Commit Graph

199 Commits

Author SHA1 Message Date
Dave Pate b2dd16deb4 lib: clear buffers containing key material 2019-04-03 09:45:53 +02:00
Dave Pate 28189201a4 lib: use secure zero memory platform functions 2019-04-03 09:45:49 +02:00
Dave Pate 2e72c8f85c lib: resolves potential reads of uninitialized data 2019-04-03 09:45:44 +02:00
Stacey Sheldon 811ddbb22d CHUID: fix the encoding of the FASC-N data element in the CHUID
This is the hard-coded FASC-N field being used by yubico-piv-tool
  [9999-9999-999999-0-1-0000000000300001]
  S9999F9999F999999F0F1F0000000000300001E

It should be encoded as this sequence of 5-bit values
 11010 (SS)
   10011 10011 10011 10011 (9999)
 10110 (FS)
   10011 10011 10011 10011 (9999)
 10110 (FS)
   10011 10011 10011 10011 10011 10011 (999999)
 10110 (FS)
   00001 (0)
 10110 (FS)
   10000 (1)
 10110 (FS)
   00001 00001 00001 00001 00001 00001 00001 00001 00001 00001 (0000000000)
   11001 (3)
   00001 00001 00001 00001 (0000)
   10000 (1)
 11111 (ES)
 01011 (LRC)

This packs into this 25-byte (200-bit) sequence of hex bytes:
 d4 e7 39 da 73 9c ed 39 ce 73 9d 83 68 58 21 08
 42 10 84 21 c8 42 10 c3 eb
2019-01-01 01:43:51 -05:00
Dave Pate cbd5ba5122 libykpiv/piv-tool 1.6.3
lib: promote get_serial to base API
lib: add ykpiv_get_serial to external API
tool: add serial number/version to status command
build: fix msvc build of case insensitive-reader (missing strncasecmp and cast warnings)
lib: consolidate neo/yk4 + yk5 serial number routines
lib: fix GCC 8 compilier warnings
lib: reimplement deauthenticate to select mgmt aid
build: disable -Waggregate-return
lib: fix warning differences between gcc and msvc
lib: add option to disable implicit card transactions
lib: remove application reselect prior to crypt operations
build: fix msvc warnings wrt length checking logic fixes
lib: fix error condition logic in untransacted internal functions
lib: create internal transactionless ykpiv_transfer_data
2018-09-14 14:29:39 -07:00
Klas Lindfors 6e51db8c80 lib: make the reader comparison case-insensitive
sadly strcasestr is a GNU/BSD extension, not part of posix so we have to
do our own thing here or do different things on different platforms.
2018-09-07 12:57:10 +02:00
Klas Lindfors 16d539041e ykpiv: when decoding an object compare lengths correctly
the length comparison when reading an object out was messed up, this
fixes it to compare correctly.

relates #154
2018-08-16 14:25:31 +02:00
Klas Lindfors c15efbfdd7 ykpiv: fix length when encoding exactly 0xff bytes
this should be encoded as 81 ff, not 82 00 ff

relates #154
2018-08-16 14:25:14 +02:00
Jakub Jelen d613b42b0c Avoid unused variables and warnings when building against OpenSSL 1.1 2018-08-08 16:12:25 +02:00
Klas Lindfors 80d47c82f0 lib: in _ykpiv_fetch_object() handle bogus length by returning
otherwise we might memmove() to much data

Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.
2018-08-03 10:51:46 +02:00
Klas Lindfors 01a127a44a lib: in ykpiv_transfer_data() handle overflow by exiting
this is detected and printed, but we never exit the function

Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.
2018-08-03 10:51:00 +02:00
Dave Pate 775eaacc9f Merge upstream master commits 2018-03-05 11:32:25 -08:00
Dave Pate b98f97ef62 Fixes linux/osx build warnings
Clarify logic for configuration file
2018-03-05 11:28:52 -08:00
Jakub Jelen bbd92009fc libcheck 0.9 compatibility for RHEL7 2018-02-27 15:40:31 +01:00
Jakub Jelen dfca8e2e55 Remove unused variables 2018-02-27 15:40:31 +01:00
Jakub Jelen f5c42cef89 Do not build test if HW_TESTS is not enabled (to avoid warnings) 2018-02-10 19:35:12 +01:00
Dave Pate 0b2dcb0aaf Fix msvc build warning re: return values 2018-02-09 09:14:45 -08:00
Dave Pate 9783f9b626 Fix warnings in msvc build 2018-02-09 09:03:10 -08:00
Dave Pate 289896ac61 Add syslog/windows event log output
Read multistage configuration
Update ROCA mitigation check and warnings
2018-02-09 08:28:51 -08:00
Trevor Bentley c9f4d684d1 Support specifying custom PCSC lib 2018-01-24 15:44:22 +01:00
Trevor Bentley d5d953be95 Use library dependencies for openssl compat layer 2017-11-29 09:47:45 +00:00
Trevor Bentley 20a5ecce0f Fix OpenSSL 1.1 build with mingw32/64 2017-11-27 11:27:11 +01:00
Trevor Bentley 7ca0267ddf Fix OpenSSL 1.1 compat layer
- Changes for latest ykpiv_util refactor
 - Passes hw tests with openssl 1.0 and 1.1
 - Passes valgrind
2017-11-21 17:08:38 +01:00
Trevor Bentley 6a34b6ef96 Fix cross-compiling for mingw64 2017-11-17 16:13:15 +01:00
Trevor Bentley aa3b69926b Doxygen documentation for ykpiv_util_* API. 2017-11-08 11:38:27 +01:00
Trevor Bentley 3ce4f0ccae Clean up typos, warnings, and incorrect libtool age. 2017-11-08 11:11:45 +01:00
Trevor Bentley 366de02ab1 Organize ykpiv.h, update NEWS file for 1.5.0 2017-11-03 16:15:13 +01:00
Trevor Bentley c6abe7ac6d Add integration test for PIN cache 2017-11-03 13:39:23 +01:00
Trevor Bentley 7818b49e7d Skip unusable integration tests when testing a NEO 2017-10-31 15:40:51 +01:00
Trevor Bentley c939cff518 Allow changing libykpiv compile-time ifdefs from CFLAGS 2017-10-31 12:34:15 +01:00
Trevor Bentley 252226220a Disable ensure_application_selected() by default, since it breaks PIN policy. 2017-10-31 12:29:16 +01:00
Trevor Bentley 4eb6f1b193 Fix build on Linux
Signed-off-by: Trevor Bentley <trevor@yubico.com>
2017-10-26 17:03:35 +02:00
Dave Pate 999312e6b5 api: use uintptr_t for architecture specific handle sizes 2017-10-26 14:09:09 +02:00
Trevor Bentley a7eb0657f1 Fix compile time warnings about -no-install on Darwin/clang 2017-10-26 12:37:05 +02:00
Trevor Bentley 05ac49abbb Suppress sscanf_s error on Windows 2017-10-25 16:19:13 +02:00
Trevor Bentley edda816abe Remove accidental printf 2017-10-25 16:18:53 +02:00
Trevor Bentley c2f86d0a0f Move YK4 insecure on-chip key generation prevention from yubico-piv-tool to libykpiv 2017-10-24 15:59:44 +02:00
Trevor Bentley 15f533d7de Move hardware tests to "make hwtest", with one warning for all test suites.
- "make check" will mark destructive tests as skipped
- "make hwtest" will ask once for user confirmation
2017-10-24 15:10:45 +02:00
Trevor Bentley 4dffc0fa6a Bump libykpiv version to 1.5.0 2017-10-23 16:27:09 +02:00
Trevor Bentley b3cbfb5560 Some documentation and cleanup of ykpiv.h 2017-10-23 16:26:25 +02:00
Trevor Bentley 58abe404f3 Generate Doxygen docs for libykpiv if doxygen is available. 2017-10-23 16:26:23 +02:00
Trevor Bentley 935e05485a Use openssl implementation of DES_is_weak_key on non-Windows, and add unit test. 2017-10-23 16:26:20 +02:00
Trevor Bentley 27933eaff8 Fix applet selection for whole public API. 2017-10-23 16:26:17 +02:00
Trevor Bentley c07355fefb Fix unit tests for NEO: use ECCP256 and detect attestation errors 2017-10-23 16:26:14 +02:00
Trevor Bentley aa293dcc31 Fix PIN length handling in ykpiv_verify*() 2017-10-23 16:26:08 +02:00
Trevor Bentley de065ae36e Rename util.c test suite to api.c 2017-10-23 16:26:05 +02:00
Trevor Bentley f903a432e3 Backport minidriver changes
* Port ykpiv_auth_getchallenge and ykpiv_auth_verifyresponse
 - Commit 8fde607b50b19c57a662c53c6b276b54a78606d8
 - Commit 6046b98e477cfef59a590ce2177336d694813e7e
 - Commit 422cea11745dc67d15039e242ed21ecb5208ae55
 - Commit 1d31647e5a27bd2df6bda76512c7d673980f0bec
* Rename connect2() and done2() to connect_with_external_card(), etc.
* Select applet in ykpiv_change_pin, change_puk, and unblock_pin
2017-10-23 16:26:02 +02:00
Trevor Bentley 9a7ccf48fa Fix all clang scan-build warnings 2017-10-23 16:25:56 +02:00
Trevor Bentley 90209997cc Unit test for ykpiv_attest() 2017-10-23 16:25:53 +02:00
Trevor Bentley 79464a3d3e Use slot enum consistently. Move slot->object translation into libykpiv. 2017-10-23 16:25:47 +02:00