Add retired key definitions to libykpiv.
Include retired keys in import_key's check.
This commit is contained in:
+4
-4
@@ -808,10 +808,10 @@ ykpiv_rc ykpiv_import_private_key(ykpiv_state *state, const unsigned char key, u
|
|||||||
if (state == NULL)
|
if (state == NULL)
|
||||||
return YKPIV_GENERIC_ERROR;
|
return YKPIV_GENERIC_ERROR;
|
||||||
|
|
||||||
if (key != YKPIV_KEY_AUTHENTICATION &&
|
if (key == YKPIV_KEY_CARDMGM ||
|
||||||
key != YKPIV_KEY_SIGNATURE &&
|
key < YKPIV_KEY_RETIRED1 ||
|
||||||
key != YKPIV_KEY_KEYMGM &&
|
(key > YKPIV_KEY_RETIRED20 && key < YKPIV_KEY_AUTHENTICATION) ||
|
||||||
key != YKPIV_KEY_CARDAUTH) {
|
key > YKPIV_KEY_CARDAUTH) {
|
||||||
return YKPIV_KEY_ERROR;
|
return YKPIV_KEY_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
+20
@@ -111,6 +111,26 @@ extern "C"
|
|||||||
#define YKPIV_KEY_SIGNATURE 0x9c
|
#define YKPIV_KEY_SIGNATURE 0x9c
|
||||||
#define YKPIV_KEY_KEYMGM 0x9d
|
#define YKPIV_KEY_KEYMGM 0x9d
|
||||||
#define YKPIV_KEY_CARDAUTH 0x9e
|
#define YKPIV_KEY_CARDAUTH 0x9e
|
||||||
|
#define YKPIV_KEY_RETIRED1 0x82
|
||||||
|
#define YKPIV_KEY_RETIRED2 0x83
|
||||||
|
#define YKPIV_KEY_RETIRED3 0x84
|
||||||
|
#define YKPIV_KEY_RETIRED4 0x85
|
||||||
|
#define YKPIV_KEY_RETIRED5 0x86
|
||||||
|
#define YKPIV_KEY_RETIRED6 0x87
|
||||||
|
#define YKPIV_KEY_RETIRED7 0x88
|
||||||
|
#define YKPIV_KEY_RETIRED8 0x89
|
||||||
|
#define YKPIV_KEY_RETIRED9 0x8a
|
||||||
|
#define YKPIV_KEY_RETIRED10 0x8b
|
||||||
|
#define YKPIV_KEY_RETIRED11 0x8c
|
||||||
|
#define YKPIV_KEY_RETIRED12 0x8d
|
||||||
|
#define YKPIV_KEY_RETIRED13 0x8e
|
||||||
|
#define YKPIV_KEY_RETIRED14 0x8f
|
||||||
|
#define YKPIV_KEY_RETIRED15 0x90
|
||||||
|
#define YKPIV_KEY_RETIRED16 0x91
|
||||||
|
#define YKPIV_KEY_RETIRED17 0x92
|
||||||
|
#define YKPIV_KEY_RETIRED18 0x93
|
||||||
|
#define YKPIV_KEY_RETIRED19 0x94
|
||||||
|
#define YKPIV_KEY_RETIRED20 0x95
|
||||||
|
|
||||||
#define YKPIV_OBJ_CAPABILITY 0x5fc107
|
#define YKPIV_OBJ_CAPABILITY 0x5fc107
|
||||||
#define YKPIV_OBJ_CHUID 0x5fc102
|
#define YKPIV_OBJ_CHUID 0x5fc102
|
||||||
|
|||||||
@@ -445,7 +445,6 @@ static bool import_key(ykpiv_state *state, enum enum_key_format key_format,
|
|||||||
goto import_out;
|
goto import_out;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = true;
|
|
||||||
rc = ykpiv_import_private_key(state, key, algorithm,
|
rc = ykpiv_import_private_key(state, key, algorithm,
|
||||||
NULL, 0,
|
NULL, 0,
|
||||||
NULL, 0,
|
NULL, 0,
|
||||||
@@ -456,6 +455,7 @@ static bool import_key(ykpiv_state *state, enum enum_key_format key_format,
|
|||||||
pp, tp);
|
pp, tp);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ret = true;
|
||||||
if(rc != YKPIV_OK) {
|
if(rc != YKPIV_OK) {
|
||||||
ret = false;
|
ret = false;
|
||||||
}
|
}
|
||||||
@@ -1822,6 +1822,7 @@ int main(int argc, char *argv[]) {
|
|||||||
case action_arg_importMINUS_key:
|
case action_arg_importMINUS_key:
|
||||||
if(import_key(state, args_info.key_format_arg, args_info.input_arg, args_info.slot_orig, args_info.password_arg,
|
if(import_key(state, args_info.key_format_arg, args_info.input_arg, args_info.slot_orig, args_info.password_arg,
|
||||||
args_info.pin_policy_arg, args_info.touch_policy_arg) == false) {
|
args_info.pin_policy_arg, args_info.touch_policy_arg) == false) {
|
||||||
|
fprintf(stderr, "Unable to import private key\n");
|
||||||
ret = EXIT_FAILURE;
|
ret = EXIT_FAILURE;
|
||||||
} else {
|
} else {
|
||||||
fprintf(stderr, "Successfully imported a new private key.\n");
|
fprintf(stderr, "Successfully imported a new private key.\n");
|
||||||
|
|||||||
Reference in New Issue
Block a user