Convert Yubikey pointers into mutable references

This commit is contained in:
Jack Grigg
2019-11-20 01:07:15 +00:00
parent 943dd6f146
commit 5733d0b0af
2 changed files with 228 additions and 296 deletions
+74 -102
View File
@@ -81,7 +81,7 @@ pub struct CardId([u8; 16]);
/// Get Card ID /// Get Card ID
pub unsafe fn ykpiv_util_get_cardid( pub unsafe fn ykpiv_util_get_cardid(
state: *mut YubiKey, state: &mut YubiKey,
cardid: *mut CardId, cardid: *mut CardId,
) -> Result<(), ErrorKind> { ) -> Result<(), ErrorKind> {
let mut buf = [0u8; CB_OBJ_MAX]; let mut buf = [0u8; CB_OBJ_MAX];
@@ -121,17 +121,13 @@ pub unsafe fn ykpiv_util_get_cardid(
/// Set Card ID /// Set Card ID
pub unsafe fn ykpiv_util_set_cardid( pub unsafe fn ykpiv_util_set_cardid(
state: *mut YubiKey, state: &mut YubiKey,
cardid: *const CardId, cardid: *const CardId,
) -> Result<(), ErrorKind> { ) -> Result<(), ErrorKind> {
let mut id = [0u8; YKPIV_CARDID_SIZE]; let mut id = [0u8; YKPIV_CARDID_SIZE];
let mut buf = [0u8; CHUID_TMPL.len()]; let mut buf = [0u8; CHUID_TMPL.len()];
let mut res = ErrorKind::Ok; let mut res = ErrorKind::Ok;
if state.is_null() {
return Err(ErrorKind::GenericError);
}
if cardid.is_null() { if cardid.is_null() {
if _ykpiv_prng_generate(id.as_mut_ptr(), id.len()) != PRngErrorKind::Ok { if _ykpiv_prng_generate(id.as_mut_ptr(), id.len()) != PRngErrorKind::Ok {
return Err(ErrorKind::RandomnessError); return Err(ErrorKind::RandomnessError);
@@ -181,7 +177,7 @@ pub unsafe fn ykpiv_util_set_cardid(
pub struct CCCID([u8; 14]); pub struct CCCID([u8; 14]);
/// Get Cardholder Capability Container (CCC) ID /// Get Cardholder Capability Container (CCC) ID
pub unsafe fn ykpiv_util_get_cccid(state: *mut YubiKey, ccc: *mut CCCID) -> Result<(), ErrorKind> { pub unsafe fn ykpiv_util_get_cccid(state: &mut YubiKey, ccc: *mut CCCID) -> Result<(), ErrorKind> {
let mut res: ErrorKind = ErrorKind::Ok; let mut res: ErrorKind = ErrorKind::Ok;
let mut buf = [0u8; CB_OBJ_MAX]; let mut buf = [0u8; CB_OBJ_MAX];
let mut len = buf.len(); let mut len = buf.len();
@@ -224,7 +220,7 @@ pub unsafe fn ykpiv_util_get_cccid(state: *mut YubiKey, ccc: *mut CCCID) -> Resu
/// Get Cardholder Capability Container (CCC) ID /// Get Cardholder Capability Container (CCC) ID
pub unsafe fn ykpiv_util_set_cccid( pub unsafe fn ykpiv_util_set_cccid(
state: *mut YubiKey, state: &mut YubiKey,
ccc: *const CCCID, ccc: *const CCCID,
) -> Result<(), ErrorKind> { ) -> Result<(), ErrorKind> {
let mut res: ErrorKind = ErrorKind::Ok; let mut res: ErrorKind = ErrorKind::Ok;
@@ -232,10 +228,6 @@ pub unsafe fn ykpiv_util_set_cccid(
let mut buf = [0u8; 51]; let mut buf = [0u8; 51];
let len: usize; let len: usize;
if state.is_null() {
return Err(ErrorKind::GenericError);
}
if ccc.is_null() { if ccc.is_null() {
if _ykpiv_prng_generate(id.as_mut_ptr(), id.len()) != PRngErrorKind::Ok { if _ykpiv_prng_generate(id.as_mut_ptr(), id.len()) != PRngErrorKind::Ok {
return Err(ErrorKind::RandomnessError); return Err(ErrorKind::RandomnessError);
@@ -278,10 +270,10 @@ pub unsafe fn ykpiv_util_set_cccid(
} }
/// Get YubiKey device model /// Get YubiKey device model
pub unsafe fn ykpiv_util_devicemodel(state: *mut YubiKey) -> u32 { pub unsafe fn ykpiv_util_devicemodel(state: &mut YubiKey) -> u32 {
if state.is_null() || (*state).context == 0 || (*state).context == -1 { if state.context == 0 || state.context == -1 {
DEVTYPE_UNKNOWN DEVTYPE_UNKNOWN
} else if (*state).is_neo { } else if state.is_neo {
DEVTYPE_NEOr3 DEVTYPE_NEOr3
} else { } else {
DEVTYPE_YK4 DEVTYPE_YK4
@@ -333,7 +325,7 @@ pub const SLOTS: [u8; 24] = [
// TODO(tarcieri): fix clippy alignment warnings // TODO(tarcieri): fix clippy alignment warnings
#[allow(clippy::cast_ptr_alignment)] #[allow(clippy::cast_ptr_alignment)]
pub unsafe fn ykpiv_util_list_keys( pub unsafe fn ykpiv_util_list_keys(
state: *mut YubiKey, state: &mut YubiKey,
key_count: *mut u8, key_count: *mut u8,
data: *mut *mut YkPivKey, data: *mut *mut YkPivKey,
data_len: *mut usize, data_len: *mut usize,
@@ -468,7 +460,7 @@ pub unsafe fn ykpiv_util_list_keys(
/// Read certificate /// Read certificate
pub unsafe fn ykpiv_util_read_cert( pub unsafe fn ykpiv_util_read_cert(
state: *mut YubiKey, state: &mut YubiKey,
slot: u8, slot: u8,
data: *mut *mut u8, data: *mut *mut u8,
data_len: *mut usize, data_len: *mut usize,
@@ -520,7 +512,7 @@ pub unsafe fn ykpiv_util_read_cert(
/// Write certificate /// Write certificate
pub unsafe fn ykpiv_util_write_cert( pub unsafe fn ykpiv_util_write_cert(
state: *mut YubiKey, state: &mut YubiKey,
slot: u8, slot: u8,
data: *mut u8, data: *mut u8,
data_len: usize, data_len: usize,
@@ -544,12 +536,12 @@ pub unsafe fn ykpiv_util_write_cert(
} }
/// Delete certificate /// Delete certificate
pub unsafe fn ykpiv_util_delete_cert(state: *mut YubiKey, slot: u8) -> Result<(), ErrorKind> { pub unsafe fn ykpiv_util_delete_cert(state: &mut YubiKey, slot: u8) -> Result<(), ErrorKind> {
ykpiv_util_write_cert(state, slot, ptr::null_mut(), 0, 0) ykpiv_util_write_cert(state, slot, ptr::null_mut(), 0, 0)
} }
/// Block PUK /// Block PUK
pub unsafe fn ykpiv_util_block_puk(state: *mut YubiKey) -> Result<(), ErrorKind> { pub unsafe fn ykpiv_util_block_puk(state: &mut YubiKey) -> Result<(), ErrorKind> {
let mut _currentBlock; let mut _currentBlock;
let mut res: ErrorKind = ErrorKind::Ok; let mut res: ErrorKind = ErrorKind::Ok;
let mut puk = [0x30, 0x42, 0x41, 0x44, 0x46, 0x30, 0x30, 0x44]; let mut puk = [0x30, 0x42, 0x41, 0x44, 0x46, 0x30, 0x30, 0x44];
@@ -560,10 +552,6 @@ pub unsafe fn ykpiv_util_block_puk(state: *mut YubiKey) -> Result<(), ErrorKind>
let mut cb_item: usize = 0; let mut cb_item: usize = 0;
let mut flags: u8 = 0; let mut flags: u8 = 0;
if state.is_null() {
return Err(ErrorKind::GenericError);
}
if _ykpiv_begin_transaction(state) != ErrorKind::Ok { if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
return Err(ErrorKind::PcscError); return Err(ErrorKind::PcscError);
} }
@@ -621,7 +609,7 @@ pub unsafe fn ykpiv_util_block_puk(state: *mut YubiKey) -> Result<(), ErrorKind>
p_item as (*const c_void), p_item as (*const c_void),
cb_item, cb_item,
); );
} else if (*state).verbose != 0 { } else if state.verbose != 0 {
eprintln!("admin flags exist, but are incorrect size = {}", cb_item,); eprintln!("admin flags exist, but are incorrect size = {}", cb_item,);
} }
} }
@@ -638,7 +626,7 @@ pub unsafe fn ykpiv_util_block_puk(state: *mut YubiKey) -> Result<(), ErrorKind>
1, 1,
) != ErrorKind::Ok ) != ErrorKind::Ok
{ {
if (*state).verbose == 0 { if state.verbose == 0 {
_currentBlock = 20; _currentBlock = 20;
continue; continue;
} }
@@ -649,7 +637,7 @@ pub unsafe fn ykpiv_util_block_puk(state: *mut YubiKey) -> Result<(), ErrorKind>
_currentBlock = 20; _currentBlock = 20;
continue; continue;
} }
if (*state).verbose == 0 { if state.verbose == 0 {
_currentBlock = 20; _currentBlock = 20;
continue; continue;
} }
@@ -699,7 +687,7 @@ pub struct YkPivContainer {
/// Read mscmap /// Read mscmap
pub unsafe fn ykpiv_util_read_mscmap( pub unsafe fn ykpiv_util_read_mscmap(
state: *mut YubiKey, state: &mut YubiKey,
containers: *mut *mut YkPivContainer, containers: *mut *mut YkPivContainer,
n_containers: *mut usize, n_containers: *mut usize,
) -> Result<(), ErrorKind> { ) -> Result<(), ErrorKind> {
@@ -771,8 +759,8 @@ pub unsafe fn ykpiv_util_read_mscmap(
} }
/// Get max object size /// Get max object size
unsafe fn _obj_size_max(state: *mut YubiKey) -> usize { unsafe fn _obj_size_max(state: &mut YubiKey) -> usize {
if !state.is_null() && (*state).is_neo { if state.is_neo {
2048 - 9 2048 - 9
} else { } else {
CB_OBJ_MAX CB_OBJ_MAX
@@ -781,7 +769,7 @@ unsafe fn _obj_size_max(state: *mut YubiKey) -> usize {
/// Write mscmap /// Write mscmap
pub unsafe fn ykpiv_util_write_mscmap( pub unsafe fn ykpiv_util_write_mscmap(
state: *mut YubiKey, state: &mut YubiKey,
containers: *mut YkPivContainer, containers: *mut YkPivContainer,
n_containers: usize, n_containers: usize,
) -> Result<(), ErrorKind> { ) -> Result<(), ErrorKind> {
@@ -837,7 +825,7 @@ pub unsafe fn ykpiv_util_write_mscmap(
/// Read msroots /// Read msroots
pub unsafe fn ykpiv_util_read_msroots( pub unsafe fn ykpiv_util_read_msroots(
state: *mut YubiKey, state: &mut YubiKey,
data: *mut *mut u8, data: *mut *mut u8,
data_len: *mut usize, data_len: *mut usize,
) -> Result<(), ErrorKind> { ) -> Result<(), ErrorKind> {
@@ -970,7 +958,7 @@ pub unsafe fn ykpiv_util_read_msroots(
/// Write msroots /// Write msroots
pub unsafe fn ykpiv_util_write_msroots( pub unsafe fn ykpiv_util_write_msroots(
state: *mut YubiKey, state: &mut YubiKey,
data: *mut u8, data: *mut u8,
data_len: usize, data_len: usize,
) -> Result<(), ErrorKind> { ) -> Result<(), ErrorKind> {
@@ -1070,7 +1058,7 @@ const SZ_ROCA_DEFAULT: &str = "was permitted by default, but is not recommended.
/// Generate key /// Generate key
#[allow(clippy::cognitive_complexity)] #[allow(clippy::cognitive_complexity)]
pub unsafe fn ykpiv_util_generate_key( pub unsafe fn ykpiv_util_generate_key(
state: *mut YubiKey, state: &mut YubiKey,
slot: u8, slot: u8,
algorithm: u8, algorithm: u8,
pin_policy: u8, pin_policy: u8,
@@ -1097,14 +1085,10 @@ pub unsafe fn ykpiv_util_generate_key(
let cb_point: usize; let cb_point: usize;
let setting_roca: SettingBool; let setting_roca: SettingBool;
if state.is_null() {
return Err(ErrorKind::ArgumentError);
}
if ykpiv_util_devicemodel(state) == DEVTYPE_YK4 if ykpiv_util_devicemodel(state) == DEVTYPE_YK4
&& (algorithm == YKPIV_ALGO_RSA1024 || algorithm == YKPIV_ALGO_RSA2048) && (algorithm == YKPIV_ALGO_RSA1024 || algorithm == YKPIV_ALGO_RSA2048)
&& (*state).ver.major == 4 && state.ver.major == 4
&& ((*state).ver.minor < 3 || (*state).ver.minor == 3 && ((*state).ver.patch < 5)) && (state.ver.minor < 3 || state.ver.minor == 3 && (state.ver.patch < 5))
{ {
let setting_name = CString::new(SZ_SETTING_ROCA).unwrap(); let setting_name = CString::new(SZ_SETTING_ROCA).unwrap();
setting_roca = setting_get_bool(setting_name.as_ptr(), true); setting_roca = setting_get_bool(setting_name.as_ptr(), true);
@@ -1132,7 +1116,7 @@ pub unsafe fn ykpiv_util_generate_key(
(ROCA) and should be replaced. On-chip key generation {} See \ (ROCA) and should be replaced. On-chip key generation {} See \
YSA-2017-01 <https://www.yubico.com/support/security-advisories/ysa-2017-01/> \ YSA-2017-01 <https://www.yubico.com/support/security-advisories/ysa-2017-01/> \
for additional information on device replacement and mitigation assistance", for additional information on device replacement and mitigation assistance",
(*state).serial, state.serial,
psz_msg psz_msg
); );
@@ -1144,7 +1128,7 @@ pub unsafe fn ykpiv_util_generate_key(
match algorithm { match algorithm {
YKPIV_ALGO_RSA1024 | YKPIV_ALGO_RSA2048 => { YKPIV_ALGO_RSA1024 | YKPIV_ALGO_RSA2048 => {
if point.is_null() || point_len.is_null() { if point.is_null() || point_len.is_null() {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("Invalid output parameter for ECC algorithm"); eprintln!("Invalid output parameter for ECC algorithm");
} }
return Err(ErrorKind::GenericError); return Err(ErrorKind::GenericError);
@@ -1155,7 +1139,7 @@ pub unsafe fn ykpiv_util_generate_key(
} }
YKPIV_ALGO_ECCP256 | YKPIV_ALGO_ECCP384 => { YKPIV_ALGO_ECCP256 | YKPIV_ALGO_ECCP384 => {
if modulus.is_null() || modulus_len.is_null() || exp.is_null() || exp_len.is_null() { if modulus.is_null() || modulus_len.is_null() || exp.is_null() || exp_len.is_null() {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("Invalid output parameter for RSA algorithm",); eprintln!("Invalid output parameter for RSA algorithm",);
} }
return Err(ErrorKind::GenericError); return Err(ErrorKind::GenericError);
@@ -1167,7 +1151,7 @@ pub unsafe fn ykpiv_util_generate_key(
} }
} }
_ => { _ => {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("Invalid algorithm specified"); eprintln!("Invalid algorithm specified");
} }
@@ -1213,7 +1197,7 @@ pub unsafe fn ykpiv_util_generate_key(
if in_data[4] == 0 { if in_data[4] == 0 {
res = ErrorKind::AlgorithmError; res = ErrorKind::AlgorithmError;
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("Unexpected algorithm.\n"); eprintln!("Unexpected algorithm.\n");
} }
} else { } else {
@@ -1270,24 +1254,24 @@ pub unsafe fn ykpiv_util_generate_key(
); );
if res != ErrorKind::Ok { if res != ErrorKind::Ok {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("Failed to communicate."); eprintln!("Failed to communicate.");
} }
} else if sw != SW_SUCCESS { } else if sw != SW_SUCCESS {
if (*state).verbose != 0 { if state.verbose != 0 {
eprint!("Failed to generate new key ("); eprint!("Failed to generate new key (");
} }
match sw { match sw {
SW_ERR_INCORRECT_SLOT => { SW_ERR_INCORRECT_SLOT => {
res = ErrorKind::KeyError; res = ErrorKind::KeyError;
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("incorrect slot)"); eprintln!("incorrect slot)");
} }
} }
SW_ERR_INCORRECT_PARAM => { SW_ERR_INCORRECT_PARAM => {
res = ErrorKind::AlgorithmError; res = ErrorKind::AlgorithmError;
if (*state).verbose != 0 { if state.verbose != 0 {
if pin_policy as (i32) != 0i32 { if pin_policy as (i32) != 0i32 {
eprintln!("pin policy not supported?)",); eprintln!("pin policy not supported?)",);
} else if touch_policy as (i32) != 0i32 { } else if touch_policy as (i32) != 0i32 {
@@ -1299,13 +1283,13 @@ pub unsafe fn ykpiv_util_generate_key(
} }
SW_ERR_SECURITY_STATUS => { SW_ERR_SECURITY_STATUS => {
res = ErrorKind::AuthenticationError; res = ErrorKind::AuthenticationError;
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("not authenticated)"); eprintln!("not authenticated)");
} }
} }
_ => { _ => {
res = ErrorKind::GenericError; res = ErrorKind::GenericError;
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("error {:x})", sw); eprintln!("error {:x})", sw);
} }
} }
@@ -1314,7 +1298,7 @@ pub unsafe fn ykpiv_util_generate_key(
let mut data_ptr: *mut u8 = data.as_mut_ptr().offset(5); let mut data_ptr: *mut u8 = data.as_mut_ptr().offset(5);
let mut len: usize = 0; let mut len: usize = 0;
if *data_ptr != TAG_RSA_MODULUS { if *data_ptr != TAG_RSA_MODULUS {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("Failed to parse public key structure (modulus)."); eprintln!("Failed to parse public key structure (modulus).");
} }
res = ErrorKind::ParseError; res = ErrorKind::ParseError;
@@ -1324,7 +1308,7 @@ pub unsafe fn ykpiv_util_generate_key(
cb_modulus = len; cb_modulus = len;
ptr_modulus = calloc(cb_modulus, 1) as *mut u8; ptr_modulus = calloc(cb_modulus, 1) as *mut u8;
if ptr_modulus.is_null() { if ptr_modulus.is_null() {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("Failed to allocate memory for modulus."); eprintln!("Failed to allocate memory for modulus.");
} }
res = ErrorKind::MemoryError; res = ErrorKind::MemoryError;
@@ -1336,7 +1320,7 @@ pub unsafe fn ykpiv_util_generate_key(
); );
data_ptr = data_ptr.add(len); data_ptr = data_ptr.add(len);
if *data_ptr != TAG_RSA_EXP { if *data_ptr != TAG_RSA_EXP {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!( eprintln!(
"Failed to parse public key structure (public exponent)." "Failed to parse public key structure (public exponent)."
); );
@@ -1348,7 +1332,7 @@ pub unsafe fn ykpiv_util_generate_key(
cb_exp = len; cb_exp = len;
ptr_exp = calloc(cb_exp, 1) as *mut u8; ptr_exp = calloc(cb_exp, 1) as *mut u8;
if ptr_exp.is_null() { if ptr_exp.is_null() {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("Failed to allocate memory for public exponent."); eprintln!("Failed to allocate memory for public exponent.");
} }
res = ErrorKind::MemoryError; res = ErrorKind::MemoryError;
@@ -1383,7 +1367,7 @@ pub unsafe fn ykpiv_util_generate_key(
_old _old
} != TAG_ECC_POINT } != TAG_ECC_POINT
{ {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("Failed to parse public key structure.\n",); eprintln!("Failed to parse public key structure.\n",);
} }
res = ErrorKind::ParseError; res = ErrorKind::ParseError;
@@ -1394,7 +1378,7 @@ pub unsafe fn ykpiv_util_generate_key(
} as (usize) } as (usize)
!= len != len
{ {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("Unexpected length.\n"); eprintln!("Unexpected length.\n");
} }
res = ErrorKind::AlgorithmError; res = ErrorKind::AlgorithmError;
@@ -1402,7 +1386,7 @@ pub unsafe fn ykpiv_util_generate_key(
cb_point = len; cb_point = len;
ptr_point = calloc(cb_point, 1) as (*mut u8); ptr_point = calloc(cb_point, 1) as (*mut u8);
if ptr_point.is_null() { if ptr_point.is_null() {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("Failed to allocate memory for public point."); eprintln!("Failed to allocate memory for public point.");
} }
res = ErrorKind::MemoryError; res = ErrorKind::MemoryError;
@@ -1418,7 +1402,7 @@ pub unsafe fn ykpiv_util_generate_key(
} }
} }
} else { } else {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("Wrong algorithm."); eprintln!("Wrong algorithm.");
} }
res = ErrorKind::AlgorithmError; res = ErrorKind::AlgorithmError;
@@ -1481,7 +1465,7 @@ pub struct YkPivConfig {
/// Get config /// Get config
pub unsafe fn ykpiv_util_get_config( pub unsafe fn ykpiv_util_get_config(
state: *mut YubiKey, state: &mut YubiKey,
config: *mut YkPivConfig, config: *mut YkPivConfig,
) -> Result<(), ErrorKind> { ) -> Result<(), ErrorKind> {
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE]; let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
@@ -1490,7 +1474,7 @@ pub unsafe fn ykpiv_util_get_config(
let mut cb_item: usize = 0; let mut cb_item: usize = 0;
let res = ErrorKind::Ok; let res = ErrorKind::Ok;
if state.is_null() || config.is_null() { if config.is_null() {
return Err(ErrorKind::GenericError); return Err(ErrorKind::GenericError);
} }
@@ -1533,7 +1517,7 @@ pub unsafe fn ykpiv_util_get_config(
if (*config).mgm_type as (i32) if (*config).mgm_type as (i32)
!= YkPivConfigMgmType::YKPIV_CONFIG_MGM_MANUAL as (i32) != YkPivConfigMgmType::YKPIV_CONFIG_MGM_MANUAL as (i32)
{ {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("conflicting types of mgm key administration configured"); eprintln!("conflicting types of mgm key administration configured");
} }
} else { } else {
@@ -1550,7 +1534,7 @@ pub unsafe fn ykpiv_util_get_config(
) == ErrorKind::Ok ) == ErrorKind::Ok
{ {
if cb_item != 4 { if cb_item != 4 {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("pin timestamp in admin metadata is an invalid size"); eprintln!("pin timestamp in admin metadata is an invalid size");
} }
} else { } else {
@@ -1590,7 +1574,7 @@ pub unsafe fn ykpiv_util_get_config(
if res == ErrorKind::Ok { if res == ErrorKind::Ok {
if (*config).mgm_type != YkPivConfigMgmType::YKPIV_CONFIG_MGM_PROTECTED if (*config).mgm_type != YkPivConfigMgmType::YKPIV_CONFIG_MGM_PROTECTED
&& (*state).verbose != 0 && state.verbose != 0
{ {
eprintln!( eprintln!(
"conflicting types of mgm key administration configured - protected mgm exists" "conflicting types of mgm key administration configured - protected mgm exists"
@@ -1609,16 +1593,12 @@ pub unsafe fn ykpiv_util_get_config(
} }
/// Set PIN last changed /// Set PIN last changed
pub unsafe fn ykpiv_util_set_pin_last_changed(state: *mut YubiKey) -> Result<(), ErrorKind> { pub unsafe fn ykpiv_util_set_pin_last_changed(state: &mut YubiKey) -> Result<(), ErrorKind> {
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE]; let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
let mut cb_data = data.len(); let mut cb_data = data.len();
let mut res = ErrorKind::Ok; let mut res = ErrorKind::Ok;
let ykrc: ErrorKind; let ykrc: ErrorKind;
if state.is_null() {
return Err(ErrorKind::GenericError);
}
if _ykpiv_begin_transaction(state) != ErrorKind::Ok { if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
return Err(ErrorKind::PcscError); return Err(ErrorKind::PcscError);
} }
@@ -1646,12 +1626,12 @@ pub unsafe fn ykpiv_util_set_pin_last_changed(state: *mut YubiKey) -> Result<(),
}; };
if res != ErrorKind::Ok { if res != ErrorKind::Ok {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("could not set pin timestamp, err = {}\n", res as (i32),); eprintln!("could not set pin timestamp, err = {}\n", res as (i32),);
} }
} else { } else {
res = _write_metadata(state, 0x80u8, data.as_mut_ptr(), cb_data); res = _write_metadata(state, 0x80u8, data.as_mut_ptr(), cb_data);
if res != ErrorKind::Ok && (*state).verbose != 0 { if res != ErrorKind::Ok && state.verbose != 0 {
eprintln!("could not write admin data, err = {}", res); eprintln!("could not write admin data, err = {}", res);
} }
} }
@@ -1681,7 +1661,7 @@ impl Drop for YkPivMgm {
/// Get derived management key (MGM) /// Get derived management key (MGM)
pub unsafe fn ykpiv_util_get_derived_mgm( pub unsafe fn ykpiv_util_get_derived_mgm(
state: *mut YubiKey, state: &mut YubiKey,
pin: *const u8, pin: *const u8,
pin_len: usize, pin_len: usize,
mgm: *mut YkPivMgm, mgm: *mut YkPivMgm,
@@ -1692,10 +1672,6 @@ pub unsafe fn ykpiv_util_get_derived_mgm(
let mut cb_item: usize = 0; let mut cb_item: usize = 0;
let mut res: ErrorKind = ErrorKind::Ok; let mut res: ErrorKind = ErrorKind::Ok;
if state.is_null() {
return Err(ErrorKind::GenericError);
}
if pin.is_null() || pin_len == 0 || mgm.is_null() { if pin.is_null() || pin_len == 0 || mgm.is_null() {
return Err(ErrorKind::GenericError); return Err(ErrorKind::GenericError);
} }
@@ -1718,7 +1694,7 @@ pub unsafe fn ykpiv_util_get_derived_mgm(
if res == ErrorKind::Ok { if res == ErrorKind::Ok {
if cb_item != 16usize { if cb_item != 16usize {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!( eprintln!(
"derived mgm salt exists, but is incorrect size = {}", "derived mgm salt exists, but is incorrect size = {}",
cb_item, cb_item,
@@ -1737,7 +1713,7 @@ pub unsafe fn ykpiv_util_get_derived_mgm(
); );
if p5rc != Pkcs5ErrorKind::Ok { if p5rc != Pkcs5ErrorKind::Ok {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("pbkdf2 failure, err = {:?}", p5rc); eprintln!("pbkdf2 failure, err = {:?}", p5rc);
} }
@@ -1757,7 +1733,7 @@ pub unsafe fn ykpiv_util_get_derived_mgm(
/// Get protected management key (MGM) /// Get protected management key (MGM)
pub unsafe fn ykpiv_util_get_protected_mgm( pub unsafe fn ykpiv_util_get_protected_mgm(
state: *mut YubiKey, state: &mut YubiKey,
mgm: *mut YkPivMgm, mgm: *mut YkPivMgm,
) -> Result<(), ErrorKind> { ) -> Result<(), ErrorKind> {
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE]; let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
@@ -1766,7 +1742,7 @@ pub unsafe fn ykpiv_util_get_protected_mgm(
let mut cb_item: usize = 0; let mut cb_item: usize = 0;
let mut res = ErrorKind::Ok; let mut res = ErrorKind::Ok;
if state.is_null() || mgm.is_null() { if mgm.is_null() {
return Err(ErrorKind::GenericError); return Err(ErrorKind::GenericError);
} }
@@ -1778,7 +1754,7 @@ pub unsafe fn ykpiv_util_get_protected_mgm(
res = _read_metadata(state, 0x88u8, data.as_mut_ptr(), &mut cb_data); res = _read_metadata(state, 0x88u8, data.as_mut_ptr(), &mut cb_data);
if res != ErrorKind::Ok { if res != ErrorKind::Ok {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("could not read protected data, err = {:?}", res); eprintln!("could not read protected data, err = {:?}", res);
} }
} else { } else {
@@ -1791,14 +1767,14 @@ pub unsafe fn ykpiv_util_get_protected_mgm(
); );
if res != ErrorKind::Ok { if res != ErrorKind::Ok {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!( eprintln!(
"could not read protected mgm from metadata, err = {}", "could not read protected mgm from metadata, err = {}",
res as (i32), res as (i32),
); );
} }
} else if cb_item != (*mgm).0.len() { } else if cb_item != (*mgm).0.len() {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!( eprintln!(
"protected data contains mgm, but is the wrong size = {}", "protected data contains mgm, but is the wrong size = {}",
cb_item, cb_item,
@@ -1826,7 +1802,7 @@ pub unsafe fn ykpiv_util_get_protected_mgm(
/// Set protected management key (MGM) /// Set protected management key (MGM)
#[allow(clippy::cognitive_complexity)] #[allow(clippy::cognitive_complexity)]
pub unsafe fn ykpiv_util_set_protected_mgm( pub unsafe fn ykpiv_util_set_protected_mgm(
state: *mut YubiKey, state: &mut YubiKey,
mgm: *mut YkPivMgm, mgm: *mut YkPivMgm,
) -> Result<(), ErrorKind> { ) -> Result<(), ErrorKind> {
let mut _currentBlock; let mut _currentBlock;
@@ -1842,10 +1818,6 @@ pub unsafe fn ykpiv_util_set_protected_mgm(
let mut cb_item: usize = 0; let mut cb_item: usize = 0;
let mut flags_1: u8 = 0; let mut flags_1: u8 = 0;
if state.is_null() {
return Err(ErrorKind::GenericError);
}
if mgm.is_null() { if mgm.is_null() {
f_generate = true; f_generate = true;
} else { } else {
@@ -1927,7 +1899,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm(
); );
if ykrc != ErrorKind::Ok { if ykrc != ErrorKind::Ok {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("could not set protected mgm item, err = {:?}", ykrc); eprintln!("could not set protected mgm item, err = {:?}", ykrc);
_currentBlock = 26; _currentBlock = 26;
} else { } else {
@@ -1936,7 +1908,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm(
} else { } else {
ykrc = _write_metadata(state, 0x88u8, data.as_mut_ptr(), cb_data); ykrc = _write_metadata(state, 0x88u8, data.as_mut_ptr(), cb_data);
if ykrc != ErrorKind::Ok { if ykrc != ErrorKind::Ok {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("could not write protected data, err = {:?}", ykrc); eprintln!("could not write protected data, err = {:?}", ykrc);
_currentBlock = 51; _currentBlock = 51;
} else { } else {
@@ -1962,7 +1934,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm(
&mut cb_item, &mut cb_item,
); );
if ykrc != ErrorKind::Ok && (*state).verbose != 0 { if ykrc != ErrorKind::Ok && state.verbose != 0 {
eprintln!("admin data exists, but flags are not present",); eprintln!("admin data exists, but flags are not present",);
} }
@@ -1974,7 +1946,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm(
p_item as (*const c_void), p_item as (*const c_void),
cb_item, cb_item,
); );
} else if (*state).verbose != 0 { } else if state.verbose != 0 {
eprintln!("admin data flags are an incorrect size = {}", cb_item,); eprintln!("admin data flags are an incorrect size = {}", cb_item,);
} }
@@ -1987,7 +1959,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm(
0, 0,
); );
if ykrc != ErrorKind::Ok && (*state).verbose != 0 { if ykrc != ErrorKind::Ok && state.verbose != 0 {
eprintln!("could not unset derived mgm salt, err = {}", ykrc); eprintln!("could not unset derived mgm salt, err = {}", ykrc);
} }
} }
@@ -2003,24 +1975,24 @@ pub unsafe fn ykpiv_util_set_protected_mgm(
); );
if ykrc != ErrorKind::Ok { if ykrc != ErrorKind::Ok {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("could not set admin flags item, err = {}", ykrc); eprintln!("could not set admin flags item, err = {}", ykrc);
} }
} else { } else {
ykrc = _write_metadata(state, 0x80u8, data.as_mut_ptr(), cb_data); ykrc = _write_metadata(state, 0x80u8, data.as_mut_ptr(), cb_data);
if ykrc != ErrorKind::Ok && (*state).verbose != 0 { if ykrc != ErrorKind::Ok && state.verbose != 0 {
eprintln!("could not write admin data, err = {}", ykrc); eprintln!("could not write admin data, err = {}", ykrc);
} }
} }
} }
} else if _currentBlock == 44 { } else if _currentBlock == 44 {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("could not set new derived mgm key, err = {}", ykrc); eprintln!("could not set new derived mgm key, err = {}", ykrc);
} }
res = ykrc; res = ykrc;
} else { } else {
if (*state).verbose != 0 { if state.verbose != 0 {
eprintln!("could not generate new mgm, err = {:?}", prngrc); eprintln!("could not generate new mgm, err = {:?}", prngrc);
} }
@@ -2039,7 +2011,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm(
} }
/// Reset /// Reset
pub unsafe fn ykpiv_util_reset(state: *mut YubiKey) -> Result<(), ErrorKind> { pub unsafe fn ykpiv_util_reset(state: &mut YubiKey) -> Result<(), ErrorKind> {
let templ = [0, YKPIV_INS_RESET, 0, 0]; let templ = [0, YKPIV_INS_RESET, 0, 0];
let mut data = [0u8; 255]; let mut data = [0u8; 255];
let mut recv_len = data.len(); let mut recv_len = data.len();
@@ -2081,7 +2053,7 @@ pub fn ykpiv_util_slot_object(slot: u8) -> u32 {
/// Read certificate /// Read certificate
unsafe fn _read_certificate( unsafe fn _read_certificate(
state: *mut YubiKey, state: &mut YubiKey,
slot: u8, slot: u8,
buf: *mut u8, buf: *mut u8,
buf_len: *mut usize, buf_len: *mut usize,
@@ -2125,7 +2097,7 @@ unsafe fn _read_certificate(
/// Write certificate /// Write certificate
unsafe fn _write_certificate( unsafe fn _write_certificate(
state: *mut YubiKey, state: &mut YubiKey,
slot: u8, slot: u8,
data: *mut u8, data: *mut u8,
data_len: usize, data_len: usize,
@@ -2337,7 +2309,7 @@ unsafe fn _set_metadata_item(
/// Read metadata /// Read metadata
unsafe fn _read_metadata( unsafe fn _read_metadata(
state: *mut YubiKey, state: &mut YubiKey,
tag: u8, tag: u8,
data: *mut u8, data: *mut u8,
pcb_data: *mut usize, pcb_data: *mut usize,
@@ -2393,7 +2365,7 @@ unsafe fn _read_metadata(
/// Write metadata /// Write metadata
unsafe fn _write_metadata( unsafe fn _write_metadata(
state: *mut YubiKey, state: &mut YubiKey,
tag: u8, tag: u8,
data: *mut u8, data: *mut u8,
cb_data: usize, cb_data: usize,
+154 -194
View File
File diff suppressed because it is too large Load Diff