Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature/piv-oath-pgp #58

Merged
merged 10 commits into from
Oct 17, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 55 additions & 5 deletions .github/workflows/tests.yml
Original file line number Diff line number Diff line change
@@ -1,15 +1,63 @@
name: tests
on: [push, pull_request]
on: [push, pull_request, workflow_dispatch]
jobs:
build_opensc:
name: Build opensc package
#if: github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
steps:
- name: Cache deb files
uses: actions/cache@v3
env:
cache-name: opensc-deb
with:
path: opensc*.deb
key: ${{ runner.os }}-${{ env.cache-name }}
- name: Check file existence
id: check_deb_files
uses: andstor/file-existence-action@v1
with:
files: "opensc*.deb"
- name: Package Install
if: steps.check_deb_files.outputs.files_exists == 'false'
run: |
sudo sed -i 's/^# deb-src/deb-src/' /etc/apt/sources.list
sudo apt-get update
sudo apt-get install -q -y curl git gcc g++ cmake swig psmisc procps debian-keyring devscripts
sudo apt-get build-dep -q -y opensc
sudo rm -f /usr/bin/clang-tidy
- name: Build the package
if: steps.check_deb_files.outputs.files_exists == 'false'
run: |
dget http://archive.ubuntu.com/ubuntu/pool/universe/o/opensc/opensc_0.23.0-0.1ubuntu1.dsc
cd opensc-0.23.0
curl https://github.com/OpenSC/OpenSC/commit/a0aef25c7f2ce0ec2c7e1014f959f0fe86ff0479.diff | patch -p1
dch --local ppa~jammy --distribution jammy "Apply a patch. Backports to Jammy."
DEB_BUILD_OPTIONS='parallel=2' debuild --no-sign -b
- name: Upload package files
uses: actions/upload-artifact@v3
with:
name: opensc-deb
path: opensc*.deb



build_test:
name: Build and Test
runs-on: ubuntu-latest
needs: build_opensc
steps:
- name: Download backport OpenSC package
uses: actions/download-artifact@v3
with:
name: opensc-deb

- name: Package Install
run: |
sudo apt-add-repository ppa:yubico/stable
sudo apt-get update
sudo apt-get install -q -y git gcc g++ cmake swig psmisc procps pcscd pcsc-tools yubico-piv-tool libhidapi-dev libassuan-dev libgcrypt20-dev libksba-dev libnpth0-dev opensc openssl openssh-server libpcsclite-dev libudev-dev libcmocka-dev python3-pip python3-setuptools python3-wheel lcov yubikey-manager libcbor-dev
sudo apt-get install -q -y git gcc g++ cmake swig psmisc procps pcscd pcsc-tools yubico-piv-tool libhidapi-dev libassuan-dev libgcrypt20-dev libksba-dev libnpth0-dev libssl3 zlib1g libglib2.0-0 openssl openssh-server libpcsclite-dev libudev-dev libcmocka-dev python3-pip python3-setuptools python3-wheel lcov yubikey-manager libcbor-dev
sudo dpkg -i opensc*.deb
pip3 install --upgrade pip

- name: Set up Go 1.16
Expand Down Expand Up @@ -324,6 +372,7 @@ jobs:
- name: Test the PIV
run: |
set -o xtrace
go test -v test-via-pcsc/piv_test.go
RDID="Canokey [OpenPGP PIV OATH] 00 00"
yubico-piv-tool -r "$RDID" -a status -a set-ccc -a set-chuid -a status
opensc-tool -r "$RDID" -s '00 F8 00 00' | grep 'SW1=0x90, SW2=0x00' # PIV_INS_GET_SERIAL, Yubico
Expand All @@ -340,9 +389,10 @@ jobs:
yubico-piv-tool -r "$RDID" -a verify-pin -P 654321
yubico-piv-tool -r "$RDID" -a set-mgm-key -n F1F2F3F4F5F6F7F8F1F2F3F4F5F6F7F8F1F2F3F4F5F6F7F8
yubico-piv-tool -r "$RDID" -a set-mgm-key --key=F1F2F3F4F5F6F7F8F1F2F3F4F5F6F7F8F1F2F3F4F5F6F7F8 -n 010203040506070801020304050607080102030405060708
#export PIV_EXT_AUTH_KEY=test-via-pcsc/PIV_EXT_AUTH_KEY.txt
#piv-tool --reader "$RDID" --admin A:9B:03 # External Auth
#piv-tool --reader "$RDID" --admin M:9B:03 # Mutual Auth
export PIV_EXT_AUTH_KEY=$PWD/test-via-pcsc/PIV_EXT_AUTH_KEY.txt
# opensc 0.22.0~0.23.0 has a bug on External Auth. See opensc commit: a0aef25c7f2ce0ec2c7e1014f959f0fe86ff0479
piv-tool --reader "$RDID" --admin A:9B:03 # External Auth
piv-tool --reader "$RDID" --admin M:9B:03 # Mutual Auth
## Key generation
PIVGenKeyCert() {
key=$1
Expand Down
5 changes: 5 additions & 0 deletions applets/admin/admin.c
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@ uint8_t cfg_is_webusb_landing_enable(void) { return current_config.webusb_landin

uint8_t cfg_is_kbd_with_return_enable(void) { return current_config.kbd_with_return_en; }

uint8_t cfg_is_piv_algo_extension_enable(void) { return current_config.piv_algo_ext_en; }

void admin_poweroff(void) { pin.is_validated = 0; }

int admin_install(uint8_t reset) {
Expand Down Expand Up @@ -114,6 +116,9 @@ static int admin_config(const CAPDU *capdu, RAPDU *rapdu) {
case ADMIN_P1_CFG_KBD_WITH_RETURN:
current_config.kbd_with_return_en = P2 & 1;
break;
case ADMIN_P1_CFG_PIV_ALGO_EXT:
current_config.piv_algo_ext_en = P2 & 1;
break;
default:
EXCEPT(SW_WRONG_P1P2);
}
Expand Down
Loading
Loading