add touch for set-mgm-key

This commit is contained in:
Klas Lindfors
2015-06-25 12:04:20 +02:00
parent ca6a355b5d
commit 600b302c1d
6 changed files with 25 additions and 7 deletions
+4 -4
View File
@@ -24,7 +24,7 @@
# non-source form of such a combination shall include the source code # non-source form of such a combination shall include the source code
# for the parts of OpenSSL used as well as that of the covered work. # for the parts of OpenSSL used as well as that of the covered work.
AC_INIT([yubico-piv-tool], [1.0.1]) AC_INIT([yubico-piv-tool], [1.1.0])
AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_MACRO_DIR([m4])
@@ -32,9 +32,9 @@ AC_CONFIG_MACRO_DIR([m4])
# Interfaces changed/added/removed: CURRENT++ REVISION=0 # Interfaces changed/added/removed: CURRENT++ REVISION=0
# Interfaces added: AGE++ # Interfaces added: AGE++
# Interfaces removed: AGE=0 # Interfaces removed: AGE=0
AC_SUBST([LT_CURRENT], 1) AC_SUBST([LT_CURRENT], 2)
AC_SUBST([LT_REVISION], 6) AC_SUBST([LT_REVISION], 0)
AC_SUBST([LT_AGE], 0) AC_SUBST([LT_AGE], 1)
AM_INIT_AUTOMAKE([-Wall -Werror foreign]) AM_INIT_AUTOMAKE([-Wall -Werror foreign])
AM_SILENT_RULES([yes]) AM_SILENT_RULES([yes])
+10
View File
@@ -427,6 +427,10 @@ ykpiv_rc ykpiv_authenticate(ykpiv_state *state, unsigned const char *key) {
} }
ykpiv_rc ykpiv_set_mgmkey(ykpiv_state *state, const unsigned char *new_key) { ykpiv_rc ykpiv_set_mgmkey(ykpiv_state *state, const unsigned char *new_key) {
return ykpiv_set_mgmkey2(state, new_key, 0);
}
ykpiv_rc ykpiv_set_mgmkey2(ykpiv_state *state, const unsigned char *new_key, const unsigned char touch) {
APDU apdu; APDU apdu;
unsigned char data[0xff]; unsigned char data[0xff];
unsigned long recv_len = sizeof(data); unsigned long recv_len = sizeof(data);
@@ -453,7 +457,13 @@ ykpiv_rc ykpiv_set_mgmkey(ykpiv_state *state, const unsigned char *new_key) {
memset(apdu.raw, 0, sizeof(apdu)); memset(apdu.raw, 0, sizeof(apdu));
apdu.st.ins = YKPIV_INS_SET_MGMKEY; apdu.st.ins = YKPIV_INS_SET_MGMKEY;
apdu.st.p1 = 0xff; apdu.st.p1 = 0xff;
if(touch == 0) {
apdu.st.p2 = 0xff; apdu.st.p2 = 0xff;
} else if(touch == 1) {
apdu.st.p2 = 0xfe;
} else {
return YKPIV_GENERIC_ERROR;
}
apdu.st.lc = DES_KEY_SZ * 3 + 3; apdu.st.lc = DES_KEY_SZ * 3 + 3;
apdu.st.data[0] = YKPIV_ALGO_3DES; apdu.st.data[0] = YKPIV_ALGO_3DES;
apdu.st.data[1] = YKPIV_KEY_CARDMGM; apdu.st.data[1] = YKPIV_KEY_CARDMGM;
+2
View File
@@ -70,6 +70,8 @@ extern "C"
unsigned char *out_data, unsigned long *out_len, int *sw); unsigned char *out_data, unsigned long *out_len, int *sw);
ykpiv_rc ykpiv_authenticate(ykpiv_state *state, const unsigned char *key); ykpiv_rc ykpiv_authenticate(ykpiv_state *state, const unsigned char *key);
ykpiv_rc ykpiv_set_mgmkey(ykpiv_state *state, const unsigned char *new_key); ykpiv_rc ykpiv_set_mgmkey(ykpiv_state *state, const unsigned char *new_key);
ykpiv_rc ykpiv_set_mgmkey2(ykpiv_state *state, const unsigned char *new_key,
const unsigned char touch);
ykpiv_rc ykpiv_hex_decode(const char *hex_in, size_t in_len, ykpiv_rc ykpiv_hex_decode(const char *hex_in, size_t in_len,
unsigned char *hex_out, size_t *out_len); unsigned char *hex_out, size_t *out_len);
ykpiv_rc ykpiv_sign_data(ykpiv_state *state, const unsigned char *sign_in, ykpiv_rc ykpiv_sign_data(ykpiv_state *state, const unsigned char *sign_in,
+6
View File
@@ -53,3 +53,9 @@ YKPIV_0.2.0
global: global:
ykpiv_decipher_data; ykpiv_decipher_data;
} YKPIV_0.1.0; } YKPIV_0.1.0;
YKPIV_1.1.0
{
global:
ykpiv_set_mgmkey2;
} YKPIV_0.1.0;
+1 -1
View File
@@ -59,4 +59,4 @@ option "pin" P "Pin/puk code for verification" string optional
option "new-pin" N "New pin/puk code for changing" string optional dependon="pin" option "new-pin" N "New pin/puk code for changing" string optional dependon="pin"
option "sign" - "Sign data" flag off hidden option "sign" - "Sign data" flag off hidden
option "pin-policy" - "Set pin policy for action generate or import-key" values="never","once","always" enum optional option "pin-policy" - "Set pin policy for action generate or import-key" values="never","once","always" enum optional
option "touch-policy" - "Set touch policy for action generate or import-key" values="never","always" enum optional option "touch-policy" - "Set touch policy for action generatem, import-key or set-mgm-key" values="never","always" enum optional
+1 -1
View File
@@ -1699,7 +1699,7 @@ int main(int argc, char *argv[]) {
if(ykpiv_hex_decode(args_info.new_key_arg, strlen(args_info.new_key_arg), new_key, &new_key_len) != YKPIV_OK) { if(ykpiv_hex_decode(args_info.new_key_arg, strlen(args_info.new_key_arg), new_key, &new_key_len) != YKPIV_OK) {
fprintf(stderr, "Failed decoding new key!\n"); fprintf(stderr, "Failed decoding new key!\n");
ret = EXIT_FAILURE; ret = EXIT_FAILURE;
} else if(ykpiv_set_mgmkey(state, new_key) != YKPIV_OK) { } else if(ykpiv_set_mgmkey2(state, new_key, args_info.touch_policy_arg == touch_policy_arg_always ? 1 : 0) != YKPIV_OK) {
fprintf(stderr, "Failed setting the new key!\n"); fprintf(stderr, "Failed setting the new key!\n");
ret = EXIT_FAILURE; ret = EXIT_FAILURE;
} else { } else {