Start adding retired keys to ykcs11.

This commit is contained in:
Alessio Di Mauro
2015-11-20 17:39:33 +01:00
parent 4849e494be
commit 11a7d11e48
2 changed files with 237 additions and 82 deletions
+151 -31
View File
@@ -24,34 +24,34 @@ static piv_obj_t piv_objects[] = {
{PIV_DATA_OBJ_X509_CARD_AUTH, 1, 0, 0, "X.509 Certificate for Card Authentication", 0, 0, get_doa, 1},
{PIV_DATA_OBJ_X509_DS, 1, 0, 0, "X.509 Certificate for Digital Signature", 0, 0, get_doa, 2},
{PIV_DATA_OBJ_X509_KM, 1, 0, 0, "X.509 Certificate for Key Management", 0, 0, get_doa, 3},
{PIV_DATA_OBJ_CCC, 1, 0, 0, "Card Capability Container", 0, 0, get_doa, 4},
{PIV_DATA_OBJ_CHUI, 1, 0, 0, "Card Holder Unique Identifier", 0, 0, get_doa, 5},
{PIV_DATA_OBJ_CHF, 1, 1, 0, "Card Holder Fingerprints", 0, 0, get_doa, 6},
{PIV_DATA_OBJ_SEC_OBJ, 1, 0, 0, "Security Object", 0, 0, get_doa, 7},
{PIV_DATA_OBJ_CHFI, 1, 1, 0, "Cardholder Facial Images", 0, 0, get_doa, 8},
{PIV_DATA_OBJ_PI, 1, 1, 0, "Printed Information", 0, 0, get_doa, 9},
{PIV_DATA_OBJ_DISCOVERY, 1, 0, 0, "Discovery Object", 0, 0, get_doa, 10},
{PIV_DATA_OBJ_HISTORY, 1, 0, 0, "Key History Object", 0, 0, get_doa, 11},
{PIV_DATA_OBJ_RETIRED_X509_1, 1, 0, 0, "Retired X.509 Certificate for Key Management 1", 0, 0, get_doa, 12},
{PIV_DATA_OBJ_RETIRED_X509_2, 1, 0, 0, "Retired X.509 Certificate for Key Management 2", 0, 0, get_doa, 13},
{PIV_DATA_OBJ_RETIRED_X509_3, 1, 0, 0, "Retired X.509 Certificate for Key Management 3", 0, 0, get_doa, 14},
{PIV_DATA_OBJ_RETIRED_X509_4, 1, 0, 0, "Retired X.509 Certificate for Key Management 4", 0, 0, get_doa, 15},
{PIV_DATA_OBJ_RETIRED_X509_5, 1, 0, 0, "Retired X.509 Certificate for Key Management 5", 0, 0, get_doa, 16},
{PIV_DATA_OBJ_RETIRED_X509_6, 1, 0, 0, "Retired X.509 Certificate for Key Management 6", 0, 0, get_doa, 17},
{PIV_DATA_OBJ_RETIRED_X509_7, 1, 0, 0, "Retired X.509 Certificate for Key Management 7", 0, 0, get_doa, 18},
{PIV_DATA_OBJ_RETIRED_X509_8, 1, 0, 0, "Retired X.509 Certificate for Key Management 8", 0, 0, get_doa, 19},
{PIV_DATA_OBJ_RETIRED_X509_9, 1, 0, 0, "Retired X.509 Certificate for Key Management 9", 0, 0, get_doa, 20},
{PIV_DATA_OBJ_RETIRED_X509_10, 1, 0, 0, "Retired X.509 Certificate for Key Management 10", 0, 0, get_doa, 21},
{PIV_DATA_OBJ_RETIRED_X509_11, 1, 0, 0, "Retired X.509 Certificate for Key Management 11", 0, 0, get_doa, 22},
{PIV_DATA_OBJ_RETIRED_X509_12, 1, 0, 0, "Retired X.509 Certificate for Key Management 12", 0, 0, get_doa, 23},
{PIV_DATA_OBJ_RETIRED_X509_13, 1, 0, 0, "Retired X.509 Certificate for Key Management 13", 0, 0, get_doa, 24},
{PIV_DATA_OBJ_RETIRED_X509_14, 1, 0, 0, "Retired X.509 Certificate for Key Management 14", 0, 0, get_doa, 25},
{PIV_DATA_OBJ_RETIRED_X509_15, 1, 0, 0, "Retired X.509 Certificate for Key Management 15", 0, 0, get_doa, 26},
{PIV_DATA_OBJ_RETIRED_X509_16, 1, 0, 0, "Retired X.509 Certificate for Key Management 16", 0, 0, get_doa, 27},
{PIV_DATA_OBJ_RETIRED_X509_17, 1, 0, 0, "Retired X.509 Certificate for Key Management 17", 0, 0, get_doa, 28},
{PIV_DATA_OBJ_RETIRED_X509_18, 1, 0, 0, "Retired X.509 Certificate for Key Management 18", 0, 0, get_doa, 29},
{PIV_DATA_OBJ_RETIRED_X509_19, 1, 0, 0, "Retired X.509 Certificate for Key Management 19", 0, 0, get_doa, 30},
{PIV_DATA_OBJ_RETIRED_X509_20, 1, 0, 0, "Retired X.509 Certificate for Key Management 20", 0, 0, get_doa, 31},
{PIV_DATA_OBJ_X509_RETIRED_1, 1, 0, 0, "X.509 Certificate for retired key 1", 0, 0, get_doa, 4},
{PIV_DATA_OBJ_X509_RETIRED_2, 1, 0, 0, "X.509 Certificate for retired key 2", 0, 0, get_doa, 5},
{PIV_DATA_OBJ_X509_RETIRED_3, 1, 0, 0, "X.509 Certificate for retired key 3", 0, 0, get_doa, 6},
{PIV_DATA_OBJ_X509_RETIRED_4, 1, 0, 0, "X.509 Certificate for retired key 4", 0, 0, get_doa, 7},
{PIV_DATA_OBJ_X509_RETIRED_5, 1, 0, 0, "X.509 Certificate for retired key 5", 0, 0, get_doa, 8},
{PIV_DATA_OBJ_X509_RETIRED_6, 1, 0, 0, "X.509 Certificate for retired key 6", 0, 0, get_doa, 9},
{PIV_DATA_OBJ_X509_RETIRED_7, 1, 0, 0, "X.509 Certificate for retired key 7", 0, 0, get_doa, 10},
{PIV_DATA_OBJ_X509_RETIRED_8, 1, 0, 0, "X.509 Certificate for retired key 8", 0, 0, get_doa, 11},
{PIV_DATA_OBJ_X509_RETIRED_9, 1, 0, 0, "X.509 Certificate for retired key 9", 0, 0, get_doa, 12},
{PIV_DATA_OBJ_X509_RETIRED_10, 1, 0, 0, "X.509 Certificate for retired key 10", 0, 0, get_doa, 13},
{PIV_DATA_OBJ_X509_RETIRED_11, 1, 0, 0, "X.509 Certificate for retired key 11", 0, 0, get_doa, 14},
{PIV_DATA_OBJ_X509_RETIRED_12, 1, 0, 0, "X.509 Certificate for retired key 12", 0, 0, get_doa, 15},
{PIV_DATA_OBJ_X509_RETIRED_13, 1, 0, 0, "X.509 Certificate for retired key 13", 0, 0, get_doa, 16},
{PIV_DATA_OBJ_X509_RETIRED_14, 1, 0, 0, "X.509 Certificate for retired key 14", 0, 0, get_doa, 17},
{PIV_DATA_OBJ_X509_RETIRED_15, 1, 0, 0, "X.509 Certificate for retired key 15", 0, 0, get_doa, 18},
{PIV_DATA_OBJ_X509_RETIRED_16, 1, 0, 0, "X.509 Certificate for retired key 16", 0, 0, get_doa, 19},
{PIV_DATA_OBJ_X509_RETIRED_17, 1, 0, 0, "X.509 Certificate for retired key 17", 0, 0, get_doa, 20},
{PIV_DATA_OBJ_X509_RETIRED_18, 1, 0, 0, "X.509 Certificate for retired key 18", 0, 0, get_doa, 21},
{PIV_DATA_OBJ_X509_RETIRED_19, 1, 0, 0, "X.509 Certificate for retired key 19", 0, 0, get_doa, 22},
{PIV_DATA_OBJ_X509_RETIRED_20, 1, 0, 0, "X.509 Certificate for retired key 20", 0, 0, get_doa, 23},
{PIV_DATA_OBJ_CCC, 1, 0, 0, "Card Capability Container", 0, 0, get_doa, 24},
{PIV_DATA_OBJ_CHUI, 1, 0, 0, "Card Holder Unique Identifier", 0, 0, get_doa, 25},
{PIV_DATA_OBJ_CHF, 1, 1, 0, "Card Holder Fingerprints", 0, 0, get_doa, 26},
{PIV_DATA_OBJ_SEC_OBJ, 1, 0, 0, "Security Object", 0, 0, get_doa, 27},
{PIV_DATA_OBJ_CHFI, 1, 1, 0, "Cardholder Facial Images", 0, 0, get_doa, 28},
{PIV_DATA_OBJ_PI, 1, 1, 0, "Printed Information", 0, 0, get_doa, 29},
{PIV_DATA_OBJ_DISCOVERY, 1, 0, 0, "Discovery Object", 0, 0, get_doa, 30},
{PIV_DATA_OBJ_HISTORY, 1, 0, 0, "Key History Object", 0, 0, get_doa, 31},
{PIV_DATA_OBJ_IRIS_IMAGE, 1, 1, 0, "Cardholder Iris Images", 0, 0, get_doa, 32},
{PIV_DATA_OBJ_BITGT, 1, 0, 0, "Biometric Information Templates Group Template", 0, 0, get_doa, 33},
{PIV_DATA_OBJ_SM_SIGNER, 1, 0, 0, "Secure Messaging Certificate Signer", 0, 0, get_doa, 34},
@@ -62,19 +62,79 @@ static piv_obj_t piv_objects[] = {
{PIV_CERT_OBJ_X509_CARD_AUTH, 1, 0, 0, "X.509 Certificate for Card Authentication", 0, 0, get_coa, 1},
{PIV_CERT_OBJ_X509_DS, 1, 0, 0, "X.509 Certificate for Digital Signature", 0, 0, get_coa, 2},
{PIV_CERT_OBJ_X509_KM, 1, 0, 0, "X.509 Certificate for Key Management", 0, 0, get_coa, 3},
{PIV_CERT_OBJ_LAST, 1, 0, 0, "", 0, 0, NULL, 4},
{PIV_CERT_OBJ_X509_RETIRED_1, 1, 0, 0, "X.509 Certificate for retired key 1", 0, 0, get_coa, 4},
{PIV_CERT_OBJ_X509_RETIRED_2, 1, 0, 0, "X.509 Certificate for retired key 2", 0, 0, get_coa, 5},
{PIV_CERT_OBJ_X509_RETIRED_3, 1, 0, 0, "X.509 Certificate for retired key 3", 0, 0, get_coa, 6},
{PIV_CERT_OBJ_X509_RETIRED_4, 1, 0, 0, "X.509 Certificate for retired key 4", 0, 0, get_coa, 7},
{PIV_CERT_OBJ_X509_RETIRED_5, 1, 0, 0, "X.509 Certificate for retired key 5", 0, 0, get_coa, 8},
{PIV_CERT_OBJ_X509_RETIRED_6, 1, 0, 0, "X.509 Certificate for retired key 6", 0, 0, get_coa, 9},
{PIV_CERT_OBJ_X509_RETIRED_7, 1, 0, 0, "X.509 Certificate for retired key 7", 0, 0, get_coa, 10},
{PIV_CERT_OBJ_X509_RETIRED_8, 1, 0, 0, "X.509 Certificate for retired key 8", 0, 0, get_coa, 11},
{PIV_CERT_OBJ_X509_RETIRED_9, 1, 0, 0, "X.509 Certificate for retired key 9", 0, 0, get_coa, 12},
{PIV_CERT_OBJ_X509_RETIRED_10, 1, 0, 0, "X.509 Certificate for retired key 10", 0, 0, get_coa, 13},
{PIV_CERT_OBJ_X509_RETIRED_11, 1, 0, 0, "X.509 Certificate for retired key 11", 0, 0, get_coa, 14},
{PIV_CERT_OBJ_X509_RETIRED_12, 1, 0, 0, "X.509 Certificate for retired key 12", 0, 0, get_coa, 15},
{PIV_CERT_OBJ_X509_RETIRED_13, 1, 0, 0, "X.509 Certificate for retired key 13", 0, 0, get_coa, 16},
{PIV_CERT_OBJ_X509_RETIRED_14, 1, 0, 0, "X.509 Certificate for retired key 14", 0, 0, get_coa, 17},
{PIV_CERT_OBJ_X509_RETIRED_15, 1, 0, 0, "X.509 Certificate for retired key 15", 0, 0, get_coa, 18},
{PIV_CERT_OBJ_X509_RETIRED_16, 1, 0, 0, "X.509 Certificate for retired key 16", 0, 0, get_coa, 19},
{PIV_CERT_OBJ_X509_RETIRED_17, 1, 0, 0, "X.509 Certificate for retired key 17", 0, 0, get_coa, 20},
{PIV_CERT_OBJ_X509_RETIRED_18, 1, 0, 0, "X.509 Certificate for retired key 18", 0, 0, get_coa, 21},
{PIV_CERT_OBJ_X509_RETIRED_19, 1, 0, 0, "X.509 Certificate for retired key 19", 0, 0, get_coa, 22},
{PIV_CERT_OBJ_X509_RETIRED_20, 1, 0, 0, "X.509 Certificate for retired key 20", 0, 0, get_coa, 23},
{PIV_CERT_OBJ_LAST, 1, 0, 0, "", 0, 0, NULL, 24},
{PIV_PVTK_OBJ_PIV_AUTH, 1, 1, 0, "Private key for PIV Authentication", 0, 0, get_proa, 0}, // 9a
{PIV_PVTK_OBJ_CARD_AUTH, 1, 0, 0, "Private key for Card Authentication", 0, 0, get_proa, 1}, // 9e
{PIV_PVTK_OBJ_DS, 1, 1, 0, "Private key for Digital Signature", 0, 0, get_proa, 2}, // 9c
{PIV_PVTK_OBJ_KM, 1, 1, 0, "Private key for Key Management", 0, 0, get_proa, 3}, // 9d
{PIV_PVTK_OBJ_LAST, 1, 0, 0, "", 0, 0, NULL, 4},
{PIV_PVTK_OBJ_RETIRED_1, 1, 1, 0, "Private key for retired key 1", 0, 0, get_proa, 4},
{PIV_PVTK_OBJ_RETIRED_2, 1, 1, 0, "Private key for retired key 2", 0, 0, get_proa, 5},
{PIV_PVTK_OBJ_RETIRED_3, 1, 1, 0, "Private key for retired key 3", 0, 0, get_proa, 6},
{PIV_PVTK_OBJ_RETIRED_4, 1, 1, 0, "Private key for retired key 4", 0, 0, get_proa, 7},
{PIV_PVTK_OBJ_RETIRED_5, 1, 1, 0, "Private key for retired key 5", 0, 0, get_proa, 8},
{PIV_PVTK_OBJ_RETIRED_6, 1, 1, 0, "Private key for retired key 6", 0, 0, get_proa, 9},
{PIV_PVTK_OBJ_RETIRED_7, 1, 1, 0, "Private key for retired key 7", 0, 0, get_proa, 10},
{PIV_PVTK_OBJ_RETIRED_8, 1, 1, 0, "Private key for retired key 8", 0, 0, get_proa, 11},
{PIV_PVTK_OBJ_RETIRED_9, 1, 1, 0, "Private key for retired key 9", 0, 0, get_proa, 12},
{PIV_PVTK_OBJ_RETIRED_10, 1, 1, 0, "Private key for retired key 10", 0, 0, get_proa, 13},
{PIV_PVTK_OBJ_RETIRED_11, 1, 1, 0, "Private key for retired key 11", 0, 0, get_proa, 14},
{PIV_PVTK_OBJ_RETIRED_12, 1, 1, 0, "Private key for retired key 12", 0, 0, get_proa, 15},
{PIV_PVTK_OBJ_RETIRED_13, 1, 1, 0, "Private key for retired key 13", 0, 0, get_proa, 16},
{PIV_PVTK_OBJ_RETIRED_14, 1, 1, 0, "Private key for retired key 14", 0, 0, get_proa, 17},
{PIV_PVTK_OBJ_RETIRED_15, 1, 1, 0, "Private key for retired key 15", 0, 0, get_proa, 18},
{PIV_PVTK_OBJ_RETIRED_16, 1, 1, 0, "Private key for retired key 16", 0, 0, get_proa, 19},
{PIV_PVTK_OBJ_RETIRED_17, 1, 1, 0, "Private key for retired key 17", 0, 0, get_proa, 20},
{PIV_PVTK_OBJ_RETIRED_18, 1, 1, 0, "Private key for retired key 18", 0, 0, get_proa, 21},
{PIV_PVTK_OBJ_RETIRED_19, 1, 1, 0, "Private key for retired key 19", 0, 0, get_proa, 22},
{PIV_PVTK_OBJ_RETIRED_20, 1, 1, 0, "Private key for retired key 20", 0, 0, get_proa, 23},
{PIV_PVTK_OBJ_LAST, 1, 0, 0, "", 0, 0, NULL, 24},
{PIV_PUBK_OBJ_PIV_AUTH, 1, 0, 0, "Public key for PIV Authentication", 0, 0, get_puoa, 0},
{PIV_PUBK_OBJ_CARD_AUTH, 1, 0, 0, "Public key for Card Authentication", 0, 0, get_puoa, 1},
{PIV_PUBK_OBJ_DS, 1, 0, 0, "Public key for Digital Signature", 0, 0, get_puoa, 2},
{PIV_PUBK_OBJ_KM, 1, 0, 0, "Public key for Key Management", 0, 0, get_puoa, 3},
{PIV_PUBK_OBJ_LAST, 1, 0, 0, "", 0, 0, NULL, 4}
{PIV_PUBK_OBJ_RETIRED_1, 1, 0, 0, "Public key for retired key 1", 0, 0, get_puoa, 4},
{PIV_PUBK_OBJ_RETIRED_2, 1, 0, 0, "Public key for retired key 2", 0, 0, get_puoa, 5},
{PIV_PUBK_OBJ_RETIRED_3, 1, 0, 0, "Public key for retired key 3", 0, 0, get_puoa, 6},
{PIV_PUBK_OBJ_RETIRED_4, 1, 0, 0, "Public key for retired key 4", 0, 0, get_puoa, 7},
{PIV_PUBK_OBJ_RETIRED_5, 1, 0, 0, "Public key for retired key 5", 0, 0, get_puoa, 8},
{PIV_PUBK_OBJ_RETIRED_6, 1, 0, 0, "Public key for retired key 6", 0, 0, get_puoa, 9},
{PIV_PUBK_OBJ_RETIRED_7, 1, 0, 0, "Public key for retired key 7", 0, 0, get_puoa, 10},
{PIV_PUBK_OBJ_RETIRED_8, 1, 0, 0, "Public key for retired key 8", 0, 0, get_puoa, 11},
{PIV_PUBK_OBJ_RETIRED_9, 1, 0, 0, "Public key for retired key 9", 0, 0, get_puoa, 12},
{PIV_PUBK_OBJ_RETIRED_10, 1, 0, 0, "Public key for retired key 10", 0, 0, get_puoa, 13},
{PIV_PUBK_OBJ_RETIRED_11, 1, 0, 0, "Public key for retired key 11", 0, 0, get_puoa, 14},
{PIV_PUBK_OBJ_RETIRED_12, 1, 0, 0, "Public key for retired key 12", 0, 0, get_puoa, 15},
{PIV_PUBK_OBJ_RETIRED_13, 1, 0, 0, "Public key for retired key 13", 0, 0, get_puoa, 16},
{PIV_PUBK_OBJ_RETIRED_14, 1, 0, 0, "Public key for retired key 14", 0, 0, get_puoa, 17},
{PIV_PUBK_OBJ_RETIRED_15, 1, 0, 0, "Public key for retired key 15", 0, 0, get_puoa, 18},
{PIV_PUBK_OBJ_RETIRED_16, 1, 0, 0, "Public key for retired key 16", 0, 0, get_puoa, 19},
{PIV_PUBK_OBJ_RETIRED_17, 1, 0, 0, "Public key for retired key 17", 0, 0, get_puoa, 20},
{PIV_PUBK_OBJ_RETIRED_18, 1, 0, 0, "Public key for retired key 18", 0, 0, get_puoa, 21},
{PIV_PUBK_OBJ_RETIRED_19, 1, 0, 0, "Public key for retired key 19", 0, 0, get_puoa, 22},
{PIV_PUBK_OBJ_RETIRED_20, 1, 0, 0, "Public key for retired key 20", 0, 0, get_puoa, 23},
{PIV_PUBK_OBJ_LAST, 1, 0, 0, "", 0, 0, NULL, 24}
};
static piv_data_obj_t data_objects[] = {
@@ -119,6 +179,26 @@ static piv_data_obj_t data_objects[] = {
};
static piv_cert_obj_t cert_objects[] = {
{NULL},
{NULL},
{NULL},
{NULL},
{NULL},
{NULL},
{NULL},
{NULL},
{NULL},
{NULL},
{NULL},
{NULL},
{NULL},
{NULL},
{NULL},
{NULL},
{NULL},
{NULL},
{NULL},
{NULL},
{NULL},
{NULL},
{NULL},
@@ -131,10 +211,50 @@ static piv_pvtk_obj_t pvtkey_objects[] = {
{1, 1, 0, 0, 0},
{1, 1, 0, 0, 0},
{1, 1, 0, 0, 1},
{1, 1, 0, 0, 0},
{1, 1, 0, 0, 0},
{1, 1, 0, 0, 0},
{1, 1, 0, 0, 0},
{1, 1, 0, 0, 0},
{1, 1, 0, 0, 0},
{1, 1, 0, 0, 0},
{1, 1, 0, 0, 0},
{1, 1, 0, 0, 0},
{1, 1, 0, 0, 0},
{1, 1, 0, 0, 0},
{1, 1, 0, 0, 0},
{1, 1, 0, 0, 0},
{1, 1, 0, 0, 0},
{1, 1, 0, 0, 0},
{1, 1, 0, 0, 0},
{1, 1, 0, 0, 0},
{1, 1, 0, 0, 0},
{1, 1, 0, 0, 0},
{1, 1, 0, 0, 0},
{1, 1, 0, 0, 0}
};
static piv_pubk_obj_t pubkey_objects[] = {
{NULL, 1, 1, 0, 0},
{NULL, 1, 1, 0, 0},
{NULL, 1, 1, 0, 0},
{NULL, 1, 1, 0, 0},
{NULL, 1, 1, 0, 0},
{NULL, 1, 1, 0, 0},
{NULL, 1, 1, 0, 0},
{NULL, 1, 1, 0, 0},
{NULL, 1, 1, 0, 0},
{NULL, 1, 1, 0, 0},
{NULL, 1, 1, 0, 0},
{NULL, 1, 1, 0, 0},
{NULL, 1, 1, 0, 0},
{NULL, 1, 1, 0, 0},
{NULL, 1, 1, 0, 0},
{NULL, 1, 1, 0, 0},
{NULL, 1, 1, 0, 0},
{NULL, 1, 1, 0, 0},
{NULL, 1, 1, 0, 0},
{NULL, 1, 1, 0, 0},
{NULL, 1, 1, 0, 0},
{NULL, 1, 1, 0, 0},
{NULL, 1, 1, 0, 0},