Commit Graph

77 Commits

Author SHA1 Message Date
Klas Lindfors 36468219c2 check length of private key components before setting
the card functions only accepts key components of correct size
so here we add 0 before if they're shorter (usually one byte shorter)
thus fixing the issue where the card returned 6f00
2014-11-12 14:08:11 +01:00
Klas Lindfors cd4fdef2f7 cast cert_len to size_t shouldn't be negative here.
gets rid of warnings about int/size_t combinations
2014-11-10 10:12:01 +01:00
Klas Lindfors c14f53dfad check that stat completes correctly 2014-11-10 10:07:35 +01:00
Klas Lindfors 4fd1cf953e Merge branch 'master' of ssh://github.com/dwmw2/yubico-piv-tool 2014-11-10 09:54:09 +01:00
Klas Lindfors 7e0fdd8f9d correct offs for CHUID_GUID_OFFS and change verbose print to CHUID
CHUID_GUID_OFFS was 28 instead of 29, leading to invalid CHUID
verbose print said "setting GUID.." changing to CHUID

patch from Doug Engert
fixes #9
2014-11-10 09:49:54 +01:00
David Woodhouse 3dce5b06e0 Add support for compressed certificates
This could be more sophisticated — it could automatically compress
certificates if they are too large, instead of expecting the user to do
so manually. But this is a good start.
2014-11-07 19:55:08 +00:00
Klas Lindfors ccf9d01027 fix broken unblock-pin action
the unblock pin action misstakenly used pin reference 0x81 (unblock)
instead of 0x80 (pin)
2014-10-29 08:09:17 +01:00
Klas Lindfors 146fa881f2 add an error message for wrong key length 2014-10-28 08:37:53 +01:00
Daniel Barnes 61b0284c6d Check if new keys being set are the correct length, since longer or shorter keys yield inconsistant results 2014-10-28 08:36:37 +01:00
Klas Lindfors b16dce294d use EVP_MD_size() instead of EVP_MD_block_size()
actually gives correct size for the digest
2014-10-02 13:28:02 +02:00
Klas Lindfors 4bc0c95c4c give errors when sign fails 2014-10-02 13:27:52 +02:00
Klas Lindfors ad335d5d0a a bit of verbosity for authentication needs 2014-10-02 13:21:43 +02:00
Klas Lindfors c8aaf1a65e don't change the action_arg pointer, add to it in place instead
this effectively reverses 931d224485
2014-10-02 13:21:08 +02:00
Klas Lindfors cfebc30f76 refactor to let request-cert and selfsign-cert use different hashes
namely sha1 and sha512 as well with sha256 as default
2014-10-02 13:15:40 +02:00
Klas Lindfors 931d224485 use temporary args_info for parsing if auth is needed 2014-10-02 13:15:39 +02:00
Klas Lindfors 7d28857388 move the signer into the standard tool
as a hidden option to discourage use
2014-10-02 13:15:39 +02:00
Klas Lindfors 98cd75f08b only authenticate with the applet if needed 2014-10-01 14:33:57 +02:00
Klas Lindfors c970c0a22c drop \n in man file, gives warnings 2014-10-01 14:33:57 +02:00
Klas Lindfors 382a4fad98 better error message 2014-09-29 15:49:49 +02:00
Klas Lindfors 7e5ffd254f add a success message for signer 2014-09-29 15:42:08 +02:00
Klas Lindfors 28b5fe688f check the return value of the signing operation 2014-09-29 14:04:06 +02:00
Klas Lindfors 5346cf4652 add SHA512 for signing 2014-09-29 14:03:57 +02:00
Klas Lindfors ffbf0f2607 add cmdline-signer to sources properly 2014-09-29 13:29:40 +02:00
Klas Lindfors 6721fb777b for rsa let it sign a correct DigestInfo structure
which has to have the digest OID, with a NULL parameter
and then the hash.
2014-09-29 12:50:25 +02:00
Klas Lindfors 3b15949969 let the signer sign 2014-09-26 16:23:03 +02:00
Klas Lindfors a7d5eb9d1c start implementing signer 2014-09-26 16:00:18 +02:00
Klas Lindfors 86d4adfeeb start on yubico-piv-signer 2014-09-26 15:22:40 +02:00
Klas Lindfors 8d8257583e make util.h header more self-contained 2014-09-26 15:18:40 +02:00
Klas Lindfors 052194c0ff use PACKAGE_VERSION to obtain version instead
seems to work more reliably?
2014-08-26 13:18:07 +02:00
Klas Lindfors 9a1b46d5a5 set the signature algorithm again in the cert 2014-08-25 15:31:01 +02:00
Klas Lindfors b66f81b324 replace ykpiv_parse_key() with ykpiv_hex_decode() 2014-06-27 15:06:44 +02:00
Klas Lindfors ac79b0809d refactor delete action to use ykpiv_save_object() 2014-06-26 08:24:34 +02:00
Klas Lindfors 75a5cf74d2 refactor set_chuid() to use ykpiv_save_object() 2014-06-26 08:08:59 +02:00
Klas Lindfors a1c2e4e8d1 refactor writing object to it's own library function
ykpiv_save_object(), use that for writing certs
2014-06-26 08:02:44 +02:00
Klas Lindfors 07d831c50c drop apdu structure from tool 2014-06-25 15:44:21 +02:00
Klas Lindfors 1f567f62eb drop unused code from delete_cert 2014-06-25 15:44:00 +02:00
Klas Lindfors b8ecc6cda2 refactor so ykpiv_sign_data() takes size_t input 2014-06-25 15:41:20 +02:00
Klas Lindfors b0ff83ac9c refactor change_pin() to use ykpiv_transfer_data() 2014-06-25 15:36:33 +02:00
Klas Lindfors b508f8bfea refactor to ykpiv_transfer_data() for chuid setting 2014-06-25 15:28:44 +02:00
Klas Lindfors a60096addf refactor pin-retries to use ykpiv_transfer_data() 2014-06-25 15:24:40 +02:00
Klas Lindfors 28ab285d92 refactor reset to use ykpiv_transfer_data() instead 2014-06-25 15:22:04 +02:00
Klas Lindfors c4d8492682 make get_length() take a const buffer 2014-06-25 15:10:56 +02:00
Klas Lindfors 1ded0f6496 set version on the selfsigned cert 2014-06-25 14:14:23 +02:00
Klas Lindfors 9b5ede8530 change around and let ykpiv_sign_data() pad 2014-06-25 10:47:32 +02:00
Klas Lindfors 7338dcae8a some negative tests of parse_name() 2014-06-24 15:22:33 +02:00
Klas Lindfors c5696d4b45 rework some stuff to size_t 2014-06-24 15:02:26 +02:00
Klas Lindfors d5222c10b7 add macros for piv objects 2014-06-24 14:07:15 +02:00
Klas Lindfors a46cbc55b6 fix indentation 2014-06-24 13:58:47 +02:00
Klas Lindfors 33c71344de let util.h include cmdline.h
since it's using declarations from it..
2014-06-24 10:42:50 +02:00
Klas Lindfors 5588368d55 link the util lib with openssl 2014-06-24 10:39:23 +02:00