Add syslog/windows event log output
Read multistage configuration Update ROCA mitigation check and warnings
This commit is contained in:
+64
-20
@@ -80,14 +80,10 @@
|
||||
|
||||
static ykpiv_rc _cache_pin(ykpiv_state *state, const char *pin, size_t len);
|
||||
|
||||
static ykpiv_rc _send_data(ykpiv_state *state, APDU *apdu,
|
||||
unsigned char *data, uint32_t *recv_len, int *sw);
|
||||
|
||||
unsigned const char aid[] = {
|
||||
0xa0, 0x00, 0x00, 0x03, 0x08
|
||||
};
|
||||
|
||||
|
||||
static void* _default_alloc(void *data, size_t cb) {
|
||||
(void)data;
|
||||
return calloc(cb, 1);
|
||||
@@ -241,7 +237,9 @@ ykpiv_rc _ykpiv_select_application(ykpiv_state *state) {
|
||||
unsigned char data[0xff];
|
||||
uint32_t recv_len = sizeof(data);
|
||||
int sw;
|
||||
ykpiv_rc res;
|
||||
ykpiv_rc res = YKPIV_OK;
|
||||
|
||||
_ykpiv_util_get_serial(state, NULL, false);
|
||||
|
||||
memset(apdu.raw, 0, sizeof(apdu));
|
||||
apdu.st.ins = YKPIV_INS_SELECT_APPLICATION;
|
||||
@@ -254,14 +252,15 @@ ykpiv_rc _ykpiv_select_application(ykpiv_state *state) {
|
||||
fprintf(stderr, "Failed communicating with card: '%s'\n", ykpiv_strerror(res));
|
||||
}
|
||||
return res;
|
||||
} else if(sw == SW_SUCCESS) {
|
||||
return YKPIV_OK;
|
||||
} else {
|
||||
}
|
||||
else if(sw != SW_SUCCESS) {
|
||||
if(state->verbose) {
|
||||
fprintf(stderr, "Failed selecting application: %04x\n", sw);
|
||||
}
|
||||
return YKPIV_GENERIC_ERROR;
|
||||
}
|
||||
|
||||
_ykpiv_get_version(state, NULL);
|
||||
}
|
||||
|
||||
ykpiv_rc _ykpiv_ensure_application_selected(ykpiv_state *state) {
|
||||
@@ -574,7 +573,7 @@ Cleanup:
|
||||
return res;
|
||||
}
|
||||
|
||||
static ykpiv_rc _send_data(ykpiv_state *state, APDU *apdu,
|
||||
ykpiv_rc _send_data(ykpiv_state *state, APDU *apdu,
|
||||
unsigned char *data, uint32_t *recv_len, int *sw) {
|
||||
long rc;
|
||||
unsigned int send_len = (unsigned int)apdu->st.lc + 5;
|
||||
@@ -944,32 +943,63 @@ Cleanup:
|
||||
return res;
|
||||
}
|
||||
|
||||
ykpiv_rc ykpiv_get_version(ykpiv_state *state, char *version, size_t len) {
|
||||
ykpiv_rc _ykpiv_get_version(ykpiv_state *state, ykpiv_version_t *p_version) {
|
||||
APDU apdu;
|
||||
unsigned char data[261];
|
||||
uint32_t recv_len = sizeof(data);
|
||||
int sw;
|
||||
ykpiv_rc res;
|
||||
|
||||
if (YKPIV_OK != (res = _ykpiv_begin_transaction(state))) return YKPIV_PCSC_ERROR;
|
||||
if (YKPIV_OK != (res = _ykpiv_ensure_application_selected(state))) goto Cleanup;
|
||||
if (!state) {
|
||||
return YKPIV_ARGUMENT_ERROR;
|
||||
}
|
||||
|
||||
/* get version from state if already from device */
|
||||
|
||||
if (state->ver.major || state->ver.minor || state->ver.patch) {
|
||||
if (p_version) {
|
||||
memcpy(p_version, &(state->ver), sizeof(ykpiv_version_t));
|
||||
}
|
||||
return YKPIV_OK;
|
||||
}
|
||||
|
||||
/* get version from device */
|
||||
|
||||
memset(apdu.raw, 0, sizeof(apdu));
|
||||
apdu.st.ins = YKPIV_INS_GET_VERSION;
|
||||
if((res = _send_data(state, &apdu, data, &recv_len, &sw)) != YKPIV_OK) {
|
||||
goto Cleanup;
|
||||
return res;
|
||||
} else if(sw == SW_SUCCESS) {
|
||||
int result = snprintf(version, len, "%d.%d.%d", data[0], data[1], data[2]);
|
||||
state->ver.major = data[0];
|
||||
state->ver.minor = data[1];
|
||||
state->ver.patch = data[2];
|
||||
if (p_version) {
|
||||
memcpy(p_version, &(state->ver), sizeof(ykpiv_version_t));
|
||||
}
|
||||
} else {
|
||||
res = YKPIV_GENERIC_ERROR;
|
||||
}
|
||||
|
||||
return res;
|
||||
}
|
||||
|
||||
ykpiv_rc ykpiv_get_version(ykpiv_state *state, char *version, size_t len) {
|
||||
ykpiv_rc res;
|
||||
int result = 0;
|
||||
ykpiv_version_t ver = {0};
|
||||
|
||||
if ((res = _ykpiv_begin_transaction(state)) < YKPIV_OK) return YKPIV_PCSC_ERROR;
|
||||
if ((res = _ykpiv_ensure_application_selected(state)) < YKPIV_OK) goto Cleanup;
|
||||
|
||||
if ((res = _ykpiv_get_version(state, &ver)) >= YKPIV_OK) {
|
||||
result = snprintf(version, len, "%d.%d.%d", ver.major, ver.minor, ver.patch);
|
||||
if(result < 0) {
|
||||
res = YKPIV_SIZE_ERROR;
|
||||
}
|
||||
goto Cleanup;
|
||||
} else {
|
||||
res = YKPIV_GENERIC_ERROR;
|
||||
goto Cleanup;
|
||||
}
|
||||
|
||||
Cleanup:
|
||||
|
||||
_ykpiv_end_transaction(state);
|
||||
return res;
|
||||
}
|
||||
@@ -1050,7 +1080,7 @@ ykpiv_rc ykpiv_verify(ykpiv_state *state, const char *pin, int *tries) {
|
||||
|
||||
ykpiv_rc ykpiv_verify_select(ykpiv_state *state, const char *pin, const size_t pin_len, int *tries, bool force_select) {
|
||||
ykpiv_rc res = YKPIV_OK;
|
||||
if (YKPIV_OK != (res = _ykpiv_begin_transaction(state))) goto Cleanup;
|
||||
if (YKPIV_OK != (res = _ykpiv_begin_transaction(state))) return YKPIV_PCSC_ERROR;
|
||||
if (force_select) {
|
||||
if (YKPIV_OK != (res = _ykpiv_ensure_application_selected(state))) goto Cleanup;
|
||||
}
|
||||
@@ -1454,15 +1484,18 @@ ykpiv_rc ykpiv_attest(ykpiv_state *state, const unsigned char key, unsigned char
|
||||
bool ret = false;
|
||||
unsigned char templ[] = {0, YKPIV_INS_ATTEST, key, 0};
|
||||
int sw;
|
||||
unsigned long ul_data_len;
|
||||
|
||||
if (state == NULL || data == NULL || data_len == NULL) {
|
||||
return YKPIV_ARGUMENT_ERROR;
|
||||
}
|
||||
|
||||
ul_data_len = *data_len;
|
||||
|
||||
if (YKPIV_OK != (res = _ykpiv_begin_transaction(state))) return YKPIV_PCSC_ERROR;
|
||||
if (YKPIV_OK != (res = _ykpiv_ensure_application_selected(state))) goto Cleanup;
|
||||
|
||||
if ((res = ykpiv_transfer_data(state, templ, NULL, 0, data, data_len, &sw)) != YKPIV_OK) {
|
||||
if ((res = ykpiv_transfer_data(state, templ, NULL, 0, data, &ul_data_len, &sw)) != YKPIV_OK) {
|
||||
goto Cleanup;
|
||||
}
|
||||
if (SW_SUCCESS != sw) {
|
||||
@@ -1477,6 +1510,8 @@ ykpiv_rc ykpiv_attest(ykpiv_state *state, const unsigned char key, unsigned char
|
||||
goto Cleanup;
|
||||
}
|
||||
|
||||
*data_len = (size_t)ul_data_len;
|
||||
|
||||
Cleanup:
|
||||
_ykpiv_end_transaction(state);
|
||||
return res;
|
||||
@@ -1562,3 +1597,12 @@ Cleanup:
|
||||
_ykpiv_end_transaction(state);
|
||||
return res;
|
||||
}
|
||||
|
||||
ykpiv_rc ykpiv_auth_deauthenticate(ykpiv_state *state) {
|
||||
ykpiv_rc res = YKPIV_OK;
|
||||
|
||||
if ((res = _ykpiv_begin_transaction(state)) < YKPIV_OK) return res;
|
||||
_ykpiv_util_get_serial(state, NULL, true);
|
||||
_ykpiv_end_transaction(state);
|
||||
return res;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user