turnkey/openpgp-card
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
580 commits 1 branch 0 tags 1.7 MiB
Commit graph

273 commits

Author SHA1 Message Date
Heiko Schaefer
52a146fd56 implement internal_authenticate 2021-11-04 18:05:45 +01:00
Heiko Schaefer
19ca7d9308 In factory_reset(), StatusBytes::PasswordNotChecked is also a legal response to "verify" calls to a card (with a bad password). 2021-11-02 20:59:18 +01:00
Heiko Schaefer
5eea5c861d When card returns OkBytesAvailable(), use the returned number of bytes from sw2 when asking for the next response. 
This approach solved problems with "GET RESULT" with a "Feitian Java Card D11CR" running the ykneo applet.
 2021-11-01 21:58:08 +01:00
Heiko Schaefer
bc08ca68ed Releases 2021-10-29 22:51:23 +02:00
Heiko Schaefer
aa7528ec9a Add functionality for cli tools. 2021-10-28 00:05:41 +02:00
Heiko Schaefer
a4c04de09c Add notes about using Protected memory for private key material. 2021-10-05 17:38:08 +02:00
Heiko Schaefer
1ce74ab8c6 Pad private key scalars of ECC keys. 
MPIs can have leading zeros stripped, in OpenPGP, however, e.g. the floss34 card requires the NIST scalar in its non-stripped form.
 2021-09-23 20:54:33 +02:00
Heiko Schaefer
dbbe4ed4c1 Fix comparison of card ident (the test config shouldn't be case sensitive) 2021-09-21 16:50:34 +02:00
Heiko Schaefer
5417fde8ca Implement support for alternate ECC import format (which includes public key data) 2021-09-21 16:50:34 +02:00
Heiko Schaefer
200d7e60d1 Algo attributes for key generation should be checked if we can't set them. 2021-09-21 16:50:34 +02:00
Heiko Schaefer
c0088c4eae Hack for SmartPGP applet (use the last of the suitable algorithm variants from the Algorithm Information list). 2021-09-21 11:22:56 +02:00
Heiko Schaefer
773117965c Add RSA1k/17 and RSA1k/32 to AlgoSimple 2021-09-21 11:22:56 +02:00
Heiko Schaefer
332360cbbb Implement additional import formats for RSA key import. 2021-09-21 11:22:56 +02:00
Heiko Schaefer
256690d97c Print RSA import format in Display for Algo 2021-09-19 19:13:51 +02:00
Heiko Schaefer
0bf59c7e51 In key generation: don't set algo attributes if the card doesn't support that feature. 2021-09-17 13:56:28 +02:00
Heiko Schaefer
a39f25d8a3 Handle SW_EXACT_LENGTH (0x6c??) in send_command() 2021-09-17 13:36:20 +02:00
Heiko Schaefer
60c67d3ebe Print status bytes as hex, for UnknownStatus 2021-09-16 17:17:19 +02:00
Heiko Schaefer
e1af08646a Add comment 2021-09-16 02:07:05 +02:00
Heiko Schaefer
cdb72e271c Fix existing test, add test for v2 card 2021-09-16 01:52:34 +02:00
Heiko Schaefer
3cc9a09290 Implement discrete handling of v2 and v3 ExtendedCapabilities. 2021-09-15 17:39:47 +02:00
Heiko Schaefer
f2e5fea0fc extended capabilities: restructure, to prepare for different versions of this DO 2021-09-14 02:00:54 +02:00
Heiko Schaefer
245740febc More precise debug output. 2021-09-13 19:45:17 +02:00
Heiko Schaefer
e261d4d041 Fix refactoring mistake in rustdoc. 2021-09-09 18:17:46 +02:00
Heiko Schaefer
0302387bea Releases 2021-09-09 00:48:25 +02:00
Heiko Schaefer
62b7b35ab0 Clean up Command, simplify serialization. 2021-09-09 00:46:38 +02:00
Heiko Schaefer
52bdf4cffd Implement change_pw1(), change_pw3(), reset_retry_counter_pw1(). 2021-09-08 11:18:18 +02:00
Heiko Schaefer
891b57df06 Throw error for unexpected input length for Fingerprint. 2021-09-07 17:01:13 +02:00
Heiko Schaefer
6cfe340d2b Clippy lints 2021-09-07 17:01:13 +02:00
Heiko Schaefer
5a49b578f9 Throw errors for unexpected values while processing ExtendedCapabilities from the card. 
(Note: observed mse_command_support values were 0/1/255, so checks for that field have been disabled for now)
 2021-09-07 17:01:13 +02:00
Heiko Schaefer
6a7cb7287a Remove obsolete FIXME comments (this case is now handled upstream) 2021-09-07 14:34:31 +02:00
Heiko Schaefer
2e7ee82a58 Use StatusBytes in RawResponse (instead of a pair of u8). 
Replace status bytes constants in the code with StatusBytes enum variants.
 2021-09-07 14:34:31 +02:00
Heiko Schaefer
c5d03bd677 Rename StatusByte -> StatusBytes 2021-09-07 11:50:20 +02:00
Heiko Schaefer
a52f3a648e Check for OK status code in chained replies. 2021-09-06 22:34:06 +02:00
Heiko Schaefer
bc7dede0ac Move the code that creates a DO for setting algorithm attributes into Algo. 2021-09-06 17:07:47 +02:00
Heiko Schaefer
5fcb454b9c Remove FIXMEs; add panic to match branches that should not happen 2021-09-06 12:30:56 +02:00
Heiko Schaefer
5ccd6be1bb Remove asserts for password lengths (running the command and returning the card's error, if any, seems more appropriate) 2021-09-06 12:27:44 +02:00
Heiko Schaefer
ad929598ce Rename Features -> ExCapFeatures 2021-09-03 20:03:50 +02:00
Heiko Schaefer
48803eb454 Break apart key import function. 
Don't try to set algo attributes when Extended Capabilities doesn't list the feature.
 2021-09-03 18:49:35 +02:00
Heiko Schaefer
7a78271211 Rename decrypt() to decipher(), to correspond with naming in spec. 
Add a note to investigate PKCS#1 formatting of the command input.
 2021-09-03 13:45:19 +02:00
Heiko Schaefer
17ee12566f Minor edits to comments 2021-09-02 22:13:15 +02:00
Heiko Schaefer
8b5894e961 Rename get_app_data() to get_application_related_data() to correspond with naming in spec. 2021-09-02 22:09:46 +02:00
Heiko Schaefer
f5b31aac26 Move KeySet from card_do.rs to lib.rs 
(It is not a DO, only a container to conveniently handle triples of DO)
 2021-09-02 21:59:05 +02:00
Heiko Schaefer
6b3ae2cf62 Adjust DO struct names to correspond to naming in the spec 2021-09-02 21:54:44 +02:00
Heiko Schaefer
a415ec9a50 Minor edit in comment 2021-09-02 21:54:19 +02:00
Heiko Schaefer
ee349d9083 impl From instead of Into 2021-09-02 21:44:35 +02:00
Heiko Schaefer
393e58d489 Add simple unit tests for all card_do 2021-09-02 21:41:14 +02:00
Heiko Schaefer
c7751ff4ce Implement TryFrom (instead of offering that functionality without implementing the trait) 2021-09-02 19:39:53 +02:00
Heiko Schaefer
c377f37a9b Rename "foo/mod.rs => foo.rs" 2021-09-02 16:55:31 +02:00
Heiko Schaefer
18819c65d9 Edit comment 2021-09-02 16:52:47 +02:00
Heiko Schaefer
316ca7eb3a Rename error types and re-export them at the crate top level. 2021-09-01 23:59:56 +02:00
Heiko Schaefer
f501c09d2f Add #[non_exhaustive] to error and crypto_data enums. 2021-09-01 22:46:04 +02:00
Heiko Schaefer
84a7f0060d Fix problem in test on debian stable Rust. 2021-09-01 22:35:26 +02:00
Heiko Schaefer
b6cc237f61 Make low level signing and decryption fn private. 
Adjust docs.
 2021-09-01 22:27:37 +02:00
Heiko Schaefer
f8d998b3a6 Implement From<CardClientBox>, Into<CardClientBox> for CardApp and adjust client code. 2021-09-01 22:26:25 +02:00
Heiko Schaefer
88c924c7d9 Add documentation, normalize fn names. 2021-09-01 20:45:18 +02:00
Heiko Schaefer
65780cf352 Explicitly handle RSA keysizes that are not in the card's algorithm list as an error. 2021-08-29 18:21:38 +02:00
Heiko Schaefer
935c77f59a Rename ApplicationRelatedData::get_aid() to get_application_id() 2021-08-28 19:58:34 +02:00
Heiko Schaefer
c25c8b55b8 Cleanup Tlv, Tag, Value: 
- Make Tlv/Tag fields private.
- Rename TlvEntry to Value.
- impl TryFrom<&[u8]> for Tlv
 2021-08-28 18:29:51 +02:00
Heiko Schaefer
821b5f0dae Make error messages easier to read. 2021-08-28 17:54:39 +02:00
Heiko Schaefer
6583c160eb Edit comment 2021-08-28 11:58:42 +02:00
Heiko Schaefer
889ac234c6 Clean up AlgoSimple::get_algo(). 2021-08-28 11:57:04 +02:00
Heiko Schaefer
a55f0f6621 Use check_card_algo_ecc() when uploading keys: if algo_list is available and oid is not listed, error out of upload_key(). 2021-08-27 21:42:18 +02:00
Heiko Schaefer
cb2269c761 Remove redundant check_card_algo_e*() fn. 2021-08-27 21:29:23 +02:00
Heiko Schaefer
7748a7b1e0 Improve documentation of determining algorithm attributes for key import. 
Implement setting of default RSA values when neither algo info nor algo attrs for import of an RSA key are available.
 2021-08-27 21:12:36 +02:00
Heiko Schaefer
ea8e33b6d5 Return Err for unexpected cases. 2021-08-27 19:24:15 +02:00
Heiko Schaefer
0e37967200 Handle Attestation KeyType as a type of signing key. 2021-08-27 19:23:21 +02:00
Heiko Schaefer
e4eff705af Make AlgoSimple, Algo, Curve non_exhaustive. 2021-08-27 19:22:22 +02:00
Heiko Schaefer
454d50eb45 Make KeyType non_exhaustive. 2021-08-27 15:15:15 +02:00
Heiko Schaefer
64f05e93f5 Implement From/TryFrom for conversions of Historical and its members. 2021-08-27 13:55:55 +02:00
Heiko Schaefer
73829a6b27 Make handling of Historical Bytes more robust. 
Add unit tests.
 2021-08-27 13:39:30 +02:00
Heiko Schaefer
3d1b166911 Add comments 2021-08-26 20:40:36 +02:00
Heiko Schaefer
36cf10cbad Tests need to use RsaAttrs::new(). 2021-08-26 20:03:24 +02:00
Heiko Schaefer
7c8c72339b Use KeyGenerationTime in openpgp-card APIs (instead of u32 or SystemTime) 2021-08-26 19:27:08 +02:00
Heiko Schaefer
794b04725f Remove redundant import. 2021-08-26 19:25:13 +02:00
Heiko Schaefer
38c701187d Fix clippy warnings 2021-08-26 18:23:34 +02:00
Heiko Schaefer
eaf46e6bbb Make fields private, add accessor methods. 2021-08-26 17:59:54 +02:00
Heiko Schaefer
9f3ebe8972 Release openpgp-card. 2021-08-26 15:01:59 +02:00
Heiko Schaefer
6001eacfa1 Make placeholder fn private, for now. 2021-08-26 14:47:41 +02:00
Heiko Schaefer
faba8f6ca0 Fix comment 2021-08-26 14:11:16 +02:00
Heiko Schaefer
5df81dd464 Rename Fingerprint::from() -> to_keyset() 2021-08-25 21:27:28 +02:00
Heiko Schaefer
f3bfecd185 Use the openpgp_card::card_do::Fingerprint type instead of [u8; 20]. 
Add a TryFrom<&[u8]> implementation to Fingerprint.
 2021-08-25 21:25:20 +02:00
Heiko Schaefer
c6ba204293 Move debug prints for key generation from keys.rs to tests.rs 2021-08-25 21:18:13 +02:00
Heiko Schaefer
786515a7f4 Make fields of Command private. 2021-08-25 17:29:21 +02:00
Heiko Schaefer
39f48bf13b Add get_data() method to Response. 2021-08-25 16:42:00 +02:00
Heiko Schaefer
780b6e724c Implement get_cardholder_certificate()/set_cardholder_certificate() and select_data(). 2021-08-25 13:59:53 +02:00
Heiko Schaefer
20cfcead02 Adjust ExtendedCap field names 2021-08-25 13:32:30 +02:00
Heiko Schaefer
f9bad31d63 Explicitly limit size of data. 2021-08-25 13:07:25 +02:00
Heiko Schaefer
6d08b34a87 Make mod test more readable. 2021-08-25 12:34:46 +02:00
Heiko Schaefer
5a766b78a4 Fix for older rust versions (std::array::IntoIter was only stabilized in 1.51.0) 2021-08-25 12:20:31 +02:00
Heiko Schaefer
02987a86e4 Add links to rustdoc. 2021-08-24 09:58:41 +02:00
Heiko Schaefer
013af97c23 Implement get_private() and set_private(). 2021-08-22 18:59:54 +02:00
Heiko Schaefer
cb8f3c7cb1 Elaborate "PW status bytes", fix broken naming of members. 
Implement set_pw_status_bytes().
Add test code to card-functionality.
 2021-08-22 01:20:14 +02:00
Heiko Schaefer
c14664b9d5 Implement get_security_support_template() 2021-08-21 20:22:03 +02:00
Heiko Schaefer
09ee8f4792 Add a get_data() helper fn 2021-08-21 19:38:17 +02:00
Heiko Schaefer
84cd586b18 Remove public visibility for unimplemented fn. 2021-08-21 19:02:04 +02:00
Heiko Schaefer
5109ac5445 Rename card_data -> card_do 2021-08-21 19:02:04 +02:00
Heiko Schaefer
b075ad5908 Clean up imports 2021-08-21 19:02:04 +02:00
Heiko Schaefer
0d27352520 Move tlv test to tlv.rs 2021-08-21 19:02:04 +02:00
Heiko Schaefer
f28c9c2204 Adjust visibility and add accessors to CardCaps. 2021-08-21 19:02:04 +02:00
Heiko Schaefer
a8c53056f0 Limit visibility of KeyType methods 2021-08-21 19:02:04 +02:00
Heiko Schaefer
6ad4231d16 Minor doc edits 2021-08-21 19:02:04 +02:00
Heiko Schaefer
d599471be5 Refactor: move cryptographic data structures to the module crypto_data 2021-08-21 17:43:44 +02:00
Heiko Schaefer
44e915d3e0 Refactor: move OpenPGP card data structures (and parsing) into the module card_data 2021-08-21 15:59:31 +02:00
Heiko Schaefer
0e0602f3d5 Move ResponseLength to OpenpgpCardError 2021-08-21 15:51:15 +02:00
Heiko Schaefer
dac30e268e Break out encode_len() fn 2021-08-21 12:42:08 +02:00
Heiko Schaefer
4d19cc0dbe Fix typo 2021-08-21 12:32:47 +02:00
Heiko Schaefer
89fda362d1 Add documentation. 2021-08-21 01:19:49 +02:00
Heiko Schaefer
c3ef90638d Add documentation, remove unused TryFrom implementation. 2021-08-21 01:19:14 +02:00
Heiko Schaefer
c872e46e80 Refactor: move accessor fn for "Application Related Data" into the struct ApplicationRelatedData. 2021-08-20 22:19:39 +02:00
Heiko Schaefer
8aae0a357e Split the Response type into an internal RawResponse type which also contains the status bytes, and an external Response type that can only be generated from a RawResponse with status "ok". 
This removes the need for external users of openpgp-card to check the status or operations.
That is, openpgp-card now always returns an `Err` if the status of a command is not ok.
 2021-08-20 13:25:58 +02:00
Heiko Schaefer
4959307b1f Limit visibilities. 2021-08-20 10:45:30 +02:00
Heiko Schaefer
a3f2c930f2 Documentation. 2021-08-20 10:43:43 +02:00
Heiko Schaefer
421ffe3599 Add documentation, limit visibilities. 2021-08-20 00:04:56 +02:00
Heiko Schaefer
cc16e7976b Add documentation. 2021-08-19 17:39:44 +02:00
Heiko Schaefer
b8e3fc4816 Set version numbers for crates.io releases 2021-08-18 19:57:54 +02:00
Heiko Schaefer
85a05167d1 Refactor, Document API. 
(Moved algorithm-related data structures to algorithm.rs)
 2021-08-18 19:19:22 +02:00
Heiko Schaefer
bf8ab84668 Documentation. 2021-08-18 15:01:38 +02:00
Heiko Schaefer
0b0e9c48fc Refactor: 
- Move high-level API from openpgp-card to openpgp-card-sequoia
- Move the pcsc backend into the separate crate openpgp-card-pcsc
 2021-08-18 14:03:54 +02:00
Heiko Schaefer
2ef6e0442d Add an AlgoSimple enum as a simplified way to select an algorithm on a card. 2021-08-13 20:02:53 +02:00
Heiko Schaefer
df4b4bdabb Fix: set_fingerprint doesn't expect a reply (failed on FLOSS Card 3.4, after refactoring set_fingerprint) 2021-08-13 20:02:53 +02:00
Heiko Schaefer
a0370c5c53 WIP: more testing in the context of on-card key generation. 
In particular, add a decryption test.
 2021-08-13 20:02:53 +02:00
Heiko Schaefer
e9f1256309 Remove/adjust debug prints 2021-08-13 20:02:53 +02:00
Heiko Schaefer
44d5abd7ed WIP: Handling of public key material from cards 2021-08-13 20:02:53 +02:00
Heiko Schaefer
608e6533a6 Move 'Algo' and related data structures to lib.rs. 
Implement the Display trait on Algo and AlgoInfo, for compact printing.
 2021-08-13 20:02:53 +02:00
Heiko Schaefer
99be1fb7da Cleanup field naming in EccAttrs: t->ecc_type. 2021-08-08 09:38:46 +02:00
Heiko Schaefer
a0d92d2dc4 Refactor: add a set_fingerprint() method to CardApp. 
Use that method instead of manually calling the apdu command.
Change type of fingerprint in CardUploadableKey to [u8; 20].
 2021-08-07 19:27:24 +02:00
Heiko Schaefer
260c38ef25 Adjust tests to changes in Algo struct 2021-08-07 18:24:37 +02:00
Heiko Schaefer
8bc7ffd940 Refactor code for set_algorithm_attributes() 
- Move algorithm attribute setting out from key import code
- Simplify Algo struct
 2021-08-07 17:44:35 +02:00
Heiko Schaefer
5e0ee12e17 Simplify unwrapping Error 2021-08-07 17:15:22 +02:00
Heiko Schaefer
d9a25c23c9 Remove printlns 2021-08-07 00:54:01 +02:00
Heiko Schaefer
feb6f7be51 Implement get_pub_key() 2021-08-07 00:18:13 +02:00
Heiko Schaefer
7acc1deb98 - Implement key generation (without specifying an algorithm so the current algo is used. only supports RSA for now) 
- Refactor: rename key_upload.rs -> keys.rs
- Fix handling of key timestamps
 2021-08-06 20:14:02 +02:00
Heiko Schaefer
f42596f2f5 Handle key import when a card doesn't support the "Algorithm Information" command. 2021-08-05 21:10:18 +02:00
Heiko Schaefer
f67501d0f9 Lints 2021-08-05 15:16:16 +02:00
Heiko Schaefer
caffc8a20c Import cleanup 2021-08-03 15:34:09 +02:00
Heiko Schaefer
56f4459932 When the card doesn't support command chaining, throw CommandTooLong error if the command is too long. 
(This currently happens with the scdc backend when uploading rsa4096 keys, because scdc additionally limits command size)
 2021-07-29 18:35:25 +02:00
Heiko Schaefer
dbf2e9e3fb A CardClient instance can now contain a CardCaps (which specifies how commands should be sent to the card). 
Add max_rsp_bytes field to CardCaps.
 2021-07-29 18:35:25 +02:00
Heiko Schaefer
c85d006887 Support ECDSA signatures 2021-07-18 21:12:22 +02:00
Heiko Schaefer
aef6c781ed Lint 2021-07-17 03:10:56 +02:00
Heiko Schaefer
5af213562b Add decryption to card-functionality tests. 2021-07-17 02:24:43 +02:00
Heiko Schaefer
f59a8a948c Remove unused imports; Lints. 2021-07-16 18:44:59 +02:00
Heiko Schaefer
0fffb0c91b Refactor for multiple card backends 2021-07-16 17:15:21 +02:00
Heiko Schaefer
610478695f Bugfix in interpreting Sex value 2021-07-16 16:46:34 +02:00
Heiko Schaefer
c8a742e8d0 Imports cleanup; comment 2021-07-16 16:45:57 +02:00
Heiko Schaefer
1c15e61fb4 Add get_key_generation_times() 2021-07-16 16:39:02 +02:00
Heiko Schaefer
01126aabdf Support scdaemon as an alternative backend for interaction with OpenPGP cards. 2021-07-16 16:30:56 +02:00
Heiko Schaefer
b8bd87bd7e Remove Arc<Mutex<>> attempts, rely on assuan::Client now being Send+Sync 2021-07-16 14:15:03 +02:00
Heiko Schaefer
ec8c15cab3 Add conversion implementations 2021-07-14 22:31:00 +02:00
Heiko Schaefer
c445757633 Implement get_key_generation_times() 2021-07-14 21:59:33 +02:00
Heiko Schaefer
7afe2f52c2 Refactor card initialisation 2021-07-14 18:03:07 +02:00