Commit Graph

144 Commits

Author SHA1 Message Date
Michael Scherer 099c55e90a Fix various errors messages 2016-05-05 01:11:37 +02:00
Klas Lindfors ebf31d73f8 Merge branch 'attestation2' 2016-05-03 09:24:14 +02:00
Klas Lindfors b1139a516b don't continue processing after list-readers action
it fell through into write-object
2016-04-22 09:41:41 +02:00
Klas Lindfors b512077c21 enforce minimum 6 digits of pin when changing in the tool 2016-04-19 14:19:33 +02:00
Klas Lindfors d1c454ca02 error isn't an iso error, run ykpiv_strerror() on it 2016-04-19 14:16:01 +02:00
Klas Lindfors 4c74ebdc56 actually open output_file in attest() 2016-03-17 10:21:18 +01:00
Klas Lindfors bfc3185e9b Merge branch 'master' into attestation2 2016-03-10 15:34:25 +01:00
Klas Lindfors 53667a22b0 Move asking for PKCS12 password outside of import_key()
also restructure a bit when deciding to do authentication

relates #66
2016-02-15 09:24:36 +01:00
Klas Lindfors d3a75cc6ee Merge pull request #65 from mattmoyer/add-self-signed-cert-options
Add options for configuring self-signed certs.
2016-02-15 08:48:19 +01:00
Klas Lindfors a233ff53ae if the password supplied for PKCS12 doesn't verify ask for a new one
or if it's NULL and the mac doesn't verify with that either..

fixes #66
2016-02-15 08:43:45 +01:00
Matt Moyer d39b697d49 Drop const from these these int parameters. 2016-02-12 09:01:12 -06:00
Matt Moyer f91cf3379a Add a --serial parameter to yubico-piv-tool.
Allows the serial number of self signed certificates to be configured.
2016-02-10 17:40:12 -06:00
Matt Moyer 98f843e7e7 Add a --valid-days parameter to yubico-piv-tool.
Allows the expiration date (notAfter) value of self signed certificates to be configured.
2016-02-10 17:35:21 -06:00
Alessio Di Mauro b08de95597 Remove some clutter. 2015-12-24 10:50:36 +01:00
Alessio Di Mauro ecfc71fab0 Print CCC with status action. Relates to #57. 2015-12-24 10:50:05 +01:00
Klas Lindfors 73585f2416 use unsigned long for len 2015-12-17 09:55:20 +01:00
Klas Lindfors a143c6d67d remove the util function dump_hex() in favor of dump_data() 2015-12-15 10:27:54 +01:00
Klas Lindfors 30cc13aaff add format for read/write object as hex/base64/binary
relates #31
2015-12-15 10:22:11 +01:00
Klas Lindfors a4ee5725b8 add generic write and read object actions for the tool
this take in/out hex dump of the data
2015-12-14 10:55:32 +01:00
Mikhail Denisenko 6042a2140e Implemented C_SetPIN 2015-12-11 13:23:38 -05:00
Klas Lindfors e7d53ceb45 fix an old overflow bug
we need to do 8 - new_len, not 16 - new_len which overflows the indata
buffer
2015-12-08 14:12:29 +01:00
Klas Lindfors a1d6007375 increase buffer sizes when building the status view
otherwise data buffer will be to small after loading a big certificate
2015-12-07 19:53:43 +01:00
Klas Lindfors ebbb002068 don't overfill the buffer on cert import 2015-12-07 09:24:19 +01:00
Klas Lindfors baae5fa464 difference between CHUID and CCC in success message. 2015-12-03 14:53:10 +01:00
Klas Lindfors 70e181a860 add a new action set-ccc
change aroudn so set_chuid() becomes set_dataobject() and a bit more
generic
fixes #33
2015-12-03 08:18:27 +01:00
Alessio Di Mauro 0a93217dbc Minor fix. 2015-11-27 15:43:32 +01:00
Alessio Di Mauro 4849e494be Add retired key definitions to libykpiv.
Include retired keys in import_key's check.
2015-11-20 15:44:19 +01:00
Alessio Di Mauro 3b81112aeb Change behavior of yubico-piv-tool -a status.
Status only prints information from populated slots. Additionally,
it is possible to explicitly choose a single slot and only print
information reagarding it.
2015-11-20 15:44:19 +01:00
Klas Lindfors ed38b96fe4 raise buffer sizes and remove a miss-leading error 2015-11-20 13:14:55 +01:00
Alessio Di Mauro 113c3e0b98 Whitespace cleanup. 2015-11-20 12:03:02 +01:00
Alessio Di Mauro abc94bc62a Refactor yubico-piv-tool to use import_private_key from libykpiv. 2015-11-20 11:49:30 +01:00
Klas Lindfors 32e66f4fc6 add attest action 2015-11-18 13:42:11 +01:00
Alessio Di Mauro d38df01c6c Change applet to application. 2015-11-06 13:14:52 +01:00
Klas Lindfors f46a4713bd Merge branch 'master' into development 2015-10-28 16:08:00 +01:00
Klas Lindfors f558983577 add an error print for failing set-pin-retries 2015-10-28 16:07:18 +01:00
Klas Lindfors e4059a5995 Merge branch 'master' into development
Conflicts:
	NEWS
	configure.ac
2015-10-20 20:48:57 +02:00
Klas Lindfors 777b40b3c2 read key from stdin if no key is given as argument 2015-10-09 11:14:58 +02:00
Alessio Di Mauro 17ebced2e6 Mask more one pin change. 2015-09-24 14:20:25 +02:00
Klas Lindfors 809e0ebdb7 use in, not signinput to actually sign anything in the ecc case 2015-09-18 11:05:15 +02:00
Klas Lindfors d30f6fc781 unblock-pin shouldn't tell you new puk 2015-09-16 14:32:30 +02:00
Klas Lindfors 49eab7dbfa drop ykpiv_sign_data2() and change ykpiv_sign_data() to not pad 2015-09-08 15:29:10 +02:00
Klas Lindfors 8eb7595d42 add list-readers action to tool
also refactor ykpiv_list_readers() a bit
2015-09-08 12:26:42 +02:00
Klas Lindfors b770155cbb Merge branch 'devel/p384' into ykcs11
Conflicts:
	NEWS
	configure.ac
	lib/ykpiv.c
	lib/ykpiv.h
	tool/util.c
	tool/util.h
2015-09-07 14:32:37 +02:00
Steffan Karger 723fe2f405 Query for PIN/PUK/mgmt-key if not supplied on command line
Do not force a user to specify the PIN/PUK/mgmt-key on the command line.
Instead, query the user to supply them through stdin when required for
the requested operation.  This is both more user friendly and more
secure, since the secrets do not end up in the shell history and/or
visible to shoulder-surfers on the terminal.

Signed-off-by: Steffan Karger <steffan@karger.me>
2015-08-12 23:05:44 +02:00
Klas Lindfors 8ece5ed26e drop unused variable
found with clang scan-build
2015-07-09 11:03:11 +02:00
Klas Lindfors 2e91cd0f5b Merge branch 'master' into devel/p384 2015-07-08 15:09:11 +02:00
Klas Lindfors 3b080dca45 relicense to 2-clause BSD license 2015-07-01 16:34:20 +02:00
Klas Lindfors 80e6fe525a change IS_XXKEY macros to be YKPIV_IS_XX 2015-06-30 07:33:39 +02:00
Klas Lindfors f43c5781b9 fix indentation 2015-06-26 13:00:21 +02:00
Klas Lindfors 6f5870d884 better errors for fail on pin-policy and touch-policy 2015-06-25 12:37:06 +02:00