Tony Arcieri
9482ae62ab
CCCID/CHUID: add basic tests and do some cleanups
...
- Adds tests for CCCID/CHUID, allowing not found (is that ok?)
- Move constants under their respective modules and remove `YKPIV_`
2019-12-07 13:09:38 -08:00
Tony Arcieri
2587a4ac1e
CCCID/CHUID refactoring
...
- Move generate methods to the appropriate static types
- Remove redundant name prefixes (Rust [RFC#356])
[RFC#356]: https://github.com/rust-lang/rfcs/pull/356
2019-12-07 12:39:52 -08:00
Tony Arcieri
3cf3c0867f
Merge pull request #49 from carl-wallace/develop
...
change ccid handling to target entire CCC object
2019-12-07 12:10:44 -08:00
Tony Arcieri
cdecfd92dd
Test Config::get
...
Tests reading configuration from a live device:
Config { protected_data_available: false, puk_blocked: false, puk_noblock_on_upgrade: false, pin_last_changed: 0, mgm_type: Manual }
2019-12-07 11:47:07 -08:00
Tony Arcieri
f6915ce5df
Drop YubiKey NEO support ( closes #18 )
...
YubiKey NEOs are legacy YubiKey devices, most of which contain
unpatchable security vulnerabilities.
They have smaller buffer sizes than YK4 and YK5, which necessitates a
whole bunch of conditional gating and buffer size calculations.
Getting rid of them simplifies this logic and allows us to assume
consistent buffer sizes everywhere.
We never tested on NEOs anyway, and looking at the deleted code it seems
it may have been miscalculating the NEO's buffer size!
If someone *really* wants to support NEOs, it shouldn't be that hard to
restore, but the codebase is definitely cleaner without it.
2019-12-07 11:22:51 -08:00
Tony Arcieri
d6cd0130d3
Move sign/decrypt/import/attest to the key module
...
These are crypto key-related functions and are better factored under
this module.
2019-12-07 10:39:02 -08:00
Tony Arcieri
d1d384d304
Test Key::list
...
Adds a live-against-the-device test which ensures keys can be
successfully listed.
2019-12-07 10:09:56 -08:00
Tony Arcieri
cb9d5221b2
Merge pull request #60 from iqlusioninc/test-verify-pin
...
Test YubiKey::verify_pin (--ignored)
2019-12-07 08:52:09 -08:00
Tony Arcieri
c30cf5b83a
Test YubiKey::verify_pin (--ignored)
...
Adds an off-by-default test that the `YubiKey::verify_pin` function
works, and removes it from `untested` gating.
2019-12-07 08:44:12 -08:00
Jack Grigg
0551263286
Switch to elliptic-curve crate
2019-12-07 15:47:24 +00:00
Carl Wallace
82c2d08aec
Merge remote-tracking branch 'upstream/develop' into develop
2019-12-03 15:12:22 -05:00
Jack Grigg
76c093e68e
Minor cleanups
2019-12-03 03:24:10 +00:00
Jack Grigg
ada3454d26
Fix bug in MgmKey::decrypt
2019-12-03 03:24:09 +00:00
Jack Grigg
370a90f800
Correctly return StatusWords from transfer_data
2019-12-03 03:24:07 +00:00
Jack Grigg
7bcd8664a4
AlgorithmId::write helper to match policy helpers
2019-12-03 03:24:06 +00:00
Jack Grigg
3a4515d902
Convert PIN and touch policies into enums
2019-12-03 03:23:59 +00:00
Tony Arcieri
da897b99bb
yubikey-piv v0.0.3
2019-12-02 11:17:10 -08:00
Tony Arcieri
07f70bccb5
cli: Initial yubikey-cli utility with list command
...
Adds a `yubikey-cli` crate to the workspace, with a `yubikey` binary,
which presently provides a `list` command for listing detected readers.
Dependencies:
- `env_logger`: logging
- `gumdrop`: argument parsing
- `termcolor`: colored terminal output
As this repo now contains a binary, it also checks in `Cargo.lock`.
2019-12-02 10:42:17 -08:00
Tony Arcieri
9ce2ffe938
readers: Use Reader to connect to YubiKey
...
Removes the legacy API inherited from `yubico-piv-tool` and uses
the `reader` module exclusively for selecting and opening the PC/SC
reader.
2019-12-02 10:11:58 -08:00
Tony Arcieri
589ca3de12
readers: Initial Readers enumerator for detecting YubiKeys
...
Adds a `yubikey_piv::Readers` type which opens a PC/SC context and can
enumerate detected PC/SC readers with a slightly more ergonomic API than
what's provided in the upstream crate.
Does not support actually instantiating a `YubiKey` from a `Reader<'_>`
yet, but ideally all connections to YubiKeys should go through this API.
2019-12-02 09:32:42 -08:00
Carl Wallace
a9e0363d09
remove spurious blank lines flagged by fmt
2019-12-01 18:23:32 -05:00
Carl Wallace
a110289910
move print cert info to CLI
2019-12-01 18:20:18 -05:00
Carl Wallace
b9d6057d4e
address fmt issues
2019-12-01 15:12:05 -05:00
Carl Wallace
2087e53109
add print cert info method in support of status action a la yubico-piv-tool
2019-12-01 14:59:21 -05:00
Carl Wallace
5f5844ccb4
Merge remote-tracking branch 'upstream/develop' into develop
2019-12-01 14:49:41 -05:00
Jack Grigg
cd704c28d7
Extract OID strings as constants
2019-12-01 18:42:12 +00:00
Jack Grigg
3a283aca40
Use ecdsa crate for EC point representations
2019-12-01 18:23:57 +00:00
Jack Grigg
e72ee5c60e
Parse EC public keys within certificates
2019-12-01 16:54:22 +00:00
Jack Grigg
9ee1494c6f
Parse RSA public keys within certificates
2019-12-01 16:09:59 +00:00
Jack Grigg
d3e565ef55
Derive PartialEq for SlotId
2019-12-01 15:35:00 +00:00
Tony Arcieri
2bdeca0069
Merge pull request #44 from str4d/more-enums
...
Convert SlotId and AlgorithmId into enums
2019-11-30 14:28:36 -08:00
Jack Grigg
bc95d8b7b9
Delete unnecessary commented-out code
...
We will handle the CardManagement slot separately.
2019-11-30 22:18:31 +00:00
Jack Grigg
11c93d6421
Inline SlotId constants
2019-11-30 22:01:22 +00:00
Jack Grigg
afca0fec0a
Convert AlgorithmId into an enum
...
3DES also has an algorithm ID, but it is completely disjoint from the
key algorithms, and can be handled separately later.
2019-11-30 20:47:37 +00:00
Jack Grigg
12b5bd1e3c
Convert SlotId into an enum
2019-11-30 20:15:16 +00:00
Jack Grigg
c3698dcffb
Key::list: Skip Certificate::new for empty buffers
...
This matches the C code behaviour.
2019-11-30 20:15:12 +00:00
Tony Arcieri
6a16c59567
Use secrecy crate for storing CachedPin
...
The `SecretVec` type automatically handles zeroing and may prevent
accidental exposure of the cached PIN via `Debug`.
2019-11-30 12:11:53 -08:00
Carl Wallace
c8e5c96398
change cccid handling to target entire ccc object (a la yubico-piv-tool status action)
2019-11-30 15:11:10 -05:00
Tony Arcieri
8e38cf6c4e
Merge pull request #42 from carl-wallace/develop
...
Change CHUID struct to hold complete CHUID value. Add getters for sub components. Add additional consts to support this. Modified CCCID struct to be public (as prelude to similar treatment).
2019-11-30 11:44:51 -08:00
Carl Wallace
77302af21e
address formatting per cargo fmt
2019-11-30 14:22:33 -05:00
Carl Wallace
78288b4200
address formatting and documentation issues flagged by clippy
2019-11-30 14:13:34 -05:00
Jack Grigg
a61a6fd94b
Define more YubiKey-recognized status words
...
Recognized values sourced from https://github.com/Yubico/yubikey-manager
NotFoundError and NoSpaceError are specified in SP 800-73-4 Table 6.
2019-11-30 15:39:11 +00:00
Jack Grigg
cfef291ad9
Use u16 for raw StatusWords
2019-11-30 15:39:10 +00:00
Jack Grigg
4b5cd8dd45
Make PIN verification failure a StatusWord case
...
Retry count is now u8, as it cannot exceed 16 (being returned in the
lower half of SW2).
2019-11-30 15:39:09 +00:00
Jack Grigg
9fe363661e
verify_pin: Don't set APDU data for empty PIN
2019-11-30 15:16:15 +00:00
Tony Arcieri
7f3d821df2
Add #![forbid(unsafe_code)]; fix up README.md badges and links
...
- Forbids unsafe code
- Adds a "Safety Dance" badge
- Fixes the GitHub Actions status badge
- Fixes up links that changed with the move to `iqlusioninc` org
2019-11-29 10:06:52 -08:00
Carl Wallace
4210571da3
Change CHUID struct to hold complete CHUID value. Add getters for subcomponents. Add additional consts to support this. Modified CCCID struct to be public (as prelude to similar treatment).
2019-11-29 09:31:24 -05:00
Jack Grigg
1db929c10f
Mark excluded nested match branches as unreachable
2019-11-29 00:09:08 +00:00
Jack Grigg
8240575bb4
Rewrite YubiKey::import_private_key without unsafe
2019-11-28 23:44:16 +00:00
Jack Grigg
1935216cf3
Rewrite MsRoots::read without unsafe
2019-11-28 23:43:02 +00:00