diff --git a/lib/ykpiv.c b/lib/ykpiv.c index 427ce89..7936ee2 100644 --- a/lib/ykpiv.c +++ b/lib/ykpiv.c @@ -808,10 +808,10 @@ ykpiv_rc ykpiv_import_private_key(ykpiv_state *state, const unsigned char key, u if (state == NULL) return YKPIV_GENERIC_ERROR; - if (key != YKPIV_KEY_AUTHENTICATION && - key != YKPIV_KEY_SIGNATURE && - key != YKPIV_KEY_KEYMGM && - key != YKPIV_KEY_CARDAUTH) { + if (key == YKPIV_KEY_CARDMGM || + key < YKPIV_KEY_RETIRED1 || + (key > YKPIV_KEY_RETIRED20 && key < YKPIV_KEY_AUTHENTICATION) || + key > YKPIV_KEY_CARDAUTH) { return YKPIV_KEY_ERROR; } diff --git a/lib/ykpiv.h b/lib/ykpiv.h index 16b92a2..a868966 100644 --- a/lib/ykpiv.h +++ b/lib/ykpiv.h @@ -111,6 +111,26 @@ extern "C" #define YKPIV_KEY_SIGNATURE 0x9c #define YKPIV_KEY_KEYMGM 0x9d #define YKPIV_KEY_CARDAUTH 0x9e +#define YKPIV_KEY_RETIRED1 0x82 +#define YKPIV_KEY_RETIRED2 0x83 +#define YKPIV_KEY_RETIRED3 0x84 +#define YKPIV_KEY_RETIRED4 0x85 +#define YKPIV_KEY_RETIRED5 0x86 +#define YKPIV_KEY_RETIRED6 0x87 +#define YKPIV_KEY_RETIRED7 0x88 +#define YKPIV_KEY_RETIRED8 0x89 +#define YKPIV_KEY_RETIRED9 0x8a +#define YKPIV_KEY_RETIRED10 0x8b +#define YKPIV_KEY_RETIRED11 0x8c +#define YKPIV_KEY_RETIRED12 0x8d +#define YKPIV_KEY_RETIRED13 0x8e +#define YKPIV_KEY_RETIRED14 0x8f +#define YKPIV_KEY_RETIRED15 0x90 +#define YKPIV_KEY_RETIRED16 0x91 +#define YKPIV_KEY_RETIRED17 0x92 +#define YKPIV_KEY_RETIRED18 0x93 +#define YKPIV_KEY_RETIRED19 0x94 +#define YKPIV_KEY_RETIRED20 0x95 #define YKPIV_OBJ_CAPABILITY 0x5fc107 #define YKPIV_OBJ_CHUID 0x5fc102 diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c index 8989667..fb521b9 100644 --- a/tool/yubico-piv-tool.c +++ b/tool/yubico-piv-tool.c @@ -445,7 +445,6 @@ static bool import_key(ykpiv_state *state, enum enum_key_format key_format, goto import_out; } - ret = true; rc = ykpiv_import_private_key(state, key, algorithm, NULL, 0, NULL, 0, @@ -456,6 +455,7 @@ static bool import_key(ykpiv_state *state, enum enum_key_format key_format, pp, tp); } + ret = true; if(rc != YKPIV_OK) { ret = false; } @@ -1822,6 +1822,7 @@ int main(int argc, char *argv[]) { case action_arg_importMINUS_key: if(import_key(state, args_info.key_format_arg, args_info.input_arg, args_info.slot_orig, args_info.password_arg, args_info.pin_policy_arg, args_info.touch_policy_arg) == false) { + fprintf(stderr, "Unable to import private key\n"); ret = EXIT_FAILURE; } else { fprintf(stderr, "Successfully imported a new private key.\n");