get rid of the YKPIV_APDU_* macros
transport the starting 4 bytes as an array instead
This commit is contained in:
+2
-2
@@ -148,7 +148,7 @@ ykpiv_rc ykpiv_connect(ykpiv_state *state, const char *wanted) {
|
|||||||
return YKPIV_OK;
|
return YKPIV_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
ykpiv_rc ykpiv_transfer_data(ykpiv_state *state, uint32_t template,
|
ykpiv_rc ykpiv_transfer_data(ykpiv_state *state, unsigned char *templ,
|
||||||
unsigned char *in_data, long in_len,
|
unsigned char *in_data, long in_len,
|
||||||
unsigned char *out_data, unsigned long *out_len, int *sw) {
|
unsigned char *out_data, unsigned long *out_len, int *sw) {
|
||||||
unsigned char *in_ptr = in_data;
|
unsigned char *in_ptr = in_data;
|
||||||
@@ -163,7 +163,7 @@ ykpiv_rc ykpiv_transfer_data(ykpiv_state *state, uint32_t template,
|
|||||||
APDU apdu;
|
APDU apdu;
|
||||||
|
|
||||||
memset(apdu.raw, 0, sizeof(apdu.raw));
|
memset(apdu.raw, 0, sizeof(apdu.raw));
|
||||||
YKPIV_APDU_UNPACK(apdu.raw, template);
|
memcpy(apdu.raw, templ, 4);
|
||||||
if(in_ptr + 0xff < in_data + in_len) {
|
if(in_ptr + 0xff < in_data + in_len) {
|
||||||
apdu.st.cla = 0x10;
|
apdu.st.cla = 0x10;
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
+1
-5
@@ -52,16 +52,12 @@ extern "C"
|
|||||||
ykpiv_rc ykpiv_init(ykpiv_state **state, int verbose);
|
ykpiv_rc ykpiv_init(ykpiv_state **state, int verbose);
|
||||||
ykpiv_rc ykpiv_done(ykpiv_state *state);
|
ykpiv_rc ykpiv_done(ykpiv_state *state);
|
||||||
ykpiv_rc ykpiv_connect(ykpiv_state *state, const char *wanted);
|
ykpiv_rc ykpiv_connect(ykpiv_state *state, const char *wanted);
|
||||||
ykpiv_rc ykpiv_transfer_data(ykpiv_state *state, uint32_t template,
|
ykpiv_rc ykpiv_transfer_data(ykpiv_state *state, unsigned char *templ,
|
||||||
unsigned char *in_data, long in_len,
|
unsigned char *in_data, long in_len,
|
||||||
unsigned char *out_data, unsigned long *out_len, int *sw);
|
unsigned char *out_data, unsigned long *out_len, int *sw);
|
||||||
ykpiv_rc ykpiv_send_data(ykpiv_state *state, unsigned char *apdu,
|
ykpiv_rc ykpiv_send_data(ykpiv_state *state, unsigned char *apdu,
|
||||||
unsigned char *data, unsigned long *recv_len, int *sw);
|
unsigned char *data, unsigned long *recv_len, int *sw);
|
||||||
|
|
||||||
#define YKPIV_APDU_TEMPLATE(i,j,k,l) ((i & 0xff) << 24 | (j & 0xff) << 16 | (k & 0xff) << 8 | (l & 0xff))
|
|
||||||
#define YKPIV_APDU_UNPACK(c, t) (c[0] = ((t >> 24) & 0xff), \
|
|
||||||
c[1] = ((t >> 16) & 0xff), c[2] = ((t >> 8) & 0xff), c[3] = (t & 0xff))
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
+19
-24
@@ -291,10 +291,12 @@ static void print_version(ykpiv_state *state, int verbose) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool generate_key(ykpiv_state *state, const char *slot, enum enum_algorithm algorithm,
|
static bool generate_key(ykpiv_state *state, const char *slot,
|
||||||
const char *output_file_name, enum enum_key_format key_format, int verbose) {
|
enum enum_algorithm algorithm, const char *output_file_name,
|
||||||
|
enum enum_key_format key_format, int verbose) {
|
||||||
unsigned char in_data[5];
|
unsigned char in_data[5];
|
||||||
unsigned char data[1024];
|
unsigned char data[1024];
|
||||||
|
unsigned char templ[] = {0, 0x47, 0, 0};
|
||||||
unsigned long recv_len = sizeof(data);
|
unsigned long recv_len = sizeof(data);
|
||||||
unsigned long received = 0;
|
unsigned long received = 0;
|
||||||
int sw;
|
int sw;
|
||||||
@@ -309,6 +311,7 @@ static bool generate_key(ykpiv_state *state, const char *slot, enum enum_algorit
|
|||||||
EC_POINT *point = NULL;
|
EC_POINT *point = NULL;
|
||||||
|
|
||||||
sscanf(slot, "%x", &key);
|
sscanf(slot, "%x", &key);
|
||||||
|
templ[3] = key;
|
||||||
|
|
||||||
output_file = open_file(output_file_name, OUTPUT);
|
output_file = open_file(output_file_name, OUTPUT);
|
||||||
if(!output_file) {
|
if(!output_file) {
|
||||||
@@ -334,7 +337,8 @@ static bool generate_key(ykpiv_state *state, const char *slot, enum enum_algorit
|
|||||||
fprintf(stderr, "Unexepcted algorithm.\n");
|
fprintf(stderr, "Unexepcted algorithm.\n");
|
||||||
goto generate_out;
|
goto generate_out;
|
||||||
}
|
}
|
||||||
if(ykpiv_transfer_data(state, YKPIV_APDU_TEMPLATE(0, 0x47, 0, key), in_data, sizeof(in_data), data, &recv_len, &sw) != YKPIV_OK) {
|
if(ykpiv_transfer_data(state, templ, in_data, sizeof(in_data), data,
|
||||||
|
&recv_len, &sw) != YKPIV_OK) {
|
||||||
fprintf(stderr, "Failed to communicate.\n");
|
fprintf(stderr, "Failed to communicate.\n");
|
||||||
goto generate_out;
|
goto generate_out;
|
||||||
} else if(sw != 0x9000) {
|
} else if(sw != 0x9000) {
|
||||||
@@ -559,11 +563,11 @@ static bool import_key(ykpiv_state *state, enum enum_key_format key_format,
|
|||||||
goto import_out;
|
goto import_out;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
APDU apdu;
|
|
||||||
unsigned char data[0xff];
|
unsigned char data[0xff];
|
||||||
unsigned long recv_len = sizeof(data);
|
unsigned long recv_len = sizeof(data);
|
||||||
unsigned char in_data[1024];
|
unsigned char in_data[1024];
|
||||||
unsigned char *in_ptr = in_data;
|
unsigned char *in_ptr = in_data;
|
||||||
|
unsigned char templ[] = {0, 0xfe, algorithm, key};
|
||||||
int sw;
|
int sw;
|
||||||
if(algorithm == 0x06 || algorithm == 0x07) {
|
if(algorithm == 0x06 || algorithm == 0x07) {
|
||||||
RSA *rsa_private_key = EVP_PKEY_get1_RSA(private_key);
|
RSA *rsa_private_key = EVP_PKEY_get1_RSA(private_key);
|
||||||
@@ -596,11 +600,8 @@ static bool import_key(ykpiv_state *state, enum enum_key_format key_format,
|
|||||||
in_ptr += BN_bn2bin(s, in_ptr);
|
in_ptr += BN_bn2bin(s, in_ptr);
|
||||||
}
|
}
|
||||||
|
|
||||||
memset(apdu.raw, 0, sizeof(apdu.raw));
|
if(ykpiv_transfer_data(state, templ, in_data, in_ptr - in_data, data,
|
||||||
apdu.st.ins = 0xfe;
|
&recv_len, &sw) != YKPIV_OK) {
|
||||||
apdu.st.p1 = algorithm;
|
|
||||||
apdu.st.p2 = key;
|
|
||||||
if(ykpiv_transfer_data(state, YKPIV_APDU_TEMPLATE(0x00, 0xfe, algorithm, key), in_data, in_ptr - in_data, data, &recv_len, &sw) != YKPIV_OK) {
|
|
||||||
return false;
|
return false;
|
||||||
} else if(sw != 0x9000) {
|
} else if(sw != 0x9000) {
|
||||||
fprintf(stderr, "Failed import command with code %x.", sw);
|
fprintf(stderr, "Failed import command with code %x.", sw);
|
||||||
@@ -662,10 +663,10 @@ static bool import_cert(ykpiv_state *state, enum enum_key_format cert_format,
|
|||||||
}
|
}
|
||||||
|
|
||||||
{
|
{
|
||||||
APDU apdu;
|
|
||||||
unsigned char certdata[2100];
|
unsigned char certdata[2100];
|
||||||
unsigned char *certptr = certdata;
|
unsigned char *certptr = certdata;
|
||||||
unsigned char data[0xff];
|
unsigned char data[0xff];
|
||||||
|
unsigned char templ[] = {0, 0xdb, 0x3f, 0xff};
|
||||||
unsigned long recv_len = sizeof(data);
|
unsigned long recv_len = sizeof(data);
|
||||||
int cert_len = i2d_X509(cert, NULL);
|
int cert_len = i2d_X509(cert, NULL);
|
||||||
int bytes;
|
int bytes;
|
||||||
@@ -699,12 +700,8 @@ static bool import_cert(ykpiv_state *state, enum enum_key_format cert_format,
|
|||||||
*certptr++ = 0xfe; /* LRC */
|
*certptr++ = 0xfe; /* LRC */
|
||||||
*certptr++ = 0;
|
*certptr++ = 0;
|
||||||
|
|
||||||
memset(apdu.raw, 0, sizeof(apdu.raw));
|
if(ykpiv_transfer_data(state, templ, certdata, certptr - certdata, data,
|
||||||
apdu.st.ins = 0xdb;
|
&recv_len, &sw) != YKPIV_OK) {
|
||||||
apdu.st.p1 = 0x3f;
|
|
||||||
apdu.st.p2 = 0xff;
|
|
||||||
|
|
||||||
if(ykpiv_transfer_data(state, YKPIV_APDU_TEMPLATE(0, 0xdb, 0x3f, 0xff), certdata, certptr - certdata, data, &recv_len, &sw) != YKPIV_OK) {
|
|
||||||
fprintf(stderr, "Failed commands with device.\n");
|
fprintf(stderr, "Failed commands with device.\n");
|
||||||
} else if(sw != 0x9000) {
|
} else if(sw != 0x9000) {
|
||||||
fprintf(stderr, "Failed loading certificate to device with code %x.\n", sw);
|
fprintf(stderr, "Failed loading certificate to device with code %x.\n", sw);
|
||||||
@@ -1104,6 +1101,7 @@ static bool delete_certificate(ykpiv_state *state, enum enum_slot slot, int verb
|
|||||||
unsigned char *ptr = objdata;
|
unsigned char *ptr = objdata;
|
||||||
unsigned char data[0xff];
|
unsigned char data[0xff];
|
||||||
unsigned long recv_len = sizeof(data);
|
unsigned long recv_len = sizeof(data);
|
||||||
|
unsigned char templ[] = {0, 0xdb, 0x3f, 0xff};
|
||||||
int sw;
|
int sw;
|
||||||
bool ret = false;
|
bool ret = false;
|
||||||
int object = get_object_id(slot);
|
int object = get_object_id(slot);
|
||||||
@@ -1121,7 +1119,8 @@ static bool delete_certificate(ykpiv_state *state, enum enum_slot slot, int verb
|
|||||||
apdu.st.p1 = 0x3f;
|
apdu.st.p1 = 0x3f;
|
||||||
apdu.st.p2 = 0xff;
|
apdu.st.p2 = 0xff;
|
||||||
|
|
||||||
if(ykpiv_transfer_data(state, YKPIV_APDU_TEMPLATE(0, 0xdb, 0x3f, 0xff), objdata, 7, data, &recv_len, &sw) != YKPIV_OK) {
|
if(ykpiv_transfer_data(state, templ, objdata, 7, data, &recv_len, &sw)
|
||||||
|
!= YKPIV_OK) {
|
||||||
return false;
|
return false;
|
||||||
} else if(sw != 0x9000) {
|
} else if(sw != 0x9000) {
|
||||||
fprintf(stderr, "Failed deleting certificate to device with code %x.\n", sw);
|
fprintf(stderr, "Failed deleting certificate to device with code %x.\n", sw);
|
||||||
@@ -1136,17 +1135,12 @@ static bool sign_data(ykpiv_state *state, unsigned char *signinput, int in_len,
|
|||||||
unsigned char indata[1024];
|
unsigned char indata[1024];
|
||||||
unsigned char *dataptr = indata;
|
unsigned char *dataptr = indata;
|
||||||
unsigned char data[1024];
|
unsigned char data[1024];
|
||||||
|
unsigned char templ[] = {0, 0x87, algorithm, key};
|
||||||
unsigned long recv_len = sizeof(data);
|
unsigned long recv_len = sizeof(data);
|
||||||
int sw;
|
int sw;
|
||||||
int bytes;
|
int bytes;
|
||||||
APDU apdu;
|
|
||||||
int len;
|
int len;
|
||||||
|
|
||||||
memset(apdu.raw, 0, sizeof(apdu.raw));
|
|
||||||
apdu.st.ins = 0x87;
|
|
||||||
apdu.st.p1 = algorithm;
|
|
||||||
apdu.st.p2 = key;
|
|
||||||
|
|
||||||
if(in_len < 0x80) {
|
if(in_len < 0x80) {
|
||||||
bytes = 1;
|
bytes = 1;
|
||||||
} else if(in_len < 0xff) {
|
} else if(in_len < 0xff) {
|
||||||
@@ -1164,7 +1158,8 @@ static bool sign_data(ykpiv_state *state, unsigned char *signinput, int in_len,
|
|||||||
memcpy(dataptr, signinput, (size_t)in_len);
|
memcpy(dataptr, signinput, (size_t)in_len);
|
||||||
dataptr += in_len;
|
dataptr += in_len;
|
||||||
|
|
||||||
if(ykpiv_transfer_data(state, YKPIV_APDU_TEMPLATE(0, 0x87, algorithm, key), indata, dataptr - indata, data, &recv_len, &sw) != YKPIV_OK) {
|
if(ykpiv_transfer_data(state, templ, indata, dataptr - indata, data,
|
||||||
|
&recv_len, &sw) != YKPIV_OK) {
|
||||||
fprintf(stderr, "Sign command failed to communicate.\n");
|
fprintf(stderr, "Sign command failed to communicate.\n");
|
||||||
return false;
|
return false;
|
||||||
} else if(sw != 0x9000) {
|
} else if(sw != 0x9000) {
|
||||||
|
|||||||
Reference in New Issue
Block a user