turnkey/openpgp-card
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

opgpcard: Make algo selection type safe

Browse source
This commit is contained in:
Nora Widdecke 2022-10-25 14:55:39 +02:00
parent 6101e17979
commit 23b4c05c3d
No known key found for this signature in database
GPG key ID: 2D4111B31DBB99B6
2 changed files with 36 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
tools/src/bin/opgpcard/cli.rs
View file

@ -194,9 +194,9 @@ pub enum AdminCommand {
#[clap(long = "no-auth", action = clap::ArgAction::SetFalse)] #[clap(long = "no-auth", action = clap::ArgAction::SetFalse)]
auth: bool, auth: bool,
/// Algorithm (rsa2048|rsa3072|rsa4096|nistp256|nistp384|nistp521|25519) /// Algorithm
#[clap()] #[clap(value_enum)]
algo: Option<String>, algo: Option<AdminGenerateAlgo>,
/// User ID to add to the exported certificate representation /// User ID to add to the exported certificate representation
#[clap(name = "User ID", short = 'u', long = "userid")] #[clap(name = "User ID", short = 'u', long = "userid")]
@ -378,3 +378,31 @@ impl From<SetIdentityId> for u8 {
} }
} }
} }
#[derive(ValueEnum, Debug, Clone)]
#[clap(rename_all = "lower")]
pub enum AdminGenerateAlgo {
Rsa2048,
Rsa3072,
Rsa4096,
Nistp256,
Nistp384,
Nistp521,
Curve25519,
}
impl From<AdminGenerateAlgo> for openpgp_card_sequoia::types::AlgoSimple {
fn from(aga: AdminGenerateAlgo) -> Self {
use openpgp_card_sequoia::types::AlgoSimple;
match aga {
AdminGenerateAlgo::Rsa2048 => AlgoSimple::RSA2k,
AdminGenerateAlgo::Rsa3072 => AlgoSimple::RSA3k,
AdminGenerateAlgo::Rsa4096 => AlgoSimple::RSA4k,
AdminGenerateAlgo::Nistp256 => AlgoSimple::NIST256,
AdminGenerateAlgo::Nistp384 => AlgoSimple::NIST384,
AdminGenerateAlgo::Nistp521 => AlgoSimple::NIST521,
AdminGenerateAlgo::Curve25519 => AlgoSimple::Curve25519,
}
}
}

22
tools/src/bin/opgpcard/main.rs
View file

@ -329,7 +329,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
output, output,
decrypt, decrypt,
auth, auth,
algo, algo.map(AlgoSimple::from),
user_id, user_id,
)?; )?;
} }
@ -1092,7 +1092,7 @@ fn generate_keys(
output_file: Option<PathBuf>, output_file: Option<PathBuf>,
decrypt: bool, decrypt: bool,
auth: bool, auth: bool,
algo: Option<String>, algo: Option<AlgoSimple>,
user_ids: Vec<String>, user_ids: Vec<String>,
) -> Result<()> { ) -> Result<()> {
let mut output = output::AdminGenerate::default(); let mut output = output::AdminGenerate::default();
@ -1111,26 +1111,14 @@ fn generate_keys(
// Because of this, for generation of RSA keys, here we take the approach // Because of this, for generation of RSA keys, here we take the approach
// of first trying one variant, and then if that fails, try the other. // of first trying one variant, and then if that fails, try the other.
let a = match algo.as_deref() { log::info!(" Key generation will be attempted with algo: {:?}", algo);
None => None, output.algorithm(format!("{:?}", algo));
Some("rsa2048") => Some(AlgoSimple::RSA2k),
Some("rsa3072") => Some(AlgoSimple::RSA3k),
Some("rsa4096") => Some(AlgoSimple::RSA4k),
Some("nistp256") => Some(AlgoSimple::NIST256),
Some("nistp384") => Some(AlgoSimple::NIST384),
Some("nistp521") => Some(AlgoSimple::NIST521),
Some("25519") => Some(AlgoSimple::Curve25519),
_ => return Err(anyhow!("Unexpected algorithm")),
};
log::info!(" Key generation will be attempted with algo: {:?}", a);
output.algorithm(format!("{:?}", a));
// 2) Then, generate keys on the card. // 2) Then, generate keys on the card.
// We need "admin" access to the card for this). // We need "admin" access to the card for this).
let (key_sig, key_dec, key_aut) = { let (key_sig, key_dec, key_aut) = {
if let Ok(mut admin) = util::verify_to_admin(&mut open, admin_pin) { if let Ok(mut admin) = util::verify_to_admin(&mut open, admin_pin) {
gen_subkeys(&mut admin, decrypt, auth, a)? gen_subkeys(&mut admin, decrypt, auth, algo)?
} else { } else {
return Err(anyhow!("Failed to open card in admin mode.")); return Err(anyhow!("Failed to open card in admin mode."));
} }