Klas Lindfors
d06852959c
add sha384 hash and refactor some common patterns
2015-06-24 13:06:00 +02:00
Klas Lindfors
f17d09f19c
start adding secp384r1
2015-06-24 13:06:00 +02:00
Klas Lindfors
6b4b3001c4
verify that e is 0x10001 on import
...
fixes #13
2015-06-23 14:28:44 +02:00
Klas Lindfors
18e057e58c
let RSA_public_encrypt() do the PKCS1 padding
...
noteworthy is that it will do pkcs1 type 2 padding
2015-05-19 15:11:30 +02:00
Klas Lindfors
3d0ff7b969
add a test-decipher command
...
test-decipher will for rsa do public encrypt on a random string and let
the key decrypt
for ec it will generate a new ec key and do ecdh and confirm it gets the
same answer back
2015-05-19 14:22:26 +02:00
Klas Lindfors
8ce4ab4997
add newline at end of output
2015-05-08 13:49:32 +02:00
Klas Lindfors
a9c8cb9fd3
drop openssl/err.h again
2015-03-20 14:17:51 +01:00
Klas Lindfors
9db6d3d45a
replace EVP_MD_CTX_verify() stuff with RSA_verify()/ECDSA_verify()
...
since the EVP_MD_CTX stuff doesn't seem to exist on osx at all.
2015-03-20 14:04:26 +01:00
Klas Lindfors
f204987941
add a test-signature action
...
that takes a certificate in and does a signature with the given slot,
then verifying that signature with the given certificate.
2015-03-20 10:04:58 +01:00
Klas Lindfors
b1cda2ffce
add missing }
...
that's why you should always build before push..
2015-03-19 15:52:20 +01:00
Klas Lindfors
da1f61f23a
move up validation of pin-retries parameters
2015-03-19 14:54:23 +01:00
Klas Lindfors
c85fd4eaa8
move more validation of parameters together
2015-03-19 14:52:38 +01:00
Klas Lindfors
9124e82ea6
write version to output file
2015-03-19 14:43:13 +01:00
Klas Lindfors
635729f339
call get_algorithm() to get the algorithm
...
as it was already implemented..
2015-03-19 14:37:59 +01:00
Klas Lindfors
0f26a7c1e3
refactor dump_hex to drop some redundant code
2015-03-18 15:09:32 +01:00
Klas Lindfors
cd1410a950
make parts of argument validation cleaner
2015-03-18 15:09:32 +01:00
Klas Lindfors
9b6bf1b737
write action name instead of number
2015-03-18 15:09:32 +01:00
Klas Lindfors
ad3c92f7d2
break out after error
2015-03-17 15:00:54 +01:00
Klas Lindfors
340c898dcb
print out slot/cert algorithm in status
...
relates #17
2015-03-17 14:20:13 +01:00
Klas Lindfors
26d5c23090
write CHUID in status
...
relates #17
2015-03-17 13:59:29 +01:00
Klas Lindfors
4552e8700c
write out number of pin tries left
...
references #17
2015-03-17 13:54:50 +01:00
Klas Lindfors
572b3b1739
add status action and print certificate information
...
relates #17
2015-03-17 12:42:05 +01:00
Klas Lindfors
e64952476d
add a read-certificate action
2015-03-17 10:40:37 +01:00
Klas Lindfors
f24b1d0c46
report error if setting a new key fails
2015-02-02 10:26:12 +01:00
Klas Lindfors
22d04fc1c8
return error properly on hex decode
2015-02-02 10:17:45 +01:00
Klas Lindfors
60c8b757ae
use bounded scanf
2015-01-29 11:03:13 +01:00
Klas Lindfors
9046955606
drop unnecessary memset()
2015-01-29 11:03:13 +01:00
Thomas Westfeld
1b4ad6b8bd
Fixed error when parameters in unblock-pin
...
when unblock-pin action is called without -P and -N parameter, the wrong
error is returned, saying that -P should be a pin, whereas in this
action it is a puk.
2015-01-18 22:35:35 +01:00
Klas Lindfors
f69a4ff8f6
mark all bits of the signature as used
...
the first byte of a bit string marks how many bits should be
subtracted, make sure this doesn't get set.
2015-01-14 12:52:10 +01:00
Klas Lindfors
f86ded25bf
rip input_ready() and call isatty() instead
...
should be more portable (work on windows)
relates to #12
2015-01-12 21:20:15 +01:00
Klas Lindfors
b1a673b1f9
try to discover if there is input waiting on stdin
...
otherwise give the user a hint
resolves #12
2015-01-12 16:27:13 +01:00
Simon Josefsson
f84d332c15
Fix typo.
2015-01-08 15:25:27 +01:00
Klas Lindfors
31f6b61af0
add more feedback for successful actions
2014-12-17 15:37:46 +01:00
Klas Lindfors
458bde4bef
diagnostic output for generate key
2014-12-17 09:54:06 +01:00
Klas Lindfors
7ef2015f38
switch diagnostic output to stderr
2014-12-17 09:53:24 +01:00
Klas Lindfors
368b527fa1
add DER format for certificate import
2014-12-05 11:10:33 +01:00
Klas Lindfors
36468219c2
check length of private key components before setting
...
the card functions only accepts key components of correct size
so here we add 0 before if they're shorter (usually one byte shorter)
thus fixing the issue where the card returned 6f00
2014-11-12 14:08:11 +01:00
Klas Lindfors
cd4fdef2f7
cast cert_len to size_t shouldn't be negative here.
...
gets rid of warnings about int/size_t combinations
2014-11-10 10:12:01 +01:00
Klas Lindfors
c14f53dfad
check that stat completes correctly
2014-11-10 10:07:35 +01:00
Klas Lindfors
4fd1cf953e
Merge branch 'master' of ssh://github.com/dwmw2/yubico-piv-tool
2014-11-10 09:54:09 +01:00
Klas Lindfors
7e0fdd8f9d
correct offs for CHUID_GUID_OFFS and change verbose print to CHUID
...
CHUID_GUID_OFFS was 28 instead of 29, leading to invalid CHUID
verbose print said "setting GUID.." changing to CHUID
patch from Doug Engert
fixes #9
2014-11-10 09:49:54 +01:00
David Woodhouse
3dce5b06e0
Add support for compressed certificates
...
This could be more sophisticated — it could automatically compress
certificates if they are too large, instead of expecting the user to do
so manually. But this is a good start.
2014-11-07 19:55:08 +00:00
Klas Lindfors
ccf9d01027
fix broken unblock-pin action
...
the unblock pin action misstakenly used pin reference 0x81 (unblock)
instead of 0x80 (pin)
2014-10-29 08:09:17 +01:00
Klas Lindfors
146fa881f2
add an error message for wrong key length
2014-10-28 08:37:53 +01:00
Daniel Barnes
61b0284c6d
Check if new keys being set are the correct length, since longer or shorter keys yield inconsistant results
2014-10-28 08:36:37 +01:00
Klas Lindfors
b16dce294d
use EVP_MD_size() instead of EVP_MD_block_size()
...
actually gives correct size for the digest
2014-10-02 13:28:02 +02:00
Klas Lindfors
4bc0c95c4c
give errors when sign fails
2014-10-02 13:27:52 +02:00
Klas Lindfors
ad335d5d0a
a bit of verbosity for authentication needs
2014-10-02 13:21:43 +02:00
Klas Lindfors
c8aaf1a65e
don't change the action_arg pointer, add to it in place instead
...
this effectively reverses 931d224485
2014-10-02 13:21:08 +02:00
Klas Lindfors
cfebc30f76
refactor to let request-cert and selfsign-cert use different hashes
...
namely sha1 and sha512 as well with sha256 as default
2014-10-02 13:15:40 +02:00