Merge pull request #43 from iqlusioninc/pin-secrecy

Use `secrecy` crate for storing `CachedPin`
This commit is contained in:
Tony Arcieri
2019-11-30 12:39:33 -08:00
committed by GitHub
2 changed files with 15 additions and 7 deletions
+1
View File
@@ -25,6 +25,7 @@ hmac = "0.7"
log = "0.4" log = "0.4"
pbkdf2 = "0.3" pbkdf2 = "0.3"
pcsc = "2" pcsc = "2"
secrecy = "0.5"
sha-1 = "0.8" sha-1 = "0.8"
subtle = "2" subtle = "2"
zeroize = "1" zeroize = "1"
+14 -7
View File
@@ -40,13 +40,15 @@ use crate::{
metadata, metadata,
mgm::MgmKey, mgm::MgmKey,
serialization::*, serialization::*,
ObjectId, Buffer, ObjectId,
}; };
use crate::{consts::*, error::Error, transaction::Transaction, Buffer}; use crate::{consts::*, error::Error, transaction::Transaction};
#[cfg(feature = "untested")] #[cfg(feature = "untested")]
use getrandom::getrandom; use getrandom::getrandom;
use log::{error, info, warn}; use log::{error, info, warn};
use pcsc::{Card, Context}; use pcsc::{Card, Context};
#[cfg(feature = "untested")]
use secrecy::ExposeSecret;
use std::fmt::{self, Display}; use std::fmt::{self, Display};
#[cfg(feature = "untested")] #[cfg(feature = "untested")]
use std::{ use std::{
@@ -63,6 +65,9 @@ pub const AID: [u8; 5] = [0xa0, 0x00, 0x00, 0x03, 0x08];
/// <https://developers.yubico.com/PIV/Introduction/Admin_access.html> /// <https://developers.yubico.com/PIV/Introduction/Admin_access.html>
pub const MGMT_AID: [u8; 8] = [0xa0, 0x00, 0x00, 0x05, 0x27, 0x47, 0x11, 0x17]; pub const MGMT_AID: [u8; 8] = [0xa0, 0x00, 0x00, 0x05, 0x27, 0x47, 0x11, 0x17];
/// Cached YubiKey PIN
pub type CachedPin = secrecy::SecretVec<u8>;
/// YubiKey Serial Number /// YubiKey Serial Number
#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] #[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)]
pub struct Serial(pub u32); pub struct Serial(pub u32);
@@ -118,7 +123,7 @@ impl Version {
#[cfg_attr(not(feature = "untested"), allow(dead_code))] #[cfg_attr(not(feature = "untested"), allow(dead_code))]
pub struct YubiKey { pub struct YubiKey {
pub(crate) card: Card, pub(crate) card: Card,
pub(crate) pin: Option<Buffer>, pub(crate) pin: Option<CachedPin>,
pub(crate) is_neo: bool, pub(crate) is_neo: bool,
pub(crate) version: Version, pub(crate) version: Version,
pub(crate) serial: Serial, pub(crate) serial: Serial,
@@ -228,8 +233,10 @@ impl YubiKey {
pcsc::Disposition::ResetCard, pcsc::Disposition::ResetCard,
)?; )?;
// TODO(tarcieri): zeroize pin! let pin = self
let pin = self.pin.clone(); .pin
.as_ref()
.map(|p| Buffer::new(p.expose_secret().clone()));
let txn = Transaction::new(&mut self.card)?; let txn = Transaction::new(&mut self.card)?;
txn.select_application()?; txn.select_application()?;
@@ -388,7 +395,7 @@ impl YubiKey {
} }
if !pin.is_empty() { if !pin.is_empty() {
self.pin = Some(Buffer::new(pin.into())) self.pin = Some(CachedPin::new(pin.into()))
} }
Ok(()) Ok(())
@@ -445,7 +452,7 @@ impl YubiKey {
} }
if !new_pin.is_empty() { if !new_pin.is_empty() {
self.pin = Some(Buffer::new(new_pin.into())); self.pin = Some(CachedPin::new(new_pin.into()));
} }
Ok(()) Ok(())