Merge pull request #34 from tarcieri/have-encrypt-sign-return-buffer
Have `sign_data` and `decrypt_data` return a `Buffer`
This commit is contained in:
+2
-12
@@ -283,12 +283,10 @@ impl<'tx> Transaction<'tx> {
|
|||||||
pub(crate) fn authenticated_command(
|
pub(crate) fn authenticated_command(
|
||||||
&self,
|
&self,
|
||||||
sign_in: &[u8],
|
sign_in: &[u8],
|
||||||
out: &mut [u8],
|
|
||||||
out_len: &mut usize,
|
|
||||||
algorithm: u8,
|
algorithm: u8,
|
||||||
key: u8,
|
key: u8,
|
||||||
decipher: bool,
|
decipher: bool,
|
||||||
) -> Result<(), Error> {
|
) -> Result<Buffer, Error> {
|
||||||
let in_len = sign_in.len();
|
let in_len = sign_in.len();
|
||||||
let mut indata = [0u8; 1024];
|
let mut indata = [0u8; 1024];
|
||||||
let templ = [0, Ins::Authenticate.code(), algorithm, key];
|
let templ = [0, Ins::Authenticate.code(), algorithm, key];
|
||||||
@@ -380,15 +378,7 @@ impl<'tx> Transaction<'tx> {
|
|||||||
|
|
||||||
offset += 1;
|
offset += 1;
|
||||||
offset += get_length(&data[offset..], &mut len);
|
offset += get_length(&data[offset..], &mut len);
|
||||||
|
Ok(Buffer::new(data[offset..(offset + len)].into()))
|
||||||
if len > *out_len {
|
|
||||||
error!("wrong size on output buffer");
|
|
||||||
return Err(Error::SizeError);
|
|
||||||
}
|
|
||||||
|
|
||||||
*out_len = len;
|
|
||||||
out[..len].copy_from_slice(&data[offset..(offset + len)]);
|
|
||||||
Ok(())
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Send/receive large amounts of data to/from the YubiKey, splitting long
|
/// Send/receive large amounts of data to/from the YubiKey, splitting long
|
||||||
|
|||||||
+4
-8
@@ -357,15 +357,13 @@ impl YubiKey {
|
|||||||
pub fn sign_data(
|
pub fn sign_data(
|
||||||
&mut self,
|
&mut self,
|
||||||
raw_in: &[u8],
|
raw_in: &[u8],
|
||||||
sign_out: &mut [u8],
|
|
||||||
out_len: &mut usize,
|
|
||||||
algorithm: u8,
|
algorithm: u8,
|
||||||
key: SlotId,
|
key: SlotId,
|
||||||
) -> Result<(), Error> {
|
) -> Result<Buffer, Error> {
|
||||||
let txn = self.begin_transaction()?;
|
let txn = self.begin_transaction()?;
|
||||||
|
|
||||||
// don't attempt to reselect in crypt operations to avoid problems with PIN_ALWAYS
|
// don't attempt to reselect in crypt operations to avoid problems with PIN_ALWAYS
|
||||||
txn.authenticated_command(raw_in, sign_out, out_len, algorithm, key, false)
|
txn.authenticated_command(raw_in, algorithm, key, false)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Decrypt data using a PIV key
|
/// Decrypt data using a PIV key
|
||||||
@@ -373,15 +371,13 @@ impl YubiKey {
|
|||||||
pub fn decrypt_data(
|
pub fn decrypt_data(
|
||||||
&mut self,
|
&mut self,
|
||||||
input: &[u8],
|
input: &[u8],
|
||||||
out: &mut [u8],
|
|
||||||
out_len: &mut usize,
|
|
||||||
algorithm: u8,
|
algorithm: u8,
|
||||||
key: SlotId,
|
key: SlotId,
|
||||||
) -> Result<(), Error> {
|
) -> Result<Buffer, Error> {
|
||||||
let txn = self.begin_transaction()?;
|
let txn = self.begin_transaction()?;
|
||||||
|
|
||||||
// don't attempt to reselect in crypt operations to avoid problems with PIN_ALWAYS
|
// don't attempt to reselect in crypt operations to avoid problems with PIN_ALWAYS
|
||||||
txn.authenticated_command(input, out, out_len, algorithm, key, true)
|
txn.authenticated_command(input, algorithm, key, true)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Verify device PIN.
|
/// Verify device PIN.
|
||||||
|
|||||||
Reference in New Issue
Block a user