start implementing signer
This commit is contained in:
@@ -33,7 +33,7 @@ text "
|
|||||||
9d is for Key Management
|
9d is for Key Management
|
||||||
9e is for Card Authentication (PIN never checked)\n"
|
9e is for Card Authentication (PIN never checked)\n"
|
||||||
option "algorithm" A "What algorithm to use" values="RSA1024","RSA2048","ECCP256" enum optional default="RSA2048"
|
option "algorithm" A "What algorithm to use" values="RSA1024","RSA2048","ECCP256" enum optional default="RSA2048"
|
||||||
|
option "hash" H "Hash to use for the signature" values="SHA1","SHA256" enum optional default="SHA1"
|
||||||
option "input" i "Filename to use as input, - for stdin" string optional default="-"
|
option "input" i "Filename to use as input, - for stdin" string optional default="-"
|
||||||
option "output" o "Filename to use as output, - for stdout" string optional default="-"
|
option "output" o "Filename to use as output, - for stdout" string optional default="-"
|
||||||
option "pin" P "Pin code for verification" string
|
option "pin" P "Pin code for verification" string
|
||||||
option "hash" H "Hash to use for the signature" values="SHA1","SHA256" enum optional default="SHA1"
|
|
||||||
|
|||||||
@@ -40,6 +40,7 @@
|
|||||||
|
|
||||||
#include <ykpiv.h>
|
#include <ykpiv.h>
|
||||||
|
|
||||||
|
#include "cmdline.h"
|
||||||
#include "util.h"
|
#include "util.h"
|
||||||
|
|
||||||
FILE *open_file(const char *file_name, int mode) {
|
FILE *open_file(const char *file_name, int mode) {
|
||||||
|
|||||||
@@ -30,8 +30,6 @@
|
|||||||
#ifndef YUBICO_PIV_TOOL_INTERNAL_H
|
#ifndef YUBICO_PIV_TOOL_INTERNAL_H
|
||||||
#define YUBICO_PIV_TOOL_INTERNAL_H
|
#define YUBICO_PIV_TOOL_INTERNAL_H
|
||||||
|
|
||||||
#include "cmdline.h"
|
|
||||||
|
|
||||||
#include <openssl/x509.h>
|
#include <openssl/x509.h>
|
||||||
|
|
||||||
#define INPUT 1
|
#define INPUT 1
|
||||||
|
|||||||
@@ -38,6 +38,7 @@
|
|||||||
#include <windows.h>
|
#include <windows.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#include "cmdline-signer.h"
|
||||||
#include "util.h"
|
#include "util.h"
|
||||||
|
|
||||||
static bool verify_pin(ykpiv_state *state, const char *pin) {
|
static bool verify_pin(ykpiv_state *state, const char *pin) {
|
||||||
@@ -56,7 +57,7 @@ static bool verify_pin(ykpiv_state *state, const char *pin) {
|
|||||||
if(tries > 0) {
|
if(tries > 0) {
|
||||||
fprintf(stderr, "Pin verification failed, %d tries left before pin is blocked.\n", tries);
|
fprintf(stderr, "Pin verification failed, %d tries left before pin is blocked.\n", tries);
|
||||||
} else {
|
} else {
|
||||||
fprintf(stderr, "Pin code blocked, use unblock-pin action to unblock.\n");
|
fprintf(stderr, "Pin code blocked.\n");
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
fprintf(stderr, "Pin code verification failed: '%s'\n", ykpiv_strerror(res));
|
fprintf(stderr, "Pin code verification failed: '%s'\n", ykpiv_strerror(res));
|
||||||
@@ -64,11 +65,77 @@ static bool verify_pin(ykpiv_state *state, const char *pin) {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static bool sign_file(ykpiv_state *state, const char *input, const char *output,
|
||||||
|
const char *slot, enum enum_algorithm algorithm, enum enum_hash hash,
|
||||||
|
int verbosity) {
|
||||||
|
FILE *input_file = NULL;
|
||||||
|
FILE *output_file = NULL;
|
||||||
|
int key;
|
||||||
|
const EVP_MD *md;
|
||||||
|
EVP_MD_CTX *mdctx = NULL;
|
||||||
|
unsigned int hash_len;
|
||||||
|
unsigned char hashed[EVP_MAX_MD_SIZE];
|
||||||
|
bool ret = false;
|
||||||
|
|
||||||
|
sscanf(slot, "%x", &key);
|
||||||
|
|
||||||
|
input_file = open_file(input, INPUT);
|
||||||
|
if(!input_file) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
output_file = open_file(output, OUTPUT);
|
||||||
|
if(!output_file) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
switch(hash) {
|
||||||
|
case hash_arg_SHA1:
|
||||||
|
md = EVP_sha1();
|
||||||
|
break;
|
||||||
|
case hash_arg_SHA256:
|
||||||
|
md = EVP_sha256();
|
||||||
|
break;
|
||||||
|
case hash__NULL:
|
||||||
|
default:
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
mdctx = EVP_MD_CTX_create();
|
||||||
|
EVP_DigestInit_ex(mdctx, md, NULL);
|
||||||
|
while(!feof(input_file)) {
|
||||||
|
char buf[1024];
|
||||||
|
size_t len = fread(buf, 1, 1024, input_file);
|
||||||
|
EVP_DigestUpdate(mdctx, buf, len);
|
||||||
|
}
|
||||||
|
EVP_DigestFinal_ex(mdctx, hashed, &hash_len);
|
||||||
|
|
||||||
|
if(verbosity) {
|
||||||
|
fprintf(stderr, "file hashed as: ");
|
||||||
|
dump_hex(hashed, hash_len);
|
||||||
|
fprintf(stderr, "\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
out:
|
||||||
|
if(input_file && input_file != stdin) {
|
||||||
|
fclose(input_file);
|
||||||
|
}
|
||||||
|
|
||||||
|
if(output_file && output_file != stdout) {
|
||||||
|
fclose(output_file);
|
||||||
|
}
|
||||||
|
|
||||||
|
if(mdctx) {
|
||||||
|
EVP_MD_CTX_destroy(mdctx);
|
||||||
|
}
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
int main(int argc, char *argv[]) {
|
int main(int argc, char *argv[]) {
|
||||||
struct gengetopt_args_info args_info;
|
struct gengetopt_args_info args_info;
|
||||||
ykpiv_state *state;
|
ykpiv_state *state;
|
||||||
int verbosity;
|
int verbosity;
|
||||||
enum enum_action action;
|
|
||||||
int ret = EXIT_SUCCESS;
|
int ret = EXIT_SUCCESS;
|
||||||
|
|
||||||
if(cmdline_parser(argc, argv, &args_info) != 0) {
|
if(cmdline_parser(argc, argv, &args_info) != 0) {
|
||||||
@@ -96,6 +163,9 @@ int main(int argc, char *argv[]) {
|
|||||||
/* openssl setup.. */
|
/* openssl setup.. */
|
||||||
OpenSSL_add_all_algorithms();
|
OpenSSL_add_all_algorithms();
|
||||||
|
|
||||||
|
sign_file(state, args_info.input_arg, args_info.output_arg, args_info.slot_orig,
|
||||||
|
args_info.algorithm_arg, args_info.hash_arg, verbosity);
|
||||||
|
|
||||||
ykpiv_done(state);
|
ykpiv_done(state);
|
||||||
EVP_cleanup();
|
EVP_cleanup();
|
||||||
return ret;
|
return ret;
|
||||||
|
|||||||
@@ -43,6 +43,7 @@
|
|||||||
#include <openssl/pkcs12.h>
|
#include <openssl/pkcs12.h>
|
||||||
#include <openssl/rand.h>
|
#include <openssl/rand.h>
|
||||||
|
|
||||||
|
#include "cmdline.h"
|
||||||
#include "util.h"
|
#include "util.h"
|
||||||
|
|
||||||
/* FASC-N containing S9999F9999F999999F0F1F0000000000300001E encoded in
|
/* FASC-N containing S9999F9999F999999F0F1F0000000000300001E encoded in
|
||||||
|
|||||||
Reference in New Issue
Block a user