openpgp-card: internal API tweaks
Reduce unnecessary use of ApplicationRelatedData.
This commit is contained in:
parent
e6658713cb
commit
01ef1ec4d1
3 changed files with 44 additions and 33 deletions
|
@ -1,10 +1,10 @@
|
|||
// SPDX-FileCopyrightText: 2021 Heiko Schaefer <heiko@schaefer.name>
|
||||
// SPDX-FileCopyrightText: 2021-2023 Heiko Schaefer <heiko@schaefer.name>
|
||||
// SPDX-License-Identifier: MIT OR Apache-2.0
|
||||
|
||||
//! Data structures that define OpenPGP algorithms.
|
||||
//! Data structures that specify algorithms to use on an OpenPGP card.
|
||||
//!
|
||||
//! [`AlgorithmAttributes`] and its components model "Algorithm Attributes" as described in
|
||||
//! the OpenPGP card specification.
|
||||
//! [`AlgorithmAttributes`] (and its components) model "Algorithm Attributes"
|
||||
//! as described in the OpenPGP card specification.
|
||||
//!
|
||||
//! [`AlgoSimple`] offers a shorthand for specifying an algorithm,
|
||||
//! specifically for key generation on the card.
|
||||
|
@ -31,7 +31,7 @@ pub enum AlgoSimple {
|
|||
}
|
||||
|
||||
impl TryFrom<&str> for AlgoSimple {
|
||||
type Error = crate::Error;
|
||||
type Error = Error;
|
||||
|
||||
fn try_from(algo: &str) -> Result<Self, Self::Error> {
|
||||
use AlgoSimple::*;
|
||||
|
@ -80,25 +80,37 @@ impl AlgoSimple {
|
|||
/// This mapping differs between cards, based on `ard` and `algo_info`
|
||||
/// (e.g. the exact Algo variant can have a different size for e, in RSA;
|
||||
/// also, the import_format can differ).
|
||||
pub(crate) fn determine_algo(
|
||||
pub(crate) fn determine_algo_attributes(
|
||||
&self,
|
||||
key_type: KeyType,
|
||||
ard: &ApplicationRelatedData,
|
||||
algo_info: Option<AlgoInfo>,
|
||||
) -> Result<AlgorithmAttributes, crate::Error> {
|
||||
) -> Result<AlgorithmAttributes, Error> {
|
||||
let algo = match self {
|
||||
Self::RSA1k => {
|
||||
AlgorithmAttributes::Rsa(keys::determine_rsa_attrs(1024, key_type, ard, algo_info)?)
|
||||
}
|
||||
Self::RSA2k => {
|
||||
AlgorithmAttributes::Rsa(keys::determine_rsa_attrs(2048, key_type, ard, algo_info)?)
|
||||
}
|
||||
Self::RSA3k => {
|
||||
AlgorithmAttributes::Rsa(keys::determine_rsa_attrs(3072, key_type, ard, algo_info)?)
|
||||
}
|
||||
Self::RSA4k => {
|
||||
AlgorithmAttributes::Rsa(keys::determine_rsa_attrs(4096, key_type, ard, algo_info)?)
|
||||
}
|
||||
Self::RSA1k => AlgorithmAttributes::Rsa(keys::determine_rsa_attrs(
|
||||
1024,
|
||||
key_type,
|
||||
ard.algorithm_attributes(key_type)?,
|
||||
algo_info,
|
||||
)?),
|
||||
Self::RSA2k => AlgorithmAttributes::Rsa(keys::determine_rsa_attrs(
|
||||
2048,
|
||||
key_type,
|
||||
ard.algorithm_attributes(key_type)?,
|
||||
algo_info,
|
||||
)?),
|
||||
Self::RSA3k => AlgorithmAttributes::Rsa(keys::determine_rsa_attrs(
|
||||
3072,
|
||||
key_type,
|
||||
ard.algorithm_attributes(key_type)?,
|
||||
algo_info,
|
||||
)?),
|
||||
Self::RSA4k => AlgorithmAttributes::Rsa(keys::determine_rsa_attrs(
|
||||
4096,
|
||||
key_type,
|
||||
ard.algorithm_attributes(key_type)?,
|
||||
algo_info,
|
||||
)?),
|
||||
Self::NIST256 => AlgorithmAttributes::Ecc(keys::determine_ecc_attrs(
|
||||
Curve::NistP256r1.oid(),
|
||||
Self::ecc_type(key_type),
|
||||
|
@ -334,7 +346,7 @@ impl Curve {
|
|||
}
|
||||
|
||||
impl TryFrom<&[u8]> for Curve {
|
||||
type Error = crate::Error;
|
||||
type Error = Error;
|
||||
|
||||
fn try_from(oid: &[u8]) -> Result<Self, Self::Error> {
|
||||
use Curve::*;
|
||||
|
|
|
@ -9,7 +9,7 @@ use std::time::{SystemTime, UNIX_EPOCH};
|
|||
use crate::algorithm::{AlgoInfo, AlgorithmAttributes, Curve, EccAttrs, RsaAttrs};
|
||||
use crate::apdu::command::Command;
|
||||
use crate::apdu::commands;
|
||||
use crate::card_do::{ApplicationRelatedData, Fingerprint, KeyGenerationTime};
|
||||
use crate::card_do::{Fingerprint, KeyGenerationTime};
|
||||
use crate::crypto_data::{
|
||||
CardUploadableKey, EccKey, EccPub, EccType, PrivateKeyMaterial, PublicKeyMaterial, RSAKey,
|
||||
RSAPub,
|
||||
|
@ -189,7 +189,8 @@ pub(crate) fn key_import(
|
|||
// (round up to 4-bytes, in case the key has 8+ leading zero bits)
|
||||
let rsa_bits = (((rsa_key.n().len() * 8 + 31) / 32) * 32) as u16;
|
||||
|
||||
let rsa_attrs = determine_rsa_attrs(rsa_bits, key_type, &ard, algo_info)?;
|
||||
let algo_attr = ard.algorithm_attributes(key_type)?;
|
||||
let rsa_attrs = determine_rsa_attrs(rsa_bits, key_type, algo_attr, algo_info)?;
|
||||
|
||||
let key_cmd = rsa_key_import_cmd(key_type, rsa_key, &rsa_attrs)?;
|
||||
|
||||
|
@ -233,9 +234,9 @@ pub(crate) fn key_import(
|
|||
pub(crate) fn determine_rsa_attrs(
|
||||
rsa_bits: u16,
|
||||
key_type: KeyType,
|
||||
ard: &ApplicationRelatedData,
|
||||
algo_attr: AlgorithmAttributes,
|
||||
algo_info: Option<AlgoInfo>,
|
||||
) -> Result<RsaAttrs, crate::Error> {
|
||||
) -> Result<RsaAttrs, Error> {
|
||||
// Figure out suitable RSA algorithm parameters:
|
||||
|
||||
// Does the card offer a list of algorithms?
|
||||
|
@ -246,10 +247,8 @@ pub(crate) fn determine_rsa_attrs(
|
|||
} else {
|
||||
// No -> Get the current algorithm attributes for key_type.
|
||||
|
||||
let algo = ard.algorithm_attributes(key_type)?;
|
||||
|
||||
// Is the algorithm on the card currently set to RSA?
|
||||
if let AlgorithmAttributes::Rsa(rsa) = algo {
|
||||
if let AlgorithmAttributes::Rsa(rsa) = algo_attr {
|
||||
// If so, use the algorithm parameters from the card and
|
||||
// adjust the bit length based on the user-provided key.
|
||||
RsaAttrs::new(rsa_bits, rsa.len_e(), rsa.import_format())
|
||||
|
|
|
@ -1077,7 +1077,7 @@ impl<'a> OpenPgpTransaction<'a> {
|
|||
// -----------------
|
||||
|
||||
/// Import an existing private key to the card.
|
||||
/// (This implicitly sets the algorithm info, fingerprint and timestamp)
|
||||
/// (This implicitly sets the algorithm attributes, fingerprint and timestamp)
|
||||
pub fn key_import(
|
||||
&mut self,
|
||||
key: Box<dyn CardUploadableKey>,
|
||||
|
@ -1093,10 +1093,10 @@ impl<'a> OpenPgpTransaction<'a> {
|
|||
/// Generate a key on the card.
|
||||
/// (7.2.14 GENERATE ASYMMETRIC KEY PAIR)
|
||||
///
|
||||
/// If the `algo` parameter is Some, then this algorithm will be set on
|
||||
/// If the `algorithm_attributes` parameter is Some, then this algorithm will be set on
|
||||
/// the card for "key_type".
|
||||
///
|
||||
/// Note: `algo` needs to precisely specify the RSA bitsize of e (if
|
||||
/// Note: `algorithm_attributes` needs to precisely specify the RSA bitsize of e (if
|
||||
/// applicable), and import format, with values that the current card
|
||||
/// supports.
|
||||
pub fn generate_key(
|
||||
|
@ -1107,9 +1107,9 @@ impl<'a> OpenPgpTransaction<'a> {
|
|||
KeyType,
|
||||
) -> Result<Fingerprint, Error>,
|
||||
key_type: KeyType,
|
||||
algo: Option<&AlgorithmAttributes>,
|
||||
algorithm_attributes: Option<&AlgorithmAttributes>,
|
||||
) -> Result<(PublicKeyMaterial, KeyGenerationTime), Error> {
|
||||
keys::gen_key_with_metadata(self, fp_from_pub, key_type, algo)
|
||||
keys::gen_key_with_metadata(self, fp_from_pub, key_type, algorithm_attributes)
|
||||
}
|
||||
|
||||
/// Generate a key on the card.
|
||||
|
@ -1138,7 +1138,7 @@ impl<'a> OpenPgpTransaction<'a> {
|
|||
None
|
||||
};
|
||||
|
||||
let algo = simple.determine_algo(key_type, &ard, algo_info)?;
|
||||
let algo = simple.determine_algo_attributes(key_type, &ard, algo_info)?;
|
||||
|
||||
Self::generate_key(self, fp_from_pub, key_type, Some(&algo))
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue