diff options
| author | Werner Koch <[email protected]> | 2019-03-01 14:23:49 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2019-03-07 09:53:52 +0000 |
| commit | b3c8ce9e4343f1b68b9ba94bdd71b7d8e13b139a (patch) | |
| tree | 03628976ab921629bbaa60b4889fb0eff5820511 | |
| parent | tests: Add "disable-scdaemon" in gpg-agent.conf. (diff) | |
| download | gnupg-b3c8ce9e4343f1b68b9ba94bdd71b7d8e13b139a.tar.gz gnupg-b3c8ce9e4343f1b68b9ba94bdd71b7d8e13b139a.zip | |
sm: Print Yubikey attestation extensions with --dump-cert.
* sm/keylist.c (oidtranstbl): Add Yubikey OIDs.
(OID_FLAG_HEX): New.
(print_hex_extn): New.
(list_cert_raw): Make use of that flag.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 86c241a8c9a952ea8007066b70b04f435e2e483e)
| -rw-r--r-- | sm/keylist.c | 40 |
1 files changed, 37 insertions, 3 deletions
diff --git a/sm/keylist.c b/sm/keylist.c index 3fe75a1ec..6efc6bdef 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -84,6 +84,8 @@ struct #define OID_FLAG_SKIP 1 /* The extension is a simple UTF8String and should be printed. */ #define OID_FLAG_UTF8 2 +/* The extension can be trnted as a hex string. */ +#define OID_FLAG_HEX 4 /* A table mapping OIDs to a descriptive string. */ static struct @@ -193,6 +195,12 @@ static struct /* Extensions used by the Bundesnetzagentur. */ { "1.3.6.1.4.1.8301.3.5", "validityModel" }, + /* Yubikey extensions for attestation certificates. */ + { "1.3.6.1.4.1.41482.3.3", "yubikey-firmware-version", OID_FLAG_HEX }, + { "1.3.6.1.4.1.41482.3.7", "yubikey-serial-number", OID_FLAG_HEX }, + { "1.3.6.1.4.1.41482.3.8", "yubikey-pin-touch-policy", OID_FLAG_HEX }, + { "1.3.6.1.4.1.41482.3.9", "yubikey-formfactor", OID_FLAG_HEX }, + { NULL } }; @@ -685,6 +693,21 @@ print_utf8_extn (estream_t fp, int indent, } +/* Print the extension described by (DER,DERLEN) in hex. */ +static void +print_hex_extn (estream_t fp, int indent, + const unsigned char *der, size_t derlen) +{ + if (indent < 0) + indent = - indent; + + es_fprintf (fp, "%*s(", indent, ""); + for (; derlen; der++, derlen--) + es_fprintf (fp, "%02X%s", *der, derlen > 1? " ":""); + es_fprintf (fp, ")\n"); +} + + /* List one certificate in raw mode useful to have a closer look at the certificate. This one does no beautification and only minimal output sanitation. It is mainly useful for debugging. */ @@ -1022,16 +1045,27 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd, if ((flag & OID_FLAG_SKIP)) continue; - es_fprintf (fp, " %s: %s%s%s%s [%d octets]\n", + es_fprintf (fp, " %s: %s%s%s%s", i? "critExtn":" extn", - oid, s?" (":"", s?s:"", s?")":"", (int)len); + oid, s?" (":"", s?s:"", s?")":""); if ((flag & OID_FLAG_UTF8)) { if (!cert_der) cert_der = ksba_cert_get_image (cert, NULL); - assert (cert_der); + log_assert (cert_der); + es_fprintf (fp, "\n"); print_utf8_extn_raw (fp, -15, cert_der+off, len); } + else if ((flag & OID_FLAG_HEX)) + { + if (!cert_der) + cert_der = ksba_cert_get_image (cert, NULL); + log_assert (cert_der); + es_fprintf (fp, "\n"); + print_hex_extn (fp, -15, cert_der+off, len); + } + else + es_fprintf (fp, " [%d octets]\n", (int)len); } |