add a verify-pin action (needed for signing request)
This commit is contained in:
+2
-1
@@ -27,7 +27,7 @@
|
|||||||
option "verbose" v "Print more information" int optional default="0" argoptional
|
option "verbose" v "Print more information" int optional default="0" argoptional
|
||||||
option "reader" r "Only use a matching reader" string optional default="Yubikey"
|
option "reader" r "Only use a matching reader" string optional default="Yubikey"
|
||||||
option "key" k "Authentication key to use" string optional default="010203040506070801020304050607080102030405060708"
|
option "key" k "Authentication key to use" string optional default="010203040506070801020304050607080102030405060708"
|
||||||
option "action" a "Action to take" values="version","generate","set-mgm-key","reset","pin-retries","import-key","import-certificate","set-chuid","request-certificate" enum multiple
|
option "action" a "Action to take" values="version","generate","set-mgm-key","reset","pin-retries","import-key","import-certificate","set-chuid","request-certificate","verify-pin" enum multiple
|
||||||
option "slot" s "What key slot to operate on" values="9a","9c","9d","9e" enum optional
|
option "slot" s "What key slot to operate on" values="9a","9c","9d","9e" enum optional
|
||||||
option "algorithm" A "What algorithm to use" values="RSA1024","RSA2048","ECCP256" enum optional default="RSA2048"
|
option "algorithm" A "What algorithm to use" values="RSA1024","RSA2048","ECCP256" enum optional default="RSA2048"
|
||||||
option "new-key" n "New authentication key to use" string optional
|
option "new-key" n "New authentication key to use" string optional
|
||||||
@@ -38,3 +38,4 @@ option "output" o "Filename to use as output, - for stdout" string optional defa
|
|||||||
option "key-format" K "Format of the key being read/written" values="PEM","PKCS12" enum optional default="PEM"
|
option "key-format" K "Format of the key being read/written" values="PEM","PKCS12" enum optional default="PEM"
|
||||||
option "password" p "Password for decryption of private key file" string optional
|
option "password" p "Password for decryption of private key file" string optional
|
||||||
option "subject" S "The subject to use for certificate request" string optional
|
option "subject" S "The subject to use for certificate request" string optional
|
||||||
|
option "pin" P "Pin code for verification" string optional
|
||||||
|
|||||||
@@ -921,6 +921,33 @@ request_out:
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static bool verify_pin(SCARDHANDLE *card, const char *pin, int verbose) {
|
||||||
|
APDU apdu;
|
||||||
|
unsigned char data[0xff];
|
||||||
|
unsigned long recv_len = sizeof(data);
|
||||||
|
int sw;
|
||||||
|
int len = strlen(pin);
|
||||||
|
|
||||||
|
if(len > 8) {
|
||||||
|
fprintf(stderr, "Maximum 8 digits of PIN supported.\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
memset(apdu.raw, 0, sizeof(apdu.raw));
|
||||||
|
apdu.st.ins = 0x20;
|
||||||
|
apdu.st.p1 = 0x00;
|
||||||
|
apdu.st.p2 = 0x80;
|
||||||
|
apdu.st.lc = 0x08;
|
||||||
|
memcpy(apdu.st.data, pin, len);
|
||||||
|
if(len < 8) {
|
||||||
|
memset(apdu.st.data + len, 0xff, 8 - len);
|
||||||
|
}
|
||||||
|
sw = send_data(card, &apdu, apdu.st.lc + 5, data, &recv_len, verbose);
|
||||||
|
if(sw != 0x9000) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
static unsigned char get_algorithm(EVP_PKEY *key) {
|
static unsigned char get_algorithm(EVP_PKEY *key) {
|
||||||
int type = EVP_PKEY_type(key->type);
|
int type = EVP_PKEY_type(key->type);
|
||||||
switch(type) {
|
switch(type) {
|
||||||
@@ -1219,6 +1246,19 @@ int main(int argc, char *argv[]) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
case action_arg_verifyMINUS_pin:
|
||||||
|
if(args_info.pin_arg) {
|
||||||
|
if(verify_pin(&card, args_info.pin_arg, verbosity)) {
|
||||||
|
printf("Successfully verified PIN.\n");
|
||||||
|
} else {
|
||||||
|
fprintf(stderr, "Failed to verify PIN.\n");
|
||||||
|
return EXIT_FAILURE;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
fprintf(stderr, "The verify-pin action needs a pin (-P).\n");
|
||||||
|
return EXIT_FAILURE;
|
||||||
|
}
|
||||||
|
break;
|
||||||
case action__NULL:
|
case action__NULL:
|
||||||
default:
|
default:
|
||||||
fprintf(stderr, "Wrong action. %d.\n", action);
|
fprintf(stderr, "Wrong action. %d.\n", action);
|
||||||
|
|||||||
Reference in New Issue
Block a user