diff --git a/ykcs11/obj_types.h b/ykcs11/obj_types.h index ca4fc09..d54b8bf 100644 --- a/ykcs11/obj_types.h +++ b/ykcs11/obj_types.h @@ -11,6 +11,26 @@ typedef enum { PIV_DATA_OBJ_X509_CARD_AUTH, // Certificate for card authentication PIV_DATA_OBJ_X509_DS, // Certificate for digital signature PIV_DATA_OBJ_X509_KM, // Certificate for key management + PIV_DATA_OBJ_X509_RETIRED_1, // Certificate for retired key 1 + PIV_DATA_OBJ_X509_RETIRED_2, // Certificate for retired key 2 + PIV_DATA_OBJ_X509_RETIRED_3, // Certificate for retired key 3 + PIV_DATA_OBJ_X509_RETIRED_4, // Certificate for retired key 4 + PIV_DATA_OBJ_X509_RETIRED_5, // Certificate for retired key 5 + PIV_DATA_OBJ_X509_RETIRED_6, // Certificate for retired key 6 + PIV_DATA_OBJ_X509_RETIRED_7, // Certificate for retired key 7 + PIV_DATA_OBJ_X509_RETIRED_8, // Certificate for retired key 8 + PIV_DATA_OBJ_X509_RETIRED_9, // Certificate for retired key 9 + PIV_DATA_OBJ_X509_RETIRED_10, // Certificate for retired key 10 + PIV_DATA_OBJ_X509_RETIRED_11, // Certificate for retired key 11 + PIV_DATA_OBJ_X509_RETIRED_12, // Certificate for retired key 12 + PIV_DATA_OBJ_X509_RETIRED_13, // Certificate for retired key 13 + PIV_DATA_OBJ_X509_RETIRED_14, // Certificate for retired key 14 + PIV_DATA_OBJ_X509_RETIRED_15, // Certificate for retired key 15 + PIV_DATA_OBJ_X509_RETIRED_16, // Certificate for retired key 16 + PIV_DATA_OBJ_X509_RETIRED_17, // Certificate for retired key 17 + PIV_DATA_OBJ_X509_RETIRED_18, // Certificate for retired key 18 + PIV_DATA_OBJ_X509_RETIRED_19, // Certificate for retired key 19 + PIV_DATA_OBJ_X509_RETIRED_20, // Certificate for retired key 20 PIV_DATA_OBJ_CCC, // Card capability container PIV_DATA_OBJ_CHUI, // Cardholder unique id PIV_DATA_OBJ_CHF, // Cardholder fingerprints @@ -19,73 +39,88 @@ typedef enum { PIV_DATA_OBJ_PI, // Cardholder printed information PIV_DATA_OBJ_DISCOVERY, // Discovery object PIV_DATA_OBJ_HISTORY, // History object - PIV_DATA_OBJ_RETIRED_X509_1, // Retired certificate for KM 1 - PIV_DATA_OBJ_RETIRED_X509_2, // Retired certificate for KM 2 - PIV_DATA_OBJ_RETIRED_X509_3, // Retired certificate for KM 3 - PIV_DATA_OBJ_RETIRED_X509_4, // Retired certificate for KM 4 - PIV_DATA_OBJ_RETIRED_X509_5, // Retired certificate for KM 5 - PIV_DATA_OBJ_RETIRED_X509_6, // Retired certificate for KM 6 - PIV_DATA_OBJ_RETIRED_X509_7, // Retired certificate for KM 7 - PIV_DATA_OBJ_RETIRED_X509_8, // Retired certificate for KM 8 - PIV_DATA_OBJ_RETIRED_X509_9, // Retired certificate for KM 9 - PIV_DATA_OBJ_RETIRED_X509_10, // Retired certificate for KM 10 - PIV_DATA_OBJ_RETIRED_X509_11, // Retired certificate for KM 11 - PIV_DATA_OBJ_RETIRED_X509_12, // Retired certificate for KM 12 - PIV_DATA_OBJ_RETIRED_X509_13, // Retired certificate for KM 13 - PIV_DATA_OBJ_RETIRED_X509_14, // Retired certificate for KM 14 - PIV_DATA_OBJ_RETIRED_X509_15, // Retired certificate for KM 15 - PIV_DATA_OBJ_RETIRED_X509_16, // Retired certificate for KM 16 - PIV_DATA_OBJ_RETIRED_X509_17, // Retired certificate for KM 17 - PIV_DATA_OBJ_RETIRED_X509_18, // Retired certificate for KM 18 - PIV_DATA_OBJ_RETIRED_X509_19, // Retired certificate for KM 19 - PIV_DATA_OBJ_RETIRED_X509_20, // Retired certificate for KM 20 PIV_DATA_OBJ_IRIS_IMAGE, // Cardholder iris images PIV_DATA_OBJ_BITGT, // Biometric information templates group template PIV_DATA_OBJ_SM_SIGNER, // Secure messaging signer PIV_DATA_OBJ_PC_REF_DATA, // Pairing code reference data -/* PIV_DATA_OBJ_9B03, // NON-STANDARD TODO: remove? - PIV_DATA_OBJ_9A06, // NON-STANDARD - PIV_DATA_OBJ_9C06, // NON-STANDARD - PIV_DATA_OBJ_9D06, // NON-STANDARD - PIV_DATA_OBJ_9E06, // NON-STANDARD - PIV_DATA_OBJ_8206, // NON-STANDARD - PIV_DATA_OBJ_8306, // NON-STANDARD - PIV_DATA_OBJ_8406, // NON-STANDARD - PIV_DATA_OBJ_8506, // NON-STANDARD - PIV_DATA_OBJ_8606, // NON-STANDARD - PIV_DATA_OBJ_8706, // NON-STANDARD - PIV_DATA_OBJ_8806, // NON-STANDARD - PIV_DATA_OBJ_8906, // NON-STANDARD - PIV_DATA_OBJ_8A06, // NON-STANDARD - PIV_DATA_OBJ_8B06, // NON-STANDARD - PIV_DATA_OBJ_8C06, // NON-STANDARD - PIV_DATA_OBJ_8D06, // NON-STANDARD - PIV_DATA_OBJ_8E06, // NON-STANDARD - PIV_DATA_OBJ_8F06, // NON-STANDARD - PIV_DATA_OBJ_9006, // NON-STANDARD - PIV_DATA_OBJ_9106, // NON-STANDARD - PIV_DATA_OBJ_9206, // NON-STANDARD - PIV_DATA_OBJ_9306, // NON-STANDARD - PIV_DATA_OBJ_9406, // NON-STANDARD - PIV_DATA_OBJ_9506, // NON-STANDARD*/ PIV_DATA_OBJ_LAST, PIV_CERT_OBJ_X509_PIV_AUTH, // PIV authentication PIV_CERT_OBJ_X509_CARD_AUTH, // Certificate for card authentication PIV_CERT_OBJ_X509_DS, // Certificate for digital signature PIV_CERT_OBJ_X509_KM, // Certificate for key management + PIV_CERT_OBJ_X509_RETIRED_1, // Certificate for retired key 1 + PIV_CERT_OBJ_X509_RETIRED_2, // Certificate for retired key 2 + PIV_CERT_OBJ_X509_RETIRED_3, // Certificate for retired key 3 + PIV_CERT_OBJ_X509_RETIRED_4, // Certificate for retired key 4 + PIV_CERT_OBJ_X509_RETIRED_5, // Certificate for retired key 5 + PIV_CERT_OBJ_X509_RETIRED_6, // Certificate for retired key 6 + PIV_CERT_OBJ_X509_RETIRED_7, // Certificate for retired key 7 + PIV_CERT_OBJ_X509_RETIRED_8, // Certificate for retired key 8 + PIV_CERT_OBJ_X509_RETIRED_9, // Certificate for retired key 9 + PIV_CERT_OBJ_X509_RETIRED_10, // Certificate for retired key 10 + PIV_CERT_OBJ_X509_RETIRED_11, // Certificate for retired key 11 + PIV_CERT_OBJ_X509_RETIRED_12, // Certificate for retired key 12 + PIV_CERT_OBJ_X509_RETIRED_13, // Certificate for retired key 13 + PIV_CERT_OBJ_X509_RETIRED_14, // Certificate for retired key 14 + PIV_CERT_OBJ_X509_RETIRED_15, // Certificate for retired key 15 + PIV_CERT_OBJ_X509_RETIRED_16, // Certificate for retired key 16 + PIV_CERT_OBJ_X509_RETIRED_17, // Certificate for retired key 17 + PIV_CERT_OBJ_X509_RETIRED_18, // Certificate for retired key 18 + PIV_CERT_OBJ_X509_RETIRED_19, // Certificate for retired key 19 + PIV_CERT_OBJ_X509_RETIRED_20, // Certificate for retired key 20 PIV_CERT_OBJ_LAST, PIV_PVTK_OBJ_PIV_AUTH, // Private key for PIV authentication - PIV_PVTK_OBJ_CARD_AUTH, // Private Key for card authentication - PIV_PVTK_OBJ_DS, // Private Key for digital signature - PIV_PVTK_OBJ_KM, // Private Key for key management + PIV_PVTK_OBJ_CARD_AUTH, // Private key for card authentication + PIV_PVTK_OBJ_DS, // Private key for digital signature + PIV_PVTK_OBJ_KM, // Private key for key management + PIV_PVTK_OBJ_RETIRED_1, // Private key for retired key 1 + PIV_PVTK_OBJ_RETIRED_2, // Private key for retired key 2 + PIV_PVTK_OBJ_RETIRED_3, // Private key for retired key 3 + PIV_PVTK_OBJ_RETIRED_4, // Private key for retired key 4 + PIV_PVTK_OBJ_RETIRED_5, // Private key for retired key 5 + PIV_PVTK_OBJ_RETIRED_6, // Private key for retired key 6 + PIV_PVTK_OBJ_RETIRED_7, // Private key for retired key 7 + PIV_PVTK_OBJ_RETIRED_8, // Private key for retired key 8 + PIV_PVTK_OBJ_RETIRED_9, // Private key for retired key 9 + PIV_PVTK_OBJ_RETIRED_10, // Private key for retired key 10 + PIV_PVTK_OBJ_RETIRED_11, // Private key for retired key 11 + PIV_PVTK_OBJ_RETIRED_12, // Private key for retired key 12 + PIV_PVTK_OBJ_RETIRED_13, // Private key for retired key 13 + PIV_PVTK_OBJ_RETIRED_14, // Private key for retired key 14 + PIV_PVTK_OBJ_RETIRED_15, // Private key for retired key 15 + PIV_PVTK_OBJ_RETIRED_16, // Private key for retired key 16 + PIV_PVTK_OBJ_RETIRED_17, // Private key for retired key 17 + PIV_PVTK_OBJ_RETIRED_18, // Private key for retired key 18 + PIV_PVTK_OBJ_RETIRED_19, // Private key for retired key 19 + PIV_PVTK_OBJ_RETIRED_20, // Private key for retired key 20 PIV_PVTK_OBJ_LAST, PIV_PUBK_OBJ_PIV_AUTH, // Public key for PIV authentication - PIV_PUBK_OBJ_CARD_AUTH, // Public Key for card authentication - PIV_PUBK_OBJ_DS, // Public Key for digital signature - PIV_PUBK_OBJ_KM, // Public Key for key management + PIV_PUBK_OBJ_CARD_AUTH, // Public key for card authentication + PIV_PUBK_OBJ_DS, // Public key for digital signature + PIV_PUBK_OBJ_KM, // Public key for key management + PIV_PUBK_OBJ_RETIRED_1, // Public key for retired key 1 + PIV_PUBK_OBJ_RETIRED_2, // Public key for retired key 2 + PIV_PUBK_OBJ_RETIRED_3, // Public key for retired key 3 + PIV_PUBK_OBJ_RETIRED_4, // Public key for retired key 4 + PIV_PUBK_OBJ_RETIRED_5, // Public key for retired key 5 + PIV_PUBK_OBJ_RETIRED_6, // Public key for retired key 6 + PIV_PUBK_OBJ_RETIRED_7, // Public key for retired key 7 + PIV_PUBK_OBJ_RETIRED_8, // Public key for retired key 8 + PIV_PUBK_OBJ_RETIRED_9, // Public key for retired key 9 + PIV_PUBK_OBJ_RETIRED_10, // Public key for retired key 10 + PIV_PUBK_OBJ_RETIRED_11, // Public key for retired key 11 + PIV_PUBK_OBJ_RETIRED_12, // Public key for retired key 12 + PIV_PUBK_OBJ_RETIRED_13, // Public key for retired key 13 + PIV_PUBK_OBJ_RETIRED_14, // Public key for retired key 14 + PIV_PUBK_OBJ_RETIRED_15, // Public key for retired key 15 + PIV_PUBK_OBJ_RETIRED_16, // Public key for retired key 16 + PIV_PUBK_OBJ_RETIRED_17, // Public key for retired key 17 + PIV_PUBK_OBJ_RETIRED_18, // Public key for retired key 18 + PIV_PUBK_OBJ_RETIRED_19, // Public key for retired key 19 + PIV_PUBK_OBJ_RETIRED_20, // Public key for retired key 20 PIV_PUBK_OBJ_LAST } piv_obj_id_t; diff --git a/ykcs11/objects.c b/ykcs11/objects.c index aaf3fa7..ee27983 100644 --- a/ykcs11/objects.c +++ b/ykcs11/objects.c @@ -24,34 +24,34 @@ static piv_obj_t piv_objects[] = { {PIV_DATA_OBJ_X509_CARD_AUTH, 1, 0, 0, "X.509 Certificate for Card Authentication", 0, 0, get_doa, 1}, {PIV_DATA_OBJ_X509_DS, 1, 0, 0, "X.509 Certificate for Digital Signature", 0, 0, get_doa, 2}, {PIV_DATA_OBJ_X509_KM, 1, 0, 0, "X.509 Certificate for Key Management", 0, 0, get_doa, 3}, - {PIV_DATA_OBJ_CCC, 1, 0, 0, "Card Capability Container", 0, 0, get_doa, 4}, - {PIV_DATA_OBJ_CHUI, 1, 0, 0, "Card Holder Unique Identifier", 0, 0, get_doa, 5}, - {PIV_DATA_OBJ_CHF, 1, 1, 0, "Card Holder Fingerprints", 0, 0, get_doa, 6}, - {PIV_DATA_OBJ_SEC_OBJ, 1, 0, 0, "Security Object", 0, 0, get_doa, 7}, - {PIV_DATA_OBJ_CHFI, 1, 1, 0, "Cardholder Facial Images", 0, 0, get_doa, 8}, - {PIV_DATA_OBJ_PI, 1, 1, 0, "Printed Information", 0, 0, get_doa, 9}, - {PIV_DATA_OBJ_DISCOVERY, 1, 0, 0, "Discovery Object", 0, 0, get_doa, 10}, - {PIV_DATA_OBJ_HISTORY, 1, 0, 0, "Key History Object", 0, 0, get_doa, 11}, - {PIV_DATA_OBJ_RETIRED_X509_1, 1, 0, 0, "Retired X.509 Certificate for Key Management 1", 0, 0, get_doa, 12}, - {PIV_DATA_OBJ_RETIRED_X509_2, 1, 0, 0, "Retired X.509 Certificate for Key Management 2", 0, 0, get_doa, 13}, - {PIV_DATA_OBJ_RETIRED_X509_3, 1, 0, 0, "Retired X.509 Certificate for Key Management 3", 0, 0, get_doa, 14}, - {PIV_DATA_OBJ_RETIRED_X509_4, 1, 0, 0, "Retired X.509 Certificate for Key Management 4", 0, 0, get_doa, 15}, - {PIV_DATA_OBJ_RETIRED_X509_5, 1, 0, 0, "Retired X.509 Certificate for Key Management 5", 0, 0, get_doa, 16}, - {PIV_DATA_OBJ_RETIRED_X509_6, 1, 0, 0, "Retired X.509 Certificate for Key Management 6", 0, 0, get_doa, 17}, - {PIV_DATA_OBJ_RETIRED_X509_7, 1, 0, 0, "Retired X.509 Certificate for Key Management 7", 0, 0, get_doa, 18}, - {PIV_DATA_OBJ_RETIRED_X509_8, 1, 0, 0, "Retired X.509 Certificate for Key Management 8", 0, 0, get_doa, 19}, - {PIV_DATA_OBJ_RETIRED_X509_9, 1, 0, 0, "Retired X.509 Certificate for Key Management 9", 0, 0, get_doa, 20}, - {PIV_DATA_OBJ_RETIRED_X509_10, 1, 0, 0, "Retired X.509 Certificate for Key Management 10", 0, 0, get_doa, 21}, - {PIV_DATA_OBJ_RETIRED_X509_11, 1, 0, 0, "Retired X.509 Certificate for Key Management 11", 0, 0, get_doa, 22}, - {PIV_DATA_OBJ_RETIRED_X509_12, 1, 0, 0, "Retired X.509 Certificate for Key Management 12", 0, 0, get_doa, 23}, - {PIV_DATA_OBJ_RETIRED_X509_13, 1, 0, 0, "Retired X.509 Certificate for Key Management 13", 0, 0, get_doa, 24}, - {PIV_DATA_OBJ_RETIRED_X509_14, 1, 0, 0, "Retired X.509 Certificate for Key Management 14", 0, 0, get_doa, 25}, - {PIV_DATA_OBJ_RETIRED_X509_15, 1, 0, 0, "Retired X.509 Certificate for Key Management 15", 0, 0, get_doa, 26}, - {PIV_DATA_OBJ_RETIRED_X509_16, 1, 0, 0, "Retired X.509 Certificate for Key Management 16", 0, 0, get_doa, 27}, - {PIV_DATA_OBJ_RETIRED_X509_17, 1, 0, 0, "Retired X.509 Certificate for Key Management 17", 0, 0, get_doa, 28}, - {PIV_DATA_OBJ_RETIRED_X509_18, 1, 0, 0, "Retired X.509 Certificate for Key Management 18", 0, 0, get_doa, 29}, - {PIV_DATA_OBJ_RETIRED_X509_19, 1, 0, 0, "Retired X.509 Certificate for Key Management 19", 0, 0, get_doa, 30}, - {PIV_DATA_OBJ_RETIRED_X509_20, 1, 0, 0, "Retired X.509 Certificate for Key Management 20", 0, 0, get_doa, 31}, + {PIV_DATA_OBJ_X509_RETIRED_1, 1, 0, 0, "X.509 Certificate for retired key 1", 0, 0, get_doa, 4}, + {PIV_DATA_OBJ_X509_RETIRED_2, 1, 0, 0, "X.509 Certificate for retired key 2", 0, 0, get_doa, 5}, + {PIV_DATA_OBJ_X509_RETIRED_3, 1, 0, 0, "X.509 Certificate for retired key 3", 0, 0, get_doa, 6}, + {PIV_DATA_OBJ_X509_RETIRED_4, 1, 0, 0, "X.509 Certificate for retired key 4", 0, 0, get_doa, 7}, + {PIV_DATA_OBJ_X509_RETIRED_5, 1, 0, 0, "X.509 Certificate for retired key 5", 0, 0, get_doa, 8}, + {PIV_DATA_OBJ_X509_RETIRED_6, 1, 0, 0, "X.509 Certificate for retired key 6", 0, 0, get_doa, 9}, + {PIV_DATA_OBJ_X509_RETIRED_7, 1, 0, 0, "X.509 Certificate for retired key 7", 0, 0, get_doa, 10}, + {PIV_DATA_OBJ_X509_RETIRED_8, 1, 0, 0, "X.509 Certificate for retired key 8", 0, 0, get_doa, 11}, + {PIV_DATA_OBJ_X509_RETIRED_9, 1, 0, 0, "X.509 Certificate for retired key 9", 0, 0, get_doa, 12}, + {PIV_DATA_OBJ_X509_RETIRED_10, 1, 0, 0, "X.509 Certificate for retired key 10", 0, 0, get_doa, 13}, + {PIV_DATA_OBJ_X509_RETIRED_11, 1, 0, 0, "X.509 Certificate for retired key 11", 0, 0, get_doa, 14}, + {PIV_DATA_OBJ_X509_RETIRED_12, 1, 0, 0, "X.509 Certificate for retired key 12", 0, 0, get_doa, 15}, + {PIV_DATA_OBJ_X509_RETIRED_13, 1, 0, 0, "X.509 Certificate for retired key 13", 0, 0, get_doa, 16}, + {PIV_DATA_OBJ_X509_RETIRED_14, 1, 0, 0, "X.509 Certificate for retired key 14", 0, 0, get_doa, 17}, + {PIV_DATA_OBJ_X509_RETIRED_15, 1, 0, 0, "X.509 Certificate for retired key 15", 0, 0, get_doa, 18}, + {PIV_DATA_OBJ_X509_RETIRED_16, 1, 0, 0, "X.509 Certificate for retired key 16", 0, 0, get_doa, 19}, + {PIV_DATA_OBJ_X509_RETIRED_17, 1, 0, 0, "X.509 Certificate for retired key 17", 0, 0, get_doa, 20}, + {PIV_DATA_OBJ_X509_RETIRED_18, 1, 0, 0, "X.509 Certificate for retired key 18", 0, 0, get_doa, 21}, + {PIV_DATA_OBJ_X509_RETIRED_19, 1, 0, 0, "X.509 Certificate for retired key 19", 0, 0, get_doa, 22}, + {PIV_DATA_OBJ_X509_RETIRED_20, 1, 0, 0, "X.509 Certificate for retired key 20", 0, 0, get_doa, 23}, + {PIV_DATA_OBJ_CCC, 1, 0, 0, "Card Capability Container", 0, 0, get_doa, 24}, + {PIV_DATA_OBJ_CHUI, 1, 0, 0, "Card Holder Unique Identifier", 0, 0, get_doa, 25}, + {PIV_DATA_OBJ_CHF, 1, 1, 0, "Card Holder Fingerprints", 0, 0, get_doa, 26}, + {PIV_DATA_OBJ_SEC_OBJ, 1, 0, 0, "Security Object", 0, 0, get_doa, 27}, + {PIV_DATA_OBJ_CHFI, 1, 1, 0, "Cardholder Facial Images", 0, 0, get_doa, 28}, + {PIV_DATA_OBJ_PI, 1, 1, 0, "Printed Information", 0, 0, get_doa, 29}, + {PIV_DATA_OBJ_DISCOVERY, 1, 0, 0, "Discovery Object", 0, 0, get_doa, 30}, + {PIV_DATA_OBJ_HISTORY, 1, 0, 0, "Key History Object", 0, 0, get_doa, 31}, {PIV_DATA_OBJ_IRIS_IMAGE, 1, 1, 0, "Cardholder Iris Images", 0, 0, get_doa, 32}, {PIV_DATA_OBJ_BITGT, 1, 0, 0, "Biometric Information Templates Group Template", 0, 0, get_doa, 33}, {PIV_DATA_OBJ_SM_SIGNER, 1, 0, 0, "Secure Messaging Certificate Signer", 0, 0, get_doa, 34}, @@ -62,19 +62,79 @@ static piv_obj_t piv_objects[] = { {PIV_CERT_OBJ_X509_CARD_AUTH, 1, 0, 0, "X.509 Certificate for Card Authentication", 0, 0, get_coa, 1}, {PIV_CERT_OBJ_X509_DS, 1, 0, 0, "X.509 Certificate for Digital Signature", 0, 0, get_coa, 2}, {PIV_CERT_OBJ_X509_KM, 1, 0, 0, "X.509 Certificate for Key Management", 0, 0, get_coa, 3}, - {PIV_CERT_OBJ_LAST, 1, 0, 0, "", 0, 0, NULL, 4}, + {PIV_CERT_OBJ_X509_RETIRED_1, 1, 0, 0, "X.509 Certificate for retired key 1", 0, 0, get_coa, 4}, + {PIV_CERT_OBJ_X509_RETIRED_2, 1, 0, 0, "X.509 Certificate for retired key 2", 0, 0, get_coa, 5}, + {PIV_CERT_OBJ_X509_RETIRED_3, 1, 0, 0, "X.509 Certificate for retired key 3", 0, 0, get_coa, 6}, + {PIV_CERT_OBJ_X509_RETIRED_4, 1, 0, 0, "X.509 Certificate for retired key 4", 0, 0, get_coa, 7}, + {PIV_CERT_OBJ_X509_RETIRED_5, 1, 0, 0, "X.509 Certificate for retired key 5", 0, 0, get_coa, 8}, + {PIV_CERT_OBJ_X509_RETIRED_6, 1, 0, 0, "X.509 Certificate for retired key 6", 0, 0, get_coa, 9}, + {PIV_CERT_OBJ_X509_RETIRED_7, 1, 0, 0, "X.509 Certificate for retired key 7", 0, 0, get_coa, 10}, + {PIV_CERT_OBJ_X509_RETIRED_8, 1, 0, 0, "X.509 Certificate for retired key 8", 0, 0, get_coa, 11}, + {PIV_CERT_OBJ_X509_RETIRED_9, 1, 0, 0, "X.509 Certificate for retired key 9", 0, 0, get_coa, 12}, + {PIV_CERT_OBJ_X509_RETIRED_10, 1, 0, 0, "X.509 Certificate for retired key 10", 0, 0, get_coa, 13}, + {PIV_CERT_OBJ_X509_RETIRED_11, 1, 0, 0, "X.509 Certificate for retired key 11", 0, 0, get_coa, 14}, + {PIV_CERT_OBJ_X509_RETIRED_12, 1, 0, 0, "X.509 Certificate for retired key 12", 0, 0, get_coa, 15}, + {PIV_CERT_OBJ_X509_RETIRED_13, 1, 0, 0, "X.509 Certificate for retired key 13", 0, 0, get_coa, 16}, + {PIV_CERT_OBJ_X509_RETIRED_14, 1, 0, 0, "X.509 Certificate for retired key 14", 0, 0, get_coa, 17}, + {PIV_CERT_OBJ_X509_RETIRED_15, 1, 0, 0, "X.509 Certificate for retired key 15", 0, 0, get_coa, 18}, + {PIV_CERT_OBJ_X509_RETIRED_16, 1, 0, 0, "X.509 Certificate for retired key 16", 0, 0, get_coa, 19}, + {PIV_CERT_OBJ_X509_RETIRED_17, 1, 0, 0, "X.509 Certificate for retired key 17", 0, 0, get_coa, 20}, + {PIV_CERT_OBJ_X509_RETIRED_18, 1, 0, 0, "X.509 Certificate for retired key 18", 0, 0, get_coa, 21}, + {PIV_CERT_OBJ_X509_RETIRED_19, 1, 0, 0, "X.509 Certificate for retired key 19", 0, 0, get_coa, 22}, + {PIV_CERT_OBJ_X509_RETIRED_20, 1, 0, 0, "X.509 Certificate for retired key 20", 0, 0, get_coa, 23}, + {PIV_CERT_OBJ_LAST, 1, 0, 0, "", 0, 0, NULL, 24}, {PIV_PVTK_OBJ_PIV_AUTH, 1, 1, 0, "Private key for PIV Authentication", 0, 0, get_proa, 0}, // 9a {PIV_PVTK_OBJ_CARD_AUTH, 1, 0, 0, "Private key for Card Authentication", 0, 0, get_proa, 1}, // 9e {PIV_PVTK_OBJ_DS, 1, 1, 0, "Private key for Digital Signature", 0, 0, get_proa, 2}, // 9c {PIV_PVTK_OBJ_KM, 1, 1, 0, "Private key for Key Management", 0, 0, get_proa, 3}, // 9d - {PIV_PVTK_OBJ_LAST, 1, 0, 0, "", 0, 0, NULL, 4}, + {PIV_PVTK_OBJ_RETIRED_1, 1, 1, 0, "Private key for retired key 1", 0, 0, get_proa, 4}, + {PIV_PVTK_OBJ_RETIRED_2, 1, 1, 0, "Private key for retired key 2", 0, 0, get_proa, 5}, + {PIV_PVTK_OBJ_RETIRED_3, 1, 1, 0, "Private key for retired key 3", 0, 0, get_proa, 6}, + {PIV_PVTK_OBJ_RETIRED_4, 1, 1, 0, "Private key for retired key 4", 0, 0, get_proa, 7}, + {PIV_PVTK_OBJ_RETIRED_5, 1, 1, 0, "Private key for retired key 5", 0, 0, get_proa, 8}, + {PIV_PVTK_OBJ_RETIRED_6, 1, 1, 0, "Private key for retired key 6", 0, 0, get_proa, 9}, + {PIV_PVTK_OBJ_RETIRED_7, 1, 1, 0, "Private key for retired key 7", 0, 0, get_proa, 10}, + {PIV_PVTK_OBJ_RETIRED_8, 1, 1, 0, "Private key for retired key 8", 0, 0, get_proa, 11}, + {PIV_PVTK_OBJ_RETIRED_9, 1, 1, 0, "Private key for retired key 9", 0, 0, get_proa, 12}, + {PIV_PVTK_OBJ_RETIRED_10, 1, 1, 0, "Private key for retired key 10", 0, 0, get_proa, 13}, + {PIV_PVTK_OBJ_RETIRED_11, 1, 1, 0, "Private key for retired key 11", 0, 0, get_proa, 14}, + {PIV_PVTK_OBJ_RETIRED_12, 1, 1, 0, "Private key for retired key 12", 0, 0, get_proa, 15}, + {PIV_PVTK_OBJ_RETIRED_13, 1, 1, 0, "Private key for retired key 13", 0, 0, get_proa, 16}, + {PIV_PVTK_OBJ_RETIRED_14, 1, 1, 0, "Private key for retired key 14", 0, 0, get_proa, 17}, + {PIV_PVTK_OBJ_RETIRED_15, 1, 1, 0, "Private key for retired key 15", 0, 0, get_proa, 18}, + {PIV_PVTK_OBJ_RETIRED_16, 1, 1, 0, "Private key for retired key 16", 0, 0, get_proa, 19}, + {PIV_PVTK_OBJ_RETIRED_17, 1, 1, 0, "Private key for retired key 17", 0, 0, get_proa, 20}, + {PIV_PVTK_OBJ_RETIRED_18, 1, 1, 0, "Private key for retired key 18", 0, 0, get_proa, 21}, + {PIV_PVTK_OBJ_RETIRED_19, 1, 1, 0, "Private key for retired key 19", 0, 0, get_proa, 22}, + {PIV_PVTK_OBJ_RETIRED_20, 1, 1, 0, "Private key for retired key 20", 0, 0, get_proa, 23}, + {PIV_PVTK_OBJ_LAST, 1, 0, 0, "", 0, 0, NULL, 24}, {PIV_PUBK_OBJ_PIV_AUTH, 1, 0, 0, "Public key for PIV Authentication", 0, 0, get_puoa, 0}, {PIV_PUBK_OBJ_CARD_AUTH, 1, 0, 0, "Public key for Card Authentication", 0, 0, get_puoa, 1}, {PIV_PUBK_OBJ_DS, 1, 0, 0, "Public key for Digital Signature", 0, 0, get_puoa, 2}, {PIV_PUBK_OBJ_KM, 1, 0, 0, "Public key for Key Management", 0, 0, get_puoa, 3}, - {PIV_PUBK_OBJ_LAST, 1, 0, 0, "", 0, 0, NULL, 4} + {PIV_PUBK_OBJ_RETIRED_1, 1, 0, 0, "Public key for retired key 1", 0, 0, get_puoa, 4}, + {PIV_PUBK_OBJ_RETIRED_2, 1, 0, 0, "Public key for retired key 2", 0, 0, get_puoa, 5}, + {PIV_PUBK_OBJ_RETIRED_3, 1, 0, 0, "Public key for retired key 3", 0, 0, get_puoa, 6}, + {PIV_PUBK_OBJ_RETIRED_4, 1, 0, 0, "Public key for retired key 4", 0, 0, get_puoa, 7}, + {PIV_PUBK_OBJ_RETIRED_5, 1, 0, 0, "Public key for retired key 5", 0, 0, get_puoa, 8}, + {PIV_PUBK_OBJ_RETIRED_6, 1, 0, 0, "Public key for retired key 6", 0, 0, get_puoa, 9}, + {PIV_PUBK_OBJ_RETIRED_7, 1, 0, 0, "Public key for retired key 7", 0, 0, get_puoa, 10}, + {PIV_PUBK_OBJ_RETIRED_8, 1, 0, 0, "Public key for retired key 8", 0, 0, get_puoa, 11}, + {PIV_PUBK_OBJ_RETIRED_9, 1, 0, 0, "Public key for retired key 9", 0, 0, get_puoa, 12}, + {PIV_PUBK_OBJ_RETIRED_10, 1, 0, 0, "Public key for retired key 10", 0, 0, get_puoa, 13}, + {PIV_PUBK_OBJ_RETIRED_11, 1, 0, 0, "Public key for retired key 11", 0, 0, get_puoa, 14}, + {PIV_PUBK_OBJ_RETIRED_12, 1, 0, 0, "Public key for retired key 12", 0, 0, get_puoa, 15}, + {PIV_PUBK_OBJ_RETIRED_13, 1, 0, 0, "Public key for retired key 13", 0, 0, get_puoa, 16}, + {PIV_PUBK_OBJ_RETIRED_14, 1, 0, 0, "Public key for retired key 14", 0, 0, get_puoa, 17}, + {PIV_PUBK_OBJ_RETIRED_15, 1, 0, 0, "Public key for retired key 15", 0, 0, get_puoa, 18}, + {PIV_PUBK_OBJ_RETIRED_16, 1, 0, 0, "Public key for retired key 16", 0, 0, get_puoa, 19}, + {PIV_PUBK_OBJ_RETIRED_17, 1, 0, 0, "Public key for retired key 17", 0, 0, get_puoa, 20}, + {PIV_PUBK_OBJ_RETIRED_18, 1, 0, 0, "Public key for retired key 18", 0, 0, get_puoa, 21}, + {PIV_PUBK_OBJ_RETIRED_19, 1, 0, 0, "Public key for retired key 19", 0, 0, get_puoa, 22}, + {PIV_PUBK_OBJ_RETIRED_20, 1, 0, 0, "Public key for retired key 20", 0, 0, get_puoa, 23}, + {PIV_PUBK_OBJ_LAST, 1, 0, 0, "", 0, 0, NULL, 24} }; static piv_data_obj_t data_objects[] = { @@ -119,6 +179,26 @@ static piv_data_obj_t data_objects[] = { }; static piv_cert_obj_t cert_objects[] = { + {NULL}, + {NULL}, + {NULL}, + {NULL}, + {NULL}, + {NULL}, + {NULL}, + {NULL}, + {NULL}, + {NULL}, + {NULL}, + {NULL}, + {NULL}, + {NULL}, + {NULL}, + {NULL}, + {NULL}, + {NULL}, + {NULL}, + {NULL}, {NULL}, {NULL}, {NULL}, @@ -131,10 +211,50 @@ static piv_pvtk_obj_t pvtkey_objects[] = { {1, 1, 0, 0, 0}, {1, 1, 0, 0, 0}, {1, 1, 0, 0, 1}, + {1, 1, 0, 0, 0}, + {1, 1, 0, 0, 0}, + {1, 1, 0, 0, 0}, + {1, 1, 0, 0, 0}, + {1, 1, 0, 0, 0}, + {1, 1, 0, 0, 0}, + {1, 1, 0, 0, 0}, + {1, 1, 0, 0, 0}, + {1, 1, 0, 0, 0}, + {1, 1, 0, 0, 0}, + {1, 1, 0, 0, 0}, + {1, 1, 0, 0, 0}, + {1, 1, 0, 0, 0}, + {1, 1, 0, 0, 0}, + {1, 1, 0, 0, 0}, + {1, 1, 0, 0, 0}, + {1, 1, 0, 0, 0}, + {1, 1, 0, 0, 0}, + {1, 1, 0, 0, 0}, + {1, 1, 0, 0, 0}, {1, 1, 0, 0, 0} }; static piv_pubk_obj_t pubkey_objects[] = { + {NULL, 1, 1, 0, 0}, + {NULL, 1, 1, 0, 0}, + {NULL, 1, 1, 0, 0}, + {NULL, 1, 1, 0, 0}, + {NULL, 1, 1, 0, 0}, + {NULL, 1, 1, 0, 0}, + {NULL, 1, 1, 0, 0}, + {NULL, 1, 1, 0, 0}, + {NULL, 1, 1, 0, 0}, + {NULL, 1, 1, 0, 0}, + {NULL, 1, 1, 0, 0}, + {NULL, 1, 1, 0, 0}, + {NULL, 1, 1, 0, 0}, + {NULL, 1, 1, 0, 0}, + {NULL, 1, 1, 0, 0}, + {NULL, 1, 1, 0, 0}, + {NULL, 1, 1, 0, 0}, + {NULL, 1, 1, 0, 0}, + {NULL, 1, 1, 0, 0}, + {NULL, 1, 1, 0, 0}, {NULL, 1, 1, 0, 0}, {NULL, 1, 1, 0, 0}, {NULL, 1, 1, 0, 0},