Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: iqlusioninc/yubikey.rs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: main
Choose a base ref
...
head repository: cossacklabs/yubikey.rs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: main
Choose a head ref
Can’t automatically merge. Don’t worry, you can still create the pull request.
  • 13 commits
  • 12 files changed
  • 4 contributors

Commits on Feb 17, 2024

  1. Verified

    This commit was signed with the committer’s verified signature.
    G1gg1L3s Nazar Serhiichuk
    Copy the full SHA
    b5f6339 View commit details
  2. Verified

    This commit was signed with the committer’s verified signature.
    G1gg1L3s Nazar Serhiichuk
    Copy the full SHA
    ef10c47 View commit details
  3. changelog: Update

    G1gg1L3s committed Feb 17, 2024

    Verified

    This commit was signed with the committer’s verified signature.
    G1gg1L3s Nazar Serhiichuk
    Copy the full SHA
    d144055 View commit details
  4. changelog: Add PR number

    Forgot about it, oops :)
    G1gg1L3s committed Feb 17, 2024

    Verified

    This commit was signed with the committer’s verified signature.
    G1gg1L3s Nazar Serhiichuk
    Copy the full SHA
    840c6eb View commit details

Commits on Aug 6, 2024

  1. PIV: Support AES management keys

    This commit adds support for setting and getting the AES management
    keys, these are available in firmwars 5.4 and later, and are now
    the default in firmwares 5.7.
    
    The key is handled via being generic on a limit number of allowed alogrithms,
    using implementations of those from rust-crypto crates.
    
    Right now support in PIV MGM keys is for:
    
    * TripleDes (`0x03`) - The key type originally used
    * AES128 (`0x08`) - The new key type using a 128 bit key
    * AES192 (`0x0A`) - The new key type using a 192 bit key, this
        also doubles as the algorithm for firmwares 5.7 and later,
        where the default key is the same as the original TripleDes key.
    * AES256 (`0x0C`) - The new key type using a 256 bit key
    
    Suitable type aliases are provided for each of these key types.
    
    The rationale here for exposing the key as a generic type parameter is
    to largely use the original logic, but avoid scattered enums and provide
    the end user with some degree of control over the key types at compile
    time (it should, for instance be relatively easy make 3Des keys
    uncompileable).
    
    See: https://docs.yubico.com/yesdk/users-manual/application-piv/apdu/auth-mgmt.html
    GregBowyer committed Aug 6, 2024
    Copy the full SHA
    48305cc View commit details
  2. PIV: remove additional PIV MGM methods

    `Yubikey` hosts methods to do authentication with the MGM key in a one
    shot method, and via broken out methods (`get_auth_challenge` and
    `verify_auth_response`).
    
    These methods are a little hard to make work with AES or 3DES keys and
    currently have no integration tests.
    
    Rather than having duplicate logic (and subsequently duplicating error
    tests), these methods are being removed.
    GregBowyer committed Aug 6, 2024
    Copy the full SHA
    434d224 View commit details

Commits on Aug 14, 2024

  1. Fix: integration tests with untested feature, clippy (#1)

    PIV: formatting and lint improvements
    kwantam authored Aug 14, 2024

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    80a3956 View commit details
  2. Unverified

    This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
    Copy the full SHA
    b83cbd2 View commit details
  3. ensure no oob read of card response

    kwantam authored and GregBowyer committed Aug 14, 2024

    Unverified

    This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
    Copy the full SHA
    13ee1a8 View commit details

Commits on Oct 2, 2024

  1. Verified

    This commit was signed with the committer’s verified signature.
    G1gg1L3s Nazar Serhiichuk
    Copy the full SHA
    8bf3751 View commit details
  2. Verified

    This commit was signed with the committer’s verified signature.
    G1gg1L3s Nazar Serhiichuk
    Copy the full SHA
    74727eb View commit details
  3. Verified

    This commit was signed with the committer’s verified signature.
    G1gg1L3s Nazar Serhiichuk
    Copy the full SHA
    9073f2c View commit details
  4. readme: Add fork reasons

    G1gg1L3s committed Oct 2, 2024

    Verified

    This commit was signed with the committer’s verified signature.
    G1gg1L3s Nazar Serhiichuk
    Copy the full SHA
    5d9956b View commit details
Showing with 425 additions and 247 deletions.
  1. +6 −0 CHANGELOG.md
  2. +16 −0 Cargo.lock
  3. +3 −0 Cargo.toml
  4. +7 −0 README.md
  5. +5 −0 src/apdu.rs
  6. +2 −2 src/error.rs
  7. +1 −1 src/lib.rs
  8. +213 −113 src/mgm.rs
  9. +21 −10 src/piv.rs
  10. +11 −7 src/transaction.rs
  11. +32 −83 src/yubikey.rs
  12. +108 −31 tests/integration.rs
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## Unreleased

### Changed

- Metadata command returns `Error:NotFound` instead of `Error::GenericError` when the object doesn't exist ([#558]).

## 0.8.0 (2023-08-15)
### Added
- `impl Debug for {Context, YubiKey}` ([#457])
16 changes: 16 additions & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
@@ -25,6 +25,7 @@ x509-cert = { version = "0.2.5", features = [ "builder", "hazmat" ] }
[dependencies]
der = "0.7.1"
des = "0.8"
aes = { version = "0.8.4", features = ["zeroize"] }
elliptic-curve = "0.13"
hex = { package = "base16ct", version = "0.2", features = ["alloc"] }
hmac = "0.12"
@@ -48,6 +49,8 @@ subtle = "2"
uuid = { version = "1.2", features = ["v4"] }
x509-cert.workspace = true
zeroize = "1"
cipher = "0.4.4"
crypto-common = { version = "0.1.6", features = ["rand_core"] }

[dev-dependencies]
env_logger = "0.10"
7 changes: 7 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,12 @@
<img src="https://raw.githubusercontent.com/iqlusioninc/yubikey.rs/main/img/logo.png" width="150" height="110">

# Fork

This is a temporal fork to bring some of the features we need until they are merged upstream. More specifically, you can get rid of this fork when the following (or similar) features are merged:

1. It is possible to distinguish `ReferenceDataNotFound` error - https://github.com/iqlusioninc/yubikey.rs/pull/558.
2. AES management keys are supported - https://github.com/iqlusioninc/yubikey.rs/pull/578.

# yubikey.rs

[![crate][crate-image]][crate-link]
5 changes: 5 additions & 0 deletions src/apdu.rs
Original file line number Diff line number Diff line change
@@ -395,6 +395,9 @@ pub(crate) enum StatusWords {
/// Not enough memory
NoSpaceError,

/// Referenced data or reference data not found
ReferenceDataNotFoundError,

//
// Custom Yubico Status Word extensions
//
@@ -428,6 +431,7 @@ impl StatusWords {
StatusWords::IncorrectParamError => 0x6a80,
StatusWords::NotFoundError => 0x6a82,
StatusWords::NoSpaceError => 0x6a84,
StatusWords::ReferenceDataNotFoundError => 0x6a88,
StatusWords::IncorrectSlotError => 0x6b00,
StatusWords::NotSupportedError => 0x6d00,
StatusWords::CommandAbortedError => 0x6f00,
@@ -462,6 +466,7 @@ impl From<u16> for StatusWords {
0x6a80 => StatusWords::IncorrectParamError,
0x6a82 => StatusWords::NotFoundError,
0x6a84 => StatusWords::NoSpaceError,
0x6a88 => StatusWords::ReferenceDataNotFoundError,
0x6b00 => StatusWords::IncorrectSlotError,
0x6d00 => StatusWords::NotSupportedError,
0x6f00 => StatusWords::CommandAbortedError,
4 changes: 2 additions & 2 deletions src/error.rs
Original file line number Diff line number Diff line change
@@ -192,8 +192,8 @@ impl std::error::Error for Error {
}
}

impl From<x509_cert::der::Error> for Error {
fn from(_err: x509_cert::der::Error) -> Error {
impl From<der::Error> for Error {
fn from(_err: der::Error) -> Error {
Error::ParseError
}
}
2 changes: 1 addition & 1 deletion src/lib.rs
Original file line number Diff line number Diff line change
@@ -71,7 +71,7 @@ pub use crate::{
chuid::ChuId,
config::Config,
error::{Error, Result},
mgm::{MgmKey, MgmType},
mgm::{MgmKey, MgmKey3Des, MgmKeyAes128, MgmKeyAes192, MgmKeyAes256, MgmKeyAlgorithm, MgmType},
piv::Key,
policy::{PinPolicy, TouchPolicy},
reader::Context,
Loading