Tony Arcieri
08897ec7c9
cli: print reader name as part of status command
2019-12-10 08:43:33 -08:00
Jack Grigg
1bf3b13e52
Add missing untested feature gates
2019-12-10 13:31:48 +00:00
Jack Grigg
8385dda201
Check buffer length in set_length
2019-12-10 13:22:21 +00:00
Jack Grigg
363bdc4351
Extract TLV writing into serialization::Tlv
2019-12-10 13:17:01 +00:00
Jack Grigg
da828abe3c
Extract TLV parsing into serialization::Tlv
2019-12-10 13:14:39 +00:00
Tony Arcieri
78d5f33695
cli: add status command
...
Provides equivalent functionality to `yubico-piv-tool`
2019-12-09 18:00:34 -08:00
Carl Wallace
855f2ecb24
add try_from String for SlotIds in support of CLI
2019-12-08 19:25:27 -05:00
Tony Arcieri
4663cffb96
yubikey: add open_by_serial method
...
Support for opening a `YubiKey` with a specific serial number.
2019-12-08 12:12:03 -08:00
Tony Arcieri
0a100acdd2
Rename container module to mscmap
...
Better reflects what it actually is.
2019-12-08 10:01:00 -08:00
Tony Arcieri
31efd4e78c
Finish eliminating consts module
...
Either moves constants into their relevant modules, or puts the
remaining ones into `lib.rs`
2019-12-08 09:32:57 -08:00
Tony Arcieri
104020d518
consts: Whittle down to the essentials
...
This factors the junk drawer of constants into the relevant files.
There are still a few "global" ones left but they can be addressed in a
followup commit.
2019-12-08 08:39:21 -08:00
Tony Arcieri
9482ae62ab
CCCID/CHUID: add basic tests and do some cleanups
...
- Adds tests for CCCID/CHUID, allowing not found (is that ok?)
- Move constants under their respective modules and remove `YKPIV_`
2019-12-07 13:09:38 -08:00
Tony Arcieri
2587a4ac1e
CCCID/CHUID refactoring
...
- Move generate methods to the appropriate static types
- Remove redundant name prefixes (Rust [RFC#356])
[RFC#356]: https://github.com/rust-lang/rfcs/pull/356
2019-12-07 12:39:52 -08:00
Tony Arcieri
3cf3c0867f
Merge pull request #49 from carl-wallace/develop
...
change ccid handling to target entire CCC object
2019-12-07 12:10:44 -08:00
Tony Arcieri
cdecfd92dd
Test Config::get
...
Tests reading configuration from a live device:
Config { protected_data_available: false, puk_blocked: false, puk_noblock_on_upgrade: false, pin_last_changed: 0, mgm_type: Manual }
2019-12-07 11:47:07 -08:00
Tony Arcieri
f6915ce5df
Drop YubiKey NEO support ( closes #18 )
...
YubiKey NEOs are legacy YubiKey devices, most of which contain
unpatchable security vulnerabilities.
They have smaller buffer sizes than YK4 and YK5, which necessitates a
whole bunch of conditional gating and buffer size calculations.
Getting rid of them simplifies this logic and allows us to assume
consistent buffer sizes everywhere.
We never tested on NEOs anyway, and looking at the deleted code it seems
it may have been miscalculating the NEO's buffer size!
If someone *really* wants to support NEOs, it shouldn't be that hard to
restore, but the codebase is definitely cleaner without it.
2019-12-07 11:22:51 -08:00
Tony Arcieri
d6cd0130d3
Move sign/decrypt/import/attest to the key module
...
These are crypto key-related functions and are better factored under
this module.
2019-12-07 10:39:02 -08:00
Tony Arcieri
d1d384d304
Test Key::list
...
Adds a live-against-the-device test which ensures keys can be
successfully listed.
2019-12-07 10:09:56 -08:00
Tony Arcieri
cb9d5221b2
Merge pull request #60 from iqlusioninc/test-verify-pin
...
Test YubiKey::verify_pin (--ignored)
2019-12-07 08:52:09 -08:00
Tony Arcieri
c30cf5b83a
Test YubiKey::verify_pin (--ignored)
...
Adds an off-by-default test that the `YubiKey::verify_pin` function
works, and removes it from `untested` gating.
2019-12-07 08:44:12 -08:00
Jack Grigg
0551263286
Switch to elliptic-curve crate
2019-12-07 15:47:24 +00:00
Carl Wallace
82c2d08aec
Merge remote-tracking branch 'upstream/develop' into develop
2019-12-03 15:12:22 -05:00
Jack Grigg
76c093e68e
Minor cleanups
2019-12-03 03:24:10 +00:00
Jack Grigg
ada3454d26
Fix bug in MgmKey::decrypt
2019-12-03 03:24:09 +00:00
Jack Grigg
370a90f800
Correctly return StatusWords from transfer_data
2019-12-03 03:24:07 +00:00
Jack Grigg
7bcd8664a4
AlgorithmId::write helper to match policy helpers
2019-12-03 03:24:06 +00:00
Jack Grigg
3a4515d902
Convert PIN and touch policies into enums
2019-12-03 03:23:59 +00:00
Tony Arcieri
da897b99bb
yubikey-piv v0.0.3
2019-12-02 11:17:10 -08:00
Tony Arcieri
07f70bccb5
cli: Initial yubikey-cli utility with list command
...
Adds a `yubikey-cli` crate to the workspace, with a `yubikey` binary,
which presently provides a `list` command for listing detected readers.
Dependencies:
- `env_logger`: logging
- `gumdrop`: argument parsing
- `termcolor`: colored terminal output
As this repo now contains a binary, it also checks in `Cargo.lock`.
2019-12-02 10:42:17 -08:00
Tony Arcieri
9ce2ffe938
readers: Use Reader to connect to YubiKey
...
Removes the legacy API inherited from `yubico-piv-tool` and uses
the `reader` module exclusively for selecting and opening the PC/SC
reader.
2019-12-02 10:11:58 -08:00
Tony Arcieri
589ca3de12
readers: Initial Readers enumerator for detecting YubiKeys
...
Adds a `yubikey_piv::Readers` type which opens a PC/SC context and can
enumerate detected PC/SC readers with a slightly more ergonomic API than
what's provided in the upstream crate.
Does not support actually instantiating a `YubiKey` from a `Reader<'_>`
yet, but ideally all connections to YubiKeys should go through this API.
2019-12-02 09:32:42 -08:00
Carl Wallace
a9e0363d09
remove spurious blank lines flagged by fmt
2019-12-01 18:23:32 -05:00
Carl Wallace
a110289910
move print cert info to CLI
2019-12-01 18:20:18 -05:00
Carl Wallace
b9d6057d4e
address fmt issues
2019-12-01 15:12:05 -05:00
Carl Wallace
2087e53109
add print cert info method in support of status action a la yubico-piv-tool
2019-12-01 14:59:21 -05:00
Carl Wallace
5f5844ccb4
Merge remote-tracking branch 'upstream/develop' into develop
2019-12-01 14:49:41 -05:00
Jack Grigg
cd704c28d7
Extract OID strings as constants
2019-12-01 18:42:12 +00:00
Jack Grigg
3a283aca40
Use ecdsa crate for EC point representations
2019-12-01 18:23:57 +00:00
Jack Grigg
e72ee5c60e
Parse EC public keys within certificates
2019-12-01 16:54:22 +00:00
Jack Grigg
9ee1494c6f
Parse RSA public keys within certificates
2019-12-01 16:09:59 +00:00
Jack Grigg
d3e565ef55
Derive PartialEq for SlotId
2019-12-01 15:35:00 +00:00
Tony Arcieri
2bdeca0069
Merge pull request #44 from str4d/more-enums
...
Convert SlotId and AlgorithmId into enums
2019-11-30 14:28:36 -08:00
Jack Grigg
bc95d8b7b9
Delete unnecessary commented-out code
...
We will handle the CardManagement slot separately.
2019-11-30 22:18:31 +00:00
Jack Grigg
11c93d6421
Inline SlotId constants
2019-11-30 22:01:22 +00:00
Jack Grigg
afca0fec0a
Convert AlgorithmId into an enum
...
3DES also has an algorithm ID, but it is completely disjoint from the
key algorithms, and can be handled separately later.
2019-11-30 20:47:37 +00:00
Jack Grigg
12b5bd1e3c
Convert SlotId into an enum
2019-11-30 20:15:16 +00:00
Jack Grigg
c3698dcffb
Key::list: Skip Certificate::new for empty buffers
...
This matches the C code behaviour.
2019-11-30 20:15:12 +00:00
Tony Arcieri
6a16c59567
Use secrecy crate for storing CachedPin
...
The `SecretVec` type automatically handles zeroing and may prevent
accidental exposure of the cached PIN via `Debug`.
2019-11-30 12:11:53 -08:00
Carl Wallace
c8e5c96398
change cccid handling to target entire ccc object (a la yubico-piv-tool status action)
2019-11-30 15:11:10 -05:00
Tony Arcieri
8e38cf6c4e
Merge pull request #42 from carl-wallace/develop
...
Change CHUID struct to hold complete CHUID value. Add getters for sub components. Add additional consts to support this. Modified CCCID struct to be public (as prelude to similar treatment).
2019-11-30 11:44:51 -08:00