add touch for set-mgm-key
This commit is contained in:
+4
-4
@@ -24,7 +24,7 @@
|
||||
# non-source form of such a combination shall include the source code
|
||||
# for the parts of OpenSSL used as well as that of the covered work.
|
||||
|
||||
AC_INIT([yubico-piv-tool], [1.0.1])
|
||||
AC_INIT([yubico-piv-tool], [1.1.0])
|
||||
AC_CONFIG_AUX_DIR([build-aux])
|
||||
AC_CONFIG_MACRO_DIR([m4])
|
||||
|
||||
@@ -32,9 +32,9 @@ AC_CONFIG_MACRO_DIR([m4])
|
||||
# Interfaces changed/added/removed: CURRENT++ REVISION=0
|
||||
# Interfaces added: AGE++
|
||||
# Interfaces removed: AGE=0
|
||||
AC_SUBST([LT_CURRENT], 1)
|
||||
AC_SUBST([LT_REVISION], 6)
|
||||
AC_SUBST([LT_AGE], 0)
|
||||
AC_SUBST([LT_CURRENT], 2)
|
||||
AC_SUBST([LT_REVISION], 0)
|
||||
AC_SUBST([LT_AGE], 1)
|
||||
|
||||
AM_INIT_AUTOMAKE([-Wall -Werror foreign])
|
||||
AM_SILENT_RULES([yes])
|
||||
|
||||
+11
-1
@@ -427,6 +427,10 @@ ykpiv_rc ykpiv_authenticate(ykpiv_state *state, unsigned const char *key) {
|
||||
}
|
||||
|
||||
ykpiv_rc ykpiv_set_mgmkey(ykpiv_state *state, const unsigned char *new_key) {
|
||||
return ykpiv_set_mgmkey2(state, new_key, 0);
|
||||
}
|
||||
|
||||
ykpiv_rc ykpiv_set_mgmkey2(ykpiv_state *state, const unsigned char *new_key, const unsigned char touch) {
|
||||
APDU apdu;
|
||||
unsigned char data[0xff];
|
||||
unsigned long recv_len = sizeof(data);
|
||||
@@ -453,7 +457,13 @@ ykpiv_rc ykpiv_set_mgmkey(ykpiv_state *state, const unsigned char *new_key) {
|
||||
memset(apdu.raw, 0, sizeof(apdu));
|
||||
apdu.st.ins = YKPIV_INS_SET_MGMKEY;
|
||||
apdu.st.p1 = 0xff;
|
||||
apdu.st.p2 = 0xff;
|
||||
if(touch == 0) {
|
||||
apdu.st.p2 = 0xff;
|
||||
} else if(touch == 1) {
|
||||
apdu.st.p2 = 0xfe;
|
||||
} else {
|
||||
return YKPIV_GENERIC_ERROR;
|
||||
}
|
||||
apdu.st.lc = DES_KEY_SZ * 3 + 3;
|
||||
apdu.st.data[0] = YKPIV_ALGO_3DES;
|
||||
apdu.st.data[1] = YKPIV_KEY_CARDMGM;
|
||||
|
||||
@@ -70,6 +70,8 @@ extern "C"
|
||||
unsigned char *out_data, unsigned long *out_len, int *sw);
|
||||
ykpiv_rc ykpiv_authenticate(ykpiv_state *state, const unsigned char *key);
|
||||
ykpiv_rc ykpiv_set_mgmkey(ykpiv_state *state, const unsigned char *new_key);
|
||||
ykpiv_rc ykpiv_set_mgmkey2(ykpiv_state *state, const unsigned char *new_key,
|
||||
const unsigned char touch);
|
||||
ykpiv_rc ykpiv_hex_decode(const char *hex_in, size_t in_len,
|
||||
unsigned char *hex_out, size_t *out_len);
|
||||
ykpiv_rc ykpiv_sign_data(ykpiv_state *state, const unsigned char *sign_in,
|
||||
|
||||
@@ -53,3 +53,9 @@ YKPIV_0.2.0
|
||||
global:
|
||||
ykpiv_decipher_data;
|
||||
} YKPIV_0.1.0;
|
||||
|
||||
YKPIV_1.1.0
|
||||
{
|
||||
global:
|
||||
ykpiv_set_mgmkey2;
|
||||
} YKPIV_0.1.0;
|
||||
|
||||
+1
-1
@@ -59,4 +59,4 @@ option "pin" P "Pin/puk code for verification" string optional
|
||||
option "new-pin" N "New pin/puk code for changing" string optional dependon="pin"
|
||||
option "sign" - "Sign data" flag off hidden
|
||||
option "pin-policy" - "Set pin policy for action generate or import-key" values="never","once","always" enum optional
|
||||
option "touch-policy" - "Set touch policy for action generate or import-key" values="never","always" enum optional
|
||||
option "touch-policy" - "Set touch policy for action generatem, import-key or set-mgm-key" values="never","always" enum optional
|
||||
|
||||
@@ -1699,7 +1699,7 @@ int main(int argc, char *argv[]) {
|
||||
if(ykpiv_hex_decode(args_info.new_key_arg, strlen(args_info.new_key_arg), new_key, &new_key_len) != YKPIV_OK) {
|
||||
fprintf(stderr, "Failed decoding new key!\n");
|
||||
ret = EXIT_FAILURE;
|
||||
} else if(ykpiv_set_mgmkey(state, new_key) != YKPIV_OK) {
|
||||
} else if(ykpiv_set_mgmkey2(state, new_key, args_info.touch_policy_arg == touch_policy_arg_always ? 1 : 0) != YKPIV_OK) {
|
||||
fprintf(stderr, "Failed setting the new key!\n");
|
||||
ret = EXIT_FAILURE;
|
||||
} else {
|
||||
|
||||
Reference in New Issue
Block a user