turnkey/openpgp-card
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Remove Arc<Mutex<>> attempts, rely on assuan::Client now being Send+Sync

Browse source
This commit is contained in:
Heiko Schaefer 2021-07-16 14:15:03 +02:00
parent 68cad4c147
commit b8bd87bd7e
5 changed files with 18 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
openpgp-card-sequoia/src/lib.rs
View file

@ -24,7 +24,6 @@ use openpgp_card::{
errors::OpenpgpCardError, CardAdmin, CardSign, CardUploadableKey, errors::OpenpgpCardError, CardAdmin, CardSign, CardUploadableKey,
CardUser, EccKey, EccType, KeyType, PrivateKeyMaterial, RSAKey, CardUser, EccKey, EccType, KeyType, PrivateKeyMaterial, RSAKey,
}; };
use std::sync::{Arc, Mutex};
mod decryptor; mod decryptor;
mod signer; mod signer;
@ -291,7 +290,7 @@ pub fn decrypt(
} }
pub fn sign( pub fn sign(
ocu: Arc<Mutex<CardSign>>, ocu: CardSign,
cert: &sequoia_openpgp::Cert, cert: &sequoia_openpgp::Cert,
input: &mut dyn io::Read, input: &mut dyn io::Read,
) -> Result<String> { ) -> Result<String> {

7
openpgp-card-sequoia/src/main.rs
View file

@ -8,9 +8,8 @@ use anyhow::Result;
use sequoia_openpgp::parse::Parse; use sequoia_openpgp::parse::Parse;
use sequoia_openpgp::Cert; use sequoia_openpgp::Cert;
use openpgp_card::{CardBase, KeyType}; use openpgp_card::KeyType;
use openpgp_card_scdc::ScdClient; use openpgp_card_scdc::ScdClient;
use std::sync::{Arc, Mutex};
// Filename of test key and test message to use: // Filename of test key and test message to use:
@ -196,14 +195,14 @@ fn main() -> Result<(), Box<dyn Error>> {
// Sign // Sign
match oc.verify_pw1_for_signing("123456") { match oc.verify_pw1_for_signing("123456") {
Ok(mut oc_user) => { Ok(oc_user) => {
println!("pw1 81 verify ok"); println!("pw1 81 verify ok");
let cert = Cert::from_file(TEST_KEY_PATH)?; let cert = Cert::from_file(TEST_KEY_PATH)?;
let text = "Hello world, I am signed."; let text = "Hello world, I am signed.";
let res = openpgp_card_sequoia::sign( let res = openpgp_card_sequoia::sign(
Arc::new(Mutex::new(oc_user)), oc_user,
&cert, &cert,
&mut text.as_bytes(), &mut text.as_bytes(),
); );

17
openpgp-card-sequoia/src/signer.rs
View file

@ -15,11 +15,10 @@ use openpgp_card::CardSign;
use openpgp_card::Hash; use openpgp_card::Hash;
use crate::PublicKey; use crate::PublicKey;
use std::sync::{Arc, Mutex};
pub(crate) struct CardSigner { pub(crate) struct CardSigner {
/// The OpenPGP card (authenticated to allow signing operations) /// The OpenPGP card (authenticated to allow signing operations)
ocu: Arc<Mutex<CardSign>>, ocu: CardSign,
/// The matching public key for the card's signing key /// The matching public key for the card's signing key
public: PublicKey, public: PublicKey,
@ -31,12 +30,12 @@ impl CardSigner {
/// An Error is returned if no match between the card's signing /// An Error is returned if no match between the card's signing
/// key and a (sub)key of `cert` can be made. /// key and a (sub)key of `cert` can be made.
pub fn new( pub fn new(
cs: Arc<Mutex<CardSign>>, cs: CardSign,
cert: &openpgp::Cert, cert: &openpgp::Cert,
policy: &dyn Policy, policy: &dyn Policy,
) -> Result<CardSigner, OpenpgpCardError> { ) -> Result<CardSigner, OpenpgpCardError> {
// Get the fingerprint for the signing key from the card. // Get the fingerprint for the signing key from the card.
let fps = cs.lock().unwrap().get_fingerprints()?; let fps = cs.get_fingerprints()?;
let fp = fps.signature(); let fp = fps.signature();
if let Some(fp) = fp { if let Some(fp) = fp {
@ -123,10 +122,7 @@ impl<'a> crypto::Signer for CardSigner {
} }
}; };
let cs = self.ocu.clone(); let sig = self.ocu.signature_for_hash(hash)?;
let mut cs = cs.lock().unwrap();
let sig = cs.signature_for_hash(hash)?;
let mpi = mpi::MPI::new(&sig[..]); let mpi = mpi::MPI::new(&sig[..]);
Ok(mpi::Signature::RSA { s: mpi }) Ok(mpi::Signature::RSA { s: mpi })
@ -134,10 +130,7 @@ impl<'a> crypto::Signer for CardSigner {
(PublicKeyAlgorithm::EdDSA, mpi::PublicKey::EdDSA { .. }) => { (PublicKeyAlgorithm::EdDSA, mpi::PublicKey::EdDSA { .. }) => {
let hash = Hash::EdDSA(digest); let hash = Hash::EdDSA(digest);
let cs = self.ocu.clone(); let sig = self.ocu.signature_for_hash(hash)?;
let mut cs = cs.lock().unwrap();
let sig = cs.signature_for_hash(hash)?;
let r = mpi::MPI::new(&sig[..32]); let r = mpi::MPI::new(&sig[..32]);
let s = mpi::MPI::new(&sig[32..]); let s = mpi::MPI::new(&sig[32..]);

2
openpgp-card/src/lib.rs
View file

@ -30,7 +30,7 @@ pub trait CardClient {
fn transmit(&mut self, cmd: &[u8], buf_size: usize) -> Result<Vec<u8>>; fn transmit(&mut self, cmd: &[u8], buf_size: usize) -> Result<Vec<u8>>;
} }
pub type CardClientBox = Box<dyn CardClient + Send>; pub type CardClientBox = Box<dyn CardClient + Send + Sync>;
/// Information about the capabilities of the card. /// Information about the capabilities of the card.
/// (feature configuration from card metadata) /// (feature configuration from card metadata)

21
scdc/src/lib.rs
View file

@ -5,7 +5,7 @@ use anyhow::{anyhow, Result};
use futures::StreamExt; use futures::StreamExt;
use lazy_static::lazy_static; use lazy_static::lazy_static;
use sequoia_ipc::assuan::{Client, Response}; use sequoia_ipc::assuan::{Client, Response};
use std::sync::{Arc, Mutex}; use std::sync::Mutex;
use tokio::runtime::Runtime; use tokio::runtime::Runtime;
use openpgp_card::errors::OpenpgpCardError; use openpgp_card::errors::OpenpgpCardError;
@ -17,7 +17,7 @@ lazy_static! {
} }
pub struct ScdClient { pub struct ScdClient {
client: Arc<Mutex<Client>>, client: Client,
} }
impl ScdClient { impl ScdClient {
@ -47,27 +47,24 @@ impl ScdClient {
pub fn new(socket: &str) -> Result<Self> { pub fn new(socket: &str) -> Result<Self> {
let client = RT.lock().unwrap().block_on(Client::connect(socket))?; let client = RT.lock().unwrap().block_on(Client::connect(socket))?;
let client = Arc::new(Mutex::new(client));
Ok(Self { client }) Ok(Self { client })
} }
/// SERIALNO --demand=D27600012401030400050000A8350000 /// SERIALNO --demand=D27600012401030400050000A8350000
fn select_card(&mut self, serial: &str) -> Result<()> { fn select_card(&mut self, serial: &str) -> Result<()> {
let mut client = self.client.lock().unwrap();
let send = format!("SERIALNO --demand={}\n", serial); let send = format!("SERIALNO --demand={}\n", serial);
client.send(send)?; self.client.send(send)?;
let mut rt = RT.lock().unwrap(); let mut rt = RT.lock().unwrap();
while let Some(response) = rt.block_on(client.next()) { while let Some(response) = rt.block_on(self.client.next()) {
if let Err(_) = response { if let Err(_) = response {
return Err(anyhow!("Card not found")); return Err(anyhow!("Card not found"));
} }
if let Ok(Response::Status { .. }) = response { if let Ok(Response::Status { .. }) = response {
// drop remaining lines // drop remaining lines
while let Some(drop) = rt.block_on(client.next()) {} while let Some(_drop) = rt.block_on(self.client.next()) {}
return Ok(()); return Ok(());
} }
@ -81,15 +78,13 @@ impl CardClient for ScdClient {
fn transmit(&mut self, cmd: &[u8], _: usize) -> Result<Vec<u8>> { fn transmit(&mut self, cmd: &[u8], _: usize) -> Result<Vec<u8>> {
let hex = hex::encode(cmd); let hex = hex::encode(cmd);
let mut client = self.client.lock().unwrap();
let send = format!("APDU {}\n", hex); let send = format!("APDU {}\n", hex);
println!("send: '{}'", send); println!("send: '{}'", send);
client.send(send)?; self.client.send(send)?;
let mut rt = RT.lock().unwrap(); let mut rt = RT.lock().unwrap();
while let Some(response) = rt.block_on(client.next()) { while let Some(response) = rt.block_on(self.client.next()) {
println!("res: {:x?}", response); println!("res: {:x?}", response);
if let Err(_) = response { if let Err(_) = response {
unimplemented!(); unimplemented!();
@ -99,7 +94,7 @@ impl CardClient for ScdClient {
let res = partial; let res = partial;
// drop remaining lines // drop remaining lines
while let Some(drop) = rt.block_on(client.next()) { while let Some(drop) = rt.block_on(self.client.next()) {
println!("drop: {:x?}", drop); println!("drop: {:x?}", drop);
} }