Merge pull request #13 from tarcieri/rename-errorkind
Rename ErrorKind to Error
This commit is contained in:
+38
-38
@@ -34,7 +34,7 @@ use std::fmt;
|
||||
|
||||
/// Kinds of errors
|
||||
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
|
||||
pub enum ErrorKind {
|
||||
pub enum Error {
|
||||
/// Memory error
|
||||
MemoryError,
|
||||
|
||||
@@ -87,71 +87,71 @@ pub enum ErrorKind {
|
||||
NotSupported,
|
||||
}
|
||||
|
||||
impl ErrorKind {
|
||||
impl Error {
|
||||
/// Name of the error.
|
||||
///
|
||||
/// These names map to the legacy names from the Yubico C library, to
|
||||
/// assist in web searches for relevant information for these errors.
|
||||
pub fn name(self) -> &'static str {
|
||||
match self {
|
||||
ErrorKind::MemoryError => "YKPIV_MEMORY_ERROR",
|
||||
ErrorKind::PcscError => "YKPIV_PCSC_ERROR",
|
||||
ErrorKind::SizeError => "YKPIV_SIZE_ERROR",
|
||||
ErrorKind::AppletError => "YKPIV_APPLET_ERROR",
|
||||
ErrorKind::AuthenticationError => "YKPIV_AUTHENTICATION_ERROR",
|
||||
ErrorKind::RandomnessError => "YKPIV_RANDOMNESS_ERROR",
|
||||
ErrorKind::GenericError => "YKPIV_GENERIC_ERROR",
|
||||
ErrorKind::KeyError => "YKPIV_KEY_ERROR",
|
||||
ErrorKind::ParseError => "YKPIV_PARSE_ERROR",
|
||||
ErrorKind::WrongPin { .. } => "YKPIV_WRONG_PIN",
|
||||
ErrorKind::InvalidObject => "YKPIV_INVALID_OBJECT",
|
||||
ErrorKind::AlgorithmError => "YKPIV_ALGORITHM_ERROR",
|
||||
ErrorKind::PinLocked => "YKPIV_PIN_LOCKED",
|
||||
ErrorKind::ArgumentError => "YKPIV_ARGUMENT_ERROR",
|
||||
ErrorKind::RangeError => "YKPIV_RANGE_ERROR",
|
||||
ErrorKind::NotSupported => "YKPIV_NOT_SUPPORTED",
|
||||
Error::MemoryError => "YKPIV_MEMORY_ERROR",
|
||||
Error::PcscError => "YKPIV_PCSC_ERROR",
|
||||
Error::SizeError => "YKPIV_SIZE_ERROR",
|
||||
Error::AppletError => "YKPIV_APPLET_ERROR",
|
||||
Error::AuthenticationError => "YKPIV_AUTHENTICATION_ERROR",
|
||||
Error::RandomnessError => "YKPIV_RANDOMNESS_ERROR",
|
||||
Error::GenericError => "YKPIV_GENERIC_ERROR",
|
||||
Error::KeyError => "YKPIV_KEY_ERROR",
|
||||
Error::ParseError => "YKPIV_PARSE_ERROR",
|
||||
Error::WrongPin { .. } => "YKPIV_WRONG_PIN",
|
||||
Error::InvalidObject => "YKPIV_INVALID_OBJECT",
|
||||
Error::AlgorithmError => "YKPIV_ALGORITHM_ERROR",
|
||||
Error::PinLocked => "YKPIV_PIN_LOCKED",
|
||||
Error::ArgumentError => "YKPIV_ARGUMENT_ERROR",
|
||||
Error::RangeError => "YKPIV_RANGE_ERROR",
|
||||
Error::NotSupported => "YKPIV_NOT_SUPPORTED",
|
||||
}
|
||||
}
|
||||
|
||||
/// Error message
|
||||
pub fn msg(self) -> &'static str {
|
||||
match self {
|
||||
ErrorKind::MemoryError => "memory error",
|
||||
ErrorKind::PcscError => "PCSC error",
|
||||
ErrorKind::SizeError => "size error",
|
||||
ErrorKind::AppletError => "applet error",
|
||||
ErrorKind::AuthenticationError => "authentication error",
|
||||
ErrorKind::RandomnessError => "randomness error",
|
||||
ErrorKind::GenericError => "generic error",
|
||||
ErrorKind::KeyError => "key error",
|
||||
ErrorKind::ParseError => "parse error",
|
||||
ErrorKind::WrongPin { .. } => "wrong pin",
|
||||
ErrorKind::InvalidObject => "invalid object",
|
||||
ErrorKind::AlgorithmError => "algorithm error",
|
||||
ErrorKind::PinLocked => "PIN locked",
|
||||
ErrorKind::ArgumentError => "argument error",
|
||||
ErrorKind::RangeError => "range error",
|
||||
ErrorKind::NotSupported => "not supported",
|
||||
Error::MemoryError => "memory error",
|
||||
Error::PcscError => "PCSC error",
|
||||
Error::SizeError => "size error",
|
||||
Error::AppletError => "applet error",
|
||||
Error::AuthenticationError => "authentication error",
|
||||
Error::RandomnessError => "randomness error",
|
||||
Error::GenericError => "generic error",
|
||||
Error::KeyError => "key error",
|
||||
Error::ParseError => "parse error",
|
||||
Error::WrongPin { .. } => "wrong pin",
|
||||
Error::InvalidObject => "invalid object",
|
||||
Error::AlgorithmError => "algorithm error",
|
||||
Error::PinLocked => "PIN locked",
|
||||
Error::ArgumentError => "argument error",
|
||||
Error::RangeError => "range error",
|
||||
Error::NotSupported => "not supported",
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl fmt::Display for ErrorKind {
|
||||
impl fmt::Display for Error {
|
||||
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
|
||||
f.write_str(self.msg())
|
||||
}
|
||||
}
|
||||
|
||||
impl std::error::Error for ErrorKind {}
|
||||
impl std::error::Error for Error {}
|
||||
|
||||
/// Get a string representation of this error
|
||||
// TODO(tarcieri): completely replace this with `Display`
|
||||
pub fn ykpiv_strerror(err: ErrorKind) -> &'static str {
|
||||
pub fn ykpiv_strerror(err: Error) -> &'static str {
|
||||
err.msg()
|
||||
}
|
||||
|
||||
/// Get the name of this error
|
||||
// TODO(tarcieri): completely replace this with debug
|
||||
pub fn ykpiv_strerror_name(err: ErrorKind) -> &'static str {
|
||||
pub fn ykpiv_strerror_name(err: Error) -> &'static str {
|
||||
err.name()
|
||||
}
|
||||
|
||||
+90
-96
@@ -33,7 +33,7 @@
|
||||
#![allow(non_camel_case_types, non_snake_case)]
|
||||
#![allow(clippy::missing_safety_doc, clippy::too_many_arguments)]
|
||||
|
||||
use crate::{consts::*, error::ErrorKind, internal::*, yubikey::*};
|
||||
use crate::{consts::*, error::Error, internal::*, yubikey::*};
|
||||
use getrandom::getrandom;
|
||||
use hmac::Hmac;
|
||||
use libc::{calloc, free, memcpy, memmove, realloc, time};
|
||||
@@ -86,16 +86,13 @@ pub static mut CCC_TMPL: &[u8] = &[
|
||||
pub struct CardId([u8; 16]);
|
||||
|
||||
/// Get Card ID
|
||||
pub unsafe fn ykpiv_util_get_cardid(
|
||||
state: &mut YubiKey,
|
||||
cardid: *mut CardId,
|
||||
) -> Result<(), ErrorKind> {
|
||||
pub unsafe fn ykpiv_util_get_cardid(state: &mut YubiKey, cardid: *mut CardId) -> Result<(), Error> {
|
||||
let mut buf = [0u8; CB_OBJ_MAX];
|
||||
let mut len = buf.len();
|
||||
let mut res = Ok(());
|
||||
|
||||
if cardid.is_null() {
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
_ykpiv_begin_transaction(state)?;
|
||||
@@ -105,7 +102,7 @@ pub unsafe fn ykpiv_util_get_cardid(
|
||||
|
||||
if res.is_ok() {
|
||||
if len != CHUID_TMPL.len() {
|
||||
res = Err(ErrorKind::GenericError);
|
||||
res = Err(Error::GenericError);
|
||||
} else {
|
||||
memcpy(
|
||||
(*cardid).0.as_mut_ptr() as (*mut c_void),
|
||||
@@ -124,13 +121,13 @@ pub unsafe fn ykpiv_util_get_cardid(
|
||||
pub unsafe fn ykpiv_util_set_cardid(
|
||||
state: &mut YubiKey,
|
||||
cardid: *const CardId,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut id = [0u8; YKPIV_CARDID_SIZE];
|
||||
let mut buf = [0u8; CHUID_TMPL.len()];
|
||||
let mut res = Ok(());
|
||||
|
||||
if cardid.is_null() {
|
||||
getrandom(&mut id).map_err(|_| ErrorKind::RandomnessError)?;
|
||||
getrandom(&mut id).map_err(|_| Error::RandomnessError)?;
|
||||
} else {
|
||||
memcpy(
|
||||
id.as_mut_ptr() as (*mut c_void),
|
||||
@@ -171,13 +168,13 @@ pub unsafe fn ykpiv_util_set_cardid(
|
||||
pub struct CCCID([u8; 14]);
|
||||
|
||||
/// Get Cardholder Capability Container (CCC) ID
|
||||
pub unsafe fn ykpiv_util_get_cccid(state: &mut YubiKey, ccc: *mut CCCID) -> Result<(), ErrorKind> {
|
||||
pub unsafe fn ykpiv_util_get_cccid(state: &mut YubiKey, ccc: *mut CCCID) -> Result<(), Error> {
|
||||
let mut res = Ok(());
|
||||
let mut buf = [0u8; CB_OBJ_MAX];
|
||||
let mut len = buf.len();
|
||||
|
||||
if ccc.is_null() {
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
_ykpiv_begin_transaction(state)?;
|
||||
@@ -193,7 +190,7 @@ pub unsafe fn ykpiv_util_get_cccid(state: &mut YubiKey, ccc: *mut CCCID) -> Resu
|
||||
if res.is_ok() {
|
||||
if len != CCC_TMPL.len() {
|
||||
let _ = _ykpiv_end_transaction(state);
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
memcpy(
|
||||
@@ -208,17 +205,14 @@ pub unsafe fn ykpiv_util_get_cccid(state: &mut YubiKey, ccc: *mut CCCID) -> Resu
|
||||
}
|
||||
|
||||
/// Get Cardholder Capability Container (CCC) ID
|
||||
pub unsafe fn ykpiv_util_set_cccid(
|
||||
state: &mut YubiKey,
|
||||
ccc: *const CCCID,
|
||||
) -> Result<(), ErrorKind> {
|
||||
pub unsafe fn ykpiv_util_set_cccid(state: &mut YubiKey, ccc: *const CCCID) -> Result<(), Error> {
|
||||
let mut res = Ok(());
|
||||
let mut id = [0u8; 14];
|
||||
let mut buf = [0u8; 51];
|
||||
let len: usize;
|
||||
|
||||
if ccc.is_null() {
|
||||
getrandom(&mut id).map_err(|_| ErrorKind::RandomnessError)?;
|
||||
getrandom(&mut id).map_err(|_| Error::RandomnessError)?;
|
||||
} else {
|
||||
memcpy(
|
||||
id.as_mut_ptr() as (*mut c_void),
|
||||
@@ -311,7 +305,7 @@ pub unsafe fn ykpiv_util_list_keys(
|
||||
key_count: *mut u8,
|
||||
data: *mut *mut YkPivKey,
|
||||
data_len: *mut usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut _currentBlock;
|
||||
let mut res = Ok(());
|
||||
let mut p_key: *mut YkPivKey;
|
||||
@@ -326,7 +320,7 @@ pub unsafe fn ykpiv_util_list_keys(
|
||||
let CB_PAGE: usize = 4096;
|
||||
|
||||
if data.is_null() || data_len.is_null() || key_count.is_null() {
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
_ykpiv_begin_transaction(state)?;
|
||||
@@ -340,7 +334,7 @@ pub unsafe fn ykpiv_util_list_keys(
|
||||
|
||||
if p_data.is_null() {
|
||||
let _ = _ykpiv_end_transaction(state);
|
||||
return Err(ErrorKind::MemoryError);
|
||||
return Err(Error::MemoryError);
|
||||
}
|
||||
|
||||
cb_data = CB_PAGE;
|
||||
@@ -423,7 +417,7 @@ pub unsafe fn ykpiv_util_list_keys(
|
||||
}
|
||||
res = Ok(());
|
||||
} else {
|
||||
res = Err(ErrorKind::MemoryError);
|
||||
res = Err(Error::MemoryError);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -441,13 +435,13 @@ pub unsafe fn ykpiv_util_read_cert(
|
||||
slot: u8,
|
||||
data: *mut *mut u8,
|
||||
data_len: *mut usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut res = Ok(());
|
||||
let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE];
|
||||
let mut cb_buf: usize = buf.len();
|
||||
|
||||
if data.is_null() || data_len.is_null() {
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
_ykpiv_begin_transaction(state)?;
|
||||
@@ -466,7 +460,7 @@ pub unsafe fn ykpiv_util_read_cert(
|
||||
}
|
||||
.is_null()
|
||||
{
|
||||
res = Err(ErrorKind::MemoryError);
|
||||
res = Err(Error::MemoryError);
|
||||
} else {
|
||||
memcpy(
|
||||
*data as (*mut c_void),
|
||||
@@ -489,7 +483,7 @@ pub unsafe fn ykpiv_util_write_cert(
|
||||
data: *mut u8,
|
||||
data_len: usize,
|
||||
certinfo: u8,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut res = Ok(());
|
||||
|
||||
_ykpiv_begin_transaction(state)?;
|
||||
@@ -503,12 +497,12 @@ pub unsafe fn ykpiv_util_write_cert(
|
||||
}
|
||||
|
||||
/// Delete certificate
|
||||
pub unsafe fn ykpiv_util_delete_cert(state: &mut YubiKey, slot: u8) -> Result<(), ErrorKind> {
|
||||
pub unsafe fn ykpiv_util_delete_cert(state: &mut YubiKey, slot: u8) -> Result<(), Error> {
|
||||
ykpiv_util_write_cert(state, slot, ptr::null_mut(), 0, 0)
|
||||
}
|
||||
|
||||
/// Block PUK
|
||||
pub unsafe fn ykpiv_util_block_puk(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
||||
pub unsafe fn ykpiv_util_block_puk(state: &mut YubiKey) -> Result<(), Error> {
|
||||
let mut res = Ok(());
|
||||
let mut puk = [0x30, 0x42, 0x41, 0x44, 0x46, 0x30, 0x30, 0x44];
|
||||
let mut tries_remaining: i32 = -1;
|
||||
@@ -530,12 +524,12 @@ pub unsafe fn ykpiv_util_block_puk(state: &mut YubiKey) -> Result<(), ErrorKind>
|
||||
|
||||
match res {
|
||||
Ok(()) => puk[0] += 1,
|
||||
Err(ErrorKind::WrongPin { tries }) => {
|
||||
Err(Error::WrongPin { tries }) => {
|
||||
tries_remaining = tries;
|
||||
continue;
|
||||
}
|
||||
Err(e) => {
|
||||
if e != ErrorKind::PinLocked {
|
||||
if e != Error::PinLocked {
|
||||
continue;
|
||||
}
|
||||
tries_remaining = 0;
|
||||
@@ -625,7 +619,7 @@ pub unsafe fn ykpiv_util_read_mscmap(
|
||||
state: &mut YubiKey,
|
||||
containers: *mut *mut YkPivContainer,
|
||||
n_containers: *mut usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut res = Ok(());
|
||||
let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE];
|
||||
let mut cb_buf: usize = buf.len();
|
||||
@@ -634,7 +628,7 @@ pub unsafe fn ykpiv_util_read_mscmap(
|
||||
|
||||
if containers.is_null() || n_containers.is_null() {
|
||||
// TODO(str4d): Should this really continue on here?
|
||||
res = Err(ErrorKind::GenericError);
|
||||
res = Err(Error::GenericError);
|
||||
}
|
||||
|
||||
_ykpiv_begin_transaction(state)?;
|
||||
@@ -674,7 +668,7 @@ pub unsafe fn ykpiv_util_read_mscmap(
|
||||
*containers = calloc(len, 1) as (*mut YkPivContainer);
|
||||
|
||||
if (*containers).is_null() {
|
||||
res = Err(ErrorKind::MemoryError);
|
||||
res = Err(Error::MemoryError);
|
||||
} else {
|
||||
memcpy(*containers as (*mut c_void), ptr as (*const c_void), len);
|
||||
*n_containers = len.wrapping_div(mem::size_of::<YkPivContainer>());
|
||||
@@ -699,7 +693,7 @@ pub unsafe fn ykpiv_util_write_mscmap(
|
||||
state: &mut YubiKey,
|
||||
containers: *mut YkPivContainer,
|
||||
n_containers: usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut res = Ok(());
|
||||
let mut buf = [0u8; CB_OBJ_MAX];
|
||||
let mut offset: usize = 0;
|
||||
@@ -710,7 +704,7 @@ pub unsafe fn ykpiv_util_write_mscmap(
|
||||
if _ykpiv_ensure_application_selected(state).is_ok() {
|
||||
if containers.is_null() || n_containers == 0 {
|
||||
if !containers.is_null() || n_containers != 0 {
|
||||
res = Err(ErrorKind::GenericError);
|
||||
res = Err(Error::GenericError);
|
||||
} else {
|
||||
res = _ykpiv_save_object(state, YKPIV_OBJ_MSCMAP as i32, ptr::null_mut(), 0);
|
||||
}
|
||||
@@ -723,7 +717,7 @@ pub unsafe fn ykpiv_util_write_mscmap(
|
||||
|
||||
if req_len > _obj_size_max(state) {
|
||||
let _ = _ykpiv_end_transaction(state);
|
||||
return Err(ErrorKind::SizeError);
|
||||
return Err(Error::SizeError);
|
||||
}
|
||||
|
||||
buf[offset] = TAG_MSCMAP;
|
||||
@@ -747,7 +741,7 @@ pub unsafe fn ykpiv_util_read_msroots(
|
||||
state: &mut YubiKey,
|
||||
data: *mut *mut u8,
|
||||
data_len: *mut usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut _currentBlock = 0;
|
||||
let mut res;
|
||||
let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE];
|
||||
@@ -762,7 +756,7 @@ pub unsafe fn ykpiv_util_read_msroots(
|
||||
let mut offset: usize = 0;
|
||||
|
||||
if data.is_null() || data_len.is_null() {
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
_ykpiv_begin_transaction(state)?;
|
||||
@@ -782,7 +776,7 @@ pub unsafe fn ykpiv_util_read_msroots(
|
||||
|
||||
if p_data.is_null() {
|
||||
let _ = _ykpiv_end_transaction(state);
|
||||
return Err(ErrorKind::MemoryError);
|
||||
return Err(Error::MemoryError);
|
||||
}
|
||||
|
||||
for object_id in YKPIV_OBJ_MSROOTS1..YKPIV_OBJ_MSROOTS5 {
|
||||
@@ -863,7 +857,7 @@ pub unsafe fn ykpiv_util_read_msroots(
|
||||
*data_len = offset;
|
||||
res = Ok(());
|
||||
} else if _currentBlock == 16 {
|
||||
res = Err(ErrorKind::MemoryError);
|
||||
res = Err(Error::MemoryError);
|
||||
} else if _currentBlock != 21 {
|
||||
res = Ok(());
|
||||
}
|
||||
@@ -881,7 +875,7 @@ pub unsafe fn ykpiv_util_write_msroots(
|
||||
state: &mut YubiKey,
|
||||
data: *mut u8,
|
||||
data_len: usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut res = Ok(());
|
||||
let mut buf = [0u8; CB_OBJ_MAX];
|
||||
let mut offset: usize;
|
||||
@@ -895,7 +889,7 @@ pub unsafe fn ykpiv_util_write_msroots(
|
||||
if _ykpiv_ensure_application_selected(state).is_ok() {
|
||||
if data.is_null() || data_len == 0 {
|
||||
if !data.is_null() || data_len != 0 {
|
||||
res = Err(ErrorKind::GenericError);
|
||||
res = Err(Error::GenericError);
|
||||
} else {
|
||||
res = _ykpiv_save_object(state, YKPIV_OBJ_MSROOTS1 as i32, ptr::null_mut(), 0);
|
||||
}
|
||||
@@ -908,7 +902,7 @@ pub unsafe fn ykpiv_util_write_msroots(
|
||||
|
||||
if n_objs > 5 {
|
||||
let _ = _ykpiv_end_transaction(state);
|
||||
return Err(ErrorKind::SizeError);
|
||||
return Err(Error::SizeError);
|
||||
}
|
||||
|
||||
for i in 0..n_objs {
|
||||
@@ -981,7 +975,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
||||
exp_len: *mut usize,
|
||||
point: *mut *mut u8,
|
||||
point_len: *mut usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut res = Ok(());
|
||||
let mut in_data = [0u8; 11];
|
||||
let mut in_ptr = in_data.as_mut_ptr();
|
||||
@@ -1031,7 +1025,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
||||
);
|
||||
|
||||
if !setting_roca.value {
|
||||
return Err(ErrorKind::NotSupported);
|
||||
return Err(Error::NotSupported);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1039,7 +1033,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
||||
YKPIV_ALGO_RSA1024 | YKPIV_ALGO_RSA2048 => {
|
||||
if point.is_null() || point_len.is_null() {
|
||||
error!("invalid output parameter for ECC algorithm");
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
*point = ptr::null_mut();
|
||||
@@ -1048,7 +1042,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
||||
YKPIV_ALGO_ECCP256 | YKPIV_ALGO_ECCP384 => {
|
||||
if modulus.is_null() || modulus_len.is_null() || exp.is_null() || exp_len.is_null() {
|
||||
error!("invalid output parameter for RSA algorithm");
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
*modulus = ptr::null_mut();
|
||||
@@ -1058,7 +1052,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
||||
}
|
||||
_ => {
|
||||
error!("invalid algorithm specified");
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1075,7 +1069,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
||||
in_ptr = in_ptr.add(5);
|
||||
|
||||
if in_data[4] == 0 {
|
||||
res = Err(ErrorKind::AlgorithmError);
|
||||
res = Err(Error::AlgorithmError);
|
||||
error!("unexpected algorithm");
|
||||
} else {
|
||||
if pin_policy != YKPIV_PINPOLICY_DEFAULT {
|
||||
@@ -1111,11 +1105,11 @@ pub unsafe fn ykpiv_util_generate_key(
|
||||
|
||||
match sw {
|
||||
SW_ERR_INCORRECT_SLOT => {
|
||||
res = Err(ErrorKind::KeyError);
|
||||
res = Err(Error::KeyError);
|
||||
error!("{} (incorrect slot)", err_msg);
|
||||
}
|
||||
SW_ERR_INCORRECT_PARAM => {
|
||||
res = Err(ErrorKind::AlgorithmError);
|
||||
res = Err(Error::AlgorithmError);
|
||||
|
||||
if pin_policy != 0 {
|
||||
error!("{} (pin policy not supported?)", err_msg);
|
||||
@@ -1126,11 +1120,11 @@ pub unsafe fn ykpiv_util_generate_key(
|
||||
}
|
||||
}
|
||||
SW_ERR_SECURITY_STATUS => {
|
||||
res = Err(ErrorKind::AuthenticationError);
|
||||
res = Err(Error::AuthenticationError);
|
||||
error!("{} (not authenticated)", err_msg);
|
||||
}
|
||||
_ => {
|
||||
res = Err(ErrorKind::GenericError);
|
||||
res = Err(Error::GenericError);
|
||||
error!("{} (error {:x})", err_msg, sw);
|
||||
}
|
||||
}
|
||||
@@ -1140,7 +1134,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
||||
|
||||
if *data_ptr != TAG_RSA_MODULUS {
|
||||
error!("Failed to parse public key structure (modulus)");
|
||||
res = Err(ErrorKind::ParseError);
|
||||
res = Err(Error::ParseError);
|
||||
} else {
|
||||
data_ptr = data_ptr.add(1);
|
||||
data_ptr = data_ptr.add(_ykpiv_get_length(data_ptr, &mut len));
|
||||
@@ -1149,7 +1143,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
||||
|
||||
if ptr_modulus.is_null() {
|
||||
error!("failed to allocate memory for modulus");
|
||||
res = Err(ErrorKind::MemoryError);
|
||||
res = Err(Error::MemoryError);
|
||||
} else {
|
||||
memcpy(
|
||||
ptr_modulus as *mut c_void,
|
||||
@@ -1160,7 +1154,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
||||
data_ptr = data_ptr.add(len);
|
||||
if *data_ptr != TAG_RSA_EXP {
|
||||
error!("failed to parse public key structure (public exponent)");
|
||||
res = Err(ErrorKind::ParseError);
|
||||
res = Err(Error::ParseError);
|
||||
} else {
|
||||
data_ptr = data_ptr.add(1);
|
||||
data_ptr = data_ptr.add(_ykpiv_get_length(data_ptr, &mut len));
|
||||
@@ -1168,7 +1162,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
||||
ptr_exp = calloc(cb_exp, 1) as *mut u8;
|
||||
if ptr_exp.is_null() {
|
||||
error!("failed to allocate memory for public exponent");
|
||||
res = Err(ErrorKind::MemoryError);
|
||||
res = Err(Error::MemoryError);
|
||||
} else {
|
||||
memcpy(
|
||||
ptr_exp as (*mut c_void),
|
||||
@@ -1201,7 +1195,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
||||
|
||||
if tag != TAG_ECC_POINT {
|
||||
error!("failed to parse public key structure");
|
||||
res = Err(ErrorKind::ParseError);
|
||||
res = Err(Error::ParseError);
|
||||
} else {
|
||||
// the curve point should always be determined by the curve
|
||||
let len_byte = *data_ptr;
|
||||
@@ -1209,14 +1203,14 @@ pub unsafe fn ykpiv_util_generate_key(
|
||||
|
||||
if len_byte as usize != len {
|
||||
error!("unexpected length");
|
||||
res = Err(ErrorKind::AlgorithmError);
|
||||
res = Err(Error::AlgorithmError);
|
||||
} else {
|
||||
cb_point = len;
|
||||
ptr_point = calloc(cb_point, 1) as (*mut u8);
|
||||
|
||||
if ptr_point.is_null() {
|
||||
error!("failed to allocate memory for public point");
|
||||
res = Err(ErrorKind::MemoryError);
|
||||
res = Err(Error::MemoryError);
|
||||
} else {
|
||||
memcpy(
|
||||
ptr_point as (*mut c_void),
|
||||
@@ -1231,7 +1225,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
||||
}
|
||||
} else {
|
||||
error!("wrong algorithm");
|
||||
res = Err(ErrorKind::AlgorithmError);
|
||||
res = Err(Error::AlgorithmError);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1290,7 +1284,7 @@ pub struct YkPivConfig {
|
||||
pub unsafe fn ykpiv_util_get_config(
|
||||
state: &mut YubiKey,
|
||||
config: *mut YkPivConfig,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
|
||||
let mut cb_data: usize = mem::size_of::<[u8; YKPIV_OBJ_MAX_SIZE]>();
|
||||
let mut p_item: *mut u8 = ptr::null_mut();
|
||||
@@ -1298,7 +1292,7 @@ pub unsafe fn ykpiv_util_get_config(
|
||||
let mut res = Ok(());
|
||||
|
||||
if config.is_null() {
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
(*config).protected_data_available = false;
|
||||
@@ -1406,7 +1400,7 @@ pub unsafe fn ykpiv_util_get_config(
|
||||
}
|
||||
|
||||
/// Set PIN last changed
|
||||
pub unsafe fn ykpiv_util_set_pin_last_changed(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
||||
pub unsafe fn ykpiv_util_set_pin_last_changed(state: &mut YubiKey) -> Result<(), Error> {
|
||||
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
|
||||
let mut cb_data = data.len();
|
||||
let mut res = Ok(());
|
||||
@@ -1467,7 +1461,7 @@ pub unsafe fn ykpiv_util_get_derived_mgm(
|
||||
state: &mut YubiKey,
|
||||
pin: &[u8],
|
||||
mgm: &mut YkPivMgm,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
|
||||
let mut cb_data: usize = data.len();
|
||||
let mut p_item: *mut u8 = ptr::null_mut();
|
||||
@@ -1502,7 +1496,7 @@ pub unsafe fn ykpiv_util_get_derived_mgm(
|
||||
);
|
||||
|
||||
let _ = _ykpiv_end_transaction(state);
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
let salt = std::slice::from_raw_parts_mut(p_item, cb_item);
|
||||
@@ -1518,7 +1512,7 @@ pub unsafe fn ykpiv_util_get_derived_mgm(
|
||||
pub unsafe fn ykpiv_util_get_protected_mgm(
|
||||
state: &mut YubiKey,
|
||||
mgm: *mut YkPivMgm,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
// TODO(tarcieri): replace vec with wrapper type that impls `Zeroize`
|
||||
let mut data = Zeroizing::new([0u8; YKPIV_OBJ_MAX_SIZE].to_vec());
|
||||
let mut cb_data: usize = data.len();
|
||||
@@ -1527,7 +1521,7 @@ pub unsafe fn ykpiv_util_get_protected_mgm(
|
||||
let mut res = Ok(());
|
||||
|
||||
if mgm.is_null() {
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
_ykpiv_begin_transaction(state)?;
|
||||
@@ -1553,7 +1547,7 @@ pub unsafe fn ykpiv_util_get_protected_mgm(
|
||||
"protected data contains mgm, but is the wrong size = {}",
|
||||
cb_item,
|
||||
);
|
||||
res = Err(ErrorKind::AuthenticationError);
|
||||
res = Err(Error::AuthenticationError);
|
||||
} else {
|
||||
memcpy(
|
||||
(*mgm).0.as_mut_ptr() as (*mut c_void),
|
||||
@@ -1575,7 +1569,7 @@ pub unsafe fn ykpiv_util_get_protected_mgm(
|
||||
pub unsafe fn ykpiv_util_set_protected_mgm(
|
||||
state: &mut YubiKey,
|
||||
mgm: *mut YkPivMgm,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut f_generate: bool;
|
||||
let mut mgm_key = Zeroizing::new([0u8; 24]);
|
||||
// TODO(tarcieri): replace vec with wrapper type that impls `Zeroize`
|
||||
@@ -1617,7 +1611,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm(
|
||||
if let Err(e) = getrandom(mgm_key.deref_mut()) {
|
||||
error!("could not generate new mgm, err = {}", e);
|
||||
let _ = _ykpiv_end_transaction(state);
|
||||
return Err(ErrorKind::RandomnessError);
|
||||
return Err(Error::RandomnessError);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1627,7 +1621,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm(
|
||||
// if set_mgmkey fails with KeyError, it means the generated key is weak
|
||||
// otherwise, log a warning, since the device mgm key is corrupt or we're in
|
||||
// a state where we can't set the mgm key
|
||||
if Err(ErrorKind::KeyError) != ykrc {
|
||||
if Err(Error::KeyError) != ykrc {
|
||||
error!(
|
||||
"could not set new derived mgm key, err = {}",
|
||||
ykrc.as_ref().unwrap_err()
|
||||
@@ -1756,7 +1750,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm(
|
||||
}
|
||||
|
||||
/// Reset
|
||||
pub unsafe fn ykpiv_util_reset(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
||||
pub unsafe fn ykpiv_util_reset(state: &mut YubiKey) -> Result<(), Error> {
|
||||
let templ = [0, YKPIV_INS_RESET, 0, 0];
|
||||
let mut data = [0u8; 255];
|
||||
let mut recv_len = data.len();
|
||||
@@ -1774,7 +1768,7 @@ pub unsafe fn ykpiv_util_reset(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
||||
|
||||
match (res.is_ok(), sw) {
|
||||
(true, SW_SUCCESS) => Ok(()),
|
||||
_ => Err(ErrorKind::GenericError),
|
||||
_ => Err(Error::GenericError),
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1802,13 +1796,13 @@ unsafe fn _read_certificate(
|
||||
slot: u8,
|
||||
buf: *mut u8,
|
||||
buf_len: *mut usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut ptr: *mut u8;
|
||||
let object_id = ykpiv_util_slot_object(slot) as i32;
|
||||
let mut len: usize = 0;
|
||||
|
||||
if object_id == -1 {
|
||||
return Err(ErrorKind::InvalidObject);
|
||||
return Err(Error::InvalidObject);
|
||||
}
|
||||
|
||||
if _ykpiv_fetch_object(state, object_id, buf, buf_len).is_ok() {
|
||||
@@ -1847,19 +1841,19 @@ unsafe fn _write_certificate(
|
||||
data: *mut u8,
|
||||
data_len: usize,
|
||||
certinfo: u8,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut buf = [0u8; CB_OBJ_MAX];
|
||||
let object_id = ykpiv_util_slot_object(slot) as i32;
|
||||
let mut offset: usize = 0;
|
||||
let mut req_len: usize;
|
||||
|
||||
if object_id == -1 {
|
||||
return Err(ErrorKind::InvalidObject);
|
||||
return Err(Error::InvalidObject);
|
||||
}
|
||||
|
||||
if data.is_null() || data_len == 0 {
|
||||
if !data.is_null() || data_len != 0 {
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
return _ykpiv_save_object(state, object_id, ptr::null_mut(), 0);
|
||||
@@ -1870,7 +1864,7 @@ unsafe fn _write_certificate(
|
||||
req_len += data_len;
|
||||
|
||||
if req_len < data_len || req_len > _obj_size_max(state) {
|
||||
return Err(ErrorKind::SizeError);
|
||||
return Err(Error::SizeError);
|
||||
}
|
||||
|
||||
buf[offset] = TAG_CERT;
|
||||
@@ -1908,13 +1902,13 @@ unsafe fn _get_metadata_item(
|
||||
tag: u8,
|
||||
pp_item: *mut *mut u8,
|
||||
pcb_item: *mut usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut p_temp: *mut u8 = data;
|
||||
let mut cb_temp: usize = 0;
|
||||
let mut tag_temp: u8;
|
||||
|
||||
if data.is_null() || pp_item.is_null() || pcb_item.is_null() {
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
*pp_item = ptr::null_mut();
|
||||
@@ -1925,7 +1919,7 @@ unsafe fn _get_metadata_item(
|
||||
p_temp = p_temp.add(1);
|
||||
|
||||
if !_ykpiv_has_valid_length(p_temp, data.add(cb_data) as usize - p_temp as usize) {
|
||||
return Err(ErrorKind::SizeError);
|
||||
return Err(Error::SizeError);
|
||||
}
|
||||
|
||||
p_temp = p_temp.add(_ykpiv_get_length(p_temp, &mut cb_temp));
|
||||
@@ -1943,7 +1937,7 @@ unsafe fn _get_metadata_item(
|
||||
|
||||
Ok(())
|
||||
} else {
|
||||
Err(ErrorKind::GenericError)
|
||||
Err(Error::GenericError)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1966,7 +1960,7 @@ unsafe fn _set_metadata_item(
|
||||
tag: u8,
|
||||
p_item: *mut u8,
|
||||
cb_item: usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut p_temp: *mut u8 = data;
|
||||
let mut cb_temp: usize = 0;
|
||||
let mut tag_temp: u8 = 0;
|
||||
@@ -1975,7 +1969,7 @@ unsafe fn _set_metadata_item(
|
||||
let cb_moved: isize;
|
||||
|
||||
if data.is_null() || pcb_data.is_null() {
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
while p_temp < data.add(*pcb_data) {
|
||||
@@ -2001,7 +1995,7 @@ unsafe fn _set_metadata_item(
|
||||
cb_len = _get_length_size(cb_item) as (usize);
|
||||
|
||||
if (*pcb_data).wrapping_add(cb_len).wrapping_add(cb_item) > cb_data_max {
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
*p_temp = tag;
|
||||
@@ -2029,7 +2023,7 @@ unsafe fn _set_metadata_item(
|
||||
- cb_len as (isize));
|
||||
|
||||
if (*pcb_data + cb_moved as usize) > cb_data_max {
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
memmove(
|
||||
@@ -2058,18 +2052,18 @@ unsafe fn _read_metadata(
|
||||
tag: u8,
|
||||
data: *mut u8,
|
||||
pcb_data: *mut usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut p_temp: *mut u8;
|
||||
let mut cb_temp: usize;
|
||||
|
||||
if data.is_null() || pcb_data.is_null() || YKPIV_OBJ_MAX_SIZE > *pcb_data {
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
let obj_id = match tag {
|
||||
TAG_ADMIN => YKPIV_OBJ_ADMIN_DATA,
|
||||
TAG_PROTECTED => YKPIV_OBJ_PRINTED,
|
||||
_ => return Err(ErrorKind::InvalidObject),
|
||||
_ => return Err(Error::InvalidObject),
|
||||
} as i32;
|
||||
|
||||
cb_temp = *pcb_data;
|
||||
@@ -2078,7 +2072,7 @@ unsafe fn _read_metadata(
|
||||
_ykpiv_fetch_object(state, obj_id, data, &mut cb_temp)?;
|
||||
|
||||
if cb_temp < CB_OBJ_TAG_MIN {
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
p_temp = data;
|
||||
|
||||
@@ -2089,14 +2083,14 @@ unsafe fn _read_metadata(
|
||||
_old
|
||||
} as (i32)
|
||||
{
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
p_temp = p_temp.add(_ykpiv_get_length(p_temp, pcb_data));
|
||||
|
||||
if *pcb_data > cb_temp - (p_temp as isize - data as isize) as usize {
|
||||
*pcb_data = 0;
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
memmove(data as (*mut c_void), p_temp as (*const c_void), *pcb_data);
|
||||
@@ -2109,18 +2103,18 @@ unsafe fn _write_metadata(
|
||||
tag: u8,
|
||||
data: *mut u8,
|
||||
cb_data: usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut buf = [0u8; CB_OBJ_MAX]; // XXX REMEMBER TO ZERO
|
||||
let mut p_temp: *mut u8 = buf.as_mut_ptr();
|
||||
|
||||
if cb_data > _obj_size_max(state) - CB_OBJ_TAG_MAX {
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
let obj_id = match tag {
|
||||
TAG_ADMIN => YKPIV_OBJ_ADMIN_DATA,
|
||||
TAG_PROTECTED => YKPIV_OBJ_PRINTED,
|
||||
_ => return Err(ErrorKind::InvalidObject),
|
||||
_ => return Err(Error::InvalidObject),
|
||||
} as i32;
|
||||
|
||||
if data.is_null() || cb_data == 0 {
|
||||
|
||||
+128
-133
@@ -36,7 +36,7 @@
|
||||
use crate::{
|
||||
apdu::APDU,
|
||||
consts::*,
|
||||
error::ErrorKind,
|
||||
error::Error,
|
||||
internal::{des_decrypt, des_encrypt, yk_des_is_weak_key, DesKey},
|
||||
};
|
||||
use getrandom::getrandom;
|
||||
@@ -192,7 +192,7 @@ pub fn ykpiv_init() -> YubiKey {
|
||||
}
|
||||
|
||||
/// Cleanup YubiKey session
|
||||
pub(crate) unsafe fn _ykpiv_done(state: &mut YubiKey, disconnect: bool) -> Result<(), ErrorKind> {
|
||||
pub(crate) unsafe fn _ykpiv_done(state: &mut YubiKey, disconnect: bool) -> Result<(), Error> {
|
||||
if disconnect {
|
||||
ykpiv_disconnect(state);
|
||||
}
|
||||
@@ -203,12 +203,12 @@ pub(crate) unsafe fn _ykpiv_done(state: &mut YubiKey, disconnect: bool) -> Resul
|
||||
|
||||
/// Cleanup YubiKey session with external card upon completion
|
||||
// TODO(tarcieri): make this a `Drop` handler
|
||||
pub unsafe fn ykpiv_done_with_external_card(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
||||
pub unsafe fn ykpiv_done_with_external_card(state: &mut YubiKey) -> Result<(), Error> {
|
||||
_ykpiv_done(state, false)
|
||||
}
|
||||
|
||||
/// Cleanup YubiKey session upon completion
|
||||
pub unsafe fn ykpiv_done(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
||||
pub unsafe fn ykpiv_done(state: &mut YubiKey) -> Result<(), Error> {
|
||||
_ykpiv_done(state, true)
|
||||
}
|
||||
|
||||
@@ -226,7 +226,7 @@ pub unsafe fn ykpiv_disconnect(state: &mut YubiKey) {
|
||||
}
|
||||
|
||||
/// Select application
|
||||
pub(crate) unsafe fn _ykpiv_select_application(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
||||
pub(crate) unsafe fn _ykpiv_select_application(state: &mut YubiKey) -> Result<(), Error> {
|
||||
let mut data = [0u8; 255];
|
||||
let mut recv_len = data.len() as u32;
|
||||
let mut sw = 0i32;
|
||||
@@ -249,7 +249,7 @@ pub(crate) unsafe fn _ykpiv_select_application(state: &mut YubiKey) -> Result<()
|
||||
|
||||
if sw != SW_SUCCESS {
|
||||
error!("failed selecting application: {:04x}", sw);
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
// now that the PIV application is selected, retrieve the version
|
||||
@@ -272,9 +272,7 @@ pub(crate) unsafe fn _ykpiv_select_application(state: &mut YubiKey) -> Result<()
|
||||
}
|
||||
|
||||
/// Ensure an application is selected (presently noop)
|
||||
pub(crate) unsafe fn _ykpiv_ensure_application_selected(
|
||||
_state: &mut YubiKey,
|
||||
) -> Result<(), ErrorKind> {
|
||||
pub(crate) unsafe fn _ykpiv_ensure_application_selected(_state: &mut YubiKey) -> Result<(), Error> {
|
||||
// TODO(tarcieri): ENABLE_APPLICATION_RESELECTION support?
|
||||
//
|
||||
// Original C code below:
|
||||
@@ -307,10 +305,10 @@ pub(crate) unsafe fn _ykpiv_connect(
|
||||
state: &mut YubiKey,
|
||||
context: usize,
|
||||
card: usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
// if the context has changed, and the new context is not valid, return an error
|
||||
if context != state.context as (usize) && (0x0i32 != SCardIsValidContext(context as (i32))) {
|
||||
return Err(ErrorKind::PcscError);
|
||||
return Err(Error::PcscError);
|
||||
}
|
||||
|
||||
// if card handle has changed, determine if handle is valid (less efficient, but complete)
|
||||
@@ -332,7 +330,7 @@ pub(crate) unsafe fn _ykpiv_connect(
|
||||
&mut atr_len,
|
||||
) != 0
|
||||
{
|
||||
return Err(ErrorKind::PcscError);
|
||||
return Err(Error::PcscError);
|
||||
}
|
||||
|
||||
state.is_neo = (atr_len as usize == YKPIV_ATR_NEO_R3.len() - 1)
|
||||
@@ -362,12 +360,12 @@ pub unsafe fn ykpiv_connect_with_external_card(
|
||||
state: &mut YubiKey,
|
||||
context: usize,
|
||||
card: usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
_ykpiv_connect(state, context, card)
|
||||
}
|
||||
|
||||
/// Connect to a YubiKey
|
||||
pub unsafe fn ykpiv_connect(state: &mut YubiKey, wanted: *const c_char) -> Result<(), ErrorKind> {
|
||||
pub unsafe fn ykpiv_connect(state: &mut YubiKey, wanted: *const c_char) -> Result<(), Error> {
|
||||
let mut active_protocol: u32 = 0;
|
||||
let mut reader_buf: [c_char; 2048] = [0; 2048];
|
||||
let mut num_readers = reader_buf.len();
|
||||
@@ -438,7 +436,7 @@ pub unsafe fn ykpiv_connect(state: &mut YubiKey, wanted: *const c_char) -> Resul
|
||||
error!("error: no usable reader found");
|
||||
SCardReleaseContext(state.context);
|
||||
state.context = -1;
|
||||
return Err(ErrorKind::PcscError);
|
||||
return Err(Error::PcscError);
|
||||
}
|
||||
|
||||
// Select applet. This is done here instead of in _ykpiv_connect() because
|
||||
@@ -456,7 +454,7 @@ pub unsafe fn ykpiv_list_readers(
|
||||
state: &mut YubiKey,
|
||||
readers: *mut c_char,
|
||||
len: *mut usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut num_readers: u32 = 0u32;
|
||||
let mut rc: i32;
|
||||
|
||||
@@ -465,7 +463,7 @@ pub unsafe fn ykpiv_list_readers(
|
||||
|
||||
if rc != 0 {
|
||||
error!("error: SCardEstablishContext failed, rc={}", rc);
|
||||
return Err(ErrorKind::PcscError);
|
||||
return Err(Error::PcscError);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -480,7 +478,7 @@ pub unsafe fn ykpiv_list_readers(
|
||||
error!("error: SCardListReaders failed, rc={}", rc);
|
||||
SCardReleaseContext(state.context);
|
||||
state.context = -1i32;
|
||||
return Err(ErrorKind::PcscError);
|
||||
return Err(Error::PcscError);
|
||||
}
|
||||
|
||||
if num_readers as (usize) > *len {
|
||||
@@ -495,7 +493,7 @@ pub unsafe fn ykpiv_list_readers(
|
||||
error!("error: SCardListReaders failed, rc={}", rc);
|
||||
SCardReleaseContext(state.context);
|
||||
state.context = -1i32;
|
||||
return Err(ErrorKind::PcscError);
|
||||
return Err(Error::PcscError);
|
||||
}
|
||||
|
||||
*len = num_readers as usize;
|
||||
@@ -503,7 +501,7 @@ pub unsafe fn ykpiv_list_readers(
|
||||
}
|
||||
|
||||
/// Reconnect to a YubiKey
|
||||
pub(crate) unsafe fn reconnect(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
||||
pub(crate) unsafe fn reconnect(state: &mut YubiKey) -> Result<(), Error> {
|
||||
info!("trying to reconnect to current reader");
|
||||
|
||||
let mut active_protocol: u32 = 0;
|
||||
@@ -511,7 +509,7 @@ pub(crate) unsafe fn reconnect(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
||||
|
||||
if rc != 0x0 {
|
||||
error!("SCardReconnect failed, rc={}", rc);
|
||||
return Err(ErrorKind::PcscError);
|
||||
return Err(Error::PcscError);
|
||||
}
|
||||
|
||||
_ykpiv_select_application(state)?;
|
||||
@@ -524,7 +522,7 @@ pub(crate) unsafe fn reconnect(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
||||
}
|
||||
|
||||
/// Begin a transaction
|
||||
pub(crate) unsafe fn _ykpiv_begin_transaction(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
||||
pub(crate) unsafe fn _ykpiv_begin_transaction(state: &mut YubiKey) -> Result<(), Error> {
|
||||
let mut rc = SCardBeginTransaction(state.card);
|
||||
|
||||
if rc as usize & 0xffff_ffff == 0x8010_0068 {
|
||||
@@ -534,19 +532,19 @@ pub(crate) unsafe fn _ykpiv_begin_transaction(state: &mut YubiKey) -> Result<(),
|
||||
|
||||
if rc != 0 {
|
||||
error!("failed to begin pcsc transaction, rc={}", rc);
|
||||
return Err(ErrorKind::PcscError);
|
||||
return Err(Error::PcscError);
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// End a transaction
|
||||
pub(crate) unsafe fn _ykpiv_end_transaction(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
||||
pub(crate) unsafe fn _ykpiv_end_transaction(state: &mut YubiKey) -> Result<(), Error> {
|
||||
let rc = SCardEndTransaction(state.card, 0x0);
|
||||
|
||||
if rc != 0x0 {
|
||||
error!("failed to end pcsc transaction, rc={}", rc);
|
||||
return Err(ErrorKind::PcscError);
|
||||
return Err(Error::PcscError);
|
||||
}
|
||||
|
||||
Ok(())
|
||||
@@ -561,11 +559,11 @@ pub(crate) unsafe fn _ykpiv_transfer_data(
|
||||
mut out_data: *mut u8,
|
||||
out_len: *mut usize,
|
||||
sw: *mut i32,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut _currentBlock;
|
||||
let mut in_ptr: *const u8 = in_data;
|
||||
let max_out = *out_len;
|
||||
let mut res: Result<(), ErrorKind>;
|
||||
let mut res: Result<(), Error>;
|
||||
let mut recv_len: u32;
|
||||
|
||||
*out_len = 0;
|
||||
@@ -686,7 +684,7 @@ pub(crate) unsafe fn _ykpiv_transfer_data(
|
||||
max_out
|
||||
);
|
||||
|
||||
return Err(ErrorKind::SizeError);
|
||||
return Err(Error::SizeError);
|
||||
}
|
||||
} else if _currentBlock == 21 {
|
||||
error!(
|
||||
@@ -695,7 +693,7 @@ pub(crate) unsafe fn _ykpiv_transfer_data(
|
||||
max_out
|
||||
);
|
||||
|
||||
return Err(ErrorKind::SizeError);
|
||||
return Err(Error::SizeError);
|
||||
}
|
||||
|
||||
res
|
||||
@@ -710,7 +708,7 @@ pub unsafe fn ykpiv_transfer_data(
|
||||
out_data: *mut u8,
|
||||
out_len: *mut usize,
|
||||
sw: *mut i32,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
if let Err(e) = _ykpiv_begin_transaction(state) {
|
||||
*out_len = 0;
|
||||
return Err(e);
|
||||
@@ -728,7 +726,7 @@ pub(crate) unsafe fn _send_data(
|
||||
data: *mut u8,
|
||||
recv_len: *mut u32,
|
||||
sw: *mut i32,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let send_len = apdu.lc as u32 + 5;
|
||||
let mut tmp_len = *recv_len;
|
||||
|
||||
@@ -746,7 +744,7 @@ pub(crate) unsafe fn _send_data(
|
||||
|
||||
if rc != SCARD_S_SUCCESS {
|
||||
error!("error: SCardTransmit failed, rc={:08x}", rc);
|
||||
return Err(ErrorKind::PcscError);
|
||||
return Err(Error::PcscError);
|
||||
}
|
||||
|
||||
*recv_len = tmp_len;
|
||||
@@ -769,7 +767,7 @@ pub const DEFAULT_AUTH_KEY: &[u8; DES_LEN_3DES] = b"\x01\x02\x03\x04\x05\x06\x07
|
||||
pub unsafe fn ykpiv_authenticate(
|
||||
state: &mut YubiKey,
|
||||
key: Option<&[u8; DES_LEN_3DES]>,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut data = [0u8; 261];
|
||||
let mut recv_len = data.len() as u32;
|
||||
let mut sw: i32 = 0;
|
||||
@@ -798,7 +796,7 @@ pub unsafe fn ykpiv_authenticate(
|
||||
return res;
|
||||
} else if sw != SW_SUCCESS {
|
||||
let _ = _ykpiv_end_transaction(state);
|
||||
return Err(ErrorKind::AuthenticationError);
|
||||
return Err(Error::AuthenticationError);
|
||||
}
|
||||
|
||||
let mut challenge = [0u8; 8];
|
||||
@@ -824,7 +822,7 @@ pub unsafe fn ykpiv_authenticate(
|
||||
if getrandom(&mut data[14..22]).is_err() {
|
||||
error!("failed getting randomness for authentication.");
|
||||
let _ = _ykpiv_end_transaction(state);
|
||||
return Err(ErrorKind::RandomnessError);
|
||||
return Err(Error::RandomnessError);
|
||||
}
|
||||
challenge.copy_from_slice(&data[14..22]);
|
||||
|
||||
@@ -837,7 +835,7 @@ pub unsafe fn ykpiv_authenticate(
|
||||
return res;
|
||||
} else if sw != SW_SUCCESS {
|
||||
let _ = _ykpiv_end_transaction(state);
|
||||
return Err(ErrorKind::AuthenticationError);
|
||||
return Err(Error::AuthenticationError);
|
||||
}
|
||||
|
||||
// compare the response from the card with our challenge
|
||||
@@ -847,7 +845,7 @@ pub unsafe fn ykpiv_authenticate(
|
||||
if response == data[4..12] {
|
||||
res = Ok(());
|
||||
} else {
|
||||
res = Err(ErrorKind::AuthenticationError);
|
||||
res = Err(Error::AuthenticationError);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -859,7 +857,7 @@ pub unsafe fn ykpiv_authenticate(
|
||||
pub unsafe fn ykpiv_set_mgmkey(
|
||||
state: &mut YubiKey,
|
||||
new_key: &[u8; DES_LEN_3DES],
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
ykpiv_set_mgmkey2(state, new_key, 0)
|
||||
}
|
||||
|
||||
@@ -868,7 +866,7 @@ pub(crate) unsafe fn ykpiv_set_mgmkey2(
|
||||
state: &mut YubiKey,
|
||||
new_key: &[u8; DES_LEN_3DES],
|
||||
touch: u8,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut data = [0u8; 261];
|
||||
let mut recv_len = data.len() as u32;
|
||||
let mut sw: i32 = 0;
|
||||
@@ -883,7 +881,7 @@ pub(crate) unsafe fn ykpiv_set_mgmkey2(
|
||||
"won't set new key '{:?}' since it's weak (with odd parity)",
|
||||
new_key
|
||||
);
|
||||
res = Err(ErrorKind::KeyError);
|
||||
res = Err(Error::KeyError);
|
||||
} else {
|
||||
apdu.ins = YKPIV_INS_SET_MGMKEY;
|
||||
apdu.p1 = 0xff;
|
||||
@@ -893,7 +891,7 @@ pub(crate) unsafe fn ykpiv_set_mgmkey2(
|
||||
1 => 0xfe,
|
||||
_ => {
|
||||
let _ = _ykpiv_end_transaction(state);
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -906,7 +904,7 @@ pub(crate) unsafe fn ykpiv_set_mgmkey2(
|
||||
res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw);
|
||||
|
||||
if res.is_ok() && sw != SW_SUCCESS {
|
||||
res = Err(ErrorKind::GenericError);
|
||||
res = Err(Error::GenericError);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -926,7 +924,7 @@ pub(crate) unsafe fn _general_authenticate(
|
||||
algorithm: u8,
|
||||
key: u8,
|
||||
decipher: bool,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut _currentBlock;
|
||||
let mut indata = [0u8; 1024];
|
||||
let mut dataptr: *mut u8 = indata.as_mut_ptr();
|
||||
@@ -946,7 +944,7 @@ pub(crate) unsafe fn _general_authenticate(
|
||||
};
|
||||
|
||||
if in_len != key_len {
|
||||
return Err(ErrorKind::SizeError);
|
||||
return Err(Error::SizeError);
|
||||
} else {
|
||||
_currentBlock = 16;
|
||||
}
|
||||
@@ -959,10 +957,10 @@ pub(crate) unsafe fn _general_authenticate(
|
||||
};
|
||||
|
||||
if (!decipher && (in_len > key_len)) || (decipher && (in_len != (key_len * 2) + 1)) {
|
||||
return Err(ErrorKind::SizeError);
|
||||
return Err(Error::SizeError);
|
||||
}
|
||||
}
|
||||
_ => return Err(ErrorKind::AlgorithmError),
|
||||
_ => return Err(Error::AlgorithmError),
|
||||
}
|
||||
|
||||
if in_len < 0x80 {
|
||||
@@ -1004,16 +1002,16 @@ pub(crate) unsafe fn _general_authenticate(
|
||||
error!("Failed sign command with code {:x}", sw);
|
||||
|
||||
if sw == SW_ERR_SECURITY_STATUS {
|
||||
return Err(ErrorKind::AuthenticationError);
|
||||
return Err(Error::AuthenticationError);
|
||||
} else {
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
}
|
||||
|
||||
// skip the first 7c tag
|
||||
if data[0] != 0x7c {
|
||||
error!("failed parsing signature reply (0x7c byte)");
|
||||
return Err(ErrorKind::ParseError);
|
||||
return Err(Error::ParseError);
|
||||
}
|
||||
|
||||
dataptr = data.as_mut_ptr().add(1);
|
||||
@@ -1022,7 +1020,7 @@ pub(crate) unsafe fn _general_authenticate(
|
||||
// skip the 82 tag
|
||||
if *dataptr != 0x82 {
|
||||
error!("failed parsing signature reply (0x82 byte)");
|
||||
return Err(ErrorKind::ParseError);
|
||||
return Err(Error::ParseError);
|
||||
}
|
||||
|
||||
dataptr = dataptr.add(1);
|
||||
@@ -1030,7 +1028,7 @@ pub(crate) unsafe fn _general_authenticate(
|
||||
|
||||
if len > *out_len {
|
||||
error!("wrong size on output buffer");
|
||||
return Err(ErrorKind::SizeError);
|
||||
return Err(Error::SizeError);
|
||||
}
|
||||
|
||||
*out_len = len;
|
||||
@@ -1047,7 +1045,7 @@ pub unsafe fn ykpiv_sign_data(
|
||||
out_len: *mut usize,
|
||||
algorithm: u8,
|
||||
key: u8,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
_ykpiv_begin_transaction(state)?;
|
||||
|
||||
// don't attempt to reselect in crypt operations to avoid problems with PIN_ALWAYS
|
||||
@@ -1069,7 +1067,7 @@ pub unsafe fn ykpiv_decrypt_data(
|
||||
out_len: *mut usize,
|
||||
algorithm: u8,
|
||||
key: u8,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
_ykpiv_begin_transaction(state)?;
|
||||
|
||||
// don't attempt to reselect in crypt operations to avoid problems with PIN_ALWAYS
|
||||
@@ -1080,7 +1078,7 @@ pub unsafe fn ykpiv_decrypt_data(
|
||||
}
|
||||
|
||||
/// Get the version of the PIV application installed on the YubiKey
|
||||
pub(crate) unsafe fn _ykpiv_get_version(state: &mut YubiKey) -> Result<Version, ErrorKind> {
|
||||
pub(crate) unsafe fn _ykpiv_get_version(state: &mut YubiKey) -> Result<Version, Error> {
|
||||
let mut data = [0u8; 261];
|
||||
let mut recv_len = data.len() as u32;
|
||||
let mut sw: i32 = 0;
|
||||
@@ -1097,11 +1095,11 @@ pub(crate) unsafe fn _ykpiv_get_version(state: &mut YubiKey) -> Result<Version,
|
||||
_send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw)?;
|
||||
|
||||
if sw != SW_SUCCESS {
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
if recv_len < 3 {
|
||||
return Err(ErrorKind::SizeError);
|
||||
return Err(Error::SizeError);
|
||||
}
|
||||
|
||||
state.ver.major = data[0];
|
||||
@@ -1112,8 +1110,8 @@ pub(crate) unsafe fn _ykpiv_get_version(state: &mut YubiKey) -> Result<Version,
|
||||
}
|
||||
|
||||
/// Get the YubiKey's PIV application version as a string
|
||||
pub unsafe fn ykpiv_get_version(state: &mut YubiKey) -> Result<String, ErrorKind> {
|
||||
let mut res = Err(ErrorKind::GenericError);
|
||||
pub unsafe fn ykpiv_get_version(state: &mut YubiKey) -> Result<String, Error> {
|
||||
let mut res = Err(Error::GenericError);
|
||||
|
||||
_ykpiv_begin_transaction(state)?;
|
||||
|
||||
@@ -1128,10 +1126,7 @@ pub unsafe fn ykpiv_get_version(state: &mut YubiKey) -> Result<String, ErrorKind
|
||||
/// Get YubiKey device serial number
|
||||
///
|
||||
/// NOTE: caller must make sure that this is wrapped in a transaction for synchronized operation
|
||||
pub(crate) unsafe fn _ykpiv_get_serial(
|
||||
state: &mut YubiKey,
|
||||
f_force: bool,
|
||||
) -> Result<u32, ErrorKind> {
|
||||
pub(crate) unsafe fn _ykpiv_get_serial(state: &mut YubiKey, f_force: bool) -> Result<u32, Error> {
|
||||
let yk_applet: *const u8 = ptr::null();
|
||||
let mut data = [0u8; 255];
|
||||
let mut recv_len = data.len() as u32;
|
||||
@@ -1165,7 +1160,7 @@ pub(crate) unsafe fn _ykpiv_get_serial(
|
||||
|
||||
if sw != SW_SUCCESS {
|
||||
error!("failed selecting yk application: {:04x}", sw);
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
recv_len = temp.len() as u32;
|
||||
@@ -1181,7 +1176,7 @@ pub(crate) unsafe fn _ykpiv_get_serial(
|
||||
|
||||
if sw != SW_SUCCESS {
|
||||
error!("failed retrieving serial number: {:04x}", sw);
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
recv_len = temp.len() as u32;
|
||||
@@ -1203,7 +1198,7 @@ pub(crate) unsafe fn _ykpiv_get_serial(
|
||||
|
||||
if sw != SW_SUCCESS {
|
||||
error!("failed selecting application: {:04x}", sw);
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
} else {
|
||||
// get serial from yk5 and later devices using the f8 command
|
||||
@@ -1217,13 +1212,13 @@ pub(crate) unsafe fn _ykpiv_get_serial(
|
||||
|
||||
if sw != SW_SUCCESS {
|
||||
error!("failed retrieving serial number: {:04x}", sw);
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
}
|
||||
|
||||
// check that we received enough data for the serial number
|
||||
if recv_len < 4 {
|
||||
return Err(ErrorKind::SizeError);
|
||||
return Err(Error::SizeError);
|
||||
}
|
||||
|
||||
// TODO(tarcieri): replace pointers and casts with proper references!
|
||||
@@ -1241,8 +1236,8 @@ pub(crate) unsafe fn _ykpiv_get_serial(
|
||||
}
|
||||
|
||||
/// Get YubiKey device serial number
|
||||
pub unsafe fn ykpiv_get_serial(state: &mut YubiKey) -> Result<u32, ErrorKind> {
|
||||
let mut res = Err(ErrorKind::GenericError);
|
||||
pub unsafe fn ykpiv_get_serial(state: &mut YubiKey) -> Result<u32, Error> {
|
||||
let mut res = Err(Error::GenericError);
|
||||
|
||||
_ykpiv_begin_transaction(state)?;
|
||||
|
||||
@@ -1260,7 +1255,7 @@ pub(crate) unsafe fn _cache_pin(
|
||||
state: &mut YubiKey,
|
||||
pin: *const c_char,
|
||||
len: usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
if !pin.is_null() && (state.pin as *const c_char == pin) {
|
||||
return Ok(());
|
||||
}
|
||||
@@ -1279,7 +1274,7 @@ pub(crate) unsafe fn _cache_pin(
|
||||
state.pin = malloc(len + 1) as (*mut u8);
|
||||
|
||||
if state.pin.is_null() {
|
||||
return Err(ErrorKind::MemoryError);
|
||||
return Err(Error::MemoryError);
|
||||
}
|
||||
|
||||
memcpy(state.pin as (*mut c_void), pin as (*const c_void), len);
|
||||
@@ -1292,7 +1287,7 @@ pub(crate) unsafe fn _cache_pin(
|
||||
/// Verify device PIN
|
||||
///
|
||||
/// Returns the number of tries remaining both on success and on a wrong PIN.
|
||||
pub unsafe fn ykpiv_verify(state: &mut YubiKey, pin: *const c_char) -> Result<i32, ErrorKind> {
|
||||
pub unsafe fn ykpiv_verify(state: &mut YubiKey, pin: *const c_char) -> Result<i32, Error> {
|
||||
ykpiv_verify_select(
|
||||
state,
|
||||
pin,
|
||||
@@ -1308,13 +1303,13 @@ pub(crate) unsafe fn _verify(
|
||||
state: &mut YubiKey,
|
||||
pin: *const c_char,
|
||||
pin_len: usize,
|
||||
) -> Result<i32, ErrorKind> {
|
||||
) -> Result<i32, Error> {
|
||||
let mut data = [0u8; 261];
|
||||
let mut recv_len = data.len() as u32;
|
||||
let mut sw: i32 = 0;
|
||||
|
||||
if pin_len > CB_PIN_MAX {
|
||||
return Err(ErrorKind::SizeError);
|
||||
return Err(Error::SizeError);
|
||||
}
|
||||
|
||||
let mut apdu = APDU::default();
|
||||
@@ -1356,11 +1351,11 @@ pub(crate) unsafe fn _verify(
|
||||
|
||||
Ok(sw & 0xf)
|
||||
} else if sw >> 8 == 0x63 {
|
||||
Err(ErrorKind::WrongPin { tries: sw & 0xf })
|
||||
Err(Error::WrongPin { tries: sw & 0xf })
|
||||
} else if sw == SW_ERR_AUTH_BLOCKED {
|
||||
Err(ErrorKind::WrongPin { tries: 0 })
|
||||
Err(Error::WrongPin { tries: 0 })
|
||||
} else {
|
||||
Err(ErrorKind::GenericError)
|
||||
Err(Error::GenericError)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1372,7 +1367,7 @@ pub unsafe fn ykpiv_verify_select(
|
||||
pin: *const c_char,
|
||||
pin_len: usize,
|
||||
force_select: bool,
|
||||
) -> Result<i32, ErrorKind> {
|
||||
) -> Result<i32, Error> {
|
||||
let mut res = Ok(-1);
|
||||
|
||||
_ykpiv_begin_transaction(state)?;
|
||||
@@ -1392,7 +1387,7 @@ pub unsafe fn ykpiv_verify_select(
|
||||
}
|
||||
|
||||
/// Get the number of PIN retries
|
||||
pub unsafe fn ykpiv_get_pin_retries(state: &mut YubiKey) -> Result<i32, ErrorKind> {
|
||||
pub unsafe fn ykpiv_get_pin_retries(state: &mut YubiKey) -> Result<i32, Error> {
|
||||
// Force a re-select to unverify, because once verified the spec dictates that
|
||||
// subsequent verify calls will return a "verification not needed" instead of
|
||||
// the number of tries left...
|
||||
@@ -1402,7 +1397,7 @@ pub unsafe fn ykpiv_get_pin_retries(state: &mut YubiKey) -> Result<i32, ErrorKin
|
||||
|
||||
// WRONG_PIN is expected on successful query.
|
||||
match ykrc {
|
||||
Ok(tries) | Err(ErrorKind::WrongPin { tries }) => Ok(tries),
|
||||
Ok(tries) | Err(Error::WrongPin { tries }) => Ok(tries),
|
||||
Err(e) => Err(e),
|
||||
}
|
||||
}
|
||||
@@ -1412,7 +1407,7 @@ pub unsafe fn ykpiv_set_pin_retries(
|
||||
state: &mut YubiKey,
|
||||
pin_tries: i32,
|
||||
puk_tries: i32,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut res = Ok(());
|
||||
let mut templ = [0, YKPIV_INS_SET_PIN_RETRIES, 0, 0];
|
||||
let mut data = [0u8; 255];
|
||||
@@ -1425,7 +1420,7 @@ pub unsafe fn ykpiv_set_pin_retries(
|
||||
}
|
||||
|
||||
if pin_tries > 0xff || puk_tries > 0xff || pin_tries < 1 || puk_tries < 1 {
|
||||
return Err(ErrorKind::RangeError);
|
||||
return Err(Error::RangeError);
|
||||
}
|
||||
|
||||
templ[2] = pin_tries as (u8);
|
||||
@@ -1447,9 +1442,9 @@ pub unsafe fn ykpiv_set_pin_retries(
|
||||
if res.is_ok() {
|
||||
res = match sw {
|
||||
SW_SUCCESS => Ok(()),
|
||||
SW_ERR_AUTH_BLOCKED => Err(ErrorKind::AuthenticationError),
|
||||
SW_ERR_SECURITY_STATUS => Err(ErrorKind::AuthenticationError),
|
||||
_ => Err(ErrorKind::GenericError),
|
||||
SW_ERR_AUTH_BLOCKED => Err(Error::AuthenticationError),
|
||||
SW_ERR_SECURITY_STATUS => Err(Error::AuthenticationError),
|
||||
_ => Err(Error::GenericError),
|
||||
};
|
||||
}
|
||||
}
|
||||
@@ -1466,7 +1461,7 @@ pub(crate) unsafe fn _ykpiv_change_pin(
|
||||
current_pin_len: usize,
|
||||
new_pin: *const c_char,
|
||||
new_pin_len: usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut sw: i32 = 0;
|
||||
let mut templ = [0, YKPIV_INS_CHANGE_REFERENCE, 0, 0x80];
|
||||
let mut indata = [0u8; 16];
|
||||
@@ -1474,7 +1469,7 @@ pub(crate) unsafe fn _ykpiv_change_pin(
|
||||
let mut recv_len: usize = data.len();
|
||||
|
||||
if current_pin_len > 8 || new_pin_len > 8 {
|
||||
return Err(ErrorKind::SizeError);
|
||||
return Err(Error::SizeError);
|
||||
}
|
||||
|
||||
if action == CHREF_ACT_UNBLOCK_PIN {
|
||||
@@ -1529,15 +1524,15 @@ pub(crate) unsafe fn _ykpiv_change_pin(
|
||||
|
||||
if sw != SW_SUCCESS {
|
||||
if sw >> 8 == 0x63 {
|
||||
return Err(ErrorKind::WrongPin { tries: sw & 0xf });
|
||||
return Err(Error::WrongPin { tries: sw & 0xf });
|
||||
}
|
||||
|
||||
if sw == SW_ERR_AUTH_BLOCKED {
|
||||
return Err(ErrorKind::PinLocked);
|
||||
return Err(Error::PinLocked);
|
||||
}
|
||||
|
||||
error!("failed changing pin, token response code: {:x}.", sw);
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
Ok(())
|
||||
@@ -1552,8 +1547,8 @@ pub unsafe fn ykpiv_change_pin(
|
||||
current_pin_len: usize,
|
||||
new_pin: *const c_char,
|
||||
new_pin_len: usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
let mut res = Err(ErrorKind::GenericError);
|
||||
) -> Result<(), Error> {
|
||||
let mut res = Err(Error::GenericError);
|
||||
|
||||
_ykpiv_begin_transaction(state)?;
|
||||
|
||||
@@ -1584,8 +1579,8 @@ pub unsafe fn ykpiv_change_puk(
|
||||
current_puk_len: usize,
|
||||
new_puk: *const c_char,
|
||||
new_puk_len: usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
let mut res = Err(ErrorKind::GenericError);
|
||||
) -> Result<(), Error> {
|
||||
let mut res = Err(Error::GenericError);
|
||||
|
||||
_ykpiv_begin_transaction(state)?;
|
||||
|
||||
@@ -1605,8 +1600,8 @@ pub unsafe fn ykpiv_unblock_pin(
|
||||
puk_len: usize,
|
||||
new_pin: *const c_char,
|
||||
new_pin_len: usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
let mut res = Err(ErrorKind::GenericError);
|
||||
) -> Result<(), Error> {
|
||||
let mut res = Err(Error::GenericError);
|
||||
|
||||
_ykpiv_begin_transaction(state)?;
|
||||
|
||||
@@ -1624,7 +1619,7 @@ pub unsafe fn ykpiv_fetch_object(
|
||||
object_id: i32,
|
||||
data: *mut u8,
|
||||
len: *mut usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut res = Ok(());
|
||||
|
||||
_ykpiv_begin_transaction(state)?;
|
||||
@@ -1643,7 +1638,7 @@ pub(crate) unsafe fn _ykpiv_fetch_object(
|
||||
object_id: i32,
|
||||
data: *mut u8,
|
||||
len: *mut usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut sw: i32 = 0;
|
||||
let mut indata = [0u8; 5];
|
||||
let mut inptr: *mut u8 = indata.as_mut_ptr();
|
||||
@@ -1652,7 +1647,7 @@ pub(crate) unsafe fn _ykpiv_fetch_object(
|
||||
inptr = set_object(object_id, inptr);
|
||||
|
||||
if inptr.is_null() {
|
||||
return Err(ErrorKind::InvalidObject);
|
||||
return Err(Error::InvalidObject);
|
||||
}
|
||||
|
||||
ykpiv_transfer_data(
|
||||
@@ -1666,19 +1661,19 @@ pub(crate) unsafe fn _ykpiv_fetch_object(
|
||||
)?;
|
||||
|
||||
if sw != SW_SUCCESS {
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
let mut outlen: usize = 0;
|
||||
|
||||
if *len < 2 || !_ykpiv_has_valid_length(data.offset(1), (*len).wrapping_sub(1)) {
|
||||
return Err(ErrorKind::SizeError);
|
||||
return Err(Error::SizeError);
|
||||
}
|
||||
|
||||
let offs = _ykpiv_get_length(data.offset(1), &mut outlen);
|
||||
|
||||
if offs == 0 {
|
||||
return Err(ErrorKind::SizeError);
|
||||
return Err(Error::SizeError);
|
||||
}
|
||||
|
||||
if outlen.wrapping_add(offs).wrapping_add(1) != *len {
|
||||
@@ -1687,7 +1682,7 @@ pub(crate) unsafe fn _ykpiv_fetch_object(
|
||||
*len, outlen
|
||||
);
|
||||
|
||||
return Err(ErrorKind::SizeError);
|
||||
return Err(Error::SizeError);
|
||||
}
|
||||
|
||||
memmove(
|
||||
@@ -1706,7 +1701,7 @@ pub unsafe fn ykpiv_save_object(
|
||||
object_id: i32,
|
||||
indata: *mut u8,
|
||||
len: usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut res = Ok(());
|
||||
|
||||
_ykpiv_begin_transaction(state)?;
|
||||
@@ -1725,7 +1720,7 @@ pub unsafe fn _ykpiv_save_object(
|
||||
object_id: i32,
|
||||
indata: *mut u8,
|
||||
len: usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
|
||||
let mut dataptr: *mut u8 = data.as_mut_ptr();
|
||||
let templ = [0, YKPIV_INS_PUT_DATA, 0x3f, 0xff];
|
||||
@@ -1733,13 +1728,13 @@ pub unsafe fn _ykpiv_save_object(
|
||||
let mut outlen: usize = 0usize;
|
||||
|
||||
if len > CB_OBJ_MAX {
|
||||
return Err(ErrorKind::SizeError);
|
||||
return Err(Error::SizeError);
|
||||
}
|
||||
|
||||
dataptr = set_object(object_id, dataptr);
|
||||
|
||||
if dataptr.is_null() {
|
||||
return Err(ErrorKind::InvalidObject);
|
||||
return Err(Error::InvalidObject);
|
||||
}
|
||||
*{
|
||||
let _old = dataptr;
|
||||
@@ -1763,8 +1758,8 @@ pub unsafe fn _ykpiv_save_object(
|
||||
|
||||
match sw {
|
||||
SW_SUCCESS => Ok(()),
|
||||
SW_ERR_SECURITY_STATUS => Err(ErrorKind::AuthenticationError),
|
||||
_ => Err(ErrorKind::GenericError),
|
||||
SW_ERR_SECURITY_STATUS => Err(Error::AuthenticationError),
|
||||
_ => Err(Error::GenericError),
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1806,7 +1801,7 @@ pub unsafe fn ykpiv_import_private_key(
|
||||
ec_data_len: u8,
|
||||
pin_policy: u8,
|
||||
touch_policy: u8,
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut key_data = [0u8; 1024];
|
||||
let mut in_ptr: *mut u8 = key_data.as_mut_ptr();
|
||||
let templ = [0, YKPIV_INS_IMPORT_KEY, algorithm, key];
|
||||
@@ -1824,7 +1819,7 @@ pub unsafe fn ykpiv_import_private_key(
|
||||
|| key > YKPIV_KEY_RETIRED20 && (key < YKPIV_KEY_AUTHENTICATION)
|
||||
|| key > YKPIV_KEY_CARDAUTH && (key != YKPIV_KEY_ATTESTATION)
|
||||
{
|
||||
return Err(ErrorKind::KeyError);
|
||||
return Err(Error::KeyError);
|
||||
}
|
||||
|
||||
if pin_policy != YKPIV_PINPOLICY_DEFAULT
|
||||
@@ -1832,7 +1827,7 @@ pub unsafe fn ykpiv_import_private_key(
|
||||
&& (pin_policy != YKPIV_PINPOLICY_ONCE)
|
||||
&& (pin_policy != YKPIV_PINPOLICY_ALWAYS)
|
||||
{
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
if touch_policy != YKPIV_TOUCHPOLICY_DEFAULT
|
||||
@@ -1840,13 +1835,13 @@ pub unsafe fn ykpiv_import_private_key(
|
||||
&& (touch_policy != YKPIV_TOUCHPOLICY_ALWAYS)
|
||||
&& (touch_policy != YKPIV_TOUCHPOLICY_CACHED)
|
||||
{
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
match algorithm {
|
||||
YKPIV_ALGO_RSA1024 | YKPIV_ALGO_RSA2048 => {
|
||||
if p_len + q_len + dp_len + dq_len + qinv_len >= 1024 {
|
||||
return Err(ErrorKind::SizeError);
|
||||
return Err(Error::SizeError);
|
||||
} else {
|
||||
if algorithm == YKPIV_ALGO_RSA1024 {
|
||||
elem_len = 64;
|
||||
@@ -1857,7 +1852,7 @@ pub unsafe fn ykpiv_import_private_key(
|
||||
}
|
||||
|
||||
if p.is_null() || q.is_null() || dp.is_null() || dq.is_null() || qinv.is_null() {
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
params[0] = p;
|
||||
@@ -1876,7 +1871,7 @@ pub unsafe fn ykpiv_import_private_key(
|
||||
}
|
||||
YKPIV_ALGO_ECCP256 | YKPIV_ALGO_ECCP384 => {
|
||||
if ec_data_len as (usize) >= key_data.len() {
|
||||
return Err(ErrorKind::SizeError);
|
||||
return Err(Error::SizeError);
|
||||
}
|
||||
|
||||
if algorithm == YKPIV_ALGO_ECCP256 {
|
||||
@@ -1886,7 +1881,7 @@ pub unsafe fn ykpiv_import_private_key(
|
||||
}
|
||||
|
||||
if ec_data.is_null() {
|
||||
return Err(ErrorKind::GenericError);
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
params[0] = ec_data;
|
||||
@@ -1894,7 +1889,7 @@ pub unsafe fn ykpiv_import_private_key(
|
||||
param_tag = 0x6;
|
||||
n_params = 1;
|
||||
}
|
||||
_ => return Err(ErrorKind::AlgorithmError),
|
||||
_ => return Err(Error::AlgorithmError),
|
||||
}
|
||||
|
||||
for i in 0..n_params {
|
||||
@@ -1906,7 +1901,7 @@ pub unsafe fn ykpiv_import_private_key(
|
||||
let remaining = (key_data.as_mut_ptr() as usize) + 1024 - in_ptr as usize;
|
||||
|
||||
if padding > remaining {
|
||||
return Err(ErrorKind::AlgorithmError);
|
||||
return Err(Error::AlgorithmError);
|
||||
}
|
||||
|
||||
memset(in_ptr as *mut c_void, 0, padding);
|
||||
@@ -1948,9 +1943,9 @@ pub unsafe fn ykpiv_import_private_key(
|
||||
);
|
||||
|
||||
if res.is_ok() && sw != SW_SUCCESS {
|
||||
res = Err(ErrorKind::GenericError);
|
||||
res = Err(Error::GenericError);
|
||||
if sw == SW_ERR_SECURITY_STATUS {
|
||||
res = Err(ErrorKind::AuthenticationError);
|
||||
res = Err(Error::AuthenticationError);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1966,14 +1961,14 @@ pub unsafe fn ykpiv_attest(
|
||||
key: u8,
|
||||
data: *mut u8,
|
||||
data_len: *mut usize,
|
||||
) -> Result<(), ErrorKind> {
|
||||
let mut res = Err(ErrorKind::GenericError);
|
||||
) -> Result<(), Error> {
|
||||
let mut res = Err(Error::GenericError);
|
||||
let templ = [0, YKPIV_INS_ATTEST, key, 0];
|
||||
let mut sw: i32 = 0;
|
||||
let mut ul_data_len: usize;
|
||||
|
||||
if data.is_null() || data_len.is_null() {
|
||||
return Err(ErrorKind::ArgumentError);
|
||||
return Err(Error::ArgumentError);
|
||||
}
|
||||
|
||||
ul_data_len = *data_len;
|
||||
@@ -1993,12 +1988,12 @@ pub unsafe fn ykpiv_attest(
|
||||
|
||||
if res.is_ok() {
|
||||
if sw != SW_SUCCESS {
|
||||
res = Err(ErrorKind::GenericError);
|
||||
res = Err(Error::GenericError);
|
||||
if sw == SW_ERR_NOT_SUPPORTED {
|
||||
res = Err(ErrorKind::NotSupported);
|
||||
res = Err(Error::NotSupported);
|
||||
}
|
||||
} else if *data as i32 != 0x30 {
|
||||
res = Err(ErrorKind::GenericError);
|
||||
res = Err(Error::GenericError);
|
||||
} else {
|
||||
*data_len = ul_data_len;
|
||||
}
|
||||
@@ -2010,7 +2005,7 @@ pub unsafe fn ykpiv_attest(
|
||||
}
|
||||
|
||||
/// Get an auth challenge
|
||||
pub unsafe fn ykpiv_auth_getchallenge(state: &mut YubiKey) -> Result<[u8; 8], ErrorKind> {
|
||||
pub unsafe fn ykpiv_auth_getchallenge(state: &mut YubiKey) -> Result<[u8; 8], Error> {
|
||||
let mut data = [0u8; 261];
|
||||
let mut recv_len = data.len() as u32;
|
||||
let mut sw: i32 = 0;
|
||||
@@ -2032,7 +2027,7 @@ pub unsafe fn ykpiv_auth_getchallenge(state: &mut YubiKey) -> Result<[u8; 8], Er
|
||||
if let Err(e) = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw) {
|
||||
res = Err(e)
|
||||
} else if sw != SW_SUCCESS {
|
||||
res = Err(ErrorKind::AuthenticationError);
|
||||
res = Err(Error::AuthenticationError);
|
||||
} else {
|
||||
let mut challenge = [0; 8];
|
||||
challenge.copy_from_slice(&data[4..12]);
|
||||
@@ -2048,7 +2043,7 @@ pub unsafe fn ykpiv_auth_getchallenge(state: &mut YubiKey) -> Result<[u8; 8], Er
|
||||
pub unsafe fn ykpiv_auth_verifyresponse(
|
||||
state: &mut YubiKey,
|
||||
response: [u8; 8],
|
||||
) -> Result<(), ErrorKind> {
|
||||
) -> Result<(), Error> {
|
||||
let mut data = [0u8; 261];
|
||||
let mut recv_len = data.len() as u32;
|
||||
let mut sw: i32 = 0;
|
||||
@@ -2070,7 +2065,7 @@ pub unsafe fn ykpiv_auth_verifyresponse(
|
||||
let mut res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw);
|
||||
|
||||
if res.is_ok() && sw != SW_SUCCESS {
|
||||
res = Err(ErrorKind::AuthenticationError);
|
||||
res = Err(Error::AuthenticationError);
|
||||
}
|
||||
|
||||
apdu.zeroize();
|
||||
@@ -2082,7 +2077,7 @@ pub unsafe fn ykpiv_auth_verifyresponse(
|
||||
static mut MGMT_AID: [u8; 8] = [0xa0, 0x00, 0x00, 0x05, 0x27, 0x47, 0x11, 0x17];
|
||||
|
||||
/// Deauthenticate
|
||||
pub unsafe fn ykpiv_auth_deauthenticate(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
||||
pub unsafe fn ykpiv_auth_deauthenticate(state: &mut YubiKey) -> Result<(), Error> {
|
||||
let mut data = [0u8; 255];
|
||||
let mut recv_len = data.len() as u32;
|
||||
let mut sw: i32 = 0;
|
||||
@@ -2108,7 +2103,7 @@ pub unsafe fn ykpiv_auth_deauthenticate(state: &mut YubiKey) -> Result<(), Error
|
||||
|
||||
if sw != SW_SUCCESS {
|
||||
error!("Failed selecting mgmt application: {:04x}", sw);
|
||||
res = Err(ErrorKind::GenericError);
|
||||
res = Err(Error::GenericError);
|
||||
}
|
||||
|
||||
let _ = _ykpiv_end_transaction(state);
|
||||
|
||||
Reference in New Issue
Block a user