diff --git a/cmdline.ggo b/cmdline.ggo index f7c1fcc..1f033a1 100644 --- a/cmdline.ggo +++ b/cmdline.ggo @@ -29,3 +29,4 @@ option "reader" r "Only use a matching reader" string optional option "key" k "Authentication key to use" string optional default="010203040506070801020304050607080102030405060708" option "action" a "Action to take" values="version","generate" enum option "slot" s "What key slot to operate on" values="9a","9b","9c","9d","9e" enum optional +option "algorithm" A "What algorithm to use" values="RSA1024","RSA2048","ECCP256" enum optional default="RSA2048" diff --git a/yubico-piv-tool.c b/yubico-piv-tool.c index 66739fb..93a793a 100644 --- a/yubico-piv-tool.c +++ b/yubico-piv-tool.c @@ -231,7 +231,7 @@ static void print_version(SCARDHANDLE *card, int verbose) { } } -static bool generate_key(SCARDHANDLE *card, const char *slot, int verbose) { +static bool generate_key(SCARDHANDLE *card, const char *slot, enum enum_algorithm algorithm, int verbose) { APDU apdu; unsigned char data[1024]; unsigned long recv_len = 0xff; @@ -249,7 +249,20 @@ static bool generate_key(SCARDHANDLE *card, const char *slot, int verbose) { apdu.st.data[1] = 3; apdu.st.data[2] = 0x80; apdu.st.data[3] = 1; - apdu.st.data[4] = 0x07; /* rsa 2048 TODO: implement more */ + switch(algorithm) { + case algorithm_arg_RSA2048: + apdu.st.data[4] = 0x07; + break; + case algorithm_arg_RSA1024: + apdu.st.data[4] = 0x06; + break; + case algorithm_arg_ECCP256: + apdu.st.data[4] = 0x11; + break; + case algorithm__NULL: + default: + fprintf(stderr, "Unexepcted algorithm.\n"); + } sw = send_data(card, apdu, 10, data, &recv_len, verbose); /* chained response */ @@ -261,9 +274,9 @@ static bool generate_key(SCARDHANDLE *card, const char *slot, int verbose) { sw = send_data(card, apdu, 4, data + received, &recv_len, verbose); received += recv_len; } - if(sw != 0x9000) { - return false; - } + + dump_hex(data, received); + return true; } @@ -358,7 +371,7 @@ int main(int argc, char *argv[]) { print_version(&card, args_info.verbose_flag); } else if(args_info.action_arg == action_arg_generate) { if(args_info.slot_arg != slot__NULL) { - generate_key(&card, args_info.slot_orig, args_info.verbose_flag); + generate_key(&card, args_info.slot_orig, args_info.algorithm_arg, args_info.verbose_flag); } else { fprintf(stderr, "The generate command needs a slot (-s) to operate on.\n"); return EXIT_FAILURE;