From c16aaaa7d0051468cedeaa9a4cce30a754925f5b Mon Sep 17 00:00:00 2001 From: Alessio Di Mauro Date: Tue, 24 Nov 2015 11:05:21 +0100 Subject: [PATCH] Add retired keys in more places. --- ykcs11/obj_types.h | 160 ++++++++++++------------ ykcs11/objects.c | 281 ++++++++++++++++++++++++++++++------------ ykcs11/yubico_token.c | 18 ++- 3 files changed, 295 insertions(+), 164 deletions(-) diff --git a/ykcs11/obj_types.h b/ykcs11/obj_types.h index d54b8bf..f4267ba 100644 --- a/ykcs11/obj_types.h +++ b/ykcs11/obj_types.h @@ -11,26 +11,26 @@ typedef enum { PIV_DATA_OBJ_X509_CARD_AUTH, // Certificate for card authentication PIV_DATA_OBJ_X509_DS, // Certificate for digital signature PIV_DATA_OBJ_X509_KM, // Certificate for key management - PIV_DATA_OBJ_X509_RETIRED_1, // Certificate for retired key 1 - PIV_DATA_OBJ_X509_RETIRED_2, // Certificate for retired key 2 - PIV_DATA_OBJ_X509_RETIRED_3, // Certificate for retired key 3 - PIV_DATA_OBJ_X509_RETIRED_4, // Certificate for retired key 4 - PIV_DATA_OBJ_X509_RETIRED_5, // Certificate for retired key 5 - PIV_DATA_OBJ_X509_RETIRED_6, // Certificate for retired key 6 - PIV_DATA_OBJ_X509_RETIRED_7, // Certificate for retired key 7 - PIV_DATA_OBJ_X509_RETIRED_8, // Certificate for retired key 8 - PIV_DATA_OBJ_X509_RETIRED_9, // Certificate for retired key 9 - PIV_DATA_OBJ_X509_RETIRED_10, // Certificate for retired key 10 - PIV_DATA_OBJ_X509_RETIRED_11, // Certificate for retired key 11 - PIV_DATA_OBJ_X509_RETIRED_12, // Certificate for retired key 12 - PIV_DATA_OBJ_X509_RETIRED_13, // Certificate for retired key 13 - PIV_DATA_OBJ_X509_RETIRED_14, // Certificate for retired key 14 - PIV_DATA_OBJ_X509_RETIRED_15, // Certificate for retired key 15 - PIV_DATA_OBJ_X509_RETIRED_16, // Certificate for retired key 16 - PIV_DATA_OBJ_X509_RETIRED_17, // Certificate for retired key 17 - PIV_DATA_OBJ_X509_RETIRED_18, // Certificate for retired key 18 - PIV_DATA_OBJ_X509_RETIRED_19, // Certificate for retired key 19 - PIV_DATA_OBJ_X509_RETIRED_20, // Certificate for retired key 20 + PIV_DATA_OBJ_X509_RETIRED1, // Certificate for retired key 1 + PIV_DATA_OBJ_X509_RETIRED2, // Certificate for retired key 2 + PIV_DATA_OBJ_X509_RETIRED3, // Certificate for retired key 3 + PIV_DATA_OBJ_X509_RETIRED4, // Certificate for retired key 4 + PIV_DATA_OBJ_X509_RETIRED5, // Certificate for retired key 5 + PIV_DATA_OBJ_X509_RETIRED6, // Certificate for retired key 6 + PIV_DATA_OBJ_X509_RETIRED7, // Certificate for retired key 7 + PIV_DATA_OBJ_X509_RETIRED8, // Certificate for retired key 8 + PIV_DATA_OBJ_X509_RETIRED9, // Certificate for retired key 9 + PIV_DATA_OBJ_X509_RETIRED10, // Certificate for retired key 10 + PIV_DATA_OBJ_X509_RETIRED11, // Certificate for retired key 11 + PIV_DATA_OBJ_X509_RETIRED12, // Certificate for retired key 12 + PIV_DATA_OBJ_X509_RETIRED13, // Certificate for retired key 13 + PIV_DATA_OBJ_X509_RETIRED14, // Certificate for retired key 14 + PIV_DATA_OBJ_X509_RETIRED15, // Certificate for retired key 15 + PIV_DATA_OBJ_X509_RETIRED16, // Certificate for retired key 16 + PIV_DATA_OBJ_X509_RETIRED17, // Certificate for retired key 17 + PIV_DATA_OBJ_X509_RETIRED18, // Certificate for retired key 18 + PIV_DATA_OBJ_X509_RETIRED19, // Certificate for retired key 19 + PIV_DATA_OBJ_X509_RETIRED20, // Certificate for retired key 20 PIV_DATA_OBJ_CCC, // Card capability container PIV_DATA_OBJ_CHUI, // Cardholder unique id PIV_DATA_OBJ_CHF, // Cardholder fingerprints @@ -49,78 +49,78 @@ typedef enum { PIV_CERT_OBJ_X509_CARD_AUTH, // Certificate for card authentication PIV_CERT_OBJ_X509_DS, // Certificate for digital signature PIV_CERT_OBJ_X509_KM, // Certificate for key management - PIV_CERT_OBJ_X509_RETIRED_1, // Certificate for retired key 1 - PIV_CERT_OBJ_X509_RETIRED_2, // Certificate for retired key 2 - PIV_CERT_OBJ_X509_RETIRED_3, // Certificate for retired key 3 - PIV_CERT_OBJ_X509_RETIRED_4, // Certificate for retired key 4 - PIV_CERT_OBJ_X509_RETIRED_5, // Certificate for retired key 5 - PIV_CERT_OBJ_X509_RETIRED_6, // Certificate for retired key 6 - PIV_CERT_OBJ_X509_RETIRED_7, // Certificate for retired key 7 - PIV_CERT_OBJ_X509_RETIRED_8, // Certificate for retired key 8 - PIV_CERT_OBJ_X509_RETIRED_9, // Certificate for retired key 9 - PIV_CERT_OBJ_X509_RETIRED_10, // Certificate for retired key 10 - PIV_CERT_OBJ_X509_RETIRED_11, // Certificate for retired key 11 - PIV_CERT_OBJ_X509_RETIRED_12, // Certificate for retired key 12 - PIV_CERT_OBJ_X509_RETIRED_13, // Certificate for retired key 13 - PIV_CERT_OBJ_X509_RETIRED_14, // Certificate for retired key 14 - PIV_CERT_OBJ_X509_RETIRED_15, // Certificate for retired key 15 - PIV_CERT_OBJ_X509_RETIRED_16, // Certificate for retired key 16 - PIV_CERT_OBJ_X509_RETIRED_17, // Certificate for retired key 17 - PIV_CERT_OBJ_X509_RETIRED_18, // Certificate for retired key 18 - PIV_CERT_OBJ_X509_RETIRED_19, // Certificate for retired key 19 - PIV_CERT_OBJ_X509_RETIRED_20, // Certificate for retired key 20 + PIV_CERT_OBJ_X509_RETIRED1, // Certificate for retired key 1 + PIV_CERT_OBJ_X509_RETIRED2, // Certificate for retired key 2 + PIV_CERT_OBJ_X509_RETIRED3, // Certificate for retired key 3 + PIV_CERT_OBJ_X509_RETIRED4, // Certificate for retired key 4 + PIV_CERT_OBJ_X509_RETIRED5, // Certificate for retired key 5 + PIV_CERT_OBJ_X509_RETIRED6, // Certificate for retired key 6 + PIV_CERT_OBJ_X509_RETIRED7, // Certificate for retired key 7 + PIV_CERT_OBJ_X509_RETIRED8, // Certificate for retired key 8 + PIV_CERT_OBJ_X509_RETIRED9, // Certificate for retired key 9 + PIV_CERT_OBJ_X509_RETIRED10, // Certificate for retired key 10 + PIV_CERT_OBJ_X509_RETIRED11, // Certificate for retired key 11 + PIV_CERT_OBJ_X509_RETIRED12, // Certificate for retired key 12 + PIV_CERT_OBJ_X509_RETIRED13, // Certificate for retired key 13 + PIV_CERT_OBJ_X509_RETIRED14, // Certificate for retired key 14 + PIV_CERT_OBJ_X509_RETIRED15, // Certificate for retired key 15 + PIV_CERT_OBJ_X509_RETIRED16, // Certificate for retired key 16 + PIV_CERT_OBJ_X509_RETIRED17, // Certificate for retired key 17 + PIV_CERT_OBJ_X509_RETIRED18, // Certificate for retired key 18 + PIV_CERT_OBJ_X509_RETIRED19, // Certificate for retired key 19 + PIV_CERT_OBJ_X509_RETIRED20, // Certificate for retired key 20 PIV_CERT_OBJ_LAST, PIV_PVTK_OBJ_PIV_AUTH, // Private key for PIV authentication PIV_PVTK_OBJ_CARD_AUTH, // Private key for card authentication PIV_PVTK_OBJ_DS, // Private key for digital signature PIV_PVTK_OBJ_KM, // Private key for key management - PIV_PVTK_OBJ_RETIRED_1, // Private key for retired key 1 - PIV_PVTK_OBJ_RETIRED_2, // Private key for retired key 2 - PIV_PVTK_OBJ_RETIRED_3, // Private key for retired key 3 - PIV_PVTK_OBJ_RETIRED_4, // Private key for retired key 4 - PIV_PVTK_OBJ_RETIRED_5, // Private key for retired key 5 - PIV_PVTK_OBJ_RETIRED_6, // Private key for retired key 6 - PIV_PVTK_OBJ_RETIRED_7, // Private key for retired key 7 - PIV_PVTK_OBJ_RETIRED_8, // Private key for retired key 8 - PIV_PVTK_OBJ_RETIRED_9, // Private key for retired key 9 - PIV_PVTK_OBJ_RETIRED_10, // Private key for retired key 10 - PIV_PVTK_OBJ_RETIRED_11, // Private key for retired key 11 - PIV_PVTK_OBJ_RETIRED_12, // Private key for retired key 12 - PIV_PVTK_OBJ_RETIRED_13, // Private key for retired key 13 - PIV_PVTK_OBJ_RETIRED_14, // Private key for retired key 14 - PIV_PVTK_OBJ_RETIRED_15, // Private key for retired key 15 - PIV_PVTK_OBJ_RETIRED_16, // Private key for retired key 16 - PIV_PVTK_OBJ_RETIRED_17, // Private key for retired key 17 - PIV_PVTK_OBJ_RETIRED_18, // Private key for retired key 18 - PIV_PVTK_OBJ_RETIRED_19, // Private key for retired key 19 - PIV_PVTK_OBJ_RETIRED_20, // Private key for retired key 20 + PIV_PVTK_OBJ_RETIRED1, // Private key for retired key 1 + PIV_PVTK_OBJ_RETIRED2, // Private key for retired key 2 + PIV_PVTK_OBJ_RETIRED3, // Private key for retired key 3 + PIV_PVTK_OBJ_RETIRED4, // Private key for retired key 4 + PIV_PVTK_OBJ_RETIRED5, // Private key for retired key 5 + PIV_PVTK_OBJ_RETIRED6, // Private key for retired key 6 + PIV_PVTK_OBJ_RETIRED7, // Private key for retired key 7 + PIV_PVTK_OBJ_RETIRED8, // Private key for retired key 8 + PIV_PVTK_OBJ_RETIRED9, // Private key for retired key 9 + PIV_PVTK_OBJ_RETIRED10, // Private key for retired key 10 + PIV_PVTK_OBJ_RETIRED11, // Private key for retired key 11 + PIV_PVTK_OBJ_RETIRED12, // Private key for retired key 12 + PIV_PVTK_OBJ_RETIRED13, // Private key for retired key 13 + PIV_PVTK_OBJ_RETIRED14, // Private key for retired key 14 + PIV_PVTK_OBJ_RETIRED15, // Private key for retired key 15 + PIV_PVTK_OBJ_RETIRED16, // Private key for retired key 16 + PIV_PVTK_OBJ_RETIRED17, // Private key for retired key 17 + PIV_PVTK_OBJ_RETIRED18, // Private key for retired key 18 + PIV_PVTK_OBJ_RETIRED19, // Private key for retired key 19 + PIV_PVTK_OBJ_RETIRED20, // Private key for retired key 20 PIV_PVTK_OBJ_LAST, PIV_PUBK_OBJ_PIV_AUTH, // Public key for PIV authentication PIV_PUBK_OBJ_CARD_AUTH, // Public key for card authentication PIV_PUBK_OBJ_DS, // Public key for digital signature PIV_PUBK_OBJ_KM, // Public key for key management - PIV_PUBK_OBJ_RETIRED_1, // Public key for retired key 1 - PIV_PUBK_OBJ_RETIRED_2, // Public key for retired key 2 - PIV_PUBK_OBJ_RETIRED_3, // Public key for retired key 3 - PIV_PUBK_OBJ_RETIRED_4, // Public key for retired key 4 - PIV_PUBK_OBJ_RETIRED_5, // Public key for retired key 5 - PIV_PUBK_OBJ_RETIRED_6, // Public key for retired key 6 - PIV_PUBK_OBJ_RETIRED_7, // Public key for retired key 7 - PIV_PUBK_OBJ_RETIRED_8, // Public key for retired key 8 - PIV_PUBK_OBJ_RETIRED_9, // Public key for retired key 9 - PIV_PUBK_OBJ_RETIRED_10, // Public key for retired key 10 - PIV_PUBK_OBJ_RETIRED_11, // Public key for retired key 11 - PIV_PUBK_OBJ_RETIRED_12, // Public key for retired key 12 - PIV_PUBK_OBJ_RETIRED_13, // Public key for retired key 13 - PIV_PUBK_OBJ_RETIRED_14, // Public key for retired key 14 - PIV_PUBK_OBJ_RETIRED_15, // Public key for retired key 15 - PIV_PUBK_OBJ_RETIRED_16, // Public key for retired key 16 - PIV_PUBK_OBJ_RETIRED_17, // Public key for retired key 17 - PIV_PUBK_OBJ_RETIRED_18, // Public key for retired key 18 - PIV_PUBK_OBJ_RETIRED_19, // Public key for retired key 19 - PIV_PUBK_OBJ_RETIRED_20, // Public key for retired key 20 + PIV_PUBK_OBJ_RETIRED1, // Public key for retired key 1 + PIV_PUBK_OBJ_RETIRED2, // Public key for retired key 2 + PIV_PUBK_OBJ_RETIRED3, // Public key for retired key 3 + PIV_PUBK_OBJ_RETIRED4, // Public key for retired key 4 + PIV_PUBK_OBJ_RETIRED5, // Public key for retired key 5 + PIV_PUBK_OBJ_RETIRED6, // Public key for retired key 6 + PIV_PUBK_OBJ_RETIRED7, // Public key for retired key 7 + PIV_PUBK_OBJ_RETIRED8, // Public key for retired key 8 + PIV_PUBK_OBJ_RETIRED9, // Public key for retired key 9 + PIV_PUBK_OBJ_RETIRED10, // Public key for retired key 10 + PIV_PUBK_OBJ_RETIRED11, // Public key for retired key 11 + PIV_PUBK_OBJ_RETIRED12, // Public key for retired key 12 + PIV_PUBK_OBJ_RETIRED13, // Public key for retired key 13 + PIV_PUBK_OBJ_RETIRED14, // Public key for retired key 14 + PIV_PUBK_OBJ_RETIRED15, // Public key for retired key 15 + PIV_PUBK_OBJ_RETIRED16, // Public key for retired key 16 + PIV_PUBK_OBJ_RETIRED17, // Public key for retired key 17 + PIV_PUBK_OBJ_RETIRED18, // Public key for retired key 18 + PIV_PUBK_OBJ_RETIRED19, // Public key for retired key 19 + PIV_PUBK_OBJ_RETIRED20, // Public key for retired key 20 PIV_PUBK_OBJ_LAST } piv_obj_id_t; diff --git a/ykcs11/objects.c b/ykcs11/objects.c index 6f7f865..4d15ecf 100644 --- a/ykcs11/objects.c +++ b/ykcs11/objects.c @@ -24,26 +24,26 @@ static piv_obj_t piv_objects[] = { {PIV_DATA_OBJ_X509_CARD_AUTH, 1, 0, 0, "X.509 Certificate for Card Authentication", 0, 0, get_doa, 1}, {PIV_DATA_OBJ_X509_DS, 1, 0, 0, "X.509 Certificate for Digital Signature", 0, 0, get_doa, 2}, {PIV_DATA_OBJ_X509_KM, 1, 0, 0, "X.509 Certificate for Key Management", 0, 0, get_doa, 3}, - {PIV_DATA_OBJ_X509_RETIRED_1, 1, 0, 0, "X.509 Certificate for retired key 1", 0, 0, get_doa, 4}, - {PIV_DATA_OBJ_X509_RETIRED_2, 1, 0, 0, "X.509 Certificate for retired key 2", 0, 0, get_doa, 5}, - {PIV_DATA_OBJ_X509_RETIRED_3, 1, 0, 0, "X.509 Certificate for retired key 3", 0, 0, get_doa, 6}, - {PIV_DATA_OBJ_X509_RETIRED_4, 1, 0, 0, "X.509 Certificate for retired key 4", 0, 0, get_doa, 7}, - {PIV_DATA_OBJ_X509_RETIRED_5, 1, 0, 0, "X.509 Certificate for retired key 5", 0, 0, get_doa, 8}, - {PIV_DATA_OBJ_X509_RETIRED_6, 1, 0, 0, "X.509 Certificate for retired key 6", 0, 0, get_doa, 9}, - {PIV_DATA_OBJ_X509_RETIRED_7, 1, 0, 0, "X.509 Certificate for retired key 7", 0, 0, get_doa, 10}, - {PIV_DATA_OBJ_X509_RETIRED_8, 1, 0, 0, "X.509 Certificate for retired key 8", 0, 0, get_doa, 11}, - {PIV_DATA_OBJ_X509_RETIRED_9, 1, 0, 0, "X.509 Certificate for retired key 9", 0, 0, get_doa, 12}, - {PIV_DATA_OBJ_X509_RETIRED_10, 1, 0, 0, "X.509 Certificate for retired key 10", 0, 0, get_doa, 13}, - {PIV_DATA_OBJ_X509_RETIRED_11, 1, 0, 0, "X.509 Certificate for retired key 11", 0, 0, get_doa, 14}, - {PIV_DATA_OBJ_X509_RETIRED_12, 1, 0, 0, "X.509 Certificate for retired key 12", 0, 0, get_doa, 15}, - {PIV_DATA_OBJ_X509_RETIRED_13, 1, 0, 0, "X.509 Certificate for retired key 13", 0, 0, get_doa, 16}, - {PIV_DATA_OBJ_X509_RETIRED_14, 1, 0, 0, "X.509 Certificate for retired key 14", 0, 0, get_doa, 17}, - {PIV_DATA_OBJ_X509_RETIRED_15, 1, 0, 0, "X.509 Certificate for retired key 15", 0, 0, get_doa, 18}, - {PIV_DATA_OBJ_X509_RETIRED_16, 1, 0, 0, "X.509 Certificate for retired key 16", 0, 0, get_doa, 19}, - {PIV_DATA_OBJ_X509_RETIRED_17, 1, 0, 0, "X.509 Certificate for retired key 17", 0, 0, get_doa, 20}, - {PIV_DATA_OBJ_X509_RETIRED_18, 1, 0, 0, "X.509 Certificate for retired key 18", 0, 0, get_doa, 21}, - {PIV_DATA_OBJ_X509_RETIRED_19, 1, 0, 0, "X.509 Certificate for retired key 19", 0, 0, get_doa, 22}, - {PIV_DATA_OBJ_X509_RETIRED_20, 1, 0, 0, "X.509 Certificate for retired key 20", 0, 0, get_doa, 23}, + {PIV_DATA_OBJ_X509_RETIRED1, 1, 0, 0, "X.509 Certificate for retired key 1", 0, 0, get_doa, 4}, + {PIV_DATA_OBJ_X509_RETIRED2, 1, 0, 0, "X.509 Certificate for retired key 2", 0, 0, get_doa, 5}, + {PIV_DATA_OBJ_X509_RETIRED3, 1, 0, 0, "X.509 Certificate for retired key 3", 0, 0, get_doa, 6}, + {PIV_DATA_OBJ_X509_RETIRED4, 1, 0, 0, "X.509 Certificate for retired key 4", 0, 0, get_doa, 7}, + {PIV_DATA_OBJ_X509_RETIRED5, 1, 0, 0, "X.509 Certificate for retired key 5", 0, 0, get_doa, 8}, + {PIV_DATA_OBJ_X509_RETIRED6, 1, 0, 0, "X.509 Certificate for retired key 6", 0, 0, get_doa, 9}, + {PIV_DATA_OBJ_X509_RETIRED7, 1, 0, 0, "X.509 Certificate for retired key 7", 0, 0, get_doa, 10}, + {PIV_DATA_OBJ_X509_RETIRED8, 1, 0, 0, "X.509 Certificate for retired key 8", 0, 0, get_doa, 11}, + {PIV_DATA_OBJ_X509_RETIRED9, 1, 0, 0, "X.509 Certificate for retired key 9", 0, 0, get_doa, 12}, + {PIV_DATA_OBJ_X509_RETIRED10, 1, 0, 0, "X.509 Certificate for retired key 10", 0, 0, get_doa, 13}, + {PIV_DATA_OBJ_X509_RETIRED11, 1, 0, 0, "X.509 Certificate for retired key 11", 0, 0, get_doa, 14}, + {PIV_DATA_OBJ_X509_RETIRED12, 1, 0, 0, "X.509 Certificate for retired key 12", 0, 0, get_doa, 15}, + {PIV_DATA_OBJ_X509_RETIRED13, 1, 0, 0, "X.509 Certificate for retired key 13", 0, 0, get_doa, 16}, + {PIV_DATA_OBJ_X509_RETIRED14, 1, 0, 0, "X.509 Certificate for retired key 14", 0, 0, get_doa, 17}, + {PIV_DATA_OBJ_X509_RETIRED15, 1, 0, 0, "X.509 Certificate for retired key 15", 0, 0, get_doa, 18}, + {PIV_DATA_OBJ_X509_RETIRED16, 1, 0, 0, "X.509 Certificate for retired key 16", 0, 0, get_doa, 19}, + {PIV_DATA_OBJ_X509_RETIRED17, 1, 0, 0, "X.509 Certificate for retired key 17", 0, 0, get_doa, 20}, + {PIV_DATA_OBJ_X509_RETIRED18, 1, 0, 0, "X.509 Certificate for retired key 18", 0, 0, get_doa, 21}, + {PIV_DATA_OBJ_X509_RETIRED19, 1, 0, 0, "X.509 Certificate for retired key 19", 0, 0, get_doa, 22}, + {PIV_DATA_OBJ_X509_RETIRED20, 1, 0, 0, "X.509 Certificate for retired key 20", 0, 0, get_doa, 23}, {PIV_DATA_OBJ_CCC, 1, 0, 0, "Card Capability Container", 0, 0, get_doa, 24}, {PIV_DATA_OBJ_CHUI, 1, 0, 0, "Card Holder Unique Identifier", 0, 0, get_doa, 25}, {PIV_DATA_OBJ_CHF, 1, 1, 0, "Card Holder Fingerprints", 0, 0, get_doa, 26}, @@ -62,78 +62,78 @@ static piv_obj_t piv_objects[] = { {PIV_CERT_OBJ_X509_CARD_AUTH, 1, 0, 0, "X.509 Certificate for Card Authentication", 0, 0, get_coa, 1}, {PIV_CERT_OBJ_X509_DS, 1, 0, 0, "X.509 Certificate for Digital Signature", 0, 0, get_coa, 2}, {PIV_CERT_OBJ_X509_KM, 1, 0, 0, "X.509 Certificate for Key Management", 0, 0, get_coa, 3}, - {PIV_CERT_OBJ_X509_RETIRED_1, 1, 0, 0, "X.509 Certificate for retired key 1", 0, 0, get_coa, 4}, - {PIV_CERT_OBJ_X509_RETIRED_2, 1, 0, 0, "X.509 Certificate for retired key 2", 0, 0, get_coa, 5}, - {PIV_CERT_OBJ_X509_RETIRED_3, 1, 0, 0, "X.509 Certificate for retired key 3", 0, 0, get_coa, 6}, - {PIV_CERT_OBJ_X509_RETIRED_4, 1, 0, 0, "X.509 Certificate for retired key 4", 0, 0, get_coa, 7}, - {PIV_CERT_OBJ_X509_RETIRED_5, 1, 0, 0, "X.509 Certificate for retired key 5", 0, 0, get_coa, 8}, - {PIV_CERT_OBJ_X509_RETIRED_6, 1, 0, 0, "X.509 Certificate for retired key 6", 0, 0, get_coa, 9}, - {PIV_CERT_OBJ_X509_RETIRED_7, 1, 0, 0, "X.509 Certificate for retired key 7", 0, 0, get_coa, 10}, - {PIV_CERT_OBJ_X509_RETIRED_8, 1, 0, 0, "X.509 Certificate for retired key 8", 0, 0, get_coa, 11}, - {PIV_CERT_OBJ_X509_RETIRED_9, 1, 0, 0, "X.509 Certificate for retired key 9", 0, 0, get_coa, 12}, - {PIV_CERT_OBJ_X509_RETIRED_10, 1, 0, 0, "X.509 Certificate for retired key 10", 0, 0, get_coa, 13}, - {PIV_CERT_OBJ_X509_RETIRED_11, 1, 0, 0, "X.509 Certificate for retired key 11", 0, 0, get_coa, 14}, - {PIV_CERT_OBJ_X509_RETIRED_12, 1, 0, 0, "X.509 Certificate for retired key 12", 0, 0, get_coa, 15}, - {PIV_CERT_OBJ_X509_RETIRED_13, 1, 0, 0, "X.509 Certificate for retired key 13", 0, 0, get_coa, 16}, - {PIV_CERT_OBJ_X509_RETIRED_14, 1, 0, 0, "X.509 Certificate for retired key 14", 0, 0, get_coa, 17}, - {PIV_CERT_OBJ_X509_RETIRED_15, 1, 0, 0, "X.509 Certificate for retired key 15", 0, 0, get_coa, 18}, - {PIV_CERT_OBJ_X509_RETIRED_16, 1, 0, 0, "X.509 Certificate for retired key 16", 0, 0, get_coa, 19}, - {PIV_CERT_OBJ_X509_RETIRED_17, 1, 0, 0, "X.509 Certificate for retired key 17", 0, 0, get_coa, 20}, - {PIV_CERT_OBJ_X509_RETIRED_18, 1, 0, 0, "X.509 Certificate for retired key 18", 0, 0, get_coa, 21}, - {PIV_CERT_OBJ_X509_RETIRED_19, 1, 0, 0, "X.509 Certificate for retired key 19", 0, 0, get_coa, 22}, - {PIV_CERT_OBJ_X509_RETIRED_20, 1, 0, 0, "X.509 Certificate for retired key 20", 0, 0, get_coa, 23}, + {PIV_CERT_OBJ_X509_RETIRED1, 1, 0, 0, "X.509 Certificate for retired key 1", 0, 0, get_coa, 4}, + {PIV_CERT_OBJ_X509_RETIRED2, 1, 0, 0, "X.509 Certificate for retired key 2", 0, 0, get_coa, 5}, + {PIV_CERT_OBJ_X509_RETIRED3, 1, 0, 0, "X.509 Certificate for retired key 3", 0, 0, get_coa, 6}, + {PIV_CERT_OBJ_X509_RETIRED4, 1, 0, 0, "X.509 Certificate for retired key 4", 0, 0, get_coa, 7}, + {PIV_CERT_OBJ_X509_RETIRED5, 1, 0, 0, "X.509 Certificate for retired key 5", 0, 0, get_coa, 8}, + {PIV_CERT_OBJ_X509_RETIRED6, 1, 0, 0, "X.509 Certificate for retired key 6", 0, 0, get_coa, 9}, + {PIV_CERT_OBJ_X509_RETIRED7, 1, 0, 0, "X.509 Certificate for retired key 7", 0, 0, get_coa, 10}, + {PIV_CERT_OBJ_X509_RETIRED8, 1, 0, 0, "X.509 Certificate for retired key 8", 0, 0, get_coa, 11}, + {PIV_CERT_OBJ_X509_RETIRED9, 1, 0, 0, "X.509 Certificate for retired key 9", 0, 0, get_coa, 12}, + {PIV_CERT_OBJ_X509_RETIRED10, 1, 0, 0, "X.509 Certificate for retired key 10", 0, 0, get_coa, 13}, + {PIV_CERT_OBJ_X509_RETIRED11, 1, 0, 0, "X.509 Certificate for retired key 11", 0, 0, get_coa, 14}, + {PIV_CERT_OBJ_X509_RETIRED12, 1, 0, 0, "X.509 Certificate for retired key 12", 0, 0, get_coa, 15}, + {PIV_CERT_OBJ_X509_RETIRED13, 1, 0, 0, "X.509 Certificate for retired key 13", 0, 0, get_coa, 16}, + {PIV_CERT_OBJ_X509_RETIRED14, 1, 0, 0, "X.509 Certificate for retired key 14", 0, 0, get_coa, 17}, + {PIV_CERT_OBJ_X509_RETIRED15, 1, 0, 0, "X.509 Certificate for retired key 15", 0, 0, get_coa, 18}, + {PIV_CERT_OBJ_X509_RETIRED16, 1, 0, 0, "X.509 Certificate for retired key 16", 0, 0, get_coa, 19}, + {PIV_CERT_OBJ_X509_RETIRED17, 1, 0, 0, "X.509 Certificate for retired key 17", 0, 0, get_coa, 20}, + {PIV_CERT_OBJ_X509_RETIRED18, 1, 0, 0, "X.509 Certificate for retired key 18", 0, 0, get_coa, 21}, + {PIV_CERT_OBJ_X509_RETIRED19, 1, 0, 0, "X.509 Certificate for retired key 19", 0, 0, get_coa, 22}, + {PIV_CERT_OBJ_X509_RETIRED20, 1, 0, 0, "X.509 Certificate for retired key 20", 0, 0, get_coa, 23}, {PIV_CERT_OBJ_LAST, 1, 0, 0, "", 0, 0, NULL, 24}, {PIV_PVTK_OBJ_PIV_AUTH, 1, 1, 0, "Private key for PIV Authentication", 0, 0, get_proa, 0}, // 9a {PIV_PVTK_OBJ_CARD_AUTH, 1, 0, 0, "Private key for Card Authentication", 0, 0, get_proa, 1}, // 9e {PIV_PVTK_OBJ_DS, 1, 1, 0, "Private key for Digital Signature", 0, 0, get_proa, 2}, // 9c {PIV_PVTK_OBJ_KM, 1, 1, 0, "Private key for Key Management", 0, 0, get_proa, 3}, // 9d - {PIV_PVTK_OBJ_RETIRED_1, 1, 1, 0, "Private key for retired key 1", 0, 0, get_proa, 4}, - {PIV_PVTK_OBJ_RETIRED_2, 1, 1, 0, "Private key for retired key 2", 0, 0, get_proa, 5}, - {PIV_PVTK_OBJ_RETIRED_3, 1, 1, 0, "Private key for retired key 3", 0, 0, get_proa, 6}, - {PIV_PVTK_OBJ_RETIRED_4, 1, 1, 0, "Private key for retired key 4", 0, 0, get_proa, 7}, - {PIV_PVTK_OBJ_RETIRED_5, 1, 1, 0, "Private key for retired key 5", 0, 0, get_proa, 8}, - {PIV_PVTK_OBJ_RETIRED_6, 1, 1, 0, "Private key for retired key 6", 0, 0, get_proa, 9}, - {PIV_PVTK_OBJ_RETIRED_7, 1, 1, 0, "Private key for retired key 7", 0, 0, get_proa, 10}, - {PIV_PVTK_OBJ_RETIRED_8, 1, 1, 0, "Private key for retired key 8", 0, 0, get_proa, 11}, - {PIV_PVTK_OBJ_RETIRED_9, 1, 1, 0, "Private key for retired key 9", 0, 0, get_proa, 12}, - {PIV_PVTK_OBJ_RETIRED_10, 1, 1, 0, "Private key for retired key 10", 0, 0, get_proa, 13}, - {PIV_PVTK_OBJ_RETIRED_11, 1, 1, 0, "Private key for retired key 11", 0, 0, get_proa, 14}, - {PIV_PVTK_OBJ_RETIRED_12, 1, 1, 0, "Private key for retired key 12", 0, 0, get_proa, 15}, - {PIV_PVTK_OBJ_RETIRED_13, 1, 1, 0, "Private key for retired key 13", 0, 0, get_proa, 16}, - {PIV_PVTK_OBJ_RETIRED_14, 1, 1, 0, "Private key for retired key 14", 0, 0, get_proa, 17}, - {PIV_PVTK_OBJ_RETIRED_15, 1, 1, 0, "Private key for retired key 15", 0, 0, get_proa, 18}, - {PIV_PVTK_OBJ_RETIRED_16, 1, 1, 0, "Private key for retired key 16", 0, 0, get_proa, 19}, - {PIV_PVTK_OBJ_RETIRED_17, 1, 1, 0, "Private key for retired key 17", 0, 0, get_proa, 20}, - {PIV_PVTK_OBJ_RETIRED_18, 1, 1, 0, "Private key for retired key 18", 0, 0, get_proa, 21}, - {PIV_PVTK_OBJ_RETIRED_19, 1, 1, 0, "Private key for retired key 19", 0, 0, get_proa, 22}, - {PIV_PVTK_OBJ_RETIRED_20, 1, 1, 0, "Private key for retired key 20", 0, 0, get_proa, 23}, + {PIV_PVTK_OBJ_RETIRED1, 1, 1, 0, "Private key for retired key 1", 0, 0, get_proa, 4}, + {PIV_PVTK_OBJ_RETIRED2, 1, 1, 0, "Private key for retired key 2", 0, 0, get_proa, 5}, + {PIV_PVTK_OBJ_RETIRED3, 1, 1, 0, "Private key for retired key 3", 0, 0, get_proa, 6}, + {PIV_PVTK_OBJ_RETIRED4, 1, 1, 0, "Private key for retired key 4", 0, 0, get_proa, 7}, + {PIV_PVTK_OBJ_RETIRED5, 1, 1, 0, "Private key for retired key 5", 0, 0, get_proa, 8}, + {PIV_PVTK_OBJ_RETIRED6, 1, 1, 0, "Private key for retired key 6", 0, 0, get_proa, 9}, + {PIV_PVTK_OBJ_RETIRED7, 1, 1, 0, "Private key for retired key 7", 0, 0, get_proa, 10}, + {PIV_PVTK_OBJ_RETIRED8, 1, 1, 0, "Private key for retired key 8", 0, 0, get_proa, 11}, + {PIV_PVTK_OBJ_RETIRED9, 1, 1, 0, "Private key for retired key 9", 0, 0, get_proa, 12}, + {PIV_PVTK_OBJ_RETIRED10, 1, 1, 0, "Private key for retired key 10", 0, 0, get_proa, 13}, + {PIV_PVTK_OBJ_RETIRED11, 1, 1, 0, "Private key for retired key 11", 0, 0, get_proa, 14}, + {PIV_PVTK_OBJ_RETIRED12, 1, 1, 0, "Private key for retired key 12", 0, 0, get_proa, 15}, + {PIV_PVTK_OBJ_RETIRED13, 1, 1, 0, "Private key for retired key 13", 0, 0, get_proa, 16}, + {PIV_PVTK_OBJ_RETIRED14, 1, 1, 0, "Private key for retired key 14", 0, 0, get_proa, 17}, + {PIV_PVTK_OBJ_RETIRED15, 1, 1, 0, "Private key for retired key 15", 0, 0, get_proa, 18}, + {PIV_PVTK_OBJ_RETIRED16, 1, 1, 0, "Private key for retired key 16", 0, 0, get_proa, 19}, + {PIV_PVTK_OBJ_RETIRED17, 1, 1, 0, "Private key for retired key 17", 0, 0, get_proa, 20}, + {PIV_PVTK_OBJ_RETIRED18, 1, 1, 0, "Private key for retired key 18", 0, 0, get_proa, 21}, + {PIV_PVTK_OBJ_RETIRED19, 1, 1, 0, "Private key for retired key 19", 0, 0, get_proa, 22}, + {PIV_PVTK_OBJ_RETIRED20, 1, 1, 0, "Private key for retired key 20", 0, 0, get_proa, 23}, {PIV_PVTK_OBJ_LAST, 1, 0, 0, "", 0, 0, NULL, 24}, {PIV_PUBK_OBJ_PIV_AUTH, 1, 0, 0, "Public key for PIV Authentication", 0, 0, get_puoa, 0}, {PIV_PUBK_OBJ_CARD_AUTH, 1, 0, 0, "Public key for Card Authentication", 0, 0, get_puoa, 1}, {PIV_PUBK_OBJ_DS, 1, 0, 0, "Public key for Digital Signature", 0, 0, get_puoa, 2}, {PIV_PUBK_OBJ_KM, 1, 0, 0, "Public key for Key Management", 0, 0, get_puoa, 3}, - {PIV_PUBK_OBJ_RETIRED_1, 1, 0, 0, "Public key for retired key 1", 0, 0, get_puoa, 4}, - {PIV_PUBK_OBJ_RETIRED_2, 1, 0, 0, "Public key for retired key 2", 0, 0, get_puoa, 5}, - {PIV_PUBK_OBJ_RETIRED_3, 1, 0, 0, "Public key for retired key 3", 0, 0, get_puoa, 6}, - {PIV_PUBK_OBJ_RETIRED_4, 1, 0, 0, "Public key for retired key 4", 0, 0, get_puoa, 7}, - {PIV_PUBK_OBJ_RETIRED_5, 1, 0, 0, "Public key for retired key 5", 0, 0, get_puoa, 8}, - {PIV_PUBK_OBJ_RETIRED_6, 1, 0, 0, "Public key for retired key 6", 0, 0, get_puoa, 9}, - {PIV_PUBK_OBJ_RETIRED_7, 1, 0, 0, "Public key for retired key 7", 0, 0, get_puoa, 10}, - {PIV_PUBK_OBJ_RETIRED_8, 1, 0, 0, "Public key for retired key 8", 0, 0, get_puoa, 11}, - {PIV_PUBK_OBJ_RETIRED_9, 1, 0, 0, "Public key for retired key 9", 0, 0, get_puoa, 12}, - {PIV_PUBK_OBJ_RETIRED_10, 1, 0, 0, "Public key for retired key 10", 0, 0, get_puoa, 13}, - {PIV_PUBK_OBJ_RETIRED_11, 1, 0, 0, "Public key for retired key 11", 0, 0, get_puoa, 14}, - {PIV_PUBK_OBJ_RETIRED_12, 1, 0, 0, "Public key for retired key 12", 0, 0, get_puoa, 15}, - {PIV_PUBK_OBJ_RETIRED_13, 1, 0, 0, "Public key for retired key 13", 0, 0, get_puoa, 16}, - {PIV_PUBK_OBJ_RETIRED_14, 1, 0, 0, "Public key for retired key 14", 0, 0, get_puoa, 17}, - {PIV_PUBK_OBJ_RETIRED_15, 1, 0, 0, "Public key for retired key 15", 0, 0, get_puoa, 18}, - {PIV_PUBK_OBJ_RETIRED_16, 1, 0, 0, "Public key for retired key 16", 0, 0, get_puoa, 19}, - {PIV_PUBK_OBJ_RETIRED_17, 1, 0, 0, "Public key for retired key 17", 0, 0, get_puoa, 20}, - {PIV_PUBK_OBJ_RETIRED_18, 1, 0, 0, "Public key for retired key 18", 0, 0, get_puoa, 21}, - {PIV_PUBK_OBJ_RETIRED_19, 1, 0, 0, "Public key for retired key 19", 0, 0, get_puoa, 22}, - {PIV_PUBK_OBJ_RETIRED_20, 1, 0, 0, "Public key for retired key 20", 0, 0, get_puoa, 23}, + {PIV_PUBK_OBJ_RETIRED1, 1, 0, 0, "Public key for retired key 1", 0, 0, get_puoa, 4}, + {PIV_PUBK_OBJ_RETIRED2, 1, 0, 0, "Public key for retired key 2", 0, 0, get_puoa, 5}, + {PIV_PUBK_OBJ_RETIRED3, 1, 0, 0, "Public key for retired key 3", 0, 0, get_puoa, 6}, + {PIV_PUBK_OBJ_RETIRED4, 1, 0, 0, "Public key for retired key 4", 0, 0, get_puoa, 7}, + {PIV_PUBK_OBJ_RETIRED5, 1, 0, 0, "Public key for retired key 5", 0, 0, get_puoa, 8}, + {PIV_PUBK_OBJ_RETIRED6, 1, 0, 0, "Public key for retired key 6", 0, 0, get_puoa, 9}, + {PIV_PUBK_OBJ_RETIRED7, 1, 0, 0, "Public key for retired key 7", 0, 0, get_puoa, 10}, + {PIV_PUBK_OBJ_RETIRED8, 1, 0, 0, "Public key for retired key 8", 0, 0, get_puoa, 11}, + {PIV_PUBK_OBJ_RETIRED9, 1, 0, 0, "Public key for retired key 9", 0, 0, get_puoa, 12}, + {PIV_PUBK_OBJ_RETIRED10, 1, 0, 0, "Public key for retired key 10", 0, 0, get_puoa, 13}, + {PIV_PUBK_OBJ_RETIRED11, 1, 0, 0, "Public key for retired key 11", 0, 0, get_puoa, 14}, + {PIV_PUBK_OBJ_RETIRED12, 1, 0, 0, "Public key for retired key 12", 0, 0, get_puoa, 15}, + {PIV_PUBK_OBJ_RETIRED13, 1, 0, 0, "Public key for retired key 13", 0, 0, get_puoa, 16}, + {PIV_PUBK_OBJ_RETIRED14, 1, 0, 0, "Public key for retired key 14", 0, 0, get_puoa, 17}, + {PIV_PUBK_OBJ_RETIRED15, 1, 0, 0, "Public key for retired key 15", 0, 0, get_puoa, 18}, + {PIV_PUBK_OBJ_RETIRED16, 1, 0, 0, "Public key for retired key 16", 0, 0, get_puoa, 19}, + {PIV_PUBK_OBJ_RETIRED17, 1, 0, 0, "Public key for retired key 17", 0, 0, get_puoa, 20}, + {PIV_PUBK_OBJ_RETIRED18, 1, 0, 0, "Public key for retired key 18", 0, 0, get_puoa, 21}, + {PIV_PUBK_OBJ_RETIRED19, 1, 0, 0, "Public key for retired key 19", 0, 0, get_puoa, 22}, + {PIV_PUBK_OBJ_RETIRED20, 1, 0, 0, "Public key for retired key 20", 0, 0, get_puoa, 23}, {PIV_PUBK_OBJ_LAST, 1, 0, 0, "", 0, 0, NULL, 24} }; @@ -1002,7 +1002,6 @@ CK_RV get_puoa(CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_PTR template) { } CK_ULONG piv_2_ykpiv(piv_obj_id_t id) { - // TODO: add retired keys switch(id) { case PIV_CERT_OBJ_X509_PIV_AUTH: return YKPIV_OBJ_AUTHENTICATION; @@ -1016,6 +1015,66 @@ CK_ULONG piv_2_ykpiv(piv_obj_id_t id) { case PIV_CERT_OBJ_X509_KM: return YKPIV_OBJ_KEY_MANAGEMENT; + case PIV_CERT_OBJ_X509_RETIRED1: + return YKPIV_OBJ_RETIRED1; + + case PIV_CERT_OBJ_X509_RETIRED2: + return YKPIV_OBJ_RETIRED2; + + case PIV_CERT_OBJ_X509_RETIRED3: + return YKPIV_OBJ_RETIRED3; + + case PIV_CERT_OBJ_X509_RETIRED4: + return YKPIV_OBJ_RETIRED4; + + case PIV_CERT_OBJ_X509_RETIRED5: + return YKPIV_OBJ_RETIRED5; + + case PIV_CERT_OBJ_X509_RETIRED6: + return YKPIV_OBJ_RETIRED6; + + case PIV_CERT_OBJ_X509_RETIRED7: + return YKPIV_OBJ_RETIRED7; + + case PIV_CERT_OBJ_X509_RETIRED8: + return YKPIV_OBJ_RETIRED8; + + case PIV_CERT_OBJ_X509_RETIRED9: + return YKPIV_OBJ_RETIRED9; + + case PIV_CERT_OBJ_X509_RETIRED10: + return YKPIV_OBJ_RETIRED10; + + case PIV_CERT_OBJ_X509_RETIRED11: + return YKPIV_OBJ_RETIRED11; + + case PIV_CERT_OBJ_X509_RETIRED12: + return YKPIV_OBJ_RETIRED12; + + case PIV_CERT_OBJ_X509_RETIRED13: + return YKPIV_OBJ_RETIRED13; + + case PIV_CERT_OBJ_X509_RETIRED14: + return YKPIV_OBJ_RETIRED14; + + case PIV_CERT_OBJ_X509_RETIRED15: + return YKPIV_OBJ_RETIRED15; + + case PIV_CERT_OBJ_X509_RETIRED16: + return YKPIV_OBJ_RETIRED16; + + case PIV_CERT_OBJ_X509_RETIRED17: + return YKPIV_OBJ_RETIRED17; + + case PIV_CERT_OBJ_X509_RETIRED18: + return YKPIV_OBJ_RETIRED18; + + case PIV_CERT_OBJ_X509_RETIRED19: + return YKPIV_OBJ_RETIRED19; + + case PIV_CERT_OBJ_X509_RETIRED20: + return YKPIV_OBJ_RETIRED20; + case PIV_PVTK_OBJ_PIV_AUTH: return YKPIV_KEY_AUTHENTICATION; @@ -1028,6 +1087,66 @@ CK_ULONG piv_2_ykpiv(piv_obj_id_t id) { case PIV_PVTK_OBJ_KM: return YKPIV_KEY_KEYMGM; + case PIV_PVTK_OBJ_RETIRED1: + return YKPIV_KEY_RETIRED1; + + case PIV_PVTK_OBJ_RETIRED2: + return YKPIV_KEY_RETIRED2; + + case PIV_PVTK_OBJ_RETIRED3: + return YKPIV_KEY_RETIRED3; + + case PIV_PVTK_OBJ_RETIRED4: + return YKPIV_KEY_RETIRED4; + + case PIV_PVTK_OBJ_RETIRED5: + return YKPIV_KEY_RETIRED5; + + case PIV_PVTK_OBJ_RETIRED6: + return YKPIV_KEY_RETIRED6; + + case PIV_PVTK_OBJ_RETIRED7: + return YKPIV_KEY_RETIRED7; + + case PIV_PVTK_OBJ_RETIRED8: + return YKPIV_KEY_RETIRED8; + + case PIV_PVTK_OBJ_RETIRED9: + return YKPIV_KEY_RETIRED9; + + case PIV_PVTK_OBJ_RETIRED10: + return YKPIV_KEY_RETIRED10; + + case PIV_PVTK_OBJ_RETIRED11: + return YKPIV_KEY_RETIRED11; + + case PIV_PVTK_OBJ_RETIRED12: + return YKPIV_KEY_RETIRED12; + + case PIV_PVTK_OBJ_RETIRED13: + return YKPIV_KEY_RETIRED13; + + case PIV_PVTK_OBJ_RETIRED14: + return YKPIV_KEY_RETIRED14; + + case PIV_PVTK_OBJ_RETIRED15: + return YKPIV_KEY_RETIRED15; + + case PIV_PVTK_OBJ_RETIRED16: + return YKPIV_KEY_RETIRED16; + + case PIV_PVTK_OBJ_RETIRED17: + return YKPIV_KEY_RETIRED17; + + case PIV_PVTK_OBJ_RETIRED18: + return YKPIV_KEY_RETIRED18; + + case PIV_PVTK_OBJ_RETIRED19: + return YKPIV_KEY_RETIRED19; + + case PIV_PVTK_OBJ_RETIRED20: + return YKPIV_KEY_RETIRED20; + default: return 0ul; } diff --git a/ykcs11/yubico_token.c b/ykcs11/yubico_token.c index 7210a29..f562203 100644 --- a/ykcs11/yubico_token.c +++ b/ykcs11/yubico_token.c @@ -228,9 +228,10 @@ static CK_RV get_objects(ykpiv_state *state, CK_BBOOL num_only, CK_BYTE buf[2048]; CK_ULONG buf_len; - piv_obj_id_t certs[4]; // TODO: this can be > 4 if there are retired keys - piv_obj_id_t pvtkeys[4]; - piv_obj_id_t pubkeys[4]; + piv_obj_id_t certs[24]; + piv_obj_id_t pvtkeys[24]; + piv_obj_id_t pubkeys[24]; + CK_ULONG i; CK_ULONG n_cert = 0; if (state == NULL || len == NULL_PTR) @@ -275,6 +276,17 @@ static CK_RV get_objects(ykpiv_state *state, CK_BBOOL num_only, DBG("Found KMK cert (9d)"); } + for (i = 0; i < 20; i++) { + buf_len = sizeof(buf); + if (ykpiv_fetch_object(state, YKPIV_OBJ_RETIRED1 + i, buf, &buf_len) == YKPIV_OK) { + certs[n_cert] = PIV_CERT_OBJ_X509_RETIRED1 + i; + pvtkeys[n_cert] = PIV_PVTK_OBJ_RETIRED1 + i; + pubkeys[n_cert] = PIV_PUBK_OBJ_RETIRED1 + i; + n_cert++; + DBG("Found RETIRED cert (%lx)", 0x82 + i); + } + } + DBG("The total number of objects for this token is %lu", (n_cert * 3) + token_objects_num); if (num_only == CK_TRUE) {