Return Result<(), ErrorKind> from most APIs
This commit modifies all public APIs where doing so wouldn't require modifying internal functions.
This commit is contained in:
+171
-90
@@ -80,17 +80,20 @@ pub static mut CCC_TMPL: &[u8] = &[
|
|||||||
pub struct CardId([u8; 16]);
|
pub struct CardId([u8; 16]);
|
||||||
|
|
||||||
/// Get Card ID
|
/// Get Card ID
|
||||||
pub unsafe fn ykpiv_util_get_cardid(state: *mut YubiKey, cardid: *mut CardId) -> ErrorKind {
|
pub unsafe fn ykpiv_util_get_cardid(
|
||||||
|
state: *mut YubiKey,
|
||||||
|
cardid: *mut CardId,
|
||||||
|
) -> Result<(), ErrorKind> {
|
||||||
let mut buf = [0u8; CB_OBJ_MAX];
|
let mut buf = [0u8; CB_OBJ_MAX];
|
||||||
let mut len = buf.len();
|
let mut len = buf.len();
|
||||||
let mut res: ErrorKind = ErrorKind::Ok;
|
let mut res: ErrorKind = ErrorKind::Ok;
|
||||||
|
|
||||||
if cardid.is_null() {
|
if cardid.is_null() {
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -110,22 +113,28 @@ pub unsafe fn ykpiv_util_get_cardid(state: *mut YubiKey, cardid: *mut CardId) ->
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Set Card ID
|
/// Set Card ID
|
||||||
pub unsafe fn ykpiv_util_set_cardid(state: *mut YubiKey, cardid: *const CardId) -> ErrorKind {
|
pub unsafe fn ykpiv_util_set_cardid(
|
||||||
|
state: *mut YubiKey,
|
||||||
|
cardid: *const CardId,
|
||||||
|
) -> Result<(), ErrorKind> {
|
||||||
let mut id = [0u8; YKPIV_CARDID_SIZE];
|
let mut id = [0u8; YKPIV_CARDID_SIZE];
|
||||||
let mut buf = [0u8; CHUID_TMPL.len()];
|
let mut buf = [0u8; CHUID_TMPL.len()];
|
||||||
let mut res = ErrorKind::Ok;
|
let mut res = ErrorKind::Ok;
|
||||||
|
|
||||||
if state.is_null() {
|
if state.is_null() {
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if cardid.is_null() {
|
if cardid.is_null() {
|
||||||
if _ykpiv_prng_generate(id.as_mut_ptr(), id.len()) != PRngErrorKind::Ok {
|
if _ykpiv_prng_generate(id.as_mut_ptr(), id.len()) != PRngErrorKind::Ok {
|
||||||
return ErrorKind::RandomnessError;
|
return Err(ErrorKind::RandomnessError);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
memcpy(
|
memcpy(
|
||||||
@@ -136,7 +145,7 @@ pub unsafe fn ykpiv_util_set_cardid(state: *mut YubiKey, cardid: *const CardId)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -161,7 +170,10 @@ pub unsafe fn ykpiv_util_set_cardid(state: *mut YubiKey, cardid: *const CardId)
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Cardholder Capability Container (CCC) Identifier
|
/// Cardholder Capability Container (CCC) Identifier
|
||||||
@@ -169,17 +181,17 @@ pub unsafe fn ykpiv_util_set_cardid(state: *mut YubiKey, cardid: *const CardId)
|
|||||||
pub struct CCCID([u8; 14]);
|
pub struct CCCID([u8; 14]);
|
||||||
|
|
||||||
/// Get Cardholder Capability Container (CCC) ID
|
/// Get Cardholder Capability Container (CCC) ID
|
||||||
pub unsafe fn ykpiv_util_get_cccid(state: *mut YubiKey, ccc: *mut CCCID) -> ErrorKind {
|
pub unsafe fn ykpiv_util_get_cccid(state: *mut YubiKey, ccc: *mut CCCID) -> Result<(), ErrorKind> {
|
||||||
let mut res: ErrorKind = ErrorKind::Ok;
|
let mut res: ErrorKind = ErrorKind::Ok;
|
||||||
let mut buf = [0u8; CB_OBJ_MAX];
|
let mut buf = [0u8; CB_OBJ_MAX];
|
||||||
let mut len = buf.len();
|
let mut len = buf.len();
|
||||||
|
|
||||||
if ccc.is_null() {
|
if ccc.is_null() {
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -193,7 +205,7 @@ pub unsafe fn ykpiv_util_get_cccid(state: *mut YubiKey, ccc: *mut CCCID) -> Erro
|
|||||||
if res == ErrorKind::Ok {
|
if res == ErrorKind::Ok {
|
||||||
if len != CCC_TMPL.len() {
|
if len != CCC_TMPL.len() {
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy(
|
memcpy(
|
||||||
@@ -204,23 +216,29 @@ pub unsafe fn ykpiv_util_get_cccid(state: *mut YubiKey, ccc: *mut CCCID) -> Erro
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Get Cardholder Capability Container (CCC) ID
|
/// Get Cardholder Capability Container (CCC) ID
|
||||||
pub unsafe fn ykpiv_util_set_cccid(state: *mut YubiKey, ccc: *const CCCID) -> ErrorKind {
|
pub unsafe fn ykpiv_util_set_cccid(
|
||||||
|
state: *mut YubiKey,
|
||||||
|
ccc: *const CCCID,
|
||||||
|
) -> Result<(), ErrorKind> {
|
||||||
let mut res: ErrorKind = ErrorKind::Ok;
|
let mut res: ErrorKind = ErrorKind::Ok;
|
||||||
let mut id = [0u8; 14];
|
let mut id = [0u8; 14];
|
||||||
let mut buf = [0u8; 51];
|
let mut buf = [0u8; 51];
|
||||||
let len: usize;
|
let len: usize;
|
||||||
|
|
||||||
if state.is_null() {
|
if state.is_null() {
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ccc.is_null() {
|
if ccc.is_null() {
|
||||||
if _ykpiv_prng_generate(id.as_mut_ptr(), id.len()) != PRngErrorKind::Ok {
|
if _ykpiv_prng_generate(id.as_mut_ptr(), id.len()) != PRngErrorKind::Ok {
|
||||||
return ErrorKind::RandomnessError;
|
return Err(ErrorKind::RandomnessError);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
memcpy(
|
memcpy(
|
||||||
@@ -231,7 +249,7 @@ pub unsafe fn ykpiv_util_set_cccid(state: *mut YubiKey, ccc: *const CCCID) -> Er
|
|||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -253,7 +271,10 @@ pub unsafe fn ykpiv_util_set_cccid(state: *mut YubiKey, ccc: *const CCCID) -> Er
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Get YubiKey device model
|
/// Get YubiKey device model
|
||||||
@@ -316,7 +337,7 @@ pub unsafe fn ykpiv_util_list_keys(
|
|||||||
key_count: *mut u8,
|
key_count: *mut u8,
|
||||||
data: *mut *mut YkPivKey,
|
data: *mut *mut YkPivKey,
|
||||||
data_len: *mut usize,
|
data_len: *mut usize,
|
||||||
) -> ErrorKind {
|
) -> Result<(), ErrorKind> {
|
||||||
let mut _currentBlock;
|
let mut _currentBlock;
|
||||||
let mut res: ErrorKind = ErrorKind::Ok;
|
let mut res: ErrorKind = ErrorKind::Ok;
|
||||||
let mut p_key: *mut YkPivKey;
|
let mut p_key: *mut YkPivKey;
|
||||||
@@ -331,11 +352,11 @@ pub unsafe fn ykpiv_util_list_keys(
|
|||||||
let CB_PAGE: usize = 4096;
|
let CB_PAGE: usize = 4096;
|
||||||
|
|
||||||
if data.is_null() || data_len.is_null() || key_count.is_null() {
|
if data.is_null() || data_len.is_null() || key_count.is_null() {
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -347,7 +368,7 @@ pub unsafe fn ykpiv_util_list_keys(
|
|||||||
|
|
||||||
if p_data.is_null() {
|
if p_data.is_null() {
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
return ErrorKind::MemoryError;
|
return Err(ErrorKind::MemoryError);
|
||||||
}
|
}
|
||||||
|
|
||||||
cb_data = CB_PAGE;
|
cb_data = CB_PAGE;
|
||||||
@@ -439,7 +460,10 @@ pub unsafe fn ykpiv_util_list_keys(
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Read certificate
|
/// Read certificate
|
||||||
@@ -448,17 +472,17 @@ pub unsafe fn ykpiv_util_read_cert(
|
|||||||
slot: u8,
|
slot: u8,
|
||||||
data: *mut *mut u8,
|
data: *mut *mut u8,
|
||||||
data_len: *mut usize,
|
data_len: *mut usize,
|
||||||
) -> ErrorKind {
|
) -> Result<(), ErrorKind> {
|
||||||
let mut res: ErrorKind = ErrorKind::Ok;
|
let mut res: ErrorKind = ErrorKind::Ok;
|
||||||
let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE];
|
let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE];
|
||||||
let mut cb_buf: usize = buf.len();
|
let mut cb_buf: usize = buf.len();
|
||||||
|
|
||||||
if data.is_null() || data_len.is_null() {
|
if data.is_null() || data_len.is_null() {
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -488,7 +512,10 @@ pub unsafe fn ykpiv_util_read_cert(
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Write certificate
|
/// Write certificate
|
||||||
@@ -498,11 +525,11 @@ pub unsafe fn ykpiv_util_write_cert(
|
|||||||
data: *mut u8,
|
data: *mut u8,
|
||||||
data_len: usize,
|
data_len: usize,
|
||||||
certinfo: u8,
|
certinfo: u8,
|
||||||
) -> ErrorKind {
|
) -> Result<(), ErrorKind> {
|
||||||
let mut res: ErrorKind = ErrorKind::Ok;
|
let mut res: ErrorKind = ErrorKind::Ok;
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -510,16 +537,19 @@ pub unsafe fn ykpiv_util_write_cert(
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Delete certificate
|
/// Delete certificate
|
||||||
pub unsafe fn ykpiv_util_delete_cert(state: *mut YubiKey, slot: u8) -> ErrorKind {
|
pub unsafe fn ykpiv_util_delete_cert(state: *mut YubiKey, slot: u8) -> Result<(), ErrorKind> {
|
||||||
ykpiv_util_write_cert(state, slot, ptr::null_mut(), 0, 0)
|
ykpiv_util_write_cert(state, slot, ptr::null_mut(), 0, 0)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Block PUK
|
/// Block PUK
|
||||||
pub unsafe fn ykpiv_util_block_puk(state: *mut YubiKey) -> ErrorKind {
|
pub unsafe fn ykpiv_util_block_puk(state: *mut YubiKey) -> Result<(), ErrorKind> {
|
||||||
let mut _currentBlock;
|
let mut _currentBlock;
|
||||||
let mut res: ErrorKind = ErrorKind::Ok;
|
let mut res: ErrorKind = ErrorKind::Ok;
|
||||||
let mut puk = [0x30, 0x42, 0x41, 0x44, 0x46, 0x30, 0x30, 0x44];
|
let mut puk = [0x30, 0x42, 0x41, 0x44, 0x46, 0x30, 0x30, 0x44];
|
||||||
@@ -531,11 +561,11 @@ pub unsafe fn ykpiv_util_block_puk(state: *mut YubiKey) -> ErrorKind {
|
|||||||
let mut flags: u8 = 0;
|
let mut flags: u8 = 0;
|
||||||
|
|
||||||
if state.is_null() {
|
if state.is_null() {
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -629,7 +659,10 @@ pub unsafe fn ykpiv_util_block_puk(state: *mut YubiKey) -> ErrorKind {
|
|||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
return res;
|
return match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
};
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -669,7 +702,7 @@ pub unsafe fn ykpiv_util_read_mscmap(
|
|||||||
state: *mut YubiKey,
|
state: *mut YubiKey,
|
||||||
containers: *mut *mut YkPivContainer,
|
containers: *mut *mut YkPivContainer,
|
||||||
n_containers: *mut usize,
|
n_containers: *mut usize,
|
||||||
) -> ErrorKind {
|
) -> Result<(), ErrorKind> {
|
||||||
let mut res: ErrorKind = ErrorKind::Ok;
|
let mut res: ErrorKind = ErrorKind::Ok;
|
||||||
let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE];
|
let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE];
|
||||||
let mut cb_buf: usize = buf.len();
|
let mut cb_buf: usize = buf.len();
|
||||||
@@ -677,11 +710,12 @@ pub unsafe fn ykpiv_util_read_mscmap(
|
|||||||
let mut ptr: *mut u8;
|
let mut ptr: *mut u8;
|
||||||
|
|
||||||
if containers.is_null() || n_containers.is_null() {
|
if containers.is_null() || n_containers.is_null() {
|
||||||
|
// TODO(str4d): Should this really continue on here?
|
||||||
res = ErrorKind::GenericError;
|
res = ErrorKind::GenericError;
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -697,14 +731,17 @@ pub unsafe fn ykpiv_util_read_mscmap(
|
|||||||
|
|
||||||
if res != ErrorKind::Ok {
|
if res != ErrorKind::Ok {
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
return res;
|
return match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
ptr = buf.as_mut_ptr();
|
ptr = buf.as_mut_ptr();
|
||||||
|
|
||||||
if cb_buf < CB_OBJ_TAG_MIN {
|
if cb_buf < CB_OBJ_TAG_MIN {
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
return ErrorKind::Ok;
|
return Ok(());
|
||||||
}
|
}
|
||||||
|
|
||||||
if *ptr == TAG_MSCMAP {
|
if *ptr == TAG_MSCMAP {
|
||||||
@@ -713,7 +750,7 @@ pub unsafe fn ykpiv_util_read_mscmap(
|
|||||||
|
|
||||||
if len > cb_buf - (ptr as isize - buf.as_mut_ptr() as isize) as usize {
|
if len > cb_buf - (ptr as isize - buf.as_mut_ptr() as isize) as usize {
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
return ErrorKind::Ok;
|
return Ok(());
|
||||||
}
|
}
|
||||||
|
|
||||||
*containers = calloc(len, 1) as (*mut YkPivContainer);
|
*containers = calloc(len, 1) as (*mut YkPivContainer);
|
||||||
@@ -727,7 +764,10 @@ pub unsafe fn ykpiv_util_read_mscmap(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Get max object size
|
/// Get max object size
|
||||||
@@ -744,14 +784,14 @@ pub unsafe fn ykpiv_util_write_mscmap(
|
|||||||
state: *mut YubiKey,
|
state: *mut YubiKey,
|
||||||
containers: *mut YkPivContainer,
|
containers: *mut YkPivContainer,
|
||||||
n_containers: usize,
|
n_containers: usize,
|
||||||
) -> ErrorKind {
|
) -> Result<(), ErrorKind> {
|
||||||
let mut res = ErrorKind::Ok;
|
let mut res = ErrorKind::Ok;
|
||||||
let mut buf = [0u8; CB_OBJ_MAX];
|
let mut buf = [0u8; CB_OBJ_MAX];
|
||||||
let mut offset: usize = 0;
|
let mut offset: usize = 0;
|
||||||
let data_len: usize = n_containers.wrapping_mul(mem::size_of::<YkPivContainer>());
|
let data_len: usize = n_containers.wrapping_mul(mem::size_of::<YkPivContainer>());
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -763,14 +803,17 @@ pub unsafe fn ykpiv_util_write_mscmap(
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
return res;
|
return match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
let req_len = 1 + _ykpiv_set_length(buf.as_mut_ptr(), data_len) + data_len;
|
let req_len = 1 + _ykpiv_set_length(buf.as_mut_ptr(), data_len) + data_len;
|
||||||
|
|
||||||
if req_len > _obj_size_max(state) {
|
if req_len > _obj_size_max(state) {
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
return ErrorKind::SizeError;
|
return Err(ErrorKind::SizeError);
|
||||||
}
|
}
|
||||||
|
|
||||||
buf[offset] = 0x81;
|
buf[offset] = 0x81;
|
||||||
@@ -786,7 +829,10 @@ pub unsafe fn ykpiv_util_write_mscmap(
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Read msroots
|
/// Read msroots
|
||||||
@@ -794,7 +840,7 @@ pub unsafe fn ykpiv_util_read_msroots(
|
|||||||
state: *mut YubiKey,
|
state: *mut YubiKey,
|
||||||
data: *mut *mut u8,
|
data: *mut *mut u8,
|
||||||
data_len: *mut usize,
|
data_len: *mut usize,
|
||||||
) -> ErrorKind {
|
) -> Result<(), ErrorKind> {
|
||||||
let mut _currentBlock;
|
let mut _currentBlock;
|
||||||
let mut res = ErrorKind::Ok;
|
let mut res = ErrorKind::Ok;
|
||||||
let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE];
|
let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE];
|
||||||
@@ -810,11 +856,11 @@ pub unsafe fn ykpiv_util_read_msroots(
|
|||||||
let mut offset: usize = 0;
|
let mut offset: usize = 0;
|
||||||
|
|
||||||
if data.is_null() || data_len.is_null() {
|
if data.is_null() || data_len.is_null() {
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -916,7 +962,10 @@ pub unsafe fn ykpiv_util_read_msroots(
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Write msroots
|
/// Write msroots
|
||||||
@@ -924,7 +973,7 @@ pub unsafe fn ykpiv_util_write_msroots(
|
|||||||
state: *mut YubiKey,
|
state: *mut YubiKey,
|
||||||
data: *mut u8,
|
data: *mut u8,
|
||||||
data_len: usize,
|
data_len: usize,
|
||||||
) -> ErrorKind {
|
) -> Result<(), ErrorKind> {
|
||||||
let mut res: ErrorKind = ErrorKind::Ok;
|
let mut res: ErrorKind = ErrorKind::Ok;
|
||||||
let mut buf = [0u8; CB_OBJ_MAX];
|
let mut buf = [0u8; CB_OBJ_MAX];
|
||||||
let mut offset: usize;
|
let mut offset: usize;
|
||||||
@@ -934,7 +983,7 @@ pub unsafe fn ykpiv_util_write_msroots(
|
|||||||
let cb_obj_max = _obj_size_max(state);
|
let cb_obj_max = _obj_size_max(state);
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -946,14 +995,17 @@ pub unsafe fn ykpiv_util_write_msroots(
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
return res;
|
return match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
n_objs = (data_len / (cb_obj_max - 4)) + 1;
|
n_objs = (data_len / (cb_obj_max - 4)) + 1;
|
||||||
|
|
||||||
if n_objs > 5 {
|
if n_objs > 5 {
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
return ErrorKind::SizeError;
|
return Err(ErrorKind::SizeError);
|
||||||
}
|
}
|
||||||
|
|
||||||
for i in 0..n_objs {
|
for i in 0..n_objs {
|
||||||
@@ -998,7 +1050,10 @@ pub unsafe fn ykpiv_util_write_msroots(
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Keygen messages
|
// Keygen messages
|
||||||
@@ -1026,7 +1081,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
|||||||
exp_len: *mut usize,
|
exp_len: *mut usize,
|
||||||
point: *mut *mut u8,
|
point: *mut *mut u8,
|
||||||
point_len: *mut usize,
|
point_len: *mut usize,
|
||||||
) -> ErrorKind {
|
) -> Result<(), ErrorKind> {
|
||||||
let mut res: ErrorKind = ErrorKind::Ok;
|
let mut res: ErrorKind = ErrorKind::Ok;
|
||||||
let mut in_data = [0u8; 11];
|
let mut in_data = [0u8; 11];
|
||||||
let mut in_ptr = in_data.as_mut_ptr();
|
let mut in_ptr = in_data.as_mut_ptr();
|
||||||
@@ -1043,7 +1098,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
|||||||
let setting_roca: SettingBool;
|
let setting_roca: SettingBool;
|
||||||
|
|
||||||
if state.is_null() {
|
if state.is_null() {
|
||||||
return ErrorKind::ArgumentError;
|
return Err(ErrorKind::ArgumentError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ykpiv_util_devicemodel(state) == DEVTYPE_YK4
|
if ykpiv_util_devicemodel(state) == DEVTYPE_YK4
|
||||||
@@ -1082,7 +1137,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
|||||||
);
|
);
|
||||||
|
|
||||||
if !setting_roca.value {
|
if !setting_roca.value {
|
||||||
return ErrorKind::NotSupported;
|
return Err(ErrorKind::NotSupported);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1092,7 +1147,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
|||||||
if (*state).verbose != 0 {
|
if (*state).verbose != 0 {
|
||||||
eprintln!("Invalid output parameter for ECC algorithm");
|
eprintln!("Invalid output parameter for ECC algorithm");
|
||||||
}
|
}
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
} else {
|
} else {
|
||||||
*point = ptr::null_mut();
|
*point = ptr::null_mut();
|
||||||
*point_len = 0;
|
*point_len = 0;
|
||||||
@@ -1103,7 +1158,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
|||||||
if (*state).verbose != 0 {
|
if (*state).verbose != 0 {
|
||||||
eprintln!("Invalid output parameter for RSA algorithm",);
|
eprintln!("Invalid output parameter for RSA algorithm",);
|
||||||
}
|
}
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
} else {
|
} else {
|
||||||
*modulus = ptr::null_mut();
|
*modulus = ptr::null_mut();
|
||||||
*modulus_len = 0;
|
*modulus_len = 0;
|
||||||
@@ -1116,12 +1171,12 @@ pub unsafe fn ykpiv_util_generate_key(
|
|||||||
eprintln!("Invalid algorithm specified");
|
eprintln!("Invalid algorithm specified");
|
||||||
}
|
}
|
||||||
|
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -1384,7 +1439,10 @@ pub unsafe fn ykpiv_util_generate_key(
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Config mgm type
|
/// Config mgm type
|
||||||
@@ -1422,7 +1480,10 @@ pub struct YkPivConfig {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Get config
|
/// Get config
|
||||||
pub unsafe fn ykpiv_util_get_config(state: *mut YubiKey, config: *mut YkPivConfig) -> ErrorKind {
|
pub unsafe fn ykpiv_util_get_config(
|
||||||
|
state: *mut YubiKey,
|
||||||
|
config: *mut YkPivConfig,
|
||||||
|
) -> Result<(), ErrorKind> {
|
||||||
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
|
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
|
||||||
let mut cb_data: usize = mem::size_of::<[u8; YKPIV_OBJ_MAX_SIZE]>();
|
let mut cb_data: usize = mem::size_of::<[u8; YKPIV_OBJ_MAX_SIZE]>();
|
||||||
let mut p_item: *mut u8 = ptr::null_mut();
|
let mut p_item: *mut u8 = ptr::null_mut();
|
||||||
@@ -1430,7 +1491,7 @@ pub unsafe fn ykpiv_util_get_config(state: *mut YubiKey, config: *mut YkPivConfi
|
|||||||
let res = ErrorKind::Ok;
|
let res = ErrorKind::Ok;
|
||||||
|
|
||||||
if state.is_null() || config.is_null() {
|
if state.is_null() || config.is_null() {
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
(*config).protected_data_available = 0u8;
|
(*config).protected_data_available = 0u8;
|
||||||
@@ -1440,7 +1501,7 @@ pub unsafe fn ykpiv_util_get_config(state: *mut YubiKey, config: *mut YkPivConfi
|
|||||||
(*config).mgm_type = YkPivConfigMgmType::YKPIV_CONFIG_MGM_MANUAL;
|
(*config).mgm_type = YkPivConfigMgmType::YKPIV_CONFIG_MGM_MANUAL;
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -1541,22 +1602,25 @@ pub unsafe fn ykpiv_util_get_config(state: *mut YubiKey, config: *mut YkPivConfi
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Set PIN last changed
|
/// Set PIN last changed
|
||||||
pub unsafe fn ykpiv_util_set_pin_last_changed(state: *mut YubiKey) -> ErrorKind {
|
pub unsafe fn ykpiv_util_set_pin_last_changed(state: *mut YubiKey) -> Result<(), ErrorKind> {
|
||||||
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
|
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
|
||||||
let mut cb_data = data.len();
|
let mut cb_data = data.len();
|
||||||
let mut res = ErrorKind::Ok;
|
let mut res = ErrorKind::Ok;
|
||||||
let ykrc: ErrorKind;
|
let ykrc: ErrorKind;
|
||||||
|
|
||||||
if state.is_null() {
|
if state.is_null() {
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -1593,7 +1657,10 @@ pub unsafe fn ykpiv_util_set_pin_last_changed(state: *mut YubiKey) -> ErrorKind
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Management key (MGM)
|
/// Management key (MGM)
|
||||||
@@ -1618,7 +1685,7 @@ pub unsafe fn ykpiv_util_get_derived_mgm(
|
|||||||
pin: *const u8,
|
pin: *const u8,
|
||||||
pin_len: usize,
|
pin_len: usize,
|
||||||
mgm: *mut YkPivMgm,
|
mgm: *mut YkPivMgm,
|
||||||
) -> ErrorKind {
|
) -> Result<(), ErrorKind> {
|
||||||
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
|
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
|
||||||
let mut cb_data: usize = data.len();
|
let mut cb_data: usize = data.len();
|
||||||
let mut p_item: *mut u8 = ptr::null_mut();
|
let mut p_item: *mut u8 = ptr::null_mut();
|
||||||
@@ -1626,15 +1693,15 @@ pub unsafe fn ykpiv_util_get_derived_mgm(
|
|||||||
let mut res: ErrorKind = ErrorKind::Ok;
|
let mut res: ErrorKind = ErrorKind::Ok;
|
||||||
|
|
||||||
if state.is_null() {
|
if state.is_null() {
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if pin.is_null() || pin_len == 0 || mgm.is_null() {
|
if pin.is_null() || pin_len == 0 || mgm.is_null() {
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -1682,11 +1749,17 @@ pub unsafe fn ykpiv_util_get_derived_mgm(
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Get protected management key (MGM)
|
/// Get protected management key (MGM)
|
||||||
pub unsafe fn ykpiv_util_get_protected_mgm(state: *mut YubiKey, mgm: *mut YkPivMgm) -> ErrorKind {
|
pub unsafe fn ykpiv_util_get_protected_mgm(
|
||||||
|
state: *mut YubiKey,
|
||||||
|
mgm: *mut YkPivMgm,
|
||||||
|
) -> Result<(), ErrorKind> {
|
||||||
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
|
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
|
||||||
let mut cb_data: usize = data.len();
|
let mut cb_data: usize = data.len();
|
||||||
let mut p_item: *mut u8 = ptr::null_mut();
|
let mut p_item: *mut u8 = ptr::null_mut();
|
||||||
@@ -1694,11 +1767,11 @@ pub unsafe fn ykpiv_util_get_protected_mgm(state: *mut YubiKey, mgm: *mut YkPivM
|
|||||||
let mut res = ErrorKind::Ok;
|
let mut res = ErrorKind::Ok;
|
||||||
|
|
||||||
if state.is_null() || mgm.is_null() {
|
if state.is_null() || mgm.is_null() {
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -1744,12 +1817,18 @@ pub unsafe fn ykpiv_util_get_protected_mgm(state: *mut YubiKey, mgm: *mut YkPivM
|
|||||||
|
|
||||||
data.zeroize();
|
data.zeroize();
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Set protected management key (MGM)
|
/// Set protected management key (MGM)
|
||||||
#[allow(clippy::cognitive_complexity)]
|
#[allow(clippy::cognitive_complexity)]
|
||||||
pub unsafe fn ykpiv_util_set_protected_mgm(state: *mut YubiKey, mgm: *mut YkPivMgm) -> ErrorKind {
|
pub unsafe fn ykpiv_util_set_protected_mgm(
|
||||||
|
state: *mut YubiKey,
|
||||||
|
mgm: *mut YkPivMgm,
|
||||||
|
) -> Result<(), ErrorKind> {
|
||||||
let mut _currentBlock;
|
let mut _currentBlock;
|
||||||
let mut res: ErrorKind = ErrorKind::Ok;
|
let mut res: ErrorKind = ErrorKind::Ok;
|
||||||
let mut ykrc: ErrorKind = ErrorKind::Ok;
|
let mut ykrc: ErrorKind = ErrorKind::Ok;
|
||||||
@@ -1764,7 +1843,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm(state: *mut YubiKey, mgm: *mut YkPivM
|
|||||||
let mut flags_1: u8 = 0;
|
let mut flags_1: u8 = 0;
|
||||||
|
|
||||||
if state.is_null() {
|
if state.is_null() {
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if mgm.is_null() {
|
if mgm.is_null() {
|
||||||
@@ -1795,7 +1874,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm(state: *mut YubiKey, mgm: *mut YkPivM
|
|||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -1953,11 +2032,14 @@ pub unsafe fn ykpiv_util_set_protected_mgm(state: *mut YubiKey, mgm: *mut YkPivM
|
|||||||
mgm_key.zeroize();
|
mgm_key.zeroize();
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
|
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Reset
|
/// Reset
|
||||||
pub unsafe fn ykpiv_util_reset(state: *mut YubiKey) -> ErrorKind {
|
pub unsafe fn ykpiv_util_reset(state: *mut YubiKey) -> Result<(), ErrorKind> {
|
||||||
let templ = [0, YKPIV_INS_RESET, 0, 0];
|
let templ = [0, YKPIV_INS_RESET, 0, 0];
|
||||||
let mut data = [0u8; 255];
|
let mut data = [0u8; 255];
|
||||||
let mut recv_len = data.len();
|
let mut recv_len = data.len();
|
||||||
@@ -1973,10 +2055,9 @@ pub unsafe fn ykpiv_util_reset(state: *mut YubiKey) -> ErrorKind {
|
|||||||
&mut sw,
|
&mut sw,
|
||||||
);
|
);
|
||||||
|
|
||||||
if res == ErrorKind::Ok && sw == SW_SUCCESS {
|
match (res, sw) {
|
||||||
ErrorKind::Ok
|
(ErrorKind::Ok, SW_SUCCESS) => Ok(()),
|
||||||
} else {
|
_ => Err(ErrorKind::GenericError),
|
||||||
ErrorKind::GenericError
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
+131
-87
@@ -178,15 +178,15 @@ pub(crate) unsafe fn _ykpiv_has_valid_length(buffer: *const u8, len: usize) -> b
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Initialize YubiKey client instance
|
/// Initialize YubiKey client instance
|
||||||
pub unsafe fn ykpiv_init(state: *mut *mut YubiKey, verbose: i32) -> ErrorKind {
|
pub unsafe fn ykpiv_init(state: *mut *mut YubiKey, verbose: i32) -> Result<(), ErrorKind> {
|
||||||
if state.is_null() {
|
if state.is_null() {
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
let s = malloc(mem::size_of::<YubiKey>()) as (*mut YubiKey);
|
let s = malloc(mem::size_of::<YubiKey>()) as (*mut YubiKey);
|
||||||
|
|
||||||
if s.is_null() {
|
if s.is_null() {
|
||||||
return ErrorKind::MemoryError;
|
return Err(ErrorKind::MemoryError);
|
||||||
}
|
}
|
||||||
|
|
||||||
memset(s as (*mut c_void), 0i32, mem::size_of::<YubiKey>());
|
memset(s as (*mut c_void), 0i32, mem::size_of::<YubiKey>());
|
||||||
@@ -194,7 +194,7 @@ pub unsafe fn ykpiv_init(state: *mut *mut YubiKey, verbose: i32) -> ErrorKind {
|
|||||||
(*s).verbose = verbose;
|
(*s).verbose = verbose;
|
||||||
(*s).context = -1i32;
|
(*s).context = -1i32;
|
||||||
*state = s;
|
*state = s;
|
||||||
ErrorKind::Ok
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Cleanup YubiKey session
|
/// Cleanup YubiKey session
|
||||||
@@ -391,7 +391,7 @@ pub unsafe fn ykpiv_connect_with_external_card(
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Connect to a YubiKey
|
/// Connect to a YubiKey
|
||||||
pub unsafe fn ykpiv_connect(state: *mut YubiKey, wanted: *const c_char) -> ErrorKind {
|
pub unsafe fn ykpiv_connect(state: *mut YubiKey, wanted: *const c_char) -> Result<(), ErrorKind> {
|
||||||
let mut _currentBlock;
|
let mut _currentBlock;
|
||||||
let mut active_protocol: u32 = 0;
|
let mut active_protocol: u32 = 0;
|
||||||
let mut reader_buf: [c_char; 2048] = [0; 2048];
|
let mut reader_buf: [c_char; 2048] = [0; 2048];
|
||||||
@@ -403,7 +403,7 @@ pub unsafe fn ykpiv_connect(state: *mut YubiKey, wanted: *const c_char) -> Error
|
|||||||
let mut ret: ErrorKind = ykpiv_list_readers(state, reader_buf.as_mut_ptr(), &mut num_readers);
|
let mut ret: ErrorKind = ykpiv_list_readers(state, reader_buf.as_mut_ptr(), &mut num_readers);
|
||||||
|
|
||||||
if ret != ErrorKind::Ok {
|
if ret != ErrorKind::Ok {
|
||||||
return ret;
|
return Err(ret);
|
||||||
}
|
}
|
||||||
reader_ptr = reader_buf.as_mut_ptr();
|
reader_ptr = reader_buf.as_mut_ptr();
|
||||||
loop {
|
loop {
|
||||||
@@ -494,9 +494,9 @@ pub unsafe fn ykpiv_connect(state: *mut YubiKey, wanted: *const c_char) -> Error
|
|||||||
|
|
||||||
SCardReleaseContext((*state).context);
|
SCardReleaseContext((*state).context);
|
||||||
(*state).context = -1;
|
(*state).context = -1;
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
} else {
|
} else {
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -504,12 +504,15 @@ pub unsafe fn ykpiv_connect(state: *mut YubiKey, wanted: *const c_char) -> Error
|
|||||||
// you may not want to select the applet when connecting to a card handle that
|
// you may not want to select the applet when connecting to a card handle that
|
||||||
// was supplied by an external library.
|
// was supplied by an external library.
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = _ykpiv_select_application(state);
|
ret = _ykpiv_select_application(state);
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
ret
|
match ret {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// List readers
|
/// List readers
|
||||||
@@ -879,7 +882,7 @@ pub(crate) unsafe fn _send_data(
|
|||||||
pub const DEFAULT_AUTH_KEY: &[u8] = b"\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08\0";
|
pub const DEFAULT_AUTH_KEY: &[u8] = b"\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08\0";
|
||||||
|
|
||||||
/// Authenticate to the card
|
/// Authenticate to the card
|
||||||
pub unsafe fn ykpiv_authenticate(state: *mut YubiKey, mut key: *const u8) -> ErrorKind {
|
pub unsafe fn ykpiv_authenticate(state: *mut YubiKey, mut key: *const u8) -> Result<(), ErrorKind> {
|
||||||
let mut data = [0u8; 261];
|
let mut data = [0u8; 261];
|
||||||
let mut challenge = [0u8; 8];
|
let mut challenge = [0u8; 8];
|
||||||
let mut recv_len = data.len() as u32;
|
let mut recv_len = data.len() as u32;
|
||||||
@@ -890,11 +893,11 @@ pub unsafe fn ykpiv_authenticate(state: *mut YubiKey, mut key: *const u8) -> Err
|
|||||||
let mut res = ErrorKind::Ok;
|
let mut res = ErrorKind::Ok;
|
||||||
|
|
||||||
if state.is_null() {
|
if state.is_null() {
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -911,7 +914,7 @@ pub unsafe fn ykpiv_authenticate(state: *mut YubiKey, mut key: *const u8) -> Err
|
|||||||
"didn't expect mgm key to be set by failing op!"
|
"didn't expect mgm key to be set by failing op!"
|
||||||
);
|
);
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
return ErrorKind::AlgorithmError;
|
return Err(ErrorKind::AlgorithmError);
|
||||||
}
|
}
|
||||||
|
|
||||||
// get a challenge from the card
|
// get a challenge from the card
|
||||||
@@ -928,12 +931,12 @@ pub unsafe fn ykpiv_authenticate(state: *mut YubiKey, mut key: *const u8) -> Err
|
|||||||
|
|
||||||
if res != ErrorKind::Ok {
|
if res != ErrorKind::Ok {
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
return res;
|
return Err(res);
|
||||||
}
|
}
|
||||||
|
|
||||||
if sw != SW_SUCCESS {
|
if sw != SW_SUCCESS {
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
return ErrorKind::AuthenticationError;
|
return Err(ErrorKind::AuthenticationError);
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy(
|
memcpy(
|
||||||
@@ -956,7 +959,7 @@ pub unsafe fn ykpiv_authenticate(state: *mut YubiKey, mut key: *const u8) -> Err
|
|||||||
|
|
||||||
if drc != DesErrorKind::Ok {
|
if drc != DesErrorKind::Ok {
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
return ErrorKind::AuthenticationError;
|
return Err(ErrorKind::AuthenticationError);
|
||||||
}
|
}
|
||||||
|
|
||||||
recv_len = data.len() as u32;
|
recv_len = data.len() as u32;
|
||||||
@@ -982,7 +985,7 @@ pub unsafe fn ykpiv_authenticate(state: *mut YubiKey, mut key: *const u8) -> Err
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
return ErrorKind::RandomnessError;
|
return Err(ErrorKind::RandomnessError);
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy(
|
memcpy(
|
||||||
@@ -996,12 +999,12 @@ pub unsafe fn ykpiv_authenticate(state: *mut YubiKey, mut key: *const u8) -> Err
|
|||||||
|
|
||||||
if res != ErrorKind::Ok {
|
if res != ErrorKind::Ok {
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
return res;
|
return Err(res);
|
||||||
}
|
}
|
||||||
|
|
||||||
if sw != SW_SUCCESS {
|
if sw != SW_SUCCESS {
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
return ErrorKind::AuthenticationError;
|
return Err(ErrorKind::AuthenticationError);
|
||||||
}
|
}
|
||||||
|
|
||||||
// compare the response from the card with our challenge
|
// compare the response from the card with our challenge
|
||||||
@@ -1034,7 +1037,10 @@ pub unsafe fn ykpiv_authenticate(state: *mut YubiKey, mut key: *const u8) -> Err
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Set the management key (MGM)
|
/// Set the management key (MGM)
|
||||||
@@ -1247,13 +1253,13 @@ pub unsafe fn ykpiv_sign_data(
|
|||||||
out_len: *mut usize,
|
out_len: *mut usize,
|
||||||
algorithm: u8,
|
algorithm: u8,
|
||||||
key: u8,
|
key: u8,
|
||||||
) -> ErrorKind {
|
) -> Result<(), ErrorKind> {
|
||||||
if state.is_null() {
|
if state.is_null() {
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
// don't attempt to reselect in crypt operations to avoid problems with PIN_ALWAYS
|
// don't attempt to reselect in crypt operations to avoid problems with PIN_ALWAYS
|
||||||
@@ -1263,7 +1269,10 @@ pub unsafe fn ykpiv_sign_data(
|
|||||||
);
|
);
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Decrypt data using a PIV key
|
/// Decrypt data using a PIV key
|
||||||
@@ -1275,20 +1284,23 @@ pub unsafe fn ykpiv_decrypt_data(
|
|||||||
out_len: *mut usize,
|
out_len: *mut usize,
|
||||||
algorithm: u8,
|
algorithm: u8,
|
||||||
key: u8,
|
key: u8,
|
||||||
) -> ErrorKind {
|
) -> Result<(), ErrorKind> {
|
||||||
if state.is_null() {
|
if state.is_null() {
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
// don't attempt to reselect in crypt operations to avoid problems with PIN_ALWAYS
|
// don't attempt to reselect in crypt operations to avoid problems with PIN_ALWAYS
|
||||||
|
|
||||||
let res = _general_authenticate(state, input, input_len, out, out_len, algorithm, key, true);
|
let res = _general_authenticate(state, input, input_len, out, out_len, algorithm, key, true);
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Get the version of the PIV application installed on the YubiKey
|
/// Get the version of the PIV application installed on the YubiKey
|
||||||
@@ -1551,11 +1563,11 @@ pub(crate) unsafe fn _ykpiv_get_serial(
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Get YubiKey device serial number
|
/// Get YubiKey device serial number
|
||||||
pub unsafe fn ykpiv_get_serial(state: *mut YubiKey, p_serial: *mut u32) -> ErrorKind {
|
pub unsafe fn ykpiv_get_serial(state: *mut YubiKey, p_serial: *mut u32) -> Result<(), ErrorKind> {
|
||||||
let mut res = ErrorKind::Ok;
|
let mut res = ErrorKind::Ok;
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -1563,7 +1575,10 @@ pub unsafe fn ykpiv_get_serial(state: *mut YubiKey, p_serial: *mut u32) -> Error
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Cache PIN in memory
|
/// Cache PIN in memory
|
||||||
@@ -1711,9 +1726,9 @@ pub unsafe fn ykpiv_verify_select(
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Get the number of PIN retries
|
/// Get the number of PIN retries
|
||||||
pub unsafe fn ykpiv_get_pin_retries(state: *mut YubiKey, tries: *mut i32) -> ErrorKind {
|
pub unsafe fn ykpiv_get_pin_retries(state: *mut YubiKey, tries: *mut i32) -> Result<(), ErrorKind> {
|
||||||
if state.is_null() || tries.is_null() {
|
if state.is_null() || tries.is_null() {
|
||||||
return ErrorKind::ArgumentError;
|
return Err(ErrorKind::ArgumentError);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Force a re-select to unverify, because once verified the spec dictates that
|
// Force a re-select to unverify, because once verified the spec dictates that
|
||||||
@@ -1722,16 +1737,15 @@ pub unsafe fn ykpiv_get_pin_retries(state: *mut YubiKey, tries: *mut i32) -> Err
|
|||||||
let res = _ykpiv_select_application(state);
|
let res = _ykpiv_select_application(state);
|
||||||
|
|
||||||
if res != ErrorKind::Ok {
|
if res != ErrorKind::Ok {
|
||||||
return res;
|
return Err(res);
|
||||||
}
|
}
|
||||||
|
|
||||||
let ykrc = ykpiv_verify(state, ptr::null(), tries);
|
let ykrc = ykpiv_verify(state, ptr::null(), tries);
|
||||||
|
|
||||||
// WRONG_PIN is expected on successful query.
|
// WRONG_PIN is expected on successful query.
|
||||||
if ykrc == ErrorKind::WrongPin {
|
match ykrc {
|
||||||
ErrorKind::Ok
|
ErrorKind::Ok | ErrorKind::WrongPin => Ok(()),
|
||||||
} else {
|
e => Err(e),
|
||||||
ykrc
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1740,7 +1754,7 @@ pub unsafe fn ykpiv_set_pin_retries(
|
|||||||
state: *mut YubiKey,
|
state: *mut YubiKey,
|
||||||
pin_tries: i32,
|
pin_tries: i32,
|
||||||
puk_tries: i32,
|
puk_tries: i32,
|
||||||
) -> ErrorKind {
|
) -> Result<(), ErrorKind> {
|
||||||
let mut res = ErrorKind::Ok;
|
let mut res = ErrorKind::Ok;
|
||||||
let mut templ = [0, YKPIV_INS_SET_PIN_RETRIES, 0, 0];
|
let mut templ = [0, YKPIV_INS_SET_PIN_RETRIES, 0, 0];
|
||||||
let mut data = [0u8; 255];
|
let mut data = [0u8; 255];
|
||||||
@@ -1749,18 +1763,18 @@ pub unsafe fn ykpiv_set_pin_retries(
|
|||||||
|
|
||||||
// Special case: if either retry count is 0, it's a successful no-op
|
// Special case: if either retry count is 0, it's a successful no-op
|
||||||
if pin_tries == 0 || puk_tries == 0 {
|
if pin_tries == 0 || puk_tries == 0 {
|
||||||
return ErrorKind::Ok;
|
return Ok(());
|
||||||
}
|
}
|
||||||
|
|
||||||
if pin_tries > 0xff || puk_tries > 0xff || pin_tries < 1 || puk_tries < 1 {
|
if pin_tries > 0xff || puk_tries > 0xff || pin_tries < 1 || puk_tries < 1 {
|
||||||
return ErrorKind::RangeError;
|
return Err(ErrorKind::RangeError);
|
||||||
}
|
}
|
||||||
|
|
||||||
templ[2] = pin_tries as (u8);
|
templ[2] = pin_tries as (u8);
|
||||||
templ[3] = puk_tries as (u8);
|
templ[3] = puk_tries as (u8);
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -1785,7 +1799,10 @@ pub unsafe fn ykpiv_set_pin_retries(
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Change the PIN
|
/// Change the PIN
|
||||||
@@ -1890,11 +1907,11 @@ pub unsafe fn ykpiv_change_pin(
|
|||||||
new_pin: *const c_char,
|
new_pin: *const c_char,
|
||||||
new_pin_len: usize,
|
new_pin_len: usize,
|
||||||
tries: *mut i32,
|
tries: *mut i32,
|
||||||
) -> ErrorKind {
|
) -> Result<(), ErrorKind> {
|
||||||
let mut res: ErrorKind = ErrorKind::GenericError;
|
let mut res: ErrorKind = ErrorKind::GenericError;
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -1916,7 +1933,10 @@ pub unsafe fn ykpiv_change_pin(
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Change the PIN Unblocking Key (PUK). PUKs are codes for resetting
|
/// Change the PIN Unblocking Key (PUK). PUKs are codes for resetting
|
||||||
@@ -1965,11 +1985,11 @@ pub unsafe fn ykpiv_unblock_pin(
|
|||||||
new_pin: *const c_char,
|
new_pin: *const c_char,
|
||||||
new_pin_len: usize,
|
new_pin_len: usize,
|
||||||
tries: *mut i32,
|
tries: *mut i32,
|
||||||
) -> ErrorKind {
|
) -> Result<(), ErrorKind> {
|
||||||
let mut res = ErrorKind::GenericError;
|
let mut res = ErrorKind::GenericError;
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -1977,7 +1997,10 @@ pub unsafe fn ykpiv_unblock_pin(
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Fetch an object from the YubiKey
|
/// Fetch an object from the YubiKey
|
||||||
@@ -1986,11 +2009,11 @@ pub unsafe fn ykpiv_fetch_object(
|
|||||||
object_id: i32,
|
object_id: i32,
|
||||||
data: *mut u8,
|
data: *mut u8,
|
||||||
len: *mut usize,
|
len: *mut usize,
|
||||||
) -> ErrorKind {
|
) -> Result<(), ErrorKind> {
|
||||||
let mut res = ErrorKind::Ok;
|
let mut res = ErrorKind::Ok;
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -1998,7 +2021,10 @@ pub unsafe fn ykpiv_fetch_object(
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Fetch an object
|
/// Fetch an object
|
||||||
@@ -2077,11 +2103,11 @@ pub unsafe fn ykpiv_save_object(
|
|||||||
object_id: i32,
|
object_id: i32,
|
||||||
indata: *mut u8,
|
indata: *mut u8,
|
||||||
len: usize,
|
len: usize,
|
||||||
) -> ErrorKind {
|
) -> Result<(), ErrorKind> {
|
||||||
let mut res = ErrorKind::Ok;
|
let mut res = ErrorKind::Ok;
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -2089,7 +2115,10 @@ pub unsafe fn ykpiv_save_object(
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Save an object
|
/// Save an object
|
||||||
@@ -2184,7 +2213,7 @@ pub unsafe fn ykpiv_import_private_key(
|
|||||||
ec_data_len: u8,
|
ec_data_len: u8,
|
||||||
pin_policy: u8,
|
pin_policy: u8,
|
||||||
touch_policy: u8,
|
touch_policy: u8,
|
||||||
) -> ErrorKind {
|
) -> Result<(), ErrorKind> {
|
||||||
let mut key_data = [0u8; 1024];
|
let mut key_data = [0u8; 1024];
|
||||||
let mut in_ptr: *mut u8 = key_data.as_mut_ptr();
|
let mut in_ptr: *mut u8 = key_data.as_mut_ptr();
|
||||||
let templ = [0, YKPIV_INS_IMPORT_KEY, algorithm, key];
|
let templ = [0, YKPIV_INS_IMPORT_KEY, algorithm, key];
|
||||||
@@ -2199,7 +2228,7 @@ pub unsafe fn ykpiv_import_private_key(
|
|||||||
let mut res = ErrorKind::Ok;
|
let mut res = ErrorKind::Ok;
|
||||||
|
|
||||||
if state.is_null() {
|
if state.is_null() {
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if key == YKPIV_KEY_CARDMGM
|
if key == YKPIV_KEY_CARDMGM
|
||||||
@@ -2207,7 +2236,7 @@ pub unsafe fn ykpiv_import_private_key(
|
|||||||
|| key > YKPIV_KEY_RETIRED20 && (key < YKPIV_KEY_AUTHENTICATION)
|
|| key > YKPIV_KEY_RETIRED20 && (key < YKPIV_KEY_AUTHENTICATION)
|
||||||
|| key > YKPIV_KEY_CARDAUTH && (key != YKPIV_KEY_ATTESTATION)
|
|| key > YKPIV_KEY_CARDAUTH && (key != YKPIV_KEY_ATTESTATION)
|
||||||
{
|
{
|
||||||
return ErrorKind::KeyError;
|
return Err(ErrorKind::KeyError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if pin_policy != YKPIV_PINPOLICY_DEFAULT
|
if pin_policy != YKPIV_PINPOLICY_DEFAULT
|
||||||
@@ -2215,7 +2244,7 @@ pub unsafe fn ykpiv_import_private_key(
|
|||||||
&& (pin_policy != YKPIV_PINPOLICY_ONCE)
|
&& (pin_policy != YKPIV_PINPOLICY_ONCE)
|
||||||
&& (pin_policy != YKPIV_PINPOLICY_ALWAYS)
|
&& (pin_policy != YKPIV_PINPOLICY_ALWAYS)
|
||||||
{
|
{
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if touch_policy != YKPIV_TOUCHPOLICY_DEFAULT
|
if touch_policy != YKPIV_TOUCHPOLICY_DEFAULT
|
||||||
@@ -2223,13 +2252,13 @@ pub unsafe fn ykpiv_import_private_key(
|
|||||||
&& (touch_policy != YKPIV_TOUCHPOLICY_ALWAYS)
|
&& (touch_policy != YKPIV_TOUCHPOLICY_ALWAYS)
|
||||||
&& (touch_policy != YKPIV_TOUCHPOLICY_CACHED)
|
&& (touch_policy != YKPIV_TOUCHPOLICY_CACHED)
|
||||||
{
|
{
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
match algorithm {
|
match algorithm {
|
||||||
YKPIV_ALGO_RSA1024 | YKPIV_ALGO_RSA2048 => {
|
YKPIV_ALGO_RSA1024 | YKPIV_ALGO_RSA2048 => {
|
||||||
if p_len + q_len + dp_len + dq_len + qinv_len >= 1024 {
|
if p_len + q_len + dp_len + dq_len + qinv_len >= 1024 {
|
||||||
return ErrorKind::SizeError;
|
return Err(ErrorKind::SizeError);
|
||||||
} else {
|
} else {
|
||||||
if algorithm == YKPIV_ALGO_RSA1024 {
|
if algorithm == YKPIV_ALGO_RSA1024 {
|
||||||
elem_len = 64;
|
elem_len = 64;
|
||||||
@@ -2240,7 +2269,7 @@ pub unsafe fn ykpiv_import_private_key(
|
|||||||
}
|
}
|
||||||
|
|
||||||
if p.is_null() || q.is_null() || dp.is_null() || dq.is_null() || qinv.is_null() {
|
if p.is_null() || q.is_null() || dp.is_null() || dq.is_null() || qinv.is_null() {
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
params[0] = p;
|
params[0] = p;
|
||||||
@@ -2259,7 +2288,7 @@ pub unsafe fn ykpiv_import_private_key(
|
|||||||
}
|
}
|
||||||
YKPIV_ALGO_ECCP256 | YKPIV_ALGO_ECCP384 => {
|
YKPIV_ALGO_ECCP256 | YKPIV_ALGO_ECCP384 => {
|
||||||
if ec_data_len as (usize) >= key_data.len() {
|
if ec_data_len as (usize) >= key_data.len() {
|
||||||
return ErrorKind::SizeError;
|
return Err(ErrorKind::SizeError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if algorithm == YKPIV_ALGO_ECCP256 {
|
if algorithm == YKPIV_ALGO_ECCP256 {
|
||||||
@@ -2269,7 +2298,7 @@ pub unsafe fn ykpiv_import_private_key(
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ec_data.is_null() {
|
if ec_data.is_null() {
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
params[0] = ec_data;
|
params[0] = ec_data;
|
||||||
@@ -2277,7 +2306,7 @@ pub unsafe fn ykpiv_import_private_key(
|
|||||||
param_tag = 0x6;
|
param_tag = 0x6;
|
||||||
n_params = 1;
|
n_params = 1;
|
||||||
}
|
}
|
||||||
_ => return ErrorKind::AlgorithmError,
|
_ => return Err(ErrorKind::AlgorithmError),
|
||||||
}
|
}
|
||||||
|
|
||||||
for i in 0..n_params {
|
for i in 0..n_params {
|
||||||
@@ -2289,7 +2318,7 @@ pub unsafe fn ykpiv_import_private_key(
|
|||||||
let remaining = (key_data.as_mut_ptr() as usize) + 1024 - in_ptr as usize;
|
let remaining = (key_data.as_mut_ptr() as usize) + 1024 - in_ptr as usize;
|
||||||
|
|
||||||
if padding > remaining {
|
if padding > remaining {
|
||||||
return ErrorKind::AlgorithmError;
|
return Err(ErrorKind::AlgorithmError);
|
||||||
}
|
}
|
||||||
|
|
||||||
memset(in_ptr as *mut c_void, 0, padding);
|
memset(in_ptr as *mut c_void, 0, padding);
|
||||||
@@ -2317,7 +2346,7 @@ pub unsafe fn ykpiv_import_private_key(
|
|||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
} else if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
} else if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
res = ykpiv_transfer_data(
|
res = ykpiv_transfer_data(
|
||||||
state,
|
state,
|
||||||
@@ -2339,7 +2368,10 @@ pub unsafe fn ykpiv_import_private_key(
|
|||||||
|
|
||||||
key_data.zeroize();
|
key_data.zeroize();
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Generate an attestation certificate for a stored key
|
/// Generate an attestation certificate for a stored key
|
||||||
@@ -2348,20 +2380,20 @@ pub unsafe fn ykpiv_attest(
|
|||||||
key: u8,
|
key: u8,
|
||||||
data: *mut u8,
|
data: *mut u8,
|
||||||
data_len: *mut usize,
|
data_len: *mut usize,
|
||||||
) -> ErrorKind {
|
) -> Result<(), ErrorKind> {
|
||||||
let mut res = ErrorKind::GenericError;
|
let mut res = ErrorKind::GenericError;
|
||||||
let templ = [0, YKPIV_INS_ATTEST, key, 0];
|
let templ = [0, YKPIV_INS_ATTEST, key, 0];
|
||||||
let mut sw: i32 = 0;
|
let mut sw: i32 = 0;
|
||||||
let mut ul_data_len: usize;
|
let mut ul_data_len: usize;
|
||||||
|
|
||||||
if state.is_null() || data.is_null() || data_len.is_null() {
|
if state.is_null() || data.is_null() || data_len.is_null() {
|
||||||
return ErrorKind::ArgumentError;
|
return Err(ErrorKind::ArgumentError);
|
||||||
}
|
}
|
||||||
|
|
||||||
ul_data_len = *data_len;
|
ul_data_len = *data_len;
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -2390,7 +2422,10 @@ pub unsafe fn ykpiv_attest(
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Get an auth challenge
|
/// Get an auth challenge
|
||||||
@@ -2398,22 +2433,22 @@ pub unsafe fn ykpiv_auth_getchallenge(
|
|||||||
state: *mut YubiKey,
|
state: *mut YubiKey,
|
||||||
challenge: *mut u8,
|
challenge: *mut u8,
|
||||||
challenge_len: usize,
|
challenge_len: usize,
|
||||||
) -> ErrorKind {
|
) -> Result<(), ErrorKind> {
|
||||||
let mut data = [0u8; 261];
|
let mut data = [0u8; 261];
|
||||||
let mut recv_len = data.len() as u32;
|
let mut recv_len = data.len() as u32;
|
||||||
let mut sw: i32 = 0;
|
let mut sw: i32 = 0;
|
||||||
let mut res = ErrorKind::Ok;
|
let mut res = ErrorKind::Ok;
|
||||||
|
|
||||||
if state.is_null() || challenge.is_null() {
|
if state.is_null() || challenge.is_null() {
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if challenge_len != 8 {
|
if challenge_len != 8 {
|
||||||
return ErrorKind::SizeError;
|
return Err(ErrorKind::SizeError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
if _ykpiv_ensure_application_selected(state) == ErrorKind::Ok {
|
||||||
@@ -2442,7 +2477,10 @@ pub unsafe fn ykpiv_auth_getchallenge(
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Verify an auth response
|
/// Verify an auth response
|
||||||
@@ -2450,22 +2488,22 @@ pub unsafe fn ykpiv_auth_verifyresponse(
|
|||||||
state: *mut YubiKey,
|
state: *mut YubiKey,
|
||||||
response: *mut u8,
|
response: *mut u8,
|
||||||
response_len: usize,
|
response_len: usize,
|
||||||
) -> ErrorKind {
|
) -> Result<(), ErrorKind> {
|
||||||
let mut data = [0u8; 261];
|
let mut data = [0u8; 261];
|
||||||
let mut recv_len = data.len() as u32;
|
let mut recv_len = data.len() as u32;
|
||||||
let mut sw: i32 = 0;
|
let mut sw: i32 = 0;
|
||||||
let mut res: ErrorKind;
|
let mut res: ErrorKind;
|
||||||
|
|
||||||
if state.is_null() || response.is_null() {
|
if state.is_null() || response.is_null() {
|
||||||
return ErrorKind::GenericError;
|
return Err(ErrorKind::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if response_len != 8 {
|
if response_len != 8 {
|
||||||
return ErrorKind::SizeError;
|
return Err(ErrorKind::SizeError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
if _ykpiv_begin_transaction(state) != ErrorKind::Ok {
|
||||||
return ErrorKind::PcscError;
|
return Err(ErrorKind::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
// send the response to the card and a challenge of our own.
|
// send the response to the card and a challenge of our own.
|
||||||
@@ -2494,27 +2532,30 @@ pub unsafe fn ykpiv_auth_verifyresponse(
|
|||||||
|
|
||||||
apdu.zeroize();
|
apdu.zeroize();
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// MGMT Application ID(?)
|
/// MGMT Application ID(?)
|
||||||
static mut MGMT_AID: [u8; 8] = [0xa0, 0x00, 0x00, 0x05, 0x27, 0x47, 0x11, 0x17];
|
static mut MGMT_AID: [u8; 8] = [0xa0, 0x00, 0x00, 0x05, 0x27, 0x47, 0x11, 0x17];
|
||||||
|
|
||||||
/// Deauthenticate
|
/// Deauthenticate
|
||||||
pub unsafe fn ykpiv_auth_deauthenticate(state: *mut YubiKey) -> ErrorKind {
|
pub unsafe fn ykpiv_auth_deauthenticate(state: *mut YubiKey) -> Result<(), ErrorKind> {
|
||||||
let mut data = [0u8; 255];
|
let mut data = [0u8; 255];
|
||||||
let mut recv_len = data.len() as u32;
|
let mut recv_len = data.len() as u32;
|
||||||
let mut sw: i32 = 0;
|
let mut sw: i32 = 0;
|
||||||
let mut res: ErrorKind;
|
let mut res: ErrorKind;
|
||||||
|
|
||||||
if state.is_null() {
|
if state.is_null() {
|
||||||
return ErrorKind::ArgumentError;
|
return Err(ErrorKind::ArgumentError);
|
||||||
}
|
}
|
||||||
|
|
||||||
res = _ykpiv_begin_transaction(state);
|
res = _ykpiv_begin_transaction(state);
|
||||||
|
|
||||||
if res != ErrorKind::Ok {
|
if res != ErrorKind::Ok {
|
||||||
return res;
|
return Err(res);
|
||||||
}
|
}
|
||||||
|
|
||||||
let mut apdu = APDU::default();
|
let mut apdu = APDU::default();
|
||||||
@@ -2545,5 +2586,8 @@ pub unsafe fn ykpiv_auth_deauthenticate(state: *mut YubiKey) -> ErrorKind {
|
|||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_end_transaction(state);
|
_ykpiv_end_transaction(state);
|
||||||
res
|
match res {
|
||||||
|
ErrorKind::Ok => Ok(()),
|
||||||
|
e => Err(e),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user