From 7e2cafd0c4973d0d15e053968672495be563e56b Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Mon, 18 Nov 2019 17:58:54 -0800 Subject: [PATCH] Project boilerplate (metadata, docs, code of conduct) --- CODE_OF_CONDUCT.md | 76 ++++++++++++++++++++++++++ Cargo.toml | 2 +- README.md | 129 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 206 insertions(+), 1 deletion(-) create mode 100644 CODE_OF_CONDUCT.md create mode 100644 README.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..7a9a276 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,76 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, gender identity and expression, level of experience, +nationality, personal appearance, race, religion, or sexual identity and +orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or +advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct, or to ban temporarily or +permanently any contributor for other behaviors that they deem inappropriate, +threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. Examples of +representing a project or community include using an official project e-mail +address, posting via an official social media account, or acting as an appointed +representative at an online or offline event. Representation of a project may be +further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team at [bascule@gmail.com]. All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +[bascule@gmail.com]: mailto:bascule@gmail.com + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, +available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/Cargo.toml b/Cargo.toml index b697977..0dd2fde 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,7 +10,7 @@ algorithms (e.g, PKCS#1v1.5, ECDSA) authors = ["Tony Arcieri ", "Yubico AB"] edition = "2018" -license = "BSD" +license = "BSD-2-Clause" repository = "https://github.com/tarcieri/yubikey-piv.rs" readme = "README.md" categories = ["api-bindings", "cryptography", "hardware-support"] diff --git a/README.md b/README.md new file mode 100644 index 0000000..bcb57ce --- /dev/null +++ b/README.md @@ -0,0 +1,129 @@ + + +# yubikey-piv.rs + +[![crate][crate-image]][crate-link] +[![Docs][docs-image]][docs-link] +![Apache2/MIT licensed][license-image] +![Rust Version][rustc-image] +![Maintenance Status: Experimental][maintenance-image] +[![Build Status][build-image]][build-link] +[![Gitter Chat][gitter-image]][gitter-link] + +Pure Rust host-side YubiKey [Personal Identity Verification (PIV)][1] driver +with general-purpose public-key encryption and signing support. + +[Documentation][docs-link] + +## About + +YubiKeys are versatile devices and through their PIV support, you can use them +to store a number of RSA (2048/1024) and ECC (NIST P-256/P-384) private keys +with configurable access control policies. Both the signing (RSASSA/ECDSA) and +encryption (PKCS#1v1.5/ECIES) use cases are supported for either key type. + +If you've been wanting to use Rust to sign and/or encrypt stuff using a +private key generated and stored on a Yubikey (with option PIN-based access), +this is the crate you've been after! + +One small problem, it's not done yet... 😫 + +But it might be close? + +## History + +This library is a Rust translation of the [yubico-piv-tool][2] utility by +Yubico, which was originally written in C. It was mechanically translated +from C into Rust using [Corrode][3], and then subsequently heavily +refactored into safer, more idiomatic Rust§. + +Note that while this project started as a fork of a [Yubico][4] project, +this fork is **NOT** an official Yubico project and is in no way supported or +endorsed by Yubico. + +§ *NOTE*: This section is actually full of lies and notes aspirations/goals, + not history. That said, there's been a decent amount of work cleaning up the + mechanically translated code, and at ~5klocs it's not that much. + +## Security Warning + +No security audits of this crate have ever been performed, and it has not been +thoroughly assessed to ensure its operation is constant-time on common CPU +architectures. + +USE AT YOUR OWN RISK! + +## Requirements + +- Rust 1.36+ + +## Code of Conduct + +We abide by the [Contributor Covenant][5] and ask that you do as well. + +For more information, please see [CODE_OF_CONDUCT.md][6]. + +## License + +**yubikey-piv.rs** is a fork of and originally a mechanical translation from +Yubico's [`yubico-piv-tool`][2], a C library/CLI program. The original library +was licensed under a [2-Clause BSD License][5], which this library inherits +as a derived work. + +Copyright (c) 2014-2019 Yubico AB, Tony Arcieri +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + +* Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +* Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +### Contribution + +Unless you explicitly state otherwise, any contribution intentionally +submitted for inclusion in the work by you shall be licensed under the +[2-Clause BSD License][5] as shown above, without any additional terms +or conditions. + +[//]: # (badges) + +[crate-image]: https://img.shields.io/crates/v/yubikey-piv.svg +[crate-link]: https://crates.io/crates/yubikey-piv +[docs-image]: https://docs.rs/yubikey-piv/badge.svg +[docs-link]: https://docs.rs/yubikey-piv/ +[license-image]: https://img.shields.io/badge/license-BSD-blue.svg +[rustc-image]: https://img.shields.io/badge/rustc-1.36+-blue.svg +[maintenance-image]: https://img.shields.io/badge/maintenance-experimental-blue.svg +[build-image]: https://github.com/tarcieri/yubikey-piv.rs/workflows/Rust/badge.svg +[build-link]: https://github.com/tarcieri/yubikey-piv.rs/actions +[gitter-image]: https://badges.gitter.im/tarcieri/yubihsm-piv.rs.svg +[gitter-link]: https://gitter.im/tarcieri/community + +[//]: # (general links) + +[1]: https://piv.idmanagement.gov/ +[2]: https://github.com/Yubico/yubico-piv-tool/ +[3]: https://github.com/jameysharp/corrode +[4]: https://www.yubico.com/ +[5]: https://contributor-covenant.org/ +[6]: https://github.com/tarcieri/yubikey-piv.rs/blob/develop/CODE_OF_CONDUCT.md +[7]: https://opensource.org/licenses/BSD-2-Clause