Add gzip support to ykpiv_util_import_certificate(), and use in yubico-piv-tool

This commit is contained in:
Trevor Bentley
2017-09-18 16:24:39 +02:00
parent 8135a55200
commit ded78751a0
6 changed files with 64 additions and 31 deletions
+45
View File
@@ -255,6 +255,51 @@ int set_length(unsigned char *buffer, int length) {
}
}
int get_slot_hex(enum enum_slot slot_enum) {
int slot = -1;
switch (slot_enum) {
case slot_arg_9a:
slot = 0x9a;
break;
case slot_arg_9c:
case slot_arg_9d:
case slot_arg_9e:
slot = 0x9c + ((int)slot_enum - (int)slot_arg_9c);
break;
case slot_arg_82:
case slot_arg_83:
case slot_arg_84:
case slot_arg_85:
case slot_arg_86:
case slot_arg_87:
case slot_arg_88:
case slot_arg_89:
case slot_arg_8a:
case slot_arg_8b:
case slot_arg_8c:
case slot_arg_8d:
case slot_arg_8e:
case slot_arg_8f:
case slot_arg_90:
case slot_arg_91:
case slot_arg_92:
case slot_arg_93:
case slot_arg_94:
case slot_arg_95:
slot = 0x82 + ((int)slot_enum - (int)slot_arg_82);
break;
case slot_arg_f9:
slot = 0xf9;
break;
case slot__NULL:
default:
slot = -1;
}
return slot;
}
int get_object_id(enum enum_slot slot) {
int object;
+1
View File
@@ -47,6 +47,7 @@ int get_length(const unsigned char*, int*);
X509_NAME *parse_name(const char*);
unsigned char get_algorithm(EVP_PKEY*);
FILE *open_file(const char*, int);
int get_slot_hex(enum enum_slot slot_enum);
int get_object_id(enum enum_slot slot);
int key_to_object_id(int key);
bool set_component(unsigned char *in_ptr, const BIGNUM *bn, int element_len);
+3 -20
View File
@@ -495,35 +495,18 @@ static bool import_cert(ykpiv_state *state, enum enum_key_format cert_format,
}
{
unsigned char certdata[3072];
unsigned char certdata[YKPIV_OBJ_MAX_SIZE];
unsigned char *certptr = certdata;
int object = get_object_id(slot);
ykpiv_rc res;
if(4 + cert_len + 5 > sizeof(certdata)) { /* 4 is prefix size, 5 is postfix size */
fprintf(stderr, "Certificate is too large to fit in buffer.\n");
goto import_cert_out;
}
*certptr++ = 0x70;
certptr += set_length(certptr, cert_len);
if (compress) {
if (fread(certptr, 1, (size_t)cert_len, input_file) != (size_t)cert_len) {
if (fread(certdata, 1, (size_t)cert_len, input_file) != (size_t)cert_len) {
fprintf(stderr, "Failed to read compressed certificate\n");
goto import_cert_out;
}
certptr += cert_len;
} else {
/* i2d_X509 increments certptr here.. */
i2d_X509(cert, &certptr);
}
*certptr++ = 0x71;
*certptr++ = 1;
*certptr++ = compress; /* certinfo (gzip etc) */
*certptr++ = 0xfe; /* LRC */
*certptr++ = 0;
if((res = ykpiv_save_object(state, object, certdata, (size_t)(certptr - certdata))) != YKPIV_OK) {
if ((res = ykpiv_util_write_cert(state, get_slot_hex(slot), certdata, cert_len, compress)) != YKPIV_OK) {
fprintf(stderr, "Failed commands with device: %s\n", ykpiv_strerror(res));
} else {
ret = true;