From: Simon Josefsson Date: Thu, 30 Apr 2009 13:57:58 +0000 (+0000) Subject: Added ykp_AES_key_from_hex and ykpersonalize -a parameter. X-Git-Tag: yubikey-personalisation_1.3.5-1~4^2~178 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=660b4b751b119f4ab0d15ac909214663df811588;p=yubikey-personalization.old Added ykp_AES_key_from_hex and ykpersonalize -a parameter. From Lester Hightower, 10East" . --- diff --git a/AUTHORS b/AUTHORS index f256156..91fbab4 100644 --- a/AUTHORS +++ b/AUTHORS @@ -8,3 +8,9 @@ Common files (the common subdirectory) -------------------------------------- Jakob Ehrensvärd + +Patches +------- + +Lester Hightower, 10East" +Added ykp_AES_key_from_hex and ykpersonalize -a parameter. \ No newline at end of file diff --git a/NEWS b/NEWS index e69de29..0763d39 100644 --- a/NEWS +++ b/NEWS @@ -0,0 +1,5 @@ +Yubikey-personalize NEWS -- History of user-visible changes. -*- outline -*- + +* Version 1.0 (unreleased) + +** Initial release. diff --git a/ykpers.c b/ykpers.c index 7a23f46..abaccc7 100644 --- a/ykpers.c +++ b/ykpers.c @@ -1,6 +1,6 @@ /* -*- mode:C; c-file-style: "bsd" -*- */ /* - * Copyright (c) 2008, Yubico AB + * Copyright (c) 2008, 2009, Yubico AB * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -69,6 +69,64 @@ int ykp_free_config(CONFIG *cfg) return 0; } +static int hex_to_binary(const char *data, char *dest) +{ + char value; + int desti=0; + char hexstr[3]="xx"; + +/* We only allow an even number of hex digits (full bytes) */ + if (strlen(data) % 2) { + return 0; + } + +/* Convert the hex to binary. */ + while (*data != '\0' && hexstr[1] != '\0') { + int i; + for (i=0; i<2; i++) { + char c; c=tolower(*data); + hexstr[i]=c; + data++; +/* In ASCII, 0-9 == 48-57 and a-f == 97-102. */ + if ( (c<48||(c>57 && c<97)||c>102) && (i!=0 && c!='\0') ) { + return 0; /* Not a valid hex digit */ + } + } + dest[desti] = (char)strtol(hexstr, NULL, 16); + desti+=sizeof(char); + } + +/* Tack a NULL on the end then return the number of bytes + in the converted binary _minus_ the NULL. */ + dest[desti] = '\0'; + return desti; +} + +int ykp_AES_key_from_hex(CONFIG *cfg, const char *hexkey) { + char aesbin[256]; + unsigned long int aeslong; + +/* Make sure that the hexkey is exactly 32 characters */ + if (strlen(hexkey) != 32) { + return 1; /* Bad AES key */ + } + +/* Make sure that the hexkey is made up of only [0-9a-f] */ + int i; + for (i=0; i < strlen(hexkey); i++) { + char c = tolower(hexkey[i]); +/* In ASCII, 0-9 == 48-57 and a-f == 97-102 */ + if ( c<48 || (c>57 && c<97) || c>102 ) { + return 1; + } + } + + hex_to_binary(hexkey, aesbin); + memcpy(cfg->key, aesbin, sizeof(cfg->key)); + + return 0; +} + int ykp_AES_key_from_passphrase(CONFIG *cfg, const char *passphrase, const char *salt) { diff --git a/ykpers.h b/ykpers.h index ff8e1df..058c655 100644 --- a/ykpers.h +++ b/ykpers.h @@ -1,6 +1,6 @@ /* -*- mode:C; c-file-style: "bsd" -*- */ /* - * Copyright (c) 2008, Yubico AB + * Copyright (c) 2008, 2009, Yubico AB * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -36,6 +36,7 @@ CONFIG *ykp_create_config(void); int ykp_free_config(CONFIG *cfg); +int ykp_AES_key_from_hex(CONFIG *cfg, const char *hexkey); int ykp_AES_key_from_passphrase(CONFIG *cfg, const char *passphrase, const char *salt); int ykp_set_access_code(CONFIG *cfg, unsigned char *access_code); diff --git a/ykpersonalize.c b/ykpersonalize.c index 7e97db2..1aa4b1a 100644 --- a/ykpersonalize.c +++ b/ykpersonalize.c @@ -1,6 +1,6 @@ /* -*- mode:C; c-file-style: "bsd" -*- */ /* - * Copyright (c) 2008, Yubico AB + * Copyright (c) 2008, 2009, Yubico AB * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -44,6 +44,7 @@ const char *usage = " (if file is -, send to stdout)\n" "-ifile read configuration from file.\n" " (if file is -, read from stdin)\n" +"-aaeshex A 32 char hex value (not modhex) of a fixed AES key to use\n" "-ooption change configuration option. Possible option arguments are:\n" " salt=ssssssss Salt to be used for key generation. If\n" " none is given, a unique random one will be\n" @@ -68,7 +69,7 @@ const char *usage = "-v verbose\n" "-h help (this text)\n" ; -const char *optstring = "hi:o:s:v"; +const char *optstring = "a:hi:o:s:v"; static int reader(char *buf, size_t count, void *stream) { @@ -101,6 +102,7 @@ main(int argc, char **argv) FILE *inf = NULL; const char *infname = NULL; FILE *outf = NULL; const char *outfname = NULL; bool verbose = false; + bool aesviahash = false; const char *aeshash = NULL; YUBIKEY *yk = NULL; CONFIG *cfg = ykp_create_config(); STATUS *st = ykds_alloc(); @@ -124,6 +126,10 @@ main(int argc, char **argv) case 's': outfname = optarg; break; + case 'a': + aesviahash = true; + aeshash = optarg; + break; case 'o': if (strncmp(optarg, "salt=", 5) == 0) salt = strdup(optarg+5); @@ -238,6 +244,12 @@ main(int argc, char **argv) if (inf) { if (!ykp_read_config(cfg, reader, inf)) break; + } else if (aesviahash) { + if (ykp_AES_key_from_hex(cfg, aeshash)) { + fprintf(stderr, "Bad AES key: %s\n", aeshash); + fflush(stderr); + break; + } } else { char passphrasebuf[256]; size_t passphraselen; fprintf(stderr, "Passphrase to create AES key: ");