security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

sm: Print Yubikey attestation extensions with --dump-cert. 

* sm/keylist.c (oidtranstbl): Add Yubikey OIDs.
(OID_FLAG_HEX): New.
(print_hex_extn): New.
(list_cert_raw): Make use of that flag.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 86c241a8c9)
This commit is contained in:
Werner Koch 2019-03-01 15:23:49 +01:00
parent 150d545231
commit b3c8ce9e43
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 37 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
sm/keylist.c
View File

@ -84,6 +84,8 @@ struct
#define OID_FLAG_SKIP 1 #define OID_FLAG_SKIP 1
/* The extension is a simple UTF8String and should be printed. */ /* The extension is a simple UTF8String and should be printed. */
#define OID_FLAG_UTF8 2 #define OID_FLAG_UTF8 2
/* The extension can be trnted as a hex string. */
#define OID_FLAG_HEX 4
/* A table mapping OIDs to a descriptive string. */ /* A table mapping OIDs to a descriptive string. */
static struct static struct
@ -193,6 +195,12 @@ static struct
/* Extensions used by the Bundesnetzagentur. */ /* Extensions used by the Bundesnetzagentur. */
{ "1.3.6.1.4.1.8301.3.5", "validityModel" }, { "1.3.6.1.4.1.8301.3.5", "validityModel" },
/* Yubikey extensions for attestation certificates. */
{ "1.3.6.1.4.1.41482.3.3", "yubikey-firmware-version", OID_FLAG_HEX },
{ "1.3.6.1.4.1.41482.3.7", "yubikey-serial-number", OID_FLAG_HEX },
{ "1.3.6.1.4.1.41482.3.8", "yubikey-pin-touch-policy", OID_FLAG_HEX },
{ "1.3.6.1.4.1.41482.3.9", "yubikey-formfactor", OID_FLAG_HEX },
{ NULL } { NULL }
}; };
@ -685,6 +693,21 @@ print_utf8_extn (estream_t fp, int indent,
} }
/* Print the extension described by (DER,DERLEN) in hex. */
static void
print_hex_extn (estream_t fp, int indent,
const unsigned char *der, size_t derlen)
{
if (indent < 0)
indent = - indent;
es_fprintf (fp, "%*s(", indent, "");
for (; derlen; der++, derlen--)
es_fprintf (fp, "%02X%s", *der, derlen > 1? " ":"");
es_fprintf (fp, ")\n");
}
/* List one certificate in raw mode useful to have a closer look at /* List one certificate in raw mode useful to have a closer look at
the certificate. This one does no beautification and only minimal the certificate. This one does no beautification and only minimal
output sanitation. It is mainly useful for debugging. */ output sanitation. It is mainly useful for debugging. */
@ -1022,16 +1045,27 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
if ((flag & OID_FLAG_SKIP)) if ((flag & OID_FLAG_SKIP))
continue; continue;
es_fprintf (fp, " %s: %s%s%s%s [%d octets]\n", es_fprintf (fp, " %s: %s%s%s%s",
i? "critExtn":" extn", i? "critExtn":" extn",
oid, s?" (":"", s?s:"", s?")":"", (int)len); oid, s?" (":"", s?s:"", s?")":"");
if ((flag & OID_FLAG_UTF8)) if ((flag & OID_FLAG_UTF8))
{ {
if (!cert_der) if (!cert_der)
cert_der = ksba_cert_get_image (cert, NULL); cert_der = ksba_cert_get_image (cert, NULL);
assert (cert_der); log_assert (cert_der);
es_fprintf (fp, "\n");
print_utf8_extn_raw (fp, -15, cert_der+off, len); print_utf8_extn_raw (fp, -15, cert_der+off, len);
} }
else if ((flag & OID_FLAG_HEX))
{
if (!cert_der)
cert_der = ksba_cert_get_image (cert, NULL);
log_assert (cert_der);
es_fprintf (fp, "\n");
print_hex_extn (fp, -15, cert_der+off, len);
}
else
es_fprintf (fp, " [%d octets]\n", (int)len);
} }