Add retired key definitions to libykpiv.

Include retired keys in import_key's check.
This commit is contained in:
Alessio Di Mauro
2015-11-20 15:38:11 +01:00
parent 3b81112aeb
commit 4849e494be
3 changed files with 26 additions and 5 deletions
+4 -4
View File
@@ -808,10 +808,10 @@ ykpiv_rc ykpiv_import_private_key(ykpiv_state *state, const unsigned char key, u
if (state == NULL) if (state == NULL)
return YKPIV_GENERIC_ERROR; return YKPIV_GENERIC_ERROR;
if (key != YKPIV_KEY_AUTHENTICATION && if (key == YKPIV_KEY_CARDMGM ||
key != YKPIV_KEY_SIGNATURE && key < YKPIV_KEY_RETIRED1 ||
key != YKPIV_KEY_KEYMGM && (key > YKPIV_KEY_RETIRED20 && key < YKPIV_KEY_AUTHENTICATION) ||
key != YKPIV_KEY_CARDAUTH) { key > YKPIV_KEY_CARDAUTH) {
return YKPIV_KEY_ERROR; return YKPIV_KEY_ERROR;
} }
+20
View File
@@ -111,6 +111,26 @@ extern "C"
#define YKPIV_KEY_SIGNATURE 0x9c #define YKPIV_KEY_SIGNATURE 0x9c
#define YKPIV_KEY_KEYMGM 0x9d #define YKPIV_KEY_KEYMGM 0x9d
#define YKPIV_KEY_CARDAUTH 0x9e #define YKPIV_KEY_CARDAUTH 0x9e
#define YKPIV_KEY_RETIRED1 0x82
#define YKPIV_KEY_RETIRED2 0x83
#define YKPIV_KEY_RETIRED3 0x84
#define YKPIV_KEY_RETIRED4 0x85
#define YKPIV_KEY_RETIRED5 0x86
#define YKPIV_KEY_RETIRED6 0x87
#define YKPIV_KEY_RETIRED7 0x88
#define YKPIV_KEY_RETIRED8 0x89
#define YKPIV_KEY_RETIRED9 0x8a
#define YKPIV_KEY_RETIRED10 0x8b
#define YKPIV_KEY_RETIRED11 0x8c
#define YKPIV_KEY_RETIRED12 0x8d
#define YKPIV_KEY_RETIRED13 0x8e
#define YKPIV_KEY_RETIRED14 0x8f
#define YKPIV_KEY_RETIRED15 0x90
#define YKPIV_KEY_RETIRED16 0x91
#define YKPIV_KEY_RETIRED17 0x92
#define YKPIV_KEY_RETIRED18 0x93
#define YKPIV_KEY_RETIRED19 0x94
#define YKPIV_KEY_RETIRED20 0x95
#define YKPIV_OBJ_CAPABILITY 0x5fc107 #define YKPIV_OBJ_CAPABILITY 0x5fc107
#define YKPIV_OBJ_CHUID 0x5fc102 #define YKPIV_OBJ_CHUID 0x5fc102
+2 -1
View File
@@ -445,7 +445,6 @@ static bool import_key(ykpiv_state *state, enum enum_key_format key_format,
goto import_out; goto import_out;
} }
ret = true;
rc = ykpiv_import_private_key(state, key, algorithm, rc = ykpiv_import_private_key(state, key, algorithm,
NULL, 0, NULL, 0,
NULL, 0, NULL, 0,
@@ -456,6 +455,7 @@ static bool import_key(ykpiv_state *state, enum enum_key_format key_format,
pp, tp); pp, tp);
} }
ret = true;
if(rc != YKPIV_OK) { if(rc != YKPIV_OK) {
ret = false; ret = false;
} }
@@ -1822,6 +1822,7 @@ int main(int argc, char *argv[]) {
case action_arg_importMINUS_key: case action_arg_importMINUS_key:
if(import_key(state, args_info.key_format_arg, args_info.input_arg, args_info.slot_orig, args_info.password_arg, if(import_key(state, args_info.key_format_arg, args_info.input_arg, args_info.slot_orig, args_info.password_arg,
args_info.pin_policy_arg, args_info.touch_policy_arg) == false) { args_info.pin_policy_arg, args_info.touch_policy_arg) == false) {
fprintf(stderr, "Unable to import private key\n");
ret = EXIT_FAILURE; ret = EXIT_FAILURE;
} else { } else {
fprintf(stderr, "Successfully imported a new private key.\n"); fprintf(stderr, "Successfully imported a new private key.\n");