Apply suggestions from code review
More of @str4d's suggested changes Co-Authored-By: str4d <thestr4d@gmail.com>
This commit is contained in:
+8
-8
@@ -187,7 +187,7 @@ impl<'tx> Transaction<'tx> {
|
|||||||
let mut templ = [0, YKPIV_INS_CHANGE_REFERENCE, 0, 0x80];
|
let mut templ = [0, YKPIV_INS_CHANGE_REFERENCE, 0, 0x80];
|
||||||
let mut indata = Zeroizing::new([0u8; 16]);
|
let mut indata = Zeroizing::new([0u8; 16]);
|
||||||
|
|
||||||
if current_pin.len() > 8 || new_pin.len() > 8 {
|
if current_pin.len() > CB_PIN_MAX || new_pin.len() > CB_PIN_MAX {
|
||||||
return Err(Error::SizeError);
|
return Err(Error::SizeError);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -200,11 +200,11 @@ impl<'tx> Transaction<'tx> {
|
|||||||
unsafe {
|
unsafe {
|
||||||
ptr::copy(current_pin.as_ptr(), indata.as_mut_ptr(), current_pin.len());
|
ptr::copy(current_pin.as_ptr(), indata.as_mut_ptr(), current_pin.len());
|
||||||
|
|
||||||
if current_pin.len() < 8 {
|
if current_pin.len() < CB_PIN_MAX {
|
||||||
ptr::write_bytes(
|
ptr::write_bytes(
|
||||||
indata.as_mut_ptr().add(current_pin.len()),
|
indata.as_mut_ptr().add(current_pin.len()),
|
||||||
0xff,
|
0xff,
|
||||||
8 - current_pin.len(),
|
CB_PIN_MAX - current_pin.len(),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -214,17 +214,17 @@ impl<'tx> Transaction<'tx> {
|
|||||||
new_pin.len(),
|
new_pin.len(),
|
||||||
);
|
);
|
||||||
|
|
||||||
if new_pin.len() < 8 {
|
if new_pin.len() < CB_PIN_MAX {
|
||||||
ptr::write_bytes(
|
ptr::write_bytes(
|
||||||
indata.as_mut_ptr().offset(8).add(new_pin.len()),
|
indata.as_mut_ptr().offset(8).add(new_pin.len()),
|
||||||
0xff,
|
0xff,
|
||||||
8 - new_pin.len(),
|
CB_PIN_MAX - new_pin.len(),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let status_words = self
|
let status_words = self
|
||||||
.transfer_data(&templ, indata.as_ref(), 255)?
|
.transfer_data(&templ, indata.as_ref(), 0xFF)?
|
||||||
.status_words();
|
.status_words();
|
||||||
|
|
||||||
match status_words {
|
match status_words {
|
||||||
@@ -428,7 +428,7 @@ impl<'tx> Transaction<'tx> {
|
|||||||
|
|
||||||
if out_data.len() - response.buffer().len() - 2 > max_out {
|
if out_data.len() - response.buffer().len() - 2 > max_out {
|
||||||
error!(
|
error!(
|
||||||
"output buffer to small: wanted to write {}, max was {}",
|
"output buffer too small: wanted to write {}, max was {}",
|
||||||
out_data.len() - response.buffer().len() - 2,
|
out_data.len() - response.buffer().len() - 2,
|
||||||
max_out
|
max_out
|
||||||
);
|
);
|
||||||
@@ -444,7 +444,7 @@ impl<'tx> Transaction<'tx> {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
while sw >> 8 != 0x61 {
|
while sw >> 8 == 0x61 {
|
||||||
trace!(
|
trace!(
|
||||||
"The card indicates there is {} bytes more data for us",
|
"The card indicates there is {} bytes more data for us",
|
||||||
sw & 0xff
|
sw & 0xff
|
||||||
|
|||||||
+10
-6
@@ -379,7 +379,7 @@ impl YubiKey {
|
|||||||
pub unsafe fn change_pin(&mut self, current_pin: &[u8], new_pin: &[u8]) -> Result<(), Error> {
|
pub unsafe fn change_pin(&mut self, current_pin: &[u8], new_pin: &[u8]) -> Result<(), Error> {
|
||||||
{
|
{
|
||||||
let txn = self.begin_transaction()?;
|
let txn = self.begin_transaction()?;
|
||||||
txn.change_pin(0, current_pin, new_pin)?;
|
txn.change_pin(CHREF_ACT_CHANGE_PIN, current_pin, new_pin)?;
|
||||||
}
|
}
|
||||||
|
|
||||||
if !new_pin.is_empty() {
|
if !new_pin.is_empty() {
|
||||||
@@ -391,7 +391,7 @@ impl YubiKey {
|
|||||||
|
|
||||||
/// Set PIN last changed
|
/// Set PIN last changed
|
||||||
pub unsafe fn set_pin_last_changed(yubikey: &mut YubiKey) -> Result<(), Error> {
|
pub unsafe fn set_pin_last_changed(yubikey: &mut YubiKey) -> Result<(), Error> {
|
||||||
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
|
let mut data = [0u8; CB_BUF_MAX];
|
||||||
let max_size = yubikey.obj_size_max();
|
let max_size = yubikey.obj_size_max();
|
||||||
let txn = yubikey.begin_transaction()?;
|
let txn = yubikey.begin_transaction()?;
|
||||||
|
|
||||||
@@ -435,7 +435,7 @@ impl YubiKey {
|
|||||||
/// The default PUK code is 12345678.
|
/// The default PUK code is 12345678.
|
||||||
pub unsafe fn change_puk(&mut self, current_puk: &[u8], new_puk: &[u8]) -> Result<(), Error> {
|
pub unsafe fn change_puk(&mut self, current_puk: &[u8], new_puk: &[u8]) -> Result<(), Error> {
|
||||||
let txn = self.begin_transaction()?;
|
let txn = self.begin_transaction()?;
|
||||||
txn.change_pin(2, current_puk, new_puk)
|
txn.change_pin(CHREF_ACT_CHANGE_PUK, current_puk, new_puk)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Block PUK: permanently prevent the PIN from becoming unblocked
|
/// Block PUK: permanently prevent the PIN from becoming unblocked
|
||||||
@@ -449,7 +449,7 @@ impl YubiKey {
|
|||||||
|
|
||||||
while tries_remaining != 0 {
|
while tries_remaining != 0 {
|
||||||
// 2 -> change puk
|
// 2 -> change puk
|
||||||
let res = txn.change_pin(2, &puk, &puk);
|
let res = txn.change_pin(CHREF_ACT_CHANGE_PUK, &puk, &puk);
|
||||||
|
|
||||||
match res {
|
match res {
|
||||||
Ok(()) => puk[0] += 1,
|
Ok(()) => puk[0] += 1,
|
||||||
@@ -458,6 +458,8 @@ impl YubiKey {
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
|
// depending on the firmware, tries may not be set to zero when the PUK is blocked,
|
||||||
|
// instead, the return code will be PIN_LOCKED and tries will be unset
|
||||||
if e != Error::PinLocked {
|
if e != Error::PinLocked {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
@@ -481,7 +483,7 @@ impl YubiKey {
|
|||||||
}
|
}
|
||||||
|
|
||||||
flags[0] |= ADMIN_FLAGS_1_PUK_BLOCKED;
|
flags[0] |= ADMIN_FLAGS_1_PUK_BLOCKED;
|
||||||
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
|
let mut data = [0u8; CB_BUF_MAX];
|
||||||
let mut cb_data: usize = data.len();
|
let mut cb_data: usize = data.len();
|
||||||
|
|
||||||
if metadata::set_item(
|
if metadata::set_item(
|
||||||
@@ -507,7 +509,7 @@ impl YubiKey {
|
|||||||
/// configured PIN Unblocking Key (PUK).
|
/// configured PIN Unblocking Key (PUK).
|
||||||
pub unsafe fn unblock_pin(&mut self, puk: &[u8], new_pin: &[u8]) -> Result<(), Error> {
|
pub unsafe fn unblock_pin(&mut self, puk: &[u8], new_pin: &[u8]) -> Result<(), Error> {
|
||||||
let txn = self.begin_transaction()?;
|
let txn = self.begin_transaction()?;
|
||||||
txn.change_pin(1, puk, new_pin)
|
txn.change_pin(CHREF_ACT_UNBLOCK_PIN, puk, new_pin)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Fetch an object from the YubiKey
|
/// Fetch an object from the YubiKey
|
||||||
@@ -815,6 +817,8 @@ impl YubiKey {
|
|||||||
/// Reset YubiKey.
|
/// Reset YubiKey.
|
||||||
///
|
///
|
||||||
/// WARNING: this is a destructive operation which will destroy all keys!
|
/// WARNING: this is a destructive operation which will destroy all keys!
|
||||||
|
///
|
||||||
|
/// The reset function is only available when both pins are blocked.
|
||||||
pub fn reset_device(&mut self) -> Result<(), Error> {
|
pub fn reset_device(&mut self) -> Result<(), Error> {
|
||||||
let templ = [0, YKPIV_INS_RESET, 0, 0];
|
let templ = [0, YKPIV_INS_RESET, 0, 0];
|
||||||
let txn = self.begin_transaction()?;
|
let txn = self.begin_transaction()?;
|
||||||
|
|||||||
Reference in New Issue
Block a user