--------------------------------------
Jakob Ehrensvärd <jakob@yubico.com>
+
+Patches
+-------
+
+Lester Hightower, 10East" <lester.hightower@gmail.com>
+Added ykp_AES_key_from_hex and ykpersonalize -a parameter.
\ No newline at end of file
+Yubikey-personalize NEWS -- History of user-visible changes. -*- outline -*-
+
+* Version 1.0 (unreleased)
+
+** Initial release.
/* -*- mode:C; c-file-style: "bsd" -*- */
/*
- * Copyright (c) 2008, Yubico AB
+ * Copyright (c) 2008, 2009, Yubico AB
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
return 0;
}
+static int hex_to_binary(const char *data, char *dest)
+{
+ char value;
+ int desti=0;
+ char hexstr[3]="xx";
+
+/* We only allow an even number of hex digits (full bytes) */
+ if (strlen(data) % 2) {
+ return 0;
+ }
+
+/* Convert the hex to binary. */
+ while (*data != '\0' && hexstr[1] != '\0') {
+ int i;
+ for (i=0; i<2; i++) {
+ char c; c=tolower(*data);
+ hexstr[i]=c;
+ data++;
+/* In ASCII, 0-9 == 48-57 and a-f == 97-102. */
+ if ( (c<48||(c>57 && c<97)||c>102) && (i!=0 && c!='\0') ) {
+ return 0; /* Not a valid hex digit */
+ }
+ }
+ dest[desti] = (char)strtol(hexstr, NULL, 16);
+ desti+=sizeof(char);
+ }
+
+/* Tack a NULL on the end then return the number of bytes
+ in the converted binary _minus_ the NULL. */
+ dest[desti] = '\0';
+ return desti;
+}
+
+int ykp_AES_key_from_hex(CONFIG *cfg, const char *hexkey) {
+ char aesbin[256];
+ unsigned long int aeslong;
+
+/* Make sure that the hexkey is exactly 32 characters */
+ if (strlen(hexkey) != 32) {
+ return 1; /* Bad AES key */
+ }
+
+/* Make sure that the hexkey is made up of only [0-9a-f] */
+ int i;
+ for (i=0; i < strlen(hexkey); i++) {
+ char c = tolower(hexkey[i]);
+/* In ASCII, 0-9 == 48-57 and a-f == 97-102 */
+ if ( c<48 || (c>57 && c<97) || c>102 ) {
+ return 1;
+ }
+ }
+
+ hex_to_binary(hexkey, aesbin);
+ memcpy(cfg->key, aesbin, sizeof(cfg->key));
+
+ return 0;
+}
+
int ykp_AES_key_from_passphrase(CONFIG *cfg, const char *passphrase,
const char *salt)
{
/* -*- mode:C; c-file-style: "bsd" -*- */
/*
- * Copyright (c) 2008, Yubico AB
+ * Copyright (c) 2008, 2009, Yubico AB
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
CONFIG *ykp_create_config(void);
int ykp_free_config(CONFIG *cfg);
+int ykp_AES_key_from_hex(CONFIG *cfg, const char *hexkey);
int ykp_AES_key_from_passphrase(CONFIG *cfg, const char *passphrase,
const char *salt);
int ykp_set_access_code(CONFIG *cfg, unsigned char *access_code);
/* -*- mode:C; c-file-style: "bsd" -*- */
/*
- * Copyright (c) 2008, Yubico AB
+ * Copyright (c) 2008, 2009, Yubico AB
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
" (if file is -, send to stdout)\n"
"-ifile read configuration from file.\n"
" (if file is -, read from stdin)\n"
+"-aaeshex A 32 char hex value (not modhex) of a fixed AES key to use\n"
"-ooption change configuration option. Possible option arguments are:\n"
" salt=ssssssss Salt to be used for key generation. If\n"
" none is given, a unique random one will be\n"
"-v verbose\n"
"-h help (this text)\n"
;
-const char *optstring = "hi:o:s:v";
+const char *optstring = "a:hi:o:s:v";
static int reader(char *buf, size_t count, void *stream)
{
FILE *inf = NULL; const char *infname = NULL;
FILE *outf = NULL; const char *outfname = NULL;
bool verbose = false;
+ bool aesviahash = false; const char *aeshash = NULL;
YUBIKEY *yk = NULL;
CONFIG *cfg = ykp_create_config();
STATUS *st = ykds_alloc();
case 's':
outfname = optarg;
break;
+ case 'a':
+ aesviahash = true;
+ aeshash = optarg;
+ break;
case 'o':
if (strncmp(optarg, "salt=", 5) == 0)
salt = strdup(optarg+5);
if (inf) {
if (!ykp_read_config(cfg, reader, inf))
break;
+ } else if (aesviahash) {
+ if (ykp_AES_key_from_hex(cfg, aeshash)) {
+ fprintf(stderr, "Bad AES key: %s\n", aeshash);
+ fflush(stderr);
+ break;
+ }
} else {
char passphrasebuf[256]; size_t passphraselen;
fprintf(stderr, "Passphrase to create AES key: ");
projects / yubikey-personalization.old / commitdiff