Replace getrandom with rand_core (#276)

`rand_core::OsRng` provides a facade over `getrandom` which simplifies
error handling.
This commit is contained in:
Tony Arcieri (iqlusion)
2021-07-12 09:58:58 -07:00
committed by GitHub
parent 1018127843
commit e249e91297
9 changed files with 48 additions and 78 deletions
Generated
+4 -21
View File
@@ -277,17 +277,6 @@ dependencies = [
"version_check",
]
[[package]]
name = "getrandom"
version = "0.1.16"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce"
dependencies = [
"cfg-if",
"libc",
"wasi 0.9.0+wasi-snapshot-preview1",
]
[[package]]
name = "getrandom"
version = "0.2.3"
@@ -296,7 +285,7 @@ checksum = "7fcd999463524c52659517fe2cea98493cfe485d10565e7b0fb07dbba7ad2753"
dependencies = [
"cfg-if",
"libc",
"wasi 0.10.2+wasi-snapshot-preview1",
"wasi",
]
[[package]]
@@ -632,7 +621,7 @@ version = "0.6.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7"
dependencies = [
"getrandom 0.2.3",
"getrandom",
]
[[package]]
@@ -893,7 +882,7 @@ version = "0.8.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bc5cf98d8186244414c848017f0e2676b3fcb46807f6668a97dfe67359a3c4b7"
dependencies = [
"getrandom 0.2.3",
"getrandom",
]
[[package]]
@@ -902,12 +891,6 @@ version = "0.9.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5fecdca9a5291cc2b8dcf7dc02453fee791a280f3743cb0905f8822ae463b3fe"
[[package]]
name = "wasi"
version = "0.9.0+wasi-snapshot-preview1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519"
[[package]]
name = "wasi"
version = "0.10.2+wasi-snapshot-preview1"
@@ -989,7 +972,6 @@ dependencies = [
"des",
"elliptic-curve",
"env_logger",
"getrandom 0.1.16",
"hmac",
"lazy_static",
"log",
@@ -1001,6 +983,7 @@ dependencies = [
"p384",
"pbkdf2",
"pcsc",
"rand_core",
"rsa",
"secrecy",
"sha-1",
+2 -2
View File
@@ -27,17 +27,17 @@ cookie-factory = "0.3"
der-parser = "5"
des = "0.7"
elliptic-curve = "0.10"
getrandom = "0.1"
hmac = "0.11"
log = "0.4"
nom = "6"
num-bigint-dig = { version = "0.7", features = ["rand"], package = "num-bigint-dig" }
num-bigint-dig = { version = "0.7", features = ["rand"] }
num-traits = "0.2"
num-integer = "0.1"
pbkdf2 = { version = "0.8", default-features = false }
p256 = "0.9"
p384 = "0.8"
pcsc = "2"
rand_core = { version = "0.6", features = ["std"] }
rsa = "0.4"
secrecy = "0.7"
sha-1 = "0.9"
+4 -4
View File
@@ -31,7 +31,7 @@
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
use crate::{Error, Result, YubiKey};
use getrandom::getrandom;
use rand_core::{OsRng, RngCore};
use std::{
fmt::{self, Debug, Display},
str,
@@ -68,10 +68,10 @@ impl CardId {
pub const BYTE_SIZE: usize = 14;
/// Generate a random CCC Card ID
pub fn generate() -> Result<Self> {
pub fn generate() -> Self {
let mut id = [0u8; Self::BYTE_SIZE];
getrandom(&mut id).map_err(|_| Error::RandomnessError)?;
Ok(Self(id))
OsRng.fill_bytes(&mut id);
Self(id)
}
}
+10 -5
View File
@@ -65,17 +65,22 @@ pub struct Config {
pub mgm_type: MgmType,
}
impl Config {
/// Get YubiKey config.
pub(crate) fn get(yubikey: &mut YubiKey) -> Result<Config> {
let mut config = Config {
impl Default for Config {
fn default() -> Config {
Config {
protected_data_available: false,
puk_blocked: false,
puk_noblock_on_upgrade: false,
pin_last_changed: None,
mgm_type: MgmType::Manual,
};
}
}
}
impl Config {
/// Get YubiKey config.
pub(crate) fn get(yubikey: &mut YubiKey) -> Result<Config> {
let mut config = Self::default();
let txn = yubikey.begin_transaction()?;
if let Ok(admin_data) = AdminData::read(&txn) {
-5
View File
@@ -81,9 +81,6 @@ pub enum Error {
/// PIN locked
PinLocked,
/// Randomness error
RandomnessError,
/// Range error
RangeError,
@@ -116,7 +113,6 @@ impl Error {
Error::ParseError => "YKPIV_PARSE_ERROR",
Error::PcscError { .. } => "YKPIV_PCSC_ERROR",
Error::PinLocked => "YKPIV_PIN_LOCKED",
Error::RandomnessError => "YKPIV_RANDOMNESS_ERROR",
Error::RangeError => "YKPIV_RANGE_ERROR",
Error::SizeError => "YKPIV_SIZE_ERROR",
Error::WrongPin { .. } => "YKPIV_WRONG_PIN",
@@ -140,7 +136,6 @@ impl Error {
Error::ParseError => "parse error",
Error::PcscError { .. } => "PC/SC error",
Error::PinLocked => "PIN locked",
Error::RandomnessError => "randomness error",
Error::RangeError => "range error",
Error::SizeError => "size error",
Error::WrongPin { .. } => "wrong pin",
+10 -11
View File
@@ -47,20 +47,19 @@ use crate::{
yubikey::YubiKey,
Buffer, ObjectId,
};
use log::debug;
use elliptic_curve::sec1::EncodedPoint as EcPublicKey;
use log::{debug, error, warn};
use rsa::{BigUint, RSAPublicKey};
use std::convert::TryFrom;
#[cfg(feature = "untested")]
use crate::CB_OBJ_MAX;
use elliptic_curve::sec1::EncodedPoint as EcPublicKey;
use log::{error, warn};
#[cfg(feature = "untested")]
use num_bigint_dig::traits::ModInverse;
#[cfg(feature = "untested")]
use num_integer::Integer;
#[cfg(feature = "untested")]
use num_traits::{FromPrimitive, One};
use rsa::{BigUint, RSAPublicKey};
use {
crate::CB_OBJ_MAX,
num_bigint_dig::traits::ModInverse,
num_integer::Integer,
num_traits::{FromPrimitive, One},
};
#[cfg(feature = "untested")]
use zeroize::Zeroizing;
+5 -10
View File
@@ -31,8 +31,8 @@
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
use crate::{Error, Result};
use getrandom::getrandom;
use log::error;
use rand_core::{OsRng, RngCore};
use std::convert::{TryFrom, TryInto};
use zeroize::{Zeroize, Zeroizing};
@@ -97,14 +97,10 @@ pub struct MgmKey([u8; DES_LEN_3DES]);
impl MgmKey {
/// Generate a random MGM key
pub fn generate() -> Result<Self> {
pub fn generate() -> Self {
let mut key_bytes = [0u8; DES_LEN_3DES];
if getrandom(&mut key_bytes).is_err() {
return Err(Error::RandomnessError);
}
MgmKey::new(key_bytes)
OsRng.fill_bytes(&mut key_bytes);
Self(key_bytes)
}
/// Create an MGM key from byte slice.
@@ -127,7 +123,7 @@ impl MgmKey {
return Err(Error::KeyError);
}
Ok(MgmKey(key_bytes))
Ok(Self(key_bytes))
}
/// Get derived management key (MGM)
@@ -152,7 +148,6 @@ impl MgmKey {
let mut mgm = [0u8; DES_LEN_3DES];
pbkdf2::<Hmac<Sha1>>(pin, &salt, ITER_MGM_PBKDF2, &mut mgm);
MgmKey::from_bytes(mgm)
}
+9 -13
View File
@@ -42,6 +42,7 @@ use crate::{
};
use log::{error, info};
use pcsc::Card;
use rand_core::{OsRng, RngCore};
use std::{
convert::{TryFrom, TryInto},
fmt::{self, Display},
@@ -49,15 +50,14 @@ use std::{
};
#[cfg(feature = "untested")]
use crate::{
apdu::StatusWords, metadata::AdminData, transaction::ChangeRefAction, Buffer, ObjectId,
MGMT_AID, TAG_ADMIN_FLAGS_1, TAG_ADMIN_TIMESTAMP,
use {
crate::{
apdu::StatusWords, metadata::AdminData, transaction::ChangeRefAction, Buffer, ObjectId,
MGMT_AID, TAG_ADMIN_FLAGS_1, TAG_ADMIN_TIMESTAMP,
},
secrecy::ExposeSecret,
std::time::{SystemTime, UNIX_EPOCH},
};
use getrandom::getrandom;
#[cfg(feature = "untested")]
use secrecy::ExposeSecret;
#[cfg(feature = "untested")]
use std::time::{SystemTime, UNIX_EPOCH};
/// Flag for PUK blocked
pub(crate) const ADMIN_FLAGS_1_PUK_BLOCKED: u8 = 0x01;
@@ -294,11 +294,7 @@ impl YubiKey {
data[4..12].copy_from_slice(&response);
data[12] = 0x81;
data[13] = 8;
if getrandom(&mut data[14..22]).is_err() {
error!("failed getting randomness for authentication");
return Err(Error::RandomnessError);
}
OsRng.fill_bytes(&mut data[14..22]);
let mut challenge = [0u8; 8];
challenge.copy_from_slice(&data[14..22]);
+4 -7
View File
@@ -3,9 +3,9 @@
#![forbid(unsafe_code)]
#![warn(missing_docs, rust_2018_idioms, trivial_casts, unused_qualifications)]
use getrandom::getrandom;
use lazy_static::lazy_static;
use log::trace;
use rand_core::{OsRng, RngCore};
use rsa::{hash::Hash::SHA2_256, PaddingScheme, PublicKey};
use sha2::{Digest, Sha256};
use std::{convert::TryInto, env, sync::Mutex};
@@ -120,16 +120,13 @@ fn test_set_mgmkey() {
assert!(yubikey.authenticate(MgmKey::default()).is_ok());
// Set a protected management key.
assert!(MgmKey::generate()
.unwrap()
.set_protected(&mut yubikey)
.is_ok());
assert!(MgmKey::generate().set_protected(&mut yubikey).is_ok());
let protected = MgmKey::get_protected(&mut yubikey).unwrap();
assert!(yubikey.authenticate(MgmKey::default()).is_err());
assert!(yubikey.authenticate(protected.clone()).is_ok());
// Set a manual management key.
let manual = MgmKey::generate().unwrap();
let manual = MgmKey::generate();
assert!(manual.set_manual(&mut yubikey, false).is_ok());
assert!(MgmKey::get_protected(&mut yubikey).is_err());
assert!(yubikey.authenticate(MgmKey::default()).is_err());
@@ -167,7 +164,7 @@ fn generate_self_signed_cert(algorithm: AlgorithmId) -> Certificate {
.unwrap();
let mut serial = [0u8; 20];
getrandom(&mut serial).unwrap();
OsRng.fill_bytes(&mut serial);
// Generate a self-signed certificate for the new key.
let extensions: &[x509::Extension<'_, &[u64]>] = &[];