diff --git a/card-functionality/src/tests.rs b/card-functionality/src/tests.rs index 3fc10b2..b33f9e7 100644 --- a/card-functionality/src/tests.rs +++ b/card-functionality/src/tests.rs @@ -2,18 +2,16 @@ // SPDX-License-Identifier: MIT OR Apache-2.0 use anyhow::{Error, Result}; -use std::convert::TryInto; use std::str::FromStr; use std::string::FromUtf8Error; use thiserror::Error; use sequoia_openpgp::parse::Parse; use sequoia_openpgp::serialize::SerializeInto; -use sequoia_openpgp::types::Timestamp; use sequoia_openpgp::Cert; use openpgp_card::algorithm::AlgoSimple; -use openpgp_card::card_do::Sex; +use openpgp_card::card_do::{KeyGenerationTime, Sex}; use openpgp_card::errors::{OcErrorStatus, OpenpgpCardError}; use openpgp_card::{CardApp, KeyType}; use openpgp_card_sequoia::{ @@ -96,7 +94,7 @@ pub fn test_sign( fn check_key_upload_metadata( ca: &mut CardApp, - meta: &[(String, u32)], + meta: &[(String, KeyGenerationTime)], ) -> Result<()> { let ard = ca.get_app_data()?; @@ -117,21 +115,16 @@ fn check_key_upload_metadata( // get_key_generation_times let card_kg = ard.get_key_generation_times()?; - let sig: u32 = - card_kg.signature().expect("signature creation time").into(); - assert_eq!(sig, meta[0].1); + let sig = card_kg.signature().expect("signature creation time"); + assert_eq!(sig, &meta[0].1); - let dec: u32 = card_kg - .decryption() - .expect("decryption creation time") - .into(); - assert_eq!(dec, meta[1].1); + let dec = card_kg.decryption().expect("decryption creation time"); + assert_eq!(dec, &meta[1].1); - let auth: u32 = card_kg + let auth = card_kg .authentication() - .expect("authentication creation time") - .into(); - assert_eq!(auth, meta[2].1); + .expect("authentication creation time"); + assert_eq!(auth, &meta[2].1); Ok(()) } @@ -220,11 +213,7 @@ pub fn test_keygen( println!(" Generate subkey for Signing"); let (pkm, ts) = ca.generate_key_simple(public_to_fingerprint, KeyType::Signing, alg)?; - let key_sig = public_key_material_to_key( - &pkm, - KeyType::Signing, - Timestamp::from(ts).into(), - )?; + let key_sig = public_key_material_to_key(&pkm, KeyType::Signing, ts)?; println!(" Generate subkey for Decryption"); let (pkm, ts) = ca.generate_key_simple( @@ -232,11 +221,7 @@ pub fn test_keygen( KeyType::Decryption, alg, )?; - let key_dec = public_key_material_to_key( - &pkm, - KeyType::Decryption, - Timestamp::from(ts).into(), - )?; + let key_dec = public_key_material_to_key(&pkm, KeyType::Decryption, ts)?; println!(" Generate subkey for Authentication"); let (pkm, ts) = ca.generate_key_simple( @@ -244,11 +229,8 @@ pub fn test_keygen( KeyType::Authentication, alg, )?; - let key_aut = public_key_material_to_key( - &pkm, - KeyType::Authentication, - Timestamp::from(ts).into(), - )?; + let key_aut = + public_key_material_to_key(&pkm, KeyType::Authentication, ts)?; // Generate a Cert for this set of generated keys @@ -271,7 +253,7 @@ pub fn test_get_pub( // -- let sig = ca.get_pub_key(KeyType::Signing)?; - let ts = Timestamp::from(key_gen.signature().unwrap().get()).into(); + let ts = key_gen.signature().unwrap().get().into(); let key = openpgp_card_sequoia::public_key_material_to_key( &sig, KeyType::Signing, @@ -283,7 +265,7 @@ pub fn test_get_pub( // -- let dec = ca.get_pub_key(KeyType::Decryption)?; - let ts = Timestamp::from(key_gen.decryption().unwrap().get()).into(); + let ts = key_gen.decryption().unwrap().get().into(); let key = openpgp_card_sequoia::public_key_material_to_key( &dec, KeyType::Decryption, @@ -295,7 +277,7 @@ pub fn test_get_pub( // -- let auth = ca.get_pub_key(KeyType::Authentication)?; - let ts = Timestamp::from(key_gen.authentication().unwrap().get()).into(); + let ts = key_gen.authentication().unwrap().get().into(); let key = openpgp_card_sequoia::public_key_material_to_key( &auth, KeyType::Authentication, diff --git a/card-functionality/src/util.rs b/card-functionality/src/util.rs index 52e456a..e28c1a3 100644 --- a/card-functionality/src/util.rs +++ b/card-functionality/src/util.rs @@ -18,6 +18,7 @@ use sequoia_openpgp::serialize::stream::{ }; use sequoia_openpgp::Cert; +use openpgp_card::card_do::KeyGenerationTime; use openpgp_card::{CardApp, KeyType}; use openpgp_card_sequoia::vka_as_uploadable_key; @@ -26,7 +27,7 @@ pub const SP: &StandardPolicy = &StandardPolicy::new(); pub(crate) fn upload_subkeys( ca: &mut CardApp, cert: &Cert, -) -> Result> { +) -> Result> { let mut out = vec![]; for kt in [ @@ -45,7 +46,7 @@ pub(crate) fn upload_subkeys( .unwrap() .as_secs() as u32; - out.push((fp, creation)); + out.push((fp, creation.into())); // upload key let cuk = vka_as_uploadable_key(vka, None); diff --git a/openpgp-card-sequoia/src/lib.rs b/openpgp-card-sequoia/src/lib.rs index 45fb4db..0221481 100644 --- a/openpgp-card-sequoia/src/lib.rs +++ b/openpgp-card-sequoia/src/lib.rs @@ -34,8 +34,8 @@ use sequoia_openpgp as openpgp; use openpgp_card::algorithm::{Algo, AlgoInfo, Curve}; use openpgp_card::card_do::{ ApplicationId, ApplicationRelatedData, Cardholder, ExtendedCap, - ExtendedLengthInfo, Features, Fingerprint, Historical, KeySet, PWStatus, - SecuritySupportTemplate, Sex, + ExtendedLengthInfo, Features, Fingerprint, Historical, KeyGenerationTime, + KeySet, PWStatus, SecuritySupportTemplate, Sex, }; use openpgp_card::crypto_data::{ CardUploadableKey, Cryptogram, EccKey, EccType, Hash, PrivateKeyMaterial, @@ -92,8 +92,10 @@ pub fn vka_as_uploadable_key( pub fn public_key_material_to_key( pkm: &PublicKeyMaterial, key_type: KeyType, - time: SystemTime, + time: KeyGenerationTime, ) -> Result> { + let time = Timestamp::from(time.get()).into(); + match pkm { PublicKeyMaterial::R(rsa) => { let k4 = Key4::import_public_rsa(rsa.v(), rsa.n(), Some(time))?; @@ -362,9 +364,11 @@ impl CardUploadableKey for SequoiaKey { /// Number of non-leap seconds since January 1, 1970 0:00:00 UTC /// (aka "UNIX timestamp") - fn get_ts(&self) -> u32 { + fn get_ts(&self) -> KeyGenerationTime { let ts: Timestamp = Timestamp::try_from(self.key.creation_time()) .expect("Creation time cannot be converted into u32 timestamp"); + let ts: u32 = ts.into(); + ts.into() } @@ -539,11 +543,11 @@ pub fn sign( /// timestamp + KeyType" (intended for use with `CardApp.generate_key()`). pub fn public_to_fingerprint( pkm: &PublicKeyMaterial, - ts: SystemTime, + time: KeyGenerationTime, kt: KeyType, ) -> Result { // Transform PublicKeyMaterial into a Sequoia Key - let key = public_key_material_to_key(pkm, kt, ts)?; + let key = public_key_material_to_key(pkm, kt, time)?; // Get fingerprint from the Sequoia Key let fp = key.fingerprint(); diff --git a/openpgp-card/src/card_app.rs b/openpgp-card/src/card_app.rs index 5770b48..08e05ce 100644 --- a/openpgp-card/src/card_app.rs +++ b/openpgp-card/src/card_app.rs @@ -4,15 +4,14 @@ use std::borrow::BorrowMut; use std::convert::TryFrom; use std::convert::TryInto; -use std::time::SystemTime; use anyhow::{anyhow, Result}; use crate::algorithm::{Algo, AlgoInfo, AlgoSimple, RsaAttrs}; use crate::apdu::{commands, response::Response}; use crate::card_do::{ - ApplicationRelatedData, Cardholder, Fingerprint, PWStatus, - SecuritySupportTemplate, Sex, + ApplicationRelatedData, Cardholder, Fingerprint, KeyGenerationTime, + PWStatus, SecuritySupportTemplate, Sex, }; use crate::crypto_data::{ CardUploadableKey, Cryptogram, EccType, Hash, PublicKeyMaterial, @@ -473,11 +472,12 @@ impl CardApp { pub fn set_creation_time( &mut self, - time: u32, + time: KeyGenerationTime, key_type: KeyType, ) -> Result { // Timestamp update let time_value: Vec = time + .get() .to_be_bytes() .iter() .skip_while(|&&e| e == 0) @@ -625,12 +625,12 @@ impl CardApp { &mut self, fp_from_pub: fn( &PublicKeyMaterial, - SystemTime, + KeyGenerationTime, KeyType, ) -> Result, key_type: KeyType, algo: Option<&Algo>, - ) -> Result<(PublicKeyMaterial, u32), OpenpgpCardError> { + ) -> Result<(PublicKeyMaterial, KeyGenerationTime), OpenpgpCardError> { keys::gen_key_with_metadata(self, fp_from_pub, key_type, algo) } @@ -640,12 +640,12 @@ impl CardApp { &mut self, fp_from_pub: fn( &PublicKeyMaterial, - SystemTime, + KeyGenerationTime, KeyType, ) -> Result, key_type: KeyType, algo: AlgoSimple, - ) -> Result<(PublicKeyMaterial, u32), OpenpgpCardError> { + ) -> Result<(PublicKeyMaterial, KeyGenerationTime), OpenpgpCardError> { let algo = algo.get_algo(key_type); self.generate_key(fp_from_pub, key_type, Some(&algo)) } diff --git a/openpgp-card/src/card_do/mod.rs b/openpgp-card/src/card_do/mod.rs index c0c6108..241c83a 100644 --- a/openpgp-card/src/card_do/mod.rs +++ b/openpgp-card/src/card_do/mod.rs @@ -182,7 +182,7 @@ impl SecuritySupportTemplate { } /// An OpenPGP key generation Time -#[derive(Clone, Eq, PartialEq, Debug)] +#[derive(Clone, Copy, Eq, PartialEq, Debug)] pub struct KeyGenerationTime(u32); impl KeyGenerationTime { diff --git a/openpgp-card/src/crypto_data.rs b/openpgp-card/src/crypto_data.rs index 169dfbe..f080c38 100644 --- a/openpgp-card/src/crypto_data.rs +++ b/openpgp-card/src/crypto_data.rs @@ -8,7 +8,7 @@ use anyhow::Result; use crate::algorithm::Algo; -use crate::card_do::Fingerprint; +use crate::card_do::{Fingerprint, KeyGenerationTime}; use crate::errors::OpenpgpCardError; /// A hash value that can be signed by the card. @@ -66,7 +66,7 @@ pub trait CardUploadableKey { fn get_key(&self) -> Result; /// timestamp of (sub)key creation - fn get_ts(&self) -> u32; + fn get_ts(&self) -> KeyGenerationTime; /// fingerprint fn get_fp(&self) -> Result; diff --git a/openpgp-card/src/keys.rs b/openpgp-card/src/keys.rs index a9181f4..4481815 100644 --- a/openpgp-card/src/keys.rs +++ b/openpgp-card/src/keys.rs @@ -11,7 +11,7 @@ use crate::algorithm::{Algo, AlgoInfo, Curve, EccAttrs, RsaAttrs}; use crate::apdu::command::Command; use crate::apdu::commands; use crate::card_app::CardApp; -use crate::card_do::Fingerprint; +use crate::card_do::{Fingerprint, KeyGenerationTime}; use crate::crypto_data::{ CardUploadableKey, EccKey, EccPub, PrivateKeyMaterial, PublicKeyMaterial, RSAKey, RSAPub, @@ -26,12 +26,12 @@ pub(crate) fn gen_key_with_metadata( card_app: &mut CardApp, fp_from_pub: fn( &PublicKeyMaterial, - SystemTime, + KeyGenerationTime, KeyType, ) -> Result, key_type: KeyType, algo: Option<&Algo>, -) -> Result<(PublicKeyMaterial, u32), OpenpgpCardError> { +) -> Result<(PublicKeyMaterial, KeyGenerationTime), OpenpgpCardError> { // set algo on card if it's Some if let Some(algo) = algo { card_app.set_algorithm_attributes(key_type, algo)?; @@ -58,10 +58,12 @@ pub(crate) fn gen_key_with_metadata( .map_err(|e| OpenpgpCardError::InternalError(anyhow!(e)))? .as_secs() as u32; + let ts = ts.into(); + card_app.set_creation_time(ts, key_type)?; // calculate/store fingerprint - let fp = fp_from_pub(&pubkey, time, key_type)?; + let fp = fp_from_pub(&pubkey, ts, key_type)?; card_app.set_fingerprint(fp, key_type)?; Ok((pubkey, ts)) @@ -421,7 +423,7 @@ fn rsa_key_cmd( fn copy_key_to_card( card_app: &mut CardApp, key_type: KeyType, - ts: u32, + ts: KeyGenerationTime, fp: Fingerprint, algo: &Algo, key_cmd: Command,