From a73d708c2555cadf5a2f27fd8d3efcbb4d08f29a Mon Sep 17 00:00:00 2001 From: Klas Lindfors Date: Tue, 23 Jun 2015 14:12:39 +0200 Subject: [PATCH] add support for retired key objects slots 82-95 --- lib/ykpiv.h | 21 +++++++++++++++++ tool/cmdline.ggo | 5 ++-- tool/util.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 84 insertions(+), 2 deletions(-) diff --git a/lib/ykpiv.h b/lib/ykpiv.h index d213f5c..56c0081 100644 --- a/lib/ykpiv.h +++ b/lib/ykpiv.h @@ -111,6 +111,27 @@ extern "C" #define YKPIV_OBJ_KEY_HISTORY 0x5fc10c #define YKPIV_OBJ_IRIS 0x5fc121 +#define YKPIV_OBJ_RETIRED1 0x5fc10d +#define YKPIV_OBJ_RETIRED2 0x5fc10e +#define YKPIV_OBJ_RETIRED3 0x5fc10f +#define YKPIV_OBJ_RETIRED4 0x5fc110 +#define YKPIV_OBJ_RETIRED5 0x5fc111 +#define YKPIV_OBJ_RETIRED6 0x5fc112 +#define YKPIV_OBJ_RETIRED7 0x5fc113 +#define YKPIV_OBJ_RETIRED8 0x5fc114 +#define YKPIV_OBJ_RETIRED9 0x5fc115 +#define YKPIV_OBJ_RETIRED10 0x5fc116 +#define YKPIV_OBJ_RETIRED11 0x5fc117 +#define YKPIV_OBJ_RETIRED12 0x5fc118 +#define YKPIV_OBJ_RETIRED13 0x5fc119 +#define YKPIV_OBJ_RETIRED14 0x5fc11a +#define YKPIV_OBJ_RETIRED15 0x5fc11b +#define YKPIV_OBJ_RETIRED16 0x5fc11c +#define YKPIV_OBJ_RETIRED17 0x5fc11d +#define YKPIV_OBJ_RETIRED18 0x5fc11e +#define YKPIV_OBJ_RETIRED19 0x5fc11f +#define YKPIV_OBJ_RETIRED20 0x5fc120 + #define YKPIV_INS_VERIFY 0x20 #define YKPIV_INS_CHANGE_REFERENCE 0x24 #define YKPIV_INS_RESET_RETRY 0x2c diff --git a/tool/cmdline.ggo b/tool/cmdline.ggo index 25b606f..6439419 100644 --- a/tool/cmdline.ggo +++ b/tool/cmdline.ggo @@ -35,12 +35,13 @@ option "action" a "Action to take" values="version","generate","set-mgm-key", text " Multiple actions may be given at once and will be executed in order for example --action=verify-pin --action=request-certificate\n" -option "slot" s "What key slot to operate on" values="9a","9c","9d","9e" enum optional +option "slot" s "What key slot to operate on" values="9a","9c","9d","9e","82","83","84","85","86","87","88","89","8a","8b","8c","8d","8e","8f","90","91","92","93","94","95" enum optional text " 9a is for PIV Authentication 9c is for Digital Signature (PIN always checked) 9d is for Key Management - 9e is for Card Authentication (PIN never checked)\n" + 9e is for Card Authentication (PIN never checked) + 82-95 is for Retired Key Management\n" option "algorithm" A "What algorithm to use" values="RSA1024","RSA2048","ECCP256","ECCP384" enum optional default="RSA2048" option "hash" H "Hash to use for signatures" values="SHA1","SHA256","SHA384","SHA512" enum optional default="SHA256" option "new-key" n "New authentication key to use" string optional diff --git a/tool/util.c b/tool/util.c index ac1654e..61e749f 100644 --- a/tool/util.c +++ b/tool/util.c @@ -200,6 +200,66 @@ int get_object_id(enum enum_slot slot) { case slot_arg_9e: object = YKPIV_OBJ_CARD_AUTH; break; + case slot_arg_82: + object = YKPIV_OBJ_RETIRED1; + break; + case slot_arg_83: + object = YKPIV_OBJ_RETIRED2; + break; + case slot_arg_84: + object = YKPIV_OBJ_RETIRED3; + break; + case slot_arg_85: + object = YKPIV_OBJ_RETIRED4; + break; + case slot_arg_86: + object = YKPIV_OBJ_RETIRED5; + break; + case slot_arg_87: + object = YKPIV_OBJ_RETIRED6; + break; + case slot_arg_88: + object = YKPIV_OBJ_RETIRED7; + break; + case slot_arg_89: + object = YKPIV_OBJ_RETIRED8; + break; + case slot_arg_8a: + object = YKPIV_OBJ_RETIRED9; + break; + case slot_arg_8b: + object = YKPIV_OBJ_RETIRED10; + break; + case slot_arg_8c: + object = YKPIV_OBJ_RETIRED11; + break; + case slot_arg_8d: + object = YKPIV_OBJ_RETIRED12; + break; + case slot_arg_8e: + object = YKPIV_OBJ_RETIRED13; + break; + case slot_arg_8f: + object = YKPIV_OBJ_RETIRED14; + break; + case slot_arg_90: + object = YKPIV_OBJ_RETIRED15; + break; + case slot_arg_91: + object = YKPIV_OBJ_RETIRED16; + break; + case slot_arg_92: + object = YKPIV_OBJ_RETIRED17; + break; + case slot_arg_93: + object = YKPIV_OBJ_RETIRED18; + break; + case slot_arg_94: + object = YKPIV_OBJ_RETIRED19; + break; + case slot_arg_95: + object = YKPIV_OBJ_RETIRED20; + break; case slot__NULL: default: object = 0;