- Generated by
1.16.1
|
CDC Badge OS
Firmware for the CDC Badge v1.0 hardware security key
|
#include "mod_gpg/gpg.h"#include "mod_gpg/GpgStorage.h"#include "mod_gpg/openpgp/openpgp.h"#include "mod_gpg/openpgp/constants.h"#include "ecdh.h"#include "openpgp/fingerprint.h"#include "cdc_core/KeyFingerprint.h"#include "cdc_hal/ISecureElement.h"#include "cdc_log.h"#include <mbedtls/sha1.h>#include <mbedtls/base64.h>#include <mbedtls/platform_util.h>#include <cstring>#include <ctime>Go to the source code of this file.
Functions | |
| bool | gpg_init (void) |
| Initializes the GPG module bookkeeping. | |
| bool | gpg_is_initialized (void) |
| Reports whether at least one OpenPGP key role has a configured fingerprint on the card. | |
| bool | gpg_get_status (gpg_status_t *status) |
Fills status from the OpenPGP card-application state. | |
| bool | gpg_set_pending_user_id (const char *user_id) |
| Stages a user-id string for the next on-device key generation. The string is forwarded to OpenpgpNvsState::cardholder_name during gpg_generate_key() so that gpg –card-status sees it. | |
| bool | gpg_has_pending_user_id (void) |
| Returns whether a user-id was staged via gpg_set_pending_user_id(). | |
| bool | gpg_generate_key (uint8_t curve) |
| Generates SIG / DEC / AUT keys on the device and announces them to the OpenPGP card application (fingerprints, gen-time, cardholder name). | |
| bool | gpg_reset (void) |
| Factory-resets all GPG key material and metadata. | |
| bool | gpg_export_pubkey_pem (char *buf, size_t size, size_t *out_len) |
| Renders the current SIG public key as a SubjectPublicKeyInfo PEM. The key is read straight from the secure element. | |
| bool | gpg_alchemy_fingerprint (char *buf, size_t len) |
| Writes the alchemical-word fingerprint of the SIG public key. | |
| bool gpg_alchemy_fingerprint | ( | char * | buf, |
| size_t | len ) |
Writes the alchemical-word fingerprint of the SIG public key.
Reads the current SIG key from the secure element, derives a SHA-256, and encodes the first 25 bits as five space-separated words from the shared 32-word alchemy table. Intended for visual comparison between two devices.
| buf | Output buffer; must be at least KEY_FINGERPRINT_MAX_LEN bytes. |
| len | Capacity of buf. |
Definition at line 319 of file gpg.cpp.
References gpg_storage_sig_slot(), key_fingerprint_generate(), and KEY_FINGERPRINT_MAX_LEN.
Referenced by cdc::mod_gpg::showExport().
| bool gpg_export_pubkey_pem | ( | char * | buf, |
| size_t | size, | ||
| size_t * | out_len ) |
Renders the current SIG public key as a SubjectPublicKeyInfo PEM. The key is read straight from the secure element.
Definition at line 233 of file gpg.cpp.
References CDC_CURVE_ED25519, CDC_CURVE_P256, curve, cdc::hal::ED25519, cdc::hal::getSecureElementInstance(), gpg_storage_ready(), gpg_storage_sig_slot(), LOG_W, cdc::hal::OK, openpgp_has_any_key(), cdc::hal::P256, P256_PUBKEY_SIZE, and TAG.
Referenced by cdc::mod_gpg::cmd_gpg_export(), and cdc::mod_gpg::showExport().
| bool gpg_generate_key | ( | uint8_t | curve | ) |
Generates SIG / DEC / AUT keys on the device and announces them to the OpenPGP card application (fingerprints, gen-time, cardholder name).
Used by the on-device wizard. The host-side gpg --card-edit -> generate path goes through CCID and bypasses this function entirely.
Definition at line 132 of file gpg.cpp.
References CDC_CURVE_P256, curve, ecdh_p256_generate_keypair(), cdc::hal::getSecureElementInstance(), GPG_FINGERPRINT_LEN, gpg_has_pending_user_id(), gpg_storage_aut_slot(), gpg_storage_dec_slot(), gpg_storage_ready(), gpg_storage_save_dec_privkey(), gpg_storage_sig_slot(), KEY_AUT, KEY_DEC, KEY_SIG, LOG_E, LOG_I, openpgp_has_any_key(), openpgp_set_cardholder_name(), openpgp_set_key_fingerprint(), P256_PRIVKEY_SIZE, P256_PUBKEY_SIZE, and TAG.
Referenced by cdc::mod_gpg::cmd_gpg_generate(), and cdc::mod_gpg::onWizardCurve().
| bool gpg_get_status | ( | gpg_status_t * | status | ) |
Fills status from the OpenPGP card-application state.
Definition at line 95 of file gpg.cpp.
References CDC_CURVE_ED25519, GPG_FINGERPRINT_LEN, GPG_USER_ID_MAX, KEY_SIG, name, openpgp_get_cardholder_name(), openpgp_get_fingerprint(), openpgp_get_gen_time(), openpgp_get_sig_count(), and openpgp_has_any_key().
Referenced by cdc::mod_gpg::cmd_gpg_status(), cdc::mod_gpg::gpgBuildSignedKeyArmored(), cdc::mod_gpg::gpgCrossSign(), cdc::mod_gpg::showExport(), and cdc::mod_gpg::showStatus().
| bool gpg_has_pending_user_id | ( | void | ) |
Returns whether a user-id was staged via gpg_set_pending_user_id().
Definition at line 128 of file gpg.cpp.
Referenced by gpg_generate_key().
| bool gpg_init | ( | void | ) |
Initializes the GPG module bookkeeping.
No persistent state is loaded here: the OpenPGP card application owns the canonical state in its own NVS blob (see openpgp.h) and the device-UI reads straight from there.
Definition at line 86 of file gpg.cpp.
References gpg_storage_ready().
Referenced by openpgp_init().
| bool gpg_is_initialized | ( | void | ) |
Reports whether at least one OpenPGP key role has a configured fingerprint on the card.
Definition at line 91 of file gpg.cpp.
References openpgp_has_any_key().
| bool gpg_reset | ( | void | ) |
Factory-resets all GPG key material and metadata.
Wipes ECC slots, the wrapped DEC private key, the NVS-resident OpenPGP state (fingerprints, gen-times, counter, cardholder, RC) and the PINs.
Definition at line 224 of file gpg.cpp.
References gpg_storage_ready(), and openpgp_factory_reset().
Referenced by cdc::mod_gpg::cmd_gpg_reset(), and cdc::mod_gpg::onResetConfirm().
| bool gpg_set_pending_user_id | ( | const char * | user_id | ) |
Stages a user-id string for the next on-device key generation. The string is forwarded to OpenpgpNvsState::cardholder_name during gpg_generate_key() so that gpg –card-status sees it.
Definition at line 121 of file gpg.cpp.
References user_id.
Referenced by cdc::mod_gpg::cmd_gpg_generate(), and cdc::mod_gpg::onWizardCurve().
1.16.1