146 lines
3.4 KiB
Rust
146 lines
3.4 KiB
Rust
// Copyright 2022 Google LLC
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
use std::fmt::Debug;
|
|
|
|
use tracing::instrument;
|
|
|
|
use crate::piv::slot::SlotObject;
|
|
use native_pkcs11_traits::Result as P11Result;
|
|
use native_pkcs11_traits::{Backend, KeyAlgorithm, PrivateKey, PublicKey, SignatureAlgorithm};
|
|
|
|
#[derive(Debug)]
|
|
pub enum Algorithm {
|
|
RSA,
|
|
ECC,
|
|
}
|
|
|
|
#[derive(Debug)]
|
|
pub struct YubikeyPivPrivateKey {
|
|
slot_object: SlotObject,
|
|
}
|
|
|
|
impl YubikeyPivPrivateKey {
|
|
#[instrument]
|
|
pub fn new(slot_object: SlotObject) -> P11Result<Self> {
|
|
Ok(YubikeyPivPrivateKey {
|
|
slot_object,
|
|
})
|
|
}
|
|
}
|
|
|
|
impl PrivateKey for YubikeyPivPrivateKey {
|
|
#[instrument]
|
|
fn public_key_hash(&self) -> Vec<u8> {
|
|
self.slot_object.public_key_hash.clone()
|
|
}
|
|
|
|
#[instrument]
|
|
fn label(&self) -> String {
|
|
self.slot_object.label.clone()
|
|
}
|
|
|
|
#[instrument]
|
|
fn sign(
|
|
&self,
|
|
algorithm: &SignatureAlgorithm,
|
|
data: &[u8],
|
|
) -> P11Result<Vec<u8>> {
|
|
println!(">> CALL: sign");
|
|
match algorithm {
|
|
SignatureAlgorithm::Ecdsa => {}
|
|
_ => return Err("RSA algorithm not supported.")?,
|
|
}
|
|
// TODO sign data or hash??
|
|
Ok(vec![])
|
|
}
|
|
|
|
#[instrument]
|
|
fn delete(&self) {
|
|
// TODO ... yubikey-piv-pkcs11 just cannot delete private key
|
|
}
|
|
|
|
#[instrument]
|
|
fn algorithm(&self) -> KeyAlgorithm {
|
|
self.slot_object.algorithm
|
|
}
|
|
|
|
fn find_public_key(
|
|
&self,
|
|
_backend: &dyn Backend,
|
|
) -> P11Result<Option<Box<dyn PublicKey>>> {
|
|
// TODO ...
|
|
Ok(None)
|
|
}
|
|
}
|
|
|
|
#[derive(Debug, Clone)]
|
|
pub struct YubikeyPivPublicKey {
|
|
slot_object: SlotObject,
|
|
}
|
|
|
|
impl YubikeyPivPublicKey {
|
|
#[instrument]
|
|
pub fn new(slot_object: SlotObject) -> P11Result<Self> {
|
|
Ok(YubikeyPivPublicKey {
|
|
slot_object,
|
|
})
|
|
}
|
|
}
|
|
|
|
impl PublicKey for YubikeyPivPublicKey {
|
|
#[instrument]
|
|
fn public_key_hash(&self) -> Vec<u8> {
|
|
self.slot_object.public_key_hash.clone()
|
|
}
|
|
|
|
#[instrument]
|
|
fn label(&self) -> String {
|
|
self.slot_object.label.clone()
|
|
}
|
|
|
|
#[instrument]
|
|
fn to_der(&self) -> Vec<u8> {
|
|
self.slot_object.public_key_der.clone()
|
|
}
|
|
|
|
#[instrument]
|
|
fn verify(
|
|
&self,
|
|
algorithm: &SignatureAlgorithm,
|
|
data: &[u8],
|
|
signature: &[u8],
|
|
) -> P11Result<()> {
|
|
println!(">> CALL: verify");
|
|
match algorithm {
|
|
SignatureAlgorithm::Ecdsa => {}
|
|
_ => return Err("RSA algorithm not supported.")?,
|
|
}
|
|
// let result = self.sec_key.verify_signature(algorithm, data, signature)?;
|
|
// if !result {
|
|
// return Err("verify failed")?;
|
|
// }
|
|
// TODO ...
|
|
Ok(())
|
|
}
|
|
|
|
fn delete(self: Box<Self>) {
|
|
// yubikey-piv-pkcs11 just cannot delete public key
|
|
}
|
|
|
|
fn algorithm(&self) -> KeyAlgorithm {
|
|
self.slot_object.algorithm
|
|
}
|
|
}
|