Add gzip support to ykpiv_util_import_certificate(), and use in yubico-piv-tool
This commit is contained in:
+45
@@ -255,6 +255,51 @@ int set_length(unsigned char *buffer, int length) {
|
||||
}
|
||||
}
|
||||
|
||||
int get_slot_hex(enum enum_slot slot_enum) {
|
||||
int slot = -1;
|
||||
|
||||
switch (slot_enum) {
|
||||
case slot_arg_9a:
|
||||
slot = 0x9a;
|
||||
break;
|
||||
case slot_arg_9c:
|
||||
case slot_arg_9d:
|
||||
case slot_arg_9e:
|
||||
slot = 0x9c + ((int)slot_enum - (int)slot_arg_9c);
|
||||
break;
|
||||
case slot_arg_82:
|
||||
case slot_arg_83:
|
||||
case slot_arg_84:
|
||||
case slot_arg_85:
|
||||
case slot_arg_86:
|
||||
case slot_arg_87:
|
||||
case slot_arg_88:
|
||||
case slot_arg_89:
|
||||
case slot_arg_8a:
|
||||
case slot_arg_8b:
|
||||
case slot_arg_8c:
|
||||
case slot_arg_8d:
|
||||
case slot_arg_8e:
|
||||
case slot_arg_8f:
|
||||
case slot_arg_90:
|
||||
case slot_arg_91:
|
||||
case slot_arg_92:
|
||||
case slot_arg_93:
|
||||
case slot_arg_94:
|
||||
case slot_arg_95:
|
||||
slot = 0x82 + ((int)slot_enum - (int)slot_arg_82);
|
||||
break;
|
||||
case slot_arg_f9:
|
||||
slot = 0xf9;
|
||||
break;
|
||||
case slot__NULL:
|
||||
default:
|
||||
slot = -1;
|
||||
}
|
||||
|
||||
return slot;
|
||||
}
|
||||
|
||||
int get_object_id(enum enum_slot slot) {
|
||||
int object;
|
||||
|
||||
|
||||
@@ -47,6 +47,7 @@ int get_length(const unsigned char*, int*);
|
||||
X509_NAME *parse_name(const char*);
|
||||
unsigned char get_algorithm(EVP_PKEY*);
|
||||
FILE *open_file(const char*, int);
|
||||
int get_slot_hex(enum enum_slot slot_enum);
|
||||
int get_object_id(enum enum_slot slot);
|
||||
int key_to_object_id(int key);
|
||||
bool set_component(unsigned char *in_ptr, const BIGNUM *bn, int element_len);
|
||||
|
||||
+3
-20
@@ -495,35 +495,18 @@ static bool import_cert(ykpiv_state *state, enum enum_key_format cert_format,
|
||||
}
|
||||
|
||||
{
|
||||
unsigned char certdata[3072];
|
||||
unsigned char certdata[YKPIV_OBJ_MAX_SIZE];
|
||||
unsigned char *certptr = certdata;
|
||||
int object = get_object_id(slot);
|
||||
ykpiv_rc res;
|
||||
|
||||
if(4 + cert_len + 5 > sizeof(certdata)) { /* 4 is prefix size, 5 is postfix size */
|
||||
fprintf(stderr, "Certificate is too large to fit in buffer.\n");
|
||||
goto import_cert_out;
|
||||
}
|
||||
|
||||
*certptr++ = 0x70;
|
||||
certptr += set_length(certptr, cert_len);
|
||||
if (compress) {
|
||||
if (fread(certptr, 1, (size_t)cert_len, input_file) != (size_t)cert_len) {
|
||||
if (fread(certdata, 1, (size_t)cert_len, input_file) != (size_t)cert_len) {
|
||||
fprintf(stderr, "Failed to read compressed certificate\n");
|
||||
goto import_cert_out;
|
||||
}
|
||||
certptr += cert_len;
|
||||
} else {
|
||||
/* i2d_X509 increments certptr here.. */
|
||||
i2d_X509(cert, &certptr);
|
||||
}
|
||||
*certptr++ = 0x71;
|
||||
*certptr++ = 1;
|
||||
*certptr++ = compress; /* certinfo (gzip etc) */
|
||||
*certptr++ = 0xfe; /* LRC */
|
||||
*certptr++ = 0;
|
||||
|
||||
if((res = ykpiv_save_object(state, object, certdata, (size_t)(certptr - certdata))) != YKPIV_OK) {
|
||||
if ((res = ykpiv_util_write_cert(state, get_slot_hex(slot), certdata, cert_len, compress)) != YKPIV_OK) {
|
||||
fprintf(stderr, "Failed commands with device: %s\n", ykpiv_strerror(res));
|
||||
} else {
|
||||
ret = true;
|
||||
|
||||
Reference in New Issue
Block a user