mgm: extract MgmAlgorithmId::default_for_version (#633)
Adds a private method for determining the MGM key algorithm to use for a given YubiKey `Version`
This commit is contained in:
committed by
GitHub
parent
abcded88cf
commit
c96b50bcec
+26
-31
@@ -141,6 +141,26 @@ impl From<MgmAlgorithmId> for u8 {
|
||||
}
|
||||
|
||||
impl MgmAlgorithmId {
|
||||
/// Get the default MGM key algorithm for the given YubiKey version.
|
||||
fn default_for_version(version: Version) -> Self {
|
||||
match version {
|
||||
// Initial firmware versions default to 3DES.
|
||||
Version { major: ..=4, .. }
|
||||
| Version {
|
||||
major: 5,
|
||||
minor: ..=6,
|
||||
..
|
||||
} => Self::ThreeDes,
|
||||
// Firmware 5.7.0 and above default to AES-192.
|
||||
Version {
|
||||
major: 5,
|
||||
minor: 7..,
|
||||
..
|
||||
}
|
||||
| Version { major: 6.., .. } => Self::Aes192,
|
||||
}
|
||||
}
|
||||
|
||||
/// Looks up the algorithm for the given Yubikey's current management key.
|
||||
fn query(txn: &Transaction<'_>) -> Result<Self> {
|
||||
match txn.get_metadata(crate::piv::SlotId::Management(ManagementSlotId::Management)) {
|
||||
@@ -204,22 +224,8 @@ impl MgmKey {
|
||||
/// Generates a random MGM key using the preferred algorithm for the given Yubikey's
|
||||
/// firmware version.
|
||||
pub fn generate_for(yubikey: &YubiKey, rng: &mut impl TryCryptoRng) -> Result<Self> {
|
||||
match yubikey.version() {
|
||||
// Initial firmware versions default to 3DES.
|
||||
Version { major: ..=4, .. }
|
||||
| Version {
|
||||
major: 5,
|
||||
minor: ..=6,
|
||||
..
|
||||
} => Self::generate(MgmAlgorithmId::ThreeDes, rng),
|
||||
// Firmware 5.7.0 and above default to AES-192.
|
||||
Version {
|
||||
major: 5,
|
||||
minor: 7..,
|
||||
..
|
||||
}
|
||||
| Version { major: 6.., .. } => Self::generate(MgmAlgorithmId::Aes192, rng),
|
||||
}
|
||||
let alg = MgmAlgorithmId::default_for_version(yubikey.version());
|
||||
Self::generate(alg, rng)
|
||||
}
|
||||
|
||||
/// Parses an MGM key from the given byte slice.
|
||||
@@ -242,21 +248,10 @@ impl MgmKey {
|
||||
///
|
||||
/// Returns an error if the Yubikey's default algorithm is unsupported.
|
||||
pub fn get_default(yubikey: &YubiKey) -> Result<Self> {
|
||||
match yubikey.version() {
|
||||
// Initial firmware versions default to 3DES.
|
||||
Version { major: ..=4, .. }
|
||||
| Version {
|
||||
major: 5,
|
||||
minor: ..=6,
|
||||
..
|
||||
} => Ok(Self(MgmKeyKind::Tdes(DEFAULT_MGM_KEY.into()))),
|
||||
// Firmware 5.7.0 and above default to AES-192.
|
||||
Version {
|
||||
major: 5,
|
||||
minor: 7..,
|
||||
..
|
||||
}
|
||||
| Version { major: 6.., .. } => Ok(Self(MgmKeyKind::Aes192(DEFAULT_MGM_KEY.into()))),
|
||||
match MgmAlgorithmId::default_for_version(yubikey.version()) {
|
||||
MgmAlgorithmId::ThreeDes => Ok(Self(MgmKeyKind::Tdes(DEFAULT_MGM_KEY.into()))),
|
||||
MgmAlgorithmId::Aes192 => Ok(Self(MgmKeyKind::Aes192(DEFAULT_MGM_KEY.into()))),
|
||||
_ => Err(Error::NotSupported),
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user