Replace getrandom with rand_core (#276)

`rand_core::OsRng` provides a facade over `getrandom` which simplifies
error handling.
This commit is contained in:
Tony Arcieri (iqlusion)
2021-07-12 09:58:58 -07:00
committed by GitHub
parent 1018127843
commit e249e91297
9 changed files with 48 additions and 78 deletions
+4 -4
View File
@@ -31,7 +31,7 @@
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
use crate::{Error, Result, YubiKey};
use getrandom::getrandom;
use rand_core::{OsRng, RngCore};
use std::{
fmt::{self, Debug, Display},
str,
@@ -68,10 +68,10 @@ impl CardId {
pub const BYTE_SIZE: usize = 14;
/// Generate a random CCC Card ID
pub fn generate() -> Result<Self> {
pub fn generate() -> Self {
let mut id = [0u8; Self::BYTE_SIZE];
getrandom(&mut id).map_err(|_| Error::RandomnessError)?;
Ok(Self(id))
OsRng.fill_bytes(&mut id);
Self(id)
}
}
+10 -5
View File
@@ -65,17 +65,22 @@ pub struct Config {
pub mgm_type: MgmType,
}
impl Config {
/// Get YubiKey config.
pub(crate) fn get(yubikey: &mut YubiKey) -> Result<Config> {
let mut config = Config {
impl Default for Config {
fn default() -> Config {
Config {
protected_data_available: false,
puk_blocked: false,
puk_noblock_on_upgrade: false,
pin_last_changed: None,
mgm_type: MgmType::Manual,
};
}
}
}
impl Config {
/// Get YubiKey config.
pub(crate) fn get(yubikey: &mut YubiKey) -> Result<Config> {
let mut config = Self::default();
let txn = yubikey.begin_transaction()?;
if let Ok(admin_data) = AdminData::read(&txn) {
-5
View File
@@ -81,9 +81,6 @@ pub enum Error {
/// PIN locked
PinLocked,
/// Randomness error
RandomnessError,
/// Range error
RangeError,
@@ -116,7 +113,6 @@ impl Error {
Error::ParseError => "YKPIV_PARSE_ERROR",
Error::PcscError { .. } => "YKPIV_PCSC_ERROR",
Error::PinLocked => "YKPIV_PIN_LOCKED",
Error::RandomnessError => "YKPIV_RANDOMNESS_ERROR",
Error::RangeError => "YKPIV_RANGE_ERROR",
Error::SizeError => "YKPIV_SIZE_ERROR",
Error::WrongPin { .. } => "YKPIV_WRONG_PIN",
@@ -140,7 +136,6 @@ impl Error {
Error::ParseError => "parse error",
Error::PcscError { .. } => "PC/SC error",
Error::PinLocked => "PIN locked",
Error::RandomnessError => "randomness error",
Error::RangeError => "range error",
Error::SizeError => "size error",
Error::WrongPin { .. } => "wrong pin",
+10 -11
View File
@@ -47,20 +47,19 @@ use crate::{
yubikey::YubiKey,
Buffer, ObjectId,
};
use log::debug;
use elliptic_curve::sec1::EncodedPoint as EcPublicKey;
use log::{debug, error, warn};
use rsa::{BigUint, RSAPublicKey};
use std::convert::TryFrom;
#[cfg(feature = "untested")]
use crate::CB_OBJ_MAX;
use elliptic_curve::sec1::EncodedPoint as EcPublicKey;
use log::{error, warn};
#[cfg(feature = "untested")]
use num_bigint_dig::traits::ModInverse;
#[cfg(feature = "untested")]
use num_integer::Integer;
#[cfg(feature = "untested")]
use num_traits::{FromPrimitive, One};
use rsa::{BigUint, RSAPublicKey};
use {
crate::CB_OBJ_MAX,
num_bigint_dig::traits::ModInverse,
num_integer::Integer,
num_traits::{FromPrimitive, One},
};
#[cfg(feature = "untested")]
use zeroize::Zeroizing;
+5 -10
View File
@@ -31,8 +31,8 @@
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
use crate::{Error, Result};
use getrandom::getrandom;
use log::error;
use rand_core::{OsRng, RngCore};
use std::convert::{TryFrom, TryInto};
use zeroize::{Zeroize, Zeroizing};
@@ -97,14 +97,10 @@ pub struct MgmKey([u8; DES_LEN_3DES]);
impl MgmKey {
/// Generate a random MGM key
pub fn generate() -> Result<Self> {
pub fn generate() -> Self {
let mut key_bytes = [0u8; DES_LEN_3DES];
if getrandom(&mut key_bytes).is_err() {
return Err(Error::RandomnessError);
}
MgmKey::new(key_bytes)
OsRng.fill_bytes(&mut key_bytes);
Self(key_bytes)
}
/// Create an MGM key from byte slice.
@@ -127,7 +123,7 @@ impl MgmKey {
return Err(Error::KeyError);
}
Ok(MgmKey(key_bytes))
Ok(Self(key_bytes))
}
/// Get derived management key (MGM)
@@ -152,7 +148,6 @@ impl MgmKey {
let mut mgm = [0u8; DES_LEN_3DES];
pbkdf2::<Hmac<Sha1>>(pin, &salt, ITER_MGM_PBKDF2, &mut mgm);
MgmKey::from_bytes(mgm)
}
+9 -13
View File
@@ -42,6 +42,7 @@ use crate::{
};
use log::{error, info};
use pcsc::Card;
use rand_core::{OsRng, RngCore};
use std::{
convert::{TryFrom, TryInto},
fmt::{self, Display},
@@ -49,15 +50,14 @@ use std::{
};
#[cfg(feature = "untested")]
use crate::{
apdu::StatusWords, metadata::AdminData, transaction::ChangeRefAction, Buffer, ObjectId,
MGMT_AID, TAG_ADMIN_FLAGS_1, TAG_ADMIN_TIMESTAMP,
use {
crate::{
apdu::StatusWords, metadata::AdminData, transaction::ChangeRefAction, Buffer, ObjectId,
MGMT_AID, TAG_ADMIN_FLAGS_1, TAG_ADMIN_TIMESTAMP,
},
secrecy::ExposeSecret,
std::time::{SystemTime, UNIX_EPOCH},
};
use getrandom::getrandom;
#[cfg(feature = "untested")]
use secrecy::ExposeSecret;
#[cfg(feature = "untested")]
use std::time::{SystemTime, UNIX_EPOCH};
/// Flag for PUK blocked
pub(crate) const ADMIN_FLAGS_1_PUK_BLOCKED: u8 = 0x01;
@@ -294,11 +294,7 @@ impl YubiKey {
data[4..12].copy_from_slice(&response);
data[12] = 0x81;
data[13] = 8;
if getrandom(&mut data[14..22]).is_err() {
error!("failed getting randomness for authentication");
return Err(Error::RandomnessError);
}
OsRng.fill_bytes(&mut data[14..22]);
let mut challenge = [0u8; 8];
challenge.copy_from_slice(&data[14..22]);