From 6c03ea89ecebe8ddbdae0f2d9a9bd3ae0358ed16 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Wed, 20 Nov 2019 11:09:59 +0000 Subject: [PATCH] Return Result<(), ErrorKind> from most internal APIs Started with _ykpiv_begin_transaction and kept going incrementally until it compiled again. --- src/util.rs | 459 ++++++++++++++++----------------------- src/yubikey.rs | 567 +++++++++++++++++++------------------------------ 2 files changed, 405 insertions(+), 621 deletions(-) diff --git a/src/util.rs b/src/util.rs index 25999f5..b2b4612 100644 --- a/src/util.rs +++ b/src/util.rs @@ -86,22 +86,20 @@ pub unsafe fn ykpiv_util_get_cardid( ) -> Result<(), ErrorKind> { let mut buf = [0u8; CB_OBJ_MAX]; let mut len = buf.len(); - let mut res: ErrorKind = ErrorKind::Ok; + let mut res = Ok(()); if cardid.is_null() { return Err(ErrorKind::GenericError); } - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { res = _ykpiv_fetch_object(state, YKPIV_OBJ_CHUID as i32, buf.as_mut_ptr(), &mut len); - if res == ErrorKind::Ok { + if res.is_ok() { if len != CHUID_TMPL.len() { - res = ErrorKind::GenericError; + res = Err(ErrorKind::GenericError); } else { memcpy( (*cardid).0.as_mut_ptr() as (*mut c_void), @@ -113,10 +111,7 @@ pub unsafe fn ykpiv_util_get_cardid( } _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Set Card ID @@ -126,7 +121,7 @@ pub unsafe fn ykpiv_util_set_cardid( ) -> Result<(), ErrorKind> { let mut id = [0u8; YKPIV_CARDID_SIZE]; let mut buf = [0u8; CHUID_TMPL.len()]; - let mut res = ErrorKind::Ok; + let mut res = Ok(()); if cardid.is_null() { if _ykpiv_prng_generate(id.as_mut_ptr(), id.len()) != PRngErrorKind::Ok { @@ -140,11 +135,9 @@ pub unsafe fn ykpiv_util_set_cardid( ); } - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { memcpy( buf.as_mut_ptr() as *mut c_void, CHUID_TMPL.as_ptr() as *const c_void, @@ -166,10 +159,7 @@ pub unsafe fn ykpiv_util_set_cardid( } _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Cardholder Capability Container (CCC) Identifier @@ -178,7 +168,7 @@ pub struct CCCID([u8; 14]); /// Get Cardholder Capability Container (CCC) ID pub unsafe fn ykpiv_util_get_cccid(state: &mut YubiKey, ccc: *mut CCCID) -> Result<(), ErrorKind> { - let mut res: ErrorKind = ErrorKind::Ok; + let mut res = Ok(()); let mut buf = [0u8; CB_OBJ_MAX]; let mut len = buf.len(); @@ -186,11 +176,9 @@ pub unsafe fn ykpiv_util_get_cccid(state: &mut YubiKey, ccc: *mut CCCID) -> Resu return Err(ErrorKind::GenericError); } - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { res = _ykpiv_fetch_object( state, YKPIV_OBJ_CAPABILITY as i32, @@ -198,7 +186,7 @@ pub unsafe fn ykpiv_util_get_cccid(state: &mut YubiKey, ccc: *mut CCCID) -> Resu &mut len, ); - if res == ErrorKind::Ok { + if res.is_ok() { if len != CCC_TMPL.len() { _ykpiv_end_transaction(state); return Err(ErrorKind::GenericError); @@ -212,10 +200,7 @@ pub unsafe fn ykpiv_util_get_cccid(state: &mut YubiKey, ccc: *mut CCCID) -> Resu } } - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Get Cardholder Capability Container (CCC) ID @@ -223,7 +208,7 @@ pub unsafe fn ykpiv_util_set_cccid( state: &mut YubiKey, ccc: *const CCCID, ) -> Result<(), ErrorKind> { - let mut res: ErrorKind = ErrorKind::Ok; + let mut res = Ok(()); let mut id = [0u8; 14]; let mut buf = [0u8; 51]; let len: usize; @@ -240,11 +225,9 @@ pub unsafe fn ykpiv_util_set_cccid( ); } - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { len = 51; memcpy( @@ -263,10 +246,7 @@ pub unsafe fn ykpiv_util_set_cccid( } _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Get YubiKey device model @@ -347,11 +327,9 @@ pub unsafe fn ykpiv_util_list_keys( return Err(ErrorKind::GenericError); } - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { *key_count = 0; *data = ptr::null_mut(); *data_len = 0; @@ -473,11 +451,9 @@ pub unsafe fn ykpiv_util_read_cert( return Err(ErrorKind::GenericError); } - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { *data = ptr::null_mut(); *data_len = 0; res = _read_certificate(state, slot, buf.as_mut_ptr(), &mut cb_buf); @@ -518,21 +494,16 @@ pub unsafe fn ykpiv_util_write_cert( data_len: usize, certinfo: u8, ) -> Result<(), ErrorKind> { - let mut res: ErrorKind = ErrorKind::Ok; + let mut res = Ok(()); - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { res = _write_certificate(state, slot, data, data_len, certinfo); } _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Delete certificate @@ -543,7 +514,7 @@ pub unsafe fn ykpiv_util_delete_cert(state: &mut YubiKey, slot: u8) -> Result<() /// Block PUK pub unsafe fn ykpiv_util_block_puk(state: &mut YubiKey) -> Result<(), ErrorKind> { let mut _currentBlock; - let mut res: ErrorKind = ErrorKind::Ok; + let mut res = Ok(()); let mut puk = [0x30, 0x42, 0x41, 0x44, 0x46, 0x30, 0x30, 0x44]; let mut tries: i32 = -1; let mut data = [0u8; YKPIV_OBJ_MAX_SIZE]; @@ -552,11 +523,9 @@ pub unsafe fn ykpiv_util_block_puk(state: &mut YubiKey) -> Result<(), ErrorKind> let mut cb_item: usize = 0; let mut flags: u8 = 0; - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { _currentBlock = 20; } else { _currentBlock = 3; @@ -574,24 +543,24 @@ pub unsafe fn ykpiv_util_block_puk(state: &mut YubiKey) -> Result<(), ErrorKind> &mut tries, ); - if res == ErrorKind::Ok { + if res.is_ok() { let _rhs = 1; let mut _lhs = &mut puk[0]; *_lhs += _rhs; _currentBlock = 3; } else { - if res != ErrorKind::PinLocked { + if res != Err(ErrorKind::PinLocked) { _currentBlock = 3; continue; } tries = 0; - res = ErrorKind::Ok; + res = Ok(()); _currentBlock = 3; } } else { let res = _read_metadata(state, TAG_ADMIN, data.as_mut_ptr(), &mut cb_data); - if res == ErrorKind::Ok { + if res.is_ok() { let res = _get_metadata_item( data.as_mut_ptr(), cb_data, @@ -600,7 +569,7 @@ pub unsafe fn ykpiv_util_block_puk(state: &mut YubiKey) -> Result<(), ErrorKind> &mut cb_item, ); - if res == ErrorKind::Ok { + if res.is_ok() { if cb_item == 1 { // TODO(tarcieri): get rid of memcpy and pointers, replace with slices! #[allow(trivial_casts)] @@ -624,7 +593,8 @@ pub unsafe fn ykpiv_util_block_puk(state: &mut YubiKey) -> Result<(), ErrorKind> TAG_ADMIN_FLAGS_1, &mut flags, 1, - ) != ErrorKind::Ok + ) + .is_err() { if state.verbose == 0 { _currentBlock = 20; @@ -633,7 +603,7 @@ pub unsafe fn ykpiv_util_block_puk(state: &mut YubiKey) -> Result<(), ErrorKind> eprintln!("could not set admin flags"); _currentBlock = 20; } else { - if _write_metadata(state, 0x80u8, data.as_mut_ptr(), cb_data) == ErrorKind::Ok { + if _write_metadata(state, 0x80u8, data.as_mut_ptr(), cb_data).is_ok() { _currentBlock = 20; continue; } @@ -647,10 +617,7 @@ pub unsafe fn ykpiv_util_block_puk(state: &mut YubiKey) -> Result<(), ErrorKind> } } else { _ykpiv_end_transaction(state); - return match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - }; + return res; } } } @@ -691,7 +658,7 @@ pub unsafe fn ykpiv_util_read_mscmap( containers: *mut *mut YkPivContainer, n_containers: *mut usize, ) -> Result<(), ErrorKind> { - let mut res: ErrorKind = ErrorKind::Ok; + let mut res = Ok(()); let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE]; let mut cb_buf: usize = buf.len(); let mut len: usize = 0; @@ -699,14 +666,12 @@ pub unsafe fn ykpiv_util_read_mscmap( if containers.is_null() || n_containers.is_null() { // TODO(str4d): Should this really continue on here? - res = ErrorKind::GenericError; + res = Err(ErrorKind::GenericError); } - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { *containers = ptr::null_mut(); *n_containers = 0; @@ -717,12 +682,9 @@ pub unsafe fn ykpiv_util_read_mscmap( &mut cb_buf, ); - if res != ErrorKind::Ok { + if res.is_err() { _ykpiv_end_transaction(state); - return match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - }; + return res; } ptr = buf.as_mut_ptr(); @@ -744,7 +706,7 @@ pub unsafe fn ykpiv_util_read_mscmap( *containers = calloc(len, 1) as (*mut YkPivContainer); if (*containers).is_null() { - res = ErrorKind::MemoryError; + res = Err(ErrorKind::MemoryError); } else { memcpy(*containers as (*mut c_void), ptr as (*const c_void), len); *n_containers = len.wrapping_div(mem::size_of::()); @@ -752,10 +714,7 @@ pub unsafe fn ykpiv_util_read_mscmap( } } - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Get max object size @@ -773,28 +732,23 @@ pub unsafe fn ykpiv_util_write_mscmap( containers: *mut YkPivContainer, n_containers: usize, ) -> Result<(), ErrorKind> { - let mut res = ErrorKind::Ok; + let mut res = Ok(()); let mut buf = [0u8; CB_OBJ_MAX]; let mut offset: usize = 0; let data_len: usize = n_containers.wrapping_mul(mem::size_of::()); - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { if containers.is_null() || n_containers == 0 { if !containers.is_null() || n_containers != 0 { - res = ErrorKind::GenericError; + res = Err(ErrorKind::GenericError); } else { res = _ykpiv_save_object(state, YKPIV_OBJ_MSCMAP as i32, ptr::null_mut(), 0); } _ykpiv_end_transaction(state); - return match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - }; + return res; } let req_len = 1 + _ykpiv_set_length(buf.as_mut_ptr(), data_len) + data_len; @@ -817,10 +771,7 @@ pub unsafe fn ykpiv_util_write_mscmap( } _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Read msroots @@ -830,7 +781,7 @@ pub unsafe fn ykpiv_util_read_msroots( data_len: *mut usize, ) -> Result<(), ErrorKind> { let mut _currentBlock; - let mut res = ErrorKind::Ok; + let mut res = Ok(()); let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE]; let mut cb_buf: usize; let mut len: usize = 0; @@ -847,18 +798,16 @@ pub unsafe fn ykpiv_util_read_msroots( return Err(ErrorKind::GenericError); } - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { *data = ptr::null_mut(); *data_len = 0; cb_data = _obj_size_max(state); p_data = calloc(cb_data, 1) as (*mut u8); if p_data.is_null() { - res = ErrorKind::MemoryError; + res = Err(ErrorKind::MemoryError); } else { object_id = YKPIV_OBJ_MSROOTS1 as i32; loop { @@ -870,7 +819,7 @@ pub unsafe fn ykpiv_util_read_msroots( res = _ykpiv_fetch_object(state, object_id, buf.as_mut_ptr(), &mut cb_buf); - if res != ErrorKind::Ok { + if res.is_err() { _currentBlock = 21; break; } @@ -936,11 +885,11 @@ pub unsafe fn ykpiv_util_read_msroots( *data = p_data; p_data = ptr::null_mut(); *data_len = offset; - res = ErrorKind::Ok; + res = Ok(()); } else if _currentBlock == 16 { - res = ErrorKind::MemoryError; + res = Err(ErrorKind::MemoryError); } else { - res = ErrorKind::Ok; + res = Ok(()); } } } @@ -950,10 +899,7 @@ pub unsafe fn ykpiv_util_read_msroots( } _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Write msroots @@ -962,7 +908,7 @@ pub unsafe fn ykpiv_util_write_msroots( data: *mut u8, data_len: usize, ) -> Result<(), ErrorKind> { - let mut res: ErrorKind = ErrorKind::Ok; + let mut res = Ok(()); let mut buf = [0u8; CB_OBJ_MAX]; let mut offset: usize; let mut data_offset: usize = 0; @@ -970,23 +916,18 @@ pub unsafe fn ykpiv_util_write_msroots( let n_objs: usize; let cb_obj_max = _obj_size_max(state); - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { if data.is_null() || data_len == 0 { if !data.is_null() || data_len != 0 { - res = ErrorKind::GenericError; + res = Err(ErrorKind::GenericError); } else { res = _ykpiv_save_object(state, YKPIV_OBJ_MSROOTS1 as i32, ptr::null_mut(), 0); } _ykpiv_end_transaction(state); - return match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - }; + return res; } n_objs = (data_len / (cb_obj_max - 4)) + 1; @@ -1029,7 +970,7 @@ pub unsafe fn ykpiv_util_write_msroots( offset, ); - if res != ErrorKind::Ok { + if res.is_err() { break; } @@ -1038,10 +979,7 @@ pub unsafe fn ykpiv_util_write_msroots( } _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } // Keygen messages @@ -1070,7 +1008,7 @@ pub unsafe fn ykpiv_util_generate_key( point: *mut *mut u8, point_len: *mut usize, ) -> Result<(), ErrorKind> { - let mut res: ErrorKind = ErrorKind::Ok; + let mut res = Ok(()); let mut in_data = [0u8; 11]; let mut in_ptr = in_data.as_mut_ptr(); let mut data = [0u8; 1024]; @@ -1116,8 +1054,7 @@ pub unsafe fn ykpiv_util_generate_key( (ROCA) and should be replaced. On-chip key generation {} See \ YSA-2017-01 \ for additional information on device replacement and mitigation assistance", - state.serial, - psz_msg + state.serial, psz_msg ); if !setting_roca.value { @@ -1159,11 +1096,9 @@ pub unsafe fn ykpiv_util_generate_key( } } - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { templ[3] = slot; *{ let _old = in_ptr; @@ -1196,7 +1131,7 @@ pub unsafe fn ykpiv_util_generate_key( } = algorithm; if in_data[4] == 0 { - res = ErrorKind::AlgorithmError; + res = Err(ErrorKind::AlgorithmError); if state.verbose != 0 { eprintln!("Unexpected algorithm.\n"); } @@ -1253,7 +1188,7 @@ pub unsafe fn ykpiv_util_generate_key( &mut sw, ); - if res != ErrorKind::Ok { + if res.is_err() { if state.verbose != 0 { eprintln!("Failed to communicate."); } @@ -1264,13 +1199,13 @@ pub unsafe fn ykpiv_util_generate_key( match sw { SW_ERR_INCORRECT_SLOT => { - res = ErrorKind::KeyError; + res = Err(ErrorKind::KeyError); if state.verbose != 0 { eprintln!("incorrect slot)"); } } SW_ERR_INCORRECT_PARAM => { - res = ErrorKind::AlgorithmError; + res = Err(ErrorKind::AlgorithmError); if state.verbose != 0 { if pin_policy as (i32) != 0i32 { eprintln!("pin policy not supported?)",); @@ -1282,13 +1217,13 @@ pub unsafe fn ykpiv_util_generate_key( } } SW_ERR_SECURITY_STATUS => { - res = ErrorKind::AuthenticationError; + res = Err(ErrorKind::AuthenticationError); if state.verbose != 0 { eprintln!("not authenticated)"); } } _ => { - res = ErrorKind::GenericError; + res = Err(ErrorKind::GenericError); if state.verbose != 0 { eprintln!("error {:x})", sw); } @@ -1301,7 +1236,7 @@ pub unsafe fn ykpiv_util_generate_key( if state.verbose != 0 { eprintln!("Failed to parse public key structure (modulus)."); } - res = ErrorKind::ParseError; + res = Err(ErrorKind::ParseError); } else { data_ptr = data_ptr.add(1); data_ptr = data_ptr.add(_ykpiv_get_length(data_ptr, &mut len)); @@ -1311,7 +1246,7 @@ pub unsafe fn ykpiv_util_generate_key( if state.verbose != 0 { eprintln!("Failed to allocate memory for modulus."); } - res = ErrorKind::MemoryError; + res = Err(ErrorKind::MemoryError); } else { memcpy( ptr_modulus as *mut c_void, @@ -1325,7 +1260,7 @@ pub unsafe fn ykpiv_util_generate_key( "Failed to parse public key structure (public exponent)." ); } - res = ErrorKind::ParseError; + res = Err(ErrorKind::ParseError); } else { data_ptr = data_ptr.add(1); data_ptr = data_ptr.add(_ykpiv_get_length(data_ptr, &mut len)); @@ -1335,7 +1270,7 @@ pub unsafe fn ykpiv_util_generate_key( if state.verbose != 0 { eprintln!("Failed to allocate memory for public exponent."); } - res = ErrorKind::MemoryError; + res = Err(ErrorKind::MemoryError); } else { memcpy( ptr_exp as (*mut c_void), @@ -1370,7 +1305,7 @@ pub unsafe fn ykpiv_util_generate_key( if state.verbose != 0 { eprintln!("Failed to parse public key structure.\n",); } - res = ErrorKind::ParseError; + res = Err(ErrorKind::ParseError); } else if *{ let _old = data_ptr; data_ptr = data_ptr.offset(1); @@ -1381,7 +1316,7 @@ pub unsafe fn ykpiv_util_generate_key( if state.verbose != 0 { eprintln!("Unexpected length.\n"); } - res = ErrorKind::AlgorithmError; + res = Err(ErrorKind::AlgorithmError); } else { cb_point = len; ptr_point = calloc(cb_point, 1) as (*mut u8); @@ -1389,7 +1324,7 @@ pub unsafe fn ykpiv_util_generate_key( if state.verbose != 0 { eprintln!("Failed to allocate memory for public point."); } - res = ErrorKind::MemoryError; + res = Err(ErrorKind::MemoryError); } else { memcpy( ptr_point as (*mut c_void), @@ -1405,7 +1340,7 @@ pub unsafe fn ykpiv_util_generate_key( if state.verbose != 0 { eprintln!("Wrong algorithm."); } - res = ErrorKind::AlgorithmError; + res = Err(ErrorKind::AlgorithmError); } } } @@ -1423,10 +1358,7 @@ pub unsafe fn ykpiv_util_generate_key( } _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Config mgm type @@ -1484,19 +1416,18 @@ pub unsafe fn ykpiv_util_get_config( (*config).pin_last_changed = 0u32; (*config).mgm_type = YkPivConfigMgmType::YKPIV_CONFIG_MGM_MANUAL; - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { - if _read_metadata(state, 0x80u8, data.as_mut_ptr(), &mut cb_data) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { + if _read_metadata(state, 0x80u8, data.as_mut_ptr(), &mut cb_data).is_ok() { if _get_metadata_item( data.as_mut_ptr(), cb_data, 0x81u8, &mut p_item, &mut cb_item, - ) == ErrorKind::Ok + ) + .is_ok() { if *p_item & 0x1 != 0 { (*config).puk_blocked = 1u8; @@ -1512,7 +1443,8 @@ pub unsafe fn ykpiv_util_get_config( 0x82u8, &mut p_item, &mut cb_item, - ) == ErrorKind::Ok + ) + .is_ok() { if (*config).mgm_type as (i32) != YkPivConfigMgmType::YKPIV_CONFIG_MGM_MANUAL as (i32) @@ -1531,7 +1463,8 @@ pub unsafe fn ykpiv_util_get_config( 0x83u8, &mut p_item, &mut cb_item, - ) == ErrorKind::Ok + ) + .is_ok() { if cb_item != 4 { if state.verbose != 0 { @@ -1549,7 +1482,7 @@ pub unsafe fn ykpiv_util_get_config( } } cb_data = mem::size_of::<[u8; YKPIV_OBJ_MAX_SIZE]>(); - if _read_metadata(state, 0x88u8, data.as_mut_ptr(), &mut cb_data) == ErrorKind::Ok { + if _read_metadata(state, 0x88u8, data.as_mut_ptr(), &mut cb_data).is_ok() { (*config).protected_data_available = 1u8; let res = _get_metadata_item( @@ -1560,7 +1493,7 @@ pub unsafe fn ykpiv_util_get_config( &mut cb_item, ); - if res == ErrorKind::Ok && *p_item as (i32) & 0x1i32 != 0 { + if res.is_ok() && *p_item as (i32) & 0x1i32 != 0 { (*config).puk_noblock_on_upgrade = 1u8; } @@ -1572,7 +1505,7 @@ pub unsafe fn ykpiv_util_get_config( &mut cb_item, ); - if res == ErrorKind::Ok { + if res.is_ok() { if (*config).mgm_type != YkPivConfigMgmType::YKPIV_CONFIG_MGM_PROTECTED && state.verbose != 0 { @@ -1596,17 +1529,12 @@ pub unsafe fn ykpiv_util_get_config( pub unsafe fn ykpiv_util_set_pin_last_changed(state: &mut YubiKey) -> Result<(), ErrorKind> { let mut data = [0u8; YKPIV_OBJ_MAX_SIZE]; let mut cb_data = data.len(); - let mut res = ErrorKind::Ok; - let ykrc: ErrorKind; + let mut res = Ok(()); - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { - ykrc = _read_metadata(state, 0x80, data.as_mut_ptr(), &mut cb_data); - - if ykrc != ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { + if _read_metadata(state, 0x80, data.as_mut_ptr(), &mut cb_data).is_err() { cb_data = 0; } @@ -1625,22 +1553,21 @@ pub unsafe fn ykpiv_util_set_pin_last_changed(state: &mut YubiKey) -> Result<(), ) }; - if res != ErrorKind::Ok { + if let Err(e) = res.as_ref() { if state.verbose != 0 { - eprintln!("could not set pin timestamp, err = {}\n", res as (i32),); + eprintln!("could not set pin timestamp, err = {}\n", e,); } } else { res = _write_metadata(state, 0x80u8, data.as_mut_ptr(), cb_data); - if res != ErrorKind::Ok && state.verbose != 0 { - eprintln!("could not write admin data, err = {}", res); + if let Err(e) = res.as_ref() { + if state.verbose != 0 { + eprintln!("could not write admin data, err = {}", e); + } } } } _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Management key (MGM) @@ -1670,20 +1597,18 @@ pub unsafe fn ykpiv_util_get_derived_mgm( let mut cb_data: usize = data.len(); let mut p_item: *mut u8 = ptr::null_mut(); let mut cb_item: usize = 0; - let mut res: ErrorKind = ErrorKind::Ok; + let mut res = Ok(()); if pin.is_null() || pin_len == 0 || mgm.is_null() { return Err(ErrorKind::GenericError); } - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { res = _read_metadata(state, 0x80u8, data.as_mut_ptr(), &mut cb_data); - if res == ErrorKind::Ok { + if res.is_ok() { res = _get_metadata_item( data.as_mut_ptr(), cb_data, @@ -1692,7 +1617,7 @@ pub unsafe fn ykpiv_util_get_derived_mgm( &mut cb_item, ); - if res == ErrorKind::Ok { + if res.is_ok() { if cb_item != 16usize { if state.verbose != 0 { eprintln!( @@ -1700,7 +1625,7 @@ pub unsafe fn ykpiv_util_get_derived_mgm( cb_item, ); } - res = ErrorKind::GenericError; + res = Err(ErrorKind::GenericError); } else { let p5rc = pkcs5_pbkdf2_sha1( pin, @@ -1717,7 +1642,7 @@ pub unsafe fn ykpiv_util_get_derived_mgm( eprintln!("pbkdf2 failure, err = {:?}", p5rc); } - res = ErrorKind::GenericError; + res = Err(ErrorKind::GenericError); } } } @@ -1725,10 +1650,7 @@ pub unsafe fn ykpiv_util_get_derived_mgm( } _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Get protected management key (MGM) @@ -1740,20 +1662,18 @@ pub unsafe fn ykpiv_util_get_protected_mgm( let mut cb_data: usize = data.len(); let mut p_item: *mut u8 = ptr::null_mut(); let mut cb_item: usize = 0; - let mut res = ErrorKind::Ok; + let mut res = Ok(()); if mgm.is_null() { return Err(ErrorKind::GenericError); } - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { res = _read_metadata(state, 0x88u8, data.as_mut_ptr(), &mut cb_data); - if res != ErrorKind::Ok { + if res.is_err() { if state.verbose != 0 { eprintln!("could not read protected data, err = {:?}", res); } @@ -1766,12 +1686,9 @@ pub unsafe fn ykpiv_util_get_protected_mgm( &mut cb_item, ); - if res != ErrorKind::Ok { + if let Err(e) = res.as_ref() { if state.verbose != 0 { - eprintln!( - "could not read protected mgm from metadata, err = {}", - res as (i32), - ); + eprintln!("could not read protected mgm from metadata, err = {}", e,); } } else if cb_item != (*mgm).0.len() { if state.verbose != 0 { @@ -1780,7 +1697,7 @@ pub unsafe fn ykpiv_util_get_protected_mgm( cb_item, ); } - res = ErrorKind::AuthenticationError; + res = Err(ErrorKind::AuthenticationError); } else { memcpy( (*mgm).0.as_mut_ptr() as (*mut c_void), @@ -1793,10 +1710,7 @@ pub unsafe fn ykpiv_util_get_protected_mgm( data.zeroize(); _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Set protected management key (MGM) @@ -1806,8 +1720,8 @@ pub unsafe fn ykpiv_util_set_protected_mgm( mgm: *mut YkPivMgm, ) -> Result<(), ErrorKind> { let mut _currentBlock; - let mut res: ErrorKind = ErrorKind::Ok; - let mut ykrc: ErrorKind = ErrorKind::Ok; + let mut res = Ok(()); + let mut ykrc = Ok(()); let mut prngrc: PRngErrorKind = PRngErrorKind::Ok; let mut f_generate: bool; let mut mgm_key = [0u8; 24]; @@ -1845,11 +1759,9 @@ pub unsafe fn ykpiv_util_set_protected_mgm( } } - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { loop { if f_generate { prngrc = _ykpiv_prng_generate(mgm_key.as_mut_ptr(), mem::size_of::<[u8; 24]>()); @@ -1860,8 +1772,8 @@ pub unsafe fn ykpiv_util_set_protected_mgm( } ykrc = ykpiv_set_mgmkey(state, mgm_key.as_mut_ptr()); - if ykrc != ErrorKind::Ok { - if ErrorKind::KeyError as (i32) != ykrc as (i32) { + if ykrc.is_err() { + if Err(ErrorKind::KeyError) != ykrc { _currentBlock = 44; break; } @@ -1885,7 +1797,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm( ykrc = _read_metadata(state, 0x88u8, data.as_mut_ptr(), &mut cb_data); - if ykrc != ErrorKind::Ok { + if ykrc.is_err() { cb_data = 0; } @@ -1898,7 +1810,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm( mgm_key.len(), ); - if ykrc != ErrorKind::Ok { + if ykrc.is_err() { if state.verbose != 0 { eprintln!("could not set protected mgm item, err = {:?}", ykrc); _currentBlock = 26; @@ -1907,7 +1819,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm( } } else { ykrc = _write_metadata(state, 0x88u8, data.as_mut_ptr(), cb_data); - if ykrc != ErrorKind::Ok { + if ykrc.is_err() { if state.verbose != 0 { eprintln!("could not write protected data, err = {:?}", ykrc); _currentBlock = 51; @@ -1923,7 +1835,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm( cb_data = YKPIV_OBJ_MAX_SIZE; ykrc = _read_metadata(state, 0x80u8, data.as_mut_ptr(), &mut cb_data); - if ykrc != ErrorKind::Ok { + if ykrc.is_err() { cb_data = 0; } else { ykrc = _get_metadata_item( @@ -1934,7 +1846,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm( &mut cb_item, ); - if ykrc != ErrorKind::Ok && state.verbose != 0 { + if ykrc.is_err() && state.verbose != 0 { eprintln!("admin data exists, but flags are not present",); } @@ -1959,8 +1871,10 @@ pub unsafe fn ykpiv_util_set_protected_mgm( 0, ); - if ykrc != ErrorKind::Ok && state.verbose != 0 { - eprintln!("could not unset derived mgm salt, err = {}", ykrc); + if let Err(e) = ykrc.as_ref() { + if state.verbose != 0 { + eprintln!("could not unset derived mgm salt, err = {}", e); + } } } flags_1 |= 0x2; @@ -1974,20 +1888,25 @@ pub unsafe fn ykpiv_util_set_protected_mgm( 1, ); - if ykrc != ErrorKind::Ok { + if let Err(e) = ykrc.as_ref() { if state.verbose != 0 { - eprintln!("could not set admin flags item, err = {}", ykrc); + eprintln!("could not set admin flags item, err = {}", e); } } else { ykrc = _write_metadata(state, 0x80u8, data.as_mut_ptr(), cb_data); - if ykrc != ErrorKind::Ok && state.verbose != 0 { - eprintln!("could not write admin data, err = {}", ykrc); + if let Err(e) = ykrc.as_ref() { + if state.verbose != 0 { + eprintln!("could not write admin data, err = {}", e); + } } } } } else if _currentBlock == 44 { if state.verbose != 0 { - eprintln!("could not set new derived mgm key, err = {}", ykrc); + eprintln!( + "could not set new derived mgm key, err = {}", + ykrc.as_ref().unwrap_err() + ); } res = ykrc; @@ -1996,7 +1915,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm( eprintln!("could not generate new mgm, err = {:?}", prngrc); } - res = ErrorKind::RandomnessError; + res = Err(ErrorKind::RandomnessError); } } @@ -2004,10 +1923,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm( mgm_key.zeroize(); _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Reset @@ -2027,8 +1943,8 @@ pub unsafe fn ykpiv_util_reset(state: &mut YubiKey) -> Result<(), ErrorKind> { &mut sw, ); - match (res, sw) { - (ErrorKind::Ok, SW_SUCCESS) => Ok(()), + match (res.is_ok(), sw) { + (true, SW_SUCCESS) => Ok(()), _ => Err(ErrorKind::GenericError), } } @@ -2066,7 +1982,7 @@ unsafe fn _read_certificate( return ErrorKind::InvalidObject; } - if _ykpiv_fetch_object(state, object_id, buf, buf_len) == ErrorKind::Ok { + if _ykpiv_fetch_object(state, object_id, buf, buf_len).is_ok() { ptr = buf; if *buf_len < CB_OBJ_TAG_MIN { @@ -2102,19 +2018,19 @@ unsafe fn _write_certificate( data: *mut u8, data_len: usize, certinfo: u8, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut buf = [0u8; CB_OBJ_MAX]; let object_id = ykpiv_util_slot_object(slot) as i32; let mut offset: usize = 0; let mut req_len: usize; if object_id == -1 { - return ErrorKind::InvalidObject; + return Err(ErrorKind::InvalidObject); } if data.is_null() || data_len == 0 { if !data.is_null() || data_len != 0 { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } return _ykpiv_save_object(state, object_id, ptr::null_mut(), 0); @@ -2125,7 +2041,7 @@ unsafe fn _write_certificate( req_len += data_len; if req_len < data_len || req_len > _obj_size_max(state) { - return ErrorKind::SizeError; + return Err(ErrorKind::SizeError); } buf[offset] = TAG_CERT; @@ -2163,13 +2079,13 @@ unsafe fn _get_metadata_item( tag: u8, pp_item: *mut *mut u8, pcb_item: *mut usize, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut p_temp: *mut u8 = data; let mut cb_temp: usize = 0; let mut tag_temp: u8; if data.is_null() || pp_item.is_null() || pcb_item.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } *pp_item = ptr::null_mut(); @@ -2180,7 +2096,7 @@ unsafe fn _get_metadata_item( p_temp = p_temp.add(1); if !_ykpiv_has_valid_length(p_temp, data.add(cb_data) as usize - p_temp as usize) { - return ErrorKind::SizeError; + return Err(ErrorKind::SizeError); } p_temp = p_temp.add(_ykpiv_get_length(p_temp, &mut cb_temp)); @@ -2196,9 +2112,9 @@ unsafe fn _get_metadata_item( *pp_item = p_temp; *pcb_item = cb_temp; - ErrorKind::Ok + Ok(()) } else { - ErrorKind::GenericError + Err(ErrorKind::GenericError) } } @@ -2221,7 +2137,7 @@ unsafe fn _set_metadata_item( tag: u8, p_item: *mut u8, cb_item: usize, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut p_temp: *mut u8 = data; let mut cb_temp: usize = 0; let mut tag_temp: u8 = 0; @@ -2230,7 +2146,7 @@ unsafe fn _set_metadata_item( let cb_moved: isize; if data.is_null() || pcb_data.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } while p_temp < data.add(*pcb_data) { @@ -2249,14 +2165,14 @@ unsafe fn _set_metadata_item( if tag_temp != tag { if cb_item == 0 { - return ErrorKind::Ok; + return Ok(()); } p_temp = data.add(*pcb_data); cb_len = _get_length_size(cb_item) as (usize); if (*pcb_data).wrapping_add(cb_len).wrapping_add(cb_item) > cb_data_max { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } *p_temp = tag; @@ -2266,12 +2182,12 @@ unsafe fn _set_metadata_item( memcpy(p_temp as (*mut c_void), p_item as (*const c_void), cb_item); *pcb_data += 1 + cb_len + cb_item; - return ErrorKind::Ok; + return Ok(()); } if cb_temp == cb_item { memcpy(p_temp as (*mut c_void), p_item as (*const c_void), cb_item); - return ErrorKind::Ok; + return Ok(()); } p_next = p_temp.add(cb_temp); @@ -2284,7 +2200,7 @@ unsafe fn _set_metadata_item( - cb_len as (isize)); if (*pcb_data + cb_moved as usize) > cb_data_max { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } memmove( @@ -2304,7 +2220,7 @@ unsafe fn _set_metadata_item( memcpy(p_temp as (*mut c_void), p_item as (*const c_void), cb_item); } - ErrorKind::Ok + Ok(()) } /// Read metadata @@ -2313,32 +2229,27 @@ unsafe fn _read_metadata( tag: u8, data: *mut u8, pcb_data: *mut usize, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut p_temp: *mut u8; let mut cb_temp: usize; - let res: ErrorKind; if data.is_null() || pcb_data.is_null() || YKPIV_OBJ_MAX_SIZE > *pcb_data { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } let obj_id = match tag { TAG_ADMIN => YKPIV_OBJ_ADMIN_DATA, TAG_PROTECTED => YKPIV_OBJ_PRINTED, - _ => return ErrorKind::InvalidObject, + _ => return Err(ErrorKind::InvalidObject), } as i32; cb_temp = *pcb_data; *pcb_data = 0; - res = _ykpiv_fetch_object(state, obj_id, data, &mut cb_temp); - - if res != ErrorKind::Ok { - return res; - } + _ykpiv_fetch_object(state, obj_id, data, &mut cb_temp)?; if cb_temp < CB_OBJ_TAG_MIN { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } p_temp = data; @@ -2349,18 +2260,18 @@ unsafe fn _read_metadata( _old } as (i32) { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } p_temp = p_temp.add(_ykpiv_get_length(p_temp, pcb_data)); if *pcb_data > cb_temp - (p_temp as isize - data as isize) as usize { *pcb_data = 0; - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } memmove(data as (*mut c_void), p_temp as (*const c_void), *pcb_data); - ErrorKind::Ok + Ok(()) } /// Write metadata @@ -2369,18 +2280,18 @@ unsafe fn _write_metadata( tag: u8, data: *mut u8, cb_data: usize, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut buf = [0u8; CB_OBJ_MAX]; // XXX REMEMBER TO ZERO let mut p_temp: *mut u8 = buf.as_mut_ptr(); if cb_data > _obj_size_max(state) - CB_OBJ_TAG_MAX { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } let obj_id = match tag { TAG_ADMIN => YKPIV_OBJ_ADMIN_DATA, TAG_PROTECTED => YKPIV_OBJ_PRINTED, - _ => return ErrorKind::InvalidObject, + _ => return Err(ErrorKind::InvalidObject), } as i32; if data.is_null() || cb_data == 0 { diff --git a/src/yubikey.rs b/src/yubikey.rs index c421c49..3ecd546 100644 --- a/src/yubikey.rs +++ b/src/yubikey.rs @@ -36,7 +36,7 @@ use crate::{ apdu::APDU, consts::*, - error::{ykpiv_strerror, ErrorKind}, + error::ErrorKind, internal::{ des_decrypt, des_destroy_key, des_encrypt, des_import_key, yk_des_is_weak_key, DesErrorKind, DesKey, PRngErrorKind, _ykpiv_prng_generate, @@ -231,11 +231,10 @@ pub unsafe fn ykpiv_disconnect(state: &mut YubiKey) -> ErrorKind { } /// Select application -pub(crate) unsafe fn _ykpiv_select_application(state: &mut YubiKey) -> ErrorKind { +pub(crate) unsafe fn _ykpiv_select_application(state: &mut YubiKey) -> Result<(), ErrorKind> { let mut data = [0u8; 255]; let mut recv_len = data.len() as u32; let mut sw = 0i32; - let mut res: ErrorKind; let mut apdu = APDU::default(); apdu.ins = YKPIV_INS_SELECT_APPLICATION; @@ -248,20 +247,17 @@ pub(crate) unsafe fn _ykpiv_select_application(state: &mut YubiKey) -> ErrorKind AID.len(), ); - res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw); + let mut res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw); - if res != ErrorKind::Ok { + if let Err(e) = res.as_ref() { if state.verbose != 0 { - eprintln!( - "Failed communicating with card: \'{}\'", - ykpiv_strerror(res) - ); + eprintln!("Failed communicating with card: \'{}\'", e); } } else if sw != SW_SUCCESS { if state.verbose != 0 { eprintln!("Failed selecting application: {:04x}", sw); } - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } // now that the PIV application is selected, retrieve the version @@ -273,28 +269,29 @@ pub(crate) unsafe fn _ykpiv_select_application(state: &mut YubiKey) -> ErrorKind // will result in another selection of the PIV applet. res = _ykpiv_get_version(state, ptr::null_mut()); - if res != ErrorKind::Ok && state.verbose != 0 { - eprintln!("Failed to retrieve version: \'{}\'", ykpiv_strerror(res)); + if let Err(e) = res.as_ref() { + if state.verbose != 0 { + eprintln!("Failed to retrieve version: \'{}\'", e); + } } res = _ykpiv_get_serial(state, ptr::null_mut(), false); - if res != ErrorKind::Ok { + if let Err(e) = res.as_ref() { if state.verbose != 0 { - eprintln!( - "Failed to retrieve serial number: \'{}\'", - ykpiv_strerror(res) - ); + eprintln!("Failed to retrieve serial number: \'{}\'", e); } - res = ErrorKind::Ok; + res = Ok(()); } res } /// Ensure an application is selected (presently noop) -pub(crate) unsafe fn _ykpiv_ensure_application_selected(_state: &mut YubiKey) -> ErrorKind { +pub(crate) unsafe fn _ykpiv_ensure_application_selected( + _state: &mut YubiKey, +) -> Result<(), ErrorKind> { // TODO(tarcieri): ENABLE_APPLICATION_RESELECTION support? // // Original C code below: @@ -319,7 +316,7 @@ pub(crate) unsafe fn _ykpiv_ensure_application_selected(_state: &mut YubiKey) -> // return res; // #endif - ErrorKind::Ok + Ok(()) } /// Connect to the YubiKey @@ -392,7 +389,7 @@ pub unsafe fn ykpiv_connect(state: &mut YubiKey, wanted: *const c_char) -> Resul let mut reader_ptr: *mut c_char; let mut card: i32 = -1i32; - let mut ret: ErrorKind = ykpiv_list_readers(state, reader_buf.as_mut_ptr(), &mut num_readers); + let ret: ErrorKind = ykpiv_list_readers(state, reader_buf.as_mut_ptr(), &mut num_readers); if ret != ErrorKind::Ok { return Err(ret); @@ -495,16 +492,11 @@ pub unsafe fn ykpiv_connect(state: &mut YubiKey, wanted: *const c_char) -> Resul // Select applet. This is done here instead of in _ykpiv_connect() because // you may not want to select the applet when connecting to a card handle that // was supplied by an external library. - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - ret = _ykpiv_select_application(state); + let res = _ykpiv_select_application(state); _ykpiv_end_transaction(state); - match ret { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// List readers @@ -566,7 +558,7 @@ pub unsafe fn ykpiv_list_readers( } /// Reconnect to a YubiKey -pub(crate) unsafe fn reconnect(state: &mut YubiKey) -> ErrorKind { +pub(crate) unsafe fn reconnect(state: &mut YubiKey) -> Result<(), ErrorKind> { let mut active_protocol: u32 = 0; let mut tries: i32 = 0; @@ -580,32 +572,24 @@ pub(crate) unsafe fn reconnect(state: &mut YubiKey) -> ErrorKind { if state.verbose != 0 { eprintln!("SCardReconnect failed, rc={}", rc); } - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } - let res = _ykpiv_select_application(state); - - if res != ErrorKind::Ok { - return res; - } + _ykpiv_select_application(state)?; if !state.pin.is_null() { ykpiv_verify(state, state.pin as *const c_char, &mut tries) } else { - ErrorKind::Ok + Ok(()) } } /// Begin a transaction -pub(crate) unsafe fn _ykpiv_begin_transaction(state: &mut YubiKey) -> ErrorKind { +pub(crate) unsafe fn _ykpiv_begin_transaction(state: &mut YubiKey) -> Result<(), ErrorKind> { let mut rc = SCardBeginTransaction(state.card); if rc as usize & 0xffff_ffff == 0x8010_0068 { - let res = reconnect(state); - - if res != ErrorKind::Ok { - return res; - } + reconnect(state)?; rc = SCardBeginTransaction(state.card); } @@ -615,22 +599,22 @@ pub(crate) unsafe fn _ykpiv_begin_transaction(state: &mut YubiKey) -> ErrorKind eprintln!("error: Failed to begin pcsc transaction, rc={}", rc); } - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } - ErrorKind::Ok + Ok(()) } /// End a transaction -pub(crate) unsafe fn _ykpiv_end_transaction(state: &mut YubiKey) -> ErrorKind { +pub(crate) unsafe fn _ykpiv_end_transaction(state: &mut YubiKey) -> Result<(), ErrorKind> { let rc = SCardEndTransaction(state.card, 0x0); if rc != 0x0 && state.verbose != 0 { eprintln!("error: Failed to end pcsc transaction, rc={}", rc); - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } - ErrorKind::Ok + Ok(()) } /// Transfer data @@ -642,11 +626,11 @@ pub(crate) unsafe fn _ykpiv_transfer_data( mut out_data: *mut u8, out_len: *mut usize, sw: *mut i32, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut _currentBlock; let mut in_ptr: *const u8 = in_data; let max_out = *out_len; - let mut res: ErrorKind; + let mut res: Result<(), ErrorKind>; let mut recv_len: u32; *out_len = 0; @@ -681,7 +665,7 @@ pub(crate) unsafe fn _ykpiv_transfer_data( res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, sw); - if res != ErrorKind::Ok { + if res.is_err() { _currentBlock = 24; break; } @@ -737,7 +721,7 @@ pub(crate) unsafe fn _ykpiv_transfer_data( apdu.ins = YKPIV_INS_GET_RESPONSE_APDU; res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, sw); - if res != ErrorKind::Ok { + if res.is_err() { _currentBlock = 24; break; } @@ -772,7 +756,7 @@ pub(crate) unsafe fn _ykpiv_transfer_data( max_out ); } - res = ErrorKind::SizeError; + res = Err(ErrorKind::SizeError); } } else if _currentBlock == 21 { if state.verbose != 0 { @@ -782,7 +766,7 @@ pub(crate) unsafe fn _ykpiv_transfer_data( max_out ); } - res = ErrorKind::SizeError; + res = Err(ErrorKind::SizeError); } res } @@ -796,10 +780,10 @@ pub unsafe fn ykpiv_transfer_data( out_data: *mut u8, out_len: *mut usize, sw: *mut i32, -) -> ErrorKind { - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { +) -> Result<(), ErrorKind> { + if let Err(e) = _ykpiv_begin_transaction(state) { *out_len = 0; - return ErrorKind::PcscError; + return Err(e); } let res = _ykpiv_transfer_data(state, templ, in_data, in_len, out_data, out_len, sw); @@ -824,7 +808,7 @@ pub(crate) unsafe fn _send_data( data: *mut u8, recv_len: *mut u32, sw: *mut i32, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let send_len = (*apdu).lc as u32 + 5; let mut tmp_len = *recv_len; @@ -849,7 +833,7 @@ pub(crate) unsafe fn _send_data( eprintln!("error: SCardTransmit failed, rc={:08x}", rc); } - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } *recv_len = tmp_len; @@ -867,7 +851,7 @@ pub(crate) unsafe fn _send_data( *sw = 0; } - ErrorKind::Ok + Ok(()) } /// Default authentication key @@ -882,13 +866,11 @@ pub unsafe fn ykpiv_authenticate(state: &mut YubiKey, mut key: *const u8) -> Res let mut drc: DesErrorKind; let mut mgm_key: *mut DesKey = ptr::null_mut(); let mut out_len: usize; - let mut res = ErrorKind::Ok; + let mut res = Ok(()); - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { if key.is_null() { key = DEFAULT_AUTH_KEY.as_ptr(); } @@ -917,9 +899,9 @@ pub unsafe fn ykpiv_authenticate(state: &mut YubiKey, mut key: *const u8) -> Res res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw); - if res != ErrorKind::Ok { + if res.is_err() { _ykpiv_end_transaction(state); - return Err(res); + return res; } if sw != SW_SUCCESS { @@ -985,9 +967,9 @@ pub unsafe fn ykpiv_authenticate(state: &mut YubiKey, mut key: *const u8) -> Res res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw); - if res != ErrorKind::Ok { + if res.is_err() { _ykpiv_end_transaction(state); - return Err(res); + return res; } if sw != SW_SUCCESS { @@ -1014,9 +996,9 @@ pub unsafe fn ykpiv_authenticate(state: &mut YubiKey, mut key: *const u8) -> Res 8, ) == 0 { - res = ErrorKind::Ok; + res = Ok(()); } else { - res = ErrorKind::AuthenticationError; + res = Err(ErrorKind::AuthenticationError); } } @@ -1025,14 +1007,11 @@ pub unsafe fn ykpiv_authenticate(state: &mut YubiKey, mut key: *const u8) -> Res } _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Set the management key (MGM) -pub unsafe fn ykpiv_set_mgmkey(state: &mut YubiKey, new_key: *const u8) -> ErrorKind { +pub unsafe fn ykpiv_set_mgmkey(state: &mut YubiKey, new_key: *const u8) -> Result<(), ErrorKind> { ykpiv_set_mgmkey2(state, new_key, 0) } @@ -1041,18 +1020,16 @@ pub(crate) unsafe fn ykpiv_set_mgmkey2( state: &mut YubiKey, new_key: *const u8, touch: u8, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut data = [0u8; 261]; let mut recv_len = data.len() as u32; let mut sw: i32 = 0; - let mut res = ErrorKind::Ok; + let mut res = Ok(()); let mut apdu = APDU::default(); - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { if yk_des_is_weak_key(new_key, (8i32 * 3i32) as (usize)) { if state.verbose != 0 { // TODO(tarcieri): format string @@ -1060,7 +1037,7 @@ pub(crate) unsafe fn ykpiv_set_mgmkey2( dump_hex(new_key, DES_LEN_3DES as u32); eprintln!("\' since it\'s weak (with odd parity)."); } - res = ErrorKind::KeyError; + res = Err(ErrorKind::KeyError); apdu.ins = YKPIV_INS_SET_MGMKEY; apdu.p1 = 0xff; @@ -1069,7 +1046,7 @@ pub(crate) unsafe fn ykpiv_set_mgmkey2( 1 => 0xfe, _ => { _ykpiv_end_transaction(state); - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } }; @@ -1085,8 +1062,9 @@ pub(crate) unsafe fn ykpiv_set_mgmkey2( } else { res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw); - if res != ErrorKind::Ok && sw != SW_SUCCESS { - res = ErrorKind::GenericError; + // TODO(str4d): Shouldn't this be res.is_ok()? + if res.is_err() && sw != SW_SUCCESS { + res = Err(ErrorKind::GenericError); } } } @@ -1106,7 +1084,7 @@ pub(crate) unsafe fn _general_authenticate( algorithm: u8, key: u8, decipher: bool, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut _currentBlock; let mut indata = [0u8; 1024]; let mut dataptr: *mut u8 = indata.as_mut_ptr(); @@ -1116,7 +1094,6 @@ pub(crate) unsafe fn _general_authenticate( let mut sw: i32 = 0; let bytes: usize; let mut len: usize = 0; - let res: ErrorKind; match algorithm { YKPIV_ALGO_RSA1024 | YKPIV_ALGO_RSA2048 => { @@ -1127,7 +1104,7 @@ pub(crate) unsafe fn _general_authenticate( }; if in_len != key_len { - return ErrorKind::SizeError; + return Err(ErrorKind::SizeError); } else { _currentBlock = 16; } @@ -1140,10 +1117,10 @@ pub(crate) unsafe fn _general_authenticate( }; if (!decipher && (in_len > key_len)) || (decipher && (in_len != (key_len * 2) + 1)) { - return ErrorKind::SizeError; + return Err(ErrorKind::SizeError); } } - _ => return ErrorKind::AlgorithmError, + _ => return Err(ErrorKind::AlgorithmError), } if in_len < 0x80 { @@ -1168,7 +1145,7 @@ pub(crate) unsafe fn _general_authenticate( memcpy(dataptr as *mut c_void, sign_in as *const c_void, in_len); dataptr = dataptr.add(in_len); - res = ykpiv_transfer_data( + if let Err(e) = ykpiv_transfer_data( state, templ.as_ptr(), indata.as_mut_ptr(), @@ -1176,13 +1153,11 @@ pub(crate) unsafe fn _general_authenticate( data.as_mut_ptr(), &mut recv_len, &mut sw, - ); - - if res != ErrorKind::Ok { + ) { if state.verbose != 0 { eprintln!("Sign command failed to communicate."); } - return res; + return Err(e); } if sw != SW_SUCCESS { @@ -1191,9 +1166,9 @@ pub(crate) unsafe fn _general_authenticate( } if sw == SW_ERR_SECURITY_STATUS { - return ErrorKind::AuthenticationError; + return Err(ErrorKind::AuthenticationError); } else { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } } @@ -1202,7 +1177,7 @@ pub(crate) unsafe fn _general_authenticate( if state.verbose != 0 { eprintln!("Failed parsing signature reply."); } - return ErrorKind::ParseError; + return Err(ErrorKind::ParseError); } dataptr = data.as_mut_ptr().add(1); @@ -1214,7 +1189,7 @@ pub(crate) unsafe fn _general_authenticate( eprintln!("Failed parsing signature reply."); } - return ErrorKind::ParseError; + return Err(ErrorKind::ParseError); } dataptr = dataptr.add(1); @@ -1224,12 +1199,12 @@ pub(crate) unsafe fn _general_authenticate( if state.verbose != 0 { eprintln!("Wrong size on output buffer."); } - return ErrorKind::SizeError; + return Err(ErrorKind::SizeError); } *out_len = len; memcpy(out as (*mut c_void), dataptr as (*const c_void), len); - ErrorKind::Ok + Ok(()) } /// Sign data using a PIV key @@ -1242,9 +1217,7 @@ pub unsafe fn ykpiv_sign_data( algorithm: u8, key: u8, ) -> Result<(), ErrorKind> { - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; // don't attempt to reselect in crypt operations to avoid problems with PIN_ALWAYS @@ -1253,10 +1226,7 @@ pub unsafe fn ykpiv_sign_data( ); _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Decrypt data using a PIV key @@ -1269,26 +1239,23 @@ pub unsafe fn ykpiv_decrypt_data( algorithm: u8, key: u8, ) -> Result<(), ErrorKind> { - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; // don't attempt to reselect in crypt operations to avoid problems with PIN_ALWAYS let res = _general_authenticate(state, input, input_len, out, out_len, algorithm, key, true); _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Get the version of the PIV application installed on the YubiKey -pub(crate) unsafe fn _ykpiv_get_version(state: &mut YubiKey, p_version: *mut Version) -> ErrorKind { +pub(crate) unsafe fn _ykpiv_get_version( + state: &mut YubiKey, + p_version: *mut Version, +) -> Result<(), ErrorKind> { let mut data = [0u8; 261]; let mut recv_len = data.len() as u32; let mut sw: i32 = 0; - let res: ErrorKind; // get version from state if already from device if state.ver.major != 0 || state.ver.minor != 0 || state.ver.patch != 0 { @@ -1302,25 +1269,21 @@ pub(crate) unsafe fn _ykpiv_get_version(state: &mut YubiKey, p_version: *mut Ver ); } - return ErrorKind::Ok; + return Ok(()); } // get version from device let mut apdu = APDU::default(); apdu.ins = YKPIV_INS_GET_VERSION; - res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw); - - if res != ErrorKind::Ok { - return res; - } + _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw)?; if sw != SW_SUCCESS { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } if recv_len < 3 { - return ErrorKind::SizeError; + return Err(ErrorKind::SizeError); } state.ver.major = data[0]; @@ -1337,7 +1300,7 @@ pub(crate) unsafe fn _ykpiv_get_version(state: &mut YubiKey, p_version: *mut Ver ); } - ErrorKind::Ok + Ok(()) } /// Get the YubiKey's PIV application version as a string @@ -1348,14 +1311,12 @@ pub unsafe fn ykpiv_get_version(state: &mut YubiKey) -> Result ErrorKind { +) -> Result<(), ErrorKind> { let mut _currentBlock; let mut res; let yk_applet: *const u8 = ptr::null(); @@ -1386,7 +1347,7 @@ pub(crate) unsafe fn _ykpiv_get_serial( *p_serial = state.serial; } - return ErrorKind::Ok; + return Ok(()); } if state.ver.major < 5 { @@ -1407,12 +1368,9 @@ pub(crate) unsafe fn _ykpiv_get_serial( res = _send_data(state, &mut apdu, temp.as_mut_ptr(), &mut recv_len, &mut sw); - if res != ErrorKind::Ok { + if let Err(e) = res.as_ref() { if state.verbose != 0 { - eprintln!( - "Failed communicating with card: \'{}\'", - ykpiv_strerror(res) - ); + eprintln!("Failed communicating with card: \'{}\'", e); } return res; @@ -1423,7 +1381,7 @@ pub(crate) unsafe fn _ykpiv_get_serial( eprintln!("Failed selecting yk application: {:04x}", sw); } - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } recv_len = temp.len() as u32; @@ -1434,12 +1392,9 @@ pub(crate) unsafe fn _ykpiv_get_serial( res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw); - if res != ErrorKind::Ok { + if let Err(e) = res.as_ref() { if state.verbose != 0 { - eprintln!( - "Failed communicating with card: \'{}\'", - ykpiv_strerror(res) - ); + eprintln!("Failed communicating with card: \'{}\'", e); } return res; @@ -1450,7 +1405,7 @@ pub(crate) unsafe fn _ykpiv_get_serial( eprintln!("Failed retrieving serial number: {:04x}", sw); } - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } recv_len = temp.len() as u32; @@ -1467,12 +1422,9 @@ pub(crate) unsafe fn _ykpiv_get_serial( res = _send_data(state, &mut apdu, temp.as_mut_ptr(), &mut recv_len, &mut sw); - if res != ErrorKind::Ok { + if let Err(e) = res.as_ref() { if state.verbose != 0 { - eprintln!( - "Failed communicating with card: \'{}\'", - ykpiv_strerror(res) - ); + eprintln!("Failed communicating with card: \'{}\'", e); } return res; } @@ -1481,7 +1433,7 @@ pub(crate) unsafe fn _ykpiv_get_serial( if state.verbose != 0 { eprintln!("Failed selecting application: {:04x}", sw); } - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } _currentBlock = 17; @@ -1492,19 +1444,16 @@ pub(crate) unsafe fn _ykpiv_get_serial( res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw); - if res != ErrorKind::Ok { + if let Err(e) = res.as_ref() { if state.verbose != 0 { - eprintln!( - "Failed communicating with card: \'{}\'", - ykpiv_strerror(res) - ); + eprintln!("Failed communicating with card: \'{}\'", e); } return res; } else if sw != SW_SUCCESS { if state.verbose != 0 { eprintln!("Failed retrieving serial number: {:04x}", sw); } - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } _currentBlock = 17; } @@ -1512,7 +1461,7 @@ pub(crate) unsafe fn _ykpiv_get_serial( if _currentBlock == 17 { // check that we received enough data for the serial number if recv_len < 4 { - return ErrorKind::SizeError; + return Err(ErrorKind::SizeError); } // TODO(tarcieri): replace pointers and casts with proper references! @@ -1536,21 +1485,16 @@ pub(crate) unsafe fn _ykpiv_get_serial( /// Get YubiKey device serial number pub unsafe fn ykpiv_get_serial(state: &mut YubiKey, p_serial: *mut u32) -> Result<(), ErrorKind> { - let mut res = ErrorKind::Ok; + let mut res = Ok(()); - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { res = _ykpiv_get_serial(state, p_serial, false); } _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Cache PIN in memory @@ -1585,7 +1529,11 @@ pub(crate) unsafe fn _cache_pin(state: &mut YubiKey, pin: *const c_char, len: us } /// Verify device PIN -pub unsafe fn ykpiv_verify(state: &mut YubiKey, pin: *const c_char, tries: *mut i32) -> ErrorKind { +pub unsafe fn ykpiv_verify( + state: &mut YubiKey, + pin: *const c_char, + tries: *mut i32, +) -> Result<(), ErrorKind> { ykpiv_verify_select( state, pin, @@ -1601,14 +1549,13 @@ pub(crate) unsafe fn _verify( pin: *const c_char, pin_len: usize, tries: *mut i32, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut data = [0u8; 261]; let mut recv_len = data.len() as u32; let mut sw: i32 = 0; - let res: ErrorKind; if pin_len > CB_PIN_MAX { - return ErrorKind::SizeError; + return Err(ErrorKind::SizeError); } let mut apdu = APDU::default(); @@ -1633,11 +1580,11 @@ pub(crate) unsafe fn _verify( } } - res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw); + let res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw); apdu.zeroize(); - if res != ErrorKind::Ok { + if res.is_err() { return res; } @@ -1651,19 +1598,19 @@ pub(crate) unsafe fn _verify( if !tries.is_null() { *tries = sw & 0xf; } - ErrorKind::Ok + Ok(()) } else if sw >> 8 == 0x63 { if !tries.is_null() { *tries = sw & 0xf; } - ErrorKind::WrongPin + Err(ErrorKind::WrongPin) } else if sw == SW_ERR_AUTH_BLOCKED { if !tries.is_null() { *tries = 0; } - ErrorKind::WrongPin + Err(ErrorKind::WrongPin) } else { - ErrorKind::GenericError + Err(ErrorKind::GenericError) } } @@ -1674,18 +1621,16 @@ pub unsafe fn ykpiv_verify_select( pin_len: usize, tries: *mut i32, force_select: bool, -) -> ErrorKind { - let mut res = ErrorKind::Ok; +) -> Result<(), ErrorKind> { + let mut res = Ok(()); - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; - } + _ykpiv_begin_transaction(state)?; if force_select { res = _ykpiv_ensure_application_selected(state); } - if res == ErrorKind::Ok { + if res.is_ok() { res = _verify(state, pin, pin_len, tries); } @@ -1702,18 +1647,14 @@ pub unsafe fn ykpiv_get_pin_retries(state: &mut YubiKey, tries: *mut i32) -> Res // Force a re-select to unverify, because once verified the spec dictates that // subsequent verify calls will return a "verification not needed" instead of // the number of tries left... - let res = _ykpiv_select_application(state); - - if res != ErrorKind::Ok { - return Err(res); - } + _ykpiv_select_application(state)?; let ykrc = ykpiv_verify(state, ptr::null(), tries); // WRONG_PIN is expected on successful query. match ykrc { - ErrorKind::Ok | ErrorKind::WrongPin => Ok(()), - e => Err(e), + Ok(()) | Err(ErrorKind::WrongPin) => Ok(()), + e => e, } } @@ -1723,7 +1664,7 @@ pub unsafe fn ykpiv_set_pin_retries( pin_tries: i32, puk_tries: i32, ) -> Result<(), ErrorKind> { - let mut res = ErrorKind::Ok; + let mut res = Ok(()); let mut templ = [0, YKPIV_INS_SET_PIN_RETRIES, 0, 0]; let mut data = [0u8; 255]; let mut recv_len: usize = data.len(); @@ -1741,11 +1682,9 @@ pub unsafe fn ykpiv_set_pin_retries( templ[2] = pin_tries as (u8); templ[3] = puk_tries as (u8); - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { res = ykpiv_transfer_data( state, templ.as_ptr(), @@ -1756,21 +1695,18 @@ pub unsafe fn ykpiv_set_pin_retries( &mut sw, ); - if res == ErrorKind::Ok { + if res.is_ok() { res = match sw { - SW_SUCCESS => ErrorKind::Ok, - SW_ERR_AUTH_BLOCKED => ErrorKind::AuthenticationError, - SW_ERR_SECURITY_STATUS => ErrorKind::AuthenticationError, - _ => ErrorKind::GenericError, + SW_SUCCESS => Ok(()), + SW_ERR_AUTH_BLOCKED => Err(ErrorKind::AuthenticationError), + SW_ERR_SECURITY_STATUS => Err(ErrorKind::AuthenticationError), + _ => Err(ErrorKind::GenericError), }; } } _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Change the PIN @@ -1782,16 +1718,15 @@ pub(crate) unsafe fn _ykpiv_change_pin( new_pin: *const c_char, new_pin_len: usize, tries: *mut i32, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut sw: i32 = 0; let mut templ = [0, YKPIV_INS_CHANGE_REFERENCE, 0, 0x80]; let mut indata = [0u8; 16]; let mut data = [0u8; 255]; let mut recv_len: usize = data.len(); - let res: ErrorKind; if current_pin_len > 8 || new_pin_len > 8 { - return ErrorKind::SizeError; + return Err(ErrorKind::SizeError); } if action == CHREF_ACT_UNBLOCK_PIN { @@ -1828,7 +1763,7 @@ pub(crate) unsafe fn _ykpiv_change_pin( ); } - res = ykpiv_transfer_data( + let res = ykpiv_transfer_data( state, templ.as_ptr(), indata.as_mut_ptr(), @@ -1840,7 +1775,7 @@ pub(crate) unsafe fn _ykpiv_change_pin( indata.zeroize(); - if res != ErrorKind::Ok { + if res.is_err() { return res; } @@ -1850,19 +1785,19 @@ pub(crate) unsafe fn _ykpiv_change_pin( *tries = sw & 0xf; } - return ErrorKind::WrongPin; + return Err(ErrorKind::WrongPin); } else if sw == SW_ERR_AUTH_BLOCKED { - return ErrorKind::PinLocked; + return Err(ErrorKind::PinLocked); } else { if state.verbose != 0 { eprintln!("Failed changing pin, token response code: {:x}.", sw); } - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } } - ErrorKind::Ok + Ok(()) } /// Change the Personal Identification Number (PIN). @@ -1876,13 +1811,11 @@ pub unsafe fn ykpiv_change_pin( new_pin_len: usize, tries: *mut i32, ) -> Result<(), ErrorKind> { - let mut res: ErrorKind = ErrorKind::GenericError; + let mut res = Err(ErrorKind::GenericError); - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { res = _ykpiv_change_pin( state, 0, @@ -1893,7 +1826,7 @@ pub unsafe fn ykpiv_change_pin( tries, ); - if res == ErrorKind::Ok && !new_pin.is_null() { + if res.is_ok() && !new_pin.is_null() { // Intentionally ignore errors. If the PIN fails to save, it will only // be a problem if a reconnect is attempted. Failure deferred until then. _cache_pin(state, new_pin, new_pin_len); @@ -1901,10 +1834,7 @@ pub unsafe fn ykpiv_change_pin( } _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Change the PIN Unblocking Key (PUK). PUKs are codes for resetting @@ -1921,14 +1851,12 @@ pub unsafe fn ykpiv_change_puk( new_puk: *const c_char, new_puk_len: usize, tries: *mut i32, -) -> ErrorKind { - let mut res = ErrorKind::GenericError; +) -> Result<(), ErrorKind> { + let mut res = Err(ErrorKind::GenericError); - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { res = _ykpiv_change_pin( state, 2, @@ -1954,21 +1882,16 @@ pub unsafe fn ykpiv_unblock_pin( new_pin_len: usize, tries: *mut i32, ) -> Result<(), ErrorKind> { - let mut res = ErrorKind::GenericError; + let mut res = Err(ErrorKind::GenericError); - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { res = _ykpiv_change_pin(state, 1, puk, puk_len, new_pin, new_pin_len, tries); } _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Fetch an object from the YubiKey @@ -1978,21 +1901,16 @@ pub unsafe fn ykpiv_fetch_object( data: *mut u8, len: *mut usize, ) -> Result<(), ErrorKind> { - let mut res = ErrorKind::Ok; + let mut res = Ok(()); - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { res = _ykpiv_fetch_object(state, object_id, data, len); } _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Fetch an object @@ -2001,20 +1919,19 @@ pub(crate) unsafe fn _ykpiv_fetch_object( object_id: i32, data: *mut u8, len: *mut usize, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut sw: i32 = 0; let mut indata = [0u8; 5]; let mut inptr: *mut u8 = indata.as_mut_ptr(); let templ = [0, YKPIV_INS_GET_DATA, 0x3f, 0xff]; - let res: ErrorKind; inptr = set_object(object_id, inptr); if inptr.is_null() { - return ErrorKind::InvalidObject; + return Err(ErrorKind::InvalidObject); } - res = ykpiv_transfer_data( + ykpiv_transfer_data( state, templ.as_ptr(), indata.as_mut_ptr(), @@ -2022,26 +1939,22 @@ pub(crate) unsafe fn _ykpiv_fetch_object( data, len, &mut sw, - ); - - if res != ErrorKind::Ok { - return res; - } + )?; if sw != SW_SUCCESS { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } let mut outlen: usize = 0; if *len < 2 || !_ykpiv_has_valid_length(data.offset(1), (*len).wrapping_sub(1)) { - return ErrorKind::SizeError; + return Err(ErrorKind::SizeError); } let offs = _ykpiv_get_length(data.offset(1), &mut outlen); if offs == 0 { - return ErrorKind::SizeError; + return Err(ErrorKind::SizeError); } if outlen.wrapping_add(offs).wrapping_add(1) != *len { @@ -2052,7 +1965,7 @@ pub(crate) unsafe fn _ykpiv_fetch_object( ); } - return ErrorKind::SizeError; + return Err(ErrorKind::SizeError); } memmove( @@ -2062,7 +1975,7 @@ pub(crate) unsafe fn _ykpiv_fetch_object( ); *len = outlen; - ErrorKind::Ok + Ok(()) } /// Save an object @@ -2072,21 +1985,16 @@ pub unsafe fn ykpiv_save_object( indata: *mut u8, len: usize, ) -> Result<(), ErrorKind> { - let mut res = ErrorKind::Ok; + let mut res = Ok(()); - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { res = _ykpiv_save_object(state, object_id, indata, len); } _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Save an object @@ -2095,22 +2003,21 @@ pub unsafe fn _ykpiv_save_object( object_id: i32, indata: *mut u8, len: usize, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut data = [0u8; YKPIV_OBJ_MAX_SIZE]; let mut dataptr: *mut u8 = data.as_mut_ptr(); let templ = [0, YKPIV_INS_PUT_DATA, 0x3f, 0xff]; let mut sw: i32 = 0; - let res: ErrorKind; let mut outlen: usize = 0usize; if len > CB_OBJ_MAX { - return ErrorKind::SizeError; + return Err(ErrorKind::SizeError); } dataptr = set_object(object_id, dataptr); if dataptr.is_null() { - return ErrorKind::InvalidObject; + return Err(ErrorKind::InvalidObject); } *{ let _old = dataptr; @@ -2122,7 +2029,7 @@ pub unsafe fn _ykpiv_save_object( memcpy(dataptr as (*mut c_void), indata as (*const c_void), len); dataptr = dataptr.add(len); - res = _ykpiv_transfer_data( + _ykpiv_transfer_data( state, templ.as_ptr(), data.as_mut_ptr(), @@ -2130,16 +2037,12 @@ pub unsafe fn _ykpiv_save_object( ptr::null_mut(), &mut outlen, &mut sw, - ); - - if res != ErrorKind::Ok { - return res; - } + )?; match sw { - SW_SUCCESS => ErrorKind::Ok, - SW_ERR_SECURITY_STATUS => ErrorKind::AuthenticationError, - _ => ErrorKind::GenericError, + SW_SUCCESS => Ok(()), + SW_ERR_SECURITY_STATUS => Err(ErrorKind::AuthenticationError), + _ => Err(ErrorKind::GenericError), } } @@ -2193,7 +2096,6 @@ pub unsafe fn ykpiv_import_private_key( let mut lens = [0usize; 5]; let n_params: u8; let param_tag: i32; - let mut res = ErrorKind::Ok; if key == YKPIV_KEY_CARDMGM || key < YKPIV_KEY_RETIRED1 @@ -2309,9 +2211,10 @@ pub unsafe fn ykpiv_import_private_key( in_ptr = in_ptr.add(3); } - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } else if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + _ykpiv_begin_transaction(state)?; + + let mut res = Ok(()); + if _ykpiv_ensure_application_selected(state).is_ok() { res = ykpiv_transfer_data( state, templ.as_ptr(), @@ -2322,20 +2225,17 @@ pub unsafe fn ykpiv_import_private_key( &mut sw, ); - if res == ErrorKind::Ok && sw != SW_SUCCESS { - res = ErrorKind::GenericError; + if res.is_ok() && sw != SW_SUCCESS { + res = Err(ErrorKind::GenericError); if sw == SW_ERR_SECURITY_STATUS { - res = ErrorKind::AuthenticationError; + res = Err(ErrorKind::AuthenticationError); } } } key_data.zeroize(); _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Generate an attestation certificate for a stored key @@ -2345,7 +2245,7 @@ pub unsafe fn ykpiv_attest( data: *mut u8, data_len: *mut usize, ) -> Result<(), ErrorKind> { - let mut res = ErrorKind::GenericError; + let mut res = Err(ErrorKind::GenericError); let templ = [0, YKPIV_INS_ATTEST, key, 0]; let mut sw: i32 = 0; let mut ul_data_len: usize; @@ -2356,11 +2256,9 @@ pub unsafe fn ykpiv_attest( ul_data_len = *data_len; - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { res = ykpiv_transfer_data( state, templ.as_ptr(), @@ -2371,14 +2269,14 @@ pub unsafe fn ykpiv_attest( &mut sw, ); - if res == ErrorKind::Ok { + if res.is_ok() { if sw != SW_SUCCESS { - res = ErrorKind::GenericError; + res = Err(ErrorKind::GenericError); if sw == SW_ERR_NOT_SUPPORTED { - res = ErrorKind::NotSupported; + res = Err(ErrorKind::NotSupported); } } else if *data as i32 != 0x30 { - res = ErrorKind::GenericError; + res = Err(ErrorKind::GenericError); } else { *data_len = ul_data_len; } @@ -2386,10 +2284,7 @@ pub unsafe fn ykpiv_attest( } _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Get an auth challenge @@ -2401,7 +2296,7 @@ pub unsafe fn ykpiv_auth_getchallenge( let mut data = [0u8; 261]; let mut recv_len = data.len() as u32; let mut sw: i32 = 0; - let mut res = ErrorKind::Ok; + let mut res = Ok(()); if challenge.is_null() { return Err(ErrorKind::GenericError); @@ -2411,11 +2306,9 @@ pub unsafe fn ykpiv_auth_getchallenge( return Err(ErrorKind::SizeError); } - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; - if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { + if _ykpiv_ensure_application_selected(state).is_ok() { let mut apdu = APDU::default(); apdu.ins = YKPIV_INS_AUTHENTICATE; apdu.p1 = YKPIV_ALGO_3DES; // triple des @@ -2427,9 +2320,9 @@ pub unsafe fn ykpiv_auth_getchallenge( res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw); - if res != ErrorKind::Ok { + if res.is_err() { if sw != SW_SUCCESS { - res = ErrorKind::AuthenticationError; + res = Err(ErrorKind::AuthenticationError); } else { memcpy( challenge as (*mut c_void), @@ -2441,10 +2334,7 @@ pub unsafe fn ykpiv_auth_getchallenge( } _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// Verify an auth response @@ -2456,7 +2346,6 @@ pub unsafe fn ykpiv_auth_verifyresponse( let mut data = [0u8; 261]; let mut recv_len = data.len() as u32; let mut sw: i32 = 0; - let mut res: ErrorKind; if response.is_null() { return Err(ErrorKind::GenericError); @@ -2466,9 +2355,7 @@ pub unsafe fn ykpiv_auth_verifyresponse( return Err(ErrorKind::SizeError); } - if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return Err(ErrorKind::PcscError); - } + _ykpiv_begin_transaction(state)?; // send the response to the card and a challenge of our own. let mut apdu = APDU::default(); @@ -2488,18 +2375,15 @@ pub unsafe fn ykpiv_auth_verifyresponse( apdu.lc = 12; - res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw); + let mut res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw); - if res == ErrorKind::Ok && sw != SW_SUCCESS { - res = ErrorKind::AuthenticationError; + if res.is_ok() && sw != SW_SUCCESS { + res = Err(ErrorKind::AuthenticationError); } apdu.zeroize(); _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res } /// MGMT Application ID(?) @@ -2510,13 +2394,8 @@ pub unsafe fn ykpiv_auth_deauthenticate(state: &mut YubiKey) -> Result<(), Error let mut data = [0u8; 255]; let mut recv_len = data.len() as u32; let mut sw: i32 = 0; - let mut res: ErrorKind; - res = _ykpiv_begin_transaction(state); - - if res != ErrorKind::Ok { - return Err(res); - } + _ykpiv_begin_transaction(state)?; let mut apdu = APDU::default(); apdu.ins = YKPIV_INS_SELECT_APPLICATION; @@ -2529,25 +2408,19 @@ pub unsafe fn ykpiv_auth_deauthenticate(state: &mut YubiKey) -> Result<(), Error MGMT_AID.len(), ); - res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw); + let mut res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw); - if res != ErrorKind::Ok { + if let Err(e) = res.as_ref() { if state.verbose != 0 { - eprintln!( - "Failed communicating with card: \'{}\'", - ykpiv_strerror(res) - ); + eprintln!("Failed communicating with card: \'{}\'", e); } } else if sw != SW_SUCCESS { if state.verbose != 0 { eprintln!("Failed selecting mgmt application: {:04x}", sw); } - res = ErrorKind::GenericError; + res = Err(ErrorKind::GenericError); } _ykpiv_end_transaction(state); - match res { - ErrorKind::Ok => Ok(()), - e => Err(e), - } + res }