From f372cfc2a7f5331ecd4899679e44ffda0b55c728 Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Thu, 21 Nov 2019 07:37:51 -0800 Subject: [PATCH] Rename ErrorKind to Error There was originally another `Error` type from the translation. Now that it's gone, and we don't presently have a type just named `Error`, this renames the current `ErrorKind` type now that the original was deleted. --- src/error.rs | 76 +++++++------- src/util.rs | 186 +++++++++++++++++------------------ src/yubikey.rs | 261 ++++++++++++++++++++++++------------------------- 3 files changed, 256 insertions(+), 267 deletions(-) diff --git a/src/error.rs b/src/error.rs index bdd526a..30207ce 100644 --- a/src/error.rs +++ b/src/error.rs @@ -34,7 +34,7 @@ use std::fmt; /// Kinds of errors #[derive(Clone, Copy, Debug, Eq, PartialEq)] -pub enum ErrorKind { +pub enum Error { /// Memory error MemoryError, @@ -87,71 +87,71 @@ pub enum ErrorKind { NotSupported, } -impl ErrorKind { +impl Error { /// Name of the error. /// /// These names map to the legacy names from the Yubico C library, to /// assist in web searches for relevant information for these errors. pub fn name(self) -> &'static str { match self { - ErrorKind::MemoryError => "YKPIV_MEMORY_ERROR", - ErrorKind::PcscError => "YKPIV_PCSC_ERROR", - ErrorKind::SizeError => "YKPIV_SIZE_ERROR", - ErrorKind::AppletError => "YKPIV_APPLET_ERROR", - ErrorKind::AuthenticationError => "YKPIV_AUTHENTICATION_ERROR", - ErrorKind::RandomnessError => "YKPIV_RANDOMNESS_ERROR", - ErrorKind::GenericError => "YKPIV_GENERIC_ERROR", - ErrorKind::KeyError => "YKPIV_KEY_ERROR", - ErrorKind::ParseError => "YKPIV_PARSE_ERROR", - ErrorKind::WrongPin { .. } => "YKPIV_WRONG_PIN", - ErrorKind::InvalidObject => "YKPIV_INVALID_OBJECT", - ErrorKind::AlgorithmError => "YKPIV_ALGORITHM_ERROR", - ErrorKind::PinLocked => "YKPIV_PIN_LOCKED", - ErrorKind::ArgumentError => "YKPIV_ARGUMENT_ERROR", - ErrorKind::RangeError => "YKPIV_RANGE_ERROR", - ErrorKind::NotSupported => "YKPIV_NOT_SUPPORTED", + Error::MemoryError => "YKPIV_MEMORY_ERROR", + Error::PcscError => "YKPIV_PCSC_ERROR", + Error::SizeError => "YKPIV_SIZE_ERROR", + Error::AppletError => "YKPIV_APPLET_ERROR", + Error::AuthenticationError => "YKPIV_AUTHENTICATION_ERROR", + Error::RandomnessError => "YKPIV_RANDOMNESS_ERROR", + Error::GenericError => "YKPIV_GENERIC_ERROR", + Error::KeyError => "YKPIV_KEY_ERROR", + Error::ParseError => "YKPIV_PARSE_ERROR", + Error::WrongPin { .. } => "YKPIV_WRONG_PIN", + Error::InvalidObject => "YKPIV_INVALID_OBJECT", + Error::AlgorithmError => "YKPIV_ALGORITHM_ERROR", + Error::PinLocked => "YKPIV_PIN_LOCKED", + Error::ArgumentError => "YKPIV_ARGUMENT_ERROR", + Error::RangeError => "YKPIV_RANGE_ERROR", + Error::NotSupported => "YKPIV_NOT_SUPPORTED", } } /// Error message pub fn msg(self) -> &'static str { match self { - ErrorKind::MemoryError => "memory error", - ErrorKind::PcscError => "PCSC error", - ErrorKind::SizeError => "size error", - ErrorKind::AppletError => "applet error", - ErrorKind::AuthenticationError => "authentication error", - ErrorKind::RandomnessError => "randomness error", - ErrorKind::GenericError => "generic error", - ErrorKind::KeyError => "key error", - ErrorKind::ParseError => "parse error", - ErrorKind::WrongPin { .. } => "wrong pin", - ErrorKind::InvalidObject => "invalid object", - ErrorKind::AlgorithmError => "algorithm error", - ErrorKind::PinLocked => "PIN locked", - ErrorKind::ArgumentError => "argument error", - ErrorKind::RangeError => "range error", - ErrorKind::NotSupported => "not supported", + Error::MemoryError => "memory error", + Error::PcscError => "PCSC error", + Error::SizeError => "size error", + Error::AppletError => "applet error", + Error::AuthenticationError => "authentication error", + Error::RandomnessError => "randomness error", + Error::GenericError => "generic error", + Error::KeyError => "key error", + Error::ParseError => "parse error", + Error::WrongPin { .. } => "wrong pin", + Error::InvalidObject => "invalid object", + Error::AlgorithmError => "algorithm error", + Error::PinLocked => "PIN locked", + Error::ArgumentError => "argument error", + Error::RangeError => "range error", + Error::NotSupported => "not supported", } } } -impl fmt::Display for ErrorKind { +impl fmt::Display for Error { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.write_str(self.msg()) } } -impl std::error::Error for ErrorKind {} +impl std::error::Error for Error {} /// Get a string representation of this error // TODO(tarcieri): completely replace this with `Display` -pub fn ykpiv_strerror(err: ErrorKind) -> &'static str { +pub fn ykpiv_strerror(err: Error) -> &'static str { err.msg() } /// Get the name of this error // TODO(tarcieri): completely replace this with debug -pub fn ykpiv_strerror_name(err: ErrorKind) -> &'static str { +pub fn ykpiv_strerror_name(err: Error) -> &'static str { err.name() } diff --git a/src/util.rs b/src/util.rs index 18d4b0d..1f819b8 100644 --- a/src/util.rs +++ b/src/util.rs @@ -33,7 +33,7 @@ #![allow(non_camel_case_types, non_snake_case)] #![allow(clippy::missing_safety_doc, clippy::too_many_arguments)] -use crate::{consts::*, error::ErrorKind, internal::*, yubikey::*}; +use crate::{consts::*, error::Error, internal::*, yubikey::*}; use getrandom::getrandom; use hmac::Hmac; use libc::{calloc, free, memcpy, memmove, realloc, time}; @@ -86,16 +86,13 @@ pub static mut CCC_TMPL: &[u8] = &[ pub struct CardId([u8; 16]); /// Get Card ID -pub unsafe fn ykpiv_util_get_cardid( - state: &mut YubiKey, - cardid: *mut CardId, -) -> Result<(), ErrorKind> { +pub unsafe fn ykpiv_util_get_cardid(state: &mut YubiKey, cardid: *mut CardId) -> Result<(), Error> { let mut buf = [0u8; CB_OBJ_MAX]; let mut len = buf.len(); let mut res = Ok(()); if cardid.is_null() { - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } _ykpiv_begin_transaction(state)?; @@ -105,7 +102,7 @@ pub unsafe fn ykpiv_util_get_cardid( if res.is_ok() { if len != CHUID_TMPL.len() { - res = Err(ErrorKind::GenericError); + res = Err(Error::GenericError); } else { memcpy( (*cardid).0.as_mut_ptr() as (*mut c_void), @@ -124,13 +121,13 @@ pub unsafe fn ykpiv_util_get_cardid( pub unsafe fn ykpiv_util_set_cardid( state: &mut YubiKey, cardid: *const CardId, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut id = [0u8; YKPIV_CARDID_SIZE]; let mut buf = [0u8; CHUID_TMPL.len()]; let mut res = Ok(()); if cardid.is_null() { - getrandom(&mut id).map_err(|_| ErrorKind::RandomnessError)?; + getrandom(&mut id).map_err(|_| Error::RandomnessError)?; } else { memcpy( id.as_mut_ptr() as (*mut c_void), @@ -171,13 +168,13 @@ pub unsafe fn ykpiv_util_set_cardid( pub struct CCCID([u8; 14]); /// Get Cardholder Capability Container (CCC) ID -pub unsafe fn ykpiv_util_get_cccid(state: &mut YubiKey, ccc: *mut CCCID) -> Result<(), ErrorKind> { +pub unsafe fn ykpiv_util_get_cccid(state: &mut YubiKey, ccc: *mut CCCID) -> Result<(), Error> { let mut res = Ok(()); let mut buf = [0u8; CB_OBJ_MAX]; let mut len = buf.len(); if ccc.is_null() { - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } _ykpiv_begin_transaction(state)?; @@ -193,7 +190,7 @@ pub unsafe fn ykpiv_util_get_cccid(state: &mut YubiKey, ccc: *mut CCCID) -> Resu if res.is_ok() { if len != CCC_TMPL.len() { let _ = _ykpiv_end_transaction(state); - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } memcpy( @@ -208,17 +205,14 @@ pub unsafe fn ykpiv_util_get_cccid(state: &mut YubiKey, ccc: *mut CCCID) -> Resu } /// Get Cardholder Capability Container (CCC) ID -pub unsafe fn ykpiv_util_set_cccid( - state: &mut YubiKey, - ccc: *const CCCID, -) -> Result<(), ErrorKind> { +pub unsafe fn ykpiv_util_set_cccid(state: &mut YubiKey, ccc: *const CCCID) -> Result<(), Error> { let mut res = Ok(()); let mut id = [0u8; 14]; let mut buf = [0u8; 51]; let len: usize; if ccc.is_null() { - getrandom(&mut id).map_err(|_| ErrorKind::RandomnessError)?; + getrandom(&mut id).map_err(|_| Error::RandomnessError)?; } else { memcpy( id.as_mut_ptr() as (*mut c_void), @@ -311,7 +305,7 @@ pub unsafe fn ykpiv_util_list_keys( key_count: *mut u8, data: *mut *mut YkPivKey, data_len: *mut usize, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut _currentBlock; let mut res = Ok(()); let mut p_key: *mut YkPivKey; @@ -326,7 +320,7 @@ pub unsafe fn ykpiv_util_list_keys( let CB_PAGE: usize = 4096; if data.is_null() || data_len.is_null() || key_count.is_null() { - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } _ykpiv_begin_transaction(state)?; @@ -340,7 +334,7 @@ pub unsafe fn ykpiv_util_list_keys( if p_data.is_null() { let _ = _ykpiv_end_transaction(state); - return Err(ErrorKind::MemoryError); + return Err(Error::MemoryError); } cb_data = CB_PAGE; @@ -423,7 +417,7 @@ pub unsafe fn ykpiv_util_list_keys( } res = Ok(()); } else { - res = Err(ErrorKind::MemoryError); + res = Err(Error::MemoryError); } } @@ -441,13 +435,13 @@ pub unsafe fn ykpiv_util_read_cert( slot: u8, data: *mut *mut u8, data_len: *mut usize, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut res = Ok(()); let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE]; let mut cb_buf: usize = buf.len(); if data.is_null() || data_len.is_null() { - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } _ykpiv_begin_transaction(state)?; @@ -466,7 +460,7 @@ pub unsafe fn ykpiv_util_read_cert( } .is_null() { - res = Err(ErrorKind::MemoryError); + res = Err(Error::MemoryError); } else { memcpy( *data as (*mut c_void), @@ -489,7 +483,7 @@ pub unsafe fn ykpiv_util_write_cert( data: *mut u8, data_len: usize, certinfo: u8, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut res = Ok(()); _ykpiv_begin_transaction(state)?; @@ -503,12 +497,12 @@ pub unsafe fn ykpiv_util_write_cert( } /// Delete certificate -pub unsafe fn ykpiv_util_delete_cert(state: &mut YubiKey, slot: u8) -> Result<(), ErrorKind> { +pub unsafe fn ykpiv_util_delete_cert(state: &mut YubiKey, slot: u8) -> Result<(), Error> { ykpiv_util_write_cert(state, slot, ptr::null_mut(), 0, 0) } /// Block PUK -pub unsafe fn ykpiv_util_block_puk(state: &mut YubiKey) -> Result<(), ErrorKind> { +pub unsafe fn ykpiv_util_block_puk(state: &mut YubiKey) -> Result<(), Error> { let mut res = Ok(()); let mut puk = [0x30, 0x42, 0x41, 0x44, 0x46, 0x30, 0x30, 0x44]; let mut tries_remaining: i32 = -1; @@ -530,12 +524,12 @@ pub unsafe fn ykpiv_util_block_puk(state: &mut YubiKey) -> Result<(), ErrorKind> match res { Ok(()) => puk[0] += 1, - Err(ErrorKind::WrongPin { tries }) => { + Err(Error::WrongPin { tries }) => { tries_remaining = tries; continue; } Err(e) => { - if e != ErrorKind::PinLocked { + if e != Error::PinLocked { continue; } tries_remaining = 0; @@ -625,7 +619,7 @@ pub unsafe fn ykpiv_util_read_mscmap( state: &mut YubiKey, containers: *mut *mut YkPivContainer, n_containers: *mut usize, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut res = Ok(()); let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE]; let mut cb_buf: usize = buf.len(); @@ -634,7 +628,7 @@ pub unsafe fn ykpiv_util_read_mscmap( if containers.is_null() || n_containers.is_null() { // TODO(str4d): Should this really continue on here? - res = Err(ErrorKind::GenericError); + res = Err(Error::GenericError); } _ykpiv_begin_transaction(state)?; @@ -674,7 +668,7 @@ pub unsafe fn ykpiv_util_read_mscmap( *containers = calloc(len, 1) as (*mut YkPivContainer); if (*containers).is_null() { - res = Err(ErrorKind::MemoryError); + res = Err(Error::MemoryError); } else { memcpy(*containers as (*mut c_void), ptr as (*const c_void), len); *n_containers = len.wrapping_div(mem::size_of::()); @@ -699,7 +693,7 @@ pub unsafe fn ykpiv_util_write_mscmap( state: &mut YubiKey, containers: *mut YkPivContainer, n_containers: usize, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut res = Ok(()); let mut buf = [0u8; CB_OBJ_MAX]; let mut offset: usize = 0; @@ -710,7 +704,7 @@ pub unsafe fn ykpiv_util_write_mscmap( if _ykpiv_ensure_application_selected(state).is_ok() { if containers.is_null() || n_containers == 0 { if !containers.is_null() || n_containers != 0 { - res = Err(ErrorKind::GenericError); + res = Err(Error::GenericError); } else { res = _ykpiv_save_object(state, YKPIV_OBJ_MSCMAP as i32, ptr::null_mut(), 0); } @@ -723,7 +717,7 @@ pub unsafe fn ykpiv_util_write_mscmap( if req_len > _obj_size_max(state) { let _ = _ykpiv_end_transaction(state); - return Err(ErrorKind::SizeError); + return Err(Error::SizeError); } buf[offset] = TAG_MSCMAP; @@ -747,7 +741,7 @@ pub unsafe fn ykpiv_util_read_msroots( state: &mut YubiKey, data: *mut *mut u8, data_len: *mut usize, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut _currentBlock = 0; let mut res; let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE]; @@ -762,7 +756,7 @@ pub unsafe fn ykpiv_util_read_msroots( let mut offset: usize = 0; if data.is_null() || data_len.is_null() { - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } _ykpiv_begin_transaction(state)?; @@ -782,7 +776,7 @@ pub unsafe fn ykpiv_util_read_msroots( if p_data.is_null() { let _ = _ykpiv_end_transaction(state); - return Err(ErrorKind::MemoryError); + return Err(Error::MemoryError); } for object_id in YKPIV_OBJ_MSROOTS1..YKPIV_OBJ_MSROOTS5 { @@ -863,7 +857,7 @@ pub unsafe fn ykpiv_util_read_msroots( *data_len = offset; res = Ok(()); } else if _currentBlock == 16 { - res = Err(ErrorKind::MemoryError); + res = Err(Error::MemoryError); } else if _currentBlock != 21 { res = Ok(()); } @@ -881,7 +875,7 @@ pub unsafe fn ykpiv_util_write_msroots( state: &mut YubiKey, data: *mut u8, data_len: usize, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut res = Ok(()); let mut buf = [0u8; CB_OBJ_MAX]; let mut offset: usize; @@ -895,7 +889,7 @@ pub unsafe fn ykpiv_util_write_msroots( if _ykpiv_ensure_application_selected(state).is_ok() { if data.is_null() || data_len == 0 { if !data.is_null() || data_len != 0 { - res = Err(ErrorKind::GenericError); + res = Err(Error::GenericError); } else { res = _ykpiv_save_object(state, YKPIV_OBJ_MSROOTS1 as i32, ptr::null_mut(), 0); } @@ -908,7 +902,7 @@ pub unsafe fn ykpiv_util_write_msroots( if n_objs > 5 { let _ = _ykpiv_end_transaction(state); - return Err(ErrorKind::SizeError); + return Err(Error::SizeError); } for i in 0..n_objs { @@ -981,7 +975,7 @@ pub unsafe fn ykpiv_util_generate_key( exp_len: *mut usize, point: *mut *mut u8, point_len: *mut usize, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut res = Ok(()); let mut in_data = [0u8; 11]; let mut in_ptr = in_data.as_mut_ptr(); @@ -1031,7 +1025,7 @@ pub unsafe fn ykpiv_util_generate_key( ); if !setting_roca.value { - return Err(ErrorKind::NotSupported); + return Err(Error::NotSupported); } } @@ -1039,7 +1033,7 @@ pub unsafe fn ykpiv_util_generate_key( YKPIV_ALGO_RSA1024 | YKPIV_ALGO_RSA2048 => { if point.is_null() || point_len.is_null() { error!("invalid output parameter for ECC algorithm"); - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } *point = ptr::null_mut(); @@ -1048,7 +1042,7 @@ pub unsafe fn ykpiv_util_generate_key( YKPIV_ALGO_ECCP256 | YKPIV_ALGO_ECCP384 => { if modulus.is_null() || modulus_len.is_null() || exp.is_null() || exp_len.is_null() { error!("invalid output parameter for RSA algorithm"); - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } *modulus = ptr::null_mut(); @@ -1058,7 +1052,7 @@ pub unsafe fn ykpiv_util_generate_key( } _ => { error!("invalid algorithm specified"); - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } } @@ -1075,7 +1069,7 @@ pub unsafe fn ykpiv_util_generate_key( in_ptr = in_ptr.add(5); if in_data[4] == 0 { - res = Err(ErrorKind::AlgorithmError); + res = Err(Error::AlgorithmError); error!("unexpected algorithm"); } else { if pin_policy != YKPIV_PINPOLICY_DEFAULT { @@ -1111,11 +1105,11 @@ pub unsafe fn ykpiv_util_generate_key( match sw { SW_ERR_INCORRECT_SLOT => { - res = Err(ErrorKind::KeyError); + res = Err(Error::KeyError); error!("{} (incorrect slot)", err_msg); } SW_ERR_INCORRECT_PARAM => { - res = Err(ErrorKind::AlgorithmError); + res = Err(Error::AlgorithmError); if pin_policy != 0 { error!("{} (pin policy not supported?)", err_msg); @@ -1126,11 +1120,11 @@ pub unsafe fn ykpiv_util_generate_key( } } SW_ERR_SECURITY_STATUS => { - res = Err(ErrorKind::AuthenticationError); + res = Err(Error::AuthenticationError); error!("{} (not authenticated)", err_msg); } _ => { - res = Err(ErrorKind::GenericError); + res = Err(Error::GenericError); error!("{} (error {:x})", err_msg, sw); } } @@ -1140,7 +1134,7 @@ pub unsafe fn ykpiv_util_generate_key( if *data_ptr != TAG_RSA_MODULUS { error!("Failed to parse public key structure (modulus)"); - res = Err(ErrorKind::ParseError); + res = Err(Error::ParseError); } else { data_ptr = data_ptr.add(1); data_ptr = data_ptr.add(_ykpiv_get_length(data_ptr, &mut len)); @@ -1149,7 +1143,7 @@ pub unsafe fn ykpiv_util_generate_key( if ptr_modulus.is_null() { error!("failed to allocate memory for modulus"); - res = Err(ErrorKind::MemoryError); + res = Err(Error::MemoryError); } else { memcpy( ptr_modulus as *mut c_void, @@ -1160,7 +1154,7 @@ pub unsafe fn ykpiv_util_generate_key( data_ptr = data_ptr.add(len); if *data_ptr != TAG_RSA_EXP { error!("failed to parse public key structure (public exponent)"); - res = Err(ErrorKind::ParseError); + res = Err(Error::ParseError); } else { data_ptr = data_ptr.add(1); data_ptr = data_ptr.add(_ykpiv_get_length(data_ptr, &mut len)); @@ -1168,7 +1162,7 @@ pub unsafe fn ykpiv_util_generate_key( ptr_exp = calloc(cb_exp, 1) as *mut u8; if ptr_exp.is_null() { error!("failed to allocate memory for public exponent"); - res = Err(ErrorKind::MemoryError); + res = Err(Error::MemoryError); } else { memcpy( ptr_exp as (*mut c_void), @@ -1201,7 +1195,7 @@ pub unsafe fn ykpiv_util_generate_key( if tag != TAG_ECC_POINT { error!("failed to parse public key structure"); - res = Err(ErrorKind::ParseError); + res = Err(Error::ParseError); } else { // the curve point should always be determined by the curve let len_byte = *data_ptr; @@ -1209,14 +1203,14 @@ pub unsafe fn ykpiv_util_generate_key( if len_byte as usize != len { error!("unexpected length"); - res = Err(ErrorKind::AlgorithmError); + res = Err(Error::AlgorithmError); } else { cb_point = len; ptr_point = calloc(cb_point, 1) as (*mut u8); if ptr_point.is_null() { error!("failed to allocate memory for public point"); - res = Err(ErrorKind::MemoryError); + res = Err(Error::MemoryError); } else { memcpy( ptr_point as (*mut c_void), @@ -1231,7 +1225,7 @@ pub unsafe fn ykpiv_util_generate_key( } } else { error!("wrong algorithm"); - res = Err(ErrorKind::AlgorithmError); + res = Err(Error::AlgorithmError); } } } @@ -1290,7 +1284,7 @@ pub struct YkPivConfig { pub unsafe fn ykpiv_util_get_config( state: &mut YubiKey, config: *mut YkPivConfig, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut data = [0u8; YKPIV_OBJ_MAX_SIZE]; let mut cb_data: usize = mem::size_of::<[u8; YKPIV_OBJ_MAX_SIZE]>(); let mut p_item: *mut u8 = ptr::null_mut(); @@ -1298,7 +1292,7 @@ pub unsafe fn ykpiv_util_get_config( let mut res = Ok(()); if config.is_null() { - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } (*config).protected_data_available = false; @@ -1406,7 +1400,7 @@ pub unsafe fn ykpiv_util_get_config( } /// Set PIN last changed -pub unsafe fn ykpiv_util_set_pin_last_changed(state: &mut YubiKey) -> Result<(), ErrorKind> { +pub unsafe fn ykpiv_util_set_pin_last_changed(state: &mut YubiKey) -> Result<(), Error> { let mut data = [0u8; YKPIV_OBJ_MAX_SIZE]; let mut cb_data = data.len(); let mut res = Ok(()); @@ -1467,7 +1461,7 @@ pub unsafe fn ykpiv_util_get_derived_mgm( state: &mut YubiKey, pin: &[u8], mgm: &mut YkPivMgm, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut data = [0u8; YKPIV_OBJ_MAX_SIZE]; let mut cb_data: usize = data.len(); let mut p_item: *mut u8 = ptr::null_mut(); @@ -1502,7 +1496,7 @@ pub unsafe fn ykpiv_util_get_derived_mgm( ); let _ = _ykpiv_end_transaction(state); - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } let salt = std::slice::from_raw_parts_mut(p_item, cb_item); @@ -1518,7 +1512,7 @@ pub unsafe fn ykpiv_util_get_derived_mgm( pub unsafe fn ykpiv_util_get_protected_mgm( state: &mut YubiKey, mgm: *mut YkPivMgm, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { // TODO(tarcieri): replace vec with wrapper type that impls `Zeroize` let mut data = Zeroizing::new([0u8; YKPIV_OBJ_MAX_SIZE].to_vec()); let mut cb_data: usize = data.len(); @@ -1527,7 +1521,7 @@ pub unsafe fn ykpiv_util_get_protected_mgm( let mut res = Ok(()); if mgm.is_null() { - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } _ykpiv_begin_transaction(state)?; @@ -1553,7 +1547,7 @@ pub unsafe fn ykpiv_util_get_protected_mgm( "protected data contains mgm, but is the wrong size = {}", cb_item, ); - res = Err(ErrorKind::AuthenticationError); + res = Err(Error::AuthenticationError); } else { memcpy( (*mgm).0.as_mut_ptr() as (*mut c_void), @@ -1575,7 +1569,7 @@ pub unsafe fn ykpiv_util_get_protected_mgm( pub unsafe fn ykpiv_util_set_protected_mgm( state: &mut YubiKey, mgm: *mut YkPivMgm, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut f_generate: bool; let mut mgm_key = Zeroizing::new([0u8; 24]); // TODO(tarcieri): replace vec with wrapper type that impls `Zeroize` @@ -1617,7 +1611,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm( if let Err(e) = getrandom(mgm_key.deref_mut()) { error!("could not generate new mgm, err = {}", e); let _ = _ykpiv_end_transaction(state); - return Err(ErrorKind::RandomnessError); + return Err(Error::RandomnessError); } } @@ -1627,7 +1621,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm( // if set_mgmkey fails with KeyError, it means the generated key is weak // otherwise, log a warning, since the device mgm key is corrupt or we're in // a state where we can't set the mgm key - if Err(ErrorKind::KeyError) != ykrc { + if Err(Error::KeyError) != ykrc { error!( "could not set new derived mgm key, err = {}", ykrc.as_ref().unwrap_err() @@ -1756,7 +1750,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm( } /// Reset -pub unsafe fn ykpiv_util_reset(state: &mut YubiKey) -> Result<(), ErrorKind> { +pub unsafe fn ykpiv_util_reset(state: &mut YubiKey) -> Result<(), Error> { let templ = [0, YKPIV_INS_RESET, 0, 0]; let mut data = [0u8; 255]; let mut recv_len = data.len(); @@ -1774,7 +1768,7 @@ pub unsafe fn ykpiv_util_reset(state: &mut YubiKey) -> Result<(), ErrorKind> { match (res.is_ok(), sw) { (true, SW_SUCCESS) => Ok(()), - _ => Err(ErrorKind::GenericError), + _ => Err(Error::GenericError), } } @@ -1802,13 +1796,13 @@ unsafe fn _read_certificate( slot: u8, buf: *mut u8, buf_len: *mut usize, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut ptr: *mut u8; let object_id = ykpiv_util_slot_object(slot) as i32; let mut len: usize = 0; if object_id == -1 { - return Err(ErrorKind::InvalidObject); + return Err(Error::InvalidObject); } if _ykpiv_fetch_object(state, object_id, buf, buf_len).is_ok() { @@ -1847,19 +1841,19 @@ unsafe fn _write_certificate( data: *mut u8, data_len: usize, certinfo: u8, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut buf = [0u8; CB_OBJ_MAX]; let object_id = ykpiv_util_slot_object(slot) as i32; let mut offset: usize = 0; let mut req_len: usize; if object_id == -1 { - return Err(ErrorKind::InvalidObject); + return Err(Error::InvalidObject); } if data.is_null() || data_len == 0 { if !data.is_null() || data_len != 0 { - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } return _ykpiv_save_object(state, object_id, ptr::null_mut(), 0); @@ -1870,7 +1864,7 @@ unsafe fn _write_certificate( req_len += data_len; if req_len < data_len || req_len > _obj_size_max(state) { - return Err(ErrorKind::SizeError); + return Err(Error::SizeError); } buf[offset] = TAG_CERT; @@ -1908,13 +1902,13 @@ unsafe fn _get_metadata_item( tag: u8, pp_item: *mut *mut u8, pcb_item: *mut usize, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut p_temp: *mut u8 = data; let mut cb_temp: usize = 0; let mut tag_temp: u8; if data.is_null() || pp_item.is_null() || pcb_item.is_null() { - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } *pp_item = ptr::null_mut(); @@ -1925,7 +1919,7 @@ unsafe fn _get_metadata_item( p_temp = p_temp.add(1); if !_ykpiv_has_valid_length(p_temp, data.add(cb_data) as usize - p_temp as usize) { - return Err(ErrorKind::SizeError); + return Err(Error::SizeError); } p_temp = p_temp.add(_ykpiv_get_length(p_temp, &mut cb_temp)); @@ -1943,7 +1937,7 @@ unsafe fn _get_metadata_item( Ok(()) } else { - Err(ErrorKind::GenericError) + Err(Error::GenericError) } } @@ -1966,7 +1960,7 @@ unsafe fn _set_metadata_item( tag: u8, p_item: *mut u8, cb_item: usize, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut p_temp: *mut u8 = data; let mut cb_temp: usize = 0; let mut tag_temp: u8 = 0; @@ -1975,7 +1969,7 @@ unsafe fn _set_metadata_item( let cb_moved: isize; if data.is_null() || pcb_data.is_null() { - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } while p_temp < data.add(*pcb_data) { @@ -2001,7 +1995,7 @@ unsafe fn _set_metadata_item( cb_len = _get_length_size(cb_item) as (usize); if (*pcb_data).wrapping_add(cb_len).wrapping_add(cb_item) > cb_data_max { - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } *p_temp = tag; @@ -2029,7 +2023,7 @@ unsafe fn _set_metadata_item( - cb_len as (isize)); if (*pcb_data + cb_moved as usize) > cb_data_max { - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } memmove( @@ -2058,18 +2052,18 @@ unsafe fn _read_metadata( tag: u8, data: *mut u8, pcb_data: *mut usize, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut p_temp: *mut u8; let mut cb_temp: usize; if data.is_null() || pcb_data.is_null() || YKPIV_OBJ_MAX_SIZE > *pcb_data { - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } let obj_id = match tag { TAG_ADMIN => YKPIV_OBJ_ADMIN_DATA, TAG_PROTECTED => YKPIV_OBJ_PRINTED, - _ => return Err(ErrorKind::InvalidObject), + _ => return Err(Error::InvalidObject), } as i32; cb_temp = *pcb_data; @@ -2078,7 +2072,7 @@ unsafe fn _read_metadata( _ykpiv_fetch_object(state, obj_id, data, &mut cb_temp)?; if cb_temp < CB_OBJ_TAG_MIN { - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } p_temp = data; @@ -2089,14 +2083,14 @@ unsafe fn _read_metadata( _old } as (i32) { - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } p_temp = p_temp.add(_ykpiv_get_length(p_temp, pcb_data)); if *pcb_data > cb_temp - (p_temp as isize - data as isize) as usize { *pcb_data = 0; - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } memmove(data as (*mut c_void), p_temp as (*const c_void), *pcb_data); @@ -2109,18 +2103,18 @@ unsafe fn _write_metadata( tag: u8, data: *mut u8, cb_data: usize, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut buf = [0u8; CB_OBJ_MAX]; // XXX REMEMBER TO ZERO let mut p_temp: *mut u8 = buf.as_mut_ptr(); if cb_data > _obj_size_max(state) - CB_OBJ_TAG_MAX { - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } let obj_id = match tag { TAG_ADMIN => YKPIV_OBJ_ADMIN_DATA, TAG_PROTECTED => YKPIV_OBJ_PRINTED, - _ => return Err(ErrorKind::InvalidObject), + _ => return Err(Error::InvalidObject), } as i32; if data.is_null() || cb_data == 0 { diff --git a/src/yubikey.rs b/src/yubikey.rs index 9f2e146..06ecf4e 100644 --- a/src/yubikey.rs +++ b/src/yubikey.rs @@ -36,7 +36,7 @@ use crate::{ apdu::APDU, consts::*, - error::ErrorKind, + error::Error, internal::{des_decrypt, des_encrypt, yk_des_is_weak_key, DesKey}, }; use getrandom::getrandom; @@ -192,7 +192,7 @@ pub fn ykpiv_init() -> YubiKey { } /// Cleanup YubiKey session -pub(crate) unsafe fn _ykpiv_done(state: &mut YubiKey, disconnect: bool) -> Result<(), ErrorKind> { +pub(crate) unsafe fn _ykpiv_done(state: &mut YubiKey, disconnect: bool) -> Result<(), Error> { if disconnect { ykpiv_disconnect(state); } @@ -203,12 +203,12 @@ pub(crate) unsafe fn _ykpiv_done(state: &mut YubiKey, disconnect: bool) -> Resul /// Cleanup YubiKey session with external card upon completion // TODO(tarcieri): make this a `Drop` handler -pub unsafe fn ykpiv_done_with_external_card(state: &mut YubiKey) -> Result<(), ErrorKind> { +pub unsafe fn ykpiv_done_with_external_card(state: &mut YubiKey) -> Result<(), Error> { _ykpiv_done(state, false) } /// Cleanup YubiKey session upon completion -pub unsafe fn ykpiv_done(state: &mut YubiKey) -> Result<(), ErrorKind> { +pub unsafe fn ykpiv_done(state: &mut YubiKey) -> Result<(), Error> { _ykpiv_done(state, true) } @@ -226,7 +226,7 @@ pub unsafe fn ykpiv_disconnect(state: &mut YubiKey) { } /// Select application -pub(crate) unsafe fn _ykpiv_select_application(state: &mut YubiKey) -> Result<(), ErrorKind> { +pub(crate) unsafe fn _ykpiv_select_application(state: &mut YubiKey) -> Result<(), Error> { let mut data = [0u8; 255]; let mut recv_len = data.len() as u32; let mut sw = 0i32; @@ -249,7 +249,7 @@ pub(crate) unsafe fn _ykpiv_select_application(state: &mut YubiKey) -> Result<() if sw != SW_SUCCESS { error!("failed selecting application: {:04x}", sw); - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } // now that the PIV application is selected, retrieve the version @@ -272,9 +272,7 @@ pub(crate) unsafe fn _ykpiv_select_application(state: &mut YubiKey) -> Result<() } /// Ensure an application is selected (presently noop) -pub(crate) unsafe fn _ykpiv_ensure_application_selected( - _state: &mut YubiKey, -) -> Result<(), ErrorKind> { +pub(crate) unsafe fn _ykpiv_ensure_application_selected(_state: &mut YubiKey) -> Result<(), Error> { // TODO(tarcieri): ENABLE_APPLICATION_RESELECTION support? // // Original C code below: @@ -307,10 +305,10 @@ pub(crate) unsafe fn _ykpiv_connect( state: &mut YubiKey, context: usize, card: usize, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { // if the context has changed, and the new context is not valid, return an error if context != state.context as (usize) && (0x0i32 != SCardIsValidContext(context as (i32))) { - return Err(ErrorKind::PcscError); + return Err(Error::PcscError); } // if card handle has changed, determine if handle is valid (less efficient, but complete) @@ -332,7 +330,7 @@ pub(crate) unsafe fn _ykpiv_connect( &mut atr_len, ) != 0 { - return Err(ErrorKind::PcscError); + return Err(Error::PcscError); } state.is_neo = (atr_len as usize == YKPIV_ATR_NEO_R3.len() - 1) @@ -362,12 +360,12 @@ pub unsafe fn ykpiv_connect_with_external_card( state: &mut YubiKey, context: usize, card: usize, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { _ykpiv_connect(state, context, card) } /// Connect to a YubiKey -pub unsafe fn ykpiv_connect(state: &mut YubiKey, wanted: *const c_char) -> Result<(), ErrorKind> { +pub unsafe fn ykpiv_connect(state: &mut YubiKey, wanted: *const c_char) -> Result<(), Error> { let mut active_protocol: u32 = 0; let mut reader_buf: [c_char; 2048] = [0; 2048]; let mut num_readers = reader_buf.len(); @@ -438,7 +436,7 @@ pub unsafe fn ykpiv_connect(state: &mut YubiKey, wanted: *const c_char) -> Resul error!("error: no usable reader found"); SCardReleaseContext(state.context); state.context = -1; - return Err(ErrorKind::PcscError); + return Err(Error::PcscError); } // Select applet. This is done here instead of in _ykpiv_connect() because @@ -456,7 +454,7 @@ pub unsafe fn ykpiv_list_readers( state: &mut YubiKey, readers: *mut c_char, len: *mut usize, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut num_readers: u32 = 0u32; let mut rc: i32; @@ -465,7 +463,7 @@ pub unsafe fn ykpiv_list_readers( if rc != 0 { error!("error: SCardEstablishContext failed, rc={}", rc); - return Err(ErrorKind::PcscError); + return Err(Error::PcscError); } } @@ -480,7 +478,7 @@ pub unsafe fn ykpiv_list_readers( error!("error: SCardListReaders failed, rc={}", rc); SCardReleaseContext(state.context); state.context = -1i32; - return Err(ErrorKind::PcscError); + return Err(Error::PcscError); } if num_readers as (usize) > *len { @@ -495,7 +493,7 @@ pub unsafe fn ykpiv_list_readers( error!("error: SCardListReaders failed, rc={}", rc); SCardReleaseContext(state.context); state.context = -1i32; - return Err(ErrorKind::PcscError); + return Err(Error::PcscError); } *len = num_readers as usize; @@ -503,7 +501,7 @@ pub unsafe fn ykpiv_list_readers( } /// Reconnect to a YubiKey -pub(crate) unsafe fn reconnect(state: &mut YubiKey) -> Result<(), ErrorKind> { +pub(crate) unsafe fn reconnect(state: &mut YubiKey) -> Result<(), Error> { info!("trying to reconnect to current reader"); let mut active_protocol: u32 = 0; @@ -511,7 +509,7 @@ pub(crate) unsafe fn reconnect(state: &mut YubiKey) -> Result<(), ErrorKind> { if rc != 0x0 { error!("SCardReconnect failed, rc={}", rc); - return Err(ErrorKind::PcscError); + return Err(Error::PcscError); } _ykpiv_select_application(state)?; @@ -524,7 +522,7 @@ pub(crate) unsafe fn reconnect(state: &mut YubiKey) -> Result<(), ErrorKind> { } /// Begin a transaction -pub(crate) unsafe fn _ykpiv_begin_transaction(state: &mut YubiKey) -> Result<(), ErrorKind> { +pub(crate) unsafe fn _ykpiv_begin_transaction(state: &mut YubiKey) -> Result<(), Error> { let mut rc = SCardBeginTransaction(state.card); if rc as usize & 0xffff_ffff == 0x8010_0068 { @@ -534,19 +532,19 @@ pub(crate) unsafe fn _ykpiv_begin_transaction(state: &mut YubiKey) -> Result<(), if rc != 0 { error!("failed to begin pcsc transaction, rc={}", rc); - return Err(ErrorKind::PcscError); + return Err(Error::PcscError); } Ok(()) } /// End a transaction -pub(crate) unsafe fn _ykpiv_end_transaction(state: &mut YubiKey) -> Result<(), ErrorKind> { +pub(crate) unsafe fn _ykpiv_end_transaction(state: &mut YubiKey) -> Result<(), Error> { let rc = SCardEndTransaction(state.card, 0x0); if rc != 0x0 { error!("failed to end pcsc transaction, rc={}", rc); - return Err(ErrorKind::PcscError); + return Err(Error::PcscError); } Ok(()) @@ -561,11 +559,11 @@ pub(crate) unsafe fn _ykpiv_transfer_data( mut out_data: *mut u8, out_len: *mut usize, sw: *mut i32, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut _currentBlock; let mut in_ptr: *const u8 = in_data; let max_out = *out_len; - let mut res: Result<(), ErrorKind>; + let mut res: Result<(), Error>; let mut recv_len: u32; *out_len = 0; @@ -686,7 +684,7 @@ pub(crate) unsafe fn _ykpiv_transfer_data( max_out ); - return Err(ErrorKind::SizeError); + return Err(Error::SizeError); } } else if _currentBlock == 21 { error!( @@ -695,7 +693,7 @@ pub(crate) unsafe fn _ykpiv_transfer_data( max_out ); - return Err(ErrorKind::SizeError); + return Err(Error::SizeError); } res @@ -710,7 +708,7 @@ pub unsafe fn ykpiv_transfer_data( out_data: *mut u8, out_len: *mut usize, sw: *mut i32, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { if let Err(e) = _ykpiv_begin_transaction(state) { *out_len = 0; return Err(e); @@ -728,7 +726,7 @@ pub(crate) unsafe fn _send_data( data: *mut u8, recv_len: *mut u32, sw: *mut i32, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let send_len = apdu.lc as u32 + 5; let mut tmp_len = *recv_len; @@ -746,7 +744,7 @@ pub(crate) unsafe fn _send_data( if rc != SCARD_S_SUCCESS { error!("error: SCardTransmit failed, rc={:08x}", rc); - return Err(ErrorKind::PcscError); + return Err(Error::PcscError); } *recv_len = tmp_len; @@ -769,7 +767,7 @@ pub const DEFAULT_AUTH_KEY: &[u8; DES_LEN_3DES] = b"\x01\x02\x03\x04\x05\x06\x07 pub unsafe fn ykpiv_authenticate( state: &mut YubiKey, key: Option<&[u8; DES_LEN_3DES]>, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut data = [0u8; 261]; let mut recv_len = data.len() as u32; let mut sw: i32 = 0; @@ -798,7 +796,7 @@ pub unsafe fn ykpiv_authenticate( return res; } else if sw != SW_SUCCESS { let _ = _ykpiv_end_transaction(state); - return Err(ErrorKind::AuthenticationError); + return Err(Error::AuthenticationError); } let mut challenge = [0u8; 8]; @@ -824,7 +822,7 @@ pub unsafe fn ykpiv_authenticate( if getrandom(&mut data[14..22]).is_err() { error!("failed getting randomness for authentication."); let _ = _ykpiv_end_transaction(state); - return Err(ErrorKind::RandomnessError); + return Err(Error::RandomnessError); } challenge.copy_from_slice(&data[14..22]); @@ -837,7 +835,7 @@ pub unsafe fn ykpiv_authenticate( return res; } else if sw != SW_SUCCESS { let _ = _ykpiv_end_transaction(state); - return Err(ErrorKind::AuthenticationError); + return Err(Error::AuthenticationError); } // compare the response from the card with our challenge @@ -847,7 +845,7 @@ pub unsafe fn ykpiv_authenticate( if response == data[4..12] { res = Ok(()); } else { - res = Err(ErrorKind::AuthenticationError); + res = Err(Error::AuthenticationError); } } @@ -859,7 +857,7 @@ pub unsafe fn ykpiv_authenticate( pub unsafe fn ykpiv_set_mgmkey( state: &mut YubiKey, new_key: &[u8; DES_LEN_3DES], -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { ykpiv_set_mgmkey2(state, new_key, 0) } @@ -868,7 +866,7 @@ pub(crate) unsafe fn ykpiv_set_mgmkey2( state: &mut YubiKey, new_key: &[u8; DES_LEN_3DES], touch: u8, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut data = [0u8; 261]; let mut recv_len = data.len() as u32; let mut sw: i32 = 0; @@ -883,7 +881,7 @@ pub(crate) unsafe fn ykpiv_set_mgmkey2( "won't set new key '{:?}' since it's weak (with odd parity)", new_key ); - res = Err(ErrorKind::KeyError); + res = Err(Error::KeyError); } else { apdu.ins = YKPIV_INS_SET_MGMKEY; apdu.p1 = 0xff; @@ -893,7 +891,7 @@ pub(crate) unsafe fn ykpiv_set_mgmkey2( 1 => 0xfe, _ => { let _ = _ykpiv_end_transaction(state); - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } }; @@ -906,7 +904,7 @@ pub(crate) unsafe fn ykpiv_set_mgmkey2( res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw); if res.is_ok() && sw != SW_SUCCESS { - res = Err(ErrorKind::GenericError); + res = Err(Error::GenericError); } } } @@ -926,7 +924,7 @@ pub(crate) unsafe fn _general_authenticate( algorithm: u8, key: u8, decipher: bool, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut _currentBlock; let mut indata = [0u8; 1024]; let mut dataptr: *mut u8 = indata.as_mut_ptr(); @@ -946,7 +944,7 @@ pub(crate) unsafe fn _general_authenticate( }; if in_len != key_len { - return Err(ErrorKind::SizeError); + return Err(Error::SizeError); } else { _currentBlock = 16; } @@ -959,10 +957,10 @@ pub(crate) unsafe fn _general_authenticate( }; if (!decipher && (in_len > key_len)) || (decipher && (in_len != (key_len * 2) + 1)) { - return Err(ErrorKind::SizeError); + return Err(Error::SizeError); } } - _ => return Err(ErrorKind::AlgorithmError), + _ => return Err(Error::AlgorithmError), } if in_len < 0x80 { @@ -1004,16 +1002,16 @@ pub(crate) unsafe fn _general_authenticate( error!("Failed sign command with code {:x}", sw); if sw == SW_ERR_SECURITY_STATUS { - return Err(ErrorKind::AuthenticationError); + return Err(Error::AuthenticationError); } else { - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } } // skip the first 7c tag if data[0] != 0x7c { error!("failed parsing signature reply (0x7c byte)"); - return Err(ErrorKind::ParseError); + return Err(Error::ParseError); } dataptr = data.as_mut_ptr().add(1); @@ -1022,7 +1020,7 @@ pub(crate) unsafe fn _general_authenticate( // skip the 82 tag if *dataptr != 0x82 { error!("failed parsing signature reply (0x82 byte)"); - return Err(ErrorKind::ParseError); + return Err(Error::ParseError); } dataptr = dataptr.add(1); @@ -1030,7 +1028,7 @@ pub(crate) unsafe fn _general_authenticate( if len > *out_len { error!("wrong size on output buffer"); - return Err(ErrorKind::SizeError); + return Err(Error::SizeError); } *out_len = len; @@ -1047,7 +1045,7 @@ pub unsafe fn ykpiv_sign_data( out_len: *mut usize, algorithm: u8, key: u8, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { _ykpiv_begin_transaction(state)?; // don't attempt to reselect in crypt operations to avoid problems with PIN_ALWAYS @@ -1069,7 +1067,7 @@ pub unsafe fn ykpiv_decrypt_data( out_len: *mut usize, algorithm: u8, key: u8, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { _ykpiv_begin_transaction(state)?; // don't attempt to reselect in crypt operations to avoid problems with PIN_ALWAYS @@ -1080,7 +1078,7 @@ pub unsafe fn ykpiv_decrypt_data( } /// Get the version of the PIV application installed on the YubiKey -pub(crate) unsafe fn _ykpiv_get_version(state: &mut YubiKey) -> Result { +pub(crate) unsafe fn _ykpiv_get_version(state: &mut YubiKey) -> Result { let mut data = [0u8; 261]; let mut recv_len = data.len() as u32; let mut sw: i32 = 0; @@ -1097,11 +1095,11 @@ pub(crate) unsafe fn _ykpiv_get_version(state: &mut YubiKey) -> Result Result Result { - let mut res = Err(ErrorKind::GenericError); +pub unsafe fn ykpiv_get_version(state: &mut YubiKey) -> Result { + let mut res = Err(Error::GenericError); _ykpiv_begin_transaction(state)?; @@ -1128,10 +1126,7 @@ pub unsafe fn ykpiv_get_version(state: &mut YubiKey) -> Result Result { +pub(crate) unsafe fn _ykpiv_get_serial(state: &mut YubiKey, f_force: bool) -> Result { let yk_applet: *const u8 = ptr::null(); let mut data = [0u8; 255]; let mut recv_len = data.len() as u32; @@ -1165,7 +1160,7 @@ pub(crate) unsafe fn _ykpiv_get_serial( if sw != SW_SUCCESS { error!("failed selecting yk application: {:04x}", sw); - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } recv_len = temp.len() as u32; @@ -1181,7 +1176,7 @@ pub(crate) unsafe fn _ykpiv_get_serial( if sw != SW_SUCCESS { error!("failed retrieving serial number: {:04x}", sw); - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } recv_len = temp.len() as u32; @@ -1203,7 +1198,7 @@ pub(crate) unsafe fn _ykpiv_get_serial( if sw != SW_SUCCESS { error!("failed selecting application: {:04x}", sw); - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } } else { // get serial from yk5 and later devices using the f8 command @@ -1217,13 +1212,13 @@ pub(crate) unsafe fn _ykpiv_get_serial( if sw != SW_SUCCESS { error!("failed retrieving serial number: {:04x}", sw); - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } } // check that we received enough data for the serial number if recv_len < 4 { - return Err(ErrorKind::SizeError); + return Err(Error::SizeError); } // TODO(tarcieri): replace pointers and casts with proper references! @@ -1241,8 +1236,8 @@ pub(crate) unsafe fn _ykpiv_get_serial( } /// Get YubiKey device serial number -pub unsafe fn ykpiv_get_serial(state: &mut YubiKey) -> Result { - let mut res = Err(ErrorKind::GenericError); +pub unsafe fn ykpiv_get_serial(state: &mut YubiKey) -> Result { + let mut res = Err(Error::GenericError); _ykpiv_begin_transaction(state)?; @@ -1260,7 +1255,7 @@ pub(crate) unsafe fn _cache_pin( state: &mut YubiKey, pin: *const c_char, len: usize, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { if !pin.is_null() && (state.pin as *const c_char == pin) { return Ok(()); } @@ -1279,7 +1274,7 @@ pub(crate) unsafe fn _cache_pin( state.pin = malloc(len + 1) as (*mut u8); if state.pin.is_null() { - return Err(ErrorKind::MemoryError); + return Err(Error::MemoryError); } memcpy(state.pin as (*mut c_void), pin as (*const c_void), len); @@ -1292,7 +1287,7 @@ pub(crate) unsafe fn _cache_pin( /// Verify device PIN /// /// Returns the number of tries remaining both on success and on a wrong PIN. -pub unsafe fn ykpiv_verify(state: &mut YubiKey, pin: *const c_char) -> Result { +pub unsafe fn ykpiv_verify(state: &mut YubiKey, pin: *const c_char) -> Result { ykpiv_verify_select( state, pin, @@ -1308,13 +1303,13 @@ pub(crate) unsafe fn _verify( state: &mut YubiKey, pin: *const c_char, pin_len: usize, -) -> Result { +) -> Result { let mut data = [0u8; 261]; let mut recv_len = data.len() as u32; let mut sw: i32 = 0; if pin_len > CB_PIN_MAX { - return Err(ErrorKind::SizeError); + return Err(Error::SizeError); } let mut apdu = APDU::default(); @@ -1356,11 +1351,11 @@ pub(crate) unsafe fn _verify( Ok(sw & 0xf) } else if sw >> 8 == 0x63 { - Err(ErrorKind::WrongPin { tries: sw & 0xf }) + Err(Error::WrongPin { tries: sw & 0xf }) } else if sw == SW_ERR_AUTH_BLOCKED { - Err(ErrorKind::WrongPin { tries: 0 }) + Err(Error::WrongPin { tries: 0 }) } else { - Err(ErrorKind::GenericError) + Err(Error::GenericError) } } @@ -1372,7 +1367,7 @@ pub unsafe fn ykpiv_verify_select( pin: *const c_char, pin_len: usize, force_select: bool, -) -> Result { +) -> Result { let mut res = Ok(-1); _ykpiv_begin_transaction(state)?; @@ -1392,7 +1387,7 @@ pub unsafe fn ykpiv_verify_select( } /// Get the number of PIN retries -pub unsafe fn ykpiv_get_pin_retries(state: &mut YubiKey) -> Result { +pub unsafe fn ykpiv_get_pin_retries(state: &mut YubiKey) -> Result { // Force a re-select to unverify, because once verified the spec dictates that // subsequent verify calls will return a "verification not needed" instead of // the number of tries left... @@ -1402,7 +1397,7 @@ pub unsafe fn ykpiv_get_pin_retries(state: &mut YubiKey) -> Result Ok(tries), + Ok(tries) | Err(Error::WrongPin { tries }) => Ok(tries), Err(e) => Err(e), } } @@ -1412,7 +1407,7 @@ pub unsafe fn ykpiv_set_pin_retries( state: &mut YubiKey, pin_tries: i32, puk_tries: i32, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut res = Ok(()); let mut templ = [0, YKPIV_INS_SET_PIN_RETRIES, 0, 0]; let mut data = [0u8; 255]; @@ -1425,7 +1420,7 @@ pub unsafe fn ykpiv_set_pin_retries( } if pin_tries > 0xff || puk_tries > 0xff || pin_tries < 1 || puk_tries < 1 { - return Err(ErrorKind::RangeError); + return Err(Error::RangeError); } templ[2] = pin_tries as (u8); @@ -1447,9 +1442,9 @@ pub unsafe fn ykpiv_set_pin_retries( if res.is_ok() { res = match sw { SW_SUCCESS => Ok(()), - SW_ERR_AUTH_BLOCKED => Err(ErrorKind::AuthenticationError), - SW_ERR_SECURITY_STATUS => Err(ErrorKind::AuthenticationError), - _ => Err(ErrorKind::GenericError), + SW_ERR_AUTH_BLOCKED => Err(Error::AuthenticationError), + SW_ERR_SECURITY_STATUS => Err(Error::AuthenticationError), + _ => Err(Error::GenericError), }; } } @@ -1466,7 +1461,7 @@ pub(crate) unsafe fn _ykpiv_change_pin( current_pin_len: usize, new_pin: *const c_char, new_pin_len: usize, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut sw: i32 = 0; let mut templ = [0, YKPIV_INS_CHANGE_REFERENCE, 0, 0x80]; let mut indata = [0u8; 16]; @@ -1474,7 +1469,7 @@ pub(crate) unsafe fn _ykpiv_change_pin( let mut recv_len: usize = data.len(); if current_pin_len > 8 || new_pin_len > 8 { - return Err(ErrorKind::SizeError); + return Err(Error::SizeError); } if action == CHREF_ACT_UNBLOCK_PIN { @@ -1529,15 +1524,15 @@ pub(crate) unsafe fn _ykpiv_change_pin( if sw != SW_SUCCESS { if sw >> 8 == 0x63 { - return Err(ErrorKind::WrongPin { tries: sw & 0xf }); + return Err(Error::WrongPin { tries: sw & 0xf }); } if sw == SW_ERR_AUTH_BLOCKED { - return Err(ErrorKind::PinLocked); + return Err(Error::PinLocked); } error!("failed changing pin, token response code: {:x}.", sw); - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } Ok(()) @@ -1552,8 +1547,8 @@ pub unsafe fn ykpiv_change_pin( current_pin_len: usize, new_pin: *const c_char, new_pin_len: usize, -) -> Result<(), ErrorKind> { - let mut res = Err(ErrorKind::GenericError); +) -> Result<(), Error> { + let mut res = Err(Error::GenericError); _ykpiv_begin_transaction(state)?; @@ -1584,8 +1579,8 @@ pub unsafe fn ykpiv_change_puk( current_puk_len: usize, new_puk: *const c_char, new_puk_len: usize, -) -> Result<(), ErrorKind> { - let mut res = Err(ErrorKind::GenericError); +) -> Result<(), Error> { + let mut res = Err(Error::GenericError); _ykpiv_begin_transaction(state)?; @@ -1605,8 +1600,8 @@ pub unsafe fn ykpiv_unblock_pin( puk_len: usize, new_pin: *const c_char, new_pin_len: usize, -) -> Result<(), ErrorKind> { - let mut res = Err(ErrorKind::GenericError); +) -> Result<(), Error> { + let mut res = Err(Error::GenericError); _ykpiv_begin_transaction(state)?; @@ -1624,7 +1619,7 @@ pub unsafe fn ykpiv_fetch_object( object_id: i32, data: *mut u8, len: *mut usize, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut res = Ok(()); _ykpiv_begin_transaction(state)?; @@ -1643,7 +1638,7 @@ pub(crate) unsafe fn _ykpiv_fetch_object( object_id: i32, data: *mut u8, len: *mut usize, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut sw: i32 = 0; let mut indata = [0u8; 5]; let mut inptr: *mut u8 = indata.as_mut_ptr(); @@ -1652,7 +1647,7 @@ pub(crate) unsafe fn _ykpiv_fetch_object( inptr = set_object(object_id, inptr); if inptr.is_null() { - return Err(ErrorKind::InvalidObject); + return Err(Error::InvalidObject); } ykpiv_transfer_data( @@ -1666,19 +1661,19 @@ pub(crate) unsafe fn _ykpiv_fetch_object( )?; if sw != SW_SUCCESS { - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } let mut outlen: usize = 0; if *len < 2 || !_ykpiv_has_valid_length(data.offset(1), (*len).wrapping_sub(1)) { - return Err(ErrorKind::SizeError); + return Err(Error::SizeError); } let offs = _ykpiv_get_length(data.offset(1), &mut outlen); if offs == 0 { - return Err(ErrorKind::SizeError); + return Err(Error::SizeError); } if outlen.wrapping_add(offs).wrapping_add(1) != *len { @@ -1687,7 +1682,7 @@ pub(crate) unsafe fn _ykpiv_fetch_object( *len, outlen ); - return Err(ErrorKind::SizeError); + return Err(Error::SizeError); } memmove( @@ -1706,7 +1701,7 @@ pub unsafe fn ykpiv_save_object( object_id: i32, indata: *mut u8, len: usize, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut res = Ok(()); _ykpiv_begin_transaction(state)?; @@ -1725,7 +1720,7 @@ pub unsafe fn _ykpiv_save_object( object_id: i32, indata: *mut u8, len: usize, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut data = [0u8; YKPIV_OBJ_MAX_SIZE]; let mut dataptr: *mut u8 = data.as_mut_ptr(); let templ = [0, YKPIV_INS_PUT_DATA, 0x3f, 0xff]; @@ -1733,13 +1728,13 @@ pub unsafe fn _ykpiv_save_object( let mut outlen: usize = 0usize; if len > CB_OBJ_MAX { - return Err(ErrorKind::SizeError); + return Err(Error::SizeError); } dataptr = set_object(object_id, dataptr); if dataptr.is_null() { - return Err(ErrorKind::InvalidObject); + return Err(Error::InvalidObject); } *{ let _old = dataptr; @@ -1763,8 +1758,8 @@ pub unsafe fn _ykpiv_save_object( match sw { SW_SUCCESS => Ok(()), - SW_ERR_SECURITY_STATUS => Err(ErrorKind::AuthenticationError), - _ => Err(ErrorKind::GenericError), + SW_ERR_SECURITY_STATUS => Err(Error::AuthenticationError), + _ => Err(Error::GenericError), } } @@ -1806,7 +1801,7 @@ pub unsafe fn ykpiv_import_private_key( ec_data_len: u8, pin_policy: u8, touch_policy: u8, -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut key_data = [0u8; 1024]; let mut in_ptr: *mut u8 = key_data.as_mut_ptr(); let templ = [0, YKPIV_INS_IMPORT_KEY, algorithm, key]; @@ -1824,7 +1819,7 @@ pub unsafe fn ykpiv_import_private_key( || key > YKPIV_KEY_RETIRED20 && (key < YKPIV_KEY_AUTHENTICATION) || key > YKPIV_KEY_CARDAUTH && (key != YKPIV_KEY_ATTESTATION) { - return Err(ErrorKind::KeyError); + return Err(Error::KeyError); } if pin_policy != YKPIV_PINPOLICY_DEFAULT @@ -1832,7 +1827,7 @@ pub unsafe fn ykpiv_import_private_key( && (pin_policy != YKPIV_PINPOLICY_ONCE) && (pin_policy != YKPIV_PINPOLICY_ALWAYS) { - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } if touch_policy != YKPIV_TOUCHPOLICY_DEFAULT @@ -1840,13 +1835,13 @@ pub unsafe fn ykpiv_import_private_key( && (touch_policy != YKPIV_TOUCHPOLICY_ALWAYS) && (touch_policy != YKPIV_TOUCHPOLICY_CACHED) { - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } match algorithm { YKPIV_ALGO_RSA1024 | YKPIV_ALGO_RSA2048 => { if p_len + q_len + dp_len + dq_len + qinv_len >= 1024 { - return Err(ErrorKind::SizeError); + return Err(Error::SizeError); } else { if algorithm == YKPIV_ALGO_RSA1024 { elem_len = 64; @@ -1857,7 +1852,7 @@ pub unsafe fn ykpiv_import_private_key( } if p.is_null() || q.is_null() || dp.is_null() || dq.is_null() || qinv.is_null() { - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } params[0] = p; @@ -1876,7 +1871,7 @@ pub unsafe fn ykpiv_import_private_key( } YKPIV_ALGO_ECCP256 | YKPIV_ALGO_ECCP384 => { if ec_data_len as (usize) >= key_data.len() { - return Err(ErrorKind::SizeError); + return Err(Error::SizeError); } if algorithm == YKPIV_ALGO_ECCP256 { @@ -1886,7 +1881,7 @@ pub unsafe fn ykpiv_import_private_key( } if ec_data.is_null() { - return Err(ErrorKind::GenericError); + return Err(Error::GenericError); } params[0] = ec_data; @@ -1894,7 +1889,7 @@ pub unsafe fn ykpiv_import_private_key( param_tag = 0x6; n_params = 1; } - _ => return Err(ErrorKind::AlgorithmError), + _ => return Err(Error::AlgorithmError), } for i in 0..n_params { @@ -1906,7 +1901,7 @@ pub unsafe fn ykpiv_import_private_key( let remaining = (key_data.as_mut_ptr() as usize) + 1024 - in_ptr as usize; if padding > remaining { - return Err(ErrorKind::AlgorithmError); + return Err(Error::AlgorithmError); } memset(in_ptr as *mut c_void, 0, padding); @@ -1948,9 +1943,9 @@ pub unsafe fn ykpiv_import_private_key( ); if res.is_ok() && sw != SW_SUCCESS { - res = Err(ErrorKind::GenericError); + res = Err(Error::GenericError); if sw == SW_ERR_SECURITY_STATUS { - res = Err(ErrorKind::AuthenticationError); + res = Err(Error::AuthenticationError); } } } @@ -1966,14 +1961,14 @@ pub unsafe fn ykpiv_attest( key: u8, data: *mut u8, data_len: *mut usize, -) -> Result<(), ErrorKind> { - let mut res = Err(ErrorKind::GenericError); +) -> Result<(), Error> { + let mut res = Err(Error::GenericError); let templ = [0, YKPIV_INS_ATTEST, key, 0]; let mut sw: i32 = 0; let mut ul_data_len: usize; if data.is_null() || data_len.is_null() { - return Err(ErrorKind::ArgumentError); + return Err(Error::ArgumentError); } ul_data_len = *data_len; @@ -1993,12 +1988,12 @@ pub unsafe fn ykpiv_attest( if res.is_ok() { if sw != SW_SUCCESS { - res = Err(ErrorKind::GenericError); + res = Err(Error::GenericError); if sw == SW_ERR_NOT_SUPPORTED { - res = Err(ErrorKind::NotSupported); + res = Err(Error::NotSupported); } } else if *data as i32 != 0x30 { - res = Err(ErrorKind::GenericError); + res = Err(Error::GenericError); } else { *data_len = ul_data_len; } @@ -2010,7 +2005,7 @@ pub unsafe fn ykpiv_attest( } /// Get an auth challenge -pub unsafe fn ykpiv_auth_getchallenge(state: &mut YubiKey) -> Result<[u8; 8], ErrorKind> { +pub unsafe fn ykpiv_auth_getchallenge(state: &mut YubiKey) -> Result<[u8; 8], Error> { let mut data = [0u8; 261]; let mut recv_len = data.len() as u32; let mut sw: i32 = 0; @@ -2032,7 +2027,7 @@ pub unsafe fn ykpiv_auth_getchallenge(state: &mut YubiKey) -> Result<[u8; 8], Er if let Err(e) = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw) { res = Err(e) } else if sw != SW_SUCCESS { - res = Err(ErrorKind::AuthenticationError); + res = Err(Error::AuthenticationError); } else { let mut challenge = [0; 8]; challenge.copy_from_slice(&data[4..12]); @@ -2048,7 +2043,7 @@ pub unsafe fn ykpiv_auth_getchallenge(state: &mut YubiKey) -> Result<[u8; 8], Er pub unsafe fn ykpiv_auth_verifyresponse( state: &mut YubiKey, response: [u8; 8], -) -> Result<(), ErrorKind> { +) -> Result<(), Error> { let mut data = [0u8; 261]; let mut recv_len = data.len() as u32; let mut sw: i32 = 0; @@ -2070,7 +2065,7 @@ pub unsafe fn ykpiv_auth_verifyresponse( let mut res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw); if res.is_ok() && sw != SW_SUCCESS { - res = Err(ErrorKind::AuthenticationError); + res = Err(Error::AuthenticationError); } apdu.zeroize(); @@ -2082,7 +2077,7 @@ pub unsafe fn ykpiv_auth_verifyresponse( static mut MGMT_AID: [u8; 8] = [0xa0, 0x00, 0x00, 0x05, 0x27, 0x47, 0x11, 0x17]; /// Deauthenticate -pub unsafe fn ykpiv_auth_deauthenticate(state: &mut YubiKey) -> Result<(), ErrorKind> { +pub unsafe fn ykpiv_auth_deauthenticate(state: &mut YubiKey) -> Result<(), Error> { let mut data = [0u8; 255]; let mut recv_len = data.len() as u32; let mut sw: i32 = 0; @@ -2108,7 +2103,7 @@ pub unsafe fn ykpiv_auth_deauthenticate(state: &mut YubiKey) -> Result<(), Error if sw != SW_SUCCESS { error!("Failed selecting mgmt application: {:04x}", sw); - res = Err(ErrorKind::GenericError); + res = Err(Error::GenericError); } let _ = _ykpiv_end_transaction(state);