Commit Graph

229 Commits

Author SHA1 Message Date
Trevor Bentley 9a7ccf48fa Fix all clang scan-build warnings 2017-10-23 16:25:56 +02:00
Trevor Bentley 90209997cc Unit test for ykpiv_attest() 2017-10-23 16:25:53 +02:00
Trevor Bentley 5291bc4a63 Fix issue #123 - specify text/binary mode for open files 2017-10-23 16:25:50 +02:00
Trevor Bentley 79464a3d3e Use slot enum consistently. Move slot->object translation into libykpiv. 2017-10-23 16:25:47 +02:00
Trevor Bentley 2e818dd914 Add ykpiv_util_(get/set)_cccid(), and use in yubico-piv-tool 2017-10-23 16:25:44 +02:00
Trevor Bentley f6b817f056 Add ykpiv_attest() and use it in yubico-piv-tool 2017-10-23 16:25:38 +02:00
Trevor Bentley 248980fe27 yubico-piv-tool: use ykpiv_util_read_cert 2017-10-23 16:25:35 +02:00
Trevor Bentley 3bca63c39c yubico-piv-tool: use ykpiv_util_delete_cert 2017-10-23 16:25:32 +02:00
Trevor Bentley ded78751a0 Add gzip support to ykpiv_util_import_certificate(), and use in yubico-piv-tool 2017-10-23 16:25:20 +02:00
Trevor Bentley 8135a55200 yubico-piv-tool: Switch to ykpiv_set_pin_retries() 2017-10-23 16:25:17 +02:00
Trevor Bentley ec8e2786e6 yubico-piv-tool: use ykpiv_util_reset() 2017-10-23 16:25:13 +02:00
Trevor Bentley 12f35b8884 yubico-piv-tool: use util function for key generation 2017-10-23 16:25:10 +02:00
Trevor Bentley 0d2b85fcef Switch test cases to use libcheck framework
This keeps the test logic the same, but moves most of them into the libcheck
test suite framework.  It gives better control over grouping related tests,
running them in parallel, and reporting on multiple failures.

Running in parallel also brings problems, so libykcs11 tests are left
untouched.  Parallel access to a single hardware DUT does not make sense,
and pcsc-lite doesn't work after a fork() in OS X 10.11+, so it can't run
in libcheck's tests anyway.
2017-10-23 16:21:50 +02:00
Klas Lindfors cd11196535 disable rsa keygen for yubikey4 before 4.3.5
point at https://yubi.co/ysa201701/
2017-10-16 15:32:25 +02:00
Klas Lindfors 8614d227cb touch-policy and pin-policy is only available on YubiKey 4 2017-04-24 08:27:58 +02:00
Klas Lindfors 6304a6c799 add a line about slot f9 to help output 2017-04-19 14:23:59 +02:00
Klas Lindfors 60e32d53c5 let help2adoc use the h2m file as extra include 2017-04-19 14:16:44 +02:00
Klas Lindfors 9dfe04cd06 update documentation and help output for how to specify secrets on stdin
also update all examples to have no space after short option.
2017-04-19 14:15:24 +02:00
Klas Lindfors e6a7517050 add a new hidden flag --stdin-input for straight stdin input 2017-04-18 13:05:27 +02:00
Klas Lindfors 8bdf7378d6 fixup dependencies for yubico-piv-tool.1
should now support parallel builds
2016-09-12 09:54:04 +02:00
Klas Lindfors 621bad8acd make sure to return RSA keys with ASN1_NULL as parameter 2016-08-17 10:32:04 +02:00
Simon Josefsson 89bec1260a Improve license headers. 2016-08-12 15:30:06 +02:00
Klas Lindfors b052250a1b make certificate serial number random by default 2016-08-10 10:12:32 +02:00
Alessio Di Mauro 3f4cb12702 Add SSH export for RSA public key 2016-07-12 13:54:22 +02:00
Michael Scherer 24534bcfcf Replace magic number for status word by constants
Most come from NIST special publication 800-73-4, section 5.6,
except one which I assume to be a custom one for yubikey.
2016-05-09 09:38:37 +02:00
Klas Lindfors bbde9f91f9 Merge branch 'fix_typo' of ssh://github.com/mscherer/yubico-piv-tool into mscherer-fix_typo 2016-05-09 09:01:28 +02:00
Klas Lindfors fc5e1536ef Merge pull request #74 from mscherer/fix_constant_name
Fix error in the define name YKPIV_INS_GENERATE_ASYMMERTRIC
2016-05-09 08:58:39 +02:00
Klas Lindfors b712600727 Merge pull request #71 from mscherer/small_cleanup
Do not repeat the size of certdata
2016-05-09 08:57:22 +02:00
Michael Scherer ff67119447 Do not repeat the size of certdata 2016-05-05 01:11:46 +02:00
Michael Scherer 099c55e90a Fix various errors messages 2016-05-05 01:11:37 +02:00
Michael Scherer fd9a0a324d Fix error in the define name YKPIV_INS_GENERATE_ASYMMERTRIC 2016-05-05 01:11:33 +02:00
Michael Scherer 6e4266c886 Add YKPIV_ALGO_TAG
Replace the magic constant 0x80 when sending a packet to the key
2016-05-05 01:11:18 +02:00
Klas Lindfors ebf31d73f8 Merge branch 'attestation2' 2016-05-03 09:24:14 +02:00
Klas Lindfors b1139a516b don't continue processing after list-readers action
it fell through into write-object
2016-04-22 09:41:41 +02:00
Klas Lindfors b512077c21 enforce minimum 6 digits of pin when changing in the tool 2016-04-19 14:19:33 +02:00
Klas Lindfors d1c454ca02 error isn't an iso error, run ykpiv_strerror() on it 2016-04-19 14:16:01 +02:00
Klas Lindfors abbd695ee1 change wording in help text
authentication key -> management key
2016-03-31 10:36:48 +02:00
Klas Lindfors f1affdbb89 clearer text on --help and --verbose add example of touch-policy 2016-03-23 09:45:58 +01:00
Klas Lindfors 9fcf2196b2 clarify --new-key 2016-03-18 08:35:48 +01:00
Klas Lindfors 7aa6ac93e6 add touch-policy cached 2016-03-17 10:52:03 +01:00
Klas Lindfors 4c74ebdc56 actually open output_file in attest() 2016-03-17 10:21:18 +01:00
Klas Lindfors bfc3185e9b Merge branch 'master' into attestation2 2016-03-10 15:34:25 +01:00
Klas Lindfors 90f23029e1 make step unsigned in dump_data()
since it's muliplied with another unsigned int
2016-02-15 09:29:05 +01:00
Klas Lindfors 53667a22b0 Move asking for PKCS12 password outside of import_key()
also restructure a bit when deciding to do authentication

relates #66
2016-02-15 09:24:36 +01:00
Klas Lindfors d3a75cc6ee Merge pull request #65 from mattmoyer/add-self-signed-cert-options
Add options for configuring self-signed certs.
2016-02-15 08:48:19 +01:00
Klas Lindfors a233ff53ae if the password supplied for PKCS12 doesn't verify ask for a new one
or if it's NULL and the mac doesn't verify with that either..

fixes #66
2016-02-15 08:43:45 +01:00
Matt Moyer d39b697d49 Drop const from these these int parameters. 2016-02-12 09:01:12 -06:00
Matt Moyer f91cf3379a Add a --serial parameter to yubico-piv-tool.
Allows the serial number of self signed certificates to be configured.
2016-02-10 17:40:12 -06:00
Matt Moyer 98f843e7e7 Add a --valid-days parameter to yubico-piv-tool.
Allows the expiration date (notAfter) value of self signed certificates to be configured.
2016-02-10 17:35:21 -06:00
Alessio Di Mauro b08de95597 Remove some clutter. 2015-12-24 10:50:36 +01:00