Replace getrandom with rand_core (#276)
`rand_core::OsRng` provides a facade over `getrandom` which simplifies error handling.
This commit is contained in:
committed by
GitHub
parent
1018127843
commit
e249e91297
Generated
+4
-21
@@ -277,17 +277,6 @@ dependencies = [
|
|||||||
"version_check",
|
"version_check",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "getrandom"
|
|
||||||
version = "0.1.16"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce"
|
|
||||||
dependencies = [
|
|
||||||
"cfg-if",
|
|
||||||
"libc",
|
|
||||||
"wasi 0.9.0+wasi-snapshot-preview1",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "getrandom"
|
name = "getrandom"
|
||||||
version = "0.2.3"
|
version = "0.2.3"
|
||||||
@@ -296,7 +285,7 @@ checksum = "7fcd999463524c52659517fe2cea98493cfe485d10565e7b0fb07dbba7ad2753"
|
|||||||
dependencies = [
|
dependencies = [
|
||||||
"cfg-if",
|
"cfg-if",
|
||||||
"libc",
|
"libc",
|
||||||
"wasi 0.10.2+wasi-snapshot-preview1",
|
"wasi",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
@@ -632,7 +621,7 @@ version = "0.6.3"
|
|||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7"
|
checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"getrandom 0.2.3",
|
"getrandom",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
@@ -893,7 +882,7 @@ version = "0.8.2"
|
|||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "bc5cf98d8186244414c848017f0e2676b3fcb46807f6668a97dfe67359a3c4b7"
|
checksum = "bc5cf98d8186244414c848017f0e2676b3fcb46807f6668a97dfe67359a3c4b7"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"getrandom 0.2.3",
|
"getrandom",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
@@ -902,12 +891,6 @@ version = "0.9.3"
|
|||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "5fecdca9a5291cc2b8dcf7dc02453fee791a280f3743cb0905f8822ae463b3fe"
|
checksum = "5fecdca9a5291cc2b8dcf7dc02453fee791a280f3743cb0905f8822ae463b3fe"
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "wasi"
|
|
||||||
version = "0.9.0+wasi-snapshot-preview1"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519"
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "wasi"
|
name = "wasi"
|
||||||
version = "0.10.2+wasi-snapshot-preview1"
|
version = "0.10.2+wasi-snapshot-preview1"
|
||||||
@@ -989,7 +972,6 @@ dependencies = [
|
|||||||
"des",
|
"des",
|
||||||
"elliptic-curve",
|
"elliptic-curve",
|
||||||
"env_logger",
|
"env_logger",
|
||||||
"getrandom 0.1.16",
|
|
||||||
"hmac",
|
"hmac",
|
||||||
"lazy_static",
|
"lazy_static",
|
||||||
"log",
|
"log",
|
||||||
@@ -1001,6 +983,7 @@ dependencies = [
|
|||||||
"p384",
|
"p384",
|
||||||
"pbkdf2",
|
"pbkdf2",
|
||||||
"pcsc",
|
"pcsc",
|
||||||
|
"rand_core",
|
||||||
"rsa",
|
"rsa",
|
||||||
"secrecy",
|
"secrecy",
|
||||||
"sha-1",
|
"sha-1",
|
||||||
|
|||||||
+2
-2
@@ -27,17 +27,17 @@ cookie-factory = "0.3"
|
|||||||
der-parser = "5"
|
der-parser = "5"
|
||||||
des = "0.7"
|
des = "0.7"
|
||||||
elliptic-curve = "0.10"
|
elliptic-curve = "0.10"
|
||||||
getrandom = "0.1"
|
|
||||||
hmac = "0.11"
|
hmac = "0.11"
|
||||||
log = "0.4"
|
log = "0.4"
|
||||||
nom = "6"
|
nom = "6"
|
||||||
num-bigint-dig = { version = "0.7", features = ["rand"], package = "num-bigint-dig" }
|
num-bigint-dig = { version = "0.7", features = ["rand"] }
|
||||||
num-traits = "0.2"
|
num-traits = "0.2"
|
||||||
num-integer = "0.1"
|
num-integer = "0.1"
|
||||||
pbkdf2 = { version = "0.8", default-features = false }
|
pbkdf2 = { version = "0.8", default-features = false }
|
||||||
p256 = "0.9"
|
p256 = "0.9"
|
||||||
p384 = "0.8"
|
p384 = "0.8"
|
||||||
pcsc = "2"
|
pcsc = "2"
|
||||||
|
rand_core = { version = "0.6", features = ["std"] }
|
||||||
rsa = "0.4"
|
rsa = "0.4"
|
||||||
secrecy = "0.7"
|
secrecy = "0.7"
|
||||||
sha-1 = "0.9"
|
sha-1 = "0.9"
|
||||||
|
|||||||
+4
-4
@@ -31,7 +31,7 @@
|
|||||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
||||||
use crate::{Error, Result, YubiKey};
|
use crate::{Error, Result, YubiKey};
|
||||||
use getrandom::getrandom;
|
use rand_core::{OsRng, RngCore};
|
||||||
use std::{
|
use std::{
|
||||||
fmt::{self, Debug, Display},
|
fmt::{self, Debug, Display},
|
||||||
str,
|
str,
|
||||||
@@ -68,10 +68,10 @@ impl CardId {
|
|||||||
pub const BYTE_SIZE: usize = 14;
|
pub const BYTE_SIZE: usize = 14;
|
||||||
|
|
||||||
/// Generate a random CCC Card ID
|
/// Generate a random CCC Card ID
|
||||||
pub fn generate() -> Result<Self> {
|
pub fn generate() -> Self {
|
||||||
let mut id = [0u8; Self::BYTE_SIZE];
|
let mut id = [0u8; Self::BYTE_SIZE];
|
||||||
getrandom(&mut id).map_err(|_| Error::RandomnessError)?;
|
OsRng.fill_bytes(&mut id);
|
||||||
Ok(Self(id))
|
Self(id)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
+10
-5
@@ -65,17 +65,22 @@ pub struct Config {
|
|||||||
pub mgm_type: MgmType,
|
pub mgm_type: MgmType,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Config {
|
impl Default for Config {
|
||||||
/// Get YubiKey config.
|
fn default() -> Config {
|
||||||
pub(crate) fn get(yubikey: &mut YubiKey) -> Result<Config> {
|
Config {
|
||||||
let mut config = Config {
|
|
||||||
protected_data_available: false,
|
protected_data_available: false,
|
||||||
puk_blocked: false,
|
puk_blocked: false,
|
||||||
puk_noblock_on_upgrade: false,
|
puk_noblock_on_upgrade: false,
|
||||||
pin_last_changed: None,
|
pin_last_changed: None,
|
||||||
mgm_type: MgmType::Manual,
|
mgm_type: MgmType::Manual,
|
||||||
};
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Config {
|
||||||
|
/// Get YubiKey config.
|
||||||
|
pub(crate) fn get(yubikey: &mut YubiKey) -> Result<Config> {
|
||||||
|
let mut config = Self::default();
|
||||||
let txn = yubikey.begin_transaction()?;
|
let txn = yubikey.begin_transaction()?;
|
||||||
|
|
||||||
if let Ok(admin_data) = AdminData::read(&txn) {
|
if let Ok(admin_data) = AdminData::read(&txn) {
|
||||||
|
|||||||
@@ -81,9 +81,6 @@ pub enum Error {
|
|||||||
/// PIN locked
|
/// PIN locked
|
||||||
PinLocked,
|
PinLocked,
|
||||||
|
|
||||||
/// Randomness error
|
|
||||||
RandomnessError,
|
|
||||||
|
|
||||||
/// Range error
|
/// Range error
|
||||||
RangeError,
|
RangeError,
|
||||||
|
|
||||||
@@ -116,7 +113,6 @@ impl Error {
|
|||||||
Error::ParseError => "YKPIV_PARSE_ERROR",
|
Error::ParseError => "YKPIV_PARSE_ERROR",
|
||||||
Error::PcscError { .. } => "YKPIV_PCSC_ERROR",
|
Error::PcscError { .. } => "YKPIV_PCSC_ERROR",
|
||||||
Error::PinLocked => "YKPIV_PIN_LOCKED",
|
Error::PinLocked => "YKPIV_PIN_LOCKED",
|
||||||
Error::RandomnessError => "YKPIV_RANDOMNESS_ERROR",
|
|
||||||
Error::RangeError => "YKPIV_RANGE_ERROR",
|
Error::RangeError => "YKPIV_RANGE_ERROR",
|
||||||
Error::SizeError => "YKPIV_SIZE_ERROR",
|
Error::SizeError => "YKPIV_SIZE_ERROR",
|
||||||
Error::WrongPin { .. } => "YKPIV_WRONG_PIN",
|
Error::WrongPin { .. } => "YKPIV_WRONG_PIN",
|
||||||
@@ -140,7 +136,6 @@ impl Error {
|
|||||||
Error::ParseError => "parse error",
|
Error::ParseError => "parse error",
|
||||||
Error::PcscError { .. } => "PC/SC error",
|
Error::PcscError { .. } => "PC/SC error",
|
||||||
Error::PinLocked => "PIN locked",
|
Error::PinLocked => "PIN locked",
|
||||||
Error::RandomnessError => "randomness error",
|
|
||||||
Error::RangeError => "range error",
|
Error::RangeError => "range error",
|
||||||
Error::SizeError => "size error",
|
Error::SizeError => "size error",
|
||||||
Error::WrongPin { .. } => "wrong pin",
|
Error::WrongPin { .. } => "wrong pin",
|
||||||
|
|||||||
+10
-11
@@ -47,20 +47,19 @@ use crate::{
|
|||||||
yubikey::YubiKey,
|
yubikey::YubiKey,
|
||||||
Buffer, ObjectId,
|
Buffer, ObjectId,
|
||||||
};
|
};
|
||||||
use log::debug;
|
use elliptic_curve::sec1::EncodedPoint as EcPublicKey;
|
||||||
|
use log::{debug, error, warn};
|
||||||
|
use rsa::{BigUint, RSAPublicKey};
|
||||||
use std::convert::TryFrom;
|
use std::convert::TryFrom;
|
||||||
|
|
||||||
#[cfg(feature = "untested")]
|
#[cfg(feature = "untested")]
|
||||||
use crate::CB_OBJ_MAX;
|
use {
|
||||||
use elliptic_curve::sec1::EncodedPoint as EcPublicKey;
|
crate::CB_OBJ_MAX,
|
||||||
use log::{error, warn};
|
num_bigint_dig::traits::ModInverse,
|
||||||
#[cfg(feature = "untested")]
|
num_integer::Integer,
|
||||||
use num_bigint_dig::traits::ModInverse;
|
num_traits::{FromPrimitive, One},
|
||||||
#[cfg(feature = "untested")]
|
};
|
||||||
use num_integer::Integer;
|
|
||||||
#[cfg(feature = "untested")]
|
|
||||||
use num_traits::{FromPrimitive, One};
|
|
||||||
use rsa::{BigUint, RSAPublicKey};
|
|
||||||
#[cfg(feature = "untested")]
|
#[cfg(feature = "untested")]
|
||||||
use zeroize::Zeroizing;
|
use zeroize::Zeroizing;
|
||||||
|
|
||||||
|
|||||||
+5
-10
@@ -31,8 +31,8 @@
|
|||||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
||||||
use crate::{Error, Result};
|
use crate::{Error, Result};
|
||||||
use getrandom::getrandom;
|
|
||||||
use log::error;
|
use log::error;
|
||||||
|
use rand_core::{OsRng, RngCore};
|
||||||
use std::convert::{TryFrom, TryInto};
|
use std::convert::{TryFrom, TryInto};
|
||||||
use zeroize::{Zeroize, Zeroizing};
|
use zeroize::{Zeroize, Zeroizing};
|
||||||
|
|
||||||
@@ -97,14 +97,10 @@ pub struct MgmKey([u8; DES_LEN_3DES]);
|
|||||||
|
|
||||||
impl MgmKey {
|
impl MgmKey {
|
||||||
/// Generate a random MGM key
|
/// Generate a random MGM key
|
||||||
pub fn generate() -> Result<Self> {
|
pub fn generate() -> Self {
|
||||||
let mut key_bytes = [0u8; DES_LEN_3DES];
|
let mut key_bytes = [0u8; DES_LEN_3DES];
|
||||||
|
OsRng.fill_bytes(&mut key_bytes);
|
||||||
if getrandom(&mut key_bytes).is_err() {
|
Self(key_bytes)
|
||||||
return Err(Error::RandomnessError);
|
|
||||||
}
|
|
||||||
|
|
||||||
MgmKey::new(key_bytes)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Create an MGM key from byte slice.
|
/// Create an MGM key from byte slice.
|
||||||
@@ -127,7 +123,7 @@ impl MgmKey {
|
|||||||
return Err(Error::KeyError);
|
return Err(Error::KeyError);
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok(MgmKey(key_bytes))
|
Ok(Self(key_bytes))
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Get derived management key (MGM)
|
/// Get derived management key (MGM)
|
||||||
@@ -152,7 +148,6 @@ impl MgmKey {
|
|||||||
|
|
||||||
let mut mgm = [0u8; DES_LEN_3DES];
|
let mut mgm = [0u8; DES_LEN_3DES];
|
||||||
pbkdf2::<Hmac<Sha1>>(pin, &salt, ITER_MGM_PBKDF2, &mut mgm);
|
pbkdf2::<Hmac<Sha1>>(pin, &salt, ITER_MGM_PBKDF2, &mut mgm);
|
||||||
|
|
||||||
MgmKey::from_bytes(mgm)
|
MgmKey::from_bytes(mgm)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
+9
-13
@@ -42,6 +42,7 @@ use crate::{
|
|||||||
};
|
};
|
||||||
use log::{error, info};
|
use log::{error, info};
|
||||||
use pcsc::Card;
|
use pcsc::Card;
|
||||||
|
use rand_core::{OsRng, RngCore};
|
||||||
use std::{
|
use std::{
|
||||||
convert::{TryFrom, TryInto},
|
convert::{TryFrom, TryInto},
|
||||||
fmt::{self, Display},
|
fmt::{self, Display},
|
||||||
@@ -49,15 +50,14 @@ use std::{
|
|||||||
};
|
};
|
||||||
|
|
||||||
#[cfg(feature = "untested")]
|
#[cfg(feature = "untested")]
|
||||||
use crate::{
|
use {
|
||||||
apdu::StatusWords, metadata::AdminData, transaction::ChangeRefAction, Buffer, ObjectId,
|
crate::{
|
||||||
MGMT_AID, TAG_ADMIN_FLAGS_1, TAG_ADMIN_TIMESTAMP,
|
apdu::StatusWords, metadata::AdminData, transaction::ChangeRefAction, Buffer, ObjectId,
|
||||||
|
MGMT_AID, TAG_ADMIN_FLAGS_1, TAG_ADMIN_TIMESTAMP,
|
||||||
|
},
|
||||||
|
secrecy::ExposeSecret,
|
||||||
|
std::time::{SystemTime, UNIX_EPOCH},
|
||||||
};
|
};
|
||||||
use getrandom::getrandom;
|
|
||||||
#[cfg(feature = "untested")]
|
|
||||||
use secrecy::ExposeSecret;
|
|
||||||
#[cfg(feature = "untested")]
|
|
||||||
use std::time::{SystemTime, UNIX_EPOCH};
|
|
||||||
|
|
||||||
/// Flag for PUK blocked
|
/// Flag for PUK blocked
|
||||||
pub(crate) const ADMIN_FLAGS_1_PUK_BLOCKED: u8 = 0x01;
|
pub(crate) const ADMIN_FLAGS_1_PUK_BLOCKED: u8 = 0x01;
|
||||||
@@ -294,11 +294,7 @@ impl YubiKey {
|
|||||||
data[4..12].copy_from_slice(&response);
|
data[4..12].copy_from_slice(&response);
|
||||||
data[12] = 0x81;
|
data[12] = 0x81;
|
||||||
data[13] = 8;
|
data[13] = 8;
|
||||||
|
OsRng.fill_bytes(&mut data[14..22]);
|
||||||
if getrandom(&mut data[14..22]).is_err() {
|
|
||||||
error!("failed getting randomness for authentication");
|
|
||||||
return Err(Error::RandomnessError);
|
|
||||||
}
|
|
||||||
|
|
||||||
let mut challenge = [0u8; 8];
|
let mut challenge = [0u8; 8];
|
||||||
challenge.copy_from_slice(&data[14..22]);
|
challenge.copy_from_slice(&data[14..22]);
|
||||||
|
|||||||
@@ -3,9 +3,9 @@
|
|||||||
#![forbid(unsafe_code)]
|
#![forbid(unsafe_code)]
|
||||||
#![warn(missing_docs, rust_2018_idioms, trivial_casts, unused_qualifications)]
|
#![warn(missing_docs, rust_2018_idioms, trivial_casts, unused_qualifications)]
|
||||||
|
|
||||||
use getrandom::getrandom;
|
|
||||||
use lazy_static::lazy_static;
|
use lazy_static::lazy_static;
|
||||||
use log::trace;
|
use log::trace;
|
||||||
|
use rand_core::{OsRng, RngCore};
|
||||||
use rsa::{hash::Hash::SHA2_256, PaddingScheme, PublicKey};
|
use rsa::{hash::Hash::SHA2_256, PaddingScheme, PublicKey};
|
||||||
use sha2::{Digest, Sha256};
|
use sha2::{Digest, Sha256};
|
||||||
use std::{convert::TryInto, env, sync::Mutex};
|
use std::{convert::TryInto, env, sync::Mutex};
|
||||||
@@ -120,16 +120,13 @@ fn test_set_mgmkey() {
|
|||||||
assert!(yubikey.authenticate(MgmKey::default()).is_ok());
|
assert!(yubikey.authenticate(MgmKey::default()).is_ok());
|
||||||
|
|
||||||
// Set a protected management key.
|
// Set a protected management key.
|
||||||
assert!(MgmKey::generate()
|
assert!(MgmKey::generate().set_protected(&mut yubikey).is_ok());
|
||||||
.unwrap()
|
|
||||||
.set_protected(&mut yubikey)
|
|
||||||
.is_ok());
|
|
||||||
let protected = MgmKey::get_protected(&mut yubikey).unwrap();
|
let protected = MgmKey::get_protected(&mut yubikey).unwrap();
|
||||||
assert!(yubikey.authenticate(MgmKey::default()).is_err());
|
assert!(yubikey.authenticate(MgmKey::default()).is_err());
|
||||||
assert!(yubikey.authenticate(protected.clone()).is_ok());
|
assert!(yubikey.authenticate(protected.clone()).is_ok());
|
||||||
|
|
||||||
// Set a manual management key.
|
// Set a manual management key.
|
||||||
let manual = MgmKey::generate().unwrap();
|
let manual = MgmKey::generate();
|
||||||
assert!(manual.set_manual(&mut yubikey, false).is_ok());
|
assert!(manual.set_manual(&mut yubikey, false).is_ok());
|
||||||
assert!(MgmKey::get_protected(&mut yubikey).is_err());
|
assert!(MgmKey::get_protected(&mut yubikey).is_err());
|
||||||
assert!(yubikey.authenticate(MgmKey::default()).is_err());
|
assert!(yubikey.authenticate(MgmKey::default()).is_err());
|
||||||
@@ -167,7 +164,7 @@ fn generate_self_signed_cert(algorithm: AlgorithmId) -> Certificate {
|
|||||||
.unwrap();
|
.unwrap();
|
||||||
|
|
||||||
let mut serial = [0u8; 20];
|
let mut serial = [0u8; 20];
|
||||||
getrandom(&mut serial).unwrap();
|
OsRng.fill_bytes(&mut serial);
|
||||||
|
|
||||||
// Generate a self-signed certificate for the new key.
|
// Generate a self-signed certificate for the new key.
|
||||||
let extensions: &[x509::Extension<'_, &[u64]>] = &[];
|
let extensions: &[x509::Extension<'_, &[u64]>] = &[];
|
||||||
|
|||||||
Reference in New Issue
Block a user