turnkey/openpgp-card
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
875 commits 1 branch 0 tags 1.7 MiB
Commit graph

50 commits

Author SHA1 Message Date
Heiko Schaefer
52a145528e
openpgp-card-sequoia: cleanup internal ptf() hack 
This fixes the generation of a mismatching Fingerprint on the card and OpenPGP public key when using generate_key(), which may have been cause by inconsistent kek/kdf parameter use for some ECC decryption subkeys.
 2023-09-06 01:47:21 +02:00
Heiko Schaefer
041228a4a2
openpgp-card-sequoia: normalize naming of pin verify fns 2023-09-06 01:28:48 +02:00
Heiko Schaefer
b6fef9511a
openpgp-card-sequoia: handle PINs as &str 
According to the spec, PINs are supposed to be handled in utf8 format (not binary)
 2023-09-06 01:28:48 +02:00
Heiko Schaefer
423c9d23ee
openpgp-card: add Curve::Unknown variant 2023-09-06 01:16:32 +02:00
Heiko Schaefer
e6658713cb
openpgp-card: rename Algo -> AlgorithmAttributes 2023-09-06 01:16:32 +02:00
Heiko Schaefer
212e7f335f
openpgp-card-sequoia: Transaction::to_*_card() methods 
Allow more ergonomic switching to User/Sign/Admin states by directly providing a PIN, while also allowing a `None` parameter if verification has already happened.
 2023-09-06 01:16:31 +02:00
Wiktor Kwapisiewicz
c81f3ba6a9 Fix clippy warnings: remove explicit lifetime and unneeded Deref impl 2023-02-02 09:26:21 +01:00
Wiktor Kwapisiewicz
4510c34cdc Fix clippy lints: directly use variables in format! strings 
The source has been reformatted using `cargo +nightly fmt`.
 2023-02-02 09:09:47 +01:00
Heiko Schaefer
5e039204d5
remove "use sequoia_openpgp as openpgp;" pattern 2022-11-03 14:43:28 +01:00
Heiko Schaefer
27697cb2c5
add rustfmt.toml and set group_imports = "StdExternalCrate" 2022-11-03 14:32:00 +01:00
Heiko Schaefer
db682c45db
openpgp-card-sequoia: restructure code, api; add more documentation 2022-10-28 18:55:42 +02:00
Heiko Schaefer
da65260736
openpgp-card-sequoia: refactor, base API around a Card<State> type 2022-10-27 13:41:24 +02:00
Heiko Schaefer
3756521141
openpgp-card-sequoia: Fix make_cert() 
[The primary key was missing its CS Key Flags after the changes in 4557c40b, both in the User ID selfsigs, and the DirectKey signature]
 2022-09-18 23:18:28 +02:00
Heiko Schaefer
b32cf67196
Don't implicitly add a User ID for the cardholder name, in make_cert() 2022-09-18 15:30:35 +02:00
Heiko Schaefer
2ece9734fd
opgpcard: filter out empty User IDs in make_cert() 2022-09-08 19:25:55 +02:00
Heiko Schaefer
4557c40bda
opgpcard: DRY make_cert(). 2022-09-08 19:25:35 +02:00
Heiko Schaefer
1b483b5c09
opgpcard: Add direct key signature in make_cert(). 
Without this, pubkey output contains no signatures at all, if no User ID is set.
 2022-09-08 19:25:30 +02:00
Heiko Schaefer
d167883835
opgpcard: Remove obsolete FIXME 2022-09-08 19:25:24 +02:00
Heiko Schaefer
96e28b1b4f
opgpcard: Add optional user-id parameter for "pubkey" and "admin generate", to bind User IDs to the certificate. 2022-09-04 20:30:33 +02:00
Heiko Schaefer
6e630254fa
Don't use Cert to build signer and decryptor. 
Rename decryptor/signer/authenticator getters.
Add alternatives that don't require PublicKey parameter.
 2022-07-25 18:12:03 +02:00
Heiko Schaefer
43a9abdabd
Implement signing for auth slot 2022-06-22 21:50:07 +02:00
Heiko Schaefer
17fc6ebeff
Handle empty signing key slot in key_slot() 2022-06-19 14:53:15 +02:00
Heiko Schaefer
e3dfdbffe6
Implement key_slot() to get a PublicKey representation for one of the card's key slots. 2022-06-11 10:01:00 +02:00
Heiko Schaefer
374f9eec89
Add callback Fn for touch confirmation prompt for decryption operations. 2022-06-11 09:55:06 +02:00
Heiko Schaefer
079cc32427
Add callback Fn for touch confirmation prompt for signing operations. 2022-06-11 09:55:05 +02:00
Heiko Schaefer
e6c40be8ad
Adjusted/improved handling of public keys (especially to find the correct KDF parameters for ECC decryption keys): 
- "Brute force" find the right KDF parameters in the new helper fn public_key_material_and_fp_to_key() [try possible parameters until a matching fingerprint is found, error if none].
- In `opgpcard pubkey`, use public_key_material_and_fp_to_key() to find the right parameters for the ECC decryption subkey (this subcommand now fails when the fingerprint on the card doesn't match the fingerprint of the public key data for that key slot)
- When generating OpenPGP ECC decryption keys from public key material (including to compute fingerprints from the key material), use SHA256/AES128 as default parameters.
 2022-04-15 16:17:04 +02:00
Heiko Schaefer
418bfc83f0
Make name optional in make_cert() 2022-03-30 02:10:07 +02:00
Heiko Schaefer
283f58d7d8
Cleanup import 2022-03-30 02:04:23 +02:00
Heiko Schaefer
f069fb1e20
Model PINs as &[u8] in openpgp-card-sequoia 2022-03-29 22:40:26 +02:00
Heiko Schaefer
0b4a18b136
Fix clippy lints 2022-03-06 16:15:13 +01:00
Heiko Schaefer
8ab3a43d6e
Use Error::InternalError less, introduce additional specific error variants. 2022-02-24 21:25:47 +01:00
Heiko Schaefer
96167f6530
Move OpenPGP card functionality into OpenPgp/OpenPgpTransaction. 
This separates backend access (implemented in CardBackend and CardTransaction) from OpenPGP card operations.

Fixes #7
 2022-02-24 21:25:47 +01:00
Heiko Schaefer
636813279b
Reformatted to conform to vanilla rustfmt. 2022-02-24 21:25:47 +01:00
Heiko Schaefer
5133051626
Rename CardClient -> CardTransaction. 2022-02-18 15:06:31 +01:00
Heiko Schaefer
5e7fcd079b
Change CardApp API: take &mut CardClient parameter for all calls (instead of owning a CardClientBox). 
This way, clients can exert control over the state of the CardClient, e.g. to combine CardApp operations in a PCSC transaction.
 2022-02-14 17:43:07 +01:00
Heiko Schaefer
5e0007c7fd
Add FIXME for construction of EdDSA public keys from a card 2022-01-27 16:10:02 +01:00
Heiko Schaefer
383f592865
Don't apply Policy when picking (sub)key from Cert for sign/decrypt. 2021-12-11 23:36:36 +01:00
Heiko Schaefer
2709b4ad39
Implement pinpad feature detection and pinpad support for verify/modify (of pw1 and pw3) in pcsc backend. 
Extend CardCaps to contain pw1_max_len and pw3_max_len (and initialize these values from ARD).

Add pinpad_verify(), pinpad_modify(), feature_verify()/feature_modify() to CardClient API.
Expose in card_app (and openpgp-card-sequoia card API).

Adjust opgpcard, opgpcard-pin to ue pinpad reader when available.
 2021-11-30 22:51:18 +01:00
Heiko Schaefer
87168ea0de
Cleanup imports 2021-11-05 23:14:36 +01:00
Heiko Schaefer
02401d12f4 Initial parts of key generation. 2021-11-05 13:34:14 +01:00
Heiko Schaefer
8674b0e65c Refactor "Open" to use a borrowed CardApp (instead of owning the CardApp). 2021-11-05 13:34:14 +01:00
Heiko Schaefer
ddf62dbfe2 Use the MPI::value_padded() method for left-padding. 2021-10-05 17:11:52 +02:00
Heiko Schaefer
1ce74ab8c6 Pad private key scalars of ECC keys. 
MPIs can have leading zeros stripped, in OpenPGP, however, e.g. the floss34 card requires the NIST scalar in its non-stripped form.
 2021-09-23 20:54:33 +02:00
Heiko Schaefer
cf8fb05210 Don't set a policy implicitly. 2021-09-21 16:59:01 +02:00
Heiko Schaefer
f2e5fea0fc extended capabilities: restructure, to prepare for different versions of this DO 2021-09-14 02:00:54 +02:00
Heiko Schaefer
d5651e96bb Reorganize key uploading API 2021-09-11 22:58:02 +02:00
Heiko Schaefer
1b9d860adf Minor edits on doc comments. 2021-09-11 16:54:34 +02:00
Heiko Schaefer
0d249a47fd sq_util::get_subkey() is now the central helper fn for picking a (sub)key from a Cert. 2021-09-11 16:27:31 +02:00
Heiko Schaefer
3b3a3b5064 More documentation 2021-09-11 13:00:05 +02:00
Heiko Schaefer
55e7a2c794 Re-ordering the -sequoia crate, as a first step towards defining its API. 2021-09-11 12:42:01 +02:00