diff --git a/src/util.rs b/src/util.rs index 1f13348..b97bc6b 100644 --- a/src/util.rs +++ b/src/util.rs @@ -80,17 +80,20 @@ pub static mut CCC_TMPL: &[u8] = &[ pub struct CardId([u8; 16]); /// Get Card ID -pub unsafe fn ykpiv_util_get_cardid(state: *mut YubiKey, cardid: *mut CardId) -> ErrorKind { +pub unsafe fn ykpiv_util_get_cardid( + state: *mut YubiKey, + cardid: *mut CardId, +) -> Result<(), ErrorKind> { let mut buf = [0u8; CB_OBJ_MAX]; let mut len = buf.len(); let mut res: ErrorKind = ErrorKind::Ok; if cardid.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -110,22 +113,28 @@ pub unsafe fn ykpiv_util_get_cardid(state: *mut YubiKey, cardid: *mut CardId) -> } _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Set Card ID -pub unsafe fn ykpiv_util_set_cardid(state: *mut YubiKey, cardid: *const CardId) -> ErrorKind { +pub unsafe fn ykpiv_util_set_cardid( + state: *mut YubiKey, + cardid: *const CardId, +) -> Result<(), ErrorKind> { let mut id = [0u8; YKPIV_CARDID_SIZE]; let mut buf = [0u8; CHUID_TMPL.len()]; let mut res = ErrorKind::Ok; if state.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } if cardid.is_null() { if _ykpiv_prng_generate(id.as_mut_ptr(), id.len()) != PRngErrorKind::Ok { - return ErrorKind::RandomnessError; + return Err(ErrorKind::RandomnessError); } } else { memcpy( @@ -136,7 +145,7 @@ pub unsafe fn ykpiv_util_set_cardid(state: *mut YubiKey, cardid: *const CardId) } if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -161,7 +170,10 @@ pub unsafe fn ykpiv_util_set_cardid(state: *mut YubiKey, cardid: *const CardId) } _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Cardholder Capability Container (CCC) Identifier @@ -169,17 +181,17 @@ pub unsafe fn ykpiv_util_set_cardid(state: *mut YubiKey, cardid: *const CardId) pub struct CCCID([u8; 14]); /// Get Cardholder Capability Container (CCC) ID -pub unsafe fn ykpiv_util_get_cccid(state: *mut YubiKey, ccc: *mut CCCID) -> ErrorKind { +pub unsafe fn ykpiv_util_get_cccid(state: *mut YubiKey, ccc: *mut CCCID) -> Result<(), ErrorKind> { let mut res: ErrorKind = ErrorKind::Ok; let mut buf = [0u8; CB_OBJ_MAX]; let mut len = buf.len(); if ccc.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -193,7 +205,7 @@ pub unsafe fn ykpiv_util_get_cccid(state: *mut YubiKey, ccc: *mut CCCID) -> Erro if res == ErrorKind::Ok { if len != CCC_TMPL.len() { _ykpiv_end_transaction(state); - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } memcpy( @@ -204,23 +216,29 @@ pub unsafe fn ykpiv_util_get_cccid(state: *mut YubiKey, ccc: *mut CCCID) -> Erro } } - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Get Cardholder Capability Container (CCC) ID -pub unsafe fn ykpiv_util_set_cccid(state: *mut YubiKey, ccc: *const CCCID) -> ErrorKind { +pub unsafe fn ykpiv_util_set_cccid( + state: *mut YubiKey, + ccc: *const CCCID, +) -> Result<(), ErrorKind> { let mut res: ErrorKind = ErrorKind::Ok; let mut id = [0u8; 14]; let mut buf = [0u8; 51]; let len: usize; if state.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } if ccc.is_null() { if _ykpiv_prng_generate(id.as_mut_ptr(), id.len()) != PRngErrorKind::Ok { - return ErrorKind::RandomnessError; + return Err(ErrorKind::RandomnessError); } } else { memcpy( @@ -231,7 +249,7 @@ pub unsafe fn ykpiv_util_set_cccid(state: *mut YubiKey, ccc: *const CCCID) -> Er } if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -253,7 +271,10 @@ pub unsafe fn ykpiv_util_set_cccid(state: *mut YubiKey, ccc: *const CCCID) -> Er } _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Get YubiKey device model @@ -316,7 +337,7 @@ pub unsafe fn ykpiv_util_list_keys( key_count: *mut u8, data: *mut *mut YkPivKey, data_len: *mut usize, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut _currentBlock; let mut res: ErrorKind = ErrorKind::Ok; let mut p_key: *mut YkPivKey; @@ -331,11 +352,11 @@ pub unsafe fn ykpiv_util_list_keys( let CB_PAGE: usize = 4096; if data.is_null() || data_len.is_null() || key_count.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -347,7 +368,7 @@ pub unsafe fn ykpiv_util_list_keys( if p_data.is_null() { _ykpiv_end_transaction(state); - return ErrorKind::MemoryError; + return Err(ErrorKind::MemoryError); } cb_data = CB_PAGE; @@ -439,7 +460,10 @@ pub unsafe fn ykpiv_util_list_keys( } _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Read certificate @@ -448,17 +472,17 @@ pub unsafe fn ykpiv_util_read_cert( slot: u8, data: *mut *mut u8, data_len: *mut usize, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut res: ErrorKind = ErrorKind::Ok; let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE]; let mut cb_buf: usize = buf.len(); if data.is_null() || data_len.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -488,7 +512,10 @@ pub unsafe fn ykpiv_util_read_cert( } _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Write certificate @@ -498,11 +525,11 @@ pub unsafe fn ykpiv_util_write_cert( data: *mut u8, data_len: usize, certinfo: u8, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut res: ErrorKind = ErrorKind::Ok; if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -510,16 +537,19 @@ pub unsafe fn ykpiv_util_write_cert( } _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Delete certificate -pub unsafe fn ykpiv_util_delete_cert(state: *mut YubiKey, slot: u8) -> ErrorKind { +pub unsafe fn ykpiv_util_delete_cert(state: *mut YubiKey, slot: u8) -> Result<(), ErrorKind> { ykpiv_util_write_cert(state, slot, ptr::null_mut(), 0, 0) } /// Block PUK -pub unsafe fn ykpiv_util_block_puk(state: *mut YubiKey) -> ErrorKind { +pub unsafe fn ykpiv_util_block_puk(state: *mut YubiKey) -> Result<(), ErrorKind> { let mut _currentBlock; let mut res: ErrorKind = ErrorKind::Ok; let mut puk = [0x30, 0x42, 0x41, 0x44, 0x46, 0x30, 0x30, 0x44]; @@ -531,11 +561,11 @@ pub unsafe fn ykpiv_util_block_puk(state: *mut YubiKey) -> ErrorKind { let mut flags: u8 = 0; if state.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -629,7 +659,10 @@ pub unsafe fn ykpiv_util_block_puk(state: *mut YubiKey) -> ErrorKind { } } else { _ykpiv_end_transaction(state); - return res; + return match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + }; } } } @@ -669,7 +702,7 @@ pub unsafe fn ykpiv_util_read_mscmap( state: *mut YubiKey, containers: *mut *mut YkPivContainer, n_containers: *mut usize, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut res: ErrorKind = ErrorKind::Ok; let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE]; let mut cb_buf: usize = buf.len(); @@ -677,11 +710,12 @@ pub unsafe fn ykpiv_util_read_mscmap( let mut ptr: *mut u8; if containers.is_null() || n_containers.is_null() { + // TODO(str4d): Should this really continue on here? res = ErrorKind::GenericError; } if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -697,14 +731,17 @@ pub unsafe fn ykpiv_util_read_mscmap( if res != ErrorKind::Ok { _ykpiv_end_transaction(state); - return res; + return match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + }; } ptr = buf.as_mut_ptr(); if cb_buf < CB_OBJ_TAG_MIN { _ykpiv_end_transaction(state); - return ErrorKind::Ok; + return Ok(()); } if *ptr == TAG_MSCMAP { @@ -713,7 +750,7 @@ pub unsafe fn ykpiv_util_read_mscmap( if len > cb_buf - (ptr as isize - buf.as_mut_ptr() as isize) as usize { _ykpiv_end_transaction(state); - return ErrorKind::Ok; + return Ok(()); } *containers = calloc(len, 1) as (*mut YkPivContainer); @@ -727,7 +764,10 @@ pub unsafe fn ykpiv_util_read_mscmap( } } - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Get max object size @@ -744,14 +784,14 @@ pub unsafe fn ykpiv_util_write_mscmap( state: *mut YubiKey, containers: *mut YkPivContainer, n_containers: usize, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut res = ErrorKind::Ok; let mut buf = [0u8; CB_OBJ_MAX]; let mut offset: usize = 0; let data_len: usize = n_containers.wrapping_mul(mem::size_of::()); if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -763,14 +803,17 @@ pub unsafe fn ykpiv_util_write_mscmap( } _ykpiv_end_transaction(state); - return res; + return match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + }; } let req_len = 1 + _ykpiv_set_length(buf.as_mut_ptr(), data_len) + data_len; if req_len > _obj_size_max(state) { _ykpiv_end_transaction(state); - return ErrorKind::SizeError; + return Err(ErrorKind::SizeError); } buf[offset] = 0x81; @@ -786,7 +829,10 @@ pub unsafe fn ykpiv_util_write_mscmap( } _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Read msroots @@ -794,7 +840,7 @@ pub unsafe fn ykpiv_util_read_msroots( state: *mut YubiKey, data: *mut *mut u8, data_len: *mut usize, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut _currentBlock; let mut res = ErrorKind::Ok; let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE]; @@ -810,11 +856,11 @@ pub unsafe fn ykpiv_util_read_msroots( let mut offset: usize = 0; if data.is_null() || data_len.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -916,7 +962,10 @@ pub unsafe fn ykpiv_util_read_msroots( } _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Write msroots @@ -924,7 +973,7 @@ pub unsafe fn ykpiv_util_write_msroots( state: *mut YubiKey, data: *mut u8, data_len: usize, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut res: ErrorKind = ErrorKind::Ok; let mut buf = [0u8; CB_OBJ_MAX]; let mut offset: usize; @@ -934,7 +983,7 @@ pub unsafe fn ykpiv_util_write_msroots( let cb_obj_max = _obj_size_max(state); if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -946,14 +995,17 @@ pub unsafe fn ykpiv_util_write_msroots( } _ykpiv_end_transaction(state); - return res; + return match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + }; } n_objs = (data_len / (cb_obj_max - 4)) + 1; if n_objs > 5 { _ykpiv_end_transaction(state); - return ErrorKind::SizeError; + return Err(ErrorKind::SizeError); } for i in 0..n_objs { @@ -998,7 +1050,10 @@ pub unsafe fn ykpiv_util_write_msroots( } _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } // Keygen messages @@ -1026,7 +1081,7 @@ pub unsafe fn ykpiv_util_generate_key( exp_len: *mut usize, point: *mut *mut u8, point_len: *mut usize, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut res: ErrorKind = ErrorKind::Ok; let mut in_data = [0u8; 11]; let mut in_ptr = in_data.as_mut_ptr(); @@ -1043,7 +1098,7 @@ pub unsafe fn ykpiv_util_generate_key( let setting_roca: SettingBool; if state.is_null() { - return ErrorKind::ArgumentError; + return Err(ErrorKind::ArgumentError); } if ykpiv_util_devicemodel(state) == DEVTYPE_YK4 @@ -1082,7 +1137,7 @@ pub unsafe fn ykpiv_util_generate_key( ); if !setting_roca.value { - return ErrorKind::NotSupported; + return Err(ErrorKind::NotSupported); } } @@ -1092,7 +1147,7 @@ pub unsafe fn ykpiv_util_generate_key( if (*state).verbose != 0 { eprintln!("Invalid output parameter for ECC algorithm"); } - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } else { *point = ptr::null_mut(); *point_len = 0; @@ -1103,7 +1158,7 @@ pub unsafe fn ykpiv_util_generate_key( if (*state).verbose != 0 { eprintln!("Invalid output parameter for RSA algorithm",); } - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } else { *modulus = ptr::null_mut(); *modulus_len = 0; @@ -1116,12 +1171,12 @@ pub unsafe fn ykpiv_util_generate_key( eprintln!("Invalid algorithm specified"); } - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } } if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -1384,7 +1439,10 @@ pub unsafe fn ykpiv_util_generate_key( } _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Config mgm type @@ -1422,7 +1480,10 @@ pub struct YkPivConfig { } /// Get config -pub unsafe fn ykpiv_util_get_config(state: *mut YubiKey, config: *mut YkPivConfig) -> ErrorKind { +pub unsafe fn ykpiv_util_get_config( + state: *mut YubiKey, + config: *mut YkPivConfig, +) -> Result<(), ErrorKind> { let mut data = [0u8; YKPIV_OBJ_MAX_SIZE]; let mut cb_data: usize = mem::size_of::<[u8; YKPIV_OBJ_MAX_SIZE]>(); let mut p_item: *mut u8 = ptr::null_mut(); @@ -1430,7 +1491,7 @@ pub unsafe fn ykpiv_util_get_config(state: *mut YubiKey, config: *mut YkPivConfi let res = ErrorKind::Ok; if state.is_null() || config.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } (*config).protected_data_available = 0u8; @@ -1440,7 +1501,7 @@ pub unsafe fn ykpiv_util_get_config(state: *mut YubiKey, config: *mut YkPivConfi (*config).mgm_type = YkPivConfigMgmType::YKPIV_CONFIG_MGM_MANUAL; if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -1541,22 +1602,25 @@ pub unsafe fn ykpiv_util_get_config(state: *mut YubiKey, config: *mut YkPivConfi } _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Set PIN last changed -pub unsafe fn ykpiv_util_set_pin_last_changed(state: *mut YubiKey) -> ErrorKind { +pub unsafe fn ykpiv_util_set_pin_last_changed(state: *mut YubiKey) -> Result<(), ErrorKind> { let mut data = [0u8; YKPIV_OBJ_MAX_SIZE]; let mut cb_data = data.len(); let mut res = ErrorKind::Ok; let ykrc: ErrorKind; if state.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -1593,7 +1657,10 @@ pub unsafe fn ykpiv_util_set_pin_last_changed(state: *mut YubiKey) -> ErrorKind } } _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Management key (MGM) @@ -1618,7 +1685,7 @@ pub unsafe fn ykpiv_util_get_derived_mgm( pin: *const u8, pin_len: usize, mgm: *mut YkPivMgm, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut data = [0u8; YKPIV_OBJ_MAX_SIZE]; let mut cb_data: usize = data.len(); let mut p_item: *mut u8 = ptr::null_mut(); @@ -1626,15 +1693,15 @@ pub unsafe fn ykpiv_util_get_derived_mgm( let mut res: ErrorKind = ErrorKind::Ok; if state.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } if pin.is_null() || pin_len == 0 || mgm.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -1682,11 +1749,17 @@ pub unsafe fn ykpiv_util_get_derived_mgm( } _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Get protected management key (MGM) -pub unsafe fn ykpiv_util_get_protected_mgm(state: *mut YubiKey, mgm: *mut YkPivMgm) -> ErrorKind { +pub unsafe fn ykpiv_util_get_protected_mgm( + state: *mut YubiKey, + mgm: *mut YkPivMgm, +) -> Result<(), ErrorKind> { let mut data = [0u8; YKPIV_OBJ_MAX_SIZE]; let mut cb_data: usize = data.len(); let mut p_item: *mut u8 = ptr::null_mut(); @@ -1694,11 +1767,11 @@ pub unsafe fn ykpiv_util_get_protected_mgm(state: *mut YubiKey, mgm: *mut YkPivM let mut res = ErrorKind::Ok; if state.is_null() || mgm.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -1744,12 +1817,18 @@ pub unsafe fn ykpiv_util_get_protected_mgm(state: *mut YubiKey, mgm: *mut YkPivM data.zeroize(); _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Set protected management key (MGM) #[allow(clippy::cognitive_complexity)] -pub unsafe fn ykpiv_util_set_protected_mgm(state: *mut YubiKey, mgm: *mut YkPivMgm) -> ErrorKind { +pub unsafe fn ykpiv_util_set_protected_mgm( + state: *mut YubiKey, + mgm: *mut YkPivMgm, +) -> Result<(), ErrorKind> { let mut _currentBlock; let mut res: ErrorKind = ErrorKind::Ok; let mut ykrc: ErrorKind = ErrorKind::Ok; @@ -1764,7 +1843,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm(state: *mut YubiKey, mgm: *mut YkPivM let mut flags_1: u8 = 0; if state.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } if mgm.is_null() { @@ -1795,7 +1874,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm(state: *mut YubiKey, mgm: *mut YkPivM } if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -1953,11 +2032,14 @@ pub unsafe fn ykpiv_util_set_protected_mgm(state: *mut YubiKey, mgm: *mut YkPivM mgm_key.zeroize(); _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Reset -pub unsafe fn ykpiv_util_reset(state: *mut YubiKey) -> ErrorKind { +pub unsafe fn ykpiv_util_reset(state: *mut YubiKey) -> Result<(), ErrorKind> { let templ = [0, YKPIV_INS_RESET, 0, 0]; let mut data = [0u8; 255]; let mut recv_len = data.len(); @@ -1973,10 +2055,9 @@ pub unsafe fn ykpiv_util_reset(state: *mut YubiKey) -> ErrorKind { &mut sw, ); - if res == ErrorKind::Ok && sw == SW_SUCCESS { - ErrorKind::Ok - } else { - ErrorKind::GenericError + match (res, sw) { + (ErrorKind::Ok, SW_SUCCESS) => Ok(()), + _ => Err(ErrorKind::GenericError), } } diff --git a/src/yubikey.rs b/src/yubikey.rs index 75b76ba..bafbfa2 100644 --- a/src/yubikey.rs +++ b/src/yubikey.rs @@ -178,15 +178,15 @@ pub(crate) unsafe fn _ykpiv_has_valid_length(buffer: *const u8, len: usize) -> b } /// Initialize YubiKey client instance -pub unsafe fn ykpiv_init(state: *mut *mut YubiKey, verbose: i32) -> ErrorKind { +pub unsafe fn ykpiv_init(state: *mut *mut YubiKey, verbose: i32) -> Result<(), ErrorKind> { if state.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } let s = malloc(mem::size_of::()) as (*mut YubiKey); if s.is_null() { - return ErrorKind::MemoryError; + return Err(ErrorKind::MemoryError); } memset(s as (*mut c_void), 0i32, mem::size_of::()); @@ -194,7 +194,7 @@ pub unsafe fn ykpiv_init(state: *mut *mut YubiKey, verbose: i32) -> ErrorKind { (*s).verbose = verbose; (*s).context = -1i32; *state = s; - ErrorKind::Ok + Ok(()) } /// Cleanup YubiKey session @@ -391,7 +391,7 @@ pub unsafe fn ykpiv_connect_with_external_card( } /// Connect to a YubiKey -pub unsafe fn ykpiv_connect(state: *mut YubiKey, wanted: *const c_char) -> ErrorKind { +pub unsafe fn ykpiv_connect(state: *mut YubiKey, wanted: *const c_char) -> Result<(), ErrorKind> { let mut _currentBlock; let mut active_protocol: u32 = 0; let mut reader_buf: [c_char; 2048] = [0; 2048]; @@ -403,7 +403,7 @@ pub unsafe fn ykpiv_connect(state: *mut YubiKey, wanted: *const c_char) -> Error let mut ret: ErrorKind = ykpiv_list_readers(state, reader_buf.as_mut_ptr(), &mut num_readers); if ret != ErrorKind::Ok { - return ret; + return Err(ret); } reader_ptr = reader_buf.as_mut_ptr(); loop { @@ -494,9 +494,9 @@ pub unsafe fn ykpiv_connect(state: *mut YubiKey, wanted: *const c_char) -> Error SCardReleaseContext((*state).context); (*state).context = -1; - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } else { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } } @@ -504,12 +504,15 @@ pub unsafe fn ykpiv_connect(state: *mut YubiKey, wanted: *const c_char) -> Error // you may not want to select the applet when connecting to a card handle that // was supplied by an external library. if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } ret = _ykpiv_select_application(state); _ykpiv_end_transaction(state); - ret + match ret { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// List readers @@ -879,7 +882,7 @@ pub(crate) unsafe fn _send_data( pub const DEFAULT_AUTH_KEY: &[u8] = b"\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08\0"; /// Authenticate to the card -pub unsafe fn ykpiv_authenticate(state: *mut YubiKey, mut key: *const u8) -> ErrorKind { +pub unsafe fn ykpiv_authenticate(state: *mut YubiKey, mut key: *const u8) -> Result<(), ErrorKind> { let mut data = [0u8; 261]; let mut challenge = [0u8; 8]; let mut recv_len = data.len() as u32; @@ -890,11 +893,11 @@ pub unsafe fn ykpiv_authenticate(state: *mut YubiKey, mut key: *const u8) -> Err let mut res = ErrorKind::Ok; if state.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -911,7 +914,7 @@ pub unsafe fn ykpiv_authenticate(state: *mut YubiKey, mut key: *const u8) -> Err "didn't expect mgm key to be set by failing op!" ); _ykpiv_end_transaction(state); - return ErrorKind::AlgorithmError; + return Err(ErrorKind::AlgorithmError); } // get a challenge from the card @@ -928,12 +931,12 @@ pub unsafe fn ykpiv_authenticate(state: *mut YubiKey, mut key: *const u8) -> Err if res != ErrorKind::Ok { _ykpiv_end_transaction(state); - return res; + return Err(res); } if sw != SW_SUCCESS { _ykpiv_end_transaction(state); - return ErrorKind::AuthenticationError; + return Err(ErrorKind::AuthenticationError); } memcpy( @@ -956,7 +959,7 @@ pub unsafe fn ykpiv_authenticate(state: *mut YubiKey, mut key: *const u8) -> Err if drc != DesErrorKind::Ok { _ykpiv_end_transaction(state); - return ErrorKind::AuthenticationError; + return Err(ErrorKind::AuthenticationError); } recv_len = data.len() as u32; @@ -982,7 +985,7 @@ pub unsafe fn ykpiv_authenticate(state: *mut YubiKey, mut key: *const u8) -> Err } _ykpiv_end_transaction(state); - return ErrorKind::RandomnessError; + return Err(ErrorKind::RandomnessError); } memcpy( @@ -996,12 +999,12 @@ pub unsafe fn ykpiv_authenticate(state: *mut YubiKey, mut key: *const u8) -> Err if res != ErrorKind::Ok { _ykpiv_end_transaction(state); - return res; + return Err(res); } if sw != SW_SUCCESS { _ykpiv_end_transaction(state); - return ErrorKind::AuthenticationError; + return Err(ErrorKind::AuthenticationError); } // compare the response from the card with our challenge @@ -1034,7 +1037,10 @@ pub unsafe fn ykpiv_authenticate(state: *mut YubiKey, mut key: *const u8) -> Err } _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Set the management key (MGM) @@ -1247,13 +1253,13 @@ pub unsafe fn ykpiv_sign_data( out_len: *mut usize, algorithm: u8, key: u8, -) -> ErrorKind { +) -> Result<(), ErrorKind> { if state.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } // don't attempt to reselect in crypt operations to avoid problems with PIN_ALWAYS @@ -1263,7 +1269,10 @@ pub unsafe fn ykpiv_sign_data( ); _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Decrypt data using a PIV key @@ -1275,20 +1284,23 @@ pub unsafe fn ykpiv_decrypt_data( out_len: *mut usize, algorithm: u8, key: u8, -) -> ErrorKind { +) -> Result<(), ErrorKind> { if state.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } // don't attempt to reselect in crypt operations to avoid problems with PIN_ALWAYS let res = _general_authenticate(state, input, input_len, out, out_len, algorithm, key, true); _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Get the version of the PIV application installed on the YubiKey @@ -1551,11 +1563,11 @@ pub(crate) unsafe fn _ykpiv_get_serial( } /// Get YubiKey device serial number -pub unsafe fn ykpiv_get_serial(state: *mut YubiKey, p_serial: *mut u32) -> ErrorKind { +pub unsafe fn ykpiv_get_serial(state: *mut YubiKey, p_serial: *mut u32) -> Result<(), ErrorKind> { let mut res = ErrorKind::Ok; if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -1563,7 +1575,10 @@ pub unsafe fn ykpiv_get_serial(state: *mut YubiKey, p_serial: *mut u32) -> Error } _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Cache PIN in memory @@ -1711,9 +1726,9 @@ pub unsafe fn ykpiv_verify_select( } /// Get the number of PIN retries -pub unsafe fn ykpiv_get_pin_retries(state: *mut YubiKey, tries: *mut i32) -> ErrorKind { +pub unsafe fn ykpiv_get_pin_retries(state: *mut YubiKey, tries: *mut i32) -> Result<(), ErrorKind> { if state.is_null() || tries.is_null() { - return ErrorKind::ArgumentError; + return Err(ErrorKind::ArgumentError); } // Force a re-select to unverify, because once verified the spec dictates that @@ -1722,16 +1737,15 @@ pub unsafe fn ykpiv_get_pin_retries(state: *mut YubiKey, tries: *mut i32) -> Err let res = _ykpiv_select_application(state); if res != ErrorKind::Ok { - return res; + return Err(res); } let ykrc = ykpiv_verify(state, ptr::null(), tries); // WRONG_PIN is expected on successful query. - if ykrc == ErrorKind::WrongPin { - ErrorKind::Ok - } else { - ykrc + match ykrc { + ErrorKind::Ok | ErrorKind::WrongPin => Ok(()), + e => Err(e), } } @@ -1740,7 +1754,7 @@ pub unsafe fn ykpiv_set_pin_retries( state: *mut YubiKey, pin_tries: i32, puk_tries: i32, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut res = ErrorKind::Ok; let mut templ = [0, YKPIV_INS_SET_PIN_RETRIES, 0, 0]; let mut data = [0u8; 255]; @@ -1749,18 +1763,18 @@ pub unsafe fn ykpiv_set_pin_retries( // Special case: if either retry count is 0, it's a successful no-op if pin_tries == 0 || puk_tries == 0 { - return ErrorKind::Ok; + return Ok(()); } if pin_tries > 0xff || puk_tries > 0xff || pin_tries < 1 || puk_tries < 1 { - return ErrorKind::RangeError; + return Err(ErrorKind::RangeError); } templ[2] = pin_tries as (u8); templ[3] = puk_tries as (u8); if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -1785,7 +1799,10 @@ pub unsafe fn ykpiv_set_pin_retries( } _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Change the PIN @@ -1890,11 +1907,11 @@ pub unsafe fn ykpiv_change_pin( new_pin: *const c_char, new_pin_len: usize, tries: *mut i32, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut res: ErrorKind = ErrorKind::GenericError; if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -1916,7 +1933,10 @@ pub unsafe fn ykpiv_change_pin( } _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Change the PIN Unblocking Key (PUK). PUKs are codes for resetting @@ -1965,11 +1985,11 @@ pub unsafe fn ykpiv_unblock_pin( new_pin: *const c_char, new_pin_len: usize, tries: *mut i32, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut res = ErrorKind::GenericError; if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -1977,7 +1997,10 @@ pub unsafe fn ykpiv_unblock_pin( } _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Fetch an object from the YubiKey @@ -1986,11 +2009,11 @@ pub unsafe fn ykpiv_fetch_object( object_id: i32, data: *mut u8, len: *mut usize, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut res = ErrorKind::Ok; if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -1998,7 +2021,10 @@ pub unsafe fn ykpiv_fetch_object( } _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Fetch an object @@ -2077,11 +2103,11 @@ pub unsafe fn ykpiv_save_object( object_id: i32, indata: *mut u8, len: usize, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut res = ErrorKind::Ok; if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -2089,7 +2115,10 @@ pub unsafe fn ykpiv_save_object( } _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Save an object @@ -2184,7 +2213,7 @@ pub unsafe fn ykpiv_import_private_key( ec_data_len: u8, pin_policy: u8, touch_policy: u8, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut key_data = [0u8; 1024]; let mut in_ptr: *mut u8 = key_data.as_mut_ptr(); let templ = [0, YKPIV_INS_IMPORT_KEY, algorithm, key]; @@ -2199,7 +2228,7 @@ pub unsafe fn ykpiv_import_private_key( let mut res = ErrorKind::Ok; if state.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } if key == YKPIV_KEY_CARDMGM @@ -2207,7 +2236,7 @@ pub unsafe fn ykpiv_import_private_key( || key > YKPIV_KEY_RETIRED20 && (key < YKPIV_KEY_AUTHENTICATION) || key > YKPIV_KEY_CARDAUTH && (key != YKPIV_KEY_ATTESTATION) { - return ErrorKind::KeyError; + return Err(ErrorKind::KeyError); } if pin_policy != YKPIV_PINPOLICY_DEFAULT @@ -2215,7 +2244,7 @@ pub unsafe fn ykpiv_import_private_key( && (pin_policy != YKPIV_PINPOLICY_ONCE) && (pin_policy != YKPIV_PINPOLICY_ALWAYS) { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } if touch_policy != YKPIV_TOUCHPOLICY_DEFAULT @@ -2223,13 +2252,13 @@ pub unsafe fn ykpiv_import_private_key( && (touch_policy != YKPIV_TOUCHPOLICY_ALWAYS) && (touch_policy != YKPIV_TOUCHPOLICY_CACHED) { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } match algorithm { YKPIV_ALGO_RSA1024 | YKPIV_ALGO_RSA2048 => { if p_len + q_len + dp_len + dq_len + qinv_len >= 1024 { - return ErrorKind::SizeError; + return Err(ErrorKind::SizeError); } else { if algorithm == YKPIV_ALGO_RSA1024 { elem_len = 64; @@ -2240,7 +2269,7 @@ pub unsafe fn ykpiv_import_private_key( } if p.is_null() || q.is_null() || dp.is_null() || dq.is_null() || qinv.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } params[0] = p; @@ -2259,7 +2288,7 @@ pub unsafe fn ykpiv_import_private_key( } YKPIV_ALGO_ECCP256 | YKPIV_ALGO_ECCP384 => { if ec_data_len as (usize) >= key_data.len() { - return ErrorKind::SizeError; + return Err(ErrorKind::SizeError); } if algorithm == YKPIV_ALGO_ECCP256 { @@ -2269,7 +2298,7 @@ pub unsafe fn ykpiv_import_private_key( } if ec_data.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } params[0] = ec_data; @@ -2277,7 +2306,7 @@ pub unsafe fn ykpiv_import_private_key( param_tag = 0x6; n_params = 1; } - _ => return ErrorKind::AlgorithmError, + _ => return Err(ErrorKind::AlgorithmError), } for i in 0..n_params { @@ -2289,7 +2318,7 @@ pub unsafe fn ykpiv_import_private_key( let remaining = (key_data.as_mut_ptr() as usize) + 1024 - in_ptr as usize; if padding > remaining { - return ErrorKind::AlgorithmError; + return Err(ErrorKind::AlgorithmError); } memset(in_ptr as *mut c_void, 0, padding); @@ -2317,7 +2346,7 @@ pub unsafe fn ykpiv_import_private_key( } if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } else if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { res = ykpiv_transfer_data( state, @@ -2339,7 +2368,10 @@ pub unsafe fn ykpiv_import_private_key( key_data.zeroize(); _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Generate an attestation certificate for a stored key @@ -2348,20 +2380,20 @@ pub unsafe fn ykpiv_attest( key: u8, data: *mut u8, data_len: *mut usize, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut res = ErrorKind::GenericError; let templ = [0, YKPIV_INS_ATTEST, key, 0]; let mut sw: i32 = 0; let mut ul_data_len: usize; if state.is_null() || data.is_null() || data_len.is_null() { - return ErrorKind::ArgumentError; + return Err(ErrorKind::ArgumentError); } ul_data_len = *data_len; if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -2390,7 +2422,10 @@ pub unsafe fn ykpiv_attest( } _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Get an auth challenge @@ -2398,22 +2433,22 @@ pub unsafe fn ykpiv_auth_getchallenge( state: *mut YubiKey, challenge: *mut u8, challenge_len: usize, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut data = [0u8; 261]; let mut recv_len = data.len() as u32; let mut sw: i32 = 0; let mut res = ErrorKind::Ok; if state.is_null() || challenge.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } if challenge_len != 8 { - return ErrorKind::SizeError; + return Err(ErrorKind::SizeError); } if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok { @@ -2442,7 +2477,10 @@ pub unsafe fn ykpiv_auth_getchallenge( } _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// Verify an auth response @@ -2450,22 +2488,22 @@ pub unsafe fn ykpiv_auth_verifyresponse( state: *mut YubiKey, response: *mut u8, response_len: usize, -) -> ErrorKind { +) -> Result<(), ErrorKind> { let mut data = [0u8; 261]; let mut recv_len = data.len() as u32; let mut sw: i32 = 0; let mut res: ErrorKind; if state.is_null() || response.is_null() { - return ErrorKind::GenericError; + return Err(ErrorKind::GenericError); } if response_len != 8 { - return ErrorKind::SizeError; + return Err(ErrorKind::SizeError); } if _ykpiv_begin_transaction(state) != ErrorKind::Ok { - return ErrorKind::PcscError; + return Err(ErrorKind::PcscError); } // send the response to the card and a challenge of our own. @@ -2494,27 +2532,30 @@ pub unsafe fn ykpiv_auth_verifyresponse( apdu.zeroize(); _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } } /// MGMT Application ID(?) static mut MGMT_AID: [u8; 8] = [0xa0, 0x00, 0x00, 0x05, 0x27, 0x47, 0x11, 0x17]; /// Deauthenticate -pub unsafe fn ykpiv_auth_deauthenticate(state: *mut YubiKey) -> ErrorKind { +pub unsafe fn ykpiv_auth_deauthenticate(state: *mut YubiKey) -> Result<(), ErrorKind> { let mut data = [0u8; 255]; let mut recv_len = data.len() as u32; let mut sw: i32 = 0; let mut res: ErrorKind; if state.is_null() { - return ErrorKind::ArgumentError; + return Err(ErrorKind::ArgumentError); } res = _ykpiv_begin_transaction(state); if res != ErrorKind::Ok { - return res; + return Err(res); } let mut apdu = APDU::default(); @@ -2545,5 +2586,8 @@ pub unsafe fn ykpiv_auth_deauthenticate(state: *mut YubiKey) -> ErrorKind { } _ykpiv_end_transaction(state); - res + match res { + ErrorKind::Ok => Ok(()), + e => Err(e), + } }