Commit Graph

97 Commits

Author SHA1 Message Date
Tony Arcieri d6cd0130d3 Move sign/decrypt/import/attest to the key module
These are crypto key-related functions and are better factored under
this module.
2019-12-07 10:39:02 -08:00
Tony Arcieri d1d384d304 Test Key::list
Adds a live-against-the-device test which ensures keys can be
successfully listed.
2019-12-07 10:09:56 -08:00
Tony Arcieri cb9d5221b2 Merge pull request #60 from iqlusioninc/test-verify-pin
Test YubiKey::verify_pin (--ignored)
2019-12-07 08:52:09 -08:00
Tony Arcieri c30cf5b83a Test YubiKey::verify_pin (--ignored)
Adds an off-by-default test that the `YubiKey::verify_pin` function
works, and removes it from `untested` gating.
2019-12-07 08:44:12 -08:00
Jack Grigg 0551263286 Switch to elliptic-curve crate 2019-12-07 15:47:24 +00:00
Jack Grigg 76c093e68e Minor cleanups 2019-12-03 03:24:10 +00:00
Jack Grigg ada3454d26 Fix bug in MgmKey::decrypt 2019-12-03 03:24:09 +00:00
Jack Grigg 370a90f800 Correctly return StatusWords from transfer_data 2019-12-03 03:24:07 +00:00
Jack Grigg 7bcd8664a4 AlgorithmId::write helper to match policy helpers 2019-12-03 03:24:06 +00:00
Jack Grigg 3a4515d902 Convert PIN and touch policies into enums 2019-12-03 03:23:59 +00:00
Tony Arcieri da897b99bb yubikey-piv v0.0.3 2019-12-02 11:17:10 -08:00
Tony Arcieri 07f70bccb5 cli: Initial yubikey-cli utility with list command
Adds a `yubikey-cli` crate to the workspace, with a `yubikey` binary,
which presently provides a `list` command for listing detected readers.

Dependencies:

- `env_logger`: logging
- `gumdrop`: argument parsing
- `termcolor`: colored terminal output

As this repo now contains a binary, it also checks in `Cargo.lock`.
2019-12-02 10:42:17 -08:00
Tony Arcieri 9ce2ffe938 readers: Use Reader to connect to YubiKey
Removes the legacy API inherited from `yubico-piv-tool` and uses
the `reader` module exclusively for selecting and opening the PC/SC
reader.
2019-12-02 10:11:58 -08:00
Tony Arcieri 589ca3de12 readers: Initial Readers enumerator for detecting YubiKeys
Adds a `yubikey_piv::Readers` type which opens a PC/SC context and can
enumerate detected PC/SC readers with a slightly more ergonomic API than
what's provided in the upstream crate.

Does not support actually instantiating a `YubiKey` from a `Reader<'_>`
yet, but ideally all connections to YubiKeys should go through this API.
2019-12-02 09:32:42 -08:00
Jack Grigg cd704c28d7 Extract OID strings as constants 2019-12-01 18:42:12 +00:00
Jack Grigg 3a283aca40 Use ecdsa crate for EC point representations 2019-12-01 18:23:57 +00:00
Jack Grigg e72ee5c60e Parse EC public keys within certificates 2019-12-01 16:54:22 +00:00
Jack Grigg 9ee1494c6f Parse RSA public keys within certificates 2019-12-01 16:09:59 +00:00
Jack Grigg d3e565ef55 Derive PartialEq for SlotId 2019-12-01 15:35:00 +00:00
Tony Arcieri 2bdeca0069 Merge pull request #44 from str4d/more-enums
Convert SlotId and AlgorithmId into enums
2019-11-30 14:28:36 -08:00
Jack Grigg bc95d8b7b9 Delete unnecessary commented-out code
We will handle the CardManagement slot separately.
2019-11-30 22:18:31 +00:00
Jack Grigg 11c93d6421 Inline SlotId constants 2019-11-30 22:01:22 +00:00
Jack Grigg afca0fec0a Convert AlgorithmId into an enum
3DES also has an algorithm ID, but it is completely disjoint from the
key algorithms, and can be handled separately later.
2019-11-30 20:47:37 +00:00
Jack Grigg 12b5bd1e3c Convert SlotId into an enum 2019-11-30 20:15:16 +00:00
Jack Grigg c3698dcffb Key::list: Skip Certificate::new for empty buffers
This matches the C code behaviour.
2019-11-30 20:15:12 +00:00
Tony Arcieri 6a16c59567 Use secrecy crate for storing CachedPin
The `SecretVec` type automatically handles zeroing and may prevent
accidental exposure of the cached PIN via `Debug`.
2019-11-30 12:11:53 -08:00
Tony Arcieri 8e38cf6c4e Merge pull request #42 from carl-wallace/develop
Change CHUID struct to hold complete CHUID value. Add getters for sub components. Add additional consts to support this. Modified CCCID struct to be public (as prelude to similar treatment).
2019-11-30 11:44:51 -08:00
Carl Wallace 77302af21e address formatting per cargo fmt 2019-11-30 14:22:33 -05:00
Carl Wallace 78288b4200 address formatting and documentation issues flagged by clippy 2019-11-30 14:13:34 -05:00
Jack Grigg a61a6fd94b Define more YubiKey-recognized status words
Recognized values sourced from https://github.com/Yubico/yubikey-manager
NotFoundError and NoSpaceError are specified in SP 800-73-4 Table 6.
2019-11-30 15:39:11 +00:00
Jack Grigg cfef291ad9 Use u16 for raw StatusWords 2019-11-30 15:39:10 +00:00
Jack Grigg 4b5cd8dd45 Make PIN verification failure a StatusWord case
Retry count is now u8, as  it cannot exceed 16 (being returned in the
lower half of SW2).
2019-11-30 15:39:09 +00:00
Jack Grigg 9fe363661e verify_pin: Don't set APDU data for empty PIN 2019-11-30 15:16:15 +00:00
Tony Arcieri 7f3d821df2 Add #![forbid(unsafe_code)]; fix up README.md badges and links
- Forbids unsafe code
- Adds a "Safety Dance" badge
- Fixes the GitHub Actions status badge
- Fixes up links that changed with the move to `iqlusioninc` org
2019-11-29 10:06:52 -08:00
Carl Wallace 4210571da3 Change CHUID struct to hold complete CHUID value. Add getters for subcomponents. Add additional consts to support this. Modified CCCID struct to be public (as prelude to similar treatment). 2019-11-29 09:31:24 -05:00
Jack Grigg 1db929c10f Mark excluded nested match branches as unreachable 2019-11-29 00:09:08 +00:00
Jack Grigg 8240575bb4 Rewrite YubiKey::import_private_key without unsafe 2019-11-28 23:44:16 +00:00
Jack Grigg 1935216cf3 Rewrite MsRoots::read without unsafe 2019-11-28 23:43:02 +00:00
Jack Grigg 7c08674fac Use slice::copy_within in metadata::read 2019-11-28 23:43:01 +00:00
Jack Grigg 8b86a0f578 Rewrite metadata::get_item without unsafe 2019-11-28 23:42:55 +00:00
Jack Grigg bd5669d9ef Rewrite metadata::set_item without unsafe
Also re-introduces some comments that were lost during corrosion.
2019-11-28 23:06:09 +00:00
Jack Grigg afb6a9479e Use slice::copy_within in read_certificate 2019-11-28 23:03:11 +00:00
Jack Grigg 48d0a2ab04 Use slice::copy_from_slice in Transaction::change_pin 2019-11-28 23:02:33 +00:00
Carl Wallace 13b350f822 change length comparison to is_empty check per clippy 2019-11-27 15:26:13 -05:00
Carl Wallace 0f1ef2f519 Make anonymous field of CHUID struct public. Remove spurious -2 instances inside Transaction::transfer_data (the Response object is already eating the status words) 2019-11-27 15:09:53 -05:00
Tony Arcieri 5bf27f5422 Have sign_data and decrypt_data return a Buffer 2019-11-26 11:06:11 -08:00
Tony Arcieri debde6e765 Ins (APDU instruction codes) enum
Converts a bag of constant values (`YKPIV_INS_*`) into an enum
representing APDU instruction codes (a.k.a. `ins`).

Among other things, this makes the `Debug` output for `APDU` more human
meaningful, since it can print a text label for the instruction rather
than a code number, which is helpful in trace debugging.
2019-11-26 09:52:19 -08:00
Tony Arcieri d3af2f2d80 Factor Response into apdu module; improved debugging
This commit merges the `apdu` and `response` modules: the responses are
APDU responses, and so the two are related.

This also moves the `trace` logging into the APDU type, which allows it
to display `Debug` output for APDUs and responses, which makes it easier
to understand what's going on (and will be even better once instructions
are converted into an enum so you can actually see what's happening).
2019-11-26 09:15:48 -08:00
Tony Arcieri 77d9dd6e97 v0.0.2 2019-11-25 15:27:04 -08:00
Tony Arcieri a23af7dc31 Add untested Cargo feature for untested functionality
This adds an `untested` feature to any functions which have not yet been
tested live against a YubiKey device (which is presently pretty much
everything).

This sets a clear expectation of what is presently supported, and
additionally documents the status in the README (and a series of GitHub
issues).

Adds a `cargo build --all-features` to GitHub Actions' `test` step in
order to make sure that `untested` functionality still compiles.
2019-11-25 15:04:32 -08:00