Normalize naming: always use algo_info instead of algo_list.
This commit is contained in:
Heiko Schaefer
parent
281bf403e3
commit
4ff2cf8b2e
3 changed files with 30 additions and 30 deletions
|
|
@ -61,8 +61,8 @@ pub(crate) fn cardholder_certificate() -> Command {
|
||||||
get_data(&[0x7F, 0x21])
|
get_data(&[0x7F, 0x21])
|
||||||
}
|
}
|
||||||
|
|
||||||
/// GET DO "List of supported Algorithm attributes"
|
/// GET DO "Algorithm Information"
|
||||||
pub(crate) fn algo_list() -> Command {
|
pub(crate) fn algo_info() -> Command {
|
||||||
get_data(&[0xFA])
|
get_data(&[0xFA])
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -222,7 +222,7 @@ impl CardApp {
|
||||||
pub fn algorithm_information(&mut self) -> Result<Option<AlgoInfo>> {
|
pub fn algorithm_information(&mut self) -> Result<Option<AlgoInfo>> {
|
||||||
let resp = apdu::send_command(
|
let resp = apdu::send_command(
|
||||||
self.card_client(),
|
self.card_client(),
|
||||||
commands::algo_list(),
|
commands::algo_info(),
|
||||||
true,
|
true,
|
||||||
)?;
|
)?;
|
||||||
resp.check_ok()?;
|
resp.check_ok()?;
|
||||||
|
|
@ -798,13 +798,13 @@ impl CardApp {
|
||||||
key: Box<dyn CardUploadableKey>,
|
key: Box<dyn CardUploadableKey>,
|
||||||
key_type: KeyType,
|
key_type: KeyType,
|
||||||
) -> Result<(), Error> {
|
) -> Result<(), Error> {
|
||||||
let algo_list = self.algorithm_information();
|
let algo_info = self.algorithm_information();
|
||||||
|
|
||||||
// An error is ok - it's fine if a card doesn't offer a list of
|
// An error is ok - it's fine if a card doesn't offer a list of
|
||||||
// supported algorithms
|
// supported algorithms
|
||||||
let algo_list = algo_list.unwrap_or(None);
|
let algo_info = algo_info.unwrap_or(None);
|
||||||
|
|
||||||
keys::key_import(self, key, key_type, algo_list)
|
keys::key_import(self, key, key_type, algo_info)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Generate a key on the card.
|
/// Generate a key on the card.
|
||||||
|
|
|
||||||
|
|
@ -180,7 +180,7 @@ pub(crate) fn key_import(
|
||||||
card_app: &mut CardApp,
|
card_app: &mut CardApp,
|
||||||
key: Box<dyn CardUploadableKey>,
|
key: Box<dyn CardUploadableKey>,
|
||||||
key_type: KeyType,
|
key_type: KeyType,
|
||||||
algo_list: Option<AlgoInfo>,
|
algo_info: Option<AlgoInfo>,
|
||||||
) -> Result<(), Error> {
|
) -> Result<(), Error> {
|
||||||
// FIXME: caching?
|
// FIXME: caching?
|
||||||
let ard = card_app.application_related_data()?;
|
let ard = card_app.application_related_data()?;
|
||||||
|
|
@ -192,7 +192,7 @@ pub(crate) fn key_import(
|
||||||
let rsa_bits = (((rsa_key.n().len() * 8 + 31) / 32) * 32) as u16;
|
let rsa_bits = (((rsa_key.n().len() * 8 + 31) / 32) * 32) as u16;
|
||||||
|
|
||||||
let rsa_attrs =
|
let rsa_attrs =
|
||||||
determine_rsa_attrs(rsa_bits, key_type, &ard, algo_list)?;
|
determine_rsa_attrs(rsa_bits, key_type, &ard, algo_info)?;
|
||||||
|
|
||||||
let key_cmd = rsa_key_import_cmd(key_type, rsa_key, &rsa_attrs)?;
|
let key_cmd = rsa_key_import_cmd(key_type, rsa_key, &rsa_attrs)?;
|
||||||
|
|
||||||
|
|
@ -203,7 +203,7 @@ pub(crate) fn key_import(
|
||||||
ecc_key.oid(),
|
ecc_key.oid(),
|
||||||
ecc_key.ecc_type(),
|
ecc_key.ecc_type(),
|
||||||
key_type,
|
key_type,
|
||||||
algo_list,
|
algo_info,
|
||||||
)?;
|
)?;
|
||||||
|
|
||||||
let key_cmd = ecc_key_import_cmd(key_type, ecc_key, &ecc_attrs)?;
|
let key_cmd = ecc_key_import_cmd(key_type, ecc_key, &ecc_attrs)?;
|
||||||
|
|
@ -232,22 +232,22 @@ pub(crate) fn key_import(
|
||||||
/// Determine suitable RsaAttrs for the current card, for an `rsa_bits`
|
/// Determine suitable RsaAttrs for the current card, for an `rsa_bits`
|
||||||
/// sized key.
|
/// sized key.
|
||||||
///
|
///
|
||||||
/// If available, via lookup in `algo_list`, otherwise the current
|
/// If available, via lookup in `algo_info`, otherwise the current
|
||||||
/// algorithm attributes are checked. If neither method yields a
|
/// algorithm attributes are checked. If neither method yields a
|
||||||
/// result, we 'guess' the RsaAttrs setting.
|
/// result, we 'guess' the RsaAttrs setting.
|
||||||
pub(crate) fn determine_rsa_attrs(
|
pub(crate) fn determine_rsa_attrs(
|
||||||
rsa_bits: u16,
|
rsa_bits: u16,
|
||||||
key_type: KeyType,
|
key_type: KeyType,
|
||||||
ard: &ApplicationRelatedData,
|
ard: &ApplicationRelatedData,
|
||||||
algo_list: Option<AlgoInfo>,
|
algo_info: Option<AlgoInfo>,
|
||||||
) -> Result<RsaAttrs> {
|
) -> Result<RsaAttrs> {
|
||||||
// Figure out suitable RSA algorithm parameters:
|
// Figure out suitable RSA algorithm parameters:
|
||||||
|
|
||||||
// Does the card offer a list of algorithms?
|
// Does the card offer a list of algorithms?
|
||||||
let rsa_attrs = if let Some(algo_list) = algo_list {
|
let rsa_attrs = if let Some(algo_info) = algo_info {
|
||||||
// Yes -> Look up the parameters for key_type and rsa_bits.
|
// Yes -> Look up the parameters for key_type and rsa_bits.
|
||||||
// (Or error, if the list doesn't have an entry for rsa_bits)
|
// (Or error, if the list doesn't have an entry for rsa_bits)
|
||||||
card_algo_rsa(algo_list, key_type, rsa_bits)?
|
card_algo_rsa(algo_info, key_type, rsa_bits)?
|
||||||
} else {
|
} else {
|
||||||
// No -> Get the current algorithm attributes for key_type.
|
// No -> Get the current algorithm attributes for key_type.
|
||||||
|
|
||||||
|
|
@ -278,20 +278,20 @@ pub(crate) fn determine_rsa_attrs(
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Derive EccAttrs from `oid` and `ecc_type`, check if the OID is listed in
|
/// Derive EccAttrs from `oid` and `ecc_type`, check if the OID is listed in
|
||||||
/// algo_list.
|
/// `algo_info`.
|
||||||
pub(crate) fn determine_ecc_attrs(
|
pub(crate) fn determine_ecc_attrs(
|
||||||
oid: &[u8],
|
oid: &[u8],
|
||||||
ecc_type: EccType,
|
ecc_type: EccType,
|
||||||
key_type: KeyType,
|
key_type: KeyType,
|
||||||
algo_list: Option<AlgoInfo>,
|
algo_info: Option<AlgoInfo>,
|
||||||
) -> Result<EccAttrs> {
|
) -> Result<EccAttrs> {
|
||||||
// If we have an algo_list, refuse upload if oid is not listed
|
// If we have an algo_info, refuse upload if oid is not listed
|
||||||
if let Some(algo_list) = algo_list {
|
if let Some(algo_info) = algo_info {
|
||||||
let algos = check_card_algo_ecc(algo_list, key_type, oid);
|
let algos = check_card_algo_ecc(algo_info, key_type, oid);
|
||||||
if algos.is_empty() {
|
if algos.is_empty() {
|
||||||
// If oid is not in algo_list, return error.
|
// If oid is not in algo_info, return error.
|
||||||
return Err(anyhow!(
|
return Err(anyhow!(
|
||||||
"Oid {:?} unsupported according to algo_list",
|
"Oid {:?} unsupported according to algo_info",
|
||||||
oid
|
oid
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
@ -313,22 +313,22 @@ pub(crate) fn determine_ecc_attrs(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Return a default when we have no algo_list.
|
// Return a default when we have no algo_info.
|
||||||
// (Do cards that support ecc but have no algo_list exist?)
|
// (Do cards that support ecc but have no algo_info exist?)
|
||||||
|
|
||||||
Ok(EccAttrs::new(ecc_type, Curve::try_from(oid)?, None))
|
Ok(EccAttrs::new(ecc_type, Curve::try_from(oid)?, None))
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Look up RsaAttrs parameters in algo_list based on key_type and rsa_bits
|
/// Look up RsaAttrs parameters in algo_info based on key_type and rsa_bits
|
||||||
fn card_algo_rsa(
|
fn card_algo_rsa(
|
||||||
algo_list: AlgoInfo,
|
algo_info: AlgoInfo,
|
||||||
key_type: KeyType,
|
key_type: KeyType,
|
||||||
rsa_bits: u16,
|
rsa_bits: u16,
|
||||||
) -> Result<RsaAttrs, Error> {
|
) -> Result<RsaAttrs, Error> {
|
||||||
// Find suitable algorithm parameters (from card's list of algorithms).
|
// Find suitable algorithm parameters (from card's list of algorithms).
|
||||||
|
|
||||||
// Get Algos for this keytype
|
// Get Algos for this keytype
|
||||||
let keytype_algos: Vec<_> = algo_list.filter_by_keytype(key_type);
|
let keytype_algos: Vec<_> = algo_info.filter_by_keytype(key_type);
|
||||||
// Get RSA algo attributes
|
// Get RSA algo attributes
|
||||||
let rsa_algos: Vec<_> = keytype_algos
|
let rsa_algos: Vec<_> = keytype_algos
|
||||||
.iter()
|
.iter()
|
||||||
|
|
@ -349,25 +349,25 @@ fn card_algo_rsa(
|
||||||
// Using the last option happens to work better, in that case.
|
// Using the last option happens to work better, in that case.
|
||||||
Ok((**algo.last().unwrap()).clone())
|
Ok((**algo.last().unwrap()).clone())
|
||||||
} else {
|
} else {
|
||||||
// RSA with this bit length is not in algo_list
|
// RSA with this bit length is not in algo_info
|
||||||
return Err(anyhow!(
|
return Err(anyhow!(
|
||||||
"RSA {} unsupported according to algo_list",
|
"RSA {} unsupported according to algo_info",
|
||||||
rsa_bits
|
rsa_bits
|
||||||
)
|
)
|
||||||
.into());
|
.into());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Get all entries from algo_list with matching `oid` and `key_type`.
|
/// Get all entries from algo_info with matching `oid` and `key_type`.
|
||||||
fn check_card_algo_ecc(
|
fn check_card_algo_ecc(
|
||||||
algo_list: AlgoInfo,
|
algo_info: AlgoInfo,
|
||||||
key_type: KeyType,
|
key_type: KeyType,
|
||||||
oid: &[u8],
|
oid: &[u8],
|
||||||
) -> Vec<EccAttrs> {
|
) -> Vec<EccAttrs> {
|
||||||
// Find suitable algorithm parameters (from card's list of algorithms).
|
// Find suitable algorithm parameters (from card's list of algorithms).
|
||||||
|
|
||||||
// Get Algos for this keytype
|
// Get Algos for this keytype
|
||||||
let keytype_algos: Vec<_> = algo_list.filter_by_keytype(key_type);
|
let keytype_algos: Vec<_> = algo_info.filter_by_keytype(key_type);
|
||||||
|
|
||||||
// Get attributes
|
// Get attributes
|
||||||
let ecc_algos: Vec<_> = keytype_algos
|
let ecc_algos: Vec<_> = keytype_algos
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue