Extract consts module (#282)
Extracts miscellaneous constants that were floating around in the toplevel into their own module.
This commit is contained in:
committed by
GitHub
parent
5f418bbd1d
commit
563f6f9ccc
+1
-2
@@ -31,6 +31,7 @@
|
|||||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
||||||
use crate::{
|
use crate::{
|
||||||
|
consts::CB_OBJ_MAX,
|
||||||
error::{Error, Result},
|
error::{Error, Result},
|
||||||
piv::{sign_data, AlgorithmId, SlotId},
|
piv::{sign_data, AlgorithmId, SlotId},
|
||||||
serialization::*,
|
serialization::*,
|
||||||
@@ -53,8 +54,6 @@ use x509::{der::Oid, RelativeDistinguishedName};
|
|||||||
use x509_parser::{parse_x509_certificate, x509::SubjectPublicKeyInfo};
|
use x509_parser::{parse_x509_certificate, x509::SubjectPublicKeyInfo};
|
||||||
use zeroize::Zeroizing;
|
use zeroize::Zeroizing;
|
||||||
|
|
||||||
use crate::CB_OBJ_MAX;
|
|
||||||
|
|
||||||
// TODO: Make these der_parser::oid::Oid constants when it has const fn support.
|
// TODO: Make these der_parser::oid::Oid constants when it has const fn support.
|
||||||
const OID_RSA_ENCRYPTION: &str = "1.2.840.113549.1.1.1";
|
const OID_RSA_ENCRYPTION: &str = "1.2.840.113549.1.1.1";
|
||||||
const OID_EC_PUBLIC_KEY: &str = "1.2.840.10045.2.1";
|
const OID_EC_PUBLIC_KEY: &str = "1.2.840.10045.2.1";
|
||||||
|
|||||||
+5
-2
@@ -31,11 +31,14 @@
|
|||||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
||||||
use crate::{
|
use crate::{
|
||||||
|
consts::{
|
||||||
|
TAG_ADMIN_FLAGS_1, TAG_ADMIN_SALT, TAG_ADMIN_TIMESTAMP, TAG_PROTECTED_FLAGS_1,
|
||||||
|
TAG_PROTECTED_MGM,
|
||||||
|
},
|
||||||
metadata::{AdminData, ProtectedData},
|
metadata::{AdminData, ProtectedData},
|
||||||
mgm::{MgmType, ADMIN_FLAGS_1_PROTECTED_MGM},
|
mgm::{MgmType, ADMIN_FLAGS_1_PROTECTED_MGM},
|
||||||
yubikey::{YubiKey, ADMIN_FLAGS_1_PUK_BLOCKED},
|
yubikey::{YubiKey, ADMIN_FLAGS_1_PUK_BLOCKED},
|
||||||
Result, TAG_ADMIN_FLAGS_1, TAG_ADMIN_SALT, TAG_ADMIN_TIMESTAMP, TAG_PROTECTED_FLAGS_1,
|
Result,
|
||||||
TAG_PROTECTED_MGM,
|
|
||||||
};
|
};
|
||||||
use log::error;
|
use log::error;
|
||||||
use std::{
|
use std::{
|
||||||
|
|||||||
@@ -0,0 +1,20 @@
|
|||||||
|
//! Miscellaneous constant values
|
||||||
|
|
||||||
|
/// YubiKey max buffer size
|
||||||
|
pub(crate) const CB_BUF_MAX: usize = 3072;
|
||||||
|
|
||||||
|
/// YubiKey max object size
|
||||||
|
pub(crate) const CB_OBJ_MAX: usize = CB_BUF_MAX - 9;
|
||||||
|
|
||||||
|
pub(crate) const CB_OBJ_TAG_MIN: usize = 2; // 1 byte tag + 1 byte len
|
||||||
|
#[cfg(feature = "untested")]
|
||||||
|
pub(crate) const CB_OBJ_TAG_MAX: usize = CB_OBJ_TAG_MIN + 2; // 1 byte tag + 3 bytes len
|
||||||
|
|
||||||
|
// Admin tags
|
||||||
|
pub(crate) const TAG_ADMIN_FLAGS_1: u8 = 0x81;
|
||||||
|
pub(crate) const TAG_ADMIN_SALT: u8 = 0x82;
|
||||||
|
pub(crate) const TAG_ADMIN_TIMESTAMP: u8 = 0x83;
|
||||||
|
|
||||||
|
// Protected tags
|
||||||
|
pub(crate) const TAG_PROTECTED_FLAGS_1: u8 = 0x81;
|
||||||
|
pub(crate) const TAG_PROTECTED_MGM: u8 = 0x89;
|
||||||
+1
-27
@@ -146,6 +146,7 @@ mod cccid;
|
|||||||
pub mod certificate;
|
pub mod certificate;
|
||||||
mod chuid;
|
mod chuid;
|
||||||
mod config;
|
mod config;
|
||||||
|
mod consts;
|
||||||
mod error;
|
mod error;
|
||||||
mod metadata;
|
mod metadata;
|
||||||
mod mgm;
|
mod mgm;
|
||||||
@@ -185,30 +186,3 @@ pub type ObjectId = u32;
|
|||||||
|
|
||||||
/// Buffer type (self-zeroizing byte vector)
|
/// Buffer type (self-zeroizing byte vector)
|
||||||
pub(crate) type Buffer = zeroize::Zeroizing<Vec<u8>>;
|
pub(crate) type Buffer = zeroize::Zeroizing<Vec<u8>>;
|
||||||
|
|
||||||
/// YubiKey max buffer size
|
|
||||||
pub(crate) const CB_BUF_MAX: usize = 3072;
|
|
||||||
|
|
||||||
/// YubiKey max object size
|
|
||||||
pub(crate) const CB_OBJ_MAX: usize = CB_BUF_MAX - 9;
|
|
||||||
pub(crate) const CB_OBJ_TAG_MIN: usize = 2; // 1 byte tag + 1 byte len
|
|
||||||
#[cfg(feature = "untested")]
|
|
||||||
pub(crate) const CB_OBJ_TAG_MAX: usize = CB_OBJ_TAG_MIN + 2; // 1 byte tag + 3 bytes len
|
|
||||||
|
|
||||||
pub(crate) const TAG_ADMIN_FLAGS_1: u8 = 0x81;
|
|
||||||
pub(crate) const TAG_ADMIN_SALT: u8 = 0x82;
|
|
||||||
pub(crate) const TAG_ADMIN_TIMESTAMP: u8 = 0x83;
|
|
||||||
pub(crate) const TAG_PROTECTED_FLAGS_1: u8 = 0x81;
|
|
||||||
pub(crate) const TAG_PROTECTED_MGM: u8 = 0x89;
|
|
||||||
|
|
||||||
/// PIV Applet ID
|
|
||||||
pub(crate) const PIV_AID: [u8; 5] = [0xa0, 0x00, 0x00, 0x03, 0x08];
|
|
||||||
|
|
||||||
/// MGMT Applet ID.
|
|
||||||
///
|
|
||||||
/// <https://developers.yubico.com/PIV/Introduction/Admin_access.html>
|
|
||||||
#[cfg(feature = "untested")]
|
|
||||||
pub(crate) const MGMT_AID: [u8; 8] = [0xa0, 0x00, 0x00, 0x05, 0x27, 0x47, 0x11, 0x17];
|
|
||||||
|
|
||||||
/// YubiKey OTP Applet ID. Needed to query serial on YK4.
|
|
||||||
pub(crate) const YK_AID: [u8; 8] = [0xa0, 0x00, 0x00, 0x05, 0x27, 0x20, 0x01, 0x01];
|
|
||||||
|
|||||||
+1
-1
@@ -36,7 +36,7 @@ use zeroize::Zeroizing;
|
|||||||
use crate::{serialization::*, transaction::Transaction, Buffer, Error, Result};
|
use crate::{serialization::*, transaction::Transaction, Buffer, Error, Result};
|
||||||
|
|
||||||
#[cfg(feature = "untested")]
|
#[cfg(feature = "untested")]
|
||||||
use crate::{CB_OBJ_MAX, CB_OBJ_TAG_MAX};
|
use crate::consts::{CB_OBJ_MAX, CB_OBJ_TAG_MAX};
|
||||||
|
|
||||||
#[cfg(feature = "untested")]
|
#[cfg(feature = "untested")]
|
||||||
use std::iter;
|
use std::iter;
|
||||||
|
|||||||
+6
-12
@@ -38,31 +38,22 @@ use zeroize::{Zeroize, Zeroizing};
|
|||||||
|
|
||||||
#[cfg(feature = "untested")]
|
#[cfg(feature = "untested")]
|
||||||
use crate::{
|
use crate::{
|
||||||
|
consts::{TAG_ADMIN_FLAGS_1, TAG_ADMIN_SALT, TAG_PROTECTED_MGM},
|
||||||
metadata::{AdminData, ProtectedData},
|
metadata::{AdminData, ProtectedData},
|
||||||
yubikey::YubiKey,
|
yubikey::YubiKey,
|
||||||
TAG_ADMIN_FLAGS_1, TAG_ADMIN_SALT, TAG_PROTECTED_MGM,
|
|
||||||
};
|
};
|
||||||
use des::{
|
use des::{
|
||||||
cipher::{generic_array::GenericArray, BlockDecrypt, BlockEncrypt, NewBlockCipher},
|
cipher::{generic_array::GenericArray, BlockDecrypt, BlockEncrypt, NewBlockCipher},
|
||||||
TdesEde3,
|
TdesEde3,
|
||||||
};
|
};
|
||||||
#[cfg(feature = "untested")]
|
#[cfg(feature = "untested")]
|
||||||
use hmac::Hmac;
|
use {hmac::Hmac, pbkdf2::pbkdf2, sha1::Sha1};
|
||||||
#[cfg(feature = "untested")]
|
|
||||||
use pbkdf2::pbkdf2;
|
|
||||||
#[cfg(feature = "untested")]
|
|
||||||
use sha1::Sha1;
|
|
||||||
|
|
||||||
pub(crate) const ADMIN_FLAGS_1_PROTECTED_MGM: u8 = 0x02;
|
pub(crate) const ADMIN_FLAGS_1_PROTECTED_MGM: u8 = 0x02;
|
||||||
|
|
||||||
#[cfg(feature = "untested")]
|
#[cfg(feature = "untested")]
|
||||||
const CB_ADMIN_SALT: usize = 16;
|
const CB_ADMIN_SALT: usize = 16;
|
||||||
|
|
||||||
/// Default MGM key configured on all YubiKeys
|
|
||||||
const DEFAULT_MGM_KEY: [u8; DES_LEN_3DES] = [
|
|
||||||
1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8,
|
|
||||||
];
|
|
||||||
|
|
||||||
/// Size of a DES key
|
/// Size of a DES key
|
||||||
const DES_LEN_DES: usize = 8;
|
const DES_LEN_DES: usize = 8;
|
||||||
|
|
||||||
@@ -347,9 +338,12 @@ impl AsRef<[u8; DES_LEN_3DES]> for MgmKey {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Default MGM key configured on all YubiKeys
|
||||||
impl Default for MgmKey {
|
impl Default for MgmKey {
|
||||||
fn default() -> Self {
|
fn default() -> Self {
|
||||||
MgmKey(DEFAULT_MGM_KEY)
|
MgmKey([
|
||||||
|
1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8,
|
||||||
|
])
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
+1
-1
@@ -30,7 +30,7 @@
|
|||||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
||||||
use crate::{piv::SlotId, serialization::*, Error, Result, YubiKey, CB_OBJ_MAX};
|
use crate::{consts::CB_OBJ_MAX, piv::SlotId, serialization::*, Error, Result, YubiKey};
|
||||||
use log::error;
|
use log::error;
|
||||||
use std::convert::{TryFrom, TryInto};
|
use std::convert::{TryFrom, TryInto};
|
||||||
|
|
||||||
|
|||||||
+5
-2
@@ -30,8 +30,11 @@
|
|||||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
||||||
use crate::{serialization::*, Error, Result, YubiKey};
|
use crate::{
|
||||||
use crate::{CB_OBJ_MAX, CB_OBJ_TAG_MAX};
|
consts::{CB_OBJ_MAX, CB_OBJ_TAG_MAX},
|
||||||
|
serialization::*,
|
||||||
|
Error, Result, YubiKey,
|
||||||
|
};
|
||||||
use log::error;
|
use log::error;
|
||||||
|
|
||||||
const OBJ_MSROOTS1: u32 = 0x005f_ff11;
|
const OBJ_MSROOTS1: u32 = 0x005f_ff11;
|
||||||
|
|||||||
+1
-1
@@ -59,7 +59,7 @@ use std::{convert::TryFrom, str::FromStr};
|
|||||||
|
|
||||||
#[cfg(feature = "untested")]
|
#[cfg(feature = "untested")]
|
||||||
use {
|
use {
|
||||||
crate::CB_OBJ_MAX,
|
crate::consts::CB_OBJ_MAX,
|
||||||
num_bigint_dig::traits::ModInverse,
|
num_bigint_dig::traits::ModInverse,
|
||||||
num_integer::Integer,
|
num_integer::Integer,
|
||||||
num_traits::{FromPrimitive, One},
|
num_traits::{FromPrimitive, One},
|
||||||
|
|||||||
@@ -30,7 +30,7 @@
|
|||||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
||||||
use crate::{Buffer, Error, ObjectId, Result, CB_OBJ_TAG_MIN};
|
use crate::{consts::CB_OBJ_TAG_MIN, Buffer, Error, ObjectId, Result};
|
||||||
|
|
||||||
pub const OBJ_DISCOVERY: u32 = 0x7e;
|
pub const OBJ_DISCOVERY: u32 = 0x7e;
|
||||||
|
|
||||||
|
|||||||
+8
-1
@@ -3,11 +3,12 @@
|
|||||||
use crate::{
|
use crate::{
|
||||||
apdu::Response,
|
apdu::Response,
|
||||||
apdu::{Apdu, Ins, StatusWords},
|
apdu::{Apdu, Ins, StatusWords},
|
||||||
|
consts::{CB_BUF_MAX, CB_OBJ_MAX},
|
||||||
error::{Error, Result},
|
error::{Error, Result},
|
||||||
piv::{AlgorithmId, SlotId},
|
piv::{AlgorithmId, SlotId},
|
||||||
serialization::*,
|
serialization::*,
|
||||||
yubikey::*,
|
yubikey::*,
|
||||||
Buffer, ObjectId, CB_BUF_MAX, CB_OBJ_MAX, PIV_AID, YK_AID,
|
Buffer, ObjectId,
|
||||||
};
|
};
|
||||||
use log::{error, trace};
|
use log::{error, trace};
|
||||||
use std::convert::TryInto;
|
use std::convert::TryInto;
|
||||||
@@ -16,6 +17,12 @@ use zeroize::Zeroizing;
|
|||||||
#[cfg(feature = "untested")]
|
#[cfg(feature = "untested")]
|
||||||
use crate::mgm::{MgmKey, DES_LEN_3DES};
|
use crate::mgm::{MgmKey, DES_LEN_3DES};
|
||||||
|
|
||||||
|
/// PIV Applet ID
|
||||||
|
const PIV_AID: [u8; 5] = [0xa0, 0x00, 0x00, 0x03, 0x08];
|
||||||
|
|
||||||
|
/// YubiKey OTP Applet ID. Needed to query serial on YK4.
|
||||||
|
const YK_AID: [u8; 8] = [0xa0, 0x00, 0x00, 0x05, 0x27, 0x20, 0x01, 0x01];
|
||||||
|
|
||||||
const CB_PIN_MAX: usize = 8;
|
const CB_PIN_MAX: usize = 8;
|
||||||
|
|
||||||
#[cfg(feature = "untested")]
|
#[cfg(feature = "untested")]
|
||||||
|
|||||||
+11
-2
@@ -53,8 +53,11 @@ use std::{
|
|||||||
#[cfg(feature = "untested")]
|
#[cfg(feature = "untested")]
|
||||||
use {
|
use {
|
||||||
crate::{
|
crate::{
|
||||||
apdu::StatusWords, metadata::AdminData, transaction::ChangeRefAction, Buffer, ObjectId,
|
apdu::StatusWords,
|
||||||
MGMT_AID, TAG_ADMIN_FLAGS_1, TAG_ADMIN_TIMESTAMP,
|
consts::{TAG_ADMIN_FLAGS_1, TAG_ADMIN_TIMESTAMP},
|
||||||
|
metadata::AdminData,
|
||||||
|
transaction::ChangeRefAction,
|
||||||
|
Buffer, ObjectId,
|
||||||
},
|
},
|
||||||
secrecy::ExposeSecret,
|
secrecy::ExposeSecret,
|
||||||
std::time::{SystemTime, UNIX_EPOCH},
|
std::time::{SystemTime, UNIX_EPOCH},
|
||||||
@@ -69,6 +72,12 @@ pub(crate) const ALGO_3DES: u8 = 0x03;
|
|||||||
/// Card management key
|
/// Card management key
|
||||||
pub(crate) const KEY_CARDMGM: u8 = 0x9b;
|
pub(crate) const KEY_CARDMGM: u8 = 0x9b;
|
||||||
|
|
||||||
|
/// MGMT Applet ID.
|
||||||
|
///
|
||||||
|
/// <https://developers.yubico.com/PIV/Introduction/Admin_access.html>
|
||||||
|
#[cfg(feature = "untested")]
|
||||||
|
const MGMT_AID: [u8; 8] = [0xa0, 0x00, 0x00, 0x05, 0x27, 0x47, 0x11, 0x17];
|
||||||
|
|
||||||
const TAG_DYN_AUTH: u8 = 0x7c;
|
const TAG_DYN_AUTH: u8 = 0x7c;
|
||||||
|
|
||||||
/// Cached YubiKey PIN.
|
/// Cached YubiKey PIN.
|
||||||
|
|||||||
Reference in New Issue
Block a user