Followups from #371 (#435)

Implements the changes I suggested in that PR, which are related to
naming conventions and documentation.
This commit is contained in:
Tony Arcieri (iqlusion)
2022-11-12 16:41:58 -07:00
committed by GitHub
parent 7470b1613a
commit 603b102932
2 changed files with 47 additions and 27 deletions
+45 -25
View File
@@ -353,11 +353,15 @@ impl RetiredSlotId {
} }
/// Management slot IDs. /// Management slot IDs.
#[allow(missing_docs)]
#[derive(Clone, Copy, Debug, Eq, Hash, PartialEq, Ord, PartialOrd)] #[derive(Clone, Copy, Debug, Eq, Hash, PartialEq, Ord, PartialOrd)]
pub enum ManagementSlotId { pub enum ManagementSlotId {
PIN, /// Personal Identification Number (PIN).
PUK, Pin,
/// PIN Unblocking Key (PUK).
Puk,
/// Management Key.
Management, Management,
} }
@@ -366,8 +370,8 @@ impl TryFrom<u8> for ManagementSlotId {
fn try_from(value: u8) -> Result<Self> { fn try_from(value: u8) -> Result<Self> {
match value { match value {
0x80 => Ok(ManagementSlotId::PIN), 0x80 => Ok(ManagementSlotId::Pin),
0x81 => Ok(ManagementSlotId::PUK), 0x81 => Ok(ManagementSlotId::Puk),
0x9b => Ok(ManagementSlotId::Management), 0x9b => Ok(ManagementSlotId::Management),
_ => Err(Error::InvalidObject), _ => Err(Error::InvalidObject),
} }
@@ -379,8 +383,8 @@ impl FromStr for ManagementSlotId {
fn from_str(value: &str) -> Result<Self> { fn from_str(value: &str) -> Result<Self> {
match value { match value {
"80" => Ok(ManagementSlotId::PIN), "80" => Ok(ManagementSlotId::Pin),
"81" => Ok(ManagementSlotId::PUK), "81" => Ok(ManagementSlotId::Puk),
"9b" => Ok(ManagementSlotId::Management), "9b" => Ok(ManagementSlotId::Management),
_ => Err(Error::InvalidObject), _ => Err(Error::InvalidObject),
} }
@@ -390,8 +394,8 @@ impl FromStr for ManagementSlotId {
impl From<ManagementSlotId> for u8 { impl From<ManagementSlotId> for u8 {
fn from(slot: ManagementSlotId) -> u8 { fn from(slot: ManagementSlotId) -> u8 {
match slot { match slot {
ManagementSlotId::PIN => 0x80, ManagementSlotId::Pin => 0x80,
ManagementSlotId::PUK => 0x81, ManagementSlotId::Puk => 0x81,
ManagementSlotId::Management => 0x9b, ManagementSlotId::Management => 0x9b,
} }
} }
@@ -405,11 +409,27 @@ impl Display for ManagementSlotId {
impl ManagementSlotId { impl ManagementSlotId {
/// Returns the [`ObjectId`] that corresponds to a given [`ManagementSlotId`]. /// Returns the [`ObjectId`] that corresponds to a given [`ManagementSlotId`].
///
/// These correspond to the "BER-TLV Tag" values from Table 3 of [NIST SP 800-73-4]:
/// "Object Identifiers of the PIV Data Objects for Interoperable Use".
///
/// [NIST SP 800-73-4]: https://csrc.nist.gov/publications/detail/sp/800-73/4/final
pub(crate) fn object_id(self) -> ObjectId { pub(crate) fn object_id(self) -> ObjectId {
match self { match self {
ManagementSlotId::PIN => 0x005f_c10b, // TODO: no idea where to get those object_ids // Data Object: "X.509 Certificate for Key Management"
ManagementSlotId::PUK => 0x005f_c10c, // TODO // OID: 2.16.840.1.101.3.7.2.1.2
ManagementSlotId::Management => 0x005f_c10f, // TODO // BER-TLV Tag: '5FC10B'
ManagementSlotId::Pin => 0x005f_c10b,
// Data Object: "Key History Object"
// OID: 2.16.840.1.101.3.7.2.96.96
// BER-TLV Tag: '5FC10C'
ManagementSlotId::Puk => 0x005f_c10c,
// Data Object: "Retired X.509 Certificate for Key Management 3"
// OID: 2.16.840.1.101.3.7.2.16.3
// BER-TLV Tag: '5FC10F'
ManagementSlotId::Management => 0x005f_c10f,
} }
} }
} }
@@ -440,8 +460,8 @@ pub const SLOTS: [SlotId; 27] = [
SlotId::Retired(RetiredSlotId::R19), SlotId::Retired(RetiredSlotId::R19),
SlotId::Retired(RetiredSlotId::R20), SlotId::Retired(RetiredSlotId::R20),
SlotId::CardAuthentication, SlotId::CardAuthentication,
SlotId::Management(ManagementSlotId::PIN), SlotId::Management(ManagementSlotId::Pin),
SlotId::Management(ManagementSlotId::PUK), SlotId::Management(ManagementSlotId::Puk),
SlotId::Management(ManagementSlotId::Management), SlotId::Management(ManagementSlotId::Management),
]; ];
@@ -950,7 +970,7 @@ impl TryFrom<Buffer> for SlotMetadata {
|input| Tlv::parse(input).map_err(|_| nom::Err::Error(())), |input| Tlv::parse(input).map_err(|_| nom::Err::Error(())),
|| { || {
Ok(SlotMetadata { Ok(SlotMetadata {
algorithm: ManagementAlgorithmId::PINPUK, algorithm: ManagementAlgorithmId::PinPuk,
policy: None, policy: None,
origin: None, origin: None,
public: None, public: None,
@@ -993,7 +1013,7 @@ impl TryFrom<Buffer> for SlotMetadata {
} }
4 => { 4 => {
match metadata.algorithm { match metadata.algorithm {
ManagementAlgorithmId::Asymetric(alg) => { ManagementAlgorithmId::Asymmetric(alg) => {
metadata.public = Some(read_public_key(alg, tlv.value, false)?); metadata.public = Some(read_public_key(alg, tlv.value, false)?);
} }
_ => Err(Error::ParseError)?, _ => Err(Error::ParseError)?,
@@ -1186,11 +1206,11 @@ fn read_public_key(
/// Algorithms as reported by the metadata command. /// Algorithms as reported by the metadata command.
pub enum ManagementAlgorithmId { pub enum ManagementAlgorithmId {
/// Used on PIN and PUK slots. /// Used on PIN and PUK slots.
PINPUK, PinPuk,
/// Used on the key management slot. /// Used on the key management slot.
ThreeDES, ThreeDes,
/// Used on all other slots. /// Used on all other slots.
Asymetric(AlgorithmId), Asymmetric(AlgorithmId),
} }
impl TryFrom<u8> for ManagementAlgorithmId { impl TryFrom<u8> for ManagementAlgorithmId {
@@ -1198,9 +1218,9 @@ impl TryFrom<u8> for ManagementAlgorithmId {
fn try_from(value: u8) -> Result<Self> { fn try_from(value: u8) -> Result<Self> {
match value { match value {
0xff => Ok(ManagementAlgorithmId::PINPUK), 0xff => Ok(ManagementAlgorithmId::PinPuk),
0x03 => Ok(ManagementAlgorithmId::ThreeDES), 0x03 => Ok(ManagementAlgorithmId::ThreeDes),
oth => AlgorithmId::try_from(oth).map(ManagementAlgorithmId::Asymetric), oth => AlgorithmId::try_from(oth).map(ManagementAlgorithmId::Asymmetric),
} }
} }
} }
@@ -1208,9 +1228,9 @@ impl TryFrom<u8> for ManagementAlgorithmId {
impl From<ManagementAlgorithmId> for u8 { impl From<ManagementAlgorithmId> for u8 {
fn from(id: ManagementAlgorithmId) -> u8 { fn from(id: ManagementAlgorithmId) -> u8 {
match id { match id {
ManagementAlgorithmId::PINPUK => 0xff, ManagementAlgorithmId::PinPuk => 0xff,
ManagementAlgorithmId::ThreeDES => 0x03, ManagementAlgorithmId::ThreeDes => 0x03,
ManagementAlgorithmId::Asymetric(oth) => oth.into(), ManagementAlgorithmId::Asymmetric(oth) => oth.into(),
} }
} }
} }
+2 -2
View File
@@ -280,11 +280,11 @@ fn test_slot_id_display() {
assert_eq!(format!("{}", SlotId::Retired(RetiredSlotId::R20)), "R20"); assert_eq!(format!("{}", SlotId::Retired(RetiredSlotId::R20)), "R20");
assert_eq!( assert_eq!(
format!("{}", SlotId::Management(ManagementSlotId::PIN)), format!("{}", SlotId::Management(ManagementSlotId::Pin)),
"PIN" "PIN"
); );
assert_eq!( assert_eq!(
format!("{}", SlotId::Management(ManagementSlotId::PUK)), format!("{}", SlotId::Management(ManagementSlotId::Puk)),
"PUK" "PUK"
); );
assert_eq!( assert_eq!(