Apply suggestions from code review

More of @str4d's suggested changes

Co-Authored-By: str4d <thestr4d@gmail.com>
This commit is contained in:
Tony Arcieri
2019-11-25 07:38:33 -08:00
committed by GitHub
parent e18828d048
commit 9367218c7d
2 changed files with 18 additions and 14 deletions
+8 -8
View File
@@ -187,7 +187,7 @@ impl<'tx> Transaction<'tx> {
let mut templ = [0, YKPIV_INS_CHANGE_REFERENCE, 0, 0x80]; let mut templ = [0, YKPIV_INS_CHANGE_REFERENCE, 0, 0x80];
let mut indata = Zeroizing::new([0u8; 16]); let mut indata = Zeroizing::new([0u8; 16]);
if current_pin.len() > 8 || new_pin.len() > 8 { if current_pin.len() > CB_PIN_MAX || new_pin.len() > CB_PIN_MAX {
return Err(Error::SizeError); return Err(Error::SizeError);
} }
@@ -200,11 +200,11 @@ impl<'tx> Transaction<'tx> {
unsafe { unsafe {
ptr::copy(current_pin.as_ptr(), indata.as_mut_ptr(), current_pin.len()); ptr::copy(current_pin.as_ptr(), indata.as_mut_ptr(), current_pin.len());
if current_pin.len() < 8 { if current_pin.len() < CB_PIN_MAX {
ptr::write_bytes( ptr::write_bytes(
indata.as_mut_ptr().add(current_pin.len()), indata.as_mut_ptr().add(current_pin.len()),
0xff, 0xff,
8 - current_pin.len(), CB_PIN_MAX - current_pin.len(),
); );
} }
@@ -214,17 +214,17 @@ impl<'tx> Transaction<'tx> {
new_pin.len(), new_pin.len(),
); );
if new_pin.len() < 8 { if new_pin.len() < CB_PIN_MAX {
ptr::write_bytes( ptr::write_bytes(
indata.as_mut_ptr().offset(8).add(new_pin.len()), indata.as_mut_ptr().offset(8).add(new_pin.len()),
0xff, 0xff,
8 - new_pin.len(), CB_PIN_MAX - new_pin.len(),
); );
} }
} }
let status_words = self let status_words = self
.transfer_data(&templ, indata.as_ref(), 255)? .transfer_data(&templ, indata.as_ref(), 0xFF)?
.status_words(); .status_words();
match status_words { match status_words {
@@ -428,7 +428,7 @@ impl<'tx> Transaction<'tx> {
if out_data.len() - response.buffer().len() - 2 > max_out { if out_data.len() - response.buffer().len() - 2 > max_out {
error!( error!(
"output buffer to small: wanted to write {}, max was {}", "output buffer too small: wanted to write {}, max was {}",
out_data.len() - response.buffer().len() - 2, out_data.len() - response.buffer().len() - 2,
max_out max_out
); );
@@ -444,7 +444,7 @@ impl<'tx> Transaction<'tx> {
} }
} }
while sw >> 8 != 0x61 { while sw >> 8 == 0x61 {
trace!( trace!(
"The card indicates there is {} bytes more data for us", "The card indicates there is {} bytes more data for us",
sw & 0xff sw & 0xff
+10 -6
View File
@@ -379,7 +379,7 @@ impl YubiKey {
pub unsafe fn change_pin(&mut self, current_pin: &[u8], new_pin: &[u8]) -> Result<(), Error> { pub unsafe fn change_pin(&mut self, current_pin: &[u8], new_pin: &[u8]) -> Result<(), Error> {
{ {
let txn = self.begin_transaction()?; let txn = self.begin_transaction()?;
txn.change_pin(0, current_pin, new_pin)?; txn.change_pin(CHREF_ACT_CHANGE_PIN, current_pin, new_pin)?;
} }
if !new_pin.is_empty() { if !new_pin.is_empty() {
@@ -391,7 +391,7 @@ impl YubiKey {
/// Set PIN last changed /// Set PIN last changed
pub unsafe fn set_pin_last_changed(yubikey: &mut YubiKey) -> Result<(), Error> { pub unsafe fn set_pin_last_changed(yubikey: &mut YubiKey) -> Result<(), Error> {
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE]; let mut data = [0u8; CB_BUF_MAX];
let max_size = yubikey.obj_size_max(); let max_size = yubikey.obj_size_max();
let txn = yubikey.begin_transaction()?; let txn = yubikey.begin_transaction()?;
@@ -435,7 +435,7 @@ impl YubiKey {
/// The default PUK code is 12345678. /// The default PUK code is 12345678.
pub unsafe fn change_puk(&mut self, current_puk: &[u8], new_puk: &[u8]) -> Result<(), Error> { pub unsafe fn change_puk(&mut self, current_puk: &[u8], new_puk: &[u8]) -> Result<(), Error> {
let txn = self.begin_transaction()?; let txn = self.begin_transaction()?;
txn.change_pin(2, current_puk, new_puk) txn.change_pin(CHREF_ACT_CHANGE_PUK, current_puk, new_puk)
} }
/// Block PUK: permanently prevent the PIN from becoming unblocked /// Block PUK: permanently prevent the PIN from becoming unblocked
@@ -449,7 +449,7 @@ impl YubiKey {
while tries_remaining != 0 { while tries_remaining != 0 {
// 2 -> change puk // 2 -> change puk
let res = txn.change_pin(2, &puk, &puk); let res = txn.change_pin(CHREF_ACT_CHANGE_PUK, &puk, &puk);
match res { match res {
Ok(()) => puk[0] += 1, Ok(()) => puk[0] += 1,
@@ -458,6 +458,8 @@ impl YubiKey {
continue; continue;
} }
Err(e) => { Err(e) => {
// depending on the firmware, tries may not be set to zero when the PUK is blocked,
// instead, the return code will be PIN_LOCKED and tries will be unset
if e != Error::PinLocked { if e != Error::PinLocked {
continue; continue;
} }
@@ -481,7 +483,7 @@ impl YubiKey {
} }
flags[0] |= ADMIN_FLAGS_1_PUK_BLOCKED; flags[0] |= ADMIN_FLAGS_1_PUK_BLOCKED;
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE]; let mut data = [0u8; CB_BUF_MAX];
let mut cb_data: usize = data.len(); let mut cb_data: usize = data.len();
if metadata::set_item( if metadata::set_item(
@@ -507,7 +509,7 @@ impl YubiKey {
/// configured PIN Unblocking Key (PUK). /// configured PIN Unblocking Key (PUK).
pub unsafe fn unblock_pin(&mut self, puk: &[u8], new_pin: &[u8]) -> Result<(), Error> { pub unsafe fn unblock_pin(&mut self, puk: &[u8], new_pin: &[u8]) -> Result<(), Error> {
let txn = self.begin_transaction()?; let txn = self.begin_transaction()?;
txn.change_pin(1, puk, new_pin) txn.change_pin(CHREF_ACT_UNBLOCK_PIN, puk, new_pin)
} }
/// Fetch an object from the YubiKey /// Fetch an object from the YubiKey
@@ -815,6 +817,8 @@ impl YubiKey {
/// Reset YubiKey. /// Reset YubiKey.
/// ///
/// WARNING: this is a destructive operation which will destroy all keys! /// WARNING: this is a destructive operation which will destroy all keys!
///
/// The reset function is only available when both pins are blocked.
pub fn reset_device(&mut self) -> Result<(), Error> { pub fn reset_device(&mut self) -> Result<(), Error> {
let templ = [0, YKPIV_INS_RESET, 0, 0]; let templ = [0, YKPIV_INS_RESET, 0, 0];
let txn = self.begin_transaction()?; let txn = self.begin_transaction()?;