ykcs11: disable rsa keygeneration for yk4 < 4.3.5
see https://yubi.co/ysa201701/ relates #127
This commit is contained in:
@@ -93,6 +93,22 @@ static CK_RV COMMON_token_generate_key(ykpiv_state *state, CK_BBOOL rsa,
|
|||||||
|
|
||||||
CK_RV rv;
|
CK_RV rv;
|
||||||
|
|
||||||
|
if(rsa) {
|
||||||
|
char version[7];
|
||||||
|
if(ykpiv_get_version(state, version, sizeof(version)) == YKPIV_OK) {
|
||||||
|
int major, minor, build;
|
||||||
|
int match = sscanf(version, "%d.%d.%d", &major, &minor, &build);
|
||||||
|
if(match == 3 && major == 4 && (minor < 3 || (minor == 3 && build < 5))) {
|
||||||
|
DBG("On-chip RSA key generation on this YubiKey has been blocked.\n");
|
||||||
|
DBG("Please see https://yubi.co/ysa201701/ for details.\n");
|
||||||
|
return CKR_FUNCTION_FAILED;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
DBG("Failed to communicate.\n");
|
||||||
|
return CKR_DEVICE_ERROR;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
templ[3] = key;
|
templ[3] = key;
|
||||||
|
|
||||||
*in_ptr++ = 0xac;
|
*in_ptr++ = 0xac;
|
||||||
|
|||||||
Reference in New Issue
Block a user