turnkey/openpgp-card
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
886 commits 1 branch 0 tags 1.7 MiB
Commit graph

267 commits

Author SHA1 Message Date
Heiko Schaefer
5e7fcd079b
Change CardApp API: take &mut CardClient parameter for all calls (instead of owning a CardClientBox). 
This way, clients can exert control over the state of the CardClient, e.g. to combine CardApp operations in a PCSC transaction.
 2022-02-14 17:43:07 +01:00
Heiko Schaefer
5e0007c7fd
Add FIXME for construction of EdDSA public keys from a card 2022-01-27 16:10:02 +01:00
Heiko Schaefer
7031158f5b
Fix doctests 2021-12-12 02:34:56 +01:00
Heiko Schaefer
bba1c264dd
release openpgp-card-sequoia 0.0.7 2021-12-12 01:36:50 +01:00
Heiko Schaefer
383f592865
Don't apply Policy when picking (sub)key from Cert for sign/decrypt. 2021-12-11 23:36:36 +01:00
Heiko Schaefer
e5788f2a2c
Bump version for release. 2021-12-02 18:55:49 +01:00
Heiko Schaefer
413e8b7d2a
Bump versions for releases. 2021-12-02 18:45:46 +01:00
Heiko Schaefer
ecd862e23f
Remove "get_" prefix from getter function names (to better conform with Rust API Guidelines https://rust-lang.github.io/api-guidelines). 2021-12-01 19:11:22 +01:00
Heiko Schaefer
2709b4ad39
Implement pinpad feature detection and pinpad support for verify/modify (of pw1 and pw3) in pcsc backend. 
Extend CardCaps to contain pw1_max_len and pw3_max_len (and initialize these values from ARD).

Add pinpad_verify(), pinpad_modify(), feature_verify()/feature_modify() to CardClient API.
Expose in card_app (and openpgp-card-sequoia card API).

Adjust opgpcard, opgpcard-pin to ue pinpad reader when available.
 2021-11-30 22:51:18 +01:00
Heiko Schaefer
9de79477b9
Implement get_firmware_version (probably YubiKey specific) 2021-11-23 20:38:46 +01:00
Heiko Schaefer
a439397c62
Clippy fixes. 2021-11-22 16:33:15 +01:00
Heiko Schaefer
7413b5c062
Don't check cert revocation status when decrypting. 2021-11-22 16:33:15 +01:00
Heiko Schaefer
af673f537c
Adjust error handling in CardSigner and CardDecryptor (for better error messages in tools, such as opgpcard). 
Refactor sq_utils, rename some fn for clarity.
 2021-11-21 15:21:43 +01:00
Heiko Schaefer
874c28b7ff
Add get_pub_key() 2021-11-16 19:18:10 +01:00
Heiko Schaefer
13c8769ea3
Case insensitive comparison of ident. 2021-11-16 17:48:14 +01:00
Heiko Schaefer
90ae9398ed
Adjust the backend API and interaction with openpgp-card some more. 2021-11-12 18:47:56 +01:00
Heiko Schaefer
7a71f88eb6
Rename Open::open() to Open::new() 2021-11-11 16:40:08 +01:00
Heiko Schaefer
d10cbe8eff
clean up lints 2021-11-11 16:40:08 +01:00
Heiko Schaefer
d55985807c
Change the API for interactions between openpgp-card and backends. 
The goal of this change is a cleaner structure, and in particular to make it the default for client-code to obtain a CardApp with pre-initialized "capabilities" (that is, init_caps() gets called implicitely).
 2021-11-11 16:40:08 +01:00
Heiko Schaefer
288a2a8325
Add comments/assert for PSO: DECIPHER 2021-11-09 16:43:59 +01:00
Heiko Schaefer
87168ea0de
Cleanup imports 2021-11-05 23:14:36 +01:00
Heiko Schaefer
1a37b437e2
Releases 2021-11-05 23:07:48 +01:00
Heiko Schaefer
79cfcb09c2 In generate_key_simple(), the algo parameter is now an Option<AlgoSimple>. 
This allows uploading keys without explicitly setting the algorithm, thus leaving the card's algo setting unchanged.
 2021-11-05 13:34:14 +01:00
Heiko Schaefer
02401d12f4 Initial parts of key generation. 2021-11-05 13:34:14 +01:00
Heiko Schaefer
8674b0e65c Refactor "Open" to use a borrowed CardApp (instead of owning the CardApp). 2021-11-05 13:34:14 +01:00
Heiko Schaefer
edc89078ce Make the PublicKey type pub. 2021-11-03 02:26:07 +01:00
Heiko Schaefer
bc08ca68ed Releases 2021-10-29 22:51:23 +02:00
Heiko Schaefer
753bd8b71b Move example keys/data to openpgp-card-sequoia 2021-10-29 22:38:01 +02:00
Heiko Schaefer
aa7528ec9a Add functionality for cli tools. 2021-10-28 00:05:41 +02:00
Heiko Schaefer
3407cd3a39 Add reset_user_pin() fn for Open and for Admin, as well as set_resetting_code() to Admin. 2021-10-26 21:57:32 +02:00
Heiko Schaefer
2c0c19502f Add change_user_pin() and change_admin_pin() 2021-10-26 14:46:57 +02:00
Heiko Schaefer
77c7a90daf sq_util::get_subkey() now returns an Option. 
Not finding any subkey is not an error.
 2021-10-23 20:01:10 +02:00
Heiko Schaefer
ddf62dbfe2 Use the MPI::value_padded() method for left-padding. 2021-10-05 17:11:52 +02:00
Heiko Schaefer
1ce74ab8c6 Pad private key scalars of ECC keys. 
MPIs can have leading zeros stripped, in OpenPGP, however, e.g. the floss34 card requires the NIST scalar in its non-stripped form.
 2021-09-23 20:54:33 +02:00
Heiko Schaefer
6d24054e1e Normalize capitalization to "OpenPGP card" 2021-09-22 16:41:53 +02:00
Heiko Schaefer
cf8fb05210 Don't set a policy implicitly. 2021-09-21 16:59:01 +02:00
Heiko Schaefer
5417fde8ca Implement support for alternate ECC import format (which includes public key data) 2021-09-21 16:50:34 +02:00
Heiko Schaefer
332360cbbb Implement additional import formats for RSA key import. 2021-09-21 11:22:56 +02:00
Heiko Schaefer
5e92f4ee25 Adjust to changed extended_capabilities types. 2021-09-16 02:38:25 +02:00
Heiko Schaefer
39df280d70 Fix comment type 2021-09-16 02:05:28 +02:00
Heiko Schaefer
f2e5fea0fc extended capabilities: restructure, to prepare for different versions of this DO 2021-09-14 02:00:54 +02:00
Heiko Schaefer
d5651e96bb Reorganize key uploading API 2021-09-11 22:58:02 +02:00
Heiko Schaefer
1b9d860adf Minor edits on doc comments. 2021-09-11 16:54:34 +02:00
Heiko Schaefer
0d249a47fd sq_util::get_subkey() is now the central helper fn for picking a (sub)key from a Cert. 2021-09-11 16:27:31 +02:00
Heiko Schaefer
fe06db3510 Release pcsc and -sequoia 2021-09-11 13:02:54 +02:00
Heiko Schaefer
3b3a3b5064 More documentation 2021-09-11 13:00:05 +02:00
Heiko Schaefer
77b2ca98b0 Misc cleanup: 
Simplify verify_foo() calls.
More orderly output.
Remove Scdc for now.
 2021-09-11 12:42:33 +02:00
Heiko Schaefer
be95b9de43 Normalize fn names: remove 'get_' prefixes, and adjust to naming in the spec. 2021-09-11 12:42:33 +02:00
Heiko Schaefer
0e2b53feb4 Fix the assumptions about authorization underlying the card::* types: 
Multiple passwords can be validated on a card at the same time.
Rename verify_* fn to be more easily legible ("user" instead of "pw1", ...)
 2021-09-11 12:42:33 +02:00
Heiko Schaefer
1613f23ecc Minor adjustments to output formatting. 
Adjust path to example-data.
 2021-09-11 12:42:01 +02:00
Heiko Schaefer
a5b6ce468d Add high level crate documentation. 2021-09-11 12:42:01 +02:00
Heiko Schaefer
93fa9d9650 Make naming consistent. 2021-09-11 12:42:01 +02:00
Heiko Schaefer
936f04663c Rename list_cards() -> cards(). 
Remove open_yolo() from the openpgp-card-pcsc API (it's easy enough to approximate by using cards())
 2021-09-11 12:42:01 +02:00
Heiko Schaefer
55e7a2c794 Re-ordering the -sequoia crate, as a first step towards defining its API. 2021-09-11 12:42:01 +02:00
Heiko Schaefer
0302387bea Releases 2021-09-09 00:48:25 +02:00
Heiko Schaefer
ad929598ce Rename Features -> ExCapFeatures 2021-09-03 20:03:50 +02:00
Heiko Schaefer
7a78271211 Rename decrypt() to decipher(), to correspond with naming in spec. 
Add a note to investigate PKCS#1 formatting of the command input.
 2021-09-03 13:45:19 +02:00
Heiko Schaefer
8b5894e961 Rename get_app_data() to get_application_related_data() to correspond with naming in spec. 2021-09-02 22:09:46 +02:00
Heiko Schaefer
f5b31aac26 Move KeySet from card_do.rs to lib.rs 
(It is not a DO, only a container to conveniently handle triples of DO)
 2021-09-02 21:59:05 +02:00
Heiko Schaefer
6b3ae2cf62 Adjust DO struct names to correspond to naming in the spec 2021-09-02 21:54:44 +02:00
Heiko Schaefer
b560d4eb5a Add assert to hacky decryption case 2021-09-02 17:58:10 +02:00
Heiko Schaefer
316ca7eb3a Rename error types and re-export them at the crate top level. 2021-09-01 23:59:56 +02:00
Heiko Schaefer
f501c09d2f Add #[non_exhaustive] to error and crypto_data enums. 2021-09-01 22:46:04 +02:00
Heiko Schaefer
f8d998b3a6 Implement From<CardClientBox>, Into<CardClientBox> for CardApp and adjust client code. 2021-09-01 22:26:25 +02:00
Heiko Schaefer
88c924c7d9 Add documentation, normalize fn names. 2021-09-01 20:45:18 +02:00
Heiko Schaefer
935c77f59a Rename ApplicationRelatedData::get_aid() to get_application_id() 2021-08-28 19:58:34 +02:00
Heiko Schaefer
fdac0de34f Add a CI job to run 'cargo test' with rustc/cargo from debian stable. 
Minor fixes so that the code compiles with rustc 1.48
 2021-08-27 15:15:31 +02:00
Heiko Schaefer
9b321c5232 Don't fail when the card doesn't support algo information. 2021-08-26 20:57:50 +02:00
Heiko Schaefer
7c8c72339b Use KeyGenerationTime in openpgp-card APIs (instead of u32 or SystemTime) 2021-08-26 19:27:08 +02:00
Heiko Schaefer
eaf46e6bbb Make fields private, add accessor methods. 2021-08-26 17:59:54 +02:00
Heiko Schaefer
fadd327e7c Release pcsc, scdc. 2021-08-26 15:05:40 +02:00
Heiko Schaefer
9f3ebe8972 Release openpgp-card. 2021-08-26 15:01:59 +02:00
Heiko Schaefer
f3bfecd185 Use the openpgp_card::card_do::Fingerprint type instead of [u8; 20]. 
Add a TryFrom<&[u8]> implementation to Fingerprint.
 2021-08-25 21:25:20 +02:00
Heiko Schaefer
c14664b9d5 Implement get_security_support_template() 2021-08-21 20:22:03 +02:00
Heiko Schaefer
5109ac5445 Rename card_data -> card_do 2021-08-21 19:02:04 +02:00
Heiko Schaefer
d599471be5 Refactor: move cryptographic data structures to the module crypto_data 2021-08-21 17:43:44 +02:00
Heiko Schaefer
44e915d3e0 Refactor: move OpenPGP card data structures (and parsing) into the module card_data 2021-08-21 15:59:31 +02:00
Heiko Schaefer
c872e46e80 Refactor: move accessor fn for "Application Related Data" into the struct ApplicationRelatedData. 2021-08-20 22:19:39 +02:00
Heiko Schaefer
8aae0a357e Split the Response type into an internal RawResponse type which also contains the status bytes, and an external Response type that can only be generated from a RawResponse with status "ok". 
This removes the need for external users of openpgp-card to check the status or operations.
That is, openpgp-card now always returns an `Err` if the status of a command is not ok.
 2021-08-20 13:25:58 +02:00
Heiko Schaefer
f4b90dc4e7 Bump version for release 2021-08-18 20:14:30 +02:00
Heiko Schaefer
a35ba66784 Minor edit of README 2021-08-18 20:10:48 +02:00
Heiko Schaefer
b8e3fc4816 Set version numbers for crates.io releases 2021-08-18 19:57:54 +02:00
Heiko Schaefer
85a05167d1 Refactor, Document API. 
(Moved algorithm-related data structures to algorithm.rs)
 2021-08-18 19:19:22 +02:00
Heiko Schaefer
6be4daa690 Switch back to using the PCSC backend in the test code. 2021-08-18 15:02:15 +02:00
Heiko Schaefer
0b0e9c48fc Refactor: 
- Move high-level API from openpgp-card to openpgp-card-sequoia
- Move the pcsc backend into the separate crate openpgp-card-pcsc
 2021-08-18 14:03:54 +02:00
Heiko Schaefer
83d9a703db Simplify 2021-08-13 21:27:59 +02:00
Heiko Schaefer
3361c8b79d Extend Test configuration file format. 
Run key generation tests for the algorithms specified in the configuration.
 2021-08-13 20:02:53 +02:00
Heiko Schaefer
765b4e8fdc Move "make_cert" into openpgp-card-sequoia 2021-08-13 20:02:53 +02:00
Heiko Schaefer
e9f1256309 Remove/adjust debug prints 2021-08-13 20:02:53 +02:00
Heiko Schaefer
9e5bb9b5a6 Make CardSigner accessible (for use in card-functionality crate) 2021-08-13 20:02:53 +02:00
Heiko Schaefer
44d5abd7ed WIP: Handling of public key material from cards 2021-08-13 20:02:53 +02:00
Heiko Schaefer
a0d92d2dc4 Refactor: add a set_fingerprint() method to CardApp. 
Use that method instead of manually calling the apdu command.
Change type of fingerprint in CardUploadableKey to [u8; 20].
 2021-08-07 19:27:24 +02:00
Heiko Schaefer
7acc1deb98 - Implement key generation (without specifying an algorithm so the current algo is used. only supports RSA for now) 
- Refactor: rename key_upload.rs -> keys.rs
- Fix handling of key timestamps
 2021-08-06 20:14:02 +02:00
Heiko Schaefer
f67501d0f9 Lints 2021-08-05 15:16:16 +02:00
Heiko Schaefer
833cdbc238 Adjust to new ScdClient API, socket is not needed anymore. 2021-08-03 18:23:47 +02:00
Heiko Schaefer
083db2a8be Adjust to changed ScdClient API 2021-08-03 15:32:48 +02:00
Heiko Schaefer
9d93570d9f Add comment pointing to Gnuk source for decryption return format. 2021-07-29 17:33:30 +02:00
Heiko Schaefer
6c563b230b Handle Gnuk's return format for NistP256 decryption 2021-07-20 17:38:15 +02:00
Heiko Schaefer
2b221fa76b Truncate digest length for ECDSA. 
This fixes signing for nistp256 keys with Gnuk (Gnuk expects a 32 byte hash for nistp256)
 2021-07-19 14:18:09 +02:00
Heiko Schaefer
c85d006887 Support ECDSA signatures 2021-07-18 21:12:22 +02:00
Heiko Schaefer
97d4880118 Signing 2021-07-18 12:00:00 +02:00
Heiko Schaefer
5af213562b Add decryption to card-functionality tests. 2021-07-17 02:24:43 +02:00
Heiko Schaefer
4b7b4a2ab6 Use ScdClient::open_scdc_by_serial() in test code. 2021-07-16 17:24:53 +02:00
Heiko Schaefer
e34285dc68 Add helper fn vka_as_uploadable_key() 2021-07-16 17:23:47 +02:00
Heiko Schaefer
da51f27173 Simplify code. 2021-07-16 16:31:14 +02:00
Heiko Schaefer
01126aabdf Support scdaemon as an alternative backend for interaction with OpenPGP cards. 2021-07-16 16:30:56 +02:00
Heiko Schaefer
8e3c6c0046 Add an abstraction layer (CardClient) for access to the card, in preparation for scdaemon client mode. 2021-07-09 20:37:52 +02:00
Heiko Schaefer
fd9cd6eabd Change set* commands to leave out 'Le', because no response data is expected. 
(The Floss-Card 3.4 rejects set* commands with "expected" response data)
 2021-07-04 01:03:09 +02:00
Heiko Schaefer
3bc14e9d19 Implement check_pw1/3(), which calls "7.2.2 VERIFY" with no data ("Lc empty"), to ask the card for verification status. 
(It seems that the Yubikey 5 doesn't support this type of request, but instead responds "6A 80: Incorrect parameters")
 2021-07-04 00:04:35 +02:00
Heiko Schaefer
d1f854f2f0 Implement get_pw_status_bytes() 2021-07-03 21:23:17 +02:00
Heiko Schaefer
2a836546b3 Adjust README 2021-07-03 18:24:56 +02:00
Heiko Schaefer
01fab2d91c Use an "ident" to specify a card. 
The ident is a combination of manufacturer and serial number.

The OpenPGP card spec stipulates:
"Each OpenPGP application on a card from a manufacturer/personaliser has a unique serial number"
 2021-07-03 18:17:30 +02:00
Heiko Schaefer
920da0442b Rename structs that represent different verification states of the OpenPGP card. 2021-07-02 19:47:34 +02:00
Heiko Schaefer
f00865ab75 rustfmt 2021-07-01 23:46:12 +02:00
Heiko Schaefer
1f77472746 Add version to dependency 2021-06-30 22:37:20 +02:00
Heiko Schaefer
f8b10927e7 Documentation links 2021-06-30 22:34:42 +02:00
Heiko Schaefer
88f0598eab Initial commit 2021-06-30 22:29:23 +02:00