openpgp-card-sequoia: add set_algorithm() (and remove algorithm setting from generate_key)

Also add set_algorithm_attributes().
2023-08-31 22:43:29 +02:00 · 2023-08-31 22:43:29 +02:00 · 1681d94710
commit 1681d94710
parent 87a9f4f216
2 changed files with 33 additions and 11 deletions
--- a/card-functionality/src/tests.rs
+++ b/card-functionality/src/tests.rs
@ -218,11 +218,13 @@ pub fn test_keygen(tx: &mut Card<Transaction>, param: &[&str]) -> Result<TestOut
    let alg = AlgoSimple::try_from(algo)?;

    println!(" Generate subkey for Signing");
-    let (pkm, ts) = admin.generate_key_simple(KeyType::Signing, Some(alg))?;
+    admin.set_algorithm(KeyType::Signing, alg)?;
+    let (pkm, ts) = admin.generate_key(KeyType::Signing)?;
    let key_sig = public_key_material_to_key(&pkm, KeyType::Signing, &ts, None, None)?;

    println!(" Generate subkey for Decryption");
-    let (pkm, ts) = admin.generate_key_simple(KeyType::Decryption, Some(alg))?;
+    admin.set_algorithm(KeyType::Decryption, alg)?;
+    let (pkm, ts) = admin.generate_key(KeyType::Decryption)?;
    let key_dec = public_key_material_to_key(
        &pkm,
        KeyType::Decryption,
@ -232,7 +234,8 @@ pub fn test_keygen(tx: &mut Card<Transaction>, param: &[&str]) -> Result<TestOut
    )?;

    println!(" Generate subkey for Authentication");
-    let (pkm, ts) = admin.generate_key_simple(KeyType::Authentication, Some(alg))?;
+    admin.set_algorithm(KeyType::Authentication, alg)?;
+    let (pkm, ts) = admin.generate_key(KeyType::Authentication)?;
    let key_aut = public_key_material_to_key(&pkm, KeyType::Authentication, &ts, None, None)?;

    tx.reload_ard()?;
--- a/openpgp-card-sequoia/src/lib.rs
+++ b/openpgp-card-sequoia/src/lib.rs
@ -964,17 +964,36 @@ impl Card<Admin<'_, '_>> {
        )
    }

-    pub fn generate_key_simple(
+    /// Configure the key slot `key_type` to `algorithm_attributes`.
+    /// This can be useful in preparation for [`Self::generate_key`].
+    ///
+    /// Note that legal values for [`AlgorithmAttributes`] are card-specific.
+    /// Different OpenPGP card implementations may support different
+    /// algorithms, sometimes with differing requirements for the encoding
+    /// (e.g. field sizes)
+    pub fn set_algorithm_attributes(
        &mut self,
        key_type: KeyType,
-        algo: Option<AlgoSimple>,
-    ) -> Result<(PublicKeyMaterial, KeyGenerationTime), Error> {
-        if let Some(algo) = algo {
-            // set algorithm attributes
-            let attr = algo.matching_algorithm_attributes(self.card(), key_type)?;
-            self.card().set_algorithm_attributes(key_type, &attr)?;
-        }
+        algorithm_attributes: &AlgorithmAttributes,
+    ) -> Result<(), Error> {
+        self.card()
+            .set_algorithm_attributes(key_type, algorithm_attributes)
+    }

+    /// Configure the key slot `key_type` to the algorithm `algo`.
+    /// This can be useful in preparation for [`Self::generate_key`].
+    pub fn set_algorithm(&mut self, key_type: KeyType, algo: AlgoSimple) -> Result<(), Error> {
+        let attr = algo.matching_algorithm_attributes(self.card(), key_type)?;
+        self.set_algorithm_attributes(key_type, &attr)
+    }
+
+    /// Generate a new cryptographic key in slot `key_type`, with the currently
+    /// configured cryptographic algorithm
+    /// (see [`Self::set_algorithm`] for changing the algorithm setting).
+    pub fn generate_key(
+        &mut self,
+        key_type: KeyType,
+    ) -> Result<(PublicKeyMaterial, KeyGenerationTime), Error> {
        self.card().generate_key(Self::ptf, key_type)
    }
 }