Merge pull request #209 from olcf/208-add-yubico-piv-tool-backend-for…

…-crypto-operations

Add beta yubico piv tool backend for crypto operations

libpkpass/commands/arguments.py

@@ -264,4 +264,20 @@
             "help": "verbose output (repeat for increased verbosity)",
         },
     },
+    "SCBackend": {
+        "args": ["--scbackend"],
+        "kwargs": {
+            "type": str,
+            "default": "opensc",
+            "help": "SC backend to use: opensc or yubi",
+        },
+    },
+    "PKCS11_module_path": {
+        "args": ["--PKCS11-module-path"],
+        "kwargs": {
+            "type": str,
+            "default": "/usr/local/lib/libykcs11.dylib",
+            "help": "Path to yubi PKCS11 module",
+        },
+    },
 }

libpkpass/commands/card.py

@@ -22,6 +22,7 @@ def _run_command_execution(self):
             2,
             self.args["color"],
             self.args["theme_map"],
+            self.args["SCBackend"],
         )
 
     def _validate_args(self):

libpkpass/commands/clip.py

@@ -40,6 +40,8 @@ def _run_command_execution(self):
             identity=self.iddb.id,
             passphrase=self.passphrase,
             card_slot=self.args["card_slot"],
+            SCBackend=self.args["SCBackend"],
+            PKCS11_module_path=self.args["PKCS11_module_path"],
         )
         if not self.args["noverify"]:
             result = password.verify_entry(

libpkpass/commands/command.py

@@ -73,6 +73,7 @@ def _passphrase_check(self):
                 self.args["verbosity"],
                 self.args["color"],
                 self.args["theme_map"],
+                self.args["SCBackend"],
             ):
                 LOGGER.info(mesg)
             self.passphrase = getpass.getpass("Enter Pin/Passphrase: ")
@@ -161,6 +162,8 @@ def update_pass(self, pass_value):
             card_slot=self.args["card_slot"],
             escrow_users=self.args["escrow_users"],
             minimum=self.args["min_escrow"],
+            SCBackend=self.args["SCBackend"],
+            PKCS11_module_path=self.args["PKCS11_module_path"],
         )
         pass_entry["recipients"][self.args["identity"]] = swap_pass["recipients"][
             self.args["identity"]
@@ -196,6 +199,8 @@ def create_pass(self, password1, description, authorizer, recipient_list=None):
             card_slot=self.args["card_slot"],
             escrow_users=self.args["escrow_users"],
             minimum=self.args["min_escrow"],
+            SCBackend=self.args["SCBackend"],
+            PKCS11_module_path=self.args["PKCS11_module_path"],
         )
 
         password.write_password_data(

libpkpass/commands/distribute.py

@@ -50,6 +50,8 @@ def _run_command_execution(self):
                     self.iddb.id,
                     passphrase=self.passphrase,
                     card_slot=self.args["card_slot"],
+                    SCBackend=self.args["SCBackend"],
+                    PKCS11_module_path=self.args["PKCS11_module_path"],
                 )
                 password.add_recipients(
                     secret=plaintext_pw,
@@ -60,6 +62,8 @@ def _run_command_execution(self):
                     card_slot=self.args["card_slot"],
                     escrow_users=self.args["escrow_users"],
                     minimum=self.args["min_escrow"],
+                    SCBackend=self.args["SCBackend"],
+                    PKCS11_module_path=self.args["PKCS11_module_path"],
                 )
 
                 password.write_password_data(dist_pass)

libpkpass/commands/export.py

@@ -47,6 +47,8 @@ def _iterate_pdb(self, passworddb, crypt_pass=False):
                 identity=self.iddb.id,
                 passphrase=self.passphrase,
                 card_slot=self.args["card_slot"],
+                SCBackend=self.args["SCBackend"],
+                PKCS11_module_path=self.args["PKCS11_module_path"],
             )
             password.recipients[uid]["encrypted_secret"] = plaintext_pw.encode("UTF-8")
             password.write_password_data(

libpkpass/commands/populate.py

@@ -176,6 +176,8 @@ def _decrypt_password_entry(self, password):
             identity=self.iddb.id,
             passphrase=self.passphrase,
             card_slot=self.args["card_slot"],
+            SCBackend=self.args["SCBackend"],
+            PKCS11_module_path=self.args["PKCS11_module_path"],
         )
         distributor = password.recipients[self.iddb.id["name"]]["distributor"]
         if not self.args["noverify"]:

libpkpass/commands/rename.py

@@ -43,6 +43,8 @@ def _run_command_execution(self):
                     identity=self.iddb.id,
                     passphrase=self.passphrase,
                     card_slot=self.args["card_slot"],
+                    SCBackend=self.args["SCBackend"],
+                    PKCS11_module_path=self.args["PKCS11_module_path"],
                 )
                 self._confirmation(plaintext_pw)
             else:

libpkpass/commands/show.py

@@ -75,6 +75,8 @@ def _behalf_prep(self, password):
             identity=self.iddb.id,
             passphrase=self.passphrase,
             card_slot=self.args["card_slot"],
+            SCBackend=self.args["SCBackend"],
+            PKCS11_module_path=self.args["PKCS11_module_path"],
         )
         with open(temp_key, "w", encoding="ASCII") as fname:
             fname.write(
@@ -154,6 +156,8 @@ def _decrypt_password_entry(self, password, distributor):
             identity=self.iddb.id,
             passphrase=self.passphrase,
             card_slot=self.args["card_slot"],
+            SCBackend=self.args["SCBackend"],
+            PKCS11_module_path=self.args["PKCS11_module_path"],
         )
         dist_obj = (
             self.iddb.session.query(Recipient)