||
bsWH0j807f+CvqirtFZHbSBsMYlxyko4Mer/gxb2uqy08B4fWeOxeTpNNQ63gfHZ
|
||||
g4tqnDmFulAiZilVnuiimAdC0iLliXaowkFEcPFGPEmjV/lWTgalgFOe/utySbVs
|
||||
vUp2EjeBDcOdUqc1oHH1GVoMRKMm7PTT9/8SVawVUneCqOFCNNxyW7PjRpTr5qPq
|
||||
1ucMOmz2UIPwJVHIQEbL5IL3NtkozmbZ0G9cqnRrYSXGmlBrdcq5fH7qrMcifIMW
|
||||
QXVinhzbIcrRpW0Vm653efxDAgMBAAGjgaUwgaIwHQYDVR0OBBYEFKEF2ASXCBPt
|
||||
+4Wh0o36Ee6+HvRRMHMGA1UdIwRsMGqAFKEF2ASXCBPt+4Wh0o36Ee6+HvRRoUek
|
||||
RTBDMRMwEQYDVQQDEwpZdWJpY29UZXN0MRcwFQYDVQQLEw5ZdWJpY29UZXN0VW5p
|
||||
dDETMBEGA1UEChMKeXViaWNvLmNvbYIJAM1blQIJfeuCMAwGA1UdEwQFMAMBAf8w
|
||||
DQYJKoZIhvcNAQEFBQADggEBADaeHhj7vjZ8OGIAOd86UAqJrqyQ6Lhu133pBRoV
|
||||
4qQprZFRXxsxVyAqKDAWMF/GTidMRlVRAQNnR9kHYuG7zpy+NjlK2khAEflAa6Z5
|
||||
nGMntv0+y7NLkKGAAk9qxqpNwj90VzFcvopDFA70FVnWtgkuJuFf5n+fHTUMOzTk
|
||||
p6+BMRUjJqu7weK+QUI8b9zl7pSzWbcHqxyrJSNRW87xvEQhyJzFqbqQprYGheZk
|
||||
py5wUX22HBhAuw7cvakeUMIX133UJI7Yxwy5DKoiqsESKGr/oXIU3+M0kqzDwQCA
|
||||
HI1y9cIY/3Zi3Y7HgQnHX2Oos3k2SY0VpYtO47Ja/oIkolc=
|
||||
-----END CERTIFICATE-----
|
||||
@@ -1,109 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2014-2016 Yubico AB
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are
|
||||
* met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* * Redistributions in binary form must reproduce the above
|
||||
* copyright notice, this list of conditions and the following
|
||||
* disclaimer in the documentation and/or other materials provided
|
||||
* with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
*/
|
||||
|
||||
#include <check.h>
|
||||
|
||||
#include <string.h>
|
||||
#include <stdbool.h>
|
||||
|
||||
#ifdef _WIN32
|
||||
#include <windows.h>
|
||||
#endif
|
||||
|
||||
#include <openssl/x509.h>
|
||||
|
||||
#include "util.h"
|
||||
|
||||
struct name {
|
||||
const char *name;
|
||||
const char *parsed_name;
|
||||
bool valid;
|
||||
} names[] = {
|
||||
{"/CN=test foo/", "CN = test foo", true},
|
||||
{"/CN=test/OU=bar/O=EXAMPLE/", "CN = test, OU = bar, O = EXAMPLE", true},
|
||||
{"/CN=test/OU=bar/O=EXAMPLE/", "CN = test, OU = wrong, O = EXAMPLE", false},
|
||||
{"/foo/", "", false},
|
||||
{"/CN=test/foobar/", "", false},
|
||||
{"/CN=test/foo=bar/", "", false},
|
||||
};
|
||||
|
||||
static bool test_name(const char *name, const char *expected) {
|
||||
char buf[1024];
|
||||
BIO *bio;
|
||||
const char none[] = {0};
|
||||
X509_NAME *parsed = parse_name(name);
|
||||
if(parsed == NULL) {
|
||||
return false;
|
||||
}
|
||||
|
||||
bio = BIO_new(BIO_s_mem());
|
||||
|
||||
X509_NAME_print_ex(bio, parsed, 0, XN_FLAG_ONELINE);
|
||||
BIO_write(bio, none, 1);
|
||||
BIO_read(bio, buf, 1024);
|
||||
BIO_free(bio);
|
||||
X509_NAME_free(parsed);
|
||||
if(strcmp(buf, expected) != 0) {
|
||||
fprintf(stderr, "Names not matching: '%s' != '%s'\n", expected, buf);
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
START_TEST(test_parse_name) {
|
||||
ck_assert(test_name(names[_i].name, names[_i].parsed_name) == names[_i].valid);
|
||||
}
|
||||
END_TEST
|
||||
|
||||
Suite *test_suite(void) {
|
||||
Suite *s;
|
||||
TCase *tc;
|
||||
|
||||
s = suite_create("yubico-piv-tool parse_name");
|
||||
tc = tcase_create("parse_name");
|
||||
tcase_add_loop_test(tc, test_parse_name, 0, sizeof(names) / sizeof(struct name));
|
||||
suite_add_tcase(s, tc);
|
||||
|
||||
return s;
|
||||
}
|
||||
|
||||
int main(void)
|
||||
{
|
||||
int number_failed;
|
||||
Suite *s;
|
||||
SRunner *sr;
|
||||
|
||||
s = test_suite();
|
||||
sr = srunner_create(s);
|
||||
srunner_run_all(sr, CK_NORMAL);
|
||||
number_failed = srunner_ntests_failed(sr);
|
||||
srunner_free(sr);
|
||||
return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
|
||||
}
|
||||
@@ -1,27 +0,0 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpQIBAAKCAQEAykU3Mstq1blenHseRnUU91Vp7W6lTwuKegXAExAHklw4DkWl
|
||||
oUDp7+1hfWvEXG7Fh9I/NO3/gr6oq7RWR20gbDGJccpKODHq/4MW9rqstPAeH1nj
|
||||
sXk6TTUOt4Hx2YOLapw5hbpQImYpVZ7oopgHQtIi5Yl2qMJBRHDxRjxJo1f5Vk4G
|
||||
pYBTnv7rckm1bL1KdhI3gQ3DnVKnNaBx9RlaDESjJuz00/f/ElWsFVJ3gqjhQjTc
|
||||
cluz40aU6+aj6tbnDDps9lCD8CVRyEBGy+SC9zbZKM5m2dBvXKp0a2ElxppQa3XK
|
||||
uXx+6qzHInyDFkF1Yp4c2yHK0aVtFZuud3n8QwIDAQABAoIBAE1Q9c+Bt/2oFMUl
|
||||
vqXZ/UCpsorif2felnkcF5ZxyyMkAv1Zm/0ujf17NIe3mOBoKzNGp4h47PEyJdE0
|
||||
ZsJ4sSsKKGqJk6M1WYl/t1hqdLfZDPqY5pMhLqryfASjNCobwT/oJYi7dgQgHu6u
|
||||
hmgYSrY9Er/Ass3BKyeZMHDTfKZlvM8GZ/oF8bhkD1P/fi6xU1bhs1XCTQpkkING
|
||||
eESbD5ZGMZU4HYusdmOmf2Y4LXqVZkag86Fw7XAg6b80FDR8Af6S9fzoPA7Aapmg
|
||||
uvH19BHeSH/DiLTQ6d31GijSsx+rW/F5mrs5wldGO/htTJwRx0YoccUMPF2mMx+d
|
||||
ShOlzckCgYEA9p9rT7kkj1ZglNB1gwo+IdbEZydlK3NvHmXMFa3IkmBg1nK1dpnM
|
||||
0DK0Ycyb7LIuBN3sc2QV5+D3Yv8LspeTMBVajddts/dIJKQb51hRsC3PvQVUnaMD
|
||||
3YYqDmZUlIv9bKfvAbOuNUOg4FXkaXFkkNNsLxv92bARKHPLo6eE7UcCgYEA0fYU
|
||||
ImTKv9W8rpPcc7lf8Ffhw7mRrMTA/qFNSdJvjED9UXzH7Dp0abQ9nK8XxTWEl0oe
|
||||
l0h+5H5YiV6Li8BXcWgnferbpi0Jwkdvh2Qc7LmJ/o278KLPKIqDItRd0gEgC9hR
|
||||
H1M91Y1pNcv1Mj95hKx3L0ROXhwBAy4ohddjRyUCgYEAp8VFdEOHynbBVxsEhfNm
|
||||
1xBKJb5YBZoOgohPsIO7SVCFL/1y0s7H1O5ZZZqSjA+eXLM30jvI5yhUQqUsKP8S
|
||||
IwizxIBD4cSb8Ekvrk6Xq5lOk9DXgjFORNmrLIaSjUc6TDtlzSuVnCh4fYQQ0WZR
|
||||
OnCJTPbm1rr+wR0c8CTauasCgYEAqie7eYQlrAITv4elCUQaNDWEiZJCNLnfjnw6
|
||||
nrEkJY4lvXxaqV9WKLQhmnFr2i7dHZ672+6sp5CdP/aXMNLYCthV6P4EtE+bsQ8j
|
||||
m53OsypKYzmKLiJDsJ9QV1G0FxVCW1cbpz9WxVKtCSQZuncmjBcZH/1DZZFcYK9v
|
||||
t8gudOECgYEAh3hlXVeMv2/oEW21G7D0s3Cv2vOSvBogdwVRP8EGOkn43rh5GXZm
|
||||
7NVJjJNwURwLcowb0F4B/RILxArtjW2srUo1nbq5UoCiFNJ/00JoRSzAz1ad7S2o
|
||||
0nRuVLQ50WYG/HBTP2M4yQbpP/E+5PCNMGx2kgyuTUyeCl+LEE8bg5k=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
@@ -1,9 +0,0 @@
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAykU3Mstq1blenHseRnUU
|
||||
91Vp7W6lTwuKegXAExAHklw4DkWloUDp7+1hfWvEXG7Fh9I/NO3/gr6oq7RWR20g
|
||||
bDGJccpKODHq/4MW9rqstPAeH1njsXk6TTUOt4Hx2YOLapw5hbpQImYpVZ7oopgH
|
||||
QtIi5Yl2qMJBRHDxRjxJo1f5Vk4GpYBTnv7rckm1bL1KdhI3gQ3DnVKnNaBx9Rla
|
||||
DESjJuz00/f/ElWsFVJ3gqjhQjTccluz40aU6+aj6tbnDDps9lCD8CVRyEBGy+SC
|
||||
9zbZKM5m2dBvXKp0a2ElxppQa3XKuXx+6qzHInyDFkF1Yp4c2yHK0aVtFZuud3n8
|
||||
QwIDAQAB
|
||||
-----END PUBLIC KEY-----
|
||||
@@ -1,99 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2015-2016 Yubico AB
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are
|
||||
* met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* * Redistributions in binary form must reproduce the above
|
||||
* copyright notice, this list of conditions and the following
|
||||
* disclaimer in the documentation and/or other materials provided
|
||||
* with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
*/
|
||||
|
||||
#include <check.h>
|
||||
|
||||
#include <stdbool.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <assert.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "util.h"
|
||||
|
||||
#ifdef _WIN32
|
||||
#define pipe(fds) _pipe(fds,4096, 0)
|
||||
#endif
|
||||
|
||||
enum enum_format formats[] = {
|
||||
format_arg_base64,
|
||||
format_arg_hex,
|
||||
format_arg_binary,
|
||||
};
|
||||
|
||||
static bool inout(enum enum_format format) {
|
||||
const unsigned char buf[] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08};
|
||||
unsigned char buf2[sizeof(buf)];
|
||||
int pipefd[2];
|
||||
FILE *tmp1, *tmp2;
|
||||
|
||||
if (pipe(pipefd) != 0)
|
||||
return false;
|
||||
tmp1 = fdopen(pipefd[1], "w");
|
||||
dump_data(buf, sizeof(buf), tmp1, false, format);
|
||||
fclose(tmp1);
|
||||
tmp2 = fdopen(pipefd[0], "r");
|
||||
read_data(buf2, sizeof(buf2), tmp2, format);
|
||||
if (memcmp(buf, buf2, sizeof(buf)) != 0)
|
||||
return false;
|
||||
fclose(tmp2);
|
||||
return true;
|
||||
}
|
||||
|
||||
START_TEST(test_inout) {
|
||||
ck_assert(inout(formats[_i]));
|
||||
}
|
||||
END_TEST
|
||||
|
||||
Suite *test_suite(void) {
|
||||
Suite *s;
|
||||
TCase *tc;
|
||||
|
||||
s = suite_create("yubico-piv-tool inout");
|
||||
tc = tcase_create("inout");
|
||||
tcase_add_loop_test(tc, test_inout, 0, sizeof(formats) / sizeof(*formats));
|
||||
suite_add_tcase(s, tc);
|
||||
|
||||
return s;
|
||||
}
|
||||
|
||||
int main(void)
|
||||
{
|
||||
int number_failed;
|
||||
Suite *s;
|
||||
SRunner *sr;
|
||||
|
||||
s = test_suite();
|
||||
sr = srunner_create(s);
|
||||
srunner_run_all(sr, CK_NORMAL);
|
||||
number_failed = srunner_ntests_failed(sr);
|
||||
srunner_free(sr);
|
||||
return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
|
||||
}
|
||||
-594
@@ -1,594 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2014-2016 Yubico AB
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are
|
||||
* met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* * Redistributions in binary form must reproduce the above
|
||||
* copyright notice, this list of conditions and the following
|
||||
* disclaimer in the documentation and/or other materials provided
|
||||
* with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdbool.h>
|
||||
#include <string.h>
|
||||
|
||||
#ifdef _WIN32
|
||||
#include <windows.h>
|
||||
#endif
|
||||
|
||||
#include "openssl-compat.h"
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/rsa.h>
|
||||
|
||||
#include <ykpiv.h>
|
||||
|
||||
#include "cmdline.h"
|
||||
#include "util.h"
|
||||
|
||||
FILE *open_file(const char *file_name, enum file_mode mode) {
|
||||
FILE *file;
|
||||
const char *mod;
|
||||
if(!strcmp(file_name, "-")) {
|
||||
file = (mode == INPUT_TEXT || mode == INPUT_BIN) ? stdin : stdout;
|
||||
} else {
|
||||
switch (mode) {
|
||||
case INPUT_TEXT:
|
||||
mod = "r";
|
||||
break;
|
||||
case INPUT_BIN:
|
||||
mod = "rb";
|
||||
break;
|
||||
case OUTPUT_TEXT:
|
||||
mod = "w";
|
||||
break;
|
||||
case OUTPUT_BIN:
|
||||
mod = "wb";
|
||||
break;
|
||||
default:
|
||||
fprintf(stderr, "Invalid file mode.\n");
|
||||
return NULL;
|
||||
break;
|
||||
}
|
||||
file = fopen(file_name, mod);
|
||||
if(!file) {
|
||||
fprintf(stderr, "Failed opening '%s'!\n", file_name);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
return file;
|
||||
}
|
||||
|
||||
unsigned char get_algorithm(EVP_PKEY *key) {
|
||||
int type = EVP_PKEY_type(EVP_PKEY_id(key));
|
||||
switch(type) {
|
||||
case EVP_PKEY_RSA:
|
||||
{
|
||||
RSA *rsa = EVP_PKEY_get1_RSA(key);
|
||||
int size = RSA_size(rsa);
|
||||
if(size == 256) {
|
||||
return YKPIV_ALGO_RSA2048;
|
||||
} else if(size == 128) {
|
||||
return YKPIV_ALGO_RSA1024;
|
||||
} else {
|
||||
fprintf(stderr, "Unusable key of %d bits, only 1024 and 2048 are supported.\n", size * 8);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
case EVP_PKEY_EC:
|
||||
{
|
||||
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
|
||||
const EC_GROUP *group = EC_KEY_get0_group(ec);
|
||||
int curve = EC_GROUP_get_curve_name(group);
|
||||
if(curve == NID_X9_62_prime256v1) {
|
||||
return YKPIV_ALGO_ECCP256;
|
||||
} else if(curve == NID_secp384r1) {
|
||||
return YKPIV_ALGO_ECCP384;
|
||||
} else {
|
||||
fprintf(stderr, "Unknown EC curve %d\n", curve);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
default:
|
||||
fprintf(stderr, "Unknown algorithm %d.\n", type);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
X509_NAME *parse_name(const char *orig_name) {
|
||||
char name[1025];
|
||||
X509_NAME *parsed = NULL;
|
||||
char *ptr = name;
|
||||
char *part;
|
||||
|
||||
if(strlen(orig_name) > 1024) {
|
||||
fprintf(stderr, "Name is too long!\n");
|
||||
return NULL;
|
||||
}
|
||||
strcpy(name, orig_name);
|
||||
|
||||
if(*name != '/') {
|
||||
fprintf(stderr, "Name does not start with '/'!\n");
|
||||
return NULL;
|
||||
}
|
||||
parsed = X509_NAME_new();
|
||||
if(!parsed) {
|
||||
fprintf(stderr, "Failed to allocate memory\n");
|
||||
return NULL;
|
||||
}
|
||||
while((part = strtok(ptr, "/"))) {
|
||||
char *key;
|
||||
char *value;
|
||||
char *equals = strchr(part, '=');
|
||||
if(!equals) {
|
||||
fprintf(stderr, "The part '%s' doesn't seem to contain a =.\n", part);
|
||||
goto parse_err;
|
||||
}
|
||||
*equals++ = '\0';
|
||||
value = equals;
|
||||
key = part;
|
||||
|
||||
ptr = NULL;
|
||||
if(!key) {
|
||||
fprintf(stderr, "Malformed name (%s)\n", part);
|
||||
goto parse_err;
|
||||
}
|
||||
if(!value) {
|
||||
fprintf(stderr, "Malformed name (%s)\n", part);
|
||||
goto parse_err;
|
||||
}
|
||||
if(!X509_NAME_add_entry_by_txt(parsed, key, MBSTRING_UTF8, (unsigned char*)value, -1, -1, 0)) {
|
||||
fprintf(stderr, "Failed adding %s=%s to name.\n", key, value);
|
||||
goto parse_err;
|
||||
}
|
||||
}
|
||||
return parsed;
|
||||
parse_err:
|
||||
X509_NAME_free(parsed);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
size_t read_data(unsigned char *buf, size_t len, FILE* input, enum enum_format format) {
|
||||
char raw_buf[3072 * 2];
|
||||
size_t raw_len = sizeof(raw_buf);
|
||||
raw_len = fread(raw_buf, 1, raw_len, input);
|
||||
switch(format) {
|
||||
case format_arg_hex:
|
||||
if(raw_buf[raw_len - 1] == '\n') {
|
||||
raw_len -= 1;
|
||||
}
|
||||
if(ykpiv_hex_decode(raw_buf, raw_len, buf, &len) != YKPIV_OK) {
|
||||
return 0;
|
||||
}
|
||||
return len;
|
||||
case format_arg_base64:
|
||||
{
|
||||
int read;
|
||||
BIO *b64 = BIO_new(BIO_f_base64());
|
||||
BIO *bio = BIO_new_mem_buf(raw_buf, raw_len);
|
||||
BIO_push(b64, bio);
|
||||
read = BIO_read(b64, buf, len);
|
||||
BIO_free_all(b64);
|
||||
if(read <= 0) {
|
||||
return 0;
|
||||
} else {
|
||||
return (size_t)read;
|
||||
}
|
||||
}
|
||||
break;
|
||||
case format_arg_binary:
|
||||
if(raw_len > len) {
|
||||
return 0;
|
||||
}
|
||||
memcpy(buf, raw_buf, raw_len);
|
||||
return raw_len;
|
||||
case format__NULL:
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
void dump_data(const unsigned char *buf, unsigned int len, FILE *output, bool space, enum enum_format format) {
|
||||
switch(format) {
|
||||
case format_arg_hex:
|
||||
{
|
||||
char tmp[3072 * 3 + 1];
|
||||
unsigned int i;
|
||||
unsigned int step = 2;
|
||||
if(space) step += 1;
|
||||
if(len > 3072) {
|
||||
return;
|
||||
}
|
||||
for (i = 0; i < len; i++) {
|
||||
sprintf(tmp + i * step, "%02x%s", buf[i], space == true ? " " : "");
|
||||
}
|
||||
fprintf(output, "%s\n", tmp);
|
||||
}
|
||||
return;
|
||||
case format_arg_base64:
|
||||
{
|
||||
BIO *b64 = BIO_new(BIO_f_base64());
|
||||
BIO *bio = BIO_new_fp(output, BIO_NOCLOSE);
|
||||
BIO_push(b64, bio);
|
||||
BIO_write(b64, buf, (int)len);
|
||||
BIO_flush(b64);
|
||||
BIO_free_all(b64);
|
||||
}
|
||||
return;
|
||||
case format_arg_binary:
|
||||
fwrite(buf, 1, len, output);
|
||||
return;
|
||||
case format__NULL:
|
||||
default:
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
int get_length(const unsigned char *buffer, int *len) {
|
||||
if(buffer[0] < 0x81) {
|
||||
*len = buffer[0];
|
||||
return 1;
|
||||
} else if((*buffer & 0x7f) == 1) {
|
||||
*len = buffer[1];
|
||||
return 2;
|
||||
} else if((*buffer & 0x7f) == 2) {
|
||||
*len = (buffer[1] << 8) + buffer[2];
|
||||
return 3;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
int set_length(unsigned char *buffer, int length) {
|
||||
if(length < 0x80) {
|
||||
*buffer++ = length;
|
||||
return 1;
|
||||
} else if(length < 0xff) {
|
||||
*buffer++ = 0x81;
|
||||
*buffer++ = length;
|
||||
return 2;
|
||||
} else {
|
||||
*buffer++ = 0x82;
|
||||
*buffer++ = (length >> 8) & 0xff;
|
||||
*buffer++ = length & 0xff;
|
||||
return 3;
|
||||
}
|
||||
}
|
||||
|
||||
int get_slot_hex(enum enum_slot slot_enum) {
|
||||
int slot = -1;
|
||||
|
||||
switch (slot_enum) {
|
||||
case slot_arg_9a:
|
||||
slot = 0x9a;
|
||||
break;
|
||||
case slot_arg_9c:
|
||||
case slot_arg_9d:
|
||||
case slot_arg_9e:
|
||||
slot = 0x9c + ((int)slot_enum - (int)slot_arg_9c);
|
||||
break;
|
||||
case slot_arg_82:
|
||||
case slot_arg_83:
|
||||
case slot_arg_84:
|
||||
case slot_arg_85:
|
||||
case slot_arg_86:
|
||||
case slot_arg_87:
|
||||
case slot_arg_88:
|
||||
case slot_arg_89:
|
||||
case slot_arg_8a:
|
||||
case slot_arg_8b:
|
||||
case slot_arg_8c:
|
||||
case slot_arg_8d:
|
||||
case slot_arg_8e:
|
||||
case slot_arg_8f:
|
||||
case slot_arg_90:
|
||||
case slot_arg_91:
|
||||
case slot_arg_92:
|
||||
case slot_arg_93:
|
||||
case slot_arg_94:
|
||||
case slot_arg_95:
|
||||
slot = 0x82 + ((int)slot_enum - (int)slot_arg_82);
|
||||
break;
|
||||
case slot_arg_f9:
|
||||
slot = 0xf9;
|
||||
break;
|
||||
case slot__NULL:
|
||||
default:
|
||||
slot = -1;
|
||||
}
|
||||
|
||||
return slot;
|
||||
}
|
||||
|
||||
bool set_component(unsigned char *in_ptr, const BIGNUM *bn, int element_len) {
|
||||
int real_len = BN_num_bytes(bn);
|
||||
|
||||
if(real_len > element_len) {
|
||||
return false;
|
||||
}
|
||||
memset(in_ptr, 0, (size_t)(element_len - real_len));
|
||||
in_ptr += element_len - real_len;
|
||||
BN_bn2bin(bn, in_ptr);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool prepare_rsa_signature(const unsigned char *in, unsigned int in_len, unsigned char *out, unsigned int *out_len, int nid) {
|
||||
X509_SIG *digestInfo;
|
||||
X509_ALGOR *algor;
|
||||
ASN1_OCTET_STRING *digest;
|
||||
unsigned char data[1024];
|
||||
|
||||
memcpy(data, in, in_len);
|
||||
|
||||
digestInfo = X509_SIG_new();
|
||||
X509_SIG_getm(digestInfo, &algor, &digest);
|
||||
algor->algorithm = OBJ_nid2obj(nid);
|
||||
X509_ALGOR_set0(algor, OBJ_nid2obj(nid), V_ASN1_NULL, NULL);
|
||||
ASN1_STRING_set(digest, data, in_len);
|
||||
*out_len = (unsigned int)i2d_X509_SIG(digestInfo, &out);
|
||||
X509_SIG_free(digestInfo);
|
||||
return true;
|
||||
}
|
||||
|
||||
bool read_pw(const char *name, char *pwbuf, size_t pwbuflen, int verify, int stdin_input) {
|
||||
#define READ_PW_PROMPT_BASE "Enter %s: "
|
||||
char prompt[sizeof(READ_PW_PROMPT_BASE) + 32] = {0};
|
||||
int ret;
|
||||
|
||||
if (pwbuflen < 1) {
|
||||
fprintf(stderr, "Failed to read %s: buffer too small.", name);
|
||||
return false;
|
||||
}
|
||||
|
||||
if(stdin_input) {
|
||||
fprintf(stdout, "%s\n", name);
|
||||
if(fgets(pwbuf, pwbuflen, stdin)) {
|
||||
if(pwbuf[strlen(pwbuf) - 1] == '\n') {
|
||||
pwbuf[strlen(pwbuf) - 1] = '\0';
|
||||
}
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
ret = snprintf(prompt, sizeof(prompt), READ_PW_PROMPT_BASE, name);
|
||||
if (ret < 0 || ((unsigned int) ret) > (sizeof(prompt)-1)) {
|
||||
fprintf(stderr, "Failed to read %s: snprintf failed.\n", name);
|
||||
return false;
|
||||
}
|
||||
|
||||
if (0 != EVP_read_pw_string(pwbuf, pwbuflen-1, prompt, verify)) {
|
||||
fprintf(stderr, "Retrieving %s failed.\n", name);
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
static unsigned const char sha1oid[] = {
|
||||
0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00,
|
||||
0x04, 0x14
|
||||
};
|
||||
|
||||
static unsigned const char sha256oid[] = {
|
||||
0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
|
||||
0x02, 0x01, 0x05, 0x00, 0x04, 0x20
|
||||
};
|
||||
|
||||
static unsigned const char sha384oid[] = {
|
||||
0x30, 0x41, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
|
||||
0x02, 0x02, 0x05, 0x00, 0x04, 0x30
|
||||
};
|
||||
|
||||
static unsigned const char sha512oid[] = {
|
||||
0x30, 0x51, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
|
||||
0x02, 0x03, 0x05, 0x00, 0x04, 0x40
|
||||
};
|
||||
|
||||
const EVP_MD *get_hash(enum enum_hash hash, const unsigned char **oid, size_t *oid_len) {
|
||||
switch(hash) {
|
||||
case hash_arg_SHA1:
|
||||
if(oid) {
|
||||
*oid = sha1oid;
|
||||
*oid_len = sizeof(sha1oid);
|
||||
}
|
||||
return EVP_sha1();
|
||||
case hash_arg_SHA256:
|
||||
if(oid) {
|
||||
*oid = sha256oid;
|
||||
*oid_len = sizeof(sha256oid);
|
||||
}
|
||||
return EVP_sha256();
|
||||
case hash_arg_SHA384:
|
||||
if(oid) {
|
||||
*oid = sha384oid;
|
||||
*oid_len = sizeof(sha384oid);
|
||||
}
|
||||
return EVP_sha384();
|
||||
case hash_arg_SHA512:
|
||||
if(oid) {
|
||||
*oid = sha512oid;
|
||||
*oid_len = sizeof(sha512oid);
|
||||
}
|
||||
return EVP_sha512();
|
||||
case hash__NULL:
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
int get_hashnid(enum enum_hash hash, unsigned char algorithm) {
|
||||
switch(algorithm) {
|
||||
case YKPIV_ALGO_RSA1024:
|
||||
case YKPIV_ALGO_RSA2048:
|
||||
switch(hash) {
|
||||
case hash_arg_SHA1:
|
||||
return NID_sha1WithRSAEncryption;
|
||||
case hash_arg_SHA256:
|
||||
return NID_sha256WithRSAEncryption;
|
||||
case hash_arg_SHA384:
|
||||
return NID_sha384WithRSAEncryption;
|
||||
case hash_arg_SHA512:
|
||||
return NID_sha512WithRSAEncryption;
|
||||
case hash__NULL:
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
case YKPIV_ALGO_ECCP256:
|
||||
case YKPIV_ALGO_ECCP384:
|
||||
switch(hash) {
|
||||
case hash_arg_SHA1:
|
||||
return NID_ecdsa_with_SHA1;
|
||||
case hash_arg_SHA256:
|
||||
return NID_ecdsa_with_SHA256;
|
||||
case hash_arg_SHA384:
|
||||
return NID_ecdsa_with_SHA384;
|
||||
case hash_arg_SHA512:
|
||||
return NID_ecdsa_with_SHA512;
|
||||
case hash__NULL:
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
unsigned char get_piv_algorithm(enum enum_algorithm algorithm) {
|
||||
switch(algorithm) {
|
||||
case algorithm_arg_RSA2048:
|
||||
return YKPIV_ALGO_RSA2048;
|
||||
case algorithm_arg_RSA1024:
|
||||
return YKPIV_ALGO_RSA1024;
|
||||
case algorithm_arg_ECCP256:
|
||||
return YKPIV_ALGO_ECCP256;
|
||||
case algorithm_arg_ECCP384:
|
||||
return YKPIV_ALGO_ECCP384;
|
||||
case algorithm__NULL:
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
unsigned char get_pin_policy(enum enum_pin_policy policy) {
|
||||
switch(policy) {
|
||||
case pin_policy_arg_never:
|
||||
return YKPIV_PINPOLICY_NEVER;
|
||||
case pin_policy_arg_once:
|
||||
return YKPIV_PINPOLICY_ONCE;
|
||||
case pin_policy_arg_always:
|
||||
return YKPIV_PINPOLICY_ALWAYS;
|
||||
case pin_policy__NULL:
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
unsigned char get_touch_policy(enum enum_touch_policy policy) {
|
||||
switch(policy) {
|
||||
case touch_policy_arg_never:
|
||||
return YKPIV_TOUCHPOLICY_NEVER;
|
||||
case touch_policy_arg_always:
|
||||
return YKPIV_TOUCHPOLICY_ALWAYS;
|
||||
case touch_policy_arg_cached:
|
||||
return YKPIV_TOUCHPOLICY_CACHED;
|
||||
case touch_policy__NULL:
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
int SSH_write_X509(FILE *fp, X509 *x) {
|
||||
|
||||
EVP_PKEY *pkey = NULL;
|
||||
int ret = 0;
|
||||
|
||||
pkey = X509_get_pubkey(x);
|
||||
|
||||
if (pkey == NULL) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
switch (EVP_PKEY_id(pkey)) {
|
||||
case EVP_PKEY_RSA:
|
||||
case EVP_PKEY_RSA2: {
|
||||
RSA *rsa;
|
||||
unsigned char n[256];
|
||||
const BIGNUM *bn_n;
|
||||
|
||||
char rsa_id[] = "\x00\x00\x00\x07ssh-rsa";
|
||||
char rsa_f4[] = "\x00\x00\x00\x03\x01\x00\x01";
|
||||
|
||||
rsa = EVP_PKEY_get1_RSA(pkey);
|
||||
RSA_get0_key(rsa, &bn_n, NULL, NULL);
|
||||
|
||||
if (!set_component(n, bn_n, RSA_size(rsa))) {
|
||||
break;
|
||||
}
|
||||
|
||||
uint32_t bytes = BN_num_bytes(bn_n);
|
||||
char len_buf[5];
|
||||
int len = 4;
|
||||
|
||||
len_buf[0] = (bytes >> 24) & 0x000000ff;
|
||||
len_buf[1] = (bytes << 16) & 0x000000ff;
|
||||
len_buf[2] = (bytes >> 8) & 0x000000ff;
|
||||
len_buf[3] = (bytes) & 0x000000ff;
|
||||
|
||||
if (n[0] >= 0x80) {
|
||||
// High bit set, need an extra byte
|
||||
len++;
|
||||
len_buf[3]++;
|
||||
len_buf[4] = 0;
|
||||
}
|
||||
|
||||
fprintf(fp, "ssh-rsa ");
|
||||
|
||||
BIO *b64 = BIO_new(BIO_f_base64());
|
||||
BIO *bio = BIO_new_fp(fp, BIO_NOCLOSE);
|
||||
|
||||
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
|
||||
BIO_push(b64, bio);
|
||||
|
||||
BIO_write(b64, rsa_id, sizeof(rsa_id) - 1);
|
||||
BIO_write(b64, rsa_f4, sizeof(rsa_f4) - 1);
|
||||
BIO_write(b64, len_buf, len);
|
||||
BIO_write(b64, n, RSA_size(rsa));
|
||||
BIO_flush(b64);
|
||||
BIO_free_all(b64);
|
||||
|
||||
ret = 1;
|
||||
|
||||
} break;
|
||||
|
||||
case EVP_PKEY_EC:
|
||||
break;
|
||||
}
|
||||
|
||||
EVP_PKEY_free(pkey);
|
||||
|
||||
return ret;
|
||||
|
||||
}
|
||||
-66
@@ -1,66 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2014-2016 Yubico AB
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are
|
||||
* met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* * Redistributions in binary form must reproduce the above
|
||||
* copyright notice, this list of conditions and the following
|
||||
* disclaimer in the documentation and/or other materials provided
|
||||
* with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef YUBICO_PIV_TOOL_INTERNAL_H
|
||||
#define YUBICO_PIV_TOOL_INTERNAL_H
|
||||
|
||||
#include <stdbool.h>
|
||||
|
||||
#include <openssl/x509.h>
|
||||
|
||||
#include "cmdline.h"
|
||||
|
||||
enum file_mode {
|
||||
INPUT_TEXT,
|
||||
OUTPUT_TEXT,
|
||||
INPUT_BIN,
|
||||
OUTPUT_BIN,
|
||||
};
|
||||
|
||||
size_t read_data(unsigned char*, size_t, FILE*, enum enum_format);
|
||||
void dump_data(unsigned const char*, unsigned int, FILE*, bool, enum enum_format);
|
||||
int set_length(unsigned char*, int);
|
||||
int get_length(const unsigned char*, int*);
|
||||
X509_NAME *parse_name(const char*);
|
||||
unsigned char get_algorithm(EVP_PKEY*);
|
||||
FILE *open_file(const char *file_name, enum file_mode mode);
|
||||
int get_slot_hex(enum enum_slot slot_enum);
|
||||
bool set_component(unsigned char *in_ptr, const BIGNUM *bn, int element_len);
|
||||
bool prepare_rsa_signature(const unsigned char*, unsigned int, unsigned char*,
|
||||
unsigned int*, int);
|
||||
bool read_pw(const char*, char*, size_t, int, int);
|
||||
const EVP_MD *get_hash(enum enum_hash, const unsigned char**, size_t*);
|
||||
int get_hashnid(enum enum_hash, unsigned char);
|
||||
unsigned char get_piv_algorithm(enum enum_algorithm);
|
||||
unsigned char get_pin_policy(enum enum_pin_policy);
|
||||
unsigned char get_touch_policy(enum enum_touch_policy);
|
||||
int SSH_write_X509(FILE *fp, X509 *x);
|
||||
|
||||
#endif
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1,90 +0,0 @@
|
||||
# Copyright (c) 2014-2016 Yubico AB
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
# met:
|
||||
#
|
||||
# * Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
#
|
||||
# * Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following
|
||||
# disclaimer in the documentation and/or other materials provided
|
||||
# with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
[EXAMPLES]
|
||||
|
||||
For more information about what's happening \-\-verbose can be added
|
||||
to any command. For much more information \-\-verbose=2 may be used.
|
||||
|
||||
Display what version of the application is running on the YubiKey:
|
||||
|
||||
yubico\-piv\-tool \-aversion
|
||||
|
||||
Generate a new ECC\-P256 key on device in slot 9a, will print the public
|
||||
key on stdout:
|
||||
|
||||
yubico\-piv\-tool \-s9a \-AECCP256 \-agenerate
|
||||
|
||||
Generate a certificate request with public key from stdin, will print
|
||||
the resulting request on stdout:
|
||||
|
||||
yubico\-piv\-tool \-s9a \-S'/CN=foo/OU=test/O=example.com/' \-averify \\
|
||||
\-arequest
|
||||
|
||||
Generate a self\-signed certificate with public key from stdin, will print
|
||||
the certificate, for later import, on stdout:
|
||||
|
||||
yubico\-piv\-tool \-s9a \-S'/CN=bar/OU=test/O=example.com/' \-averify \\
|
||||
\-aselfsign
|
||||
|
||||
Import a certificate from stdin:
|
||||
|
||||
yubico\-piv\-tool \-s9a \-aimport\-certificate
|
||||
|
||||
Set a random chuid, import a key and import a certificate from a PKCS12
|
||||
file, into slot 9c:
|
||||
|
||||
yubico\-piv\-tool \-s9c \-itest.pfx \-KPKCS12 \-aset\-chuid \\
|
||||
\-aimport\-key \-aimport\-cert
|
||||
|
||||
Import a certificate which is larger than 2048 bytes and thus requires
|
||||
compression in order to fit:
|
||||
|
||||
openssl x509 \-in cert.pem \-outform DER | gzip \-9 > der.gz
|
||||
yubico\-piv\-tool \-s9c \-ider.gz \-KGZIP \-aimport\-cert
|
||||
|
||||
Change the management key used for administrative authentication:
|
||||
|
||||
yubico\-piv\-tool \-aset\-mgm\-key
|
||||
|
||||
Delete a certificate in slot 9a, with management key being asked for:
|
||||
|
||||
yubico\-piv\-tool \-adelete\-certificate \-s9a \-k
|
||||
|
||||
Show some information on certificates and other data:
|
||||
|
||||
yubico\-piv\-tool \-astatus
|
||||
|
||||
Read out the certificate from a slot and then run a signature test:
|
||||
|
||||
yubico\-piv\-tool \-aread\-cert \-s9a
|
||||
yubico\-piv\-tool \-averify\-pin \-atest\-signature \-s9a
|
||||
|
||||
Import a key into slot 85 (only available on YubiKey 4) and set the
|
||||
touch policy (also only available on YubiKey 4):
|
||||
|
||||
yubico-piv-tool \-aimport\-key \-s85 \-\-touch-policy=always \-ikey.pem
|
||||
Reference in New Issue
Block a user