feat: works with errors
This commit is contained in:
@@ -16,10 +16,9 @@ use std::fmt::Debug;
|
||||
|
||||
use tracing::instrument;
|
||||
|
||||
use native_pkcs11_traits::{Backend, KeyAlgorithm, PrivateKey, PublicKey, SignatureAlgorithm};
|
||||
use crate::piv::slot::SlotObject;
|
||||
use native_pkcs11_traits::Result as P11Result;
|
||||
|
||||
use crate::piv::util::sha1_bytes;
|
||||
use native_pkcs11_traits::{Backend, KeyAlgorithm, PrivateKey, PublicKey, SignatureAlgorithm};
|
||||
|
||||
#[derive(Debug)]
|
||||
pub enum Algorithm {
|
||||
@@ -29,41 +28,27 @@ pub enum Algorithm {
|
||||
|
||||
#[derive(Debug)]
|
||||
pub struct YubikeyPivPrivateKey {
|
||||
// sec_key: SecKey,
|
||||
label: String,
|
||||
public_key_hash: Vec<u8>,
|
||||
algorithm: KeyAlgorithm,
|
||||
pub_key: Option<YubikeyPivPublicKey>,
|
||||
slot_object: SlotObject,
|
||||
}
|
||||
|
||||
impl YubikeyPivPrivateKey {
|
||||
// #[instrument]
|
||||
// pub fn new(
|
||||
// sec_key: SecKey,
|
||||
// label: impl Into<String> + Debug,
|
||||
// pub_key: Option<YubikeyPivPublicKey>,
|
||||
// ) -> Result<Self> {
|
||||
// let label = label.into();
|
||||
// let public_key_hash = sec_key.application_label().ok_or("no application_label")?;
|
||||
// Ok(Self {
|
||||
// algorithm: sec_key_algorithm(&sec_key)?,
|
||||
// sec_key,
|
||||
// label,
|
||||
// public_key_hash,
|
||||
// pub_key,
|
||||
// })
|
||||
// }
|
||||
#[instrument]
|
||||
pub fn new(slot_object: SlotObject) -> P11Result<Self> {
|
||||
Ok(YubikeyPivPrivateKey {
|
||||
slot_object,
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
impl PrivateKey for YubikeyPivPrivateKey {
|
||||
#[instrument]
|
||||
fn public_key_hash(&self) -> Vec<u8> {
|
||||
self.public_key_hash.clone()
|
||||
self.slot_object.public_key_hash.clone()
|
||||
}
|
||||
|
||||
#[instrument]
|
||||
fn label(&self) -> String {
|
||||
self.label.clone()
|
||||
self.slot_object.label.clone()
|
||||
}
|
||||
|
||||
#[instrument]
|
||||
@@ -72,6 +57,7 @@ impl PrivateKey for YubikeyPivPrivateKey {
|
||||
algorithm: &SignatureAlgorithm,
|
||||
data: &[u8],
|
||||
) -> P11Result<Vec<u8>> {
|
||||
println!(">> CALL: sign");
|
||||
match algorithm {
|
||||
SignatureAlgorithm::Ecdsa => {}
|
||||
_ => return Err("RSA algorithm not supported.")?,
|
||||
@@ -82,12 +68,12 @@ impl PrivateKey for YubikeyPivPrivateKey {
|
||||
|
||||
#[instrument]
|
||||
fn delete(&self) {
|
||||
// yubikey-piv-pkcs11 just cannot delete private key
|
||||
// TODO ... yubikey-piv-pkcs11 just cannot delete private key
|
||||
}
|
||||
|
||||
#[instrument]
|
||||
fn algorithm(&self) -> KeyAlgorithm {
|
||||
self.algorithm
|
||||
self.slot_object.algorithm
|
||||
}
|
||||
|
||||
fn find_public_key(
|
||||
@@ -101,54 +87,32 @@ impl PrivateKey for YubikeyPivPrivateKey {
|
||||
|
||||
#[derive(Debug, Clone)]
|
||||
pub struct YubikeyPivPublicKey {
|
||||
// pub sec_key: SecKey,
|
||||
pub label: String,
|
||||
der: Vec<u8>,
|
||||
public_key_hash: Vec<u8>,
|
||||
algorithm: KeyAlgorithm,
|
||||
slot_object: SlotObject,
|
||||
}
|
||||
|
||||
impl YubikeyPivPublicKey {
|
||||
#[instrument]
|
||||
pub fn new(label: String, algorithm: KeyAlgorithm, public_key_der: Vec<u8>) -> P11Result<Self> {
|
||||
let public_key_hash = sha1_bytes(&public_key_der);
|
||||
Ok(Self {
|
||||
label,
|
||||
der: public_key_der,
|
||||
public_key_hash,
|
||||
algorithm,
|
||||
pub fn new(slot_object: SlotObject) -> P11Result<Self> {
|
||||
Ok(YubikeyPivPublicKey {
|
||||
slot_object,
|
||||
})
|
||||
}
|
||||
// #[instrument]
|
||||
// pub fn new(sec_key: SecKey, label: impl Into<String> + Debug) -> Result<Self> {
|
||||
// let der = sec_key
|
||||
// .external_representation()
|
||||
// .ok_or("no external representation")?;
|
||||
// let key_ty = sec_key_algorithm(&sec_key)?;
|
||||
// Ok(Self {
|
||||
// public_key_hash: sec_key.application_label().ok_or("no application_label")?,
|
||||
// sec_key,
|
||||
// label: label.into(),
|
||||
// der: der.to_vec(),
|
||||
// algorithm: key_ty,
|
||||
// })
|
||||
// }
|
||||
}
|
||||
|
||||
impl PublicKey for YubikeyPivPublicKey {
|
||||
#[instrument]
|
||||
fn public_key_hash(&self) -> Vec<u8> {
|
||||
self.public_key_hash.clone()
|
||||
self.slot_object.public_key_hash.clone()
|
||||
}
|
||||
|
||||
#[instrument]
|
||||
fn label(&self) -> String {
|
||||
self.label.clone()
|
||||
self.slot_object.label.clone()
|
||||
}
|
||||
|
||||
#[instrument]
|
||||
fn to_der(&self) -> Vec<u8> {
|
||||
self.der.clone()
|
||||
self.slot_object.public_key_der.clone()
|
||||
}
|
||||
|
||||
#[instrument]
|
||||
@@ -158,6 +122,7 @@ impl PublicKey for YubikeyPivPublicKey {
|
||||
data: &[u8],
|
||||
signature: &[u8],
|
||||
) -> P11Result<()> {
|
||||
println!(">> CALL: verify");
|
||||
match algorithm {
|
||||
SignatureAlgorithm::Ecdsa => {}
|
||||
_ => return Err("RSA algorithm not supported.")?,
|
||||
@@ -175,6 +140,6 @@ impl PublicKey for YubikeyPivPublicKey {
|
||||
}
|
||||
|
||||
fn algorithm(&self) -> KeyAlgorithm {
|
||||
self.algorithm
|
||||
self.slot_object.algorithm
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user