add support for retired key objects

slots 82-95
This commit is contained in:
Klas Lindfors
2015-06-23 14:12:39 +02:00
parent c2621960a9
commit a73d708c25
3 changed files with 84 additions and 2 deletions
+21
View File
@@ -111,6 +111,27 @@ extern "C"
#define YKPIV_OBJ_KEY_HISTORY 0x5fc10c
#define YKPIV_OBJ_IRIS 0x5fc121
#define YKPIV_OBJ_RETIRED1 0x5fc10d
#define YKPIV_OBJ_RETIRED2 0x5fc10e
#define YKPIV_OBJ_RETIRED3 0x5fc10f
#define YKPIV_OBJ_RETIRED4 0x5fc110
#define YKPIV_OBJ_RETIRED5 0x5fc111
#define YKPIV_OBJ_RETIRED6 0x5fc112
#define YKPIV_OBJ_RETIRED7 0x5fc113
#define YKPIV_OBJ_RETIRED8 0x5fc114
#define YKPIV_OBJ_RETIRED9 0x5fc115
#define YKPIV_OBJ_RETIRED10 0x5fc116
#define YKPIV_OBJ_RETIRED11 0x5fc117
#define YKPIV_OBJ_RETIRED12 0x5fc118
#define YKPIV_OBJ_RETIRED13 0x5fc119
#define YKPIV_OBJ_RETIRED14 0x5fc11a
#define YKPIV_OBJ_RETIRED15 0x5fc11b
#define YKPIV_OBJ_RETIRED16 0x5fc11c
#define YKPIV_OBJ_RETIRED17 0x5fc11d
#define YKPIV_OBJ_RETIRED18 0x5fc11e
#define YKPIV_OBJ_RETIRED19 0x5fc11f
#define YKPIV_OBJ_RETIRED20 0x5fc120
#define YKPIV_INS_VERIFY 0x20
#define YKPIV_INS_CHANGE_REFERENCE 0x24
#define YKPIV_INS_RESET_RETRY 0x2c
+3 -2
View File
@@ -35,12 +35,13 @@ option "action" a "Action to take" values="version","generate","set-mgm-key",
text "
Multiple actions may be given at once and will be executed in order
for example --action=verify-pin --action=request-certificate\n"
option "slot" s "What key slot to operate on" values="9a","9c","9d","9e" enum optional
option "slot" s "What key slot to operate on" values="9a","9c","9d","9e","82","83","84","85","86","87","88","89","8a","8b","8c","8d","8e","8f","90","91","92","93","94","95" enum optional
text "
9a is for PIV Authentication
9c is for Digital Signature (PIN always checked)
9d is for Key Management
9e is for Card Authentication (PIN never checked)\n"
9e is for Card Authentication (PIN never checked)
82-95 is for Retired Key Management\n"
option "algorithm" A "What algorithm to use" values="RSA1024","RSA2048","ECCP256","ECCP384" enum optional default="RSA2048"
option "hash" H "Hash to use for signatures" values="SHA1","SHA256","SHA384","SHA512" enum optional default="SHA256"
option "new-key" n "New authentication key to use" string optional
+60
View File
@@ -200,6 +200,66 @@ int get_object_id(enum enum_slot slot) {
case slot_arg_9e:
object = YKPIV_OBJ_CARD_AUTH;
break;
case slot_arg_82:
object = YKPIV_OBJ_RETIRED1;
break;
case slot_arg_83:
object = YKPIV_OBJ_RETIRED2;
break;
case slot_arg_84:
object = YKPIV_OBJ_RETIRED3;
break;
case slot_arg_85:
object = YKPIV_OBJ_RETIRED4;
break;
case slot_arg_86:
object = YKPIV_OBJ_RETIRED5;
break;
case slot_arg_87:
object = YKPIV_OBJ_RETIRED6;
break;
case slot_arg_88:
object = YKPIV_OBJ_RETIRED7;
break;
case slot_arg_89:
object = YKPIV_OBJ_RETIRED8;
break;
case slot_arg_8a:
object = YKPIV_OBJ_RETIRED9;
break;
case slot_arg_8b:
object = YKPIV_OBJ_RETIRED10;
break;
case slot_arg_8c:
object = YKPIV_OBJ_RETIRED11;
break;
case slot_arg_8d:
object = YKPIV_OBJ_RETIRED12;
break;
case slot_arg_8e:
object = YKPIV_OBJ_RETIRED13;
break;
case slot_arg_8f:
object = YKPIV_OBJ_RETIRED14;
break;
case slot_arg_90:
object = YKPIV_OBJ_RETIRED15;
break;
case slot_arg_91:
object = YKPIV_OBJ_RETIRED16;
break;
case slot_arg_92:
object = YKPIV_OBJ_RETIRED17;
break;
case slot_arg_93:
object = YKPIV_OBJ_RETIRED18;
break;
case slot_arg_94:
object = YKPIV_OBJ_RETIRED19;
break;
case slot_arg_95:
object = YKPIV_OBJ_RETIRED20;
break;
case slot__NULL:
default:
object = 0;