Trevor Bentley
9a7ccf48fa
Fix all clang scan-build warnings
2017-10-23 16:25:56 +02:00
Trevor Bentley
90209997cc
Unit test for ykpiv_attest()
2017-10-23 16:25:53 +02:00
Trevor Bentley
5291bc4a63
Fix issue #123 - specify text/binary mode for open files
2017-10-23 16:25:50 +02:00
Trevor Bentley
79464a3d3e
Use slot enum consistently. Move slot->object translation into libykpiv.
2017-10-23 16:25:47 +02:00
Trevor Bentley
2e818dd914
Add ykpiv_util_(get/set)_cccid(), and use in yubico-piv-tool
2017-10-23 16:25:44 +02:00
Trevor Bentley
f6b817f056
Add ykpiv_attest() and use it in yubico-piv-tool
2017-10-23 16:25:38 +02:00
Trevor Bentley
248980fe27
yubico-piv-tool: use ykpiv_util_read_cert
2017-10-23 16:25:35 +02:00
Trevor Bentley
3bca63c39c
yubico-piv-tool: use ykpiv_util_delete_cert
2017-10-23 16:25:32 +02:00
Trevor Bentley
ded78751a0
Add gzip support to ykpiv_util_import_certificate(), and use in yubico-piv-tool
2017-10-23 16:25:20 +02:00
Trevor Bentley
8135a55200
yubico-piv-tool: Switch to ykpiv_set_pin_retries()
2017-10-23 16:25:17 +02:00
Trevor Bentley
ec8e2786e6
yubico-piv-tool: use ykpiv_util_reset()
2017-10-23 16:25:13 +02:00
Trevor Bentley
12f35b8884
yubico-piv-tool: use util function for key generation
2017-10-23 16:25:10 +02:00
Trevor Bentley
0d2b85fcef
Switch test cases to use libcheck framework
...
This keeps the test logic the same, but moves most of them into the libcheck
test suite framework. It gives better control over grouping related tests,
running them in parallel, and reporting on multiple failures.
Running in parallel also brings problems, so libykcs11 tests are left
untouched. Parallel access to a single hardware DUT does not make sense,
and pcsc-lite doesn't work after a fork() in OS X 10.11+, so it can't run
in libcheck's tests anyway.
2017-10-23 16:21:50 +02:00
Klas Lindfors
cd11196535
disable rsa keygen for yubikey4 before 4.3.5
...
point at https://yubi.co/ysa201701/
2017-10-16 15:32:25 +02:00
Klas Lindfors
8614d227cb
touch-policy and pin-policy is only available on YubiKey 4
2017-04-24 08:27:58 +02:00
Klas Lindfors
6304a6c799
add a line about slot f9 to help output
2017-04-19 14:23:59 +02:00
Klas Lindfors
60e32d53c5
let help2adoc use the h2m file as extra include
2017-04-19 14:16:44 +02:00
Klas Lindfors
9dfe04cd06
update documentation and help output for how to specify secrets on stdin
...
also update all examples to have no space after short option.
2017-04-19 14:15:24 +02:00
Klas Lindfors
e6a7517050
add a new hidden flag --stdin-input for straight stdin input
2017-04-18 13:05:27 +02:00
Klas Lindfors
8bdf7378d6
fixup dependencies for yubico-piv-tool.1
...
should now support parallel builds
2016-09-12 09:54:04 +02:00
Klas Lindfors
621bad8acd
make sure to return RSA keys with ASN1_NULL as parameter
2016-08-17 10:32:04 +02:00
Simon Josefsson
89bec1260a
Improve license headers.
2016-08-12 15:30:06 +02:00
Klas Lindfors
b052250a1b
make certificate serial number random by default
2016-08-10 10:12:32 +02:00
Alessio Di Mauro
3f4cb12702
Add SSH export for RSA public key
2016-07-12 13:54:22 +02:00
Michael Scherer
24534bcfcf
Replace magic number for status word by constants
...
Most come from NIST special publication 800-73-4, section 5.6,
except one which I assume to be a custom one for yubikey.
2016-05-09 09:38:37 +02:00
Klas Lindfors
bbde9f91f9
Merge branch 'fix_typo' of ssh://github.com/mscherer/yubico-piv-tool into mscherer-fix_typo
2016-05-09 09:01:28 +02:00
Klas Lindfors
fc5e1536ef
Merge pull request #74 from mscherer/fix_constant_name
...
Fix error in the define name YKPIV_INS_GENERATE_ASYMMERTRIC
2016-05-09 08:58:39 +02:00
Klas Lindfors
b712600727
Merge pull request #71 from mscherer/small_cleanup
...
Do not repeat the size of certdata
2016-05-09 08:57:22 +02:00
Michael Scherer
ff67119447
Do not repeat the size of certdata
2016-05-05 01:11:46 +02:00
Michael Scherer
099c55e90a
Fix various errors messages
2016-05-05 01:11:37 +02:00
Michael Scherer
fd9a0a324d
Fix error in the define name YKPIV_INS_GENERATE_ASYMMERTRIC
2016-05-05 01:11:33 +02:00
Michael Scherer
6e4266c886
Add YKPIV_ALGO_TAG
...
Replace the magic constant 0x80 when sending a packet to the key
2016-05-05 01:11:18 +02:00
Klas Lindfors
ebf31d73f8
Merge branch 'attestation2'
2016-05-03 09:24:14 +02:00
Klas Lindfors
b1139a516b
don't continue processing after list-readers action
...
it fell through into write-object
2016-04-22 09:41:41 +02:00
Klas Lindfors
b512077c21
enforce minimum 6 digits of pin when changing in the tool
2016-04-19 14:19:33 +02:00
Klas Lindfors
d1c454ca02
error isn't an iso error, run ykpiv_strerror() on it
2016-04-19 14:16:01 +02:00
Klas Lindfors
abbd695ee1
change wording in help text
...
authentication key -> management key
2016-03-31 10:36:48 +02:00
Klas Lindfors
f1affdbb89
clearer text on --help and --verbose add example of touch-policy
2016-03-23 09:45:58 +01:00
Klas Lindfors
9fcf2196b2
clarify --new-key
2016-03-18 08:35:48 +01:00
Klas Lindfors
7aa6ac93e6
add touch-policy cached
2016-03-17 10:52:03 +01:00
Klas Lindfors
4c74ebdc56
actually open output_file in attest()
2016-03-17 10:21:18 +01:00
Klas Lindfors
bfc3185e9b
Merge branch 'master' into attestation2
2016-03-10 15:34:25 +01:00
Klas Lindfors
90f23029e1
make step unsigned in dump_data()
...
since it's muliplied with another unsigned int
2016-02-15 09:29:05 +01:00
Klas Lindfors
53667a22b0
Move asking for PKCS12 password outside of import_key()
...
also restructure a bit when deciding to do authentication
relates #66
2016-02-15 09:24:36 +01:00
Klas Lindfors
d3a75cc6ee
Merge pull request #65 from mattmoyer/add-self-signed-cert-options
...
Add options for configuring self-signed certs.
2016-02-15 08:48:19 +01:00
Klas Lindfors
a233ff53ae
if the password supplied for PKCS12 doesn't verify ask for a new one
...
or if it's NULL and the mac doesn't verify with that either..
fixes #66
2016-02-15 08:43:45 +01:00
Matt Moyer
d39b697d49
Drop const from these these int parameters.
2016-02-12 09:01:12 -06:00
Matt Moyer
f91cf3379a
Add a --serial parameter to yubico-piv-tool.
...
Allows the serial number of self signed certificates to be configured.
2016-02-10 17:40:12 -06:00
Matt Moyer
98f843e7e7
Add a --valid-days parameter to yubico-piv-tool.
...
Allows the expiration date (notAfter) value of self signed certificates to be configured.
2016-02-10 17:35:21 -06:00
Alessio Di Mauro
b08de95597
Remove some clutter.
2015-12-24 10:50:36 +01:00