diff --git a/lib/util.c b/lib/util.c index d0712e3..fef1b24 100644 --- a/lib/util.c +++ b/lib/util.c @@ -1245,7 +1245,7 @@ ykpiv_rc ykpiv_util_reset(ykpiv_state *state) { return YKPIV_GENERIC_ERROR; } -static int _slot2object(uint8_t slot) { +uint32_t ykpiv_util_slot_object(uint8_t slot) { int object_id = -1; switch (slot) { @@ -1283,7 +1283,7 @@ static ykpiv_rc _read_certificate(ykpiv_state *state, uint8_t slot, uint8_t *buf // TREV TODO: should this select application? ykpiv_rc res = YKPIV_OK; uint8_t *ptr = NULL; - int object_id = _slot2object(slot); + int object_id = ykpiv_util_slot_object(slot); size_t len = 0; if (-1 == object_id) return YKPIV_INVALID_OBJECT; @@ -1323,7 +1323,7 @@ static ykpiv_rc _write_certificate(ykpiv_state *state, uint8_t slot, uint8_t *da // TREV TODO: should this select application? uint8_t buf[CB_OBJ_MAX]; size_t cbBuf = sizeof(buf); - int object_id = _slot2object(slot); + int object_id = ykpiv_util_slot_object(slot); size_t offset = 0; size_t req_len = 0; diff --git a/lib/ykpiv.h b/lib/ykpiv.h index c6d8c7f..b3f80ed 100644 --- a/lib/ykpiv.h +++ b/lib/ykpiv.h @@ -492,6 +492,12 @@ extern "C" */ ykpiv_rc ykpiv_util_block_puk(ykpiv_state *state); + /** + * Object ID of given slot. + * + * @param slot key slot + */ + uint32_t ykpiv_util_slot_object(uint8_t slot); ykpiv_rc ykpiv_connect_with_card(ykpiv_state *state, uint64_t context, uint64_t card); diff --git a/tool/util.c b/tool/util.c index 3ae4119..0284ef2 100644 --- a/tool/util.c +++ b/tool/util.c @@ -300,174 +300,6 @@ int get_slot_hex(enum enum_slot slot_enum) { return slot; } -int get_object_id(enum enum_slot slot) { - int object; - - switch(slot) { - case slot_arg_9a: - object = YKPIV_OBJ_AUTHENTICATION; - break; - case slot_arg_9c: - object = YKPIV_OBJ_SIGNATURE; - break; - case slot_arg_9d: - object = YKPIV_OBJ_KEY_MANAGEMENT; - break; - case slot_arg_9e: - object = YKPIV_OBJ_CARD_AUTH; - break; - case slot_arg_82: - object = YKPIV_OBJ_RETIRED1; - break; - case slot_arg_83: - object = YKPIV_OBJ_RETIRED2; - break; - case slot_arg_84: - object = YKPIV_OBJ_RETIRED3; - break; - case slot_arg_85: - object = YKPIV_OBJ_RETIRED4; - break; - case slot_arg_86: - object = YKPIV_OBJ_RETIRED5; - break; - case slot_arg_87: - object = YKPIV_OBJ_RETIRED6; - break; - case slot_arg_88: - object = YKPIV_OBJ_RETIRED7; - break; - case slot_arg_89: - object = YKPIV_OBJ_RETIRED8; - break; - case slot_arg_8a: - object = YKPIV_OBJ_RETIRED9; - break; - case slot_arg_8b: - object = YKPIV_OBJ_RETIRED10; - break; - case slot_arg_8c: - object = YKPIV_OBJ_RETIRED11; - break; - case slot_arg_8d: - object = YKPIV_OBJ_RETIRED12; - break; - case slot_arg_8e: - object = YKPIV_OBJ_RETIRED13; - break; - case slot_arg_8f: - object = YKPIV_OBJ_RETIRED14; - break; - case slot_arg_90: - object = YKPIV_OBJ_RETIRED15; - break; - case slot_arg_91: - object = YKPIV_OBJ_RETIRED16; - break; - case slot_arg_92: - object = YKPIV_OBJ_RETIRED17; - break; - case slot_arg_93: - object = YKPIV_OBJ_RETIRED18; - break; - case slot_arg_94: - object = YKPIV_OBJ_RETIRED19; - break; - case slot_arg_95: - object = YKPIV_OBJ_RETIRED20; - break; - case slot_arg_f9: - object = YKPIV_OBJ_ATTESTATION; - break; - case slot__NULL: - default: - object = 0; - } - return object; -} - -int key_to_object_id(int key) { - int object; - - switch(key) { - case YKPIV_KEY_AUTHENTICATION: - object = YKPIV_OBJ_AUTHENTICATION; - break; - case YKPIV_KEY_CARDMGM: - object = YKPIV_OBJ_SIGNATURE; - break; - case YKPIV_KEY_KEYMGM: - object = YKPIV_OBJ_KEY_MANAGEMENT; - break; - case YKPIV_KEY_CARDAUTH: - object = YKPIV_OBJ_CARD_AUTH; - break; - case YKPIV_KEY_RETIRED1: - object = YKPIV_OBJ_RETIRED1; - break; - case YKPIV_KEY_RETIRED2: - object = YKPIV_OBJ_RETIRED2; - break; - case YKPIV_KEY_RETIRED3: - object = YKPIV_OBJ_RETIRED3; - break; - case YKPIV_KEY_RETIRED4: - object = YKPIV_OBJ_RETIRED4; - break; - case YKPIV_KEY_RETIRED5: - object = YKPIV_OBJ_RETIRED5; - break; - case YKPIV_KEY_RETIRED6: - object = YKPIV_OBJ_RETIRED6; - break; - case YKPIV_KEY_RETIRED7: - object = YKPIV_OBJ_RETIRED7; - break; - case YKPIV_KEY_RETIRED8: - object = YKPIV_OBJ_RETIRED8; - break; - case YKPIV_KEY_RETIRED9: - object = YKPIV_OBJ_RETIRED9; - break; - case YKPIV_KEY_RETIRED10: - object = YKPIV_OBJ_RETIRED10; - break; - case YKPIV_KEY_RETIRED11: - object = YKPIV_OBJ_RETIRED11; - break; - case YKPIV_KEY_RETIRED12: - object = YKPIV_OBJ_RETIRED12; - break; - case YKPIV_KEY_RETIRED13: - object = YKPIV_OBJ_RETIRED13; - break; - case YKPIV_KEY_RETIRED14: - object = YKPIV_OBJ_RETIRED14; - break; - case YKPIV_KEY_RETIRED15: - object = YKPIV_OBJ_RETIRED15; - break; - case YKPIV_KEY_RETIRED16: - object = YKPIV_OBJ_RETIRED16; - break; - case YKPIV_KEY_RETIRED17: - object = YKPIV_OBJ_RETIRED17; - break; - case YKPIV_KEY_RETIRED18: - object = YKPIV_OBJ_RETIRED18; - break; - case YKPIV_KEY_RETIRED19: - object = YKPIV_OBJ_RETIRED19; - break; - case YKPIV_KEY_RETIRED20: - object = YKPIV_OBJ_RETIRED20; - break; - default: - object = 0; - } - return object; -} - bool set_component(unsigned char *in_ptr, const BIGNUM *bn, int element_len) { int real_len = BN_num_bytes(bn); diff --git a/tool/util.h b/tool/util.h index a1f15b5..f1eb6ac 100644 --- a/tool/util.h +++ b/tool/util.h @@ -48,8 +48,6 @@ X509_NAME *parse_name(const char*); unsigned char get_algorithm(EVP_PKEY*); FILE *open_file(const char*, int); int get_slot_hex(enum enum_slot slot_enum); -int get_object_id(enum enum_slot slot); -int key_to_object_id(int key); bool set_component(unsigned char *in_ptr, const BIGNUM *bn, int element_len); bool prepare_rsa_signature(const unsigned char*, unsigned int, unsigned char*, unsigned int*, int); diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c index b1bfd09..9b59d99 100644 --- a/tool/yubico-piv-tool.c +++ b/tool/yubico-piv-tool.c @@ -97,7 +97,7 @@ static bool sign_data(ykpiv_state *state, const unsigned char *in, size_t len, u return false; } -static bool generate_key(ykpiv_state *state, const char *slot, +static bool generate_key(ykpiv_state *state, enum enum_slot slot, enum enum_algorithm algorithm, const char *output_file_name, enum enum_key_format key_format, enum enum_pin_policy pin_policy, enum enum_touch_policy touch_policy) { @@ -133,7 +133,7 @@ static bool generate_key(ykpiv_state *state, const char *slot, } } - sscanf(slot, "%2x", &key); + key = get_slot_hex(slot); output_file = open_file(output_file_name, OUTPUT); if(!output_file) { @@ -252,7 +252,7 @@ static bool set_pin_retries(ykpiv_state *state, int pin_retries, int puk_retries } static bool import_key(ykpiv_state *state, enum enum_key_format key_format, - const char *input_file_name, const char *slot, char *password, + const char *input_file_name, enum enum_slot slot, char *password, enum enum_pin_policy pin_policy, enum enum_touch_policy touch_policy) { int key = 0; FILE *input_file = NULL; @@ -262,7 +262,7 @@ static bool import_key(ykpiv_state *state, enum enum_key_format key_format, bool ret = false; ykpiv_rc rc = YKPIV_GENERIC_ERROR; - sscanf(slot, "%2x", &key); + key = get_slot_hex(slot); input_file = open_file(input_file_name, INPUT); if(!input_file) { @@ -537,7 +537,7 @@ static bool set_cardid(ykpiv_state *state, int verbose, int type) { } static bool request_certificate(ykpiv_state *state, enum enum_key_format key_format, - const char *input_file_name, const char *slot, char *subject, enum enum_hash hash, + const char *input_file_name, enum enum_slot slot, char *subject, enum enum_hash hash, const char *output_file_name) { X509_REQ *req = NULL; X509_NAME *name = NULL; @@ -561,7 +561,7 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for null_parameter.type = V_ASN1_NULL; null_parameter.value.ptr = NULL; - sscanf(slot, "%2x", &key); + key = get_slot_hex(slot); input_file = open_file(input_file_name, INPUT); output_file = open_file(output_file_name, OUTPUT); @@ -684,7 +684,7 @@ request_out: } static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_format, - const char *input_file_name, const char *slot, char *subject, enum enum_hash hash, + const char *input_file_name, enum enum_slot slot, char *subject, enum enum_hash hash, const int *serial, int validDays, const char *output_file_name) { FILE *input_file = NULL; FILE *output_file = NULL; @@ -710,7 +710,7 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo null_parameter.type = V_ASN1_NULL; null_parameter.value.ptr = NULL; - sscanf(slot, "%2x", &key); + key = get_slot_hex(slot); input_file = open_file(input_file_name, INPUT); output_file = open_file(output_file_name, OUTPUT); @@ -1028,7 +1028,7 @@ read_cert_out: } static bool sign_file(ykpiv_state *state, const char *input, const char *output, - const char *slot, enum enum_algorithm algorithm, enum enum_hash hash, + enum enum_slot slot, enum enum_algorithm algorithm, enum enum_hash hash, int verbosity) { FILE *input_file = NULL; FILE *output_file = NULL; @@ -1039,7 +1039,7 @@ static bool sign_file(ykpiv_state *state, const char *input, const char *output, int algo; const EVP_MD *md; - sscanf(slot, "%2x", &key); + key = get_slot_hex(slot); input_file = open_file(input, INPUT); if(!input_file) { @@ -1121,7 +1121,7 @@ out: static void print_cert_info(ykpiv_state *state, enum enum_slot slot, const EVP_MD *md, FILE *output) { - int object = get_object_id(slot); + int object = ykpiv_util_slot_object(get_slot_hex(slot)); int slot_name; unsigned char data[3072]; const unsigned char *ptr = data; @@ -1349,7 +1349,7 @@ static bool test_signature(ykpiv_state *state, enum enum_slot slot, if(algorithm == 0) { goto test_out; } - sscanf(cmdline_parser_slot_values[slot], "%2x", &key); + key = get_slot_hex(slot); if(YKPIV_IS_RSA(algorithm)) { prepare_rsa_signature(data, data_len, encoded, &enc_len, EVP_MD_type(md)); ptr = encoded; @@ -1454,7 +1454,7 @@ static bool test_decipher(ykpiv_state *state, enum enum_slot slot, if(algorithm == 0) { goto decipher_out; } - sscanf(cmdline_parser_slot_values[slot], "%2x", &key); + key = get_slot_hex(slot); if(YKPIV_IS_RSA(algorithm)) { unsigned char secret[32]; unsigned char secret2[32]; @@ -1566,7 +1566,7 @@ static bool list_readers(ykpiv_state *state) { return true; } -static bool attest(ykpiv_state *state, const char *slot, +static bool attest(ykpiv_state *state, enum enum_slot slot, enum enum_key_format key_format, const char *output_file_name) { unsigned char data[YKPIV_OBJ_MAX_SIZE]; unsigned long len = sizeof(data); @@ -1583,7 +1583,7 @@ static bool attest(ykpiv_state *state, const char *slot, return false; } - sscanf(slot, "%2x", &key); + key = get_slot_hex(slot); if (ykpiv_attest(state, key, data, &len) != YKPIV_OK) { fprintf(stderr, "Failed to attest data.\n"); goto attest_out; @@ -1866,7 +1866,7 @@ int main(int argc, char *argv[]) { print_version(state, args_info.output_arg); break; case action_arg_generate: - if(generate_key(state, args_info.slot_orig, args_info.algorithm_arg, args_info.output_arg, args_info.key_format_arg, + if(generate_key(state, args_info.slot_arg, args_info.algorithm_arg, args_info.output_arg, args_info.key_format_arg, args_info.pin_policy_arg, args_info.touch_policy_arg) == false) { ret = EXIT_FAILURE; } else { @@ -1921,7 +1921,7 @@ int main(int argc, char *argv[]) { } break; case action_arg_importMINUS_key: - if(import_key(state, args_info.key_format_arg, args_info.input_arg, args_info.slot_orig, password, + if(import_key(state, args_info.key_format_arg, args_info.input_arg, args_info.slot_arg, password, args_info.pin_policy_arg, args_info.touch_policy_arg) == false) { fprintf(stderr, "Unable to import private key\n"); ret = EXIT_FAILURE; @@ -1946,7 +1946,7 @@ int main(int argc, char *argv[]) { break; case action_arg_requestMINUS_certificate: if(request_certificate(state, args_info.key_format_arg, args_info.input_arg, - args_info.slot_orig, args_info.subject_arg, args_info.hash_arg, + args_info.slot_arg, args_info.subject_arg, args_info.hash_arg, args_info.output_arg) == false) { ret = EXIT_FAILURE; } else { @@ -2006,7 +2006,7 @@ int main(int argc, char *argv[]) { } case action_arg_selfsignMINUS_certificate: if(selfsign_certificate(state, args_info.key_format_arg, args_info.input_arg, - args_info.slot_orig, args_info.subject_arg, args_info.hash_arg, + args_info.slot_arg, args_info.subject_arg, args_info.hash_arg, args_info.serial_given ? &args_info.serial_arg : NULL, args_info.valid_days_arg, args_info.output_arg) == false) { ret = EXIT_FAILURE; @@ -2060,7 +2060,7 @@ int main(int argc, char *argv[]) { } break; case action_arg_attest: - if(attest(state, args_info.slot_orig, args_info.key_format_arg, + if(attest(state, args_info.slot_arg, args_info.key_format_arg, args_info.output_arg) == false) { ret = EXIT_FAILURE; } @@ -2081,7 +2081,7 @@ int main(int argc, char *argv[]) { ret = EXIT_FAILURE; } else if(sign_file(state, args_info.input_arg, args_info.output_arg, - args_info.slot_orig, args_info.algorithm_arg, args_info.hash_arg, + args_info.slot_arg, args_info.algorithm_arg, args_info.hash_arg, verbosity)) { fprintf(stderr, "Signature successful!\n"); } else { diff --git a/ykcs11/token_vendors.c b/ykcs11/token_vendors.c index 596d31c..395b7fe 100644 --- a/ykcs11/token_vendors.c +++ b/ykcs11/token_vendors.c @@ -196,7 +196,7 @@ static CK_RV COMMON_token_generate_key(ykpiv_state *state, CK_BBOOL rsa, *certptr++ = 0; // Store the certificate into the token - if (ykpiv_save_object(state, key_to_object_id(key), data, (size_t)(certptr - data)) != YKPIV_OK) + if (ykpiv_save_object(state, ykpiv_util_slot_object(key), data, (size_t)(certptr - data)) != YKPIV_OK) return CKR_DEVICE_ERROR; return CKR_OK;