Add syslog/windows event log output

Read multistage configuration
Update ROCA mitigation check and warnings
This commit is contained in:
Dave Pate
2018-02-09 08:28:51 -08:00
parent 38ce95cf1c
commit 289896ac61
6 changed files with 484 additions and 45 deletions
+64 -20
View File
@@ -80,14 +80,10 @@
static ykpiv_rc _cache_pin(ykpiv_state *state, const char *pin, size_t len);
static ykpiv_rc _send_data(ykpiv_state *state, APDU *apdu,
unsigned char *data, uint32_t *recv_len, int *sw);
unsigned const char aid[] = {
0xa0, 0x00, 0x00, 0x03, 0x08
};
static void* _default_alloc(void *data, size_t cb) {
(void)data;
return calloc(cb, 1);
@@ -241,7 +237,9 @@ ykpiv_rc _ykpiv_select_application(ykpiv_state *state) {
unsigned char data[0xff];
uint32_t recv_len = sizeof(data);
int sw;
ykpiv_rc res;
ykpiv_rc res = YKPIV_OK;
_ykpiv_util_get_serial(state, NULL, false);
memset(apdu.raw, 0, sizeof(apdu));
apdu.st.ins = YKPIV_INS_SELECT_APPLICATION;
@@ -254,14 +252,15 @@ ykpiv_rc _ykpiv_select_application(ykpiv_state *state) {
fprintf(stderr, "Failed communicating with card: '%s'\n", ykpiv_strerror(res));
}
return res;
} else if(sw == SW_SUCCESS) {
return YKPIV_OK;
} else {
}
else if(sw != SW_SUCCESS) {
if(state->verbose) {
fprintf(stderr, "Failed selecting application: %04x\n", sw);
}
return YKPIV_GENERIC_ERROR;
}
_ykpiv_get_version(state, NULL);
}
ykpiv_rc _ykpiv_ensure_application_selected(ykpiv_state *state) {
@@ -574,7 +573,7 @@ Cleanup:
return res;
}
static ykpiv_rc _send_data(ykpiv_state *state, APDU *apdu,
ykpiv_rc _send_data(ykpiv_state *state, APDU *apdu,
unsigned char *data, uint32_t *recv_len, int *sw) {
long rc;
unsigned int send_len = (unsigned int)apdu->st.lc + 5;
@@ -944,32 +943,63 @@ Cleanup:
return res;
}
ykpiv_rc ykpiv_get_version(ykpiv_state *state, char *version, size_t len) {
ykpiv_rc _ykpiv_get_version(ykpiv_state *state, ykpiv_version_t *p_version) {
APDU apdu;
unsigned char data[261];
uint32_t recv_len = sizeof(data);
int sw;
ykpiv_rc res;
if (YKPIV_OK != (res = _ykpiv_begin_transaction(state))) return YKPIV_PCSC_ERROR;
if (YKPIV_OK != (res = _ykpiv_ensure_application_selected(state))) goto Cleanup;
if (!state) {
return YKPIV_ARGUMENT_ERROR;
}
/* get version from state if already from device */
if (state->ver.major || state->ver.minor || state->ver.patch) {
if (p_version) {
memcpy(p_version, &(state->ver), sizeof(ykpiv_version_t));
}
return YKPIV_OK;
}
/* get version from device */
memset(apdu.raw, 0, sizeof(apdu));
apdu.st.ins = YKPIV_INS_GET_VERSION;
if((res = _send_data(state, &apdu, data, &recv_len, &sw)) != YKPIV_OK) {
goto Cleanup;
return res;
} else if(sw == SW_SUCCESS) {
int result = snprintf(version, len, "%d.%d.%d", data[0], data[1], data[2]);
state->ver.major = data[0];
state->ver.minor = data[1];
state->ver.patch = data[2];
if (p_version) {
memcpy(p_version, &(state->ver), sizeof(ykpiv_version_t));
}
} else {
res = YKPIV_GENERIC_ERROR;
}
return res;
}
ykpiv_rc ykpiv_get_version(ykpiv_state *state, char *version, size_t len) {
ykpiv_rc res;
int result = 0;
ykpiv_version_t ver = {0};
if ((res = _ykpiv_begin_transaction(state)) < YKPIV_OK) return YKPIV_PCSC_ERROR;
if ((res = _ykpiv_ensure_application_selected(state)) < YKPIV_OK) goto Cleanup;
if ((res = _ykpiv_get_version(state, &ver)) >= YKPIV_OK) {
result = snprintf(version, len, "%d.%d.%d", ver.major, ver.minor, ver.patch);
if(result < 0) {
res = YKPIV_SIZE_ERROR;
}
goto Cleanup;
} else {
res = YKPIV_GENERIC_ERROR;
goto Cleanup;
}
Cleanup:
_ykpiv_end_transaction(state);
return res;
}
@@ -1050,7 +1080,7 @@ ykpiv_rc ykpiv_verify(ykpiv_state *state, const char *pin, int *tries) {
ykpiv_rc ykpiv_verify_select(ykpiv_state *state, const char *pin, const size_t pin_len, int *tries, bool force_select) {
ykpiv_rc res = YKPIV_OK;
if (YKPIV_OK != (res = _ykpiv_begin_transaction(state))) goto Cleanup;
if (YKPIV_OK != (res = _ykpiv_begin_transaction(state))) return YKPIV_PCSC_ERROR;
if (force_select) {
if (YKPIV_OK != (res = _ykpiv_ensure_application_selected(state))) goto Cleanup;
}
@@ -1454,15 +1484,18 @@ ykpiv_rc ykpiv_attest(ykpiv_state *state, const unsigned char key, unsigned char
bool ret = false;
unsigned char templ[] = {0, YKPIV_INS_ATTEST, key, 0};
int sw;
unsigned long ul_data_len;
if (state == NULL || data == NULL || data_len == NULL) {
return YKPIV_ARGUMENT_ERROR;
}
ul_data_len = *data_len;
if (YKPIV_OK != (res = _ykpiv_begin_transaction(state))) return YKPIV_PCSC_ERROR;
if (YKPIV_OK != (res = _ykpiv_ensure_application_selected(state))) goto Cleanup;
if ((res = ykpiv_transfer_data(state, templ, NULL, 0, data, data_len, &sw)) != YKPIV_OK) {
if ((res = ykpiv_transfer_data(state, templ, NULL, 0, data, &ul_data_len, &sw)) != YKPIV_OK) {
goto Cleanup;
}
if (SW_SUCCESS != sw) {
@@ -1477,6 +1510,8 @@ ykpiv_rc ykpiv_attest(ykpiv_state *state, const unsigned char key, unsigned char
goto Cleanup;
}
*data_len = (size_t)ul_data_len;
Cleanup:
_ykpiv_end_transaction(state);
return res;
@@ -1562,3 +1597,12 @@ Cleanup:
_ykpiv_end_transaction(state);
return res;
}
ykpiv_rc ykpiv_auth_deauthenticate(ykpiv_state *state) {
ykpiv_rc res = YKPIV_OK;
if ((res = _ykpiv_begin_transaction(state)) < YKPIV_OK) return res;
_ykpiv_util_get_serial(state, NULL, true);
_ykpiv_end_transaction(state);
return res;
}