Replace getrandom with rand_core (#276)
`rand_core::OsRng` provides a facade over `getrandom` which simplifies error handling.
This commit is contained in:
committed by
GitHub
parent
1018127843
commit
e249e91297
+4
-4
@@ -31,7 +31,7 @@
|
||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
use crate::{Error, Result, YubiKey};
|
||||
use getrandom::getrandom;
|
||||
use rand_core::{OsRng, RngCore};
|
||||
use std::{
|
||||
fmt::{self, Debug, Display},
|
||||
str,
|
||||
@@ -68,10 +68,10 @@ impl CardId {
|
||||
pub const BYTE_SIZE: usize = 14;
|
||||
|
||||
/// Generate a random CCC Card ID
|
||||
pub fn generate() -> Result<Self> {
|
||||
pub fn generate() -> Self {
|
||||
let mut id = [0u8; Self::BYTE_SIZE];
|
||||
getrandom(&mut id).map_err(|_| Error::RandomnessError)?;
|
||||
Ok(Self(id))
|
||||
OsRng.fill_bytes(&mut id);
|
||||
Self(id)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
+10
-5
@@ -65,17 +65,22 @@ pub struct Config {
|
||||
pub mgm_type: MgmType,
|
||||
}
|
||||
|
||||
impl Config {
|
||||
/// Get YubiKey config.
|
||||
pub(crate) fn get(yubikey: &mut YubiKey) -> Result<Config> {
|
||||
let mut config = Config {
|
||||
impl Default for Config {
|
||||
fn default() -> Config {
|
||||
Config {
|
||||
protected_data_available: false,
|
||||
puk_blocked: false,
|
||||
puk_noblock_on_upgrade: false,
|
||||
pin_last_changed: None,
|
||||
mgm_type: MgmType::Manual,
|
||||
};
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl Config {
|
||||
/// Get YubiKey config.
|
||||
pub(crate) fn get(yubikey: &mut YubiKey) -> Result<Config> {
|
||||
let mut config = Self::default();
|
||||
let txn = yubikey.begin_transaction()?;
|
||||
|
||||
if let Ok(admin_data) = AdminData::read(&txn) {
|
||||
|
||||
@@ -81,9 +81,6 @@ pub enum Error {
|
||||
/// PIN locked
|
||||
PinLocked,
|
||||
|
||||
/// Randomness error
|
||||
RandomnessError,
|
||||
|
||||
/// Range error
|
||||
RangeError,
|
||||
|
||||
@@ -116,7 +113,6 @@ impl Error {
|
||||
Error::ParseError => "YKPIV_PARSE_ERROR",
|
||||
Error::PcscError { .. } => "YKPIV_PCSC_ERROR",
|
||||
Error::PinLocked => "YKPIV_PIN_LOCKED",
|
||||
Error::RandomnessError => "YKPIV_RANDOMNESS_ERROR",
|
||||
Error::RangeError => "YKPIV_RANGE_ERROR",
|
||||
Error::SizeError => "YKPIV_SIZE_ERROR",
|
||||
Error::WrongPin { .. } => "YKPIV_WRONG_PIN",
|
||||
@@ -140,7 +136,6 @@ impl Error {
|
||||
Error::ParseError => "parse error",
|
||||
Error::PcscError { .. } => "PC/SC error",
|
||||
Error::PinLocked => "PIN locked",
|
||||
Error::RandomnessError => "randomness error",
|
||||
Error::RangeError => "range error",
|
||||
Error::SizeError => "size error",
|
||||
Error::WrongPin { .. } => "wrong pin",
|
||||
|
||||
+10
-11
@@ -47,20 +47,19 @@ use crate::{
|
||||
yubikey::YubiKey,
|
||||
Buffer, ObjectId,
|
||||
};
|
||||
use log::debug;
|
||||
use elliptic_curve::sec1::EncodedPoint as EcPublicKey;
|
||||
use log::{debug, error, warn};
|
||||
use rsa::{BigUint, RSAPublicKey};
|
||||
use std::convert::TryFrom;
|
||||
|
||||
#[cfg(feature = "untested")]
|
||||
use crate::CB_OBJ_MAX;
|
||||
use elliptic_curve::sec1::EncodedPoint as EcPublicKey;
|
||||
use log::{error, warn};
|
||||
#[cfg(feature = "untested")]
|
||||
use num_bigint_dig::traits::ModInverse;
|
||||
#[cfg(feature = "untested")]
|
||||
use num_integer::Integer;
|
||||
#[cfg(feature = "untested")]
|
||||
use num_traits::{FromPrimitive, One};
|
||||
use rsa::{BigUint, RSAPublicKey};
|
||||
use {
|
||||
crate::CB_OBJ_MAX,
|
||||
num_bigint_dig::traits::ModInverse,
|
||||
num_integer::Integer,
|
||||
num_traits::{FromPrimitive, One},
|
||||
};
|
||||
|
||||
#[cfg(feature = "untested")]
|
||||
use zeroize::Zeroizing;
|
||||
|
||||
|
||||
+5
-10
@@ -31,8 +31,8 @@
|
||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
use crate::{Error, Result};
|
||||
use getrandom::getrandom;
|
||||
use log::error;
|
||||
use rand_core::{OsRng, RngCore};
|
||||
use std::convert::{TryFrom, TryInto};
|
||||
use zeroize::{Zeroize, Zeroizing};
|
||||
|
||||
@@ -97,14 +97,10 @@ pub struct MgmKey([u8; DES_LEN_3DES]);
|
||||
|
||||
impl MgmKey {
|
||||
/// Generate a random MGM key
|
||||
pub fn generate() -> Result<Self> {
|
||||
pub fn generate() -> Self {
|
||||
let mut key_bytes = [0u8; DES_LEN_3DES];
|
||||
|
||||
if getrandom(&mut key_bytes).is_err() {
|
||||
return Err(Error::RandomnessError);
|
||||
}
|
||||
|
||||
MgmKey::new(key_bytes)
|
||||
OsRng.fill_bytes(&mut key_bytes);
|
||||
Self(key_bytes)
|
||||
}
|
||||
|
||||
/// Create an MGM key from byte slice.
|
||||
@@ -127,7 +123,7 @@ impl MgmKey {
|
||||
return Err(Error::KeyError);
|
||||
}
|
||||
|
||||
Ok(MgmKey(key_bytes))
|
||||
Ok(Self(key_bytes))
|
||||
}
|
||||
|
||||
/// Get derived management key (MGM)
|
||||
@@ -152,7 +148,6 @@ impl MgmKey {
|
||||
|
||||
let mut mgm = [0u8; DES_LEN_3DES];
|
||||
pbkdf2::<Hmac<Sha1>>(pin, &salt, ITER_MGM_PBKDF2, &mut mgm);
|
||||
|
||||
MgmKey::from_bytes(mgm)
|
||||
}
|
||||
|
||||
|
||||
+9
-13
@@ -42,6 +42,7 @@ use crate::{
|
||||
};
|
||||
use log::{error, info};
|
||||
use pcsc::Card;
|
||||
use rand_core::{OsRng, RngCore};
|
||||
use std::{
|
||||
convert::{TryFrom, TryInto},
|
||||
fmt::{self, Display},
|
||||
@@ -49,15 +50,14 @@ use std::{
|
||||
};
|
||||
|
||||
#[cfg(feature = "untested")]
|
||||
use crate::{
|
||||
apdu::StatusWords, metadata::AdminData, transaction::ChangeRefAction, Buffer, ObjectId,
|
||||
MGMT_AID, TAG_ADMIN_FLAGS_1, TAG_ADMIN_TIMESTAMP,
|
||||
use {
|
||||
crate::{
|
||||
apdu::StatusWords, metadata::AdminData, transaction::ChangeRefAction, Buffer, ObjectId,
|
||||
MGMT_AID, TAG_ADMIN_FLAGS_1, TAG_ADMIN_TIMESTAMP,
|
||||
},
|
||||
secrecy::ExposeSecret,
|
||||
std::time::{SystemTime, UNIX_EPOCH},
|
||||
};
|
||||
use getrandom::getrandom;
|
||||
#[cfg(feature = "untested")]
|
||||
use secrecy::ExposeSecret;
|
||||
#[cfg(feature = "untested")]
|
||||
use std::time::{SystemTime, UNIX_EPOCH};
|
||||
|
||||
/// Flag for PUK blocked
|
||||
pub(crate) const ADMIN_FLAGS_1_PUK_BLOCKED: u8 = 0x01;
|
||||
@@ -294,11 +294,7 @@ impl YubiKey {
|
||||
data[4..12].copy_from_slice(&response);
|
||||
data[12] = 0x81;
|
||||
data[13] = 8;
|
||||
|
||||
if getrandom(&mut data[14..22]).is_err() {
|
||||
error!("failed getting randomness for authentication");
|
||||
return Err(Error::RandomnessError);
|
||||
}
|
||||
OsRng.fill_bytes(&mut data[14..22]);
|
||||
|
||||
let mut challenge = [0u8; 8];
|
||||
challenge.copy_from_slice(&data[14..22]);
|
||||
|
||||
Reference in New Issue
Block a user