Merge branch 'master' into development

Conflicts:
	NEWS
	configure.ac
This commit is contained in:
Klas Lindfors
2015-10-20 20:48:57 +02:00
11 changed files with 67 additions and 27 deletions
+6 -5
View File
@@ -1,4 +1,7 @@
language: c language: c
os:
- osx
- linux
compiler: compiler:
- gcc - gcc
- clang - clang
@@ -6,16 +9,14 @@ env:
- EXTRA=libpcsclite-dev - EXTRA=libpcsclite-dev
script: script:
- ./build-and-test.sh - ./build-and-test.sh
before_install:
- sudo apt-get update -qq
- sudo apt-get remove -qq -y $REMOVE
- sudo apt-get autoremove -qq
- sudo apt-get install -qq -y gengetopt help2man $EXTRA
matrix: matrix:
include: include:
- compiler: gcc - compiler: gcc
os: linux
env: EXTRA="wine mingw-w64 mingw-w64-dev" REMOVE=mingw32 ARCH=32 env: EXTRA="wine mingw-w64 mingw-w64-dev" REMOVE=mingw32 ARCH=32
- compiler: gcc - compiler: gcc
os: linux
env: EXTRA="wine mingw-w64 mingw-w64-dev" REMOVE=mingw32 ARCH=64 env: EXTRA="wine mingw-w64 mingw-w64-dev" REMOVE=mingw32 ARCH=64
- compiler: gcc - compiler: gcc
os: linux
env: COVERAGE="--enable-coverage" EXTRA="libpcsclite-dev lcov" env: COVERAGE="--enable-coverage" EXTRA="libpcsclite-dev lcov"
+8
View File
@@ -4,6 +4,14 @@ yubico-piv-tool NEWS -- History of user-visible changes. -*- outline -*-
** Support for YubiKey 4 stuff ** Support for YubiKey 4 stuff
* Version 1.0.3 (released 2015-10-01)
** Correct wording on unblock-pin action.
** Show pin retries correctly.
** Use a bigger buffer for receiving data.
* Version 1.0.2 (released 2015-09-04) * Version 1.0.2 (released 2015-09-04)
** Query for different passwords/pins on stdin if they're not supplied. ** Query for different passwords/pins on stdin if they're not supplied.
+20 -2
View File
@@ -4,13 +4,31 @@ set -e
autoreconf -i autoreconf -i
if [ "x$TRAVIS_OS_NAME" != "xosx" ]; then
sudo apt-get update -qq
sudo apt-get remove -qq -y $REMOVE
sudo apt-get autoremove -qq
sudo apt-get install -qq -y gengetopt help2man $EXTRA
TAR=tar
else
ARCH=osx
brew update
brew install help2man
brew install pkg-config
brew install gengetopt
brew install gnu-tar
TAR=gtar
fi
if [ "x$ARCH" != "x" ]; then if [ "x$ARCH" != "x" ]; then
version=`cat NEWS | grep unreleased | cut -d' ' -f3` version=`cat NEWS | grep unreleased | cut -d' ' -f3`
set +e set +e
tar --exclude .git --transform="s/^\./yubico-piv-tool-${version}/" -czf yubico-piv-tool-${version}.tar.gz . $TAR --exclude .git --transform="s/^\./yubico-piv-tool-${version}/" -czf yubico-piv-tool-${version}.tar.gz .
set -e set -e
if [ "x$ARCH" != "xosx" ]; then
make -f windows.mk ${ARCH}bit VERSION=$version make -f windows.mk ${ARCH}bit VERSION=$version
else
make -f mac.mk mac VERSION=$version
fi
else else
./configure $COVERAGE ./configure $COVERAGE
make check make check
+5 -2
View File
@@ -81,13 +81,16 @@ fi
if test "x$with_backend" = xcheck; then if test "x$with_backend" = xcheck; then
AC_CHECK_HEADERS([PCSC/winscard.h]) AC_CHECK_HEADERS([PCSC/winscard.h])
AC_CHECK_HEADERS([winscard.h])
AC_MSG_CHECKING([between Mac/Windows winscard]) AC_MSG_CHECKING([between Mac/Windows winscard])
if test "x$ac_cv_header_PCSC_winscard_h" = xyes; then if test "x$ac_cv_header_PCSC_winscard_h" = xyes; then
with_backend=macscard with_backend=macscard
AC_MSG_RESULT([Mac]) AC_MSG_RESULT([Mac])
else elif test "x$ac_cv_header_winscard_h" = xyes; then
with_backend=winscard with_backend=winscard
AC_MSG_RESULT([Windows]) AC_MSG_RESULT([Windows])
else
AC_MSG_RESULT([no])
fi fi
fi fi
@@ -122,7 +125,7 @@ if test "x$with_backend" = xpcsc || test "x$with_backend" = xwinscard \
|| test "x$with_backend" = xmacscard; then || test "x$with_backend" = xmacscard; then
AC_DEFINE([BACKEND_PCSC], 1, [Define to 1 if you the PCSC backend.]) AC_DEFINE([BACKEND_PCSC], 1, [Define to 1 if you the PCSC backend.])
else else
AC_MSG_ERROR([cannot find PCSC/winscard library/headers]) AC_MSG_ERROR([cannot find PCSC library])
fi fi
AC_ARG_ENABLE([coverage], AC_ARG_ENABLE([coverage],
+1 -1
View File
@@ -1,7 +1,7 @@
Introduction to the YubiKey NEO PIV Applet Introduction to the YubiKey NEO PIV Applet
========================================== ==========================================
The YubiKey NEO supports the Privilege and Identification Card (PIV) The YubiKey NEO supports the Personal Identity Verification (PIV) card
interface specified in NIST SP 800-73 document "Cryptographic interface specified in NIST SP 800-73 document "Cryptographic
Algorithms and Key Sizes for PIV". This enables you to perform RSA or Algorithms and Key Sizes for PIV". This enables you to perform RSA or
ECC sign/decrypt operations using a private key stored on the ECC sign/decrypt operations using a private key stored on the
+1 -1
View File
@@ -34,4 +34,4 @@ LDADD = ../libykpiv.la
check_PROGRAMS = basic parse_key check_PROGRAMS = basic parse_key
TESTS = $(check_PROGRAMS) TESTS = $(check_PROGRAMS)
TESTS_ENVIRONMENT = $(VALGRIND) LOG_COMPILER = $(VALGRIND)
+9 -9
View File
@@ -260,8 +260,8 @@ ykpiv_rc ykpiv_transfer_data(ykpiv_state *state, const unsigned char *templ,
} }
do { do {
size_t this_size = 0xff; size_t this_size = 0xff;
unsigned long recv_len = 0xff; unsigned char data[261];
unsigned char data[0xff]; unsigned long recv_len = sizeof(data);
APDU apdu; APDU apdu;
memset(apdu.raw, 0, sizeof(apdu.raw)); memset(apdu.raw, 0, sizeof(apdu.raw));
@@ -297,8 +297,8 @@ ykpiv_rc ykpiv_transfer_data(ykpiv_state *state, const unsigned char *templ,
} while(in_ptr < in_data + in_len); } while(in_ptr < in_data + in_len);
while(*sw >> 8 == 0x61) { while(*sw >> 8 == 0x61) {
APDU apdu; APDU apdu;
unsigned long recv_len = 0xff; unsigned char data[261];
unsigned char data[0xff]; unsigned long recv_len = sizeof(data);
if(state->verbose > 2) { if(state->verbose > 2) {
fprintf(stderr, "The card indicates there is %d bytes more data for us.\n", *sw & 0xff); fprintf(stderr, "The card indicates there is %d bytes more data for us.\n", *sw & 0xff);
@@ -364,7 +364,7 @@ static ykpiv_rc send_data(ykpiv_state *state, APDU *apdu,
ykpiv_rc ykpiv_authenticate(ykpiv_state *state, unsigned const char *key) { ykpiv_rc ykpiv_authenticate(ykpiv_state *state, unsigned const char *key) {
APDU apdu; APDU apdu;
unsigned char data[0xff]; unsigned char data[261];
DES_cblock challenge; DES_cblock challenge;
unsigned long recv_len = sizeof(data); unsigned long recv_len = sizeof(data);
int sw; int sw;
@@ -407,7 +407,7 @@ ykpiv_rc ykpiv_authenticate(ykpiv_state *state, unsigned const char *key) {
DES_cblock response; DES_cblock response;
DES_ecb3_encrypt(&challenge, &response, &ks1, &ks2, &ks3, 0); DES_ecb3_encrypt(&challenge, &response, &ks1, &ks2, &ks3, 0);
recv_len = 0xff; recv_len = sizeof(data);
memset(apdu.raw, 0, sizeof(apdu)); memset(apdu.raw, 0, sizeof(apdu));
apdu.st.ins = YKPIV_INS_AUTHENTICATE; apdu.st.ins = YKPIV_INS_AUTHENTICATE;
apdu.st.p1 = YKPIV_ALGO_3DES; /* triple des */ apdu.st.p1 = YKPIV_ALGO_3DES; /* triple des */
@@ -454,7 +454,7 @@ ykpiv_rc ykpiv_set_mgmkey(ykpiv_state *state, const unsigned char *new_key) {
ykpiv_rc ykpiv_set_mgmkey2(ykpiv_state *state, const unsigned char *new_key, const unsigned char touch) { ykpiv_rc ykpiv_set_mgmkey2(ykpiv_state *state, const unsigned char *new_key, const unsigned char touch) {
APDU apdu; APDU apdu;
unsigned char data[0xff]; unsigned char data[261];
unsigned long recv_len = sizeof(data); unsigned long recv_len = sizeof(data);
int sw; int sw;
size_t i; size_t i;
@@ -651,7 +651,7 @@ ykpiv_rc ykpiv_decipher_data(ykpiv_state *state, const unsigned char *in,
ykpiv_rc ykpiv_get_version(ykpiv_state *state, char *version, size_t len) { ykpiv_rc ykpiv_get_version(ykpiv_state *state, char *version, size_t len) {
APDU apdu; APDU apdu;
unsigned char data[0xff]; unsigned char data[261];
unsigned long recv_len = sizeof(data); unsigned long recv_len = sizeof(data);
int sw; int sw;
ykpiv_rc res; ykpiv_rc res;
@@ -673,7 +673,7 @@ ykpiv_rc ykpiv_get_version(ykpiv_state *state, char *version, size_t len) {
ykpiv_rc ykpiv_verify(ykpiv_state *state, const char *pin, int *tries) { ykpiv_rc ykpiv_verify(ykpiv_state *state, const char *pin, int *tries) {
APDU apdu; APDU apdu;
unsigned char data[0xff]; unsigned char data[261];
unsigned long recv_len = sizeof(data); unsigned long recv_len = sizeof(data);
int sw; int sw;
size_t len = 0; size_t len = 0;
+1 -1
View File
@@ -61,7 +61,7 @@ doit:
tar xfz $(PACKAGE)-$(VERSION).tar.gz && \ tar xfz $(PACKAGE)-$(VERSION).tar.gz && \
cd $(PACKAGE)-$(VERSION)/ && \ cd $(PACKAGE)-$(VERSION)/ && \
PKG_CONFIG_PATH=$(PWD)/tmp/root/lib/pkgconfig ./configure --prefix=$(PWD)/tmp/root && \ PKG_CONFIG_PATH=$(PWD)/tmp/root/lib/pkgconfig ./configure --prefix=$(PWD)/tmp/root && \
make install check && \ make install $(CHECK) && \
chmod u+w $(PWD)/tmp/root/lib/libcrypto.1.0.0.dylib && \ chmod u+w $(PWD)/tmp/root/lib/libcrypto.1.0.0.dylib && \
install_name_tool -id @executable_path/../lib/libcrypto.1.0.0.dylib $(PWD)/tmp/root/lib/libcrypto.1.0.0.dylib && \ install_name_tool -id @executable_path/../lib/libcrypto.1.0.0.dylib $(PWD)/tmp/root/lib/libcrypto.1.0.0.dylib && \
install_name_tool -id @executable_path/../lib/libykpiv.1.dylib $(PWD)/tmp/root/lib/libykpiv.1.dylib && \ install_name_tool -id @executable_path/../lib/libykpiv.1.dylib $(PWD)/tmp/root/lib/libykpiv.1.dylib && \
+1 -1
View File
@@ -27,7 +27,7 @@
option "verbose" v "Print more information" int optional default="0" argoptional option "verbose" v "Print more information" int optional default="0" argoptional
option "reader" r "Only use a matching reader" string optional default="Yubikey" option "reader" r "Only use a matching reader" string optional default="Yubikey"
option "key" k "Authentication key to use" string optional default="010203040506070801020304050607080102030405060708" option "key" k "Authentication key to use" string optional default="010203040506070801020304050607080102030405060708" argoptional
option "action" a "Action to take" values="version","generate","set-mgm-key", option "action" a "Action to take" values="version","generate","set-mgm-key",
"reset","pin-retries","import-key","import-certificate","set-chuid", "reset","pin-retries","import-key","import-certificate","set-chuid",
"request-certificate","verify-pin","change-pin","change-puk","unblock-pin", "request-certificate","verify-pin","change-pin","change-puk","unblock-pin",
+2 -1
View File
@@ -26,7 +26,8 @@
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
TESTS_ENVIRONMENT = export VERSION=$(PACKAGE_VERSION); export EXEEXT=$(EXEEXT); TESTS_ENVIRONMENT = export VERSION=$(PACKAGE_VERSION); export EXEEXT=$(EXEEXT);
TESTS_ENVIRONMENT += $(VALGRIND)
LOG_COMPILER = $(VALGRIND)
AM_CFLAGS = $(WARN_CFLAGS) AM_CFLAGS = $(WARN_CFLAGS)
AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_builddir)/lib AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_builddir)/lib
+12 -3
View File
@@ -943,7 +943,7 @@ static bool change_pin(ykpiv_state *state, enum enum_action action, const char *
char pinbuf[9] = {0}; char pinbuf[9] = {0};
char new_pinbuf[9] = {0}; char new_pinbuf[9] = {0};
const char *name = action == action_arg_changeMINUS_pin ? "pin" : "puk"; const char *name = action == action_arg_changeMINUS_pin ? "pin" : "puk";
const char *new_name = action == action_arg_changeMINUS_pin ? "new pin" : "new puk"; const char *new_name = action == action_arg_changeMINUS_puk ? "new puk" : "new pin";
int sw; int sw;
size_t pin_len; size_t pin_len;
size_t new_len; size_t new_len;
@@ -986,7 +986,7 @@ static bool change_pin(ykpiv_state *state, enum enum_action action, const char *
return false; return false;
} else if(sw != 0x9000) { } else if(sw != 0x9000) {
if((sw >> 8) == 0x63) { if((sw >> 8) == 0x63) {
int tries = sw & 0xff; int tries = sw & 0xf;
fprintf(stderr, "Failed verifying %s code, now %d tries left before blocked.\n", fprintf(stderr, "Failed verifying %s code, now %d tries left before blocked.\n",
name, tries); name, tries);
} else if(sw == 0x6983) { } else if(sw == 0x6983) {
@@ -1708,7 +1708,16 @@ int main(int argc, char *argv[]) {
if(needs_auth) { if(needs_auth) {
unsigned char key[KEY_LEN]; unsigned char key[KEY_LEN];
size_t key_len = sizeof(key); size_t key_len = sizeof(key);
if(ykpiv_hex_decode(args_info.key_arg, strlen(args_info.key_arg), key, &key_len) != YKPIV_OK) { char keybuf[KEY_LEN*2+1];
char *key_ptr = args_info.key_arg;
if(args_info.key_given && args_info.key_orig == NULL) {
if(!read_pw("management key", keybuf, sizeof(keybuf), false)) {
fprintf(stderr, "Failed to read management key from stdin,\n");
return EXIT_FAILURE;
}
key_ptr = keybuf;
}
if(ykpiv_hex_decode(key_ptr, strlen(key_ptr), key, &key_len) != YKPIV_OK) {
fprintf(stderr, "Failed decoding key!\n"); fprintf(stderr, "Failed decoding key!\n");
return EXIT_FAILURE; return EXIT_FAILURE;
} }