mgm: extract MgmAlgorithmId::default_for_version (#633)

Adds a private method for determining the MGM key algorithm to use for a
given YubiKey `Version`
This commit is contained in:
Tony Arcieri (iqlusion)
2025-12-15 11:59:48 -07:00
committed by GitHub
parent abcded88cf
commit c96b50bcec
+26 -31
View File
@@ -141,6 +141,26 @@ impl From<MgmAlgorithmId> for u8 {
}
impl MgmAlgorithmId {
/// Get the default MGM key algorithm for the given YubiKey version.
fn default_for_version(version: Version) -> Self {
match version {
// Initial firmware versions default to 3DES.
Version { major: ..=4, .. }
| Version {
major: 5,
minor: ..=6,
..
} => Self::ThreeDes,
// Firmware 5.7.0 and above default to AES-192.
Version {
major: 5,
minor: 7..,
..
}
| Version { major: 6.., .. } => Self::Aes192,
}
}
/// Looks up the algorithm for the given Yubikey's current management key.
fn query(txn: &Transaction<'_>) -> Result<Self> {
match txn.get_metadata(crate::piv::SlotId::Management(ManagementSlotId::Management)) {
@@ -204,22 +224,8 @@ impl MgmKey {
/// Generates a random MGM key using the preferred algorithm for the given Yubikey's
/// firmware version.
pub fn generate_for(yubikey: &YubiKey, rng: &mut impl TryCryptoRng) -> Result<Self> {
match yubikey.version() {
// Initial firmware versions default to 3DES.
Version { major: ..=4, .. }
| Version {
major: 5,
minor: ..=6,
..
} => Self::generate(MgmAlgorithmId::ThreeDes, rng),
// Firmware 5.7.0 and above default to AES-192.
Version {
major: 5,
minor: 7..,
..
}
| Version { major: 6.., .. } => Self::generate(MgmAlgorithmId::Aes192, rng),
}
let alg = MgmAlgorithmId::default_for_version(yubikey.version());
Self::generate(alg, rng)
}
/// Parses an MGM key from the given byte slice.
@@ -242,21 +248,10 @@ impl MgmKey {
///
/// Returns an error if the Yubikey's default algorithm is unsupported.
pub fn get_default(yubikey: &YubiKey) -> Result<Self> {
match yubikey.version() {
// Initial firmware versions default to 3DES.
Version { major: ..=4, .. }
| Version {
major: 5,
minor: ..=6,
..
} => Ok(Self(MgmKeyKind::Tdes(DEFAULT_MGM_KEY.into()))),
// Firmware 5.7.0 and above default to AES-192.
Version {
major: 5,
minor: 7..,
..
}
| Version { major: 6.., .. } => Ok(Self(MgmKeyKind::Aes192(DEFAULT_MGM_KEY.into()))),
match MgmAlgorithmId::default_for_version(yubikey.version()) {
MgmAlgorithmId::ThreeDes => Ok(Self(MgmKeyKind::Tdes(DEFAULT_MGM_KEY.into()))),
MgmAlgorithmId::Aes192 => Ok(Self(MgmKeyKind::Aes192(DEFAULT_MGM_KEY.into()))),
_ => Err(Error::NotSupported),
}
}