From 23b4c05c3d4f80561e1e9dcbbb46078bb71551f1 Mon Sep 17 00:00:00 2001 From: Nora Widdecke Date: Tue, 25 Oct 2022 14:55:39 +0200 Subject: [PATCH] opgpcard: Make algo selection type safe --- tools/src/bin/opgpcard/cli.rs | 34 +++++++++++++++++++++++++++++++--- tools/src/bin/opgpcard/main.rs | 22 +++++----------------- 2 files changed, 36 insertions(+), 20 deletions(-) diff --git a/tools/src/bin/opgpcard/cli.rs b/tools/src/bin/opgpcard/cli.rs index 4ca1048..d5874ec 100644 --- a/tools/src/bin/opgpcard/cli.rs +++ b/tools/src/bin/opgpcard/cli.rs @@ -194,9 +194,9 @@ pub enum AdminCommand { #[clap(long = "no-auth", action = clap::ArgAction::SetFalse)] auth: bool, - /// Algorithm (rsa2048|rsa3072|rsa4096|nistp256|nistp384|nistp521|25519) - #[clap()] - algo: Option, + /// Algorithm + #[clap(value_enum)] + algo: Option, /// User ID to add to the exported certificate representation #[clap(name = "User ID", short = 'u', long = "userid")] @@ -378,3 +378,31 @@ impl From for u8 { } } } + +#[derive(ValueEnum, Debug, Clone)] +#[clap(rename_all = "lower")] +pub enum AdminGenerateAlgo { + Rsa2048, + Rsa3072, + Rsa4096, + Nistp256, + Nistp384, + Nistp521, + Curve25519, +} + +impl From for openpgp_card_sequoia::types::AlgoSimple { + fn from(aga: AdminGenerateAlgo) -> Self { + use openpgp_card_sequoia::types::AlgoSimple; + + match aga { + AdminGenerateAlgo::Rsa2048 => AlgoSimple::RSA2k, + AdminGenerateAlgo::Rsa3072 => AlgoSimple::RSA3k, + AdminGenerateAlgo::Rsa4096 => AlgoSimple::RSA4k, + AdminGenerateAlgo::Nistp256 => AlgoSimple::NIST256, + AdminGenerateAlgo::Nistp384 => AlgoSimple::NIST384, + AdminGenerateAlgo::Nistp521 => AlgoSimple::NIST521, + AdminGenerateAlgo::Curve25519 => AlgoSimple::Curve25519, + } + } +} diff --git a/tools/src/bin/opgpcard/main.rs b/tools/src/bin/opgpcard/main.rs index c8beac6..28e07c8 100644 --- a/tools/src/bin/opgpcard/main.rs +++ b/tools/src/bin/opgpcard/main.rs @@ -329,7 +329,7 @@ fn main() -> Result<(), Box> { output, decrypt, auth, - algo, + algo.map(AlgoSimple::from), user_id, )?; } @@ -1092,7 +1092,7 @@ fn generate_keys( output_file: Option, decrypt: bool, auth: bool, - algo: Option, + algo: Option, user_ids: Vec, ) -> Result<()> { let mut output = output::AdminGenerate::default(); @@ -1111,26 +1111,14 @@ fn generate_keys( // Because of this, for generation of RSA keys, here we take the approach // of first trying one variant, and then if that fails, try the other. - let a = match algo.as_deref() { - None => None, - Some("rsa2048") => Some(AlgoSimple::RSA2k), - Some("rsa3072") => Some(AlgoSimple::RSA3k), - Some("rsa4096") => Some(AlgoSimple::RSA4k), - Some("nistp256") => Some(AlgoSimple::NIST256), - Some("nistp384") => Some(AlgoSimple::NIST384), - Some("nistp521") => Some(AlgoSimple::NIST521), - Some("25519") => Some(AlgoSimple::Curve25519), - _ => return Err(anyhow!("Unexpected algorithm")), - }; - - log::info!(" Key generation will be attempted with algo: {:?}", a); - output.algorithm(format!("{:?}", a)); + log::info!(" Key generation will be attempted with algo: {:?}", algo); + output.algorithm(format!("{:?}", algo)); // 2) Then, generate keys on the card. // We need "admin" access to the card for this). let (key_sig, key_dec, key_aut) = { if let Ok(mut admin) = util::verify_to_admin(&mut open, admin_pin) { - gen_subkeys(&mut admin, decrypt, auth, a)? + gen_subkeys(&mut admin, decrypt, auth, algo)? } else { return Err(anyhow!("Failed to open card in admin mode.")); }