Tony Arcieri
17ae87f741
Bump RustCrypto dependencies
...
Updates all RustCrypto crates (`crypto-mac`, `des`, `hmac`, `pbkdf2`)
to the latest versions.
2020-10-18 10:12:09 -07:00
Tony Arcieri
cbe60413cb
Bump p256 to v0.5; p384 to v0.4; MSRV 1.44+
2020-10-17 13:54:40 -07:00
Shella Stephens
860c163eb9
Update rsa to v0.3 & other dependencies ( #142 )
...
* Update rsa to v0.3 & other dependencies
2020-06-15 16:40:33 -07:00
BlackHoleFox
556b9cb671
Remove dependency on regular num-bigint
2020-06-09 18:42:56 -05:00
BlackHoleFox
6e3560c10f
Switch to buffer alias
2020-06-08 22:09:57 -05:00
BlackHoleFox
0f907ebd5c
Implement RSA key precomputation
2020-06-08 21:48:25 -05:00
BlackHoleFox
acc96e988f
Refactor key import function
2020-06-01 23:07:18 -05:00
Tony Arcieri
5e52f93f4a
Remove unnecessary parens
2020-05-04 08:45:40 -07:00
Tony Arcieri
926450b573
Cargo.lock: update dependencies
2020-02-15 07:03:21 -08:00
Tony Arcieri
27504890d7
Bump elliptic-curve from 0.2.0 to 0.3.0
2020-01-07 15:11:27 -05:00
Jack Grigg
b5e774cf2b
pcsc::Error::NoReadersAvailable -> Error::NotFound in YubiKey::open*
...
This provides a consistent user experience between no readers being
connected, and readers being connected but not the one we are trying to
open.
2019-12-18 11:03:30 -06:00
Jack Grigg
422f89b3e9
Extract ChangeRefAction enum
2019-12-16 06:26:41 -06:00
Jack Grigg
985b1d272c
Add a serial number wrapper struct with Into conversions
2019-12-15 17:50:25 +00:00
Jack Grigg
58acfe6330
Simplify issuer and subject stringification
2019-12-15 17:42:47 +00:00
Jack Grigg
1a95a5f921
Fix PKCS#1 v1.5 signature generation
2019-12-15 17:09:09 +00:00
Jack Grigg
8ac78cafb8
Certificate::generate_self_signed
2019-12-15 10:59:50 +00:00
Jack Grigg
5e8a014be2
Expose certificate serial and issuer
2019-12-15 10:35:22 +00:00
Jack Grigg
d44a32453c
Write certificate TLVs into correct offsets
2019-12-15 10:33:01 +00:00
Jack Grigg
d113c1f4b9
impl<'a> TryFrom<&'a [u8]> for Certificate
2019-12-11 02:44:40 +00:00
Jack Grigg
2eff313064
Fix bug in key::generate and document weirdness
...
Bug was introduced in #73 when starting offsets were overlooked. Digging
into why they were there led to uncovering the weird not-quite-ASN.1
format that the YubiKey returns generated pubkeys in.
2019-12-11 02:26:23 +00:00
Jack Grigg
41b10d1f23
Convert certificate info into an enum
2019-12-11 02:21:49 +00:00
Jack Grigg
4c2ecea721
Replace GeneratedKey with PublicKeyInfo
2019-12-11 00:31:31 +00:00
Jack Grigg
e73607e662
Rename Certificate::new to Certificate::from_bytes
2019-12-11 00:30:39 +00:00
Tony Arcieri
08897ec7c9
cli: print reader name as part of status command
2019-12-10 08:43:33 -08:00
Jack Grigg
1bf3b13e52
Add missing untested feature gates
2019-12-10 13:31:48 +00:00
Jack Grigg
8385dda201
Check buffer length in set_length
2019-12-10 13:22:21 +00:00
Jack Grigg
363bdc4351
Extract TLV writing into serialization::Tlv
2019-12-10 13:17:01 +00:00
Jack Grigg
da828abe3c
Extract TLV parsing into serialization::Tlv
2019-12-10 13:14:39 +00:00
Tony Arcieri
78d5f33695
cli: add status command
...
Provides equivalent functionality to `yubico-piv-tool`
2019-12-09 18:00:34 -08:00
Carl Wallace
855f2ecb24
add try_from String for SlotIds in support of CLI
2019-12-08 19:25:27 -05:00
Tony Arcieri
4663cffb96
yubikey: add open_by_serial method
...
Support for opening a `YubiKey` with a specific serial number.
2019-12-08 12:12:03 -08:00
Tony Arcieri
0a100acdd2
Rename container module to mscmap
...
Better reflects what it actually is.
2019-12-08 10:01:00 -08:00
Tony Arcieri
31efd4e78c
Finish eliminating consts module
...
Either moves constants into their relevant modules, or puts the
remaining ones into `lib.rs`
2019-12-08 09:32:57 -08:00
Tony Arcieri
104020d518
consts: Whittle down to the essentials
...
This factors the junk drawer of constants into the relevant files.
There are still a few "global" ones left but they can be addressed in a
followup commit.
2019-12-08 08:39:21 -08:00
Tony Arcieri
9482ae62ab
CCCID/CHUID: add basic tests and do some cleanups
...
- Adds tests for CCCID/CHUID, allowing not found (is that ok?)
- Move constants under their respective modules and remove `YKPIV_`
2019-12-07 13:09:38 -08:00
Tony Arcieri
2587a4ac1e
CCCID/CHUID refactoring
...
- Move generate methods to the appropriate static types
- Remove redundant name prefixes (Rust [RFC#356])
[RFC#356]: https://github.com/rust-lang/rfcs/pull/356
2019-12-07 12:39:52 -08:00
Tony Arcieri
3cf3c0867f
Merge pull request #49 from carl-wallace/develop
...
change ccid handling to target entire CCC object
2019-12-07 12:10:44 -08:00
Tony Arcieri
cdecfd92dd
Test Config::get
...
Tests reading configuration from a live device:
Config { protected_data_available: false, puk_blocked: false, puk_noblock_on_upgrade: false, pin_last_changed: 0, mgm_type: Manual }
2019-12-07 11:47:07 -08:00
Tony Arcieri
f6915ce5df
Drop YubiKey NEO support ( closes #18 )
...
YubiKey NEOs are legacy YubiKey devices, most of which contain
unpatchable security vulnerabilities.
They have smaller buffer sizes than YK4 and YK5, which necessitates a
whole bunch of conditional gating and buffer size calculations.
Getting rid of them simplifies this logic and allows us to assume
consistent buffer sizes everywhere.
We never tested on NEOs anyway, and looking at the deleted code it seems
it may have been miscalculating the NEO's buffer size!
If someone *really* wants to support NEOs, it shouldn't be that hard to
restore, but the codebase is definitely cleaner without it.
2019-12-07 11:22:51 -08:00
Tony Arcieri
d6cd0130d3
Move sign/decrypt/import/attest to the key module
...
These are crypto key-related functions and are better factored under
this module.
2019-12-07 10:39:02 -08:00
Tony Arcieri
d1d384d304
Test Key::list
...
Adds a live-against-the-device test which ensures keys can be
successfully listed.
2019-12-07 10:09:56 -08:00
Tony Arcieri
cb9d5221b2
Merge pull request #60 from iqlusioninc/test-verify-pin
...
Test YubiKey::verify_pin (--ignored)
2019-12-07 08:52:09 -08:00
Tony Arcieri
c30cf5b83a
Test YubiKey::verify_pin (--ignored)
...
Adds an off-by-default test that the `YubiKey::verify_pin` function
works, and removes it from `untested` gating.
2019-12-07 08:44:12 -08:00
Jack Grigg
0551263286
Switch to elliptic-curve crate
2019-12-07 15:47:24 +00:00
Carl Wallace
82c2d08aec
Merge remote-tracking branch 'upstream/develop' into develop
2019-12-03 15:12:22 -05:00
Jack Grigg
76c093e68e
Minor cleanups
2019-12-03 03:24:10 +00:00
Jack Grigg
ada3454d26
Fix bug in MgmKey::decrypt
2019-12-03 03:24:09 +00:00
Jack Grigg
370a90f800
Correctly return StatusWords from transfer_data
2019-12-03 03:24:07 +00:00
Jack Grigg
7bcd8664a4
AlgorithmId::write helper to match policy helpers
2019-12-03 03:24:06 +00:00
Jack Grigg
3a4515d902
Convert PIN and touch policies into enums
2019-12-03 03:23:59 +00:00