diff --git a/src/mgm.rs b/src/mgm.rs index de26082..584e7e3 100644 --- a/src/mgm.rs +++ b/src/mgm.rs @@ -141,6 +141,26 @@ impl From for u8 { } impl MgmAlgorithmId { + /// Get the default MGM key algorithm for the given YubiKey version. + fn default_for_version(version: Version) -> Self { + match version { + // Initial firmware versions default to 3DES. + Version { major: ..=4, .. } + | Version { + major: 5, + minor: ..=6, + .. + } => Self::ThreeDes, + // Firmware 5.7.0 and above default to AES-192. + Version { + major: 5, + minor: 7.., + .. + } + | Version { major: 6.., .. } => Self::Aes192, + } + } + /// Looks up the algorithm for the given Yubikey's current management key. fn query(txn: &Transaction<'_>) -> Result { match txn.get_metadata(crate::piv::SlotId::Management(ManagementSlotId::Management)) { @@ -204,22 +224,8 @@ impl MgmKey { /// Generates a random MGM key using the preferred algorithm for the given Yubikey's /// firmware version. pub fn generate_for(yubikey: &YubiKey, rng: &mut impl TryCryptoRng) -> Result { - match yubikey.version() { - // Initial firmware versions default to 3DES. - Version { major: ..=4, .. } - | Version { - major: 5, - minor: ..=6, - .. - } => Self::generate(MgmAlgorithmId::ThreeDes, rng), - // Firmware 5.7.0 and above default to AES-192. - Version { - major: 5, - minor: 7.., - .. - } - | Version { major: 6.., .. } => Self::generate(MgmAlgorithmId::Aes192, rng), - } + let alg = MgmAlgorithmId::default_for_version(yubikey.version()); + Self::generate(alg, rng) } /// Parses an MGM key from the given byte slice. @@ -242,21 +248,10 @@ impl MgmKey { /// /// Returns an error if the Yubikey's default algorithm is unsupported. pub fn get_default(yubikey: &YubiKey) -> Result { - match yubikey.version() { - // Initial firmware versions default to 3DES. - Version { major: ..=4, .. } - | Version { - major: 5, - minor: ..=6, - .. - } => Ok(Self(MgmKeyKind::Tdes(DEFAULT_MGM_KEY.into()))), - // Firmware 5.7.0 and above default to AES-192. - Version { - major: 5, - minor: 7.., - .. - } - | Version { major: 6.., .. } => Ok(Self(MgmKeyKind::Aes192(DEFAULT_MGM_KEY.into()))), + match MgmAlgorithmId::default_for_version(yubikey.version()) { + MgmAlgorithmId::ThreeDes => Ok(Self(MgmKeyKind::Tdes(DEFAULT_MGM_KEY.into()))), + MgmAlgorithmId::Aes192 => Ok(Self(MgmKeyKind::Aes192(DEFAULT_MGM_KEY.into()))), + _ => Err(Error::NotSupported), } }