Implement generate_attestation()

openpgp-card-sequoia/src/card.rs

@@ -341,6 +341,11 @@ impl<'app, 'open> Sign<'app, 'open> {
 
         CardSigner::with_pubkey(&mut self.oc.opt, pubkey)
     }
+
+    /// Generate Attestation (Yubico)
+    pub fn generate_attestation(&mut self, key_type: KeyType) -> Result<(), Error> {
+        self.oc.opt.generate_attestation(key_type)
+    }
 }
 
 /// An OpenPGP card after successful verification of PW3 ("Admin privileges")

openpgp-card/src/apdu/commands.rs

@@ -218,6 +218,15 @@ pub(crate) fn key_import(data: Vec<u8>) -> Command {
     Command::new(0x00, 0xDB, 0x3F, 0xFF, data)
 }
 
+/// Generate attestation (Yubico)
+///
+/// key: 0x01 (SIG), 0x02 (DEC), 0x03 (AUT)
+///
+/// https://developers.yubico.com/PGP/Attestation.html
+pub(crate) fn generate_attestation(key: u8) -> Command {
+    Command::new(0x80, 0xFB, key, 0x00, vec![])
+}
+
 /// 7.2.16 TERMINATE DF
 pub(crate) fn terminate_df() -> Command {
     Command::new(0x00, 0xe6, 0x00, 0x00, vec![])

openpgp-card/src/openpgp.rs

@@ -780,7 +780,22 @@ impl<'a> OpenPgpTransaction<'a> {
         apdu::send_command(self.tx(), cmd, false)?.try_into()
     }
 
-    // FIXME: UIF for Attestation key and Generate Attestation command (Yubico)
+    // FIXME: UIF for Attestation key
+
+    /// Generate Attestation (Yubico)
+    pub fn generate_attestation(&mut self, key_type: KeyType) -> Result<(), Error> {
+        log::info!("OpenPgpTransaction: generate_attestation");
+
+        let key = match key_type {
+            KeyType::Signing => 0x01,
+            KeyType::Decryption => 0x02,
+            KeyType::Authentication => 0x03,
+            _ => return Err(Error::InternalError("Unexpected KeyType".to_string())),
+        };
+
+        let cmd = commands::generate_attestation(key);
+        apdu::send_command(self.tx(), cmd, false)?.try_into()
+    }
 
     // FIXME: Attestation key algo attr, FP, CA-FP, creation time