mgm: extract MgmAlgorithmId::default_for_version (#633)
Adds a private method for determining the MGM key algorithm to use for a given YubiKey `Version`
This commit is contained in:
committed by
GitHub
parent
abcded88cf
commit
c96b50bcec
+26
-31
@@ -141,6 +141,26 @@ impl From<MgmAlgorithmId> for u8 {
|
|||||||
}
|
}
|
||||||
|
|
||||||
impl MgmAlgorithmId {
|
impl MgmAlgorithmId {
|
||||||
|
/// Get the default MGM key algorithm for the given YubiKey version.
|
||||||
|
fn default_for_version(version: Version) -> Self {
|
||||||
|
match version {
|
||||||
|
// Initial firmware versions default to 3DES.
|
||||||
|
Version { major: ..=4, .. }
|
||||||
|
| Version {
|
||||||
|
major: 5,
|
||||||
|
minor: ..=6,
|
||||||
|
..
|
||||||
|
} => Self::ThreeDes,
|
||||||
|
// Firmware 5.7.0 and above default to AES-192.
|
||||||
|
Version {
|
||||||
|
major: 5,
|
||||||
|
minor: 7..,
|
||||||
|
..
|
||||||
|
}
|
||||||
|
| Version { major: 6.., .. } => Self::Aes192,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/// Looks up the algorithm for the given Yubikey's current management key.
|
/// Looks up the algorithm for the given Yubikey's current management key.
|
||||||
fn query(txn: &Transaction<'_>) -> Result<Self> {
|
fn query(txn: &Transaction<'_>) -> Result<Self> {
|
||||||
match txn.get_metadata(crate::piv::SlotId::Management(ManagementSlotId::Management)) {
|
match txn.get_metadata(crate::piv::SlotId::Management(ManagementSlotId::Management)) {
|
||||||
@@ -204,22 +224,8 @@ impl MgmKey {
|
|||||||
/// Generates a random MGM key using the preferred algorithm for the given Yubikey's
|
/// Generates a random MGM key using the preferred algorithm for the given Yubikey's
|
||||||
/// firmware version.
|
/// firmware version.
|
||||||
pub fn generate_for(yubikey: &YubiKey, rng: &mut impl TryCryptoRng) -> Result<Self> {
|
pub fn generate_for(yubikey: &YubiKey, rng: &mut impl TryCryptoRng) -> Result<Self> {
|
||||||
match yubikey.version() {
|
let alg = MgmAlgorithmId::default_for_version(yubikey.version());
|
||||||
// Initial firmware versions default to 3DES.
|
Self::generate(alg, rng)
|
||||||
Version { major: ..=4, .. }
|
|
||||||
| Version {
|
|
||||||
major: 5,
|
|
||||||
minor: ..=6,
|
|
||||||
..
|
|
||||||
} => Self::generate(MgmAlgorithmId::ThreeDes, rng),
|
|
||||||
// Firmware 5.7.0 and above default to AES-192.
|
|
||||||
Version {
|
|
||||||
major: 5,
|
|
||||||
minor: 7..,
|
|
||||||
..
|
|
||||||
}
|
|
||||||
| Version { major: 6.., .. } => Self::generate(MgmAlgorithmId::Aes192, rng),
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Parses an MGM key from the given byte slice.
|
/// Parses an MGM key from the given byte slice.
|
||||||
@@ -242,21 +248,10 @@ impl MgmKey {
|
|||||||
///
|
///
|
||||||
/// Returns an error if the Yubikey's default algorithm is unsupported.
|
/// Returns an error if the Yubikey's default algorithm is unsupported.
|
||||||
pub fn get_default(yubikey: &YubiKey) -> Result<Self> {
|
pub fn get_default(yubikey: &YubiKey) -> Result<Self> {
|
||||||
match yubikey.version() {
|
match MgmAlgorithmId::default_for_version(yubikey.version()) {
|
||||||
// Initial firmware versions default to 3DES.
|
MgmAlgorithmId::ThreeDes => Ok(Self(MgmKeyKind::Tdes(DEFAULT_MGM_KEY.into()))),
|
||||||
Version { major: ..=4, .. }
|
MgmAlgorithmId::Aes192 => Ok(Self(MgmKeyKind::Aes192(DEFAULT_MGM_KEY.into()))),
|
||||||
| Version {
|
_ => Err(Error::NotSupported),
|
||||||
major: 5,
|
|
||||||
minor: ..=6,
|
|
||||||
..
|
|
||||||
} => Ok(Self(MgmKeyKind::Tdes(DEFAULT_MGM_KEY.into()))),
|
|
||||||
// Firmware 5.7.0 and above default to AES-192.
|
|
||||||
Version {
|
|
||||||
major: 5,
|
|
||||||
minor: 7..,
|
|
||||||
..
|
|
||||||
}
|
|
||||||
| Version { major: 6.., .. } => Ok(Self(MgmKeyKind::Aes192(DEFAULT_MGM_KEY.into()))),
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user