Move YK4 insecure on-chip key generation prevention from yubico-piv-tool to libykpiv

This commit is contained in:
Trevor Bentley
2017-10-24 15:59:44 +02:00
parent 15f533d7de
commit c2f86d0a0f
2 changed files with 18 additions and 16 deletions
-16
View File
@@ -141,22 +141,6 @@ static bool generate_key(ykpiv_state *state, enum enum_slot slot,
size_t mod_len = 0;
size_t exp_len = 0;
size_t point_len = 0;
char version[7];
if(algorithm == algorithm_arg_RSA1024 || algorithm == algorithm_arg_RSA2048) {
if(ykpiv_get_version(state, version, sizeof(version)) == YKPIV_OK) {
int major, minor, build;
int match = sscanf(version, "%d.%d.%d", &major, &minor, &build);
if(match == 3 && major == 4 && (minor < 3 || (minor == 3 && build < 5))) {
fprintf(stderr, "On-chip RSA key generation on this YubiKey has been blocked.\n");
fprintf(stderr, "Please see https://yubi.co/ysa201701/ for details.\n");
return false;
}
} else {
fprintf(stderr, "Failed to communicate.\n");
return false;
}
}
key = get_slot_hex(slot);