Commit Graph

93 Commits

Author SHA1 Message Date
Klas Lindfors 777b40b3c2 read key from stdin if no key is given as argument 2015-10-09 11:14:58 +02:00
Alessio Di Mauro 17ebced2e6 Mask more one pin change. 2015-09-24 14:20:25 +02:00
Klas Lindfors d30f6fc781 unblock-pin shouldn't tell you new puk 2015-09-16 14:32:30 +02:00
Steffan Karger 723fe2f405 Query for PIN/PUK/mgmt-key if not supplied on command line
Do not force a user to specify the PIN/PUK/mgmt-key on the command line.
Instead, query the user to supply them through stdin when required for
the requested operation.  This is both more user friendly and more
secure, since the secrets do not end up in the shell history and/or
visible to shoulder-surfers on the terminal.

Signed-off-by: Steffan Karger <steffan@karger.me>
2015-08-12 23:05:44 +02:00
Klas Lindfors 8ece5ed26e drop unused variable
found with clang scan-build
2015-07-09 11:03:11 +02:00
Klas Lindfors 3b080dca45 relicense to 2-clause BSD license 2015-07-01 16:34:20 +02:00
Klas Lindfors 6b4b3001c4 verify that e is 0x10001 on import
fixes #13
2015-06-23 14:28:44 +02:00
Klas Lindfors 18e057e58c let RSA_public_encrypt() do the PKCS1 padding
noteworthy is that it will do pkcs1 type 2 padding
2015-05-19 15:11:30 +02:00
Klas Lindfors 3d0ff7b969 add a test-decipher command
test-decipher will for rsa do public encrypt on a random string and let
the key decrypt
for ec it will generate a new ec key and do ecdh and confirm it gets the
same answer back
2015-05-19 14:22:26 +02:00
Klas Lindfors 8ce4ab4997 add newline at end of output 2015-05-08 13:49:32 +02:00
Klas Lindfors a9c8cb9fd3 drop openssl/err.h again 2015-03-20 14:17:51 +01:00
Klas Lindfors 9db6d3d45a replace EVP_MD_CTX_verify() stuff with RSA_verify()/ECDSA_verify()
since the EVP_MD_CTX stuff doesn't seem to exist on osx at all.
2015-03-20 14:04:26 +01:00
Klas Lindfors f204987941 add a test-signature action
that takes a certificate in and does a signature with the given slot,
then verifying that signature with the given certificate.
2015-03-20 10:04:58 +01:00
Klas Lindfors b1cda2ffce add missing }
that's why you should always build before push..
2015-03-19 15:52:20 +01:00
Klas Lindfors da1f61f23a move up validation of pin-retries parameters 2015-03-19 14:54:23 +01:00
Klas Lindfors c85fd4eaa8 move more validation of parameters together 2015-03-19 14:52:38 +01:00
Klas Lindfors 9124e82ea6 write version to output file 2015-03-19 14:43:13 +01:00
Klas Lindfors 635729f339 call get_algorithm() to get the algorithm
as it was already implemented..
2015-03-19 14:37:59 +01:00
Klas Lindfors 0f26a7c1e3 refactor dump_hex to drop some redundant code 2015-03-18 15:09:32 +01:00
Klas Lindfors cd1410a950 make parts of argument validation cleaner 2015-03-18 15:09:32 +01:00
Klas Lindfors 9b6bf1b737 write action name instead of number 2015-03-18 15:09:32 +01:00
Klas Lindfors ad3c92f7d2 break out after error 2015-03-17 15:00:54 +01:00
Klas Lindfors 340c898dcb print out slot/cert algorithm in status
relates #17
2015-03-17 14:20:13 +01:00
Klas Lindfors 26d5c23090 write CHUID in status
relates #17
2015-03-17 13:59:29 +01:00
Klas Lindfors 4552e8700c write out number of pin tries left
references #17
2015-03-17 13:54:50 +01:00
Klas Lindfors 572b3b1739 add status action and print certificate information
relates #17
2015-03-17 12:42:05 +01:00
Klas Lindfors e64952476d add a read-certificate action 2015-03-17 10:40:37 +01:00
Klas Lindfors f24b1d0c46 report error if setting a new key fails 2015-02-02 10:26:12 +01:00
Klas Lindfors 22d04fc1c8 return error properly on hex decode 2015-02-02 10:17:45 +01:00
Klas Lindfors 60c8b757ae use bounded scanf 2015-01-29 11:03:13 +01:00
Klas Lindfors 9046955606 drop unnecessary memset() 2015-01-29 11:03:13 +01:00
Thomas Westfeld 1b4ad6b8bd Fixed error when parameters in unblock-pin
when unblock-pin action is called without -P and -N parameter, the wrong
error is returned, saying that -P should be a pin, whereas in this
action it is a puk.
2015-01-18 22:35:35 +01:00
Klas Lindfors f69a4ff8f6 mark all bits of the signature as used
the first byte of a bit string marks how many bits should be
subtracted, make sure this doesn't get set.
2015-01-14 12:52:10 +01:00
Klas Lindfors f86ded25bf rip input_ready() and call isatty() instead
should be more portable (work on windows)
relates to #12
2015-01-12 21:20:15 +01:00
Klas Lindfors b1a673b1f9 try to discover if there is input waiting on stdin
otherwise give the user a hint
resolves #12
2015-01-12 16:27:13 +01:00
Simon Josefsson f84d332c15 Fix typo. 2015-01-08 15:25:27 +01:00
Klas Lindfors 31f6b61af0 add more feedback for successful actions 2014-12-17 15:37:46 +01:00
Klas Lindfors 458bde4bef diagnostic output for generate key 2014-12-17 09:54:06 +01:00
Klas Lindfors 7ef2015f38 switch diagnostic output to stderr 2014-12-17 09:53:24 +01:00
Klas Lindfors 368b527fa1 add DER format for certificate import 2014-12-05 11:10:33 +01:00
Klas Lindfors 36468219c2 check length of private key components before setting
the card functions only accepts key components of correct size
so here we add 0 before if they're shorter (usually one byte shorter)
thus fixing the issue where the card returned 6f00
2014-11-12 14:08:11 +01:00
Klas Lindfors cd4fdef2f7 cast cert_len to size_t shouldn't be negative here.
gets rid of warnings about int/size_t combinations
2014-11-10 10:12:01 +01:00
Klas Lindfors c14f53dfad check that stat completes correctly 2014-11-10 10:07:35 +01:00
Klas Lindfors 4fd1cf953e Merge branch 'master' of ssh://github.com/dwmw2/yubico-piv-tool 2014-11-10 09:54:09 +01:00
Klas Lindfors 7e0fdd8f9d correct offs for CHUID_GUID_OFFS and change verbose print to CHUID
CHUID_GUID_OFFS was 28 instead of 29, leading to invalid CHUID
verbose print said "setting GUID.." changing to CHUID

patch from Doug Engert
fixes #9
2014-11-10 09:49:54 +01:00
David Woodhouse 3dce5b06e0 Add support for compressed certificates
This could be more sophisticated — it could automatically compress
certificates if they are too large, instead of expecting the user to do
so manually. But this is a good start.
2014-11-07 19:55:08 +00:00
Klas Lindfors ccf9d01027 fix broken unblock-pin action
the unblock pin action misstakenly used pin reference 0x81 (unblock)
instead of 0x80 (pin)
2014-10-29 08:09:17 +01:00
Klas Lindfors 146fa881f2 add an error message for wrong key length 2014-10-28 08:37:53 +01:00
Daniel Barnes 61b0284c6d Check if new keys being set are the correct length, since longer or shorter keys yield inconsistant results 2014-10-28 08:36:37 +01:00
Klas Lindfors b16dce294d use EVP_MD_size() instead of EVP_MD_block_size()
actually gives correct size for the digest
2014-10-02 13:28:02 +02:00