From abd61d5a151e2355ab090179cc9b28318cfe16cb Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Tue, 24 May 2022 14:04:48 +0200 Subject: [PATCH] Implement generate_attestation() --- openpgp-card-sequoia/src/card.rs | 5 +++++ openpgp-card/src/apdu/commands.rs | 9 +++++++++ openpgp-card/src/openpgp.rs | 17 ++++++++++++++++- 3 files changed, 30 insertions(+), 1 deletion(-) diff --git a/openpgp-card-sequoia/src/card.rs b/openpgp-card-sequoia/src/card.rs index 078a458..238ab6e 100644 --- a/openpgp-card-sequoia/src/card.rs +++ b/openpgp-card-sequoia/src/card.rs @@ -341,6 +341,11 @@ impl<'app, 'open> Sign<'app, 'open> { CardSigner::with_pubkey(&mut self.oc.opt, pubkey) } + + /// Generate Attestation (Yubico) + pub fn generate_attestation(&mut self, key_type: KeyType) -> Result<(), Error> { + self.oc.opt.generate_attestation(key_type) + } } /// An OpenPGP card after successful verification of PW3 ("Admin privileges") diff --git a/openpgp-card/src/apdu/commands.rs b/openpgp-card/src/apdu/commands.rs index e4b9454..7f2fa8f 100644 --- a/openpgp-card/src/apdu/commands.rs +++ b/openpgp-card/src/apdu/commands.rs @@ -218,6 +218,15 @@ pub(crate) fn key_import(data: Vec) -> Command { Command::new(0x00, 0xDB, 0x3F, 0xFF, data) } +/// Generate attestation (Yubico) +/// +/// key: 0x01 (SIG), 0x02 (DEC), 0x03 (AUT) +/// +/// https://developers.yubico.com/PGP/Attestation.html +pub(crate) fn generate_attestation(key: u8) -> Command { + Command::new(0x80, 0xFB, key, 0x00, vec![]) +} + /// 7.2.16 TERMINATE DF pub(crate) fn terminate_df() -> Command { Command::new(0x00, 0xe6, 0x00, 0x00, vec![]) diff --git a/openpgp-card/src/openpgp.rs b/openpgp-card/src/openpgp.rs index f0771b0..338db43 100644 --- a/openpgp-card/src/openpgp.rs +++ b/openpgp-card/src/openpgp.rs @@ -780,7 +780,22 @@ impl<'a> OpenPgpTransaction<'a> { apdu::send_command(self.tx(), cmd, false)?.try_into() } - // FIXME: UIF for Attestation key and Generate Attestation command (Yubico) + // FIXME: UIF for Attestation key + + /// Generate Attestation (Yubico) + pub fn generate_attestation(&mut self, key_type: KeyType) -> Result<(), Error> { + log::info!("OpenPgpTransaction: generate_attestation"); + + let key = match key_type { + KeyType::Signing => 0x01, + KeyType::Decryption => 0x02, + KeyType::Authentication => 0x03, + _ => return Err(Error::InternalError("Unexpected KeyType".to_string())), + }; + + let cmd = commands::generate_attestation(key); + apdu::send_command(self.tx(), cmd, false)?.try_into() + } // FIXME: Attestation key algo attr, FP, CA-FP, creation time