1
0
mirror of https://github.com/Yubico/yubikey-ksm.git synced 2025-02-20 21:54:21 +01:00

Add checksum tool.

This commit is contained in:
Simon Josefsson 2010-03-03 14:20:45 +00:00
parent 996fb89128
commit 8b8530e61f
2 changed files with 115 additions and 1 deletions

View File

@ -30,7 +30,7 @@ VERSION = 1.3rc
PACKAGE = yubikey-ksm
CODE = .htaccess Makefile NEWS ykksm-config.php ykksm-db.sql \
ykksm-decrypt.php ykksm-export.pl ykksm-gen-keys.pl \
ykksm-import.pl ykksm-utils.php
ykksm-import.pl ykksm-utils.php ykksm-checksum.pl
DOCS = doc/DecryptionProtocol.wiki doc/DesignGoals.wiki \
doc/GenerateKeys.wiki doc/GenerateKSMKey.wiki \
doc/ImportKeysToKSM.wiki doc/Installation.wiki \
@ -56,6 +56,7 @@ install:
install -D ykksm-gen-keys.pl $(binprefix)/ykksm-gen-keys
install -D ykksm-import.pl $(binprefix)/ykksm-import
install -D ykksm-export.pl $(binprefix)/ykksm-export
install -D ykksm-checksum.pl $(binprefix)/ykksm-checksum
install -D --backup --mode 640 --group $(wwwgroup) ykksm-config.php $(etcprefix)/ykksm-config.php
install -D ykksm-db.sql $(docprefix)/ykksm-db.sql
install -D Makefile $(docprefix)/ykksm.mk

113
ykksm-checksum.pl Normal file
View File

@ -0,0 +1,113 @@
#!/usr/bin/perl
# Written by Simon Josefsson <simon@josefsson.org>.
# Copyright (c) 2010 Yubico AB
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
use strict;
use DBI;
use POSIX qw(strftime);
use Digest::SHA1;
sub usage {
print "Usage: $0 [--verbose] [--help]\n";
print " [--database DBI] [--db-user USER] [--db-passwd PASSWD]\n";
print "\n";
print "Print checksum of important database fields. Useful for quickly\n";
print "determining whether several KSMs are in sync.\n";
print "\n";
print " --database DBI: Database identifier, see http://dbi.perl.org/\n";
print " defaults to a MySQL database ykksm on localhost,\n";
print " i.e., dbi:mysql:ykksm. For PostgreSQL on the local\n";
print " host you can use 'DBI:Pg:dbname=ykksm;host=127.0.0.1'.\n";
print "\n";
print " --db-user USER: Database username to use, defaults to empty string.\n";
print "\n";
print " --db-passwd PASSWD: Database password to use, defaults to empty string.\n";
print "\n";
print "Usage example:\n";
print "\n";
print " ./ykksm-checksum.pl --database dbi:mysql:ykksm --db-user user --db-passwd pencil\n";
print "\n";
exit 1;
}
my $verbose = 0;
my $db = "dbi:mysql:ykksm";
my $dbuser;
my $dbpasswd;
while ($ARGV[0] =~ m/^-(.*)/) {
my $cmd = shift @ARGV;
if (($cmd eq "-v") || ($cmd eq "--verbose")) {
$verbose = 1;
} elsif (($cmd eq "-h") || ($cmd eq "--help")) {
usage();
} elsif ($cmd eq "--database") {
$db = shift;
} elsif ($cmd eq "--db-user") {
$dbuser = shift;
} elsif ($cmd eq "--db-passwd") {
$dbpasswd = shift;
}
}
if ($#ARGV>=0) {
usage();
}
my $dbh = DBI->connect($db, $dbuser, $dbpasswd, {'RaiseError' => 1});
my $sth = $dbh->prepare
('SELECT serialnr, publicname, internalname, aeskey FROM yubikeys')
or die "Couldn't prepare statement: " . $dbh->errstr;
$sth->execute()
or die "Couldn't execute statement: " . $sth->errstr;
my $sha1 = Digest::SHA1->new;
my $row;
while ($row = $sth->fetchrow_hashref()) {
if ($verbose) {
print "# serialnr=" . $row->{'serialnr'} .
" publicname=" . $row->{'publicname'} . "\n";
}
$sha1->add($row->{'serialnr'});
$sha1->add($row->{'publicname'});
$sha1->add($row->{'internalname'});
$sha1->add($row->{'aeskey'});
}
if ($sth->rows == 0) {
print "No data?!\n\n";
exit 1;
}
print substr ($sha1->hexdigest, 0, 10) . "\n";
$sth->finish;
$dbh->disconnect();
exit 0;