Implement set_pso_enc_dec_key()

openpgp-card-sequoia/src/card.rs

@@ -430,6 +430,10 @@ impl Admin<'_, '_> {
         self.oc.opt.set_resetting_code(pin)
     }
 
+    pub fn set_pso_enc_dec_key(&mut self, key: &[u8]) -> Result<(), Error> {
+        self.oc.opt.set_pso_enc_dec_key(key)
+    }
+
     pub fn reset_user_pin(&mut self, new: &[u8]) -> Result<(), Error> {
         self.oc.opt.reset_retry_counter_pw1(new, None)
     }

openpgp-card/src/lib.rs

@@ -314,6 +314,7 @@ pub(crate) enum Tags {
     GenerationTimeAuthentication,
     // FIXME: +D1, D2
     ResettingCode,
+    PsoEncDecKey,
 
     // OTHER
     // 4.4.3.12 Private Key Template
@@ -422,6 +423,7 @@ impl From<Tags> for ShortTag {
             Tags::GenerationTimeDecryption => [0xcf].into(),
             Tags::GenerationTimeAuthentication => [0xd0].into(),
             Tags::ResettingCode => [0xd3].into(),
+            Tags::PsoEncDecKey => [0xd5].into(),
 
             // OTHER
             // 4.4.3.12 Private Key Template

openpgp-card/src/openpgp.rs

@@ -801,6 +801,19 @@ impl<'a> OpenPgpTransaction<'a> {
         apdu::send_command(self.tx(), cmd, false)?.try_into()
     }
 
+    /// Set AES key for symmetric decryption/encryption operations.
+    ///
+    /// Optional DO (announced in Extended Capabilities) for
+    /// PSO:ENC/DEC with AES (32 bytes dec. in case of
+    /// AES256, 16 bytes dec. in case of AES128).
+    pub fn set_pso_enc_dec_key(&mut self, key: &[u8]) -> Result<(), Error> {
+        log::info!("OpenPgpTransaction: set_pso_enc_dec_key");
+
+        let fp_cmd = commands::put_data(Tags::PsoEncDecKey, key.to_vec());
+
+        apdu::send_command(self.tx(), fp_cmd, false)?.try_into()
+    }
+
     // FIXME: optional DO for PSO:ENC/DEC with AES
 
     /// Set UIF for PSO:CDS