Merge branch 'master' into development
Conflicts: NEWS configure.ac
This commit is contained in:
+6
-5
@@ -1,4 +1,7 @@
|
||||
language: c
|
||||
os:
|
||||
- osx
|
||||
- linux
|
||||
compiler:
|
||||
- gcc
|
||||
- clang
|
||||
@@ -6,16 +9,14 @@ env:
|
||||
- EXTRA=libpcsclite-dev
|
||||
script:
|
||||
- ./build-and-test.sh
|
||||
before_install:
|
||||
- sudo apt-get update -qq
|
||||
- sudo apt-get remove -qq -y $REMOVE
|
||||
- sudo apt-get autoremove -qq
|
||||
- sudo apt-get install -qq -y gengetopt help2man $EXTRA
|
||||
matrix:
|
||||
include:
|
||||
- compiler: gcc
|
||||
os: linux
|
||||
env: EXTRA="wine mingw-w64 mingw-w64-dev" REMOVE=mingw32 ARCH=32
|
||||
- compiler: gcc
|
||||
os: linux
|
||||
env: EXTRA="wine mingw-w64 mingw-w64-dev" REMOVE=mingw32 ARCH=64
|
||||
- compiler: gcc
|
||||
os: linux
|
||||
env: COVERAGE="--enable-coverage" EXTRA="libpcsclite-dev lcov"
|
||||
|
||||
@@ -4,6 +4,14 @@ yubico-piv-tool NEWS -- History of user-visible changes. -*- outline -*-
|
||||
|
||||
** Support for YubiKey 4 stuff
|
||||
|
||||
* Version 1.0.3 (released 2015-10-01)
|
||||
|
||||
** Correct wording on unblock-pin action.
|
||||
|
||||
** Show pin retries correctly.
|
||||
|
||||
** Use a bigger buffer for receiving data.
|
||||
|
||||
* Version 1.0.2 (released 2015-09-04)
|
||||
|
||||
** Query for different passwords/pins on stdin if they're not supplied.
|
||||
|
||||
+20
-2
@@ -4,13 +4,31 @@ set -e
|
||||
|
||||
autoreconf -i
|
||||
|
||||
if [ "x$TRAVIS_OS_NAME" != "xosx" ]; then
|
||||
sudo apt-get update -qq
|
||||
sudo apt-get remove -qq -y $REMOVE
|
||||
sudo apt-get autoremove -qq
|
||||
sudo apt-get install -qq -y gengetopt help2man $EXTRA
|
||||
TAR=tar
|
||||
else
|
||||
ARCH=osx
|
||||
brew update
|
||||
brew install help2man
|
||||
brew install pkg-config
|
||||
brew install gengetopt
|
||||
brew install gnu-tar
|
||||
TAR=gtar
|
||||
fi
|
||||
if [ "x$ARCH" != "x" ]; then
|
||||
version=`cat NEWS | grep unreleased | cut -d' ' -f3`
|
||||
set +e
|
||||
tar --exclude .git --transform="s/^\./yubico-piv-tool-${version}/" -czf yubico-piv-tool-${version}.tar.gz .
|
||||
$TAR --exclude .git --transform="s/^\./yubico-piv-tool-${version}/" -czf yubico-piv-tool-${version}.tar.gz .
|
||||
set -e
|
||||
|
||||
if [ "x$ARCH" != "xosx" ]; then
|
||||
make -f windows.mk ${ARCH}bit VERSION=$version
|
||||
else
|
||||
make -f mac.mk mac VERSION=$version
|
||||
fi
|
||||
else
|
||||
./configure $COVERAGE
|
||||
make check
|
||||
|
||||
+5
-2
@@ -81,13 +81,16 @@ fi
|
||||
|
||||
if test "x$with_backend" = xcheck; then
|
||||
AC_CHECK_HEADERS([PCSC/winscard.h])
|
||||
AC_CHECK_HEADERS([winscard.h])
|
||||
AC_MSG_CHECKING([between Mac/Windows winscard])
|
||||
if test "x$ac_cv_header_PCSC_winscard_h" = xyes; then
|
||||
with_backend=macscard
|
||||
AC_MSG_RESULT([Mac])
|
||||
else
|
||||
elif test "x$ac_cv_header_winscard_h" = xyes; then
|
||||
with_backend=winscard
|
||||
AC_MSG_RESULT([Windows])
|
||||
else
|
||||
AC_MSG_RESULT([no])
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -122,7 +125,7 @@ if test "x$with_backend" = xpcsc || test "x$with_backend" = xwinscard \
|
||||
|| test "x$with_backend" = xmacscard; then
|
||||
AC_DEFINE([BACKEND_PCSC], 1, [Define to 1 if you the PCSC backend.])
|
||||
else
|
||||
AC_MSG_ERROR([cannot find PCSC/winscard library/headers])
|
||||
AC_MSG_ERROR([cannot find PCSC library])
|
||||
fi
|
||||
|
||||
AC_ARG_ENABLE([coverage],
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
Introduction to the YubiKey NEO PIV Applet
|
||||
==========================================
|
||||
|
||||
The YubiKey NEO supports the Privilege and Identification Card (PIV)
|
||||
The YubiKey NEO supports the Personal Identity Verification (PIV) card
|
||||
interface specified in NIST SP 800-73 document "Cryptographic
|
||||
Algorithms and Key Sizes for PIV". This enables you to perform RSA or
|
||||
ECC sign/decrypt operations using a private key stored on the
|
||||
|
||||
@@ -34,4 +34,4 @@ LDADD = ../libykpiv.la
|
||||
check_PROGRAMS = basic parse_key
|
||||
TESTS = $(check_PROGRAMS)
|
||||
|
||||
TESTS_ENVIRONMENT = $(VALGRIND)
|
||||
LOG_COMPILER = $(VALGRIND)
|
||||
|
||||
+9
-9
@@ -260,8 +260,8 @@ ykpiv_rc ykpiv_transfer_data(ykpiv_state *state, const unsigned char *templ,
|
||||
}
|
||||
do {
|
||||
size_t this_size = 0xff;
|
||||
unsigned long recv_len = 0xff;
|
||||
unsigned char data[0xff];
|
||||
unsigned char data[261];
|
||||
unsigned long recv_len = sizeof(data);
|
||||
APDU apdu;
|
||||
|
||||
memset(apdu.raw, 0, sizeof(apdu.raw));
|
||||
@@ -297,8 +297,8 @@ ykpiv_rc ykpiv_transfer_data(ykpiv_state *state, const unsigned char *templ,
|
||||
} while(in_ptr < in_data + in_len);
|
||||
while(*sw >> 8 == 0x61) {
|
||||
APDU apdu;
|
||||
unsigned long recv_len = 0xff;
|
||||
unsigned char data[0xff];
|
||||
unsigned char data[261];
|
||||
unsigned long recv_len = sizeof(data);
|
||||
|
||||
if(state->verbose > 2) {
|
||||
fprintf(stderr, "The card indicates there is %d bytes more data for us.\n", *sw & 0xff);
|
||||
@@ -364,7 +364,7 @@ static ykpiv_rc send_data(ykpiv_state *state, APDU *apdu,
|
||||
|
||||
ykpiv_rc ykpiv_authenticate(ykpiv_state *state, unsigned const char *key) {
|
||||
APDU apdu;
|
||||
unsigned char data[0xff];
|
||||
unsigned char data[261];
|
||||
DES_cblock challenge;
|
||||
unsigned long recv_len = sizeof(data);
|
||||
int sw;
|
||||
@@ -407,7 +407,7 @@ ykpiv_rc ykpiv_authenticate(ykpiv_state *state, unsigned const char *key) {
|
||||
DES_cblock response;
|
||||
DES_ecb3_encrypt(&challenge, &response, &ks1, &ks2, &ks3, 0);
|
||||
|
||||
recv_len = 0xff;
|
||||
recv_len = sizeof(data);
|
||||
memset(apdu.raw, 0, sizeof(apdu));
|
||||
apdu.st.ins = YKPIV_INS_AUTHENTICATE;
|
||||
apdu.st.p1 = YKPIV_ALGO_3DES; /* triple des */
|
||||
@@ -454,7 +454,7 @@ ykpiv_rc ykpiv_set_mgmkey(ykpiv_state *state, const unsigned char *new_key) {
|
||||
|
||||
ykpiv_rc ykpiv_set_mgmkey2(ykpiv_state *state, const unsigned char *new_key, const unsigned char touch) {
|
||||
APDU apdu;
|
||||
unsigned char data[0xff];
|
||||
unsigned char data[261];
|
||||
unsigned long recv_len = sizeof(data);
|
||||
int sw;
|
||||
size_t i;
|
||||
@@ -651,7 +651,7 @@ ykpiv_rc ykpiv_decipher_data(ykpiv_state *state, const unsigned char *in,
|
||||
|
||||
ykpiv_rc ykpiv_get_version(ykpiv_state *state, char *version, size_t len) {
|
||||
APDU apdu;
|
||||
unsigned char data[0xff];
|
||||
unsigned char data[261];
|
||||
unsigned long recv_len = sizeof(data);
|
||||
int sw;
|
||||
ykpiv_rc res;
|
||||
@@ -673,7 +673,7 @@ ykpiv_rc ykpiv_get_version(ykpiv_state *state, char *version, size_t len) {
|
||||
|
||||
ykpiv_rc ykpiv_verify(ykpiv_state *state, const char *pin, int *tries) {
|
||||
APDU apdu;
|
||||
unsigned char data[0xff];
|
||||
unsigned char data[261];
|
||||
unsigned long recv_len = sizeof(data);
|
||||
int sw;
|
||||
size_t len = 0;
|
||||
|
||||
@@ -61,7 +61,7 @@ doit:
|
||||
tar xfz $(PACKAGE)-$(VERSION).tar.gz && \
|
||||
cd $(PACKAGE)-$(VERSION)/ && \
|
||||
PKG_CONFIG_PATH=$(PWD)/tmp/root/lib/pkgconfig ./configure --prefix=$(PWD)/tmp/root && \
|
||||
make install check && \
|
||||
make install $(CHECK) && \
|
||||
chmod u+w $(PWD)/tmp/root/lib/libcrypto.1.0.0.dylib && \
|
||||
install_name_tool -id @executable_path/../lib/libcrypto.1.0.0.dylib $(PWD)/tmp/root/lib/libcrypto.1.0.0.dylib && \
|
||||
install_name_tool -id @executable_path/../lib/libykpiv.1.dylib $(PWD)/tmp/root/lib/libykpiv.1.dylib && \
|
||||
|
||||
+1
-1
@@ -27,7 +27,7 @@
|
||||
|
||||
option "verbose" v "Print more information" int optional default="0" argoptional
|
||||
option "reader" r "Only use a matching reader" string optional default="Yubikey"
|
||||
option "key" k "Authentication key to use" string optional default="010203040506070801020304050607080102030405060708"
|
||||
option "key" k "Authentication key to use" string optional default="010203040506070801020304050607080102030405060708" argoptional
|
||||
option "action" a "Action to take" values="version","generate","set-mgm-key",
|
||||
"reset","pin-retries","import-key","import-certificate","set-chuid",
|
||||
"request-certificate","verify-pin","change-pin","change-puk","unblock-pin",
|
||||
|
||||
@@ -26,7 +26,8 @@
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
TESTS_ENVIRONMENT = export VERSION=$(PACKAGE_VERSION); export EXEEXT=$(EXEEXT);
|
||||
TESTS_ENVIRONMENT += $(VALGRIND)
|
||||
|
||||
LOG_COMPILER = $(VALGRIND)
|
||||
|
||||
AM_CFLAGS = $(WARN_CFLAGS)
|
||||
AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_builddir)/lib
|
||||
|
||||
+12
-3
@@ -943,7 +943,7 @@ static bool change_pin(ykpiv_state *state, enum enum_action action, const char *
|
||||
char pinbuf[9] = {0};
|
||||
char new_pinbuf[9] = {0};
|
||||
const char *name = action == action_arg_changeMINUS_pin ? "pin" : "puk";
|
||||
const char *new_name = action == action_arg_changeMINUS_pin ? "new pin" : "new puk";
|
||||
const char *new_name = action == action_arg_changeMINUS_puk ? "new puk" : "new pin";
|
||||
int sw;
|
||||
size_t pin_len;
|
||||
size_t new_len;
|
||||
@@ -986,7 +986,7 @@ static bool change_pin(ykpiv_state *state, enum enum_action action, const char *
|
||||
return false;
|
||||
} else if(sw != 0x9000) {
|
||||
if((sw >> 8) == 0x63) {
|
||||
int tries = sw & 0xff;
|
||||
int tries = sw & 0xf;
|
||||
fprintf(stderr, "Failed verifying %s code, now %d tries left before blocked.\n",
|
||||
name, tries);
|
||||
} else if(sw == 0x6983) {
|
||||
@@ -1708,7 +1708,16 @@ int main(int argc, char *argv[]) {
|
||||
if(needs_auth) {
|
||||
unsigned char key[KEY_LEN];
|
||||
size_t key_len = sizeof(key);
|
||||
if(ykpiv_hex_decode(args_info.key_arg, strlen(args_info.key_arg), key, &key_len) != YKPIV_OK) {
|
||||
char keybuf[KEY_LEN*2+1];
|
||||
char *key_ptr = args_info.key_arg;
|
||||
if(args_info.key_given && args_info.key_orig == NULL) {
|
||||
if(!read_pw("management key", keybuf, sizeof(keybuf), false)) {
|
||||
fprintf(stderr, "Failed to read management key from stdin,\n");
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
key_ptr = keybuf;
|
||||
}
|
||||
if(ykpiv_hex_decode(key_ptr, strlen(key_ptr), key, &key_len) != YKPIV_OK) {
|
||||
fprintf(stderr, "Failed decoding key!\n");
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user