add touch tlv for generate and import-key
This commit is contained in:
@@ -152,6 +152,10 @@ extern "C"
|
|||||||
#define YKPIV_PINPOLICY_ONCE 2
|
#define YKPIV_PINPOLICY_ONCE 2
|
||||||
#define YKPIV_PINPOLICY_ALWAYS 3
|
#define YKPIV_PINPOLICY_ALWAYS 3
|
||||||
|
|
||||||
|
#define YKPIV_TOUCHPOLICY_TAG 0xab
|
||||||
|
#define YKPIV_TOUCHPOLICY_NEVER 1
|
||||||
|
#define YKPIV_TOUCHPOLICY_ALWAYS 2
|
||||||
|
|
||||||
#define IS_ECKEY(a) ((a == YKPIV_ALGO_ECCP256 || a == YKPIV_ALGO_ECCP384))
|
#define IS_ECKEY(a) ((a == YKPIV_ALGO_ECCP256 || a == YKPIV_ALGO_ECCP384))
|
||||||
#define IS_RSAKEY(a) ((a == YKPIV_ALGO_RSA1024 || a == YKPIV_ALGO_RSA2048))
|
#define IS_RSAKEY(a) ((a == YKPIV_ALGO_RSA1024 || a == YKPIV_ALGO_RSA2048))
|
||||||
|
|
||||||
|
|||||||
@@ -59,3 +59,4 @@ option "pin" P "Pin/puk code for verification" string optional
|
|||||||
option "new-pin" N "New pin/puk code for changing" string optional dependon="pin"
|
option "new-pin" N "New pin/puk code for changing" string optional dependon="pin"
|
||||||
option "sign" - "Sign data" flag off hidden
|
option "sign" - "Sign data" flag off hidden
|
||||||
option "pin-policy" - "Set pin policy for action generate or import-key" values="never","once","always" enum optional
|
option "pin-policy" - "Set pin policy for action generate or import-key" values="never","once","always" enum optional
|
||||||
|
option "touch-policy" - "Set touch policy for action generate or import-key" values="never","always" enum optional
|
||||||
|
|||||||
+12
@@ -418,3 +418,15 @@ unsigned char get_pin_policy(enum enum_pin_policy policy) {
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
unsigned char get_touch_policy(enum enum_touch_policy policy) {
|
||||||
|
switch(policy) {
|
||||||
|
case touch_policy_arg_never:
|
||||||
|
return YKPIV_TOUCHPOLICY_NEVER;
|
||||||
|
case touch_policy_arg_always:
|
||||||
|
return YKPIV_TOUCHPOLICY_ALWAYS;
|
||||||
|
case touch_policy__NULL:
|
||||||
|
default:
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
@@ -51,5 +51,6 @@ const EVP_MD *get_hash(enum enum_hash, const unsigned char**, size_t*);
|
|||||||
int get_hashnid(enum enum_hash, unsigned char);
|
int get_hashnid(enum enum_hash, unsigned char);
|
||||||
unsigned char get_piv_algorithm(enum enum_algorithm);
|
unsigned char get_piv_algorithm(enum enum_algorithm);
|
||||||
unsigned char get_pin_policy(enum enum_pin_policy);
|
unsigned char get_pin_policy(enum enum_pin_policy);
|
||||||
|
unsigned char get_touch_policy(enum enum_touch_policy);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
+17
-5
@@ -86,8 +86,9 @@ static void print_version(ykpiv_state *state, const char *output_file_name) {
|
|||||||
|
|
||||||
static bool generate_key(ykpiv_state *state, const char *slot,
|
static bool generate_key(ykpiv_state *state, const char *slot,
|
||||||
enum enum_algorithm algorithm, const char *output_file_name,
|
enum enum_algorithm algorithm, const char *output_file_name,
|
||||||
enum enum_key_format key_format, enum enum_pin_policy pin_policy) {
|
enum enum_key_format key_format, enum enum_pin_policy pin_policy,
|
||||||
unsigned char in_data[8];
|
enum enum_touch_policy touch_policy) {
|
||||||
|
unsigned char in_data[11];
|
||||||
unsigned char *in_ptr = in_data;
|
unsigned char *in_ptr = in_data;
|
||||||
unsigned char data[1024];
|
unsigned char data[1024];
|
||||||
unsigned char templ[] = {0, YKPIV_INS_GENERATE_ASYMMERTRIC, 0, 0};
|
unsigned char templ[] = {0, YKPIV_INS_GENERATE_ASYMMERTRIC, 0, 0};
|
||||||
@@ -127,6 +128,12 @@ static bool generate_key(ykpiv_state *state, const char *slot,
|
|||||||
*in_ptr++ = 1;
|
*in_ptr++ = 1;
|
||||||
*in_ptr++ = get_pin_policy(pin_policy);
|
*in_ptr++ = get_pin_policy(pin_policy);
|
||||||
}
|
}
|
||||||
|
if(touch_policy != touch_policy__NULL) {
|
||||||
|
in_data[1] += 3;
|
||||||
|
*in_ptr++ = YKPIV_TOUCHPOLICY_TAG;
|
||||||
|
*in_ptr++ = 1;
|
||||||
|
*in_ptr++ = get_touch_policy(touch_policy);
|
||||||
|
}
|
||||||
if(ykpiv_transfer_data(state, templ, in_data, in_ptr - in_data, data,
|
if(ykpiv_transfer_data(state, templ, in_data, in_ptr - in_data, data,
|
||||||
&recv_len, &sw) != YKPIV_OK) {
|
&recv_len, &sw) != YKPIV_OK) {
|
||||||
fprintf(stderr, "Failed to communicate.\n");
|
fprintf(stderr, "Failed to communicate.\n");
|
||||||
@@ -287,7 +294,7 @@ static bool set_pin_retries(ykpiv_state *state, int pin_retries, int puk_retries
|
|||||||
|
|
||||||
static bool import_key(ykpiv_state *state, enum enum_key_format key_format,
|
static bool import_key(ykpiv_state *state, enum enum_key_format key_format,
|
||||||
const char *input_file_name, const char *slot, char *password,
|
const char *input_file_name, const char *slot, char *password,
|
||||||
enum enum_pin_policy pin_policy) {
|
enum enum_pin_policy pin_policy, enum enum_touch_policy touch_policy) {
|
||||||
int key = 0;
|
int key = 0;
|
||||||
FILE *input_file = NULL;
|
FILE *input_file = NULL;
|
||||||
EVP_PKEY *private_key = NULL;
|
EVP_PKEY *private_key = NULL;
|
||||||
@@ -405,6 +412,11 @@ static bool import_key(ykpiv_state *state, enum enum_key_format key_format,
|
|||||||
*in_ptr++ = 1;
|
*in_ptr++ = 1;
|
||||||
*in_ptr++ = get_pin_policy(pin_policy);
|
*in_ptr++ = get_pin_policy(pin_policy);
|
||||||
}
|
}
|
||||||
|
if(touch_policy != touch_policy__NULL) {
|
||||||
|
*in_ptr++ = YKPIV_TOUCHPOLICY_TAG;
|
||||||
|
*in_ptr++ = 1;
|
||||||
|
*in_ptr++ = get_touch_policy(touch_policy);
|
||||||
|
}
|
||||||
|
|
||||||
if(ykpiv_transfer_data(state, templ, in_data, in_ptr - in_data, data,
|
if(ykpiv_transfer_data(state, templ, in_data, in_ptr - in_data, data,
|
||||||
&recv_len, &sw) != YKPIV_OK) {
|
&recv_len, &sw) != YKPIV_OK) {
|
||||||
@@ -1674,7 +1686,7 @@ int main(int argc, char *argv[]) {
|
|||||||
break;
|
break;
|
||||||
case action_arg_generate:
|
case action_arg_generate:
|
||||||
if(generate_key(state, args_info.slot_orig, args_info.algorithm_arg, args_info.output_arg, args_info.key_format_arg,
|
if(generate_key(state, args_info.slot_orig, args_info.algorithm_arg, args_info.output_arg, args_info.key_format_arg,
|
||||||
args_info.pin_policy_arg) == false) {
|
args_info.pin_policy_arg, args_info.touch_policy_arg) == false) {
|
||||||
ret = EXIT_FAILURE;
|
ret = EXIT_FAILURE;
|
||||||
} else {
|
} else {
|
||||||
fprintf(stderr, "Successfully generated a new private key.\n");
|
fprintf(stderr, "Successfully generated a new private key.\n");
|
||||||
@@ -1716,7 +1728,7 @@ int main(int argc, char *argv[]) {
|
|||||||
break;
|
break;
|
||||||
case action_arg_importMINUS_key:
|
case action_arg_importMINUS_key:
|
||||||
if(import_key(state, args_info.key_format_arg, args_info.input_arg, args_info.slot_orig, args_info.password_arg,
|
if(import_key(state, args_info.key_format_arg, args_info.input_arg, args_info.slot_orig, args_info.password_arg,
|
||||||
args_info.pin_policy_arg) == false) {
|
args_info.pin_policy_arg, args_info.touch_policy_arg) == false) {
|
||||||
ret = EXIT_FAILURE;
|
ret = EXIT_FAILURE;
|
||||||
} else {
|
} else {
|
||||||
fprintf(stderr, "Successfully imported a new private key.\n");
|
fprintf(stderr, "Successfully imported a new private key.\n");
|
||||||
|
|||||||
Reference in New Issue
Block a user