diff --git a/cmdline.ggo b/cmdline.ggo index 3a5d990..ccb1676 100644 --- a/cmdline.ggo +++ b/cmdline.ggo @@ -27,7 +27,7 @@ option "verbose" v "Print more information" int optional default="0" argoptional option "reader" r "Only use a matching reader" string optional default="Yubikey" option "key" k "Authentication key to use" string optional default="010203040506070801020304050607080102030405060708" -option "action" a "Action to take" values="version","generate","set-mgm-key","reset","pin-retries","import-key","import-certificate","set-chuid","request-certificate" enum multiple +option "action" a "Action to take" values="version","generate","set-mgm-key","reset","pin-retries","import-key","import-certificate","set-chuid","request-certificate","verify-pin" enum multiple option "slot" s "What key slot to operate on" values="9a","9c","9d","9e" enum optional option "algorithm" A "What algorithm to use" values="RSA1024","RSA2048","ECCP256" enum optional default="RSA2048" option "new-key" n "New authentication key to use" string optional @@ -38,3 +38,4 @@ option "output" o "Filename to use as output, - for stdout" string optional defa option "key-format" K "Format of the key being read/written" values="PEM","PKCS12" enum optional default="PEM" option "password" p "Password for decryption of private key file" string optional option "subject" S "The subject to use for certificate request" string optional +option "pin" P "Pin code for verification" string optional diff --git a/yubico-piv-tool.c b/yubico-piv-tool.c index 77b4e60..7073fd6 100644 --- a/yubico-piv-tool.c +++ b/yubico-piv-tool.c @@ -921,6 +921,33 @@ request_out: return ret; } +static bool verify_pin(SCARDHANDLE *card, const char *pin, int verbose) { + APDU apdu; + unsigned char data[0xff]; + unsigned long recv_len = sizeof(data); + int sw; + int len = strlen(pin); + + if(len > 8) { + fprintf(stderr, "Maximum 8 digits of PIN supported.\n"); + } + + memset(apdu.raw, 0, sizeof(apdu.raw)); + apdu.st.ins = 0x20; + apdu.st.p1 = 0x00; + apdu.st.p2 = 0x80; + apdu.st.lc = 0x08; + memcpy(apdu.st.data, pin, len); + if(len < 8) { + memset(apdu.st.data + len, 0xff, 8 - len); + } + sw = send_data(card, &apdu, apdu.st.lc + 5, data, &recv_len, verbose); + if(sw != 0x9000) { + return false; + } + return true; +} + static unsigned char get_algorithm(EVP_PKEY *key) { int type = EVP_PKEY_type(key->type); switch(type) { @@ -1219,6 +1246,19 @@ int main(int argc, char *argv[]) { } } break; + case action_arg_verifyMINUS_pin: + if(args_info.pin_arg) { + if(verify_pin(&card, args_info.pin_arg, verbosity)) { + printf("Successfully verified PIN.\n"); + } else { + fprintf(stderr, "Failed to verify PIN.\n"); + return EXIT_FAILURE; + } + } else { + fprintf(stderr, "The verify-pin action needs a pin (-P).\n"); + return EXIT_FAILURE; + } + break; case action__NULL: default: fprintf(stderr, "Wrong action. %d.\n", action);