Merge pull request #13 from tarcieri/rename-errorkind

Rename ErrorKind to Error
This commit is contained in:
Tony Arcieri
2019-11-21 07:50:13 -08:00
committed by GitHub
3 changed files with 256 additions and 267 deletions
+38 -38
View File
@@ -34,7 +34,7 @@ use std::fmt;
/// Kinds of errors
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
pub enum ErrorKind {
pub enum Error {
/// Memory error
MemoryError,
@@ -87,71 +87,71 @@ pub enum ErrorKind {
NotSupported,
}
impl ErrorKind {
impl Error {
/// Name of the error.
///
/// These names map to the legacy names from the Yubico C library, to
/// assist in web searches for relevant information for these errors.
pub fn name(self) -> &'static str {
match self {
ErrorKind::MemoryError => "YKPIV_MEMORY_ERROR",
ErrorKind::PcscError => "YKPIV_PCSC_ERROR",
ErrorKind::SizeError => "YKPIV_SIZE_ERROR",
ErrorKind::AppletError => "YKPIV_APPLET_ERROR",
ErrorKind::AuthenticationError => "YKPIV_AUTHENTICATION_ERROR",
ErrorKind::RandomnessError => "YKPIV_RANDOMNESS_ERROR",
ErrorKind::GenericError => "YKPIV_GENERIC_ERROR",
ErrorKind::KeyError => "YKPIV_KEY_ERROR",
ErrorKind::ParseError => "YKPIV_PARSE_ERROR",
ErrorKind::WrongPin { .. } => "YKPIV_WRONG_PIN",
ErrorKind::InvalidObject => "YKPIV_INVALID_OBJECT",
ErrorKind::AlgorithmError => "YKPIV_ALGORITHM_ERROR",
ErrorKind::PinLocked => "YKPIV_PIN_LOCKED",
ErrorKind::ArgumentError => "YKPIV_ARGUMENT_ERROR",
ErrorKind::RangeError => "YKPIV_RANGE_ERROR",
ErrorKind::NotSupported => "YKPIV_NOT_SUPPORTED",
Error::MemoryError => "YKPIV_MEMORY_ERROR",
Error::PcscError => "YKPIV_PCSC_ERROR",
Error::SizeError => "YKPIV_SIZE_ERROR",
Error::AppletError => "YKPIV_APPLET_ERROR",
Error::AuthenticationError => "YKPIV_AUTHENTICATION_ERROR",
Error::RandomnessError => "YKPIV_RANDOMNESS_ERROR",
Error::GenericError => "YKPIV_GENERIC_ERROR",
Error::KeyError => "YKPIV_KEY_ERROR",
Error::ParseError => "YKPIV_PARSE_ERROR",
Error::WrongPin { .. } => "YKPIV_WRONG_PIN",
Error::InvalidObject => "YKPIV_INVALID_OBJECT",
Error::AlgorithmError => "YKPIV_ALGORITHM_ERROR",
Error::PinLocked => "YKPIV_PIN_LOCKED",
Error::ArgumentError => "YKPIV_ARGUMENT_ERROR",
Error::RangeError => "YKPIV_RANGE_ERROR",
Error::NotSupported => "YKPIV_NOT_SUPPORTED",
}
}
/// Error message
pub fn msg(self) -> &'static str {
match self {
ErrorKind::MemoryError => "memory error",
ErrorKind::PcscError => "PCSC error",
ErrorKind::SizeError => "size error",
ErrorKind::AppletError => "applet error",
ErrorKind::AuthenticationError => "authentication error",
ErrorKind::RandomnessError => "randomness error",
ErrorKind::GenericError => "generic error",
ErrorKind::KeyError => "key error",
ErrorKind::ParseError => "parse error",
ErrorKind::WrongPin { .. } => "wrong pin",
ErrorKind::InvalidObject => "invalid object",
ErrorKind::AlgorithmError => "algorithm error",
ErrorKind::PinLocked => "PIN locked",
ErrorKind::ArgumentError => "argument error",
ErrorKind::RangeError => "range error",
ErrorKind::NotSupported => "not supported",
Error::MemoryError => "memory error",
Error::PcscError => "PCSC error",
Error::SizeError => "size error",
Error::AppletError => "applet error",
Error::AuthenticationError => "authentication error",
Error::RandomnessError => "randomness error",
Error::GenericError => "generic error",
Error::KeyError => "key error",
Error::ParseError => "parse error",
Error::WrongPin { .. } => "wrong pin",
Error::InvalidObject => "invalid object",
Error::AlgorithmError => "algorithm error",
Error::PinLocked => "PIN locked",
Error::ArgumentError => "argument error",
Error::RangeError => "range error",
Error::NotSupported => "not supported",
}
}
}
impl fmt::Display for ErrorKind {
impl fmt::Display for Error {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
f.write_str(self.msg())
}
}
impl std::error::Error for ErrorKind {}
impl std::error::Error for Error {}
/// Get a string representation of this error
// TODO(tarcieri): completely replace this with `Display`
pub fn ykpiv_strerror(err: ErrorKind) -> &'static str {
pub fn ykpiv_strerror(err: Error) -> &'static str {
err.msg()
}
/// Get the name of this error
// TODO(tarcieri): completely replace this with debug
pub fn ykpiv_strerror_name(err: ErrorKind) -> &'static str {
pub fn ykpiv_strerror_name(err: Error) -> &'static str {
err.name()
}
+90 -96
View File
@@ -33,7 +33,7 @@
#![allow(non_camel_case_types, non_snake_case)]
#![allow(clippy::missing_safety_doc, clippy::too_many_arguments)]
use crate::{consts::*, error::ErrorKind, internal::*, yubikey::*};
use crate::{consts::*, error::Error, internal::*, yubikey::*};
use getrandom::getrandom;
use hmac::Hmac;
use libc::{calloc, free, memcpy, memmove, realloc, time};
@@ -86,16 +86,13 @@ pub static mut CCC_TMPL: &[u8] = &[
pub struct CardId([u8; 16]);
/// Get Card ID
pub unsafe fn ykpiv_util_get_cardid(
state: &mut YubiKey,
cardid: *mut CardId,
) -> Result<(), ErrorKind> {
pub unsafe fn ykpiv_util_get_cardid(state: &mut YubiKey, cardid: *mut CardId) -> Result<(), Error> {
let mut buf = [0u8; CB_OBJ_MAX];
let mut len = buf.len();
let mut res = Ok(());
if cardid.is_null() {
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
_ykpiv_begin_transaction(state)?;
@@ -105,7 +102,7 @@ pub unsafe fn ykpiv_util_get_cardid(
if res.is_ok() {
if len != CHUID_TMPL.len() {
res = Err(ErrorKind::GenericError);
res = Err(Error::GenericError);
} else {
memcpy(
(*cardid).0.as_mut_ptr() as (*mut c_void),
@@ -124,13 +121,13 @@ pub unsafe fn ykpiv_util_get_cardid(
pub unsafe fn ykpiv_util_set_cardid(
state: &mut YubiKey,
cardid: *const CardId,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut id = [0u8; YKPIV_CARDID_SIZE];
let mut buf = [0u8; CHUID_TMPL.len()];
let mut res = Ok(());
if cardid.is_null() {
getrandom(&mut id).map_err(|_| ErrorKind::RandomnessError)?;
getrandom(&mut id).map_err(|_| Error::RandomnessError)?;
} else {
memcpy(
id.as_mut_ptr() as (*mut c_void),
@@ -171,13 +168,13 @@ pub unsafe fn ykpiv_util_set_cardid(
pub struct CCCID([u8; 14]);
/// Get Cardholder Capability Container (CCC) ID
pub unsafe fn ykpiv_util_get_cccid(state: &mut YubiKey, ccc: *mut CCCID) -> Result<(), ErrorKind> {
pub unsafe fn ykpiv_util_get_cccid(state: &mut YubiKey, ccc: *mut CCCID) -> Result<(), Error> {
let mut res = Ok(());
let mut buf = [0u8; CB_OBJ_MAX];
let mut len = buf.len();
if ccc.is_null() {
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
_ykpiv_begin_transaction(state)?;
@@ -193,7 +190,7 @@ pub unsafe fn ykpiv_util_get_cccid(state: &mut YubiKey, ccc: *mut CCCID) -> Resu
if res.is_ok() {
if len != CCC_TMPL.len() {
let _ = _ykpiv_end_transaction(state);
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
memcpy(
@@ -208,17 +205,14 @@ pub unsafe fn ykpiv_util_get_cccid(state: &mut YubiKey, ccc: *mut CCCID) -> Resu
}
/// Get Cardholder Capability Container (CCC) ID
pub unsafe fn ykpiv_util_set_cccid(
state: &mut YubiKey,
ccc: *const CCCID,
) -> Result<(), ErrorKind> {
pub unsafe fn ykpiv_util_set_cccid(state: &mut YubiKey, ccc: *const CCCID) -> Result<(), Error> {
let mut res = Ok(());
let mut id = [0u8; 14];
let mut buf = [0u8; 51];
let len: usize;
if ccc.is_null() {
getrandom(&mut id).map_err(|_| ErrorKind::RandomnessError)?;
getrandom(&mut id).map_err(|_| Error::RandomnessError)?;
} else {
memcpy(
id.as_mut_ptr() as (*mut c_void),
@@ -311,7 +305,7 @@ pub unsafe fn ykpiv_util_list_keys(
key_count: *mut u8,
data: *mut *mut YkPivKey,
data_len: *mut usize,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut _currentBlock;
let mut res = Ok(());
let mut p_key: *mut YkPivKey;
@@ -326,7 +320,7 @@ pub unsafe fn ykpiv_util_list_keys(
let CB_PAGE: usize = 4096;
if data.is_null() || data_len.is_null() || key_count.is_null() {
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
_ykpiv_begin_transaction(state)?;
@@ -340,7 +334,7 @@ pub unsafe fn ykpiv_util_list_keys(
if p_data.is_null() {
let _ = _ykpiv_end_transaction(state);
return Err(ErrorKind::MemoryError);
return Err(Error::MemoryError);
}
cb_data = CB_PAGE;
@@ -423,7 +417,7 @@ pub unsafe fn ykpiv_util_list_keys(
}
res = Ok(());
} else {
res = Err(ErrorKind::MemoryError);
res = Err(Error::MemoryError);
}
}
@@ -441,13 +435,13 @@ pub unsafe fn ykpiv_util_read_cert(
slot: u8,
data: *mut *mut u8,
data_len: *mut usize,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut res = Ok(());
let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE];
let mut cb_buf: usize = buf.len();
if data.is_null() || data_len.is_null() {
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
_ykpiv_begin_transaction(state)?;
@@ -466,7 +460,7 @@ pub unsafe fn ykpiv_util_read_cert(
}
.is_null()
{
res = Err(ErrorKind::MemoryError);
res = Err(Error::MemoryError);
} else {
memcpy(
*data as (*mut c_void),
@@ -489,7 +483,7 @@ pub unsafe fn ykpiv_util_write_cert(
data: *mut u8,
data_len: usize,
certinfo: u8,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut res = Ok(());
_ykpiv_begin_transaction(state)?;
@@ -503,12 +497,12 @@ pub unsafe fn ykpiv_util_write_cert(
}
/// Delete certificate
pub unsafe fn ykpiv_util_delete_cert(state: &mut YubiKey, slot: u8) -> Result<(), ErrorKind> {
pub unsafe fn ykpiv_util_delete_cert(state: &mut YubiKey, slot: u8) -> Result<(), Error> {
ykpiv_util_write_cert(state, slot, ptr::null_mut(), 0, 0)
}
/// Block PUK
pub unsafe fn ykpiv_util_block_puk(state: &mut YubiKey) -> Result<(), ErrorKind> {
pub unsafe fn ykpiv_util_block_puk(state: &mut YubiKey) -> Result<(), Error> {
let mut res = Ok(());
let mut puk = [0x30, 0x42, 0x41, 0x44, 0x46, 0x30, 0x30, 0x44];
let mut tries_remaining: i32 = -1;
@@ -530,12 +524,12 @@ pub unsafe fn ykpiv_util_block_puk(state: &mut YubiKey) -> Result<(), ErrorKind>
match res {
Ok(()) => puk[0] += 1,
Err(ErrorKind::WrongPin { tries }) => {
Err(Error::WrongPin { tries }) => {
tries_remaining = tries;
continue;
}
Err(e) => {
if e != ErrorKind::PinLocked {
if e != Error::PinLocked {
continue;
}
tries_remaining = 0;
@@ -625,7 +619,7 @@ pub unsafe fn ykpiv_util_read_mscmap(
state: &mut YubiKey,
containers: *mut *mut YkPivContainer,
n_containers: *mut usize,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut res = Ok(());
let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE];
let mut cb_buf: usize = buf.len();
@@ -634,7 +628,7 @@ pub unsafe fn ykpiv_util_read_mscmap(
if containers.is_null() || n_containers.is_null() {
// TODO(str4d): Should this really continue on here?
res = Err(ErrorKind::GenericError);
res = Err(Error::GenericError);
}
_ykpiv_begin_transaction(state)?;
@@ -674,7 +668,7 @@ pub unsafe fn ykpiv_util_read_mscmap(
*containers = calloc(len, 1) as (*mut YkPivContainer);
if (*containers).is_null() {
res = Err(ErrorKind::MemoryError);
res = Err(Error::MemoryError);
} else {
memcpy(*containers as (*mut c_void), ptr as (*const c_void), len);
*n_containers = len.wrapping_div(mem::size_of::<YkPivContainer>());
@@ -699,7 +693,7 @@ pub unsafe fn ykpiv_util_write_mscmap(
state: &mut YubiKey,
containers: *mut YkPivContainer,
n_containers: usize,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut res = Ok(());
let mut buf = [0u8; CB_OBJ_MAX];
let mut offset: usize = 0;
@@ -710,7 +704,7 @@ pub unsafe fn ykpiv_util_write_mscmap(
if _ykpiv_ensure_application_selected(state).is_ok() {
if containers.is_null() || n_containers == 0 {
if !containers.is_null() || n_containers != 0 {
res = Err(ErrorKind::GenericError);
res = Err(Error::GenericError);
} else {
res = _ykpiv_save_object(state, YKPIV_OBJ_MSCMAP as i32, ptr::null_mut(), 0);
}
@@ -723,7 +717,7 @@ pub unsafe fn ykpiv_util_write_mscmap(
if req_len > _obj_size_max(state) {
let _ = _ykpiv_end_transaction(state);
return Err(ErrorKind::SizeError);
return Err(Error::SizeError);
}
buf[offset] = TAG_MSCMAP;
@@ -747,7 +741,7 @@ pub unsafe fn ykpiv_util_read_msroots(
state: &mut YubiKey,
data: *mut *mut u8,
data_len: *mut usize,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut _currentBlock = 0;
let mut res;
let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE];
@@ -762,7 +756,7 @@ pub unsafe fn ykpiv_util_read_msroots(
let mut offset: usize = 0;
if data.is_null() || data_len.is_null() {
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
_ykpiv_begin_transaction(state)?;
@@ -782,7 +776,7 @@ pub unsafe fn ykpiv_util_read_msroots(
if p_data.is_null() {
let _ = _ykpiv_end_transaction(state);
return Err(ErrorKind::MemoryError);
return Err(Error::MemoryError);
}
for object_id in YKPIV_OBJ_MSROOTS1..YKPIV_OBJ_MSROOTS5 {
@@ -863,7 +857,7 @@ pub unsafe fn ykpiv_util_read_msroots(
*data_len = offset;
res = Ok(());
} else if _currentBlock == 16 {
res = Err(ErrorKind::MemoryError);
res = Err(Error::MemoryError);
} else if _currentBlock != 21 {
res = Ok(());
}
@@ -881,7 +875,7 @@ pub unsafe fn ykpiv_util_write_msroots(
state: &mut YubiKey,
data: *mut u8,
data_len: usize,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut res = Ok(());
let mut buf = [0u8; CB_OBJ_MAX];
let mut offset: usize;
@@ -895,7 +889,7 @@ pub unsafe fn ykpiv_util_write_msroots(
if _ykpiv_ensure_application_selected(state).is_ok() {
if data.is_null() || data_len == 0 {
if !data.is_null() || data_len != 0 {
res = Err(ErrorKind::GenericError);
res = Err(Error::GenericError);
} else {
res = _ykpiv_save_object(state, YKPIV_OBJ_MSROOTS1 as i32, ptr::null_mut(), 0);
}
@@ -908,7 +902,7 @@ pub unsafe fn ykpiv_util_write_msroots(
if n_objs > 5 {
let _ = _ykpiv_end_transaction(state);
return Err(ErrorKind::SizeError);
return Err(Error::SizeError);
}
for i in 0..n_objs {
@@ -981,7 +975,7 @@ pub unsafe fn ykpiv_util_generate_key(
exp_len: *mut usize,
point: *mut *mut u8,
point_len: *mut usize,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut res = Ok(());
let mut in_data = [0u8; 11];
let mut in_ptr = in_data.as_mut_ptr();
@@ -1031,7 +1025,7 @@ pub unsafe fn ykpiv_util_generate_key(
);
if !setting_roca.value {
return Err(ErrorKind::NotSupported);
return Err(Error::NotSupported);
}
}
@@ -1039,7 +1033,7 @@ pub unsafe fn ykpiv_util_generate_key(
YKPIV_ALGO_RSA1024 | YKPIV_ALGO_RSA2048 => {
if point.is_null() || point_len.is_null() {
error!("invalid output parameter for ECC algorithm");
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
*point = ptr::null_mut();
@@ -1048,7 +1042,7 @@ pub unsafe fn ykpiv_util_generate_key(
YKPIV_ALGO_ECCP256 | YKPIV_ALGO_ECCP384 => {
if modulus.is_null() || modulus_len.is_null() || exp.is_null() || exp_len.is_null() {
error!("invalid output parameter for RSA algorithm");
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
*modulus = ptr::null_mut();
@@ -1058,7 +1052,7 @@ pub unsafe fn ykpiv_util_generate_key(
}
_ => {
error!("invalid algorithm specified");
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
}
@@ -1075,7 +1069,7 @@ pub unsafe fn ykpiv_util_generate_key(
in_ptr = in_ptr.add(5);
if in_data[4] == 0 {
res = Err(ErrorKind::AlgorithmError);
res = Err(Error::AlgorithmError);
error!("unexpected algorithm");
} else {
if pin_policy != YKPIV_PINPOLICY_DEFAULT {
@@ -1111,11 +1105,11 @@ pub unsafe fn ykpiv_util_generate_key(
match sw {
SW_ERR_INCORRECT_SLOT => {
res = Err(ErrorKind::KeyError);
res = Err(Error::KeyError);
error!("{} (incorrect slot)", err_msg);
}
SW_ERR_INCORRECT_PARAM => {
res = Err(ErrorKind::AlgorithmError);
res = Err(Error::AlgorithmError);
if pin_policy != 0 {
error!("{} (pin policy not supported?)", err_msg);
@@ -1126,11 +1120,11 @@ pub unsafe fn ykpiv_util_generate_key(
}
}
SW_ERR_SECURITY_STATUS => {
res = Err(ErrorKind::AuthenticationError);
res = Err(Error::AuthenticationError);
error!("{} (not authenticated)", err_msg);
}
_ => {
res = Err(ErrorKind::GenericError);
res = Err(Error::GenericError);
error!("{} (error {:x})", err_msg, sw);
}
}
@@ -1140,7 +1134,7 @@ pub unsafe fn ykpiv_util_generate_key(
if *data_ptr != TAG_RSA_MODULUS {
error!("Failed to parse public key structure (modulus)");
res = Err(ErrorKind::ParseError);
res = Err(Error::ParseError);
} else {
data_ptr = data_ptr.add(1);
data_ptr = data_ptr.add(_ykpiv_get_length(data_ptr, &mut len));
@@ -1149,7 +1143,7 @@ pub unsafe fn ykpiv_util_generate_key(
if ptr_modulus.is_null() {
error!("failed to allocate memory for modulus");
res = Err(ErrorKind::MemoryError);
res = Err(Error::MemoryError);
} else {
memcpy(
ptr_modulus as *mut c_void,
@@ -1160,7 +1154,7 @@ pub unsafe fn ykpiv_util_generate_key(
data_ptr = data_ptr.add(len);
if *data_ptr != TAG_RSA_EXP {
error!("failed to parse public key structure (public exponent)");
res = Err(ErrorKind::ParseError);
res = Err(Error::ParseError);
} else {
data_ptr = data_ptr.add(1);
data_ptr = data_ptr.add(_ykpiv_get_length(data_ptr, &mut len));
@@ -1168,7 +1162,7 @@ pub unsafe fn ykpiv_util_generate_key(
ptr_exp = calloc(cb_exp, 1) as *mut u8;
if ptr_exp.is_null() {
error!("failed to allocate memory for public exponent");
res = Err(ErrorKind::MemoryError);
res = Err(Error::MemoryError);
} else {
memcpy(
ptr_exp as (*mut c_void),
@@ -1201,7 +1195,7 @@ pub unsafe fn ykpiv_util_generate_key(
if tag != TAG_ECC_POINT {
error!("failed to parse public key structure");
res = Err(ErrorKind::ParseError);
res = Err(Error::ParseError);
} else {
// the curve point should always be determined by the curve
let len_byte = *data_ptr;
@@ -1209,14 +1203,14 @@ pub unsafe fn ykpiv_util_generate_key(
if len_byte as usize != len {
error!("unexpected length");
res = Err(ErrorKind::AlgorithmError);
res = Err(Error::AlgorithmError);
} else {
cb_point = len;
ptr_point = calloc(cb_point, 1) as (*mut u8);
if ptr_point.is_null() {
error!("failed to allocate memory for public point");
res = Err(ErrorKind::MemoryError);
res = Err(Error::MemoryError);
} else {
memcpy(
ptr_point as (*mut c_void),
@@ -1231,7 +1225,7 @@ pub unsafe fn ykpiv_util_generate_key(
}
} else {
error!("wrong algorithm");
res = Err(ErrorKind::AlgorithmError);
res = Err(Error::AlgorithmError);
}
}
}
@@ -1290,7 +1284,7 @@ pub struct YkPivConfig {
pub unsafe fn ykpiv_util_get_config(
state: &mut YubiKey,
config: *mut YkPivConfig,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
let mut cb_data: usize = mem::size_of::<[u8; YKPIV_OBJ_MAX_SIZE]>();
let mut p_item: *mut u8 = ptr::null_mut();
@@ -1298,7 +1292,7 @@ pub unsafe fn ykpiv_util_get_config(
let mut res = Ok(());
if config.is_null() {
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
(*config).protected_data_available = false;
@@ -1406,7 +1400,7 @@ pub unsafe fn ykpiv_util_get_config(
}
/// Set PIN last changed
pub unsafe fn ykpiv_util_set_pin_last_changed(state: &mut YubiKey) -> Result<(), ErrorKind> {
pub unsafe fn ykpiv_util_set_pin_last_changed(state: &mut YubiKey) -> Result<(), Error> {
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
let mut cb_data = data.len();
let mut res = Ok(());
@@ -1467,7 +1461,7 @@ pub unsafe fn ykpiv_util_get_derived_mgm(
state: &mut YubiKey,
pin: &[u8],
mgm: &mut YkPivMgm,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
let mut cb_data: usize = data.len();
let mut p_item: *mut u8 = ptr::null_mut();
@@ -1502,7 +1496,7 @@ pub unsafe fn ykpiv_util_get_derived_mgm(
);
let _ = _ykpiv_end_transaction(state);
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
let salt = std::slice::from_raw_parts_mut(p_item, cb_item);
@@ -1518,7 +1512,7 @@ pub unsafe fn ykpiv_util_get_derived_mgm(
pub unsafe fn ykpiv_util_get_protected_mgm(
state: &mut YubiKey,
mgm: *mut YkPivMgm,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
// TODO(tarcieri): replace vec with wrapper type that impls `Zeroize`
let mut data = Zeroizing::new([0u8; YKPIV_OBJ_MAX_SIZE].to_vec());
let mut cb_data: usize = data.len();
@@ -1527,7 +1521,7 @@ pub unsafe fn ykpiv_util_get_protected_mgm(
let mut res = Ok(());
if mgm.is_null() {
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
_ykpiv_begin_transaction(state)?;
@@ -1553,7 +1547,7 @@ pub unsafe fn ykpiv_util_get_protected_mgm(
"protected data contains mgm, but is the wrong size = {}",
cb_item,
);
res = Err(ErrorKind::AuthenticationError);
res = Err(Error::AuthenticationError);
} else {
memcpy(
(*mgm).0.as_mut_ptr() as (*mut c_void),
@@ -1575,7 +1569,7 @@ pub unsafe fn ykpiv_util_get_protected_mgm(
pub unsafe fn ykpiv_util_set_protected_mgm(
state: &mut YubiKey,
mgm: *mut YkPivMgm,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut f_generate: bool;
let mut mgm_key = Zeroizing::new([0u8; 24]);
// TODO(tarcieri): replace vec with wrapper type that impls `Zeroize`
@@ -1617,7 +1611,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm(
if let Err(e) = getrandom(mgm_key.deref_mut()) {
error!("could not generate new mgm, err = {}", e);
let _ = _ykpiv_end_transaction(state);
return Err(ErrorKind::RandomnessError);
return Err(Error::RandomnessError);
}
}
@@ -1627,7 +1621,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm(
// if set_mgmkey fails with KeyError, it means the generated key is weak
// otherwise, log a warning, since the device mgm key is corrupt or we're in
// a state where we can't set the mgm key
if Err(ErrorKind::KeyError) != ykrc {
if Err(Error::KeyError) != ykrc {
error!(
"could not set new derived mgm key, err = {}",
ykrc.as_ref().unwrap_err()
@@ -1756,7 +1750,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm(
}
/// Reset
pub unsafe fn ykpiv_util_reset(state: &mut YubiKey) -> Result<(), ErrorKind> {
pub unsafe fn ykpiv_util_reset(state: &mut YubiKey) -> Result<(), Error> {
let templ = [0, YKPIV_INS_RESET, 0, 0];
let mut data = [0u8; 255];
let mut recv_len = data.len();
@@ -1774,7 +1768,7 @@ pub unsafe fn ykpiv_util_reset(state: &mut YubiKey) -> Result<(), ErrorKind> {
match (res.is_ok(), sw) {
(true, SW_SUCCESS) => Ok(()),
_ => Err(ErrorKind::GenericError),
_ => Err(Error::GenericError),
}
}
@@ -1802,13 +1796,13 @@ unsafe fn _read_certificate(
slot: u8,
buf: *mut u8,
buf_len: *mut usize,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut ptr: *mut u8;
let object_id = ykpiv_util_slot_object(slot) as i32;
let mut len: usize = 0;
if object_id == -1 {
return Err(ErrorKind::InvalidObject);
return Err(Error::InvalidObject);
}
if _ykpiv_fetch_object(state, object_id, buf, buf_len).is_ok() {
@@ -1847,19 +1841,19 @@ unsafe fn _write_certificate(
data: *mut u8,
data_len: usize,
certinfo: u8,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut buf = [0u8; CB_OBJ_MAX];
let object_id = ykpiv_util_slot_object(slot) as i32;
let mut offset: usize = 0;
let mut req_len: usize;
if object_id == -1 {
return Err(ErrorKind::InvalidObject);
return Err(Error::InvalidObject);
}
if data.is_null() || data_len == 0 {
if !data.is_null() || data_len != 0 {
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
return _ykpiv_save_object(state, object_id, ptr::null_mut(), 0);
@@ -1870,7 +1864,7 @@ unsafe fn _write_certificate(
req_len += data_len;
if req_len < data_len || req_len > _obj_size_max(state) {
return Err(ErrorKind::SizeError);
return Err(Error::SizeError);
}
buf[offset] = TAG_CERT;
@@ -1908,13 +1902,13 @@ unsafe fn _get_metadata_item(
tag: u8,
pp_item: *mut *mut u8,
pcb_item: *mut usize,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut p_temp: *mut u8 = data;
let mut cb_temp: usize = 0;
let mut tag_temp: u8;
if data.is_null() || pp_item.is_null() || pcb_item.is_null() {
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
*pp_item = ptr::null_mut();
@@ -1925,7 +1919,7 @@ unsafe fn _get_metadata_item(
p_temp = p_temp.add(1);
if !_ykpiv_has_valid_length(p_temp, data.add(cb_data) as usize - p_temp as usize) {
return Err(ErrorKind::SizeError);
return Err(Error::SizeError);
}
p_temp = p_temp.add(_ykpiv_get_length(p_temp, &mut cb_temp));
@@ -1943,7 +1937,7 @@ unsafe fn _get_metadata_item(
Ok(())
} else {
Err(ErrorKind::GenericError)
Err(Error::GenericError)
}
}
@@ -1966,7 +1960,7 @@ unsafe fn _set_metadata_item(
tag: u8,
p_item: *mut u8,
cb_item: usize,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut p_temp: *mut u8 = data;
let mut cb_temp: usize = 0;
let mut tag_temp: u8 = 0;
@@ -1975,7 +1969,7 @@ unsafe fn _set_metadata_item(
let cb_moved: isize;
if data.is_null() || pcb_data.is_null() {
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
while p_temp < data.add(*pcb_data) {
@@ -2001,7 +1995,7 @@ unsafe fn _set_metadata_item(
cb_len = _get_length_size(cb_item) as (usize);
if (*pcb_data).wrapping_add(cb_len).wrapping_add(cb_item) > cb_data_max {
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
*p_temp = tag;
@@ -2029,7 +2023,7 @@ unsafe fn _set_metadata_item(
- cb_len as (isize));
if (*pcb_data + cb_moved as usize) > cb_data_max {
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
memmove(
@@ -2058,18 +2052,18 @@ unsafe fn _read_metadata(
tag: u8,
data: *mut u8,
pcb_data: *mut usize,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut p_temp: *mut u8;
let mut cb_temp: usize;
if data.is_null() || pcb_data.is_null() || YKPIV_OBJ_MAX_SIZE > *pcb_data {
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
let obj_id = match tag {
TAG_ADMIN => YKPIV_OBJ_ADMIN_DATA,
TAG_PROTECTED => YKPIV_OBJ_PRINTED,
_ => return Err(ErrorKind::InvalidObject),
_ => return Err(Error::InvalidObject),
} as i32;
cb_temp = *pcb_data;
@@ -2078,7 +2072,7 @@ unsafe fn _read_metadata(
_ykpiv_fetch_object(state, obj_id, data, &mut cb_temp)?;
if cb_temp < CB_OBJ_TAG_MIN {
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
p_temp = data;
@@ -2089,14 +2083,14 @@ unsafe fn _read_metadata(
_old
} as (i32)
{
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
p_temp = p_temp.add(_ykpiv_get_length(p_temp, pcb_data));
if *pcb_data > cb_temp - (p_temp as isize - data as isize) as usize {
*pcb_data = 0;
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
memmove(data as (*mut c_void), p_temp as (*const c_void), *pcb_data);
@@ -2109,18 +2103,18 @@ unsafe fn _write_metadata(
tag: u8,
data: *mut u8,
cb_data: usize,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut buf = [0u8; CB_OBJ_MAX]; // XXX REMEMBER TO ZERO
let mut p_temp: *mut u8 = buf.as_mut_ptr();
if cb_data > _obj_size_max(state) - CB_OBJ_TAG_MAX {
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
let obj_id = match tag {
TAG_ADMIN => YKPIV_OBJ_ADMIN_DATA,
TAG_PROTECTED => YKPIV_OBJ_PRINTED,
_ => return Err(ErrorKind::InvalidObject),
_ => return Err(Error::InvalidObject),
} as i32;
if data.is_null() || cb_data == 0 {
+128 -133
View File
@@ -36,7 +36,7 @@
use crate::{
apdu::APDU,
consts::*,
error::ErrorKind,
error::Error,
internal::{des_decrypt, des_encrypt, yk_des_is_weak_key, DesKey},
};
use getrandom::getrandom;
@@ -192,7 +192,7 @@ pub fn ykpiv_init() -> YubiKey {
}
/// Cleanup YubiKey session
pub(crate) unsafe fn _ykpiv_done(state: &mut YubiKey, disconnect: bool) -> Result<(), ErrorKind> {
pub(crate) unsafe fn _ykpiv_done(state: &mut YubiKey, disconnect: bool) -> Result<(), Error> {
if disconnect {
ykpiv_disconnect(state);
}
@@ -203,12 +203,12 @@ pub(crate) unsafe fn _ykpiv_done(state: &mut YubiKey, disconnect: bool) -> Resul
/// Cleanup YubiKey session with external card upon completion
// TODO(tarcieri): make this a `Drop` handler
pub unsafe fn ykpiv_done_with_external_card(state: &mut YubiKey) -> Result<(), ErrorKind> {
pub unsafe fn ykpiv_done_with_external_card(state: &mut YubiKey) -> Result<(), Error> {
_ykpiv_done(state, false)
}
/// Cleanup YubiKey session upon completion
pub unsafe fn ykpiv_done(state: &mut YubiKey) -> Result<(), ErrorKind> {
pub unsafe fn ykpiv_done(state: &mut YubiKey) -> Result<(), Error> {
_ykpiv_done(state, true)
}
@@ -226,7 +226,7 @@ pub unsafe fn ykpiv_disconnect(state: &mut YubiKey) {
}
/// Select application
pub(crate) unsafe fn _ykpiv_select_application(state: &mut YubiKey) -> Result<(), ErrorKind> {
pub(crate) unsafe fn _ykpiv_select_application(state: &mut YubiKey) -> Result<(), Error> {
let mut data = [0u8; 255];
let mut recv_len = data.len() as u32;
let mut sw = 0i32;
@@ -249,7 +249,7 @@ pub(crate) unsafe fn _ykpiv_select_application(state: &mut YubiKey) -> Result<()
if sw != SW_SUCCESS {
error!("failed selecting application: {:04x}", sw);
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
// now that the PIV application is selected, retrieve the version
@@ -272,9 +272,7 @@ pub(crate) unsafe fn _ykpiv_select_application(state: &mut YubiKey) -> Result<()
}
/// Ensure an application is selected (presently noop)
pub(crate) unsafe fn _ykpiv_ensure_application_selected(
_state: &mut YubiKey,
) -> Result<(), ErrorKind> {
pub(crate) unsafe fn _ykpiv_ensure_application_selected(_state: &mut YubiKey) -> Result<(), Error> {
// TODO(tarcieri): ENABLE_APPLICATION_RESELECTION support?
//
// Original C code below:
@@ -307,10 +305,10 @@ pub(crate) unsafe fn _ykpiv_connect(
state: &mut YubiKey,
context: usize,
card: usize,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
// if the context has changed, and the new context is not valid, return an error
if context != state.context as (usize) && (0x0i32 != SCardIsValidContext(context as (i32))) {
return Err(ErrorKind::PcscError);
return Err(Error::PcscError);
}
// if card handle has changed, determine if handle is valid (less efficient, but complete)
@@ -332,7 +330,7 @@ pub(crate) unsafe fn _ykpiv_connect(
&mut atr_len,
) != 0
{
return Err(ErrorKind::PcscError);
return Err(Error::PcscError);
}
state.is_neo = (atr_len as usize == YKPIV_ATR_NEO_R3.len() - 1)
@@ -362,12 +360,12 @@ pub unsafe fn ykpiv_connect_with_external_card(
state: &mut YubiKey,
context: usize,
card: usize,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
_ykpiv_connect(state, context, card)
}
/// Connect to a YubiKey
pub unsafe fn ykpiv_connect(state: &mut YubiKey, wanted: *const c_char) -> Result<(), ErrorKind> {
pub unsafe fn ykpiv_connect(state: &mut YubiKey, wanted: *const c_char) -> Result<(), Error> {
let mut active_protocol: u32 = 0;
let mut reader_buf: [c_char; 2048] = [0; 2048];
let mut num_readers = reader_buf.len();
@@ -438,7 +436,7 @@ pub unsafe fn ykpiv_connect(state: &mut YubiKey, wanted: *const c_char) -> Resul
error!("error: no usable reader found");
SCardReleaseContext(state.context);
state.context = -1;
return Err(ErrorKind::PcscError);
return Err(Error::PcscError);
}
// Select applet. This is done here instead of in _ykpiv_connect() because
@@ -456,7 +454,7 @@ pub unsafe fn ykpiv_list_readers(
state: &mut YubiKey,
readers: *mut c_char,
len: *mut usize,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut num_readers: u32 = 0u32;
let mut rc: i32;
@@ -465,7 +463,7 @@ pub unsafe fn ykpiv_list_readers(
if rc != 0 {
error!("error: SCardEstablishContext failed, rc={}", rc);
return Err(ErrorKind::PcscError);
return Err(Error::PcscError);
}
}
@@ -480,7 +478,7 @@ pub unsafe fn ykpiv_list_readers(
error!("error: SCardListReaders failed, rc={}", rc);
SCardReleaseContext(state.context);
state.context = -1i32;
return Err(ErrorKind::PcscError);
return Err(Error::PcscError);
}
if num_readers as (usize) > *len {
@@ -495,7 +493,7 @@ pub unsafe fn ykpiv_list_readers(
error!("error: SCardListReaders failed, rc={}", rc);
SCardReleaseContext(state.context);
state.context = -1i32;
return Err(ErrorKind::PcscError);
return Err(Error::PcscError);
}
*len = num_readers as usize;
@@ -503,7 +501,7 @@ pub unsafe fn ykpiv_list_readers(
}
/// Reconnect to a YubiKey
pub(crate) unsafe fn reconnect(state: &mut YubiKey) -> Result<(), ErrorKind> {
pub(crate) unsafe fn reconnect(state: &mut YubiKey) -> Result<(), Error> {
info!("trying to reconnect to current reader");
let mut active_protocol: u32 = 0;
@@ -511,7 +509,7 @@ pub(crate) unsafe fn reconnect(state: &mut YubiKey) -> Result<(), ErrorKind> {
if rc != 0x0 {
error!("SCardReconnect failed, rc={}", rc);
return Err(ErrorKind::PcscError);
return Err(Error::PcscError);
}
_ykpiv_select_application(state)?;
@@ -524,7 +522,7 @@ pub(crate) unsafe fn reconnect(state: &mut YubiKey) -> Result<(), ErrorKind> {
}
/// Begin a transaction
pub(crate) unsafe fn _ykpiv_begin_transaction(state: &mut YubiKey) -> Result<(), ErrorKind> {
pub(crate) unsafe fn _ykpiv_begin_transaction(state: &mut YubiKey) -> Result<(), Error> {
let mut rc = SCardBeginTransaction(state.card);
if rc as usize & 0xffff_ffff == 0x8010_0068 {
@@ -534,19 +532,19 @@ pub(crate) unsafe fn _ykpiv_begin_transaction(state: &mut YubiKey) -> Result<(),
if rc != 0 {
error!("failed to begin pcsc transaction, rc={}", rc);
return Err(ErrorKind::PcscError);
return Err(Error::PcscError);
}
Ok(())
}
/// End a transaction
pub(crate) unsafe fn _ykpiv_end_transaction(state: &mut YubiKey) -> Result<(), ErrorKind> {
pub(crate) unsafe fn _ykpiv_end_transaction(state: &mut YubiKey) -> Result<(), Error> {
let rc = SCardEndTransaction(state.card, 0x0);
if rc != 0x0 {
error!("failed to end pcsc transaction, rc={}", rc);
return Err(ErrorKind::PcscError);
return Err(Error::PcscError);
}
Ok(())
@@ -561,11 +559,11 @@ pub(crate) unsafe fn _ykpiv_transfer_data(
mut out_data: *mut u8,
out_len: *mut usize,
sw: *mut i32,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut _currentBlock;
let mut in_ptr: *const u8 = in_data;
let max_out = *out_len;
let mut res: Result<(), ErrorKind>;
let mut res: Result<(), Error>;
let mut recv_len: u32;
*out_len = 0;
@@ -686,7 +684,7 @@ pub(crate) unsafe fn _ykpiv_transfer_data(
max_out
);
return Err(ErrorKind::SizeError);
return Err(Error::SizeError);
}
} else if _currentBlock == 21 {
error!(
@@ -695,7 +693,7 @@ pub(crate) unsafe fn _ykpiv_transfer_data(
max_out
);
return Err(ErrorKind::SizeError);
return Err(Error::SizeError);
}
res
@@ -710,7 +708,7 @@ pub unsafe fn ykpiv_transfer_data(
out_data: *mut u8,
out_len: *mut usize,
sw: *mut i32,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
if let Err(e) = _ykpiv_begin_transaction(state) {
*out_len = 0;
return Err(e);
@@ -728,7 +726,7 @@ pub(crate) unsafe fn _send_data(
data: *mut u8,
recv_len: *mut u32,
sw: *mut i32,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let send_len = apdu.lc as u32 + 5;
let mut tmp_len = *recv_len;
@@ -746,7 +744,7 @@ pub(crate) unsafe fn _send_data(
if rc != SCARD_S_SUCCESS {
error!("error: SCardTransmit failed, rc={:08x}", rc);
return Err(ErrorKind::PcscError);
return Err(Error::PcscError);
}
*recv_len = tmp_len;
@@ -769,7 +767,7 @@ pub const DEFAULT_AUTH_KEY: &[u8; DES_LEN_3DES] = b"\x01\x02\x03\x04\x05\x06\x07
pub unsafe fn ykpiv_authenticate(
state: &mut YubiKey,
key: Option<&[u8; DES_LEN_3DES]>,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut data = [0u8; 261];
let mut recv_len = data.len() as u32;
let mut sw: i32 = 0;
@@ -798,7 +796,7 @@ pub unsafe fn ykpiv_authenticate(
return res;
} else if sw != SW_SUCCESS {
let _ = _ykpiv_end_transaction(state);
return Err(ErrorKind::AuthenticationError);
return Err(Error::AuthenticationError);
}
let mut challenge = [0u8; 8];
@@ -824,7 +822,7 @@ pub unsafe fn ykpiv_authenticate(
if getrandom(&mut data[14..22]).is_err() {
error!("failed getting randomness for authentication.");
let _ = _ykpiv_end_transaction(state);
return Err(ErrorKind::RandomnessError);
return Err(Error::RandomnessError);
}
challenge.copy_from_slice(&data[14..22]);
@@ -837,7 +835,7 @@ pub unsafe fn ykpiv_authenticate(
return res;
} else if sw != SW_SUCCESS {
let _ = _ykpiv_end_transaction(state);
return Err(ErrorKind::AuthenticationError);
return Err(Error::AuthenticationError);
}
// compare the response from the card with our challenge
@@ -847,7 +845,7 @@ pub unsafe fn ykpiv_authenticate(
if response == data[4..12] {
res = Ok(());
} else {
res = Err(ErrorKind::AuthenticationError);
res = Err(Error::AuthenticationError);
}
}
@@ -859,7 +857,7 @@ pub unsafe fn ykpiv_authenticate(
pub unsafe fn ykpiv_set_mgmkey(
state: &mut YubiKey,
new_key: &[u8; DES_LEN_3DES],
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
ykpiv_set_mgmkey2(state, new_key, 0)
}
@@ -868,7 +866,7 @@ pub(crate) unsafe fn ykpiv_set_mgmkey2(
state: &mut YubiKey,
new_key: &[u8; DES_LEN_3DES],
touch: u8,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut data = [0u8; 261];
let mut recv_len = data.len() as u32;
let mut sw: i32 = 0;
@@ -883,7 +881,7 @@ pub(crate) unsafe fn ykpiv_set_mgmkey2(
"won't set new key '{:?}' since it's weak (with odd parity)",
new_key
);
res = Err(ErrorKind::KeyError);
res = Err(Error::KeyError);
} else {
apdu.ins = YKPIV_INS_SET_MGMKEY;
apdu.p1 = 0xff;
@@ -893,7 +891,7 @@ pub(crate) unsafe fn ykpiv_set_mgmkey2(
1 => 0xfe,
_ => {
let _ = _ykpiv_end_transaction(state);
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
};
@@ -906,7 +904,7 @@ pub(crate) unsafe fn ykpiv_set_mgmkey2(
res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw);
if res.is_ok() && sw != SW_SUCCESS {
res = Err(ErrorKind::GenericError);
res = Err(Error::GenericError);
}
}
}
@@ -926,7 +924,7 @@ pub(crate) unsafe fn _general_authenticate(
algorithm: u8,
key: u8,
decipher: bool,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut _currentBlock;
let mut indata = [0u8; 1024];
let mut dataptr: *mut u8 = indata.as_mut_ptr();
@@ -946,7 +944,7 @@ pub(crate) unsafe fn _general_authenticate(
};
if in_len != key_len {
return Err(ErrorKind::SizeError);
return Err(Error::SizeError);
} else {
_currentBlock = 16;
}
@@ -959,10 +957,10 @@ pub(crate) unsafe fn _general_authenticate(
};
if (!decipher && (in_len > key_len)) || (decipher && (in_len != (key_len * 2) + 1)) {
return Err(ErrorKind::SizeError);
return Err(Error::SizeError);
}
}
_ => return Err(ErrorKind::AlgorithmError),
_ => return Err(Error::AlgorithmError),
}
if in_len < 0x80 {
@@ -1004,16 +1002,16 @@ pub(crate) unsafe fn _general_authenticate(
error!("Failed sign command with code {:x}", sw);
if sw == SW_ERR_SECURITY_STATUS {
return Err(ErrorKind::AuthenticationError);
return Err(Error::AuthenticationError);
} else {
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
}
// skip the first 7c tag
if data[0] != 0x7c {
error!("failed parsing signature reply (0x7c byte)");
return Err(ErrorKind::ParseError);
return Err(Error::ParseError);
}
dataptr = data.as_mut_ptr().add(1);
@@ -1022,7 +1020,7 @@ pub(crate) unsafe fn _general_authenticate(
// skip the 82 tag
if *dataptr != 0x82 {
error!("failed parsing signature reply (0x82 byte)");
return Err(ErrorKind::ParseError);
return Err(Error::ParseError);
}
dataptr = dataptr.add(1);
@@ -1030,7 +1028,7 @@ pub(crate) unsafe fn _general_authenticate(
if len > *out_len {
error!("wrong size on output buffer");
return Err(ErrorKind::SizeError);
return Err(Error::SizeError);
}
*out_len = len;
@@ -1047,7 +1045,7 @@ pub unsafe fn ykpiv_sign_data(
out_len: *mut usize,
algorithm: u8,
key: u8,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
_ykpiv_begin_transaction(state)?;
// don't attempt to reselect in crypt operations to avoid problems with PIN_ALWAYS
@@ -1069,7 +1067,7 @@ pub unsafe fn ykpiv_decrypt_data(
out_len: *mut usize,
algorithm: u8,
key: u8,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
_ykpiv_begin_transaction(state)?;
// don't attempt to reselect in crypt operations to avoid problems with PIN_ALWAYS
@@ -1080,7 +1078,7 @@ pub unsafe fn ykpiv_decrypt_data(
}
/// Get the version of the PIV application installed on the YubiKey
pub(crate) unsafe fn _ykpiv_get_version(state: &mut YubiKey) -> Result<Version, ErrorKind> {
pub(crate) unsafe fn _ykpiv_get_version(state: &mut YubiKey) -> Result<Version, Error> {
let mut data = [0u8; 261];
let mut recv_len = data.len() as u32;
let mut sw: i32 = 0;
@@ -1097,11 +1095,11 @@ pub(crate) unsafe fn _ykpiv_get_version(state: &mut YubiKey) -> Result<Version,
_send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw)?;
if sw != SW_SUCCESS {
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
if recv_len < 3 {
return Err(ErrorKind::SizeError);
return Err(Error::SizeError);
}
state.ver.major = data[0];
@@ -1112,8 +1110,8 @@ pub(crate) unsafe fn _ykpiv_get_version(state: &mut YubiKey) -> Result<Version,
}
/// Get the YubiKey's PIV application version as a string
pub unsafe fn ykpiv_get_version(state: &mut YubiKey) -> Result<String, ErrorKind> {
let mut res = Err(ErrorKind::GenericError);
pub unsafe fn ykpiv_get_version(state: &mut YubiKey) -> Result<String, Error> {
let mut res = Err(Error::GenericError);
_ykpiv_begin_transaction(state)?;
@@ -1128,10 +1126,7 @@ pub unsafe fn ykpiv_get_version(state: &mut YubiKey) -> Result<String, ErrorKind
/// Get YubiKey device serial number
///
/// NOTE: caller must make sure that this is wrapped in a transaction for synchronized operation
pub(crate) unsafe fn _ykpiv_get_serial(
state: &mut YubiKey,
f_force: bool,
) -> Result<u32, ErrorKind> {
pub(crate) unsafe fn _ykpiv_get_serial(state: &mut YubiKey, f_force: bool) -> Result<u32, Error> {
let yk_applet: *const u8 = ptr::null();
let mut data = [0u8; 255];
let mut recv_len = data.len() as u32;
@@ -1165,7 +1160,7 @@ pub(crate) unsafe fn _ykpiv_get_serial(
if sw != SW_SUCCESS {
error!("failed selecting yk application: {:04x}", sw);
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
recv_len = temp.len() as u32;
@@ -1181,7 +1176,7 @@ pub(crate) unsafe fn _ykpiv_get_serial(
if sw != SW_SUCCESS {
error!("failed retrieving serial number: {:04x}", sw);
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
recv_len = temp.len() as u32;
@@ -1203,7 +1198,7 @@ pub(crate) unsafe fn _ykpiv_get_serial(
if sw != SW_SUCCESS {
error!("failed selecting application: {:04x}", sw);
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
} else {
// get serial from yk5 and later devices using the f8 command
@@ -1217,13 +1212,13 @@ pub(crate) unsafe fn _ykpiv_get_serial(
if sw != SW_SUCCESS {
error!("failed retrieving serial number: {:04x}", sw);
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
}
// check that we received enough data for the serial number
if recv_len < 4 {
return Err(ErrorKind::SizeError);
return Err(Error::SizeError);
}
// TODO(tarcieri): replace pointers and casts with proper references!
@@ -1241,8 +1236,8 @@ pub(crate) unsafe fn _ykpiv_get_serial(
}
/// Get YubiKey device serial number
pub unsafe fn ykpiv_get_serial(state: &mut YubiKey) -> Result<u32, ErrorKind> {
let mut res = Err(ErrorKind::GenericError);
pub unsafe fn ykpiv_get_serial(state: &mut YubiKey) -> Result<u32, Error> {
let mut res = Err(Error::GenericError);
_ykpiv_begin_transaction(state)?;
@@ -1260,7 +1255,7 @@ pub(crate) unsafe fn _cache_pin(
state: &mut YubiKey,
pin: *const c_char,
len: usize,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
if !pin.is_null() && (state.pin as *const c_char == pin) {
return Ok(());
}
@@ -1279,7 +1274,7 @@ pub(crate) unsafe fn _cache_pin(
state.pin = malloc(len + 1) as (*mut u8);
if state.pin.is_null() {
return Err(ErrorKind::MemoryError);
return Err(Error::MemoryError);
}
memcpy(state.pin as (*mut c_void), pin as (*const c_void), len);
@@ -1292,7 +1287,7 @@ pub(crate) unsafe fn _cache_pin(
/// Verify device PIN
///
/// Returns the number of tries remaining both on success and on a wrong PIN.
pub unsafe fn ykpiv_verify(state: &mut YubiKey, pin: *const c_char) -> Result<i32, ErrorKind> {
pub unsafe fn ykpiv_verify(state: &mut YubiKey, pin: *const c_char) -> Result<i32, Error> {
ykpiv_verify_select(
state,
pin,
@@ -1308,13 +1303,13 @@ pub(crate) unsafe fn _verify(
state: &mut YubiKey,
pin: *const c_char,
pin_len: usize,
) -> Result<i32, ErrorKind> {
) -> Result<i32, Error> {
let mut data = [0u8; 261];
let mut recv_len = data.len() as u32;
let mut sw: i32 = 0;
if pin_len > CB_PIN_MAX {
return Err(ErrorKind::SizeError);
return Err(Error::SizeError);
}
let mut apdu = APDU::default();
@@ -1356,11 +1351,11 @@ pub(crate) unsafe fn _verify(
Ok(sw & 0xf)
} else if sw >> 8 == 0x63 {
Err(ErrorKind::WrongPin { tries: sw & 0xf })
Err(Error::WrongPin { tries: sw & 0xf })
} else if sw == SW_ERR_AUTH_BLOCKED {
Err(ErrorKind::WrongPin { tries: 0 })
Err(Error::WrongPin { tries: 0 })
} else {
Err(ErrorKind::GenericError)
Err(Error::GenericError)
}
}
@@ -1372,7 +1367,7 @@ pub unsafe fn ykpiv_verify_select(
pin: *const c_char,
pin_len: usize,
force_select: bool,
) -> Result<i32, ErrorKind> {
) -> Result<i32, Error> {
let mut res = Ok(-1);
_ykpiv_begin_transaction(state)?;
@@ -1392,7 +1387,7 @@ pub unsafe fn ykpiv_verify_select(
}
/// Get the number of PIN retries
pub unsafe fn ykpiv_get_pin_retries(state: &mut YubiKey) -> Result<i32, ErrorKind> {
pub unsafe fn ykpiv_get_pin_retries(state: &mut YubiKey) -> Result<i32, Error> {
// Force a re-select to unverify, because once verified the spec dictates that
// subsequent verify calls will return a "verification not needed" instead of
// the number of tries left...
@@ -1402,7 +1397,7 @@ pub unsafe fn ykpiv_get_pin_retries(state: &mut YubiKey) -> Result<i32, ErrorKin
// WRONG_PIN is expected on successful query.
match ykrc {
Ok(tries) | Err(ErrorKind::WrongPin { tries }) => Ok(tries),
Ok(tries) | Err(Error::WrongPin { tries }) => Ok(tries),
Err(e) => Err(e),
}
}
@@ -1412,7 +1407,7 @@ pub unsafe fn ykpiv_set_pin_retries(
state: &mut YubiKey,
pin_tries: i32,
puk_tries: i32,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut res = Ok(());
let mut templ = [0, YKPIV_INS_SET_PIN_RETRIES, 0, 0];
let mut data = [0u8; 255];
@@ -1425,7 +1420,7 @@ pub unsafe fn ykpiv_set_pin_retries(
}
if pin_tries > 0xff || puk_tries > 0xff || pin_tries < 1 || puk_tries < 1 {
return Err(ErrorKind::RangeError);
return Err(Error::RangeError);
}
templ[2] = pin_tries as (u8);
@@ -1447,9 +1442,9 @@ pub unsafe fn ykpiv_set_pin_retries(
if res.is_ok() {
res = match sw {
SW_SUCCESS => Ok(()),
SW_ERR_AUTH_BLOCKED => Err(ErrorKind::AuthenticationError),
SW_ERR_SECURITY_STATUS => Err(ErrorKind::AuthenticationError),
_ => Err(ErrorKind::GenericError),
SW_ERR_AUTH_BLOCKED => Err(Error::AuthenticationError),
SW_ERR_SECURITY_STATUS => Err(Error::AuthenticationError),
_ => Err(Error::GenericError),
};
}
}
@@ -1466,7 +1461,7 @@ pub(crate) unsafe fn _ykpiv_change_pin(
current_pin_len: usize,
new_pin: *const c_char,
new_pin_len: usize,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut sw: i32 = 0;
let mut templ = [0, YKPIV_INS_CHANGE_REFERENCE, 0, 0x80];
let mut indata = [0u8; 16];
@@ -1474,7 +1469,7 @@ pub(crate) unsafe fn _ykpiv_change_pin(
let mut recv_len: usize = data.len();
if current_pin_len > 8 || new_pin_len > 8 {
return Err(ErrorKind::SizeError);
return Err(Error::SizeError);
}
if action == CHREF_ACT_UNBLOCK_PIN {
@@ -1529,15 +1524,15 @@ pub(crate) unsafe fn _ykpiv_change_pin(
if sw != SW_SUCCESS {
if sw >> 8 == 0x63 {
return Err(ErrorKind::WrongPin { tries: sw & 0xf });
return Err(Error::WrongPin { tries: sw & 0xf });
}
if sw == SW_ERR_AUTH_BLOCKED {
return Err(ErrorKind::PinLocked);
return Err(Error::PinLocked);
}
error!("failed changing pin, token response code: {:x}.", sw);
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
Ok(())
@@ -1552,8 +1547,8 @@ pub unsafe fn ykpiv_change_pin(
current_pin_len: usize,
new_pin: *const c_char,
new_pin_len: usize,
) -> Result<(), ErrorKind> {
let mut res = Err(ErrorKind::GenericError);
) -> Result<(), Error> {
let mut res = Err(Error::GenericError);
_ykpiv_begin_transaction(state)?;
@@ -1584,8 +1579,8 @@ pub unsafe fn ykpiv_change_puk(
current_puk_len: usize,
new_puk: *const c_char,
new_puk_len: usize,
) -> Result<(), ErrorKind> {
let mut res = Err(ErrorKind::GenericError);
) -> Result<(), Error> {
let mut res = Err(Error::GenericError);
_ykpiv_begin_transaction(state)?;
@@ -1605,8 +1600,8 @@ pub unsafe fn ykpiv_unblock_pin(
puk_len: usize,
new_pin: *const c_char,
new_pin_len: usize,
) -> Result<(), ErrorKind> {
let mut res = Err(ErrorKind::GenericError);
) -> Result<(), Error> {
let mut res = Err(Error::GenericError);
_ykpiv_begin_transaction(state)?;
@@ -1624,7 +1619,7 @@ pub unsafe fn ykpiv_fetch_object(
object_id: i32,
data: *mut u8,
len: *mut usize,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut res = Ok(());
_ykpiv_begin_transaction(state)?;
@@ -1643,7 +1638,7 @@ pub(crate) unsafe fn _ykpiv_fetch_object(
object_id: i32,
data: *mut u8,
len: *mut usize,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut sw: i32 = 0;
let mut indata = [0u8; 5];
let mut inptr: *mut u8 = indata.as_mut_ptr();
@@ -1652,7 +1647,7 @@ pub(crate) unsafe fn _ykpiv_fetch_object(
inptr = set_object(object_id, inptr);
if inptr.is_null() {
return Err(ErrorKind::InvalidObject);
return Err(Error::InvalidObject);
}
ykpiv_transfer_data(
@@ -1666,19 +1661,19 @@ pub(crate) unsafe fn _ykpiv_fetch_object(
)?;
if sw != SW_SUCCESS {
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
let mut outlen: usize = 0;
if *len < 2 || !_ykpiv_has_valid_length(data.offset(1), (*len).wrapping_sub(1)) {
return Err(ErrorKind::SizeError);
return Err(Error::SizeError);
}
let offs = _ykpiv_get_length(data.offset(1), &mut outlen);
if offs == 0 {
return Err(ErrorKind::SizeError);
return Err(Error::SizeError);
}
if outlen.wrapping_add(offs).wrapping_add(1) != *len {
@@ -1687,7 +1682,7 @@ pub(crate) unsafe fn _ykpiv_fetch_object(
*len, outlen
);
return Err(ErrorKind::SizeError);
return Err(Error::SizeError);
}
memmove(
@@ -1706,7 +1701,7 @@ pub unsafe fn ykpiv_save_object(
object_id: i32,
indata: *mut u8,
len: usize,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut res = Ok(());
_ykpiv_begin_transaction(state)?;
@@ -1725,7 +1720,7 @@ pub unsafe fn _ykpiv_save_object(
object_id: i32,
indata: *mut u8,
len: usize,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
let mut dataptr: *mut u8 = data.as_mut_ptr();
let templ = [0, YKPIV_INS_PUT_DATA, 0x3f, 0xff];
@@ -1733,13 +1728,13 @@ pub unsafe fn _ykpiv_save_object(
let mut outlen: usize = 0usize;
if len > CB_OBJ_MAX {
return Err(ErrorKind::SizeError);
return Err(Error::SizeError);
}
dataptr = set_object(object_id, dataptr);
if dataptr.is_null() {
return Err(ErrorKind::InvalidObject);
return Err(Error::InvalidObject);
}
*{
let _old = dataptr;
@@ -1763,8 +1758,8 @@ pub unsafe fn _ykpiv_save_object(
match sw {
SW_SUCCESS => Ok(()),
SW_ERR_SECURITY_STATUS => Err(ErrorKind::AuthenticationError),
_ => Err(ErrorKind::GenericError),
SW_ERR_SECURITY_STATUS => Err(Error::AuthenticationError),
_ => Err(Error::GenericError),
}
}
@@ -1806,7 +1801,7 @@ pub unsafe fn ykpiv_import_private_key(
ec_data_len: u8,
pin_policy: u8,
touch_policy: u8,
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut key_data = [0u8; 1024];
let mut in_ptr: *mut u8 = key_data.as_mut_ptr();
let templ = [0, YKPIV_INS_IMPORT_KEY, algorithm, key];
@@ -1824,7 +1819,7 @@ pub unsafe fn ykpiv_import_private_key(
|| key > YKPIV_KEY_RETIRED20 && (key < YKPIV_KEY_AUTHENTICATION)
|| key > YKPIV_KEY_CARDAUTH && (key != YKPIV_KEY_ATTESTATION)
{
return Err(ErrorKind::KeyError);
return Err(Error::KeyError);
}
if pin_policy != YKPIV_PINPOLICY_DEFAULT
@@ -1832,7 +1827,7 @@ pub unsafe fn ykpiv_import_private_key(
&& (pin_policy != YKPIV_PINPOLICY_ONCE)
&& (pin_policy != YKPIV_PINPOLICY_ALWAYS)
{
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
if touch_policy != YKPIV_TOUCHPOLICY_DEFAULT
@@ -1840,13 +1835,13 @@ pub unsafe fn ykpiv_import_private_key(
&& (touch_policy != YKPIV_TOUCHPOLICY_ALWAYS)
&& (touch_policy != YKPIV_TOUCHPOLICY_CACHED)
{
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
match algorithm {
YKPIV_ALGO_RSA1024 | YKPIV_ALGO_RSA2048 => {
if p_len + q_len + dp_len + dq_len + qinv_len >= 1024 {
return Err(ErrorKind::SizeError);
return Err(Error::SizeError);
} else {
if algorithm == YKPIV_ALGO_RSA1024 {
elem_len = 64;
@@ -1857,7 +1852,7 @@ pub unsafe fn ykpiv_import_private_key(
}
if p.is_null() || q.is_null() || dp.is_null() || dq.is_null() || qinv.is_null() {
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
params[0] = p;
@@ -1876,7 +1871,7 @@ pub unsafe fn ykpiv_import_private_key(
}
YKPIV_ALGO_ECCP256 | YKPIV_ALGO_ECCP384 => {
if ec_data_len as (usize) >= key_data.len() {
return Err(ErrorKind::SizeError);
return Err(Error::SizeError);
}
if algorithm == YKPIV_ALGO_ECCP256 {
@@ -1886,7 +1881,7 @@ pub unsafe fn ykpiv_import_private_key(
}
if ec_data.is_null() {
return Err(ErrorKind::GenericError);
return Err(Error::GenericError);
}
params[0] = ec_data;
@@ -1894,7 +1889,7 @@ pub unsafe fn ykpiv_import_private_key(
param_tag = 0x6;
n_params = 1;
}
_ => return Err(ErrorKind::AlgorithmError),
_ => return Err(Error::AlgorithmError),
}
for i in 0..n_params {
@@ -1906,7 +1901,7 @@ pub unsafe fn ykpiv_import_private_key(
let remaining = (key_data.as_mut_ptr() as usize) + 1024 - in_ptr as usize;
if padding > remaining {
return Err(ErrorKind::AlgorithmError);
return Err(Error::AlgorithmError);
}
memset(in_ptr as *mut c_void, 0, padding);
@@ -1948,9 +1943,9 @@ pub unsafe fn ykpiv_import_private_key(
);
if res.is_ok() && sw != SW_SUCCESS {
res = Err(ErrorKind::GenericError);
res = Err(Error::GenericError);
if sw == SW_ERR_SECURITY_STATUS {
res = Err(ErrorKind::AuthenticationError);
res = Err(Error::AuthenticationError);
}
}
}
@@ -1966,14 +1961,14 @@ pub unsafe fn ykpiv_attest(
key: u8,
data: *mut u8,
data_len: *mut usize,
) -> Result<(), ErrorKind> {
let mut res = Err(ErrorKind::GenericError);
) -> Result<(), Error> {
let mut res = Err(Error::GenericError);
let templ = [0, YKPIV_INS_ATTEST, key, 0];
let mut sw: i32 = 0;
let mut ul_data_len: usize;
if data.is_null() || data_len.is_null() {
return Err(ErrorKind::ArgumentError);
return Err(Error::ArgumentError);
}
ul_data_len = *data_len;
@@ -1993,12 +1988,12 @@ pub unsafe fn ykpiv_attest(
if res.is_ok() {
if sw != SW_SUCCESS {
res = Err(ErrorKind::GenericError);
res = Err(Error::GenericError);
if sw == SW_ERR_NOT_SUPPORTED {
res = Err(ErrorKind::NotSupported);
res = Err(Error::NotSupported);
}
} else if *data as i32 != 0x30 {
res = Err(ErrorKind::GenericError);
res = Err(Error::GenericError);
} else {
*data_len = ul_data_len;
}
@@ -2010,7 +2005,7 @@ pub unsafe fn ykpiv_attest(
}
/// Get an auth challenge
pub unsafe fn ykpiv_auth_getchallenge(state: &mut YubiKey) -> Result<[u8; 8], ErrorKind> {
pub unsafe fn ykpiv_auth_getchallenge(state: &mut YubiKey) -> Result<[u8; 8], Error> {
let mut data = [0u8; 261];
let mut recv_len = data.len() as u32;
let mut sw: i32 = 0;
@@ -2032,7 +2027,7 @@ pub unsafe fn ykpiv_auth_getchallenge(state: &mut YubiKey) -> Result<[u8; 8], Er
if let Err(e) = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw) {
res = Err(e)
} else if sw != SW_SUCCESS {
res = Err(ErrorKind::AuthenticationError);
res = Err(Error::AuthenticationError);
} else {
let mut challenge = [0; 8];
challenge.copy_from_slice(&data[4..12]);
@@ -2048,7 +2043,7 @@ pub unsafe fn ykpiv_auth_getchallenge(state: &mut YubiKey) -> Result<[u8; 8], Er
pub unsafe fn ykpiv_auth_verifyresponse(
state: &mut YubiKey,
response: [u8; 8],
) -> Result<(), ErrorKind> {
) -> Result<(), Error> {
let mut data = [0u8; 261];
let mut recv_len = data.len() as u32;
let mut sw: i32 = 0;
@@ -2070,7 +2065,7 @@ pub unsafe fn ykpiv_auth_verifyresponse(
let mut res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw);
if res.is_ok() && sw != SW_SUCCESS {
res = Err(ErrorKind::AuthenticationError);
res = Err(Error::AuthenticationError);
}
apdu.zeroize();
@@ -2082,7 +2077,7 @@ pub unsafe fn ykpiv_auth_verifyresponse(
static mut MGMT_AID: [u8; 8] = [0xa0, 0x00, 0x00, 0x05, 0x27, 0x47, 0x11, 0x17];
/// Deauthenticate
pub unsafe fn ykpiv_auth_deauthenticate(state: &mut YubiKey) -> Result<(), ErrorKind> {
pub unsafe fn ykpiv_auth_deauthenticate(state: &mut YubiKey) -> Result<(), Error> {
let mut data = [0u8; 255];
let mut recv_len = data.len() as u32;
let mut sw: i32 = 0;
@@ -2108,7 +2103,7 @@ pub unsafe fn ykpiv_auth_deauthenticate(state: &mut YubiKey) -> Result<(), Error
if sw != SW_SUCCESS {
error!("Failed selecting mgmt application: {:04x}", sw);
res = Err(ErrorKind::GenericError);
res = Err(Error::GenericError);
}
let _ = _ykpiv_end_transaction(state);