Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| d601c33ba3 | |||
| 8e52d75992 | |||
| 42ae5fb974 | |||
| 224d346f09 | |||
| 01e5bba33f | |||
| 48f42780df |
+9
-1
@@ -4,7 +4,15 @@ All notable changes to this project will be documented in this file.
|
||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
||||
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
## 0.4.0 (2021-07-12)
|
||||
## 0.4.1 (2021-07-12)
|
||||
### Changed
|
||||
- Rename `SettingValue` to `Setting` ([#286])
|
||||
- Rename `Ccc` to `CccId` ([#287])
|
||||
|
||||
[#286]: https://github.com/iqlusioninc/yubikey.rs/pull/286
|
||||
[#287]: https://github.com/iqlusioninc/yubikey.rs/pull/287
|
||||
|
||||
## 0.4.0 (2021-07-12) [YANKED]
|
||||
### Added
|
||||
- `Result` alias ([#271])
|
||||
|
||||
|
||||
Generated
+2
-2
@@ -964,7 +964,7 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "yubikey"
|
||||
version = "0.4.0"
|
||||
version = "0.4.1"
|
||||
dependencies = [
|
||||
"chrono",
|
||||
"cookie-factory",
|
||||
@@ -998,7 +998,7 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "yubikey-cli"
|
||||
version = "0.4.0-pre"
|
||||
version = "0.4.0"
|
||||
dependencies = [
|
||||
"env_logger",
|
||||
"gumdrop",
|
||||
|
||||
+1
-1
@@ -1,6 +1,6 @@
|
||||
[package]
|
||||
name = "yubikey"
|
||||
version = "0.4.0" # Also update html_root_url in lib.rs when bumping this
|
||||
version = "0.4.1" # Also update html_root_url in lib.rs when bumping this
|
||||
description = """
|
||||
Pure Rust cross-platform host-side driver for YubiKey devices from Yubico with
|
||||
support for hardware-backed public-key decryption and digital signatures using
|
||||
|
||||
@@ -6,10 +6,8 @@
|
||||
[![Docs][docs-image]][docs-link]
|
||||
[![2-Clause BSD Licensed][license-image]][license-link]
|
||||
![Rust Version][rustc-image]
|
||||
![Maintenance Status: Experimental][maintenance-image]
|
||||
[![Safety Dance][safety-image]][safety-link]
|
||||
[![Build Status][build-image]][build-link]
|
||||
[![Gitter Chat][gitter-image]][gitter-link]
|
||||
|
||||
Pure Rust cross-platform host-side driver for [YubiKey] devices from [Yubico]
|
||||
with support for public-key encryption and digital signatures using the
|
||||
@@ -167,13 +165,10 @@ or conditions.
|
||||
[license-image]: https://img.shields.io/badge/license-BSD-blue.svg
|
||||
[license-link]: https://github.com/iqlusioninc/yubikey.rs/blob/main/COPYING
|
||||
[rustc-image]: https://img.shields.io/badge/rustc-1.51+-blue.svg
|
||||
[maintenance-image]: https://img.shields.io/badge/maintenance-experimental-blue.svg
|
||||
[safety-image]: https://img.shields.io/badge/unsafe-forbidden-success.svg
|
||||
[safety-link]: https://github.com/rust-secure-code/safety-dance/
|
||||
[build-image]: https://github.com/iqlusioninc/yubikey.rs/workflows/CI/badge.svg?branch=main&event=push
|
||||
[build-link]: https://github.com/iqlusioninc/yubikey.rs/actions
|
||||
[gitter-image]: https://badges.gitter.im/badge.svg
|
||||
[gitter-link]: https://gitter.im/iqlusioninc/community
|
||||
|
||||
[//]: # (general links)
|
||||
|
||||
|
||||
+10
-3
@@ -4,16 +4,23 @@ All notable changes to this project will be documented in this file.
|
||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
||||
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
## 0.4.0 (2021-07-12)
|
||||
### Changed
|
||||
- Switch to renamed `yubikey` crate ([#283])
|
||||
- Bump MSRV to 1.51+ ([#283])
|
||||
|
||||
[#283]: https://github.com/iqlusioninc/yubikey.rs/pull/283
|
||||
|
||||
## 0.3.0 (2021-03-22)
|
||||
### Changed
|
||||
- Bump `yubikey` dependency to v0.3 ([#240])
|
||||
- Bump `yubikey-piv` dependency to v0.3 ([#240])
|
||||
|
||||
[#240]: https://github.com/iqlusioninc/yubikey.rs/pull/240
|
||||
|
||||
## 0.2.0 (2021-01-30)
|
||||
### Changed
|
||||
- Bump MSRV to 1.46+ ([#208])
|
||||
- Bump `yubikey` dependency to v0.2 ([#220])
|
||||
- Bump `yubikey-piv` dependency to v0.2 ([#220])
|
||||
|
||||
[#208]: https://github.com/iqlusioninc/yubikey.rs/pull/208
|
||||
[#220]: https://github.com/iqlusioninc/yubikey.rs/pull/220
|
||||
@@ -23,7 +30,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||
- `status` command ([#72], [#74])
|
||||
|
||||
### Changed
|
||||
- Bump `yubikey` to v0.1.0 ([#180])
|
||||
- Bump `yubikey-piv` to v0.1.0 ([#180])
|
||||
- Bump `x509-parser` to v0.8 ([#181])
|
||||
- Bump `sha2` to v0.9 ([#182])
|
||||
- Rename `list` command to `readers`; improve usage ([#71])
|
||||
|
||||
+1
-1
@@ -1,6 +1,6 @@
|
||||
[package]
|
||||
name = "yubikey-cli"
|
||||
version = "0.4.0-pre"
|
||||
version = "0.4.0"
|
||||
description = """
|
||||
Command-line interface for performing encryption and signing using RSA/ECC keys
|
||||
stored on YubiKey devices.
|
||||
|
||||
@@ -1,13 +1,11 @@
|
||||
//! Print device status
|
||||
|
||||
use crate::terminal::STDOUT;
|
||||
use crate::terminal::{print_cert_info, STDOUT};
|
||||
use gumdrop::Options;
|
||||
use std::io::{self, Write};
|
||||
use termcolor::{ColorSpec, StandardStreamLock, WriteColor};
|
||||
use yubikey::{piv::*, YubiKey};
|
||||
|
||||
use crate::print_cert_info;
|
||||
|
||||
// String to use for `None`
|
||||
const NONE_STR: &str = "<none>";
|
||||
|
||||
|
||||
+6
-85
@@ -1,92 +1,13 @@
|
||||
//! `yubikey` command-line utility.
|
||||
//!
|
||||
//! The goal of this tool is to provide functionality similar to `yubico-piv-tool`
|
||||
//! but implemented in pure Rust.
|
||||
//!
|
||||
//! It also serves as a demonstration/example of how to use the `yubikey` crate.
|
||||
|
||||
#![forbid(unsafe_code)]
|
||||
#![warn(
|
||||
missing_docs,
|
||||
rust_2018_idioms,
|
||||
unused_lifetimes,
|
||||
unused_qualifications
|
||||
)]
|
||||
#![warn(missing_docs, rust_2018_idioms, unused_qualifications)]
|
||||
|
||||
#[macro_use]
|
||||
pub mod terminal;
|
||||
|
||||
pub mod commands;
|
||||
|
||||
use log::debug;
|
||||
use sha2::{Digest, Sha256};
|
||||
use std::io::{self, Write};
|
||||
use std::str;
|
||||
use subtle_encoding::hex;
|
||||
use termcolor::{ColorSpec, StandardStreamLock, WriteColor};
|
||||
use x509_parser::parse_x509_certificate;
|
||||
use yubikey::{certificate::Certificate, piv::*, YubiKey};
|
||||
|
||||
/// Write information about certificate found in slot a la yubico-piv-tool output.
|
||||
pub fn print_cert_info(
|
||||
yubikey: &mut YubiKey,
|
||||
slot: SlotId,
|
||||
stream: &mut StandardStreamLock<'_>,
|
||||
) -> io::Result<()> {
|
||||
let cert = match Certificate::read(yubikey, slot) {
|
||||
Ok(c) => c,
|
||||
Err(e) => {
|
||||
debug!("error reading certificate in slot {:?}: {}", slot, e);
|
||||
return Ok(());
|
||||
}
|
||||
};
|
||||
let buf = cert.into_buffer();
|
||||
|
||||
if !buf.is_empty() {
|
||||
let fingerprint = Sha256::digest(&buf);
|
||||
let slot_id: u8 = slot.into();
|
||||
print_cert_attr(stream, "Slot", format!("{:x}", slot_id))?;
|
||||
match parse_x509_certificate(&buf) {
|
||||
Ok((_rem, cert)) => {
|
||||
print_cert_attr(
|
||||
stream,
|
||||
"Algorithm",
|
||||
cert.tbs_certificate.subject_pki.algorithm.algorithm,
|
||||
)?;
|
||||
|
||||
print_cert_attr(stream, "Subject", cert.tbs_certificate.subject)?;
|
||||
print_cert_attr(stream, "Issuer", cert.tbs_certificate.issuer)?;
|
||||
print_cert_attr(
|
||||
stream,
|
||||
"Fingerprint",
|
||||
str::from_utf8(hex::encode(fingerprint).as_slice()).unwrap(),
|
||||
)?;
|
||||
print_cert_attr(
|
||||
stream,
|
||||
"Not Before",
|
||||
cert.tbs_certificate.validity.not_before.to_rfc2822(),
|
||||
)?;
|
||||
print_cert_attr(
|
||||
stream,
|
||||
"Not After",
|
||||
cert.tbs_certificate.validity.not_after.to_rfc2822(),
|
||||
)?;
|
||||
}
|
||||
_ => {
|
||||
println!("Failed to parse certificate");
|
||||
return Ok(());
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Print a status attribute
|
||||
fn print_cert_attr(
|
||||
stream: &mut StandardStreamLock<'_>,
|
||||
name: &str,
|
||||
value: impl ToString,
|
||||
) -> io::Result<()> {
|
||||
stream.set_color(ColorSpec::new().set_bold(true))?;
|
||||
write!(stream, "{:>12}:", name)?;
|
||||
stream.reset()?;
|
||||
writeln!(stream, " {}", value.to_string())?;
|
||||
stream.flush()?;
|
||||
Ok(())
|
||||
}
|
||||
|
||||
+80
-3
@@ -1,9 +1,17 @@
|
||||
//! Status messages
|
||||
|
||||
use lazy_static::lazy_static;
|
||||
use std::io::{self, Write};
|
||||
use std::sync::Mutex;
|
||||
use termcolor::{Color, ColorChoice, ColorSpec, StandardStream, WriteColor};
|
||||
use log::debug;
|
||||
use sha2::{Digest, Sha256};
|
||||
use std::{
|
||||
io::{self, Write},
|
||||
str,
|
||||
sync::Mutex,
|
||||
};
|
||||
use subtle_encoding::hex;
|
||||
use termcolor::{Color, ColorChoice, ColorSpec, StandardStream, StandardStreamLock, WriteColor};
|
||||
use x509_parser::parse_x509_certificate;
|
||||
use yubikey::{certificate::Certificate, piv::*, YubiKey};
|
||||
|
||||
/// Print a success status message (in green if colors are enabled)
|
||||
#[macro_export]
|
||||
@@ -163,3 +171,72 @@ impl Status {
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
/// Write information about certificate found in slot a la yubico-piv-tool output.
|
||||
pub fn print_cert_info(
|
||||
yubikey: &mut YubiKey,
|
||||
slot: SlotId,
|
||||
stream: &mut StandardStreamLock<'_>,
|
||||
) -> io::Result<()> {
|
||||
let cert = match Certificate::read(yubikey, slot) {
|
||||
Ok(c) => c,
|
||||
Err(e) => {
|
||||
debug!("error reading certificate in slot {:?}: {}", slot, e);
|
||||
return Ok(());
|
||||
}
|
||||
};
|
||||
let buf = cert.into_buffer();
|
||||
|
||||
if !buf.is_empty() {
|
||||
let fingerprint = Sha256::digest(&buf);
|
||||
let slot_id: u8 = slot.into();
|
||||
print_cert_attr(stream, "Slot", format!("{:x}", slot_id))?;
|
||||
match parse_x509_certificate(&buf) {
|
||||
Ok((_rem, cert)) => {
|
||||
print_cert_attr(
|
||||
stream,
|
||||
"Algorithm",
|
||||
cert.tbs_certificate.subject_pki.algorithm.algorithm,
|
||||
)?;
|
||||
|
||||
print_cert_attr(stream, "Subject", cert.tbs_certificate.subject)?;
|
||||
print_cert_attr(stream, "Issuer", cert.tbs_certificate.issuer)?;
|
||||
print_cert_attr(
|
||||
stream,
|
||||
"Fingerprint",
|
||||
str::from_utf8(hex::encode(fingerprint).as_slice()).unwrap(),
|
||||
)?;
|
||||
print_cert_attr(
|
||||
stream,
|
||||
"Not Before",
|
||||
cert.tbs_certificate.validity.not_before.to_rfc2822(),
|
||||
)?;
|
||||
print_cert_attr(
|
||||
stream,
|
||||
"Not After",
|
||||
cert.tbs_certificate.validity.not_after.to_rfc2822(),
|
||||
)?;
|
||||
}
|
||||
_ => {
|
||||
println!("Failed to parse certificate");
|
||||
return Ok(());
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Print a status attribute
|
||||
fn print_cert_attr(
|
||||
stream: &mut StandardStreamLock<'_>,
|
||||
name: &str,
|
||||
value: impl ToString,
|
||||
) -> io::Result<()> {
|
||||
stream.set_color(ColorSpec::new().set_bold(true))?;
|
||||
write!(stream, "{:>12}:", name)?;
|
||||
stream.reset()?;
|
||||
writeln!(stream, " {}", value.to_string())?;
|
||||
stream.flush()?;
|
||||
Ok(())
|
||||
}
|
||||
|
||||
+3
-3
@@ -78,9 +78,9 @@ impl CardId {
|
||||
|
||||
/// Cardholder Capability Container (CCC) Identifier.
|
||||
#[derive(Copy, Clone, Debug, Eq, PartialEq)]
|
||||
pub struct Ccc(pub [u8; Self::BYTE_SIZE]);
|
||||
pub struct CccId(pub [u8; Self::BYTE_SIZE]);
|
||||
|
||||
impl Ccc {
|
||||
impl CccId {
|
||||
/// CCC size in bytes
|
||||
pub const BYTE_SIZE: usize = 51;
|
||||
|
||||
@@ -115,7 +115,7 @@ impl Ccc {
|
||||
}
|
||||
}
|
||||
|
||||
impl Display for Ccc {
|
||||
impl Display for CccId {
|
||||
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
|
||||
f.write_str(str::from_utf8(&hex::encode(&self.0[..])).unwrap())
|
||||
}
|
||||
|
||||
+4
-4
@@ -131,7 +131,7 @@
|
||||
#![cfg_attr(docsrs, feature(doc_cfg))]
|
||||
#![doc(
|
||||
html_logo_url = "https://raw.githubusercontent.com/iqlusioninc/yubikey.rs/main/img/logo.png",
|
||||
html_root_url = "https://docs.rs/yubikey/0.4.0"
|
||||
html_root_url = "https://docs.rs/yubikey/0.4.1"
|
||||
)]
|
||||
#![forbid(unsafe_code)]
|
||||
#![warn(missing_docs, rust_2018_idioms, trivial_casts, unused_qualifications)]
|
||||
@@ -153,12 +153,12 @@ pub mod piv;
|
||||
mod policy;
|
||||
pub mod reader;
|
||||
mod serialization;
|
||||
mod settings;
|
||||
mod setting;
|
||||
mod transaction;
|
||||
mod yubikey;
|
||||
|
||||
pub use crate::{
|
||||
cccid::{CardId, Ccc},
|
||||
cccid::{CardId, CccId},
|
||||
certificate::Certificate,
|
||||
chuid::ChuId,
|
||||
config::Config,
|
||||
@@ -167,7 +167,7 @@ pub use crate::{
|
||||
piv::Key,
|
||||
policy::{PinPolicy, TouchPolicy},
|
||||
reader::Context,
|
||||
settings::{SettingSource, SettingValue},
|
||||
setting::{Setting, SettingSource},
|
||||
yubikey::{CachedPin, Serial, Version, YubiKey},
|
||||
};
|
||||
|
||||
|
||||
+5
-5
@@ -48,7 +48,7 @@ use crate::{
|
||||
error::{Error, Result},
|
||||
policy::{PinPolicy, TouchPolicy},
|
||||
serialization::*,
|
||||
settings,
|
||||
setting,
|
||||
yubikey::YubiKey,
|
||||
Buffer, ObjectId,
|
||||
};
|
||||
@@ -481,7 +481,7 @@ pub fn generate(
|
||||
const SZ_ROCA_BLOCK_ADMIN: &str = "was blocked due to an administrator configuration setting.";
|
||||
const SZ_ROCA_DEFAULT: &str = "was permitted by default, but is not recommended. The default behavior will change in a future Yubico release.";
|
||||
|
||||
let setting_roca: settings::SettingValue;
|
||||
let setting_roca: setting::Setting;
|
||||
|
||||
match algorithm {
|
||||
AlgorithmId::Rsa1024 | AlgorithmId::Rsa2048 => {
|
||||
@@ -489,17 +489,17 @@ pub fn generate(
|
||||
&& (yubikey.version.minor < 3
|
||||
|| yubikey.version.minor == 3 && (yubikey.version.patch < 5))
|
||||
{
|
||||
setting_roca = settings::SettingValue::get(SZ_SETTING_ROCA, true);
|
||||
setting_roca = setting::Setting::get(SZ_SETTING_ROCA, true);
|
||||
|
||||
let psz_msg = match setting_roca.source {
|
||||
settings::SettingSource::User => {
|
||||
setting::SettingSource::User => {
|
||||
if setting_roca.value {
|
||||
SZ_ROCA_ALLOW_USER
|
||||
} else {
|
||||
SZ_ROCA_BLOCK_USER
|
||||
}
|
||||
}
|
||||
settings::SettingSource::Admin => {
|
||||
setting::SettingSource::Admin => {
|
||||
if setting_roca.value {
|
||||
SZ_ROCA_ALLOW_ADMIN
|
||||
} else {
|
||||
|
||||
@@ -66,7 +66,7 @@ impl Default for SettingSource {
|
||||
/// system administrator, or by the local user via `YUBIKEY_PIV_*` environment
|
||||
/// variables.
|
||||
#[derive(Copy, Clone, Debug)]
|
||||
pub struct SettingValue {
|
||||
pub struct Setting {
|
||||
/// Boolean value
|
||||
pub value: bool,
|
||||
|
||||
@@ -74,8 +74,8 @@ pub struct SettingValue {
|
||||
pub source: SettingSource,
|
||||
}
|
||||
|
||||
impl SettingValue {
|
||||
/// Get a [`SettingValue`] value by name.
|
||||
impl Setting {
|
||||
/// Get a setting by name.
|
||||
pub fn get(key: &str, default: bool) -> Self {
|
||||
Self::from_file(key)
|
||||
.or_else(|| Self::from_env(key))
|
||||
@@ -109,7 +109,7 @@ impl SettingValue {
|
||||
};
|
||||
|
||||
if name == key {
|
||||
return Some(SettingValue {
|
||||
return Some(Setting {
|
||||
source: SettingSource::Admin,
|
||||
value: value == "1" || value == "true",
|
||||
});
|
||||
@@ -124,14 +124,14 @@ impl SettingValue {
|
||||
fn from_env(key: &str) -> Option<Self> {
|
||||
env::var(format!("YUBIKEY_PIV_{}", key))
|
||||
.ok()
|
||||
.map(|value| SettingValue {
|
||||
.map(|value| Setting {
|
||||
source: SettingSource::User,
|
||||
value: value == "1" || value == "true",
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
impl Default for SettingValue {
|
||||
impl Default for Setting {
|
||||
fn default() -> Self {
|
||||
Self {
|
||||
value: false,
|
||||
+3
-3
@@ -32,7 +32,7 @@
|
||||
|
||||
use crate::{
|
||||
apdu::{Apdu, Ins},
|
||||
cccid::Ccc,
|
||||
cccid::CccId,
|
||||
chuid::ChuId,
|
||||
config::Config,
|
||||
error::{Error, Result},
|
||||
@@ -275,8 +275,8 @@ impl YubiKey {
|
||||
}
|
||||
|
||||
/// Get Cardholder Capability Container (CCC) Identifier.
|
||||
pub fn cccid(&mut self) -> Result<Ccc> {
|
||||
Ccc::get(self)
|
||||
pub fn cccid(&mut self) -> Result<CccId> {
|
||||
CccId::get(self)
|
||||
}
|
||||
|
||||
/// Authenticate to the card using the provided management key (MGM).
|
||||
|
||||
Reference in New Issue
Block a user