Merge branch 'master' into development
Conflicts: NEWS configure.ac
This commit is contained in:
+6
-5
@@ -1,4 +1,7 @@
|
|||||||
language: c
|
language: c
|
||||||
|
os:
|
||||||
|
- osx
|
||||||
|
- linux
|
||||||
compiler:
|
compiler:
|
||||||
- gcc
|
- gcc
|
||||||
- clang
|
- clang
|
||||||
@@ -6,16 +9,14 @@ env:
|
|||||||
- EXTRA=libpcsclite-dev
|
- EXTRA=libpcsclite-dev
|
||||||
script:
|
script:
|
||||||
- ./build-and-test.sh
|
- ./build-and-test.sh
|
||||||
before_install:
|
|
||||||
- sudo apt-get update -qq
|
|
||||||
- sudo apt-get remove -qq -y $REMOVE
|
|
||||||
- sudo apt-get autoremove -qq
|
|
||||||
- sudo apt-get install -qq -y gengetopt help2man $EXTRA
|
|
||||||
matrix:
|
matrix:
|
||||||
include:
|
include:
|
||||||
- compiler: gcc
|
- compiler: gcc
|
||||||
|
os: linux
|
||||||
env: EXTRA="wine mingw-w64 mingw-w64-dev" REMOVE=mingw32 ARCH=32
|
env: EXTRA="wine mingw-w64 mingw-w64-dev" REMOVE=mingw32 ARCH=32
|
||||||
- compiler: gcc
|
- compiler: gcc
|
||||||
|
os: linux
|
||||||
env: EXTRA="wine mingw-w64 mingw-w64-dev" REMOVE=mingw32 ARCH=64
|
env: EXTRA="wine mingw-w64 mingw-w64-dev" REMOVE=mingw32 ARCH=64
|
||||||
- compiler: gcc
|
- compiler: gcc
|
||||||
|
os: linux
|
||||||
env: COVERAGE="--enable-coverage" EXTRA="libpcsclite-dev lcov"
|
env: COVERAGE="--enable-coverage" EXTRA="libpcsclite-dev lcov"
|
||||||
|
|||||||
@@ -4,6 +4,14 @@ yubico-piv-tool NEWS -- History of user-visible changes. -*- outline -*-
|
|||||||
|
|
||||||
** Support for YubiKey 4 stuff
|
** Support for YubiKey 4 stuff
|
||||||
|
|
||||||
|
* Version 1.0.3 (released 2015-10-01)
|
||||||
|
|
||||||
|
** Correct wording on unblock-pin action.
|
||||||
|
|
||||||
|
** Show pin retries correctly.
|
||||||
|
|
||||||
|
** Use a bigger buffer for receiving data.
|
||||||
|
|
||||||
* Version 1.0.2 (released 2015-09-04)
|
* Version 1.0.2 (released 2015-09-04)
|
||||||
|
|
||||||
** Query for different passwords/pins on stdin if they're not supplied.
|
** Query for different passwords/pins on stdin if they're not supplied.
|
||||||
|
|||||||
+20
-2
@@ -4,13 +4,31 @@ set -e
|
|||||||
|
|
||||||
autoreconf -i
|
autoreconf -i
|
||||||
|
|
||||||
|
if [ "x$TRAVIS_OS_NAME" != "xosx" ]; then
|
||||||
|
sudo apt-get update -qq
|
||||||
|
sudo apt-get remove -qq -y $REMOVE
|
||||||
|
sudo apt-get autoremove -qq
|
||||||
|
sudo apt-get install -qq -y gengetopt help2man $EXTRA
|
||||||
|
TAR=tar
|
||||||
|
else
|
||||||
|
ARCH=osx
|
||||||
|
brew update
|
||||||
|
brew install help2man
|
||||||
|
brew install pkg-config
|
||||||
|
brew install gengetopt
|
||||||
|
brew install gnu-tar
|
||||||
|
TAR=gtar
|
||||||
|
fi
|
||||||
if [ "x$ARCH" != "x" ]; then
|
if [ "x$ARCH" != "x" ]; then
|
||||||
version=`cat NEWS | grep unreleased | cut -d' ' -f3`
|
version=`cat NEWS | grep unreleased | cut -d' ' -f3`
|
||||||
set +e
|
set +e
|
||||||
tar --exclude .git --transform="s/^\./yubico-piv-tool-${version}/" -czf yubico-piv-tool-${version}.tar.gz .
|
$TAR --exclude .git --transform="s/^\./yubico-piv-tool-${version}/" -czf yubico-piv-tool-${version}.tar.gz .
|
||||||
set -e
|
set -e
|
||||||
|
if [ "x$ARCH" != "xosx" ]; then
|
||||||
make -f windows.mk ${ARCH}bit VERSION=$version
|
make -f windows.mk ${ARCH}bit VERSION=$version
|
||||||
|
else
|
||||||
|
make -f mac.mk mac VERSION=$version
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
./configure $COVERAGE
|
./configure $COVERAGE
|
||||||
make check
|
make check
|
||||||
|
|||||||
+5
-2
@@ -81,13 +81,16 @@ fi
|
|||||||
|
|
||||||
if test "x$with_backend" = xcheck; then
|
if test "x$with_backend" = xcheck; then
|
||||||
AC_CHECK_HEADERS([PCSC/winscard.h])
|
AC_CHECK_HEADERS([PCSC/winscard.h])
|
||||||
|
AC_CHECK_HEADERS([winscard.h])
|
||||||
AC_MSG_CHECKING([between Mac/Windows winscard])
|
AC_MSG_CHECKING([between Mac/Windows winscard])
|
||||||
if test "x$ac_cv_header_PCSC_winscard_h" = xyes; then
|
if test "x$ac_cv_header_PCSC_winscard_h" = xyes; then
|
||||||
with_backend=macscard
|
with_backend=macscard
|
||||||
AC_MSG_RESULT([Mac])
|
AC_MSG_RESULT([Mac])
|
||||||
else
|
elif test "x$ac_cv_header_winscard_h" = xyes; then
|
||||||
with_backend=winscard
|
with_backend=winscard
|
||||||
AC_MSG_RESULT([Windows])
|
AC_MSG_RESULT([Windows])
|
||||||
|
else
|
||||||
|
AC_MSG_RESULT([no])
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@@ -122,7 +125,7 @@ if test "x$with_backend" = xpcsc || test "x$with_backend" = xwinscard \
|
|||||||
|| test "x$with_backend" = xmacscard; then
|
|| test "x$with_backend" = xmacscard; then
|
||||||
AC_DEFINE([BACKEND_PCSC], 1, [Define to 1 if you the PCSC backend.])
|
AC_DEFINE([BACKEND_PCSC], 1, [Define to 1 if you the PCSC backend.])
|
||||||
else
|
else
|
||||||
AC_MSG_ERROR([cannot find PCSC/winscard library/headers])
|
AC_MSG_ERROR([cannot find PCSC library])
|
||||||
fi
|
fi
|
||||||
|
|
||||||
AC_ARG_ENABLE([coverage],
|
AC_ARG_ENABLE([coverage],
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
Introduction to the YubiKey NEO PIV Applet
|
Introduction to the YubiKey NEO PIV Applet
|
||||||
==========================================
|
==========================================
|
||||||
|
|
||||||
The YubiKey NEO supports the Privilege and Identification Card (PIV)
|
The YubiKey NEO supports the Personal Identity Verification (PIV) card
|
||||||
interface specified in NIST SP 800-73 document "Cryptographic
|
interface specified in NIST SP 800-73 document "Cryptographic
|
||||||
Algorithms and Key Sizes for PIV". This enables you to perform RSA or
|
Algorithms and Key Sizes for PIV". This enables you to perform RSA or
|
||||||
ECC sign/decrypt operations using a private key stored on the
|
ECC sign/decrypt operations using a private key stored on the
|
||||||
|
|||||||
@@ -34,4 +34,4 @@ LDADD = ../libykpiv.la
|
|||||||
check_PROGRAMS = basic parse_key
|
check_PROGRAMS = basic parse_key
|
||||||
TESTS = $(check_PROGRAMS)
|
TESTS = $(check_PROGRAMS)
|
||||||
|
|
||||||
TESTS_ENVIRONMENT = $(VALGRIND)
|
LOG_COMPILER = $(VALGRIND)
|
||||||
|
|||||||
+9
-9
@@ -260,8 +260,8 @@ ykpiv_rc ykpiv_transfer_data(ykpiv_state *state, const unsigned char *templ,
|
|||||||
}
|
}
|
||||||
do {
|
do {
|
||||||
size_t this_size = 0xff;
|
size_t this_size = 0xff;
|
||||||
unsigned long recv_len = 0xff;
|
unsigned char data[261];
|
||||||
unsigned char data[0xff];
|
unsigned long recv_len = sizeof(data);
|
||||||
APDU apdu;
|
APDU apdu;
|
||||||
|
|
||||||
memset(apdu.raw, 0, sizeof(apdu.raw));
|
memset(apdu.raw, 0, sizeof(apdu.raw));
|
||||||
@@ -297,8 +297,8 @@ ykpiv_rc ykpiv_transfer_data(ykpiv_state *state, const unsigned char *templ,
|
|||||||
} while(in_ptr < in_data + in_len);
|
} while(in_ptr < in_data + in_len);
|
||||||
while(*sw >> 8 == 0x61) {
|
while(*sw >> 8 == 0x61) {
|
||||||
APDU apdu;
|
APDU apdu;
|
||||||
unsigned long recv_len = 0xff;
|
unsigned char data[261];
|
||||||
unsigned char data[0xff];
|
unsigned long recv_len = sizeof(data);
|
||||||
|
|
||||||
if(state->verbose > 2) {
|
if(state->verbose > 2) {
|
||||||
fprintf(stderr, "The card indicates there is %d bytes more data for us.\n", *sw & 0xff);
|
fprintf(stderr, "The card indicates there is %d bytes more data for us.\n", *sw & 0xff);
|
||||||
@@ -364,7 +364,7 @@ static ykpiv_rc send_data(ykpiv_state *state, APDU *apdu,
|
|||||||
|
|
||||||
ykpiv_rc ykpiv_authenticate(ykpiv_state *state, unsigned const char *key) {
|
ykpiv_rc ykpiv_authenticate(ykpiv_state *state, unsigned const char *key) {
|
||||||
APDU apdu;
|
APDU apdu;
|
||||||
unsigned char data[0xff];
|
unsigned char data[261];
|
||||||
DES_cblock challenge;
|
DES_cblock challenge;
|
||||||
unsigned long recv_len = sizeof(data);
|
unsigned long recv_len = sizeof(data);
|
||||||
int sw;
|
int sw;
|
||||||
@@ -407,7 +407,7 @@ ykpiv_rc ykpiv_authenticate(ykpiv_state *state, unsigned const char *key) {
|
|||||||
DES_cblock response;
|
DES_cblock response;
|
||||||
DES_ecb3_encrypt(&challenge, &response, &ks1, &ks2, &ks3, 0);
|
DES_ecb3_encrypt(&challenge, &response, &ks1, &ks2, &ks3, 0);
|
||||||
|
|
||||||
recv_len = 0xff;
|
recv_len = sizeof(data);
|
||||||
memset(apdu.raw, 0, sizeof(apdu));
|
memset(apdu.raw, 0, sizeof(apdu));
|
||||||
apdu.st.ins = YKPIV_INS_AUTHENTICATE;
|
apdu.st.ins = YKPIV_INS_AUTHENTICATE;
|
||||||
apdu.st.p1 = YKPIV_ALGO_3DES; /* triple des */
|
apdu.st.p1 = YKPIV_ALGO_3DES; /* triple des */
|
||||||
@@ -454,7 +454,7 @@ ykpiv_rc ykpiv_set_mgmkey(ykpiv_state *state, const unsigned char *new_key) {
|
|||||||
|
|
||||||
ykpiv_rc ykpiv_set_mgmkey2(ykpiv_state *state, const unsigned char *new_key, const unsigned char touch) {
|
ykpiv_rc ykpiv_set_mgmkey2(ykpiv_state *state, const unsigned char *new_key, const unsigned char touch) {
|
||||||
APDU apdu;
|
APDU apdu;
|
||||||
unsigned char data[0xff];
|
unsigned char data[261];
|
||||||
unsigned long recv_len = sizeof(data);
|
unsigned long recv_len = sizeof(data);
|
||||||
int sw;
|
int sw;
|
||||||
size_t i;
|
size_t i;
|
||||||
@@ -651,7 +651,7 @@ ykpiv_rc ykpiv_decipher_data(ykpiv_state *state, const unsigned char *in,
|
|||||||
|
|
||||||
ykpiv_rc ykpiv_get_version(ykpiv_state *state, char *version, size_t len) {
|
ykpiv_rc ykpiv_get_version(ykpiv_state *state, char *version, size_t len) {
|
||||||
APDU apdu;
|
APDU apdu;
|
||||||
unsigned char data[0xff];
|
unsigned char data[261];
|
||||||
unsigned long recv_len = sizeof(data);
|
unsigned long recv_len = sizeof(data);
|
||||||
int sw;
|
int sw;
|
||||||
ykpiv_rc res;
|
ykpiv_rc res;
|
||||||
@@ -673,7 +673,7 @@ ykpiv_rc ykpiv_get_version(ykpiv_state *state, char *version, size_t len) {
|
|||||||
|
|
||||||
ykpiv_rc ykpiv_verify(ykpiv_state *state, const char *pin, int *tries) {
|
ykpiv_rc ykpiv_verify(ykpiv_state *state, const char *pin, int *tries) {
|
||||||
APDU apdu;
|
APDU apdu;
|
||||||
unsigned char data[0xff];
|
unsigned char data[261];
|
||||||
unsigned long recv_len = sizeof(data);
|
unsigned long recv_len = sizeof(data);
|
||||||
int sw;
|
int sw;
|
||||||
size_t len = 0;
|
size_t len = 0;
|
||||||
|
|||||||
@@ -61,7 +61,7 @@ doit:
|
|||||||
tar xfz $(PACKAGE)-$(VERSION).tar.gz && \
|
tar xfz $(PACKAGE)-$(VERSION).tar.gz && \
|
||||||
cd $(PACKAGE)-$(VERSION)/ && \
|
cd $(PACKAGE)-$(VERSION)/ && \
|
||||||
PKG_CONFIG_PATH=$(PWD)/tmp/root/lib/pkgconfig ./configure --prefix=$(PWD)/tmp/root && \
|
PKG_CONFIG_PATH=$(PWD)/tmp/root/lib/pkgconfig ./configure --prefix=$(PWD)/tmp/root && \
|
||||||
make install check && \
|
make install $(CHECK) && \
|
||||||
chmod u+w $(PWD)/tmp/root/lib/libcrypto.1.0.0.dylib && \
|
chmod u+w $(PWD)/tmp/root/lib/libcrypto.1.0.0.dylib && \
|
||||||
install_name_tool -id @executable_path/../lib/libcrypto.1.0.0.dylib $(PWD)/tmp/root/lib/libcrypto.1.0.0.dylib && \
|
install_name_tool -id @executable_path/../lib/libcrypto.1.0.0.dylib $(PWD)/tmp/root/lib/libcrypto.1.0.0.dylib && \
|
||||||
install_name_tool -id @executable_path/../lib/libykpiv.1.dylib $(PWD)/tmp/root/lib/libykpiv.1.dylib && \
|
install_name_tool -id @executable_path/../lib/libykpiv.1.dylib $(PWD)/tmp/root/lib/libykpiv.1.dylib && \
|
||||||
|
|||||||
+1
-1
@@ -27,7 +27,7 @@
|
|||||||
|
|
||||||
option "verbose" v "Print more information" int optional default="0" argoptional
|
option "verbose" v "Print more information" int optional default="0" argoptional
|
||||||
option "reader" r "Only use a matching reader" string optional default="Yubikey"
|
option "reader" r "Only use a matching reader" string optional default="Yubikey"
|
||||||
option "key" k "Authentication key to use" string optional default="010203040506070801020304050607080102030405060708"
|
option "key" k "Authentication key to use" string optional default="010203040506070801020304050607080102030405060708" argoptional
|
||||||
option "action" a "Action to take" values="version","generate","set-mgm-key",
|
option "action" a "Action to take" values="version","generate","set-mgm-key",
|
||||||
"reset","pin-retries","import-key","import-certificate","set-chuid",
|
"reset","pin-retries","import-key","import-certificate","set-chuid",
|
||||||
"request-certificate","verify-pin","change-pin","change-puk","unblock-pin",
|
"request-certificate","verify-pin","change-pin","change-puk","unblock-pin",
|
||||||
|
|||||||
@@ -26,7 +26,8 @@
|
|||||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
||||||
TESTS_ENVIRONMENT = export VERSION=$(PACKAGE_VERSION); export EXEEXT=$(EXEEXT);
|
TESTS_ENVIRONMENT = export VERSION=$(PACKAGE_VERSION); export EXEEXT=$(EXEEXT);
|
||||||
TESTS_ENVIRONMENT += $(VALGRIND)
|
|
||||||
|
LOG_COMPILER = $(VALGRIND)
|
||||||
|
|
||||||
AM_CFLAGS = $(WARN_CFLAGS)
|
AM_CFLAGS = $(WARN_CFLAGS)
|
||||||
AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_builddir)/lib
|
AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_builddir)/lib
|
||||||
|
|||||||
+12
-3
@@ -943,7 +943,7 @@ static bool change_pin(ykpiv_state *state, enum enum_action action, const char *
|
|||||||
char pinbuf[9] = {0};
|
char pinbuf[9] = {0};
|
||||||
char new_pinbuf[9] = {0};
|
char new_pinbuf[9] = {0};
|
||||||
const char *name = action == action_arg_changeMINUS_pin ? "pin" : "puk";
|
const char *name = action == action_arg_changeMINUS_pin ? "pin" : "puk";
|
||||||
const char *new_name = action == action_arg_changeMINUS_pin ? "new pin" : "new puk";
|
const char *new_name = action == action_arg_changeMINUS_puk ? "new puk" : "new pin";
|
||||||
int sw;
|
int sw;
|
||||||
size_t pin_len;
|
size_t pin_len;
|
||||||
size_t new_len;
|
size_t new_len;
|
||||||
@@ -986,7 +986,7 @@ static bool change_pin(ykpiv_state *state, enum enum_action action, const char *
|
|||||||
return false;
|
return false;
|
||||||
} else if(sw != 0x9000) {
|
} else if(sw != 0x9000) {
|
||||||
if((sw >> 8) == 0x63) {
|
if((sw >> 8) == 0x63) {
|
||||||
int tries = sw & 0xff;
|
int tries = sw & 0xf;
|
||||||
fprintf(stderr, "Failed verifying %s code, now %d tries left before blocked.\n",
|
fprintf(stderr, "Failed verifying %s code, now %d tries left before blocked.\n",
|
||||||
name, tries);
|
name, tries);
|
||||||
} else if(sw == 0x6983) {
|
} else if(sw == 0x6983) {
|
||||||
@@ -1708,7 +1708,16 @@ int main(int argc, char *argv[]) {
|
|||||||
if(needs_auth) {
|
if(needs_auth) {
|
||||||
unsigned char key[KEY_LEN];
|
unsigned char key[KEY_LEN];
|
||||||
size_t key_len = sizeof(key);
|
size_t key_len = sizeof(key);
|
||||||
if(ykpiv_hex_decode(args_info.key_arg, strlen(args_info.key_arg), key, &key_len) != YKPIV_OK) {
|
char keybuf[KEY_LEN*2+1];
|
||||||
|
char *key_ptr = args_info.key_arg;
|
||||||
|
if(args_info.key_given && args_info.key_orig == NULL) {
|
||||||
|
if(!read_pw("management key", keybuf, sizeof(keybuf), false)) {
|
||||||
|
fprintf(stderr, "Failed to read management key from stdin,\n");
|
||||||
|
return EXIT_FAILURE;
|
||||||
|
}
|
||||||
|
key_ptr = keybuf;
|
||||||
|
}
|
||||||
|
if(ykpiv_hex_decode(key_ptr, strlen(key_ptr), key, &key_len) != YKPIV_OK) {
|
||||||
fprintf(stderr, "Failed decoding key!\n");
|
fprintf(stderr, "Failed decoding key!\n");
|
||||||
return EXIT_FAILURE;
|
return EXIT_FAILURE;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user