This is required due to the `hybrid-array` crate, which has become a
transitive dependency of the majority of our dependencies and will be
required in the very near future.
Unfortunately these tests can't be run in CI as they require a YubiKey
to test against.
The YubiKey generates an ASN.1 DER-encoded ECDSA signature, but the test
was using a fixed-width signature.
The test now passes live against a YubiKey.
Re-exports types from the toplevel instead of placing them in individual
modules (often which only contain one type).
This makes the API easier for users to navigate, while still retaining
the same module structure internally.
Additionally, this commit uses the `uuid` crate for modeling UUIDs.
* Add MgmKey::set_default method
This wipes any metadata related to derived and PIN-protected management
keys, returning the management key to its default state.
* Transaction::set_mgm_key: Take touch requirement as bool
The Option<u8> was inherited from the original C code's usage of an
unsigned char. We don't need that flexibility, because only two cases
are supported.
* Replace MgmKey::set with MgmKey::set_manual
MgmKey::set_default is now implemented as a wrapper around
MgmKey::set_manual, as they both require clearing metadata related to
derived and PIN-protected management keys.
MgmKey::set_protected and YubiKey::set_pin_last_changed both contained
bugs resulting from the conversion of C pointer logic (incorrect buffer
management). The new Metadata struct holds its own buffer, avoiding the
problem.
Also adds a protected management key integration test.
YubiKey NEOs are legacy YubiKey devices, most of which contain
unpatchable security vulnerabilities.
They have smaller buffer sizes than YK4 and YK5, which necessitates a
whole bunch of conditional gating and buffer size calculations.
Getting rid of them simplifies this logic and allows us to assume
consistent buffer sizes everywhere.
We never tested on NEOs anyway, and looking at the deleted code it seems
it may have been miscalculating the NEO's buffer size!
If someone *really* wants to support NEOs, it shouldn't be that hard to
restore, but the codebase is definitely cleaner without it.
Adds an extremely basic initial test to ensure that we are able to
connect to a YubiKey.
The test is marked `#[ignore]` in the hope that we can eventually start
adding tests which run in CI, e.g. against a mock card.
This also includes a fix for calculating the APDU size, since the ones
we were sending originally were overly long.