Merge pull request #43 from iqlusioninc/pin-secrecy
Use `secrecy` crate for storing `CachedPin`
This commit is contained in:
@@ -25,6 +25,7 @@ hmac = "0.7"
|
|||||||
log = "0.4"
|
log = "0.4"
|
||||||
pbkdf2 = "0.3"
|
pbkdf2 = "0.3"
|
||||||
pcsc = "2"
|
pcsc = "2"
|
||||||
|
secrecy = "0.5"
|
||||||
sha-1 = "0.8"
|
sha-1 = "0.8"
|
||||||
subtle = "2"
|
subtle = "2"
|
||||||
zeroize = "1"
|
zeroize = "1"
|
||||||
|
|||||||
+14
-7
@@ -40,13 +40,15 @@ use crate::{
|
|||||||
metadata,
|
metadata,
|
||||||
mgm::MgmKey,
|
mgm::MgmKey,
|
||||||
serialization::*,
|
serialization::*,
|
||||||
ObjectId,
|
Buffer, ObjectId,
|
||||||
};
|
};
|
||||||
use crate::{consts::*, error::Error, transaction::Transaction, Buffer};
|
use crate::{consts::*, error::Error, transaction::Transaction};
|
||||||
#[cfg(feature = "untested")]
|
#[cfg(feature = "untested")]
|
||||||
use getrandom::getrandom;
|
use getrandom::getrandom;
|
||||||
use log::{error, info, warn};
|
use log::{error, info, warn};
|
||||||
use pcsc::{Card, Context};
|
use pcsc::{Card, Context};
|
||||||
|
#[cfg(feature = "untested")]
|
||||||
|
use secrecy::ExposeSecret;
|
||||||
use std::fmt::{self, Display};
|
use std::fmt::{self, Display};
|
||||||
#[cfg(feature = "untested")]
|
#[cfg(feature = "untested")]
|
||||||
use std::{
|
use std::{
|
||||||
@@ -63,6 +65,9 @@ pub const AID: [u8; 5] = [0xa0, 0x00, 0x00, 0x03, 0x08];
|
|||||||
/// <https://developers.yubico.com/PIV/Introduction/Admin_access.html>
|
/// <https://developers.yubico.com/PIV/Introduction/Admin_access.html>
|
||||||
pub const MGMT_AID: [u8; 8] = [0xa0, 0x00, 0x00, 0x05, 0x27, 0x47, 0x11, 0x17];
|
pub const MGMT_AID: [u8; 8] = [0xa0, 0x00, 0x00, 0x05, 0x27, 0x47, 0x11, 0x17];
|
||||||
|
|
||||||
|
/// Cached YubiKey PIN
|
||||||
|
pub type CachedPin = secrecy::SecretVec<u8>;
|
||||||
|
|
||||||
/// YubiKey Serial Number
|
/// YubiKey Serial Number
|
||||||
#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)]
|
#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)]
|
||||||
pub struct Serial(pub u32);
|
pub struct Serial(pub u32);
|
||||||
@@ -118,7 +123,7 @@ impl Version {
|
|||||||
#[cfg_attr(not(feature = "untested"), allow(dead_code))]
|
#[cfg_attr(not(feature = "untested"), allow(dead_code))]
|
||||||
pub struct YubiKey {
|
pub struct YubiKey {
|
||||||
pub(crate) card: Card,
|
pub(crate) card: Card,
|
||||||
pub(crate) pin: Option<Buffer>,
|
pub(crate) pin: Option<CachedPin>,
|
||||||
pub(crate) is_neo: bool,
|
pub(crate) is_neo: bool,
|
||||||
pub(crate) version: Version,
|
pub(crate) version: Version,
|
||||||
pub(crate) serial: Serial,
|
pub(crate) serial: Serial,
|
||||||
@@ -228,8 +233,10 @@ impl YubiKey {
|
|||||||
pcsc::Disposition::ResetCard,
|
pcsc::Disposition::ResetCard,
|
||||||
)?;
|
)?;
|
||||||
|
|
||||||
// TODO(tarcieri): zeroize pin!
|
let pin = self
|
||||||
let pin = self.pin.clone();
|
.pin
|
||||||
|
.as_ref()
|
||||||
|
.map(|p| Buffer::new(p.expose_secret().clone()));
|
||||||
|
|
||||||
let txn = Transaction::new(&mut self.card)?;
|
let txn = Transaction::new(&mut self.card)?;
|
||||||
txn.select_application()?;
|
txn.select_application()?;
|
||||||
@@ -388,7 +395,7 @@ impl YubiKey {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if !pin.is_empty() {
|
if !pin.is_empty() {
|
||||||
self.pin = Some(Buffer::new(pin.into()))
|
self.pin = Some(CachedPin::new(pin.into()))
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
@@ -445,7 +452,7 @@ impl YubiKey {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if !new_pin.is_empty() {
|
if !new_pin.is_empty() {
|
||||||
self.pin = Some(Buffer::new(new_pin.into()));
|
self.pin = Some(CachedPin::new(new_pin.into()));
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
|
|||||||
Reference in New Issue
Block a user