Add callback Fn for touch confirmation prompt to generate attestations.

2022-05-31 01:14:56 +02:00 · 2022-05-31 01:14:56 +02:00 · d96e56651b
commit d96e56651b
parent 374f9eec89
2 changed files with 17 additions and 2 deletions
--- a/openpgp-card-sequoia/src/card.rs
+++ b/openpgp-card-sequoia/src/card.rs
@ -379,7 +379,20 @@ impl<'app, 'open> Sign<'app, 'open> {
    }

    /// Generate Attestation (Yubico)
-    pub fn generate_attestation(&mut self, key_type: KeyType) -> Result<(), Error> {
+    pub fn generate_attestation(
+        &mut self,
+        key_type: KeyType,
+        touch_prompt: &'open (dyn Fn() + Send + Sync),
+    ) -> Result<(), Error> {
+        // Touch is required if:
+        // - the card supports the feature
+        // - and the policy is set to a value other than 'Off'
+        if let Some(uif) = self.oc.ard.uif_attestation()? {
+            if uif.touch_policy().touch_required() {
+                (touch_prompt)();
+            }
+        }
+
        self.oc.opt.generate_attestation(key_type)
    }
 }
--- a/tools/src/bin/opgpcard/main.rs
+++ b/tools/src/bin/opgpcard/main.rs
@ -115,7 +115,9 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
                        return Err(anyhow!("Unexpected Key Type {}", key).into());
                    }
                };
-                sign.generate_attestation(kt)?;
+                sign.generate_attestation(kt, &|| {
+                    println!("Touch confirmation needed to generate an attestation")
+                })?;
            }
            cli::AttCommand::Statement { ident, key } => {
                let mut card = pick_card_for_reading(ident)?;