turnkey/openpgp-card
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
886 commits 1 branch 0 tags 1.7 MiB
Commit graph

267 commits

Author SHA1 Message Date
Heiko Schaefer
febf960b39
Bump versions 2022-06-11 10:03:52 +02:00
Heiko Schaefer
e3dfdbffe6
Implement key_slot() to get a PublicKey representation for one of the card's key slots. 2022-06-11 10:01:00 +02:00
Heiko Schaefer
441feb0a34
Implement reload_ard(). 2022-06-11 09:59:20 +02:00
Heiko Schaefer
d96e56651b
Add callback Fn for touch confirmation prompt to generate attestations. 2022-06-11 09:55:06 +02:00
Heiko Schaefer
374f9eec89
Add callback Fn for touch confirmation prompt for decryption operations. 2022-06-11 09:55:06 +02:00
Heiko Schaefer
079cc32427
Add callback Fn for touch confirmation prompt for signing operations. 2022-06-11 09:55:05 +02:00
Heiko Schaefer
ccba7c7e9f
Rename 'prompt' parameters to 'pinpad_prompt'. 2022-06-11 09:55:04 +02:00
Heiko Schaefer
bc58a346c2
Implement set_uif() 2022-06-11 09:55:03 +02:00
Heiko Schaefer
b90ee05f6d
Implement set_pso_enc_dec_key() 2022-05-28 19:41:54 +02:00
Heiko Schaefer
cd40e2bae4
Bump versions: 
- openpgp-card 0.2.5
- openpgp-card-sequoia 0.0.12
- openpgp-tools 0.0.10
 2022-05-24 16:20:59 +02:00
Heiko Schaefer
7b3152a88e
Add a note that the openpgp-card-sequoia API is an early draft (and subject to change). 2022-05-24 16:20:58 +02:00
Heiko Schaefer
432edd5a3e
Add workaround for select_data() on older Yubikey5 firmware versions. 
(This breaks API compatibility, but select_data() was so far not used in any published crate)
 2022-05-24 14:45:25 +02:00
Heiko Schaefer
0885cb0ac9
Add cardholder_certificate() 2022-05-24 14:45:25 +02:00
Heiko Schaefer
14143ee182
Implement next_cardholder_certificate() to read successive cardholder certificates from the card. 2022-05-24 14:45:24 +02:00
Heiko Schaefer
abd61d5a15
Implement generate_attestation() 2022-05-24 14:45:24 +02:00
Heiko Schaefer
6fad597637
Implement attestation_certificate() 2022-05-24 14:45:24 +02:00
Heiko Schaefer
f4e344b959
Bump openpgp-card-sequoia to 0.0.11; openpgp-card-tools to 0.0.8 2022-04-21 18:24:14 +02:00
Heiko Schaefer
fbdb9e87b2
Adjust openpgp-card-sequoia API to take resetting code as &[u8] instead of &str. 2022-04-21 13:28:21 +02:00
Heiko Schaefer
e6c40be8ad
Adjusted/improved handling of public keys (especially to find the correct KDF parameters for ECC decryption keys): 
- "Brute force" find the right KDF parameters in the new helper fn public_key_material_and_fp_to_key() [try possible parameters until a matching fingerprint is found, error if none].
- In `opgpcard pubkey`, use public_key_material_and_fp_to_key() to find the right parameters for the ECC decryption subkey (this subcommand now fails when the fingerprint on the card doesn't match the fingerprint of the public key data for that key slot)
- When generating OpenPGP ECC decryption keys from public key material (including to compute fingerprints from the key material), use SHA256/AES128 as default parameters.
 2022-04-15 16:17:04 +02:00
Heiko Schaefer
cf7dd20789
Don't dev-depend on scdc, for now. 2022-04-12 14:51:39 +02:00
Heiko Schaefer
aae546326f
Clean up dependencies; move openpgp-card-sequoia test-code into examples/. 2022-04-12 11:41:33 +02:00
Heiko Schaefer
6525c2ddbc
openpgp-card-sequoia release 0.0.9, use as a dependency in openpgp-card-tools 0.0.5 2022-03-30 03:15:07 +02:00
Heiko Schaefer
418bfc83f0
Make name optional in make_cert() 2022-03-30 02:10:07 +02:00
Heiko Schaefer
283f58d7d8
Cleanup import 2022-03-30 02:04:23 +02:00
Heiko Schaefer
f069fb1e20
Model PINs as &[u8] in openpgp-card-sequoia 2022-03-29 22:40:26 +02:00
Heiko Schaefer
63b47cffdc
Update/remove dependency on env_logger 2022-03-22 11:27:48 +01:00
Heiko Schaefer
0b4a18b136
Fix clippy lints 2022-03-06 16:15:13 +01:00
Heiko Schaefer
a8637f48b1
Bump versions 2022-02-24 21:25:47 +01:00
Heiko Schaefer
e9235164c8
Rename PIN-related functions for clarity 2022-02-24 21:25:47 +01:00
Heiko Schaefer
8ab3a43d6e
Use Error::InternalError less, introduce additional specific error variants. 2022-02-24 21:25:47 +01:00
Heiko Schaefer
088bb88a02
Consistently model pin as &[u8] in openpgp-card. 
Fixes #22
 2022-02-24 21:25:47 +01:00
Heiko Schaefer
96167f6530
Move OpenPGP card functionality into OpenPgp/OpenPgpTransaction. 
This separates backend access (implemented in CardBackend and CardTransaction) from OpenPGP card operations.

Fixes #7
 2022-02-24 21:25:47 +01:00
Heiko Schaefer
12a6a77b8d
CardTransaction::method should not return a Response. Most don't have a return value, the rest should return Vec<u8> instead. 
Fixes #19
 2022-02-24 21:25:47 +01:00
Heiko Schaefer
636813279b
Reformatted to conform to vanilla rustfmt. 2022-02-24 21:25:47 +01:00
Heiko Schaefer
1496da6dd5
Rename pcsc::PcscCard -> pcsc::PcscBackend, pcsc::TxClient -> pcsc::PcscTransaction 2022-02-18 15:58:12 +01:00
Heiko Schaefer
e01c79e857
Tweak ergonomics of openpgp-card-pcsc usage and simplify client code. 2022-02-18 15:06:31 +01:00
Heiko Schaefer
c23f23c619
Introduce the new CardBackend trait. 
A CardBackend represents a card without an open transaction (a CardTransaction implementation can be acquired from a CardBackend).
 2022-02-18 15:06:31 +01:00
Heiko Schaefer
5133051626
Rename CardClient -> CardTransaction. 2022-02-18 15:06:31 +01:00
Heiko Schaefer
dcf73bd86d
More explicit data type Lang for language. 2022-02-16 10:02:35 +01:00
Heiko Schaefer
574d7be765
Use byte-array data types for url, name, lang in openpgp-card. 2022-02-15 15:34:52 +01:00
Heiko Schaefer
0e94871189
Implement PcscCard::transaction() to replace the transaction!() macro. 
(This currently requires unreleased pcsc from git)
 2022-02-15 15:34:52 +01:00
Heiko Schaefer
87788e8912
rename get_txc!() -> transaction!() 2022-02-15 10:53:46 +01:00
Heiko Schaefer
bdde317a2d
Simplify optional $reselect parameter in get_txc!() 2022-02-15 10:53:46 +01:00
Heiko Schaefer
7573361836
Make ShareMode an optional parameter when opening cards via pcsc. 2022-02-15 10:53:46 +01:00
Heiko Schaefer
36b9fb2770
get_txc!() now assumes the OpenPGP application should be re-selected, by default 2022-02-15 10:49:55 +01:00
Heiko Schaefer
376072910e
Adjust openpgp-card-sequoia to changed openpgp-card API 2022-02-15 10:49:42 +01:00
Heiko Schaefer
53c8609f05
Remove unused imports 2022-02-14 17:46:16 +01:00
Heiko Schaefer
30341d6c4b
Rename: PcscClient->PcscCard,PcscTxClient->TxClient 2022-02-14 17:46:16 +01:00
Heiko Schaefer
2480745088
Move implementation of low-level OpenPGP functionality from CardApp to CardClient. 2022-02-14 17:46:16 +01:00
Heiko Schaefer
111f9e9631
Adjust to openpgp-card 0.2 API 2022-02-14 17:46:16 +01:00
Heiko Schaefer
5e7fcd079b
Change CardApp API: take &mut CardClient parameter for all calls (instead of owning a CardClientBox). 
This way, clients can exert control over the state of the CardClient, e.g. to combine CardApp operations in a PCSC transaction.
 2022-02-14 17:43:07 +01:00
Heiko Schaefer
5e0007c7fd
Add FIXME for construction of EdDSA public keys from a card 2022-01-27 16:10:02 +01:00
Heiko Schaefer
7031158f5b
Fix doctests 2021-12-12 02:34:56 +01:00
Heiko Schaefer
bba1c264dd
release openpgp-card-sequoia 0.0.7 2021-12-12 01:36:50 +01:00
Heiko Schaefer
383f592865
Don't apply Policy when picking (sub)key from Cert for sign/decrypt. 2021-12-11 23:36:36 +01:00
Heiko Schaefer
e5788f2a2c
Bump version for release. 2021-12-02 18:55:49 +01:00
Heiko Schaefer
413e8b7d2a
Bump versions for releases. 2021-12-02 18:45:46 +01:00
Heiko Schaefer
ecd862e23f
Remove "get_" prefix from getter function names (to better conform with Rust API Guidelines https://rust-lang.github.io/api-guidelines). 2021-12-01 19:11:22 +01:00
Heiko Schaefer
2709b4ad39
Implement pinpad feature detection and pinpad support for verify/modify (of pw1 and pw3) in pcsc backend. 
Extend CardCaps to contain pw1_max_len and pw3_max_len (and initialize these values from ARD).

Add pinpad_verify(), pinpad_modify(), feature_verify()/feature_modify() to CardClient API.
Expose in card_app (and openpgp-card-sequoia card API).

Adjust opgpcard, opgpcard-pin to ue pinpad reader when available.
 2021-11-30 22:51:18 +01:00
Heiko Schaefer
9de79477b9
Implement get_firmware_version (probably YubiKey specific) 2021-11-23 20:38:46 +01:00
Heiko Schaefer
a439397c62
Clippy fixes. 2021-11-22 16:33:15 +01:00
Heiko Schaefer
7413b5c062
Don't check cert revocation status when decrypting. 2021-11-22 16:33:15 +01:00
Heiko Schaefer
af673f537c
Adjust error handling in CardSigner and CardDecryptor (for better error messages in tools, such as opgpcard). 
Refactor sq_utils, rename some fn for clarity.
 2021-11-21 15:21:43 +01:00
Heiko Schaefer
874c28b7ff
Add get_pub_key() 2021-11-16 19:18:10 +01:00
Heiko Schaefer
13c8769ea3
Case insensitive comparison of ident. 2021-11-16 17:48:14 +01:00
Heiko Schaefer
90ae9398ed
Adjust the backend API and interaction with openpgp-card some more. 2021-11-12 18:47:56 +01:00
Heiko Schaefer
7a71f88eb6
Rename Open::open() to Open::new() 2021-11-11 16:40:08 +01:00
Heiko Schaefer
d10cbe8eff
clean up lints 2021-11-11 16:40:08 +01:00
Heiko Schaefer
d55985807c
Change the API for interactions between openpgp-card and backends. 
The goal of this change is a cleaner structure, and in particular to make it the default for client-code to obtain a CardApp with pre-initialized "capabilities" (that is, init_caps() gets called implicitely).
 2021-11-11 16:40:08 +01:00
Heiko Schaefer
288a2a8325
Add comments/assert for PSO: DECIPHER 2021-11-09 16:43:59 +01:00
Heiko Schaefer
87168ea0de
Cleanup imports 2021-11-05 23:14:36 +01:00
Heiko Schaefer
1a37b437e2
Releases 2021-11-05 23:07:48 +01:00
Heiko Schaefer
79cfcb09c2 In generate_key_simple(), the algo parameter is now an Option<AlgoSimple>. 
This allows uploading keys without explicitly setting the algorithm, thus leaving the card's algo setting unchanged.
 2021-11-05 13:34:14 +01:00
Heiko Schaefer
02401d12f4 Initial parts of key generation. 2021-11-05 13:34:14 +01:00
Heiko Schaefer
8674b0e65c Refactor "Open" to use a borrowed CardApp (instead of owning the CardApp). 2021-11-05 13:34:14 +01:00
Heiko Schaefer
edc89078ce Make the PublicKey type pub. 2021-11-03 02:26:07 +01:00
Heiko Schaefer
bc08ca68ed Releases 2021-10-29 22:51:23 +02:00
Heiko Schaefer
753bd8b71b Move example keys/data to openpgp-card-sequoia 2021-10-29 22:38:01 +02:00
Heiko Schaefer
aa7528ec9a Add functionality for cli tools. 2021-10-28 00:05:41 +02:00
Heiko Schaefer
3407cd3a39 Add reset_user_pin() fn for Open and for Admin, as well as set_resetting_code() to Admin. 2021-10-26 21:57:32 +02:00
Heiko Schaefer
2c0c19502f Add change_user_pin() and change_admin_pin() 2021-10-26 14:46:57 +02:00
Heiko Schaefer
77c7a90daf sq_util::get_subkey() now returns an Option. 
Not finding any subkey is not an error.
 2021-10-23 20:01:10 +02:00
Heiko Schaefer
ddf62dbfe2 Use the MPI::value_padded() method for left-padding. 2021-10-05 17:11:52 +02:00
Heiko Schaefer
1ce74ab8c6 Pad private key scalars of ECC keys. 
MPIs can have leading zeros stripped, in OpenPGP, however, e.g. the floss34 card requires the NIST scalar in its non-stripped form.
 2021-09-23 20:54:33 +02:00
Heiko Schaefer
6d24054e1e Normalize capitalization to "OpenPGP card" 2021-09-22 16:41:53 +02:00
Heiko Schaefer
cf8fb05210 Don't set a policy implicitly. 2021-09-21 16:59:01 +02:00
Heiko Schaefer
5417fde8ca Implement support for alternate ECC import format (which includes public key data) 2021-09-21 16:50:34 +02:00
Heiko Schaefer
332360cbbb Implement additional import formats for RSA key import. 2021-09-21 11:22:56 +02:00
Heiko Schaefer
5e92f4ee25 Adjust to changed extended_capabilities types. 2021-09-16 02:38:25 +02:00
Heiko Schaefer
39df280d70 Fix comment type 2021-09-16 02:05:28 +02:00
Heiko Schaefer
f2e5fea0fc extended capabilities: restructure, to prepare for different versions of this DO 2021-09-14 02:00:54 +02:00
Heiko Schaefer
d5651e96bb Reorganize key uploading API 2021-09-11 22:58:02 +02:00
Heiko Schaefer
1b9d860adf Minor edits on doc comments. 2021-09-11 16:54:34 +02:00
Heiko Schaefer
0d249a47fd sq_util::get_subkey() is now the central helper fn for picking a (sub)key from a Cert. 2021-09-11 16:27:31 +02:00
Heiko Schaefer
fe06db3510 Release pcsc and -sequoia 2021-09-11 13:02:54 +02:00
Heiko Schaefer
3b3a3b5064 More documentation 2021-09-11 13:00:05 +02:00
Heiko Schaefer
77b2ca98b0 Misc cleanup: 
Simplify verify_foo() calls.
More orderly output.
Remove Scdc for now.
 2021-09-11 12:42:33 +02:00
Heiko Schaefer
be95b9de43 Normalize fn names: remove 'get_' prefixes, and adjust to naming in the spec. 2021-09-11 12:42:33 +02:00
Heiko Schaefer
0e2b53feb4 Fix the assumptions about authorization underlying the card::* types: 
Multiple passwords can be validated on a card at the same time.
Rename verify_* fn to be more easily legible ("user" instead of "pw1", ...)
 2021-09-11 12:42:33 +02:00
Heiko Schaefer
1613f23ecc Minor adjustments to output formatting. 
Adjust path to example-data.
 2021-09-11 12:42:01 +02:00
Heiko Schaefer
a5b6ce468d Add high level crate documentation. 2021-09-11 12:42:01 +02:00
Heiko Schaefer
93fa9d9650 Make naming consistent. 2021-09-11 12:42:01 +02:00
Heiko Schaefer
936f04663c Rename list_cards() -> cards(). 
Remove open_yolo() from the openpgp-card-pcsc API (it's easy enough to approximate by using cards())
 2021-09-11 12:42:01 +02:00
Heiko Schaefer
55e7a2c794 Re-ordering the -sequoia crate, as a first step towards defining its API. 2021-09-11 12:42:01 +02:00
Heiko Schaefer
0302387bea Releases 2021-09-09 00:48:25 +02:00
Heiko Schaefer
ad929598ce Rename Features -> ExCapFeatures 2021-09-03 20:03:50 +02:00
Heiko Schaefer
7a78271211 Rename decrypt() to decipher(), to correspond with naming in spec. 
Add a note to investigate PKCS#1 formatting of the command input.
 2021-09-03 13:45:19 +02:00
Heiko Schaefer
8b5894e961 Rename get_app_data() to get_application_related_data() to correspond with naming in spec. 2021-09-02 22:09:46 +02:00
Heiko Schaefer
f5b31aac26 Move KeySet from card_do.rs to lib.rs 
(It is not a DO, only a container to conveniently handle triples of DO)
 2021-09-02 21:59:05 +02:00
Heiko Schaefer
6b3ae2cf62 Adjust DO struct names to correspond to naming in the spec 2021-09-02 21:54:44 +02:00
Heiko Schaefer
b560d4eb5a Add assert to hacky decryption case 2021-09-02 17:58:10 +02:00
Heiko Schaefer
316ca7eb3a Rename error types and re-export them at the crate top level. 2021-09-01 23:59:56 +02:00
Heiko Schaefer
f501c09d2f Add #[non_exhaustive] to error and crypto_data enums. 2021-09-01 22:46:04 +02:00
Heiko Schaefer
f8d998b3a6 Implement From<CardClientBox>, Into<CardClientBox> for CardApp and adjust client code. 2021-09-01 22:26:25 +02:00
Heiko Schaefer
88c924c7d9 Add documentation, normalize fn names. 2021-09-01 20:45:18 +02:00
Heiko Schaefer
935c77f59a Rename ApplicationRelatedData::get_aid() to get_application_id() 2021-08-28 19:58:34 +02:00
Heiko Schaefer
fdac0de34f Add a CI job to run 'cargo test' with rustc/cargo from debian stable. 
Minor fixes so that the code compiles with rustc 1.48
 2021-08-27 15:15:31 +02:00
Heiko Schaefer
9b321c5232 Don't fail when the card doesn't support algo information. 2021-08-26 20:57:50 +02:00
Heiko Schaefer
7c8c72339b Use KeyGenerationTime in openpgp-card APIs (instead of u32 or SystemTime) 2021-08-26 19:27:08 +02:00
Heiko Schaefer
eaf46e6bbb Make fields private, add accessor methods. 2021-08-26 17:59:54 +02:00
Heiko Schaefer
fadd327e7c Release pcsc, scdc. 2021-08-26 15:05:40 +02:00
Heiko Schaefer
9f3ebe8972 Release openpgp-card. 2021-08-26 15:01:59 +02:00
Heiko Schaefer
f3bfecd185 Use the openpgp_card::card_do::Fingerprint type instead of [u8; 20]. 
Add a TryFrom<&[u8]> implementation to Fingerprint.
 2021-08-25 21:25:20 +02:00
Heiko Schaefer
c14664b9d5 Implement get_security_support_template() 2021-08-21 20:22:03 +02:00
Heiko Schaefer
5109ac5445 Rename card_data -> card_do 2021-08-21 19:02:04 +02:00
Heiko Schaefer
d599471be5 Refactor: move cryptographic data structures to the module crypto_data 2021-08-21 17:43:44 +02:00
Heiko Schaefer
44e915d3e0 Refactor: move OpenPGP card data structures (and parsing) into the module card_data 2021-08-21 15:59:31 +02:00
Heiko Schaefer
c872e46e80 Refactor: move accessor fn for "Application Related Data" into the struct ApplicationRelatedData. 2021-08-20 22:19:39 +02:00
Heiko Schaefer
8aae0a357e Split the Response type into an internal RawResponse type which also contains the status bytes, and an external Response type that can only be generated from a RawResponse with status "ok". 
This removes the need for external users of openpgp-card to check the status or operations.
That is, openpgp-card now always returns an `Err` if the status of a command is not ok.
 2021-08-20 13:25:58 +02:00
Heiko Schaefer
f4b90dc4e7 Bump version for release 2021-08-18 20:14:30 +02:00
Heiko Schaefer
a35ba66784 Minor edit of README 2021-08-18 20:10:48 +02:00
Heiko Schaefer
b8e3fc4816 Set version numbers for crates.io releases 2021-08-18 19:57:54 +02:00
Heiko Schaefer
85a05167d1 Refactor, Document API. 
(Moved algorithm-related data structures to algorithm.rs)
 2021-08-18 19:19:22 +02:00
Heiko Schaefer
6be4daa690 Switch back to using the PCSC backend in the test code. 2021-08-18 15:02:15 +02:00
Heiko Schaefer
0b0e9c48fc Refactor: 
- Move high-level API from openpgp-card to openpgp-card-sequoia
- Move the pcsc backend into the separate crate openpgp-card-pcsc
 2021-08-18 14:03:54 +02:00
Heiko Schaefer
83d9a703db Simplify 2021-08-13 21:27:59 +02:00
Heiko Schaefer
3361c8b79d Extend Test configuration file format. 
Run key generation tests for the algorithms specified in the configuration.
 2021-08-13 20:02:53 +02:00
Heiko Schaefer
765b4e8fdc Move "make_cert" into openpgp-card-sequoia 2021-08-13 20:02:53 +02:00
Heiko Schaefer
e9f1256309 Remove/adjust debug prints 2021-08-13 20:02:53 +02:00
Heiko Schaefer
9e5bb9b5a6 Make CardSigner accessible (for use in card-functionality crate) 2021-08-13 20:02:53 +02:00
Heiko Schaefer
44d5abd7ed WIP: Handling of public key material from cards 2021-08-13 20:02:53 +02:00
Heiko Schaefer
a0d92d2dc4 Refactor: add a set_fingerprint() method to CardApp. 
Use that method instead of manually calling the apdu command.
Change type of fingerprint in CardUploadableKey to [u8; 20].
 2021-08-07 19:27:24 +02:00
Heiko Schaefer
7acc1deb98 - Implement key generation (without specifying an algorithm so the current algo is used. only supports RSA for now) 
- Refactor: rename key_upload.rs -> keys.rs
- Fix handling of key timestamps
 2021-08-06 20:14:02 +02:00
Heiko Schaefer
f67501d0f9 Lints 2021-08-05 15:16:16 +02:00
Heiko Schaefer
833cdbc238 Adjust to new ScdClient API, socket is not needed anymore. 2021-08-03 18:23:47 +02:00
Heiko Schaefer
083db2a8be Adjust to changed ScdClient API 2021-08-03 15:32:48 +02:00
Heiko Schaefer
9d93570d9f Add comment pointing to Gnuk source for decryption return format. 2021-07-29 17:33:30 +02:00
Heiko Schaefer
6c563b230b Handle Gnuk's return format for NistP256 decryption 2021-07-20 17:38:15 +02:00
Heiko Schaefer
2b221fa76b Truncate digest length for ECDSA. 
This fixes signing for nistp256 keys with Gnuk (Gnuk expects a 32 byte hash for nistp256)
 2021-07-19 14:18:09 +02:00
Heiko Schaefer
c85d006887 Support ECDSA signatures 2021-07-18 21:12:22 +02:00