From f1468a34e7be13749ee3e7e2e09517b0a0d302ac Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 26 Mar 2014 23:22:50 +0100 Subject: allow to set slot for specific Yubikey --- conf/ykfde.conf | 5 +++++ udev/ykfde.c | 36 +++++++++++++++++++++++++----------- 2 files changed, 30 insertions(+), 11 deletions(-) diff --git a/conf/ykfde.conf b/conf/ykfde.conf index 1989351..a65c7d8 100644 --- a/conf/ykfde.conf +++ b/conf/ykfde.conf @@ -1,3 +1,8 @@ +[general] # Specify what Yubikey slot to use for full disk encryption # The specified slot has to be configured for HMAC-SHA1. Slot = 2 + +# you can specify slot for one or more specific Yubikeys as well +#[1234567] +#Slot = 1 diff --git a/udev/ykfde.c b/udev/ykfde.c index d82e8a4..05c72b4 100644 --- a/udev/ykfde.c +++ b/udev/ykfde.c @@ -102,11 +102,13 @@ int main(int argc, char **argv) { /* Yubikey */ YK_KEY * yk; uint8_t slot = SLOT_CHAL_HMAC2; + unsigned int serial = 0; unsigned char response[SHA1_MAX_BLOCK_SIZE]; unsigned char response_hex[(SHA1_MAX_BLOCK_SIZE * 2) + 1]; char response_askpass[(SHA1_MAX_BLOCK_SIZE * 2) + 2]; /* iniparser */ dictionary * ini; + char section_serial[10 /* unsigned int in char */ + 5 /* ":Slot" */ + 1]; /* read challenge */ size_t fsize; char * challenge; @@ -147,11 +149,34 @@ int main(int argc, char **argv) { challenge[fsize] = 0; /* finished challenge */ + /* init and open Yubikey */ + if (!yk_init()) { + perror("yk_init() failed"); + goto out30; + } + + if ((yk = yk_open_first_key()) == NULL) { + perror("yk_open_first_key() failed"); + goto out40; + } + + /* read the serial number from key */ + if(!yk_get_serial(yk, 0, 0, &serial)) { + perror("yk_get_serial() failed"); + goto out40; + } + /* try to read config file * if anything here fails we do not care... slot 2 is the default */ if ((ini = iniparser_load(CONFIGFILE)) != NULL) { + /* first try the general setting */ slot = iniparser_getint(ini, "general:Slot", slot); + sprintf(section_serial, "%d:Slot", serial); + + /* then probe for setting with serial number */ + slot = iniparser_getint(ini, section_serial, slot); + switch (slot) { case '1': slot = SLOT_CHAL_HMAC1; @@ -164,17 +189,6 @@ int main(int argc, char **argv) { iniparser_freedict(ini); } - /* init and open Yubikey */ - if (!yk_init()) { - perror("yk_init() failed"); - goto out30; - } - - if ((yk = yk_open_first_key()) == NULL) { - perror("yk_open_first_key() failed"); - goto out40; - } - memset(response, 0, sizeof(response)); memset(response_hex, 0, sizeof(response_hex)); -- cgit v1.2.3-70-g09d2