Finish eliminating consts module
Either moves constants into their relevant modules, or puts the remaining ones into `lib.rs`
This commit is contained in:
+10
-2
@@ -31,13 +31,12 @@
|
||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
use crate::{
|
||||
consts::*,
|
||||
error::Error,
|
||||
key::{AlgorithmId, SlotId},
|
||||
serialization::*,
|
||||
transaction::Transaction,
|
||||
yubikey::YubiKey,
|
||||
Buffer,
|
||||
Buffer, CB_OBJ_TAG_MIN,
|
||||
};
|
||||
use elliptic_curve::weierstrass::{
|
||||
curve::{NistP256, NistP384},
|
||||
@@ -49,6 +48,9 @@ use std::fmt;
|
||||
use x509_parser::{parse_x509_der, x509::SubjectPublicKeyInfo};
|
||||
use zeroize::Zeroizing;
|
||||
|
||||
#[cfg(feature = "untested")]
|
||||
use crate::CB_OBJ_MAX;
|
||||
|
||||
// TODO: Make these der_parser::oid::Oid constants when it has const fn support.
|
||||
const OID_RSA_ENCRYPTION: &str = "1.2.840.113549.1.1.1";
|
||||
const OID_EC_PUBLIC_KEY: &str = "1.2.840.10045.2.1";
|
||||
@@ -60,6 +62,12 @@ const CERTINFO_UNCOMPRESSED: u8 = 0;
|
||||
#[cfg(feature = "untested")]
|
||||
const CERTINFO_GZIP: u8 = 1;
|
||||
|
||||
const TAG_CERT: u8 = 0x70;
|
||||
#[cfg(feature = "untested")]
|
||||
const TAG_CERT_COMPRESS: u8 = 0x71;
|
||||
#[cfg(feature = "untested")]
|
||||
const TAG_CERT_LRC: u8 = 0xFE;
|
||||
|
||||
/// Information about a public key within a [`Certificate`].
|
||||
#[derive(Clone, Eq, PartialEq)]
|
||||
pub enum PublicKeyInfo {
|
||||
|
||||
+8
-1
@@ -30,7 +30,14 @@
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
use crate::{consts::*, error::Error, metadata, mgm::MgmType, yubikey::YubiKey};
|
||||
use crate::{
|
||||
error::Error,
|
||||
metadata,
|
||||
mgm::{MgmType, ADMIN_FLAGS_1_PROTECTED_MGM},
|
||||
yubikey::{YubiKey, ADMIN_FLAGS_1_PUK_BLOCKED},
|
||||
TAG_ADMIN, TAG_ADMIN_FLAGS_1, TAG_ADMIN_SALT, TAG_ADMIN_TIMESTAMP, TAG_PROTECTED,
|
||||
TAG_PROTECTED_FLAGS_1, TAG_PROTECTED_MGM,
|
||||
};
|
||||
use log::error;
|
||||
use std::{
|
||||
convert::TryInto,
|
||||
|
||||
@@ -35,29 +35,7 @@
|
||||
#![allow(missing_docs, non_upper_case_globals)]
|
||||
#![cfg_attr(not(feature = "untested"), allow(dead_code))]
|
||||
|
||||
pub const ADMIN_FLAGS_1_PUK_BLOCKED: u8 = 0x01;
|
||||
pub const ADMIN_FLAGS_1_PROTECTED_MGM: u8 = 0x02;
|
||||
|
||||
pub const CB_BUF_MAX: usize = 3072;
|
||||
|
||||
pub const CB_OBJ_MAX: usize = CB_BUF_MAX - 9;
|
||||
pub const CB_OBJ_TAG_MIN: usize = 2; // 1 byte tag + 1 byte len
|
||||
pub const CB_OBJ_TAG_MAX: usize = (CB_OBJ_TAG_MIN + 2); // 1 byte tag + 3 bytes len
|
||||
|
||||
pub const TAG_CERT: u8 = 0x70;
|
||||
pub const TAG_CERT_COMPRESS: u8 = 0x71;
|
||||
pub const TAG_CERT_LRC: u8 = 0xFE;
|
||||
pub const TAG_ADMIN: u8 = 0x80;
|
||||
pub const TAG_ADMIN_FLAGS_1: u8 = 0x81;
|
||||
pub const TAG_ADMIN_SALT: u8 = 0x82;
|
||||
pub const TAG_ADMIN_TIMESTAMP: u8 = 0x83;
|
||||
pub const TAG_PROTECTED: u8 = 0x88;
|
||||
pub const TAG_PROTECTED_FLAGS_1: u8 = 0x81;
|
||||
pub const TAG_PROTECTED_MGM: u8 = 0x89;
|
||||
pub const TAG_MSCMAP: u8 = 0x81;
|
||||
pub const TAG_MSROOTS_END: u8 = 0x82;
|
||||
pub const TAG_MSROOTS_MID: u8 = 0x83;
|
||||
|
||||
pub const TAG_RSA_MODULUS: u8 = 0x81;
|
||||
pub const TAG_RSA_EXP: u8 = 0x82;
|
||||
pub const TAG_ECC_POINT: u8 = 0x86;
|
||||
|
||||
+5
-1
@@ -33,7 +33,9 @@
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
use crate::{consts::*, error::Error, key::SlotId, serialization::*, yubikey::YubiKey};
|
||||
use crate::{
|
||||
error::Error, key::SlotId, serialization::*, yubikey::YubiKey, CB_OBJ_MAX, CB_OBJ_TAG_MIN,
|
||||
};
|
||||
use log::error;
|
||||
use std::{
|
||||
convert::{TryFrom, TryInto},
|
||||
@@ -48,6 +50,8 @@ const CONTAINER_REC_LEN: usize = (2 * CONTAINER_NAME_LEN) + 27;
|
||||
|
||||
const OBJ_MSCMAP: u32 = 0x005f_ff10;
|
||||
|
||||
const TAG_MSCMAP: u8 = 0x81;
|
||||
|
||||
/// MS Container Map(?) Records
|
||||
#[derive(Copy, Clone)]
|
||||
pub struct Container {
|
||||
|
||||
+8
-2
@@ -49,10 +49,9 @@ use std::convert::TryFrom;
|
||||
#[cfg(feature = "untested")]
|
||||
use crate::{
|
||||
apdu::{Ins, StatusWords},
|
||||
consts::*,
|
||||
policy::{PinPolicy, TouchPolicy},
|
||||
serialization::*,
|
||||
settings, Buffer,
|
||||
settings, Buffer, CB_OBJ_MAX,
|
||||
};
|
||||
#[cfg(feature = "untested")]
|
||||
use log::{error, warn};
|
||||
@@ -64,6 +63,13 @@ const CB_ECC_POINTP256: usize = 65;
|
||||
#[cfg(feature = "untested")]
|
||||
const CB_ECC_POINTP384: usize = 97;
|
||||
|
||||
#[cfg(feature = "untested")]
|
||||
const TAG_RSA_MODULUS: u8 = 0x81;
|
||||
#[cfg(feature = "untested")]
|
||||
const TAG_RSA_EXP: u8 = 0x82;
|
||||
#[cfg(feature = "untested")]
|
||||
const TAG_ECC_POINT: u8 = 0x86;
|
||||
|
||||
/// Slot identifiers.
|
||||
/// <https://developers.yubico.com/PIV/Introduction/Certificate_slots.html>
|
||||
#[derive(Clone, Copy, Debug, PartialEq)]
|
||||
|
||||
+29
-1
@@ -140,7 +140,6 @@ pub mod cccid;
|
||||
pub mod certificate;
|
||||
pub mod chuid;
|
||||
pub mod config;
|
||||
mod consts;
|
||||
#[cfg(feature = "untested")]
|
||||
pub mod container;
|
||||
pub mod error;
|
||||
@@ -164,3 +163,32 @@ pub type ObjectId = u32;
|
||||
|
||||
/// Buffer type (self-zeroizing byte vector)
|
||||
pub(crate) type Buffer = zeroize::Zeroizing<Vec<u8>>;
|
||||
|
||||
/// YubiKey max buffer size
|
||||
pub(crate) const CB_BUF_MAX: usize = 3072;
|
||||
|
||||
/// YubiKey max object size
|
||||
#[cfg(feature = "untested")]
|
||||
pub(crate) const CB_OBJ_MAX: usize = CB_BUF_MAX - 9;
|
||||
pub(crate) const CB_OBJ_TAG_MIN: usize = 2; // 1 byte tag + 1 byte len
|
||||
#[cfg(feature = "untested")]
|
||||
pub(crate) const CB_OBJ_TAG_MAX: usize = (CB_OBJ_TAG_MIN + 2); // 1 byte tag + 3 bytes len
|
||||
|
||||
pub(crate) const TAG_ADMIN: u8 = 0x80;
|
||||
pub(crate) const TAG_ADMIN_FLAGS_1: u8 = 0x81;
|
||||
pub(crate) const TAG_ADMIN_SALT: u8 = 0x82;
|
||||
pub(crate) const TAG_ADMIN_TIMESTAMP: u8 = 0x83;
|
||||
pub(crate) const TAG_PROTECTED: u8 = 0x88;
|
||||
pub(crate) const TAG_PROTECTED_FLAGS_1: u8 = 0x81;
|
||||
pub(crate) const TAG_PROTECTED_MGM: u8 = 0x89;
|
||||
|
||||
/// PIV Applet ID
|
||||
pub(crate) const PIV_AID: [u8; 5] = [0xa0, 0x00, 0x00, 0x03, 0x08];
|
||||
|
||||
/// MGMT Applet ID.
|
||||
/// <https://developers.yubico.com/PIV/Introduction/Admin_access.html>
|
||||
#[cfg(feature = "untested")]
|
||||
pub(crate) const MGMT_AID: [u8; 8] = [0xa0, 0x00, 0x00, 0x05, 0x27, 0x47, 0x11, 0x17];
|
||||
|
||||
/// YubiKey OTP Applet ID. Needed to query serial on YK4.
|
||||
pub(crate) const YK_AID: [u8; 8] = [0xa0, 0x00, 0x00, 0x05, 0x27, 0x20, 0x01, 0x01];
|
||||
|
||||
+7
-1
@@ -30,7 +30,13 @@
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
use crate::{consts::*, error::Error, serialization::*, transaction::Transaction, Buffer};
|
||||
use crate::{
|
||||
error::Error, serialization::*, transaction::Transaction, Buffer, CB_OBJ_TAG_MIN, TAG_ADMIN,
|
||||
TAG_PROTECTED,
|
||||
};
|
||||
|
||||
#[cfg(feature = "untested")]
|
||||
use crate::{CB_OBJ_MAX, CB_OBJ_TAG_MAX};
|
||||
|
||||
#[cfg(feature = "untested")]
|
||||
use zeroize::Zeroizing;
|
||||
|
||||
+6
-1
@@ -37,7 +37,10 @@ use std::convert::{TryFrom, TryInto};
|
||||
use zeroize::{Zeroize, Zeroizing};
|
||||
|
||||
#[cfg(feature = "untested")]
|
||||
use crate::{consts::*, metadata, yubikey::YubiKey};
|
||||
use crate::{
|
||||
metadata, yubikey::YubiKey, CB_BUF_MAX, CB_OBJ_MAX, TAG_ADMIN, TAG_ADMIN_FLAGS_1,
|
||||
TAG_ADMIN_SALT, TAG_PROTECTED, TAG_PROTECTED_MGM,
|
||||
};
|
||||
#[cfg(feature = "untested")]
|
||||
use des::{
|
||||
block_cipher_trait::{generic_array::GenericArray, BlockCipher},
|
||||
@@ -50,6 +53,8 @@ use pbkdf2::pbkdf2;
|
||||
#[cfg(feature = "untested")]
|
||||
use sha1::Sha1;
|
||||
|
||||
pub(crate) const ADMIN_FLAGS_1_PROTECTED_MGM: u8 = 0x02;
|
||||
|
||||
#[cfg(feature = "untested")]
|
||||
const CB_ADMIN_SALT: usize = 16;
|
||||
|
||||
|
||||
+5
-1
@@ -37,7 +37,8 @@
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
use crate::{consts::*, error::Error, serialization::*, yubikey::YubiKey};
|
||||
use crate::{error::Error, serialization::*, yubikey::YubiKey};
|
||||
use crate::{CB_OBJ_MAX, CB_OBJ_TAG_MAX, CB_OBJ_TAG_MIN};
|
||||
use log::error;
|
||||
|
||||
const OBJ_MSROOTS1: u32 = 0x005f_ff11;
|
||||
@@ -49,6 +50,9 @@ const OBJ_MSROOTS3: u32 = 0x005f_ff13;
|
||||
const OBJ_MSROOTS4: u32 = 0x005f_ff14;
|
||||
const OBJ_MSROOTS5: u32 = 0x005f_ff15;
|
||||
|
||||
const TAG_MSROOTS_END: u8 = 0x82;
|
||||
const TAG_MSROOTS_MID: u8 = 0x83;
|
||||
|
||||
/// `msroots` file: PKCS#7-formatted certificate store for enterprise trust roots
|
||||
pub struct MsRoots(Vec<u8>);
|
||||
|
||||
|
||||
+2
-2
@@ -3,11 +3,10 @@
|
||||
use crate::{
|
||||
apdu::Response,
|
||||
apdu::{Ins, StatusWords, APDU},
|
||||
consts::*,
|
||||
error::Error,
|
||||
serialization::*,
|
||||
yubikey::*,
|
||||
Buffer, ObjectId,
|
||||
Buffer, ObjectId, CB_BUF_MAX, PIV_AID, YK_AID,
|
||||
};
|
||||
use log::{error, trace};
|
||||
use std::convert::TryInto;
|
||||
@@ -17,6 +16,7 @@ use zeroize::Zeroizing;
|
||||
use crate::{
|
||||
key::{AlgorithmId, SlotId},
|
||||
mgm::{MgmKey, DES_LEN_3DES},
|
||||
CB_OBJ_MAX,
|
||||
};
|
||||
|
||||
const CB_PIN_MAX: usize = 8;
|
||||
|
||||
+6
-13
@@ -48,10 +48,10 @@ use std::{
|
||||
#[cfg(feature = "untested")]
|
||||
use crate::{
|
||||
apdu::{Ins, StatusWords, APDU},
|
||||
consts::*,
|
||||
metadata,
|
||||
mgm::MgmKey,
|
||||
Buffer, ObjectId,
|
||||
Buffer, ObjectId, CB_BUF_MAX, CB_OBJ_MAX, MGMT_AID, TAG_ADMIN, TAG_ADMIN_FLAGS_1,
|
||||
TAG_ADMIN_TIMESTAMP,
|
||||
};
|
||||
#[cfg(feature = "untested")]
|
||||
use getrandom::getrandom;
|
||||
@@ -63,6 +63,9 @@ use std::{
|
||||
time::{SystemTime, UNIX_EPOCH},
|
||||
};
|
||||
|
||||
/// Flag for PUK blocked
|
||||
pub(crate) const ADMIN_FLAGS_1_PUK_BLOCKED: u8 = 0x01;
|
||||
|
||||
/// 3DES authentication
|
||||
#[cfg(feature = "untested")]
|
||||
pub(crate) const ALGO_3DES: u8 = 0x03;
|
||||
@@ -78,16 +81,8 @@ pub(crate) const CHREF_ACT_UNBLOCK_PIN: i32 = 1;
|
||||
#[cfg(feature = "untested")]
|
||||
pub(crate) const CHREF_ACT_CHANGE_PUK: i32 = 2;
|
||||
|
||||
/// PIV Applet ID
|
||||
pub(crate) const PIV_AID: [u8; 5] = [0xa0, 0x00, 0x00, 0x03, 0x08];
|
||||
|
||||
/// MGMT Applet ID.
|
||||
/// <https://developers.yubico.com/PIV/Introduction/Admin_access.html>
|
||||
#[cfg(feature = "untested")]
|
||||
pub(crate) const MGMT_AID: [u8; 8] = [0xa0, 0x00, 0x00, 0x05, 0x27, 0x47, 0x11, 0x17];
|
||||
|
||||
/// YubiKey OTP Applet ID. Needed to query serial on YK4.
|
||||
pub(crate) const YK_AID: [u8; 8] = [0xa0, 0x00, 0x00, 0x05, 0x27, 0x20, 0x01, 0x01];
|
||||
const TAG_DYN_AUTH: u8 = 0x7c;
|
||||
|
||||
/// Cached YubiKey PIN
|
||||
pub type CachedPin = secrecy::SecretVec<u8>;
|
||||
@@ -249,8 +244,6 @@ impl YubiKey {
|
||||
pub fn authenticate(&mut self, mgm_key: MgmKey) -> Result<(), Error> {
|
||||
let txn = self.begin_transaction()?;
|
||||
|
||||
const TAG_DYN_AUTH: u8 = 0x7c;
|
||||
|
||||
// get a challenge from the card
|
||||
let challenge = APDU::new(Ins::Authenticate)
|
||||
.params(ALGO_3DES, KEY_CARDMGM)
|
||||
|
||||
Reference in New Issue
Block a user