PIV: Prevent import of unsupported keys

This commit is contained in:
Dain Nilsson 2024-02-12 14:33:08 +01:00
parent f03054886e
commit 5f476b612d
No known key found for this signature in database
GPG Key ID: F04367096FBA95E8
8 changed files with 173 additions and 118 deletions

View File

@ -479,6 +479,7 @@
"l_import_nothing": null,
"l_importing_file": null,
"s_file_imported": null,
"l_unsupported_key_type": null,
"l_delete_certificate": null,
"l_delete_certificate_desc": null,
"s_issuer": null,

View File

@ -479,6 +479,7 @@
"l_import_nothing": "Nothing to import",
"l_importing_file": "Importing file\u2026",
"s_file_imported": "File imported",
"l_unsupported_key_type": "Unsupported key type",
"l_delete_certificate": "Delete certificate",
"l_delete_certificate_desc": "Remove the certificate from your YubiKey",
"s_issuer": "Issuer",

View File

@ -479,6 +479,7 @@
"l_import_nothing": null,
"l_importing_file": "Importation d'un fichier\u2026",
"s_file_imported": "Fichier importé",
"l_unsupported_key_type": null,
"l_delete_certificate": "Supprimer un certificat",
"l_delete_certificate_desc": "Supprimer un certificat de votre YubiKey",
"s_issuer": "Émetteur",

View File

@ -479,6 +479,7 @@
"l_import_nothing": null,
"l_importing_file": "ファイルのインポート中\u2026",
"s_file_imported": "ファイル をインポートしました",
"l_unsupported_key_type": null,
"l_delete_certificate": "証明書を削除",
"l_delete_certificate_desc": "YubiKeyか証明書の削除",
"s_issuer": "発行者",

View File

@ -479,6 +479,7 @@
"l_import_nothing": null,
"l_importing_file": "Importowanie pliku\u2026",
"s_file_imported": "Plik został zaimportowany",
"l_unsupported_key_type": null,
"l_delete_certificate": "Usuń certyfikat",
"l_delete_certificate_desc": "Usuń certyfikat z klucza YubiKey",
"s_issuer": "Wydawca",

View File

@ -30,6 +30,7 @@ import '../keys.dart' as keys;
import '../models.dart';
import '../state.dart';
import 'overwrite_confirm_dialog.dart';
import 'utils.dart';
class GenerateKeyDialog extends ConsumerStatefulWidget {
final DevicePath devicePath;
@ -65,19 +66,6 @@ class _GenerateKeyDialogState extends ConsumerState<GenerateKeyDialog> {
_validToMax = DateTime.utc(now.year + 10, now.month, now.day);
}
List<KeyType> _getSupportedKeyTypes(bool isFips) => [
if (!isFips) KeyType.rsa1024,
KeyType.rsa2048,
if (widget.pivState.version.isAtLeast(5, 7)) ...[
KeyType.rsa3072,
KeyType.rsa4096,
KeyType.ed25519,
if (!isFips) KeyType.x25519,
],
KeyType.eccp256,
KeyType.eccp384,
];
@override
Widget build(BuildContext context) {
final l10n = AppLocalizations.of(context)!;
@ -202,7 +190,8 @@ class _GenerateKeyDialogState extends ConsumerState<GenerateKeyDialog> {
runSpacing: 8.0,
children: [
ChoiceFilterChip<KeyType>(
items: _getSupportedKeyTypes(isFips),
items:
getSupportedKeyTypes(widget.pivState.version, isFips),
value: _keyType,
selected: _keyType != defaultKeyType,
itemBuilder: (value) => Text(value.getDisplayName(l10n)),

View File

@ -31,6 +31,7 @@ import '../models.dart';
import '../state.dart';
import 'cert_info_view.dart';
import 'overwrite_confirm_dialog.dart';
import 'utils.dart';
class ImportFileDialog extends ConsumerStatefulWidget {
final DevicePath devicePath;
@ -86,10 +87,13 @@ class _ImportFileDialogState extends ConsumerState<ImportFileDialog> {
Widget build(BuildContext context) {
final l10n = AppLocalizations.of(context)!;
final textTheme = Theme.of(context).textTheme;
final colorScheme = Theme.of(context).colorScheme;
// This is what ListTile uses for subtitle
final subtitleStyle = textTheme.bodyMedium!.copyWith(
color: Theme.of(context).colorScheme.onSurfaceVariant,
color: colorScheme.onSurfaceVariant,
);
// This is what TextInput errors look like
final errorStyle = textTheme.labelLarge!.copyWith(color: colorScheme.error);
final state = _state;
if (state == null) {
return ResponsiveDialog(
@ -166,116 +170,142 @@ class _ImportFileDialogState extends ConsumerState<ImportFileDialog> {
),
),
),
result: (_, keyType, certInfo) => ResponsiveDialog(
title: Text(l10n.l_import_file),
actions: [
TextButton(
key: keys.unlockButton,
onPressed: (keyType == null && certInfo == null) || _importing
? null
: () async {
final withContext = ref.read(withContextProvider);
result: (_, keyType, certInfo) {
final isFips =
ref.watch(currentDeviceDataProvider).valueOrNull?.info.isFips ??
false;
final unsupportedKey = keyType != null &&
!getSupportedKeyTypes(widget.pivState.version, isFips)
.contains(keyType);
return ResponsiveDialog(
title: Text(l10n.l_import_file),
actions: [
TextButton(
key: keys.unlockButton,
onPressed: (keyType == null && certInfo == null) ||
_importing ||
unsupportedKey
? null
: () async {
final withContext = ref.read(withContextProvider);
if (!await confirmOverwrite(
context,
widget.pivSlot,
writeKey: keyType != null,
writeCert: certInfo != null,
)) {
return;
}
if (!await confirmOverwrite(
context,
widget.pivSlot,
writeKey: keyType != null,
writeCert: certInfo != null,
)) {
return;
}
setState(() {
_importing = true;
});
void Function()? close;
try {
close = await withContext<void Function()>(
(context) async => showMessage(
context,
l10n.l_importing_file,
duration: const Duration(seconds: 30),
));
await ref
.read(pivSlotsProvider(widget.devicePath).notifier)
.import(widget.pivSlot.slot, _data,
password:
_password.isNotEmpty ? _password : null);
await withContext(
(context) async {
Navigator.of(context).pop(true);
showMessage(context, l10n.s_file_imported);
},
);
} catch (err) {
// TODO: More error cases
setState(() {
_passwordIsWrong = true;
_importing = false;
_importing = true;
});
} finally {
close?.call();
}
},
child: Text(l10n.s_import),
),
],
child: Padding(
padding: const EdgeInsets.symmetric(horizontal: 18.0),
child: Column(
crossAxisAlignment: CrossAxisAlignment.start,
children: [
Text(l10n.p_import_items_desc(
widget.pivSlot.slot.getDisplayName(l10n))),
if (keyType == null && certInfo == null) ...[
Text(
l10n.l_import_nothing,
style: subtitleStyle,
softWrap: true,
textAlign: TextAlign.center,
),
],
if (keyType != null) ...[
Text(
l10n.s_private_key,
style: textTheme.bodyLarge,
softWrap: true,
textAlign: TextAlign.center,
),
Row(
mainAxisSize: MainAxisSize.min,
children: [
Text(l10n.s_algorithm),
const SizedBox(width: 8),
Text(
keyType.name.toUpperCase(),
style: subtitleStyle,
void Function()? close;
try {
close = await withContext<void Function()>(
(context) async => showMessage(
context,
l10n.l_importing_file,
duration: const Duration(seconds: 30),
));
await ref
.read(pivSlotsProvider(widget.devicePath).notifier)
.import(widget.pivSlot.slot, _data,
password:
_password.isNotEmpty ? _password : null);
await withContext(
(context) async {
Navigator.of(context).pop(true);
showMessage(context, l10n.s_file_imported);
},
);
} catch (err) {
// TODO: More error cases
setState(() {
_passwordIsWrong = true;
_importing = false;
});
} finally {
close?.call();
}
},
child: Text(l10n.s_import),
),
],
child: Padding(
padding: const EdgeInsets.symmetric(horizontal: 18.0),
child: Column(
crossAxisAlignment: CrossAxisAlignment.start,
children: [
Text(l10n.p_import_items_desc(
widget.pivSlot.slot.getDisplayName(l10n))),
if (keyType == null && certInfo == null) ...[
Row(
children: [
Icon(Icons.error, color: colorScheme.error),
const SizedBox(width: 8),
Text(
l10n.l_import_nothing,
style: errorStyle,
),
],
),
],
if (keyType != null) ...[
Text(
l10n.s_private_key,
style: textTheme.bodyLarge,
softWrap: true,
textAlign: TextAlign.center,
),
Row(
mainAxisSize: MainAxisSize.min,
children: [
Text(l10n.s_algorithm),
const SizedBox(width: 8),
Text(
keyType.name.toUpperCase(),
style: subtitleStyle,
),
],
),
if (unsupportedKey)
Row(
children: [
Icon(Icons.error, color: colorScheme.error),
const SizedBox(width: 8),
Text(
l10n.l_unsupported_key_type,
style: errorStyle,
),
],
),
],
)
],
if (certInfo != null) ...[
Text(
l10n.s_certificate,
style: textTheme.bodyLarge,
softWrap: true,
textAlign: TextAlign.center,
),
SizedBox(
height: 140, // Needed for layout, adapt if text sizes changes
child: CertInfoTable(certInfo, null),
),
],
if (certInfo != null) ...[
Text(
l10n.s_certificate,
style: textTheme.bodyLarge,
softWrap: true,
textAlign: TextAlign.center,
),
SizedBox(
height:
140, // Needed for layout, adapt if text sizes changes
child: CertInfoTable(certInfo, null),
),
]
]
]
.map((e) => Padding(
padding: const EdgeInsets.symmetric(vertical: 8.0),
child: e,
))
.toList(),
.map((e) => Padding(
padding: const EdgeInsets.symmetric(vertical: 8.0),
child: e,
))
.toList(),
),
),
),
),
);
},
);
}
}

31
lib/piv/views/utils.dart Normal file
View File

@ -0,0 +1,31 @@
/*
* Copyright (C) 2024 Yubico.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import '../../core/models.dart';
import '../models.dart';
List<KeyType> getSupportedKeyTypes(Version version, bool isFips) => [
if (!isFips) KeyType.rsa1024,
KeyType.rsa2048,
if (version.isAtLeast(5, 7)) ...[
KeyType.rsa3072,
KeyType.rsa4096,
KeyType.ed25519,
if (!isFips) KeyType.x25519,
],
KeyType.eccp256,
KeyType.eccp384,
];