prompt for key on stdin if -a is given without key

diff --git a/ykpers-args.c b/ykpers-args.c
index a6d109633775d0dfb5e8859819e04b749d7692e9..5d3f910bc5039c184792690e5ab5e934d5c23f6f 100644 (file)
--- a/ykpers-args.c
+++ b/ykpers-args.c
@@ -67,8 +67,8 @@ const char *usage =
 "-iFILE    read configuration from FILE.\n"
 "          (if FILE is -, read from stdin)\n"
 "-fformat  set the data format for -s and -i valid values are ycfg or legacy.\n"
-"-aXXX..   The AES secret key as a 32 (or 40 for OATH-HOTP/HMAC CHAL-RESP)\n"
-"          char hex value (not modhex)\n"
+"-a[XXX..] The AES secret key as a 32 (or 40 for OATH-HOTP/HMAC CHAL-RESP)\n"
+"          char hex value (not modhex) (none to prompt for key on stdin)\n"
 "-cXXX..   A 12 char hex value (not modhex) to use as access code for programming\n"
 "          (this does NOT SET the access code, that's done with -oaccess=)\n"
 "-nXXX..   Write NDEF URI to YubiKey NEO, must be used with -1 or -2\n"
@@ -157,7 +157,7 @@ const char *usage =
 "-V        tool version\n"
 "-h        help (this text)\n"
 ;
-const char *optstring = "u12xza:c:n:t:hi:o:s:f:dvym:S::V";
+const char *optstring = "u12xza::c:n:t:hi:o:s:f:dvym:S::V";
 
 static int _set_fixed(char *opt, YKP_CONFIG *cfg);
 static int _format_decimal_as_hex(uint8_t *dst, size_t dst_len, uint8_t *src);
@@ -232,7 +232,7 @@ int args_to_config(int argc, char **argv, YKP_CONFIG *cfg, YK_KEY *yk,
                   bool *autocommit, char **salt,
                   YK_STATUS *st, bool *verbose, bool *dry_run,
                   unsigned char *access_code, bool *use_access_code,
-                  bool *aesviahash, char *ndef_type, char *ndef,
+                  char *keylocation, char *ndef_type, char *ndef,
                   unsigned char *usb_mode, bool *zap,
                   unsigned char *scan_bin, unsigned char *cr_timeout,
                   unsigned char *autoeject_timeout, int *num_modes_seen,
@@ -381,8 +381,12 @@ int args_to_config(int argc, char **argv, YKP_CONFIG *cfg, YK_KEY *yk,
                        }
                        break;
                case 'a':
-                       *aesviahash = true;
-                       aeshash = optarg;
+                       if(optarg) {
+                               aeshash = optarg;
+                               *keylocation = 1;
+                       } else {
+                               *keylocation = 2;
+                       }
                        break;
                case 'c': {
                        size_t access_code_len = 0;
@@ -708,7 +712,7 @@ int args_to_config(int argc, char **argv, YKP_CONFIG *cfg, YK_KEY *yk,
                }
        }
 
-       if (*aesviahash) {
+       if (*keylocation == 1) {
                bool long_key_valid = false;
                int res = 0;
 

diff --git a/ykpers-args.h b/ykpers-args.h
index 2d3b54267834c9e75c7ad580570affec1b8644d6..bf07eddb154aa27dec5b10a54c92211056ffccc8 100644 (file)
--- a/ykpers-args.h
+++ b/ykpers-args.h
@@ -39,7 +39,7 @@ int args_to_config(int argc, char **argv, YKP_CONFIG *cfg, YK_KEY *yk,
                   bool *autocommit, char **salt,
                   YK_STATUS *st, bool *verbose, bool *dry_run,
                   unsigned char *access_code, bool *use_access_code,
-                  bool *aesviahash, char *ndef_type, char *ndef, unsigned char *usb_mode, 
+                  char *keylocation, char *ndef_type, char *ndef, unsigned char *usb_mode,
                   bool *zap, unsigned char *scan_bin, unsigned char *cr_timeout,
                   unsigned char *autoeject_timeout, int *num_modes_seen, int *exit_code);
 

diff --git a/ykpersonalize.c b/ykpersonalize.c
index 9985930ea5a4c27e716b2d7d8fe4d38c2042ac61..bf54a4f1a8f4fd2d7ee0e635b6e30d70397cb85c 100644 (file)
--- a/ykpersonalize.c
+++ b/ykpersonalize.c
@@ -47,7 +47,7 @@ int main(int argc, char **argv)
        FILE *outf = NULL; const char *outfname = NULL;
        int data_format = YKP_FORMAT_LEGACY;
        bool verbose = false;
-       bool aesviahash = false;
+       char keylocation = 0;
        bool use_access_code = false;
        unsigned char access_code[256];
        unsigned char scan_codes[sizeof(SCAN_MAP)];
@@ -127,7 +127,7 @@ int main(int argc, char **argv)
                             &autocommit, &salt,
                             st, &verbose, &dry_run,
                             access_code, &use_access_code,
-                            &aesviahash, &ndef_type, ndef_string,
+                            &keylocation, &ndef_type, ndef_string,
                             &usb_mode, &zap, scan_codes, &cr_timeout,
                             &autoeject_timeout, &num_modes_seen, &exit_code)) {
                goto err;
@@ -186,22 +186,42 @@ int main(int argc, char **argv)
                        goto err;
                if (!ykp_import_config(cfg, data, strlen(data), data_format))
                        goto err;
-       } else if (! aesviahash && ! zap && (ykp_command(cfg) == SLOT_CONFIG || ykp_command(cfg) == SLOT_CONFIG2)) {
-               char passphrasebuf[256]; size_t passphraselen;
-               fprintf(stderr, "Passphrase to create AES key: ");
-               fflush(stderr);
-               if (!fgets(passphrasebuf, sizeof(passphrasebuf), stdin))
-               {
-                       perror ("fgets");
-                       exit_code = 1;
+       } else if (! zap && (ykp_command(cfg) == SLOT_CONFIG || ykp_command(cfg) == SLOT_CONFIG2)) {
+               char keybuf[42]; size_t keylen;
+               if(keylocation == 2) {
+                       bool long_key = false;
+                       if((ykp_get_tktflag_OATH_HOTP(cfg) && !ykp_get_cfgflag_CHAL_YUBICO(cfg)) ||
+                                       (ykp_get_tktflag_CHAL_RESP(cfg) && ykp_get_cfgflag_CHAL_HMAC(cfg))) {
+                               long_key = true;
+                               fprintf(stderr, " HMAC key, up to 20 bytes (40 characters hex) : ");
+                       } else {
+                               fprintf(stderr, " AES key, 16 bytes (32 characters hex) : ");
+                       }
+                       fflush(stderr);
+                       if(!fgets(keybuf, sizeof(keybuf), stdin)) {
+                               printf("error?\n");
+                               perror ("fgets");
+                               exit_code = 1;
+                               goto err;
+                       }
+                       keylen = strnlen(keybuf, sizeof(keybuf));
+                       if(keybuf[keylen - 1] == '\n') {
+                               keybuf[keylen - 1] = '\0';
+                       }
+                       if(long_key) {
+                               if(ykp_HMAC_key_from_hex(cfg, keybuf)) {
+                                       goto err;
+                               }
+                       } else {
+                               if(ykp_AES_key_from_hex(cfg, keybuf)) {
+                                       goto err;
+                               }
+                       }
+               } else if(keylocation == 0) {
+                       /* TODO: random */
+                       ykp_errno = YKP_ENOTYETIMPL;
                        goto err;
                }
-               passphraselen = strlen(passphrasebuf);
-               if (passphrasebuf[passphraselen - 1] == '\n')
-                       passphrasebuf[passphraselen - 1] = '\0';
-               if (!ykp_AES_key_from_passphrase(cfg,
-                                                passphrasebuf, salt))
-                       goto err;
        }
 
        if (outf) {