Rename ErrorKind to Error
There was originally another `Error` type from the translation. Now that it's gone, and we don't presently have a type just named `Error`, this renames the current `ErrorKind` type now that the original was deleted.
This commit is contained in:
+38
-38
@@ -34,7 +34,7 @@ use std::fmt;
|
|||||||
|
|
||||||
/// Kinds of errors
|
/// Kinds of errors
|
||||||
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
|
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
|
||||||
pub enum ErrorKind {
|
pub enum Error {
|
||||||
/// Memory error
|
/// Memory error
|
||||||
MemoryError,
|
MemoryError,
|
||||||
|
|
||||||
@@ -87,71 +87,71 @@ pub enum ErrorKind {
|
|||||||
NotSupported,
|
NotSupported,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl ErrorKind {
|
impl Error {
|
||||||
/// Name of the error.
|
/// Name of the error.
|
||||||
///
|
///
|
||||||
/// These names map to the legacy names from the Yubico C library, to
|
/// These names map to the legacy names from the Yubico C library, to
|
||||||
/// assist in web searches for relevant information for these errors.
|
/// assist in web searches for relevant information for these errors.
|
||||||
pub fn name(self) -> &'static str {
|
pub fn name(self) -> &'static str {
|
||||||
match self {
|
match self {
|
||||||
ErrorKind::MemoryError => "YKPIV_MEMORY_ERROR",
|
Error::MemoryError => "YKPIV_MEMORY_ERROR",
|
||||||
ErrorKind::PcscError => "YKPIV_PCSC_ERROR",
|
Error::PcscError => "YKPIV_PCSC_ERROR",
|
||||||
ErrorKind::SizeError => "YKPIV_SIZE_ERROR",
|
Error::SizeError => "YKPIV_SIZE_ERROR",
|
||||||
ErrorKind::AppletError => "YKPIV_APPLET_ERROR",
|
Error::AppletError => "YKPIV_APPLET_ERROR",
|
||||||
ErrorKind::AuthenticationError => "YKPIV_AUTHENTICATION_ERROR",
|
Error::AuthenticationError => "YKPIV_AUTHENTICATION_ERROR",
|
||||||
ErrorKind::RandomnessError => "YKPIV_RANDOMNESS_ERROR",
|
Error::RandomnessError => "YKPIV_RANDOMNESS_ERROR",
|
||||||
ErrorKind::GenericError => "YKPIV_GENERIC_ERROR",
|
Error::GenericError => "YKPIV_GENERIC_ERROR",
|
||||||
ErrorKind::KeyError => "YKPIV_KEY_ERROR",
|
Error::KeyError => "YKPIV_KEY_ERROR",
|
||||||
ErrorKind::ParseError => "YKPIV_PARSE_ERROR",
|
Error::ParseError => "YKPIV_PARSE_ERROR",
|
||||||
ErrorKind::WrongPin { .. } => "YKPIV_WRONG_PIN",
|
Error::WrongPin { .. } => "YKPIV_WRONG_PIN",
|
||||||
ErrorKind::InvalidObject => "YKPIV_INVALID_OBJECT",
|
Error::InvalidObject => "YKPIV_INVALID_OBJECT",
|
||||||
ErrorKind::AlgorithmError => "YKPIV_ALGORITHM_ERROR",
|
Error::AlgorithmError => "YKPIV_ALGORITHM_ERROR",
|
||||||
ErrorKind::PinLocked => "YKPIV_PIN_LOCKED",
|
Error::PinLocked => "YKPIV_PIN_LOCKED",
|
||||||
ErrorKind::ArgumentError => "YKPIV_ARGUMENT_ERROR",
|
Error::ArgumentError => "YKPIV_ARGUMENT_ERROR",
|
||||||
ErrorKind::RangeError => "YKPIV_RANGE_ERROR",
|
Error::RangeError => "YKPIV_RANGE_ERROR",
|
||||||
ErrorKind::NotSupported => "YKPIV_NOT_SUPPORTED",
|
Error::NotSupported => "YKPIV_NOT_SUPPORTED",
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Error message
|
/// Error message
|
||||||
pub fn msg(self) -> &'static str {
|
pub fn msg(self) -> &'static str {
|
||||||
match self {
|
match self {
|
||||||
ErrorKind::MemoryError => "memory error",
|
Error::MemoryError => "memory error",
|
||||||
ErrorKind::PcscError => "PCSC error",
|
Error::PcscError => "PCSC error",
|
||||||
ErrorKind::SizeError => "size error",
|
Error::SizeError => "size error",
|
||||||
ErrorKind::AppletError => "applet error",
|
Error::AppletError => "applet error",
|
||||||
ErrorKind::AuthenticationError => "authentication error",
|
Error::AuthenticationError => "authentication error",
|
||||||
ErrorKind::RandomnessError => "randomness error",
|
Error::RandomnessError => "randomness error",
|
||||||
ErrorKind::GenericError => "generic error",
|
Error::GenericError => "generic error",
|
||||||
ErrorKind::KeyError => "key error",
|
Error::KeyError => "key error",
|
||||||
ErrorKind::ParseError => "parse error",
|
Error::ParseError => "parse error",
|
||||||
ErrorKind::WrongPin { .. } => "wrong pin",
|
Error::WrongPin { .. } => "wrong pin",
|
||||||
ErrorKind::InvalidObject => "invalid object",
|
Error::InvalidObject => "invalid object",
|
||||||
ErrorKind::AlgorithmError => "algorithm error",
|
Error::AlgorithmError => "algorithm error",
|
||||||
ErrorKind::PinLocked => "PIN locked",
|
Error::PinLocked => "PIN locked",
|
||||||
ErrorKind::ArgumentError => "argument error",
|
Error::ArgumentError => "argument error",
|
||||||
ErrorKind::RangeError => "range error",
|
Error::RangeError => "range error",
|
||||||
ErrorKind::NotSupported => "not supported",
|
Error::NotSupported => "not supported",
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
impl fmt::Display for ErrorKind {
|
impl fmt::Display for Error {
|
||||||
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
|
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
|
||||||
f.write_str(self.msg())
|
f.write_str(self.msg())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
impl std::error::Error for ErrorKind {}
|
impl std::error::Error for Error {}
|
||||||
|
|
||||||
/// Get a string representation of this error
|
/// Get a string representation of this error
|
||||||
// TODO(tarcieri): completely replace this with `Display`
|
// TODO(tarcieri): completely replace this with `Display`
|
||||||
pub fn ykpiv_strerror(err: ErrorKind) -> &'static str {
|
pub fn ykpiv_strerror(err: Error) -> &'static str {
|
||||||
err.msg()
|
err.msg()
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Get the name of this error
|
/// Get the name of this error
|
||||||
// TODO(tarcieri): completely replace this with debug
|
// TODO(tarcieri): completely replace this with debug
|
||||||
pub fn ykpiv_strerror_name(err: ErrorKind) -> &'static str {
|
pub fn ykpiv_strerror_name(err: Error) -> &'static str {
|
||||||
err.name()
|
err.name()
|
||||||
}
|
}
|
||||||
|
|||||||
+90
-96
@@ -33,7 +33,7 @@
|
|||||||
#![allow(non_camel_case_types, non_snake_case)]
|
#![allow(non_camel_case_types, non_snake_case)]
|
||||||
#![allow(clippy::missing_safety_doc, clippy::too_many_arguments)]
|
#![allow(clippy::missing_safety_doc, clippy::too_many_arguments)]
|
||||||
|
|
||||||
use crate::{consts::*, error::ErrorKind, internal::*, yubikey::*};
|
use crate::{consts::*, error::Error, internal::*, yubikey::*};
|
||||||
use getrandom::getrandom;
|
use getrandom::getrandom;
|
||||||
use hmac::Hmac;
|
use hmac::Hmac;
|
||||||
use libc::{calloc, free, memcpy, memmove, realloc, time};
|
use libc::{calloc, free, memcpy, memmove, realloc, time};
|
||||||
@@ -86,16 +86,13 @@ pub static mut CCC_TMPL: &[u8] = &[
|
|||||||
pub struct CardId([u8; 16]);
|
pub struct CardId([u8; 16]);
|
||||||
|
|
||||||
/// Get Card ID
|
/// Get Card ID
|
||||||
pub unsafe fn ykpiv_util_get_cardid(
|
pub unsafe fn ykpiv_util_get_cardid(state: &mut YubiKey, cardid: *mut CardId) -> Result<(), Error> {
|
||||||
state: &mut YubiKey,
|
|
||||||
cardid: *mut CardId,
|
|
||||||
) -> Result<(), ErrorKind> {
|
|
||||||
let mut buf = [0u8; CB_OBJ_MAX];
|
let mut buf = [0u8; CB_OBJ_MAX];
|
||||||
let mut len = buf.len();
|
let mut len = buf.len();
|
||||||
let mut res = Ok(());
|
let mut res = Ok(());
|
||||||
|
|
||||||
if cardid.is_null() {
|
if cardid.is_null() {
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_begin_transaction(state)?;
|
_ykpiv_begin_transaction(state)?;
|
||||||
@@ -105,7 +102,7 @@ pub unsafe fn ykpiv_util_get_cardid(
|
|||||||
|
|
||||||
if res.is_ok() {
|
if res.is_ok() {
|
||||||
if len != CHUID_TMPL.len() {
|
if len != CHUID_TMPL.len() {
|
||||||
res = Err(ErrorKind::GenericError);
|
res = Err(Error::GenericError);
|
||||||
} else {
|
} else {
|
||||||
memcpy(
|
memcpy(
|
||||||
(*cardid).0.as_mut_ptr() as (*mut c_void),
|
(*cardid).0.as_mut_ptr() as (*mut c_void),
|
||||||
@@ -124,13 +121,13 @@ pub unsafe fn ykpiv_util_get_cardid(
|
|||||||
pub unsafe fn ykpiv_util_set_cardid(
|
pub unsafe fn ykpiv_util_set_cardid(
|
||||||
state: &mut YubiKey,
|
state: &mut YubiKey,
|
||||||
cardid: *const CardId,
|
cardid: *const CardId,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut id = [0u8; YKPIV_CARDID_SIZE];
|
let mut id = [0u8; YKPIV_CARDID_SIZE];
|
||||||
let mut buf = [0u8; CHUID_TMPL.len()];
|
let mut buf = [0u8; CHUID_TMPL.len()];
|
||||||
let mut res = Ok(());
|
let mut res = Ok(());
|
||||||
|
|
||||||
if cardid.is_null() {
|
if cardid.is_null() {
|
||||||
getrandom(&mut id).map_err(|_| ErrorKind::RandomnessError)?;
|
getrandom(&mut id).map_err(|_| Error::RandomnessError)?;
|
||||||
} else {
|
} else {
|
||||||
memcpy(
|
memcpy(
|
||||||
id.as_mut_ptr() as (*mut c_void),
|
id.as_mut_ptr() as (*mut c_void),
|
||||||
@@ -171,13 +168,13 @@ pub unsafe fn ykpiv_util_set_cardid(
|
|||||||
pub struct CCCID([u8; 14]);
|
pub struct CCCID([u8; 14]);
|
||||||
|
|
||||||
/// Get Cardholder Capability Container (CCC) ID
|
/// Get Cardholder Capability Container (CCC) ID
|
||||||
pub unsafe fn ykpiv_util_get_cccid(state: &mut YubiKey, ccc: *mut CCCID) -> Result<(), ErrorKind> {
|
pub unsafe fn ykpiv_util_get_cccid(state: &mut YubiKey, ccc: *mut CCCID) -> Result<(), Error> {
|
||||||
let mut res = Ok(());
|
let mut res = Ok(());
|
||||||
let mut buf = [0u8; CB_OBJ_MAX];
|
let mut buf = [0u8; CB_OBJ_MAX];
|
||||||
let mut len = buf.len();
|
let mut len = buf.len();
|
||||||
|
|
||||||
if ccc.is_null() {
|
if ccc.is_null() {
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_begin_transaction(state)?;
|
_ykpiv_begin_transaction(state)?;
|
||||||
@@ -193,7 +190,7 @@ pub unsafe fn ykpiv_util_get_cccid(state: &mut YubiKey, ccc: *mut CCCID) -> Resu
|
|||||||
if res.is_ok() {
|
if res.is_ok() {
|
||||||
if len != CCC_TMPL.len() {
|
if len != CCC_TMPL.len() {
|
||||||
let _ = _ykpiv_end_transaction(state);
|
let _ = _ykpiv_end_transaction(state);
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy(
|
memcpy(
|
||||||
@@ -208,17 +205,14 @@ pub unsafe fn ykpiv_util_get_cccid(state: &mut YubiKey, ccc: *mut CCCID) -> Resu
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Get Cardholder Capability Container (CCC) ID
|
/// Get Cardholder Capability Container (CCC) ID
|
||||||
pub unsafe fn ykpiv_util_set_cccid(
|
pub unsafe fn ykpiv_util_set_cccid(state: &mut YubiKey, ccc: *const CCCID) -> Result<(), Error> {
|
||||||
state: &mut YubiKey,
|
|
||||||
ccc: *const CCCID,
|
|
||||||
) -> Result<(), ErrorKind> {
|
|
||||||
let mut res = Ok(());
|
let mut res = Ok(());
|
||||||
let mut id = [0u8; 14];
|
let mut id = [0u8; 14];
|
||||||
let mut buf = [0u8; 51];
|
let mut buf = [0u8; 51];
|
||||||
let len: usize;
|
let len: usize;
|
||||||
|
|
||||||
if ccc.is_null() {
|
if ccc.is_null() {
|
||||||
getrandom(&mut id).map_err(|_| ErrorKind::RandomnessError)?;
|
getrandom(&mut id).map_err(|_| Error::RandomnessError)?;
|
||||||
} else {
|
} else {
|
||||||
memcpy(
|
memcpy(
|
||||||
id.as_mut_ptr() as (*mut c_void),
|
id.as_mut_ptr() as (*mut c_void),
|
||||||
@@ -311,7 +305,7 @@ pub unsafe fn ykpiv_util_list_keys(
|
|||||||
key_count: *mut u8,
|
key_count: *mut u8,
|
||||||
data: *mut *mut YkPivKey,
|
data: *mut *mut YkPivKey,
|
||||||
data_len: *mut usize,
|
data_len: *mut usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut _currentBlock;
|
let mut _currentBlock;
|
||||||
let mut res = Ok(());
|
let mut res = Ok(());
|
||||||
let mut p_key: *mut YkPivKey;
|
let mut p_key: *mut YkPivKey;
|
||||||
@@ -326,7 +320,7 @@ pub unsafe fn ykpiv_util_list_keys(
|
|||||||
let CB_PAGE: usize = 4096;
|
let CB_PAGE: usize = 4096;
|
||||||
|
|
||||||
if data.is_null() || data_len.is_null() || key_count.is_null() {
|
if data.is_null() || data_len.is_null() || key_count.is_null() {
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_begin_transaction(state)?;
|
_ykpiv_begin_transaction(state)?;
|
||||||
@@ -340,7 +334,7 @@ pub unsafe fn ykpiv_util_list_keys(
|
|||||||
|
|
||||||
if p_data.is_null() {
|
if p_data.is_null() {
|
||||||
let _ = _ykpiv_end_transaction(state);
|
let _ = _ykpiv_end_transaction(state);
|
||||||
return Err(ErrorKind::MemoryError);
|
return Err(Error::MemoryError);
|
||||||
}
|
}
|
||||||
|
|
||||||
cb_data = CB_PAGE;
|
cb_data = CB_PAGE;
|
||||||
@@ -423,7 +417,7 @@ pub unsafe fn ykpiv_util_list_keys(
|
|||||||
}
|
}
|
||||||
res = Ok(());
|
res = Ok(());
|
||||||
} else {
|
} else {
|
||||||
res = Err(ErrorKind::MemoryError);
|
res = Err(Error::MemoryError);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -441,13 +435,13 @@ pub unsafe fn ykpiv_util_read_cert(
|
|||||||
slot: u8,
|
slot: u8,
|
||||||
data: *mut *mut u8,
|
data: *mut *mut u8,
|
||||||
data_len: *mut usize,
|
data_len: *mut usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut res = Ok(());
|
let mut res = Ok(());
|
||||||
let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE];
|
let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE];
|
||||||
let mut cb_buf: usize = buf.len();
|
let mut cb_buf: usize = buf.len();
|
||||||
|
|
||||||
if data.is_null() || data_len.is_null() {
|
if data.is_null() || data_len.is_null() {
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_begin_transaction(state)?;
|
_ykpiv_begin_transaction(state)?;
|
||||||
@@ -466,7 +460,7 @@ pub unsafe fn ykpiv_util_read_cert(
|
|||||||
}
|
}
|
||||||
.is_null()
|
.is_null()
|
||||||
{
|
{
|
||||||
res = Err(ErrorKind::MemoryError);
|
res = Err(Error::MemoryError);
|
||||||
} else {
|
} else {
|
||||||
memcpy(
|
memcpy(
|
||||||
*data as (*mut c_void),
|
*data as (*mut c_void),
|
||||||
@@ -489,7 +483,7 @@ pub unsafe fn ykpiv_util_write_cert(
|
|||||||
data: *mut u8,
|
data: *mut u8,
|
||||||
data_len: usize,
|
data_len: usize,
|
||||||
certinfo: u8,
|
certinfo: u8,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut res = Ok(());
|
let mut res = Ok(());
|
||||||
|
|
||||||
_ykpiv_begin_transaction(state)?;
|
_ykpiv_begin_transaction(state)?;
|
||||||
@@ -503,12 +497,12 @@ pub unsafe fn ykpiv_util_write_cert(
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Delete certificate
|
/// Delete certificate
|
||||||
pub unsafe fn ykpiv_util_delete_cert(state: &mut YubiKey, slot: u8) -> Result<(), ErrorKind> {
|
pub unsafe fn ykpiv_util_delete_cert(state: &mut YubiKey, slot: u8) -> Result<(), Error> {
|
||||||
ykpiv_util_write_cert(state, slot, ptr::null_mut(), 0, 0)
|
ykpiv_util_write_cert(state, slot, ptr::null_mut(), 0, 0)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Block PUK
|
/// Block PUK
|
||||||
pub unsafe fn ykpiv_util_block_puk(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
pub unsafe fn ykpiv_util_block_puk(state: &mut YubiKey) -> Result<(), Error> {
|
||||||
let mut res = Ok(());
|
let mut res = Ok(());
|
||||||
let mut puk = [0x30, 0x42, 0x41, 0x44, 0x46, 0x30, 0x30, 0x44];
|
let mut puk = [0x30, 0x42, 0x41, 0x44, 0x46, 0x30, 0x30, 0x44];
|
||||||
let mut tries_remaining: i32 = -1;
|
let mut tries_remaining: i32 = -1;
|
||||||
@@ -530,12 +524,12 @@ pub unsafe fn ykpiv_util_block_puk(state: &mut YubiKey) -> Result<(), ErrorKind>
|
|||||||
|
|
||||||
match res {
|
match res {
|
||||||
Ok(()) => puk[0] += 1,
|
Ok(()) => puk[0] += 1,
|
||||||
Err(ErrorKind::WrongPin { tries }) => {
|
Err(Error::WrongPin { tries }) => {
|
||||||
tries_remaining = tries;
|
tries_remaining = tries;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
if e != ErrorKind::PinLocked {
|
if e != Error::PinLocked {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
tries_remaining = 0;
|
tries_remaining = 0;
|
||||||
@@ -625,7 +619,7 @@ pub unsafe fn ykpiv_util_read_mscmap(
|
|||||||
state: &mut YubiKey,
|
state: &mut YubiKey,
|
||||||
containers: *mut *mut YkPivContainer,
|
containers: *mut *mut YkPivContainer,
|
||||||
n_containers: *mut usize,
|
n_containers: *mut usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut res = Ok(());
|
let mut res = Ok(());
|
||||||
let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE];
|
let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE];
|
||||||
let mut cb_buf: usize = buf.len();
|
let mut cb_buf: usize = buf.len();
|
||||||
@@ -634,7 +628,7 @@ pub unsafe fn ykpiv_util_read_mscmap(
|
|||||||
|
|
||||||
if containers.is_null() || n_containers.is_null() {
|
if containers.is_null() || n_containers.is_null() {
|
||||||
// TODO(str4d): Should this really continue on here?
|
// TODO(str4d): Should this really continue on here?
|
||||||
res = Err(ErrorKind::GenericError);
|
res = Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_begin_transaction(state)?;
|
_ykpiv_begin_transaction(state)?;
|
||||||
@@ -674,7 +668,7 @@ pub unsafe fn ykpiv_util_read_mscmap(
|
|||||||
*containers = calloc(len, 1) as (*mut YkPivContainer);
|
*containers = calloc(len, 1) as (*mut YkPivContainer);
|
||||||
|
|
||||||
if (*containers).is_null() {
|
if (*containers).is_null() {
|
||||||
res = Err(ErrorKind::MemoryError);
|
res = Err(Error::MemoryError);
|
||||||
} else {
|
} else {
|
||||||
memcpy(*containers as (*mut c_void), ptr as (*const c_void), len);
|
memcpy(*containers as (*mut c_void), ptr as (*const c_void), len);
|
||||||
*n_containers = len.wrapping_div(mem::size_of::<YkPivContainer>());
|
*n_containers = len.wrapping_div(mem::size_of::<YkPivContainer>());
|
||||||
@@ -699,7 +693,7 @@ pub unsafe fn ykpiv_util_write_mscmap(
|
|||||||
state: &mut YubiKey,
|
state: &mut YubiKey,
|
||||||
containers: *mut YkPivContainer,
|
containers: *mut YkPivContainer,
|
||||||
n_containers: usize,
|
n_containers: usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut res = Ok(());
|
let mut res = Ok(());
|
||||||
let mut buf = [0u8; CB_OBJ_MAX];
|
let mut buf = [0u8; CB_OBJ_MAX];
|
||||||
let mut offset: usize = 0;
|
let mut offset: usize = 0;
|
||||||
@@ -710,7 +704,7 @@ pub unsafe fn ykpiv_util_write_mscmap(
|
|||||||
if _ykpiv_ensure_application_selected(state).is_ok() {
|
if _ykpiv_ensure_application_selected(state).is_ok() {
|
||||||
if containers.is_null() || n_containers == 0 {
|
if containers.is_null() || n_containers == 0 {
|
||||||
if !containers.is_null() || n_containers != 0 {
|
if !containers.is_null() || n_containers != 0 {
|
||||||
res = Err(ErrorKind::GenericError);
|
res = Err(Error::GenericError);
|
||||||
} else {
|
} else {
|
||||||
res = _ykpiv_save_object(state, YKPIV_OBJ_MSCMAP as i32, ptr::null_mut(), 0);
|
res = _ykpiv_save_object(state, YKPIV_OBJ_MSCMAP as i32, ptr::null_mut(), 0);
|
||||||
}
|
}
|
||||||
@@ -723,7 +717,7 @@ pub unsafe fn ykpiv_util_write_mscmap(
|
|||||||
|
|
||||||
if req_len > _obj_size_max(state) {
|
if req_len > _obj_size_max(state) {
|
||||||
let _ = _ykpiv_end_transaction(state);
|
let _ = _ykpiv_end_transaction(state);
|
||||||
return Err(ErrorKind::SizeError);
|
return Err(Error::SizeError);
|
||||||
}
|
}
|
||||||
|
|
||||||
buf[offset] = TAG_MSCMAP;
|
buf[offset] = TAG_MSCMAP;
|
||||||
@@ -747,7 +741,7 @@ pub unsafe fn ykpiv_util_read_msroots(
|
|||||||
state: &mut YubiKey,
|
state: &mut YubiKey,
|
||||||
data: *mut *mut u8,
|
data: *mut *mut u8,
|
||||||
data_len: *mut usize,
|
data_len: *mut usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut _currentBlock = 0;
|
let mut _currentBlock = 0;
|
||||||
let mut res;
|
let mut res;
|
||||||
let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE];
|
let mut buf = [0u8; YKPIV_OBJ_MAX_SIZE];
|
||||||
@@ -762,7 +756,7 @@ pub unsafe fn ykpiv_util_read_msroots(
|
|||||||
let mut offset: usize = 0;
|
let mut offset: usize = 0;
|
||||||
|
|
||||||
if data.is_null() || data_len.is_null() {
|
if data.is_null() || data_len.is_null() {
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_begin_transaction(state)?;
|
_ykpiv_begin_transaction(state)?;
|
||||||
@@ -782,7 +776,7 @@ pub unsafe fn ykpiv_util_read_msroots(
|
|||||||
|
|
||||||
if p_data.is_null() {
|
if p_data.is_null() {
|
||||||
let _ = _ykpiv_end_transaction(state);
|
let _ = _ykpiv_end_transaction(state);
|
||||||
return Err(ErrorKind::MemoryError);
|
return Err(Error::MemoryError);
|
||||||
}
|
}
|
||||||
|
|
||||||
for object_id in YKPIV_OBJ_MSROOTS1..YKPIV_OBJ_MSROOTS5 {
|
for object_id in YKPIV_OBJ_MSROOTS1..YKPIV_OBJ_MSROOTS5 {
|
||||||
@@ -863,7 +857,7 @@ pub unsafe fn ykpiv_util_read_msroots(
|
|||||||
*data_len = offset;
|
*data_len = offset;
|
||||||
res = Ok(());
|
res = Ok(());
|
||||||
} else if _currentBlock == 16 {
|
} else if _currentBlock == 16 {
|
||||||
res = Err(ErrorKind::MemoryError);
|
res = Err(Error::MemoryError);
|
||||||
} else if _currentBlock != 21 {
|
} else if _currentBlock != 21 {
|
||||||
res = Ok(());
|
res = Ok(());
|
||||||
}
|
}
|
||||||
@@ -881,7 +875,7 @@ pub unsafe fn ykpiv_util_write_msroots(
|
|||||||
state: &mut YubiKey,
|
state: &mut YubiKey,
|
||||||
data: *mut u8,
|
data: *mut u8,
|
||||||
data_len: usize,
|
data_len: usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut res = Ok(());
|
let mut res = Ok(());
|
||||||
let mut buf = [0u8; CB_OBJ_MAX];
|
let mut buf = [0u8; CB_OBJ_MAX];
|
||||||
let mut offset: usize;
|
let mut offset: usize;
|
||||||
@@ -895,7 +889,7 @@ pub unsafe fn ykpiv_util_write_msroots(
|
|||||||
if _ykpiv_ensure_application_selected(state).is_ok() {
|
if _ykpiv_ensure_application_selected(state).is_ok() {
|
||||||
if data.is_null() || data_len == 0 {
|
if data.is_null() || data_len == 0 {
|
||||||
if !data.is_null() || data_len != 0 {
|
if !data.is_null() || data_len != 0 {
|
||||||
res = Err(ErrorKind::GenericError);
|
res = Err(Error::GenericError);
|
||||||
} else {
|
} else {
|
||||||
res = _ykpiv_save_object(state, YKPIV_OBJ_MSROOTS1 as i32, ptr::null_mut(), 0);
|
res = _ykpiv_save_object(state, YKPIV_OBJ_MSROOTS1 as i32, ptr::null_mut(), 0);
|
||||||
}
|
}
|
||||||
@@ -908,7 +902,7 @@ pub unsafe fn ykpiv_util_write_msroots(
|
|||||||
|
|
||||||
if n_objs > 5 {
|
if n_objs > 5 {
|
||||||
let _ = _ykpiv_end_transaction(state);
|
let _ = _ykpiv_end_transaction(state);
|
||||||
return Err(ErrorKind::SizeError);
|
return Err(Error::SizeError);
|
||||||
}
|
}
|
||||||
|
|
||||||
for i in 0..n_objs {
|
for i in 0..n_objs {
|
||||||
@@ -981,7 +975,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
|||||||
exp_len: *mut usize,
|
exp_len: *mut usize,
|
||||||
point: *mut *mut u8,
|
point: *mut *mut u8,
|
||||||
point_len: *mut usize,
|
point_len: *mut usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut res = Ok(());
|
let mut res = Ok(());
|
||||||
let mut in_data = [0u8; 11];
|
let mut in_data = [0u8; 11];
|
||||||
let mut in_ptr = in_data.as_mut_ptr();
|
let mut in_ptr = in_data.as_mut_ptr();
|
||||||
@@ -1031,7 +1025,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
|||||||
);
|
);
|
||||||
|
|
||||||
if !setting_roca.value {
|
if !setting_roca.value {
|
||||||
return Err(ErrorKind::NotSupported);
|
return Err(Error::NotSupported);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1039,7 +1033,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
|||||||
YKPIV_ALGO_RSA1024 | YKPIV_ALGO_RSA2048 => {
|
YKPIV_ALGO_RSA1024 | YKPIV_ALGO_RSA2048 => {
|
||||||
if point.is_null() || point_len.is_null() {
|
if point.is_null() || point_len.is_null() {
|
||||||
error!("invalid output parameter for ECC algorithm");
|
error!("invalid output parameter for ECC algorithm");
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
*point = ptr::null_mut();
|
*point = ptr::null_mut();
|
||||||
@@ -1048,7 +1042,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
|||||||
YKPIV_ALGO_ECCP256 | YKPIV_ALGO_ECCP384 => {
|
YKPIV_ALGO_ECCP256 | YKPIV_ALGO_ECCP384 => {
|
||||||
if modulus.is_null() || modulus_len.is_null() || exp.is_null() || exp_len.is_null() {
|
if modulus.is_null() || modulus_len.is_null() || exp.is_null() || exp_len.is_null() {
|
||||||
error!("invalid output parameter for RSA algorithm");
|
error!("invalid output parameter for RSA algorithm");
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
*modulus = ptr::null_mut();
|
*modulus = ptr::null_mut();
|
||||||
@@ -1058,7 +1052,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
|||||||
}
|
}
|
||||||
_ => {
|
_ => {
|
||||||
error!("invalid algorithm specified");
|
error!("invalid algorithm specified");
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1075,7 +1069,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
|||||||
in_ptr = in_ptr.add(5);
|
in_ptr = in_ptr.add(5);
|
||||||
|
|
||||||
if in_data[4] == 0 {
|
if in_data[4] == 0 {
|
||||||
res = Err(ErrorKind::AlgorithmError);
|
res = Err(Error::AlgorithmError);
|
||||||
error!("unexpected algorithm");
|
error!("unexpected algorithm");
|
||||||
} else {
|
} else {
|
||||||
if pin_policy != YKPIV_PINPOLICY_DEFAULT {
|
if pin_policy != YKPIV_PINPOLICY_DEFAULT {
|
||||||
@@ -1111,11 +1105,11 @@ pub unsafe fn ykpiv_util_generate_key(
|
|||||||
|
|
||||||
match sw {
|
match sw {
|
||||||
SW_ERR_INCORRECT_SLOT => {
|
SW_ERR_INCORRECT_SLOT => {
|
||||||
res = Err(ErrorKind::KeyError);
|
res = Err(Error::KeyError);
|
||||||
error!("{} (incorrect slot)", err_msg);
|
error!("{} (incorrect slot)", err_msg);
|
||||||
}
|
}
|
||||||
SW_ERR_INCORRECT_PARAM => {
|
SW_ERR_INCORRECT_PARAM => {
|
||||||
res = Err(ErrorKind::AlgorithmError);
|
res = Err(Error::AlgorithmError);
|
||||||
|
|
||||||
if pin_policy != 0 {
|
if pin_policy != 0 {
|
||||||
error!("{} (pin policy not supported?)", err_msg);
|
error!("{} (pin policy not supported?)", err_msg);
|
||||||
@@ -1126,11 +1120,11 @@ pub unsafe fn ykpiv_util_generate_key(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
SW_ERR_SECURITY_STATUS => {
|
SW_ERR_SECURITY_STATUS => {
|
||||||
res = Err(ErrorKind::AuthenticationError);
|
res = Err(Error::AuthenticationError);
|
||||||
error!("{} (not authenticated)", err_msg);
|
error!("{} (not authenticated)", err_msg);
|
||||||
}
|
}
|
||||||
_ => {
|
_ => {
|
||||||
res = Err(ErrorKind::GenericError);
|
res = Err(Error::GenericError);
|
||||||
error!("{} (error {:x})", err_msg, sw);
|
error!("{} (error {:x})", err_msg, sw);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1140,7 +1134,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
|||||||
|
|
||||||
if *data_ptr != TAG_RSA_MODULUS {
|
if *data_ptr != TAG_RSA_MODULUS {
|
||||||
error!("Failed to parse public key structure (modulus)");
|
error!("Failed to parse public key structure (modulus)");
|
||||||
res = Err(ErrorKind::ParseError);
|
res = Err(Error::ParseError);
|
||||||
} else {
|
} else {
|
||||||
data_ptr = data_ptr.add(1);
|
data_ptr = data_ptr.add(1);
|
||||||
data_ptr = data_ptr.add(_ykpiv_get_length(data_ptr, &mut len));
|
data_ptr = data_ptr.add(_ykpiv_get_length(data_ptr, &mut len));
|
||||||
@@ -1149,7 +1143,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
|||||||
|
|
||||||
if ptr_modulus.is_null() {
|
if ptr_modulus.is_null() {
|
||||||
error!("failed to allocate memory for modulus");
|
error!("failed to allocate memory for modulus");
|
||||||
res = Err(ErrorKind::MemoryError);
|
res = Err(Error::MemoryError);
|
||||||
} else {
|
} else {
|
||||||
memcpy(
|
memcpy(
|
||||||
ptr_modulus as *mut c_void,
|
ptr_modulus as *mut c_void,
|
||||||
@@ -1160,7 +1154,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
|||||||
data_ptr = data_ptr.add(len);
|
data_ptr = data_ptr.add(len);
|
||||||
if *data_ptr != TAG_RSA_EXP {
|
if *data_ptr != TAG_RSA_EXP {
|
||||||
error!("failed to parse public key structure (public exponent)");
|
error!("failed to parse public key structure (public exponent)");
|
||||||
res = Err(ErrorKind::ParseError);
|
res = Err(Error::ParseError);
|
||||||
} else {
|
} else {
|
||||||
data_ptr = data_ptr.add(1);
|
data_ptr = data_ptr.add(1);
|
||||||
data_ptr = data_ptr.add(_ykpiv_get_length(data_ptr, &mut len));
|
data_ptr = data_ptr.add(_ykpiv_get_length(data_ptr, &mut len));
|
||||||
@@ -1168,7 +1162,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
|||||||
ptr_exp = calloc(cb_exp, 1) as *mut u8;
|
ptr_exp = calloc(cb_exp, 1) as *mut u8;
|
||||||
if ptr_exp.is_null() {
|
if ptr_exp.is_null() {
|
||||||
error!("failed to allocate memory for public exponent");
|
error!("failed to allocate memory for public exponent");
|
||||||
res = Err(ErrorKind::MemoryError);
|
res = Err(Error::MemoryError);
|
||||||
} else {
|
} else {
|
||||||
memcpy(
|
memcpy(
|
||||||
ptr_exp as (*mut c_void),
|
ptr_exp as (*mut c_void),
|
||||||
@@ -1201,7 +1195,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
|||||||
|
|
||||||
if tag != TAG_ECC_POINT {
|
if tag != TAG_ECC_POINT {
|
||||||
error!("failed to parse public key structure");
|
error!("failed to parse public key structure");
|
||||||
res = Err(ErrorKind::ParseError);
|
res = Err(Error::ParseError);
|
||||||
} else {
|
} else {
|
||||||
// the curve point should always be determined by the curve
|
// the curve point should always be determined by the curve
|
||||||
let len_byte = *data_ptr;
|
let len_byte = *data_ptr;
|
||||||
@@ -1209,14 +1203,14 @@ pub unsafe fn ykpiv_util_generate_key(
|
|||||||
|
|
||||||
if len_byte as usize != len {
|
if len_byte as usize != len {
|
||||||
error!("unexpected length");
|
error!("unexpected length");
|
||||||
res = Err(ErrorKind::AlgorithmError);
|
res = Err(Error::AlgorithmError);
|
||||||
} else {
|
} else {
|
||||||
cb_point = len;
|
cb_point = len;
|
||||||
ptr_point = calloc(cb_point, 1) as (*mut u8);
|
ptr_point = calloc(cb_point, 1) as (*mut u8);
|
||||||
|
|
||||||
if ptr_point.is_null() {
|
if ptr_point.is_null() {
|
||||||
error!("failed to allocate memory for public point");
|
error!("failed to allocate memory for public point");
|
||||||
res = Err(ErrorKind::MemoryError);
|
res = Err(Error::MemoryError);
|
||||||
} else {
|
} else {
|
||||||
memcpy(
|
memcpy(
|
||||||
ptr_point as (*mut c_void),
|
ptr_point as (*mut c_void),
|
||||||
@@ -1231,7 +1225,7 @@ pub unsafe fn ykpiv_util_generate_key(
|
|||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
error!("wrong algorithm");
|
error!("wrong algorithm");
|
||||||
res = Err(ErrorKind::AlgorithmError);
|
res = Err(Error::AlgorithmError);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1290,7 +1284,7 @@ pub struct YkPivConfig {
|
|||||||
pub unsafe fn ykpiv_util_get_config(
|
pub unsafe fn ykpiv_util_get_config(
|
||||||
state: &mut YubiKey,
|
state: &mut YubiKey,
|
||||||
config: *mut YkPivConfig,
|
config: *mut YkPivConfig,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
|
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
|
||||||
let mut cb_data: usize = mem::size_of::<[u8; YKPIV_OBJ_MAX_SIZE]>();
|
let mut cb_data: usize = mem::size_of::<[u8; YKPIV_OBJ_MAX_SIZE]>();
|
||||||
let mut p_item: *mut u8 = ptr::null_mut();
|
let mut p_item: *mut u8 = ptr::null_mut();
|
||||||
@@ -1298,7 +1292,7 @@ pub unsafe fn ykpiv_util_get_config(
|
|||||||
let mut res = Ok(());
|
let mut res = Ok(());
|
||||||
|
|
||||||
if config.is_null() {
|
if config.is_null() {
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
(*config).protected_data_available = false;
|
(*config).protected_data_available = false;
|
||||||
@@ -1406,7 +1400,7 @@ pub unsafe fn ykpiv_util_get_config(
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Set PIN last changed
|
/// Set PIN last changed
|
||||||
pub unsafe fn ykpiv_util_set_pin_last_changed(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
pub unsafe fn ykpiv_util_set_pin_last_changed(state: &mut YubiKey) -> Result<(), Error> {
|
||||||
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
|
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
|
||||||
let mut cb_data = data.len();
|
let mut cb_data = data.len();
|
||||||
let mut res = Ok(());
|
let mut res = Ok(());
|
||||||
@@ -1467,7 +1461,7 @@ pub unsafe fn ykpiv_util_get_derived_mgm(
|
|||||||
state: &mut YubiKey,
|
state: &mut YubiKey,
|
||||||
pin: &[u8],
|
pin: &[u8],
|
||||||
mgm: &mut YkPivMgm,
|
mgm: &mut YkPivMgm,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
|
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
|
||||||
let mut cb_data: usize = data.len();
|
let mut cb_data: usize = data.len();
|
||||||
let mut p_item: *mut u8 = ptr::null_mut();
|
let mut p_item: *mut u8 = ptr::null_mut();
|
||||||
@@ -1502,7 +1496,7 @@ pub unsafe fn ykpiv_util_get_derived_mgm(
|
|||||||
);
|
);
|
||||||
|
|
||||||
let _ = _ykpiv_end_transaction(state);
|
let _ = _ykpiv_end_transaction(state);
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
let salt = std::slice::from_raw_parts_mut(p_item, cb_item);
|
let salt = std::slice::from_raw_parts_mut(p_item, cb_item);
|
||||||
@@ -1518,7 +1512,7 @@ pub unsafe fn ykpiv_util_get_derived_mgm(
|
|||||||
pub unsafe fn ykpiv_util_get_protected_mgm(
|
pub unsafe fn ykpiv_util_get_protected_mgm(
|
||||||
state: &mut YubiKey,
|
state: &mut YubiKey,
|
||||||
mgm: *mut YkPivMgm,
|
mgm: *mut YkPivMgm,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
// TODO(tarcieri): replace vec with wrapper type that impls `Zeroize`
|
// TODO(tarcieri): replace vec with wrapper type that impls `Zeroize`
|
||||||
let mut data = Zeroizing::new([0u8; YKPIV_OBJ_MAX_SIZE].to_vec());
|
let mut data = Zeroizing::new([0u8; YKPIV_OBJ_MAX_SIZE].to_vec());
|
||||||
let mut cb_data: usize = data.len();
|
let mut cb_data: usize = data.len();
|
||||||
@@ -1527,7 +1521,7 @@ pub unsafe fn ykpiv_util_get_protected_mgm(
|
|||||||
let mut res = Ok(());
|
let mut res = Ok(());
|
||||||
|
|
||||||
if mgm.is_null() {
|
if mgm.is_null() {
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_begin_transaction(state)?;
|
_ykpiv_begin_transaction(state)?;
|
||||||
@@ -1553,7 +1547,7 @@ pub unsafe fn ykpiv_util_get_protected_mgm(
|
|||||||
"protected data contains mgm, but is the wrong size = {}",
|
"protected data contains mgm, but is the wrong size = {}",
|
||||||
cb_item,
|
cb_item,
|
||||||
);
|
);
|
||||||
res = Err(ErrorKind::AuthenticationError);
|
res = Err(Error::AuthenticationError);
|
||||||
} else {
|
} else {
|
||||||
memcpy(
|
memcpy(
|
||||||
(*mgm).0.as_mut_ptr() as (*mut c_void),
|
(*mgm).0.as_mut_ptr() as (*mut c_void),
|
||||||
@@ -1575,7 +1569,7 @@ pub unsafe fn ykpiv_util_get_protected_mgm(
|
|||||||
pub unsafe fn ykpiv_util_set_protected_mgm(
|
pub unsafe fn ykpiv_util_set_protected_mgm(
|
||||||
state: &mut YubiKey,
|
state: &mut YubiKey,
|
||||||
mgm: *mut YkPivMgm,
|
mgm: *mut YkPivMgm,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut f_generate: bool;
|
let mut f_generate: bool;
|
||||||
let mut mgm_key = Zeroizing::new([0u8; 24]);
|
let mut mgm_key = Zeroizing::new([0u8; 24]);
|
||||||
// TODO(tarcieri): replace vec with wrapper type that impls `Zeroize`
|
// TODO(tarcieri): replace vec with wrapper type that impls `Zeroize`
|
||||||
@@ -1617,7 +1611,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm(
|
|||||||
if let Err(e) = getrandom(mgm_key.deref_mut()) {
|
if let Err(e) = getrandom(mgm_key.deref_mut()) {
|
||||||
error!("could not generate new mgm, err = {}", e);
|
error!("could not generate new mgm, err = {}", e);
|
||||||
let _ = _ykpiv_end_transaction(state);
|
let _ = _ykpiv_end_transaction(state);
|
||||||
return Err(ErrorKind::RandomnessError);
|
return Err(Error::RandomnessError);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1627,7 +1621,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm(
|
|||||||
// if set_mgmkey fails with KeyError, it means the generated key is weak
|
// if set_mgmkey fails with KeyError, it means the generated key is weak
|
||||||
// otherwise, log a warning, since the device mgm key is corrupt or we're in
|
// otherwise, log a warning, since the device mgm key is corrupt or we're in
|
||||||
// a state where we can't set the mgm key
|
// a state where we can't set the mgm key
|
||||||
if Err(ErrorKind::KeyError) != ykrc {
|
if Err(Error::KeyError) != ykrc {
|
||||||
error!(
|
error!(
|
||||||
"could not set new derived mgm key, err = {}",
|
"could not set new derived mgm key, err = {}",
|
||||||
ykrc.as_ref().unwrap_err()
|
ykrc.as_ref().unwrap_err()
|
||||||
@@ -1756,7 +1750,7 @@ pub unsafe fn ykpiv_util_set_protected_mgm(
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Reset
|
/// Reset
|
||||||
pub unsafe fn ykpiv_util_reset(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
pub unsafe fn ykpiv_util_reset(state: &mut YubiKey) -> Result<(), Error> {
|
||||||
let templ = [0, YKPIV_INS_RESET, 0, 0];
|
let templ = [0, YKPIV_INS_RESET, 0, 0];
|
||||||
let mut data = [0u8; 255];
|
let mut data = [0u8; 255];
|
||||||
let mut recv_len = data.len();
|
let mut recv_len = data.len();
|
||||||
@@ -1774,7 +1768,7 @@ pub unsafe fn ykpiv_util_reset(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
|||||||
|
|
||||||
match (res.is_ok(), sw) {
|
match (res.is_ok(), sw) {
|
||||||
(true, SW_SUCCESS) => Ok(()),
|
(true, SW_SUCCESS) => Ok(()),
|
||||||
_ => Err(ErrorKind::GenericError),
|
_ => Err(Error::GenericError),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1802,13 +1796,13 @@ unsafe fn _read_certificate(
|
|||||||
slot: u8,
|
slot: u8,
|
||||||
buf: *mut u8,
|
buf: *mut u8,
|
||||||
buf_len: *mut usize,
|
buf_len: *mut usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut ptr: *mut u8;
|
let mut ptr: *mut u8;
|
||||||
let object_id = ykpiv_util_slot_object(slot) as i32;
|
let object_id = ykpiv_util_slot_object(slot) as i32;
|
||||||
let mut len: usize = 0;
|
let mut len: usize = 0;
|
||||||
|
|
||||||
if object_id == -1 {
|
if object_id == -1 {
|
||||||
return Err(ErrorKind::InvalidObject);
|
return Err(Error::InvalidObject);
|
||||||
}
|
}
|
||||||
|
|
||||||
if _ykpiv_fetch_object(state, object_id, buf, buf_len).is_ok() {
|
if _ykpiv_fetch_object(state, object_id, buf, buf_len).is_ok() {
|
||||||
@@ -1847,19 +1841,19 @@ unsafe fn _write_certificate(
|
|||||||
data: *mut u8,
|
data: *mut u8,
|
||||||
data_len: usize,
|
data_len: usize,
|
||||||
certinfo: u8,
|
certinfo: u8,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut buf = [0u8; CB_OBJ_MAX];
|
let mut buf = [0u8; CB_OBJ_MAX];
|
||||||
let object_id = ykpiv_util_slot_object(slot) as i32;
|
let object_id = ykpiv_util_slot_object(slot) as i32;
|
||||||
let mut offset: usize = 0;
|
let mut offset: usize = 0;
|
||||||
let mut req_len: usize;
|
let mut req_len: usize;
|
||||||
|
|
||||||
if object_id == -1 {
|
if object_id == -1 {
|
||||||
return Err(ErrorKind::InvalidObject);
|
return Err(Error::InvalidObject);
|
||||||
}
|
}
|
||||||
|
|
||||||
if data.is_null() || data_len == 0 {
|
if data.is_null() || data_len == 0 {
|
||||||
if !data.is_null() || data_len != 0 {
|
if !data.is_null() || data_len != 0 {
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
return _ykpiv_save_object(state, object_id, ptr::null_mut(), 0);
|
return _ykpiv_save_object(state, object_id, ptr::null_mut(), 0);
|
||||||
@@ -1870,7 +1864,7 @@ unsafe fn _write_certificate(
|
|||||||
req_len += data_len;
|
req_len += data_len;
|
||||||
|
|
||||||
if req_len < data_len || req_len > _obj_size_max(state) {
|
if req_len < data_len || req_len > _obj_size_max(state) {
|
||||||
return Err(ErrorKind::SizeError);
|
return Err(Error::SizeError);
|
||||||
}
|
}
|
||||||
|
|
||||||
buf[offset] = TAG_CERT;
|
buf[offset] = TAG_CERT;
|
||||||
@@ -1908,13 +1902,13 @@ unsafe fn _get_metadata_item(
|
|||||||
tag: u8,
|
tag: u8,
|
||||||
pp_item: *mut *mut u8,
|
pp_item: *mut *mut u8,
|
||||||
pcb_item: *mut usize,
|
pcb_item: *mut usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut p_temp: *mut u8 = data;
|
let mut p_temp: *mut u8 = data;
|
||||||
let mut cb_temp: usize = 0;
|
let mut cb_temp: usize = 0;
|
||||||
let mut tag_temp: u8;
|
let mut tag_temp: u8;
|
||||||
|
|
||||||
if data.is_null() || pp_item.is_null() || pcb_item.is_null() {
|
if data.is_null() || pp_item.is_null() || pcb_item.is_null() {
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
*pp_item = ptr::null_mut();
|
*pp_item = ptr::null_mut();
|
||||||
@@ -1925,7 +1919,7 @@ unsafe fn _get_metadata_item(
|
|||||||
p_temp = p_temp.add(1);
|
p_temp = p_temp.add(1);
|
||||||
|
|
||||||
if !_ykpiv_has_valid_length(p_temp, data.add(cb_data) as usize - p_temp as usize) {
|
if !_ykpiv_has_valid_length(p_temp, data.add(cb_data) as usize - p_temp as usize) {
|
||||||
return Err(ErrorKind::SizeError);
|
return Err(Error::SizeError);
|
||||||
}
|
}
|
||||||
|
|
||||||
p_temp = p_temp.add(_ykpiv_get_length(p_temp, &mut cb_temp));
|
p_temp = p_temp.add(_ykpiv_get_length(p_temp, &mut cb_temp));
|
||||||
@@ -1943,7 +1937,7 @@ unsafe fn _get_metadata_item(
|
|||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
} else {
|
} else {
|
||||||
Err(ErrorKind::GenericError)
|
Err(Error::GenericError)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1966,7 +1960,7 @@ unsafe fn _set_metadata_item(
|
|||||||
tag: u8,
|
tag: u8,
|
||||||
p_item: *mut u8,
|
p_item: *mut u8,
|
||||||
cb_item: usize,
|
cb_item: usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut p_temp: *mut u8 = data;
|
let mut p_temp: *mut u8 = data;
|
||||||
let mut cb_temp: usize = 0;
|
let mut cb_temp: usize = 0;
|
||||||
let mut tag_temp: u8 = 0;
|
let mut tag_temp: u8 = 0;
|
||||||
@@ -1975,7 +1969,7 @@ unsafe fn _set_metadata_item(
|
|||||||
let cb_moved: isize;
|
let cb_moved: isize;
|
||||||
|
|
||||||
if data.is_null() || pcb_data.is_null() {
|
if data.is_null() || pcb_data.is_null() {
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
while p_temp < data.add(*pcb_data) {
|
while p_temp < data.add(*pcb_data) {
|
||||||
@@ -2001,7 +1995,7 @@ unsafe fn _set_metadata_item(
|
|||||||
cb_len = _get_length_size(cb_item) as (usize);
|
cb_len = _get_length_size(cb_item) as (usize);
|
||||||
|
|
||||||
if (*pcb_data).wrapping_add(cb_len).wrapping_add(cb_item) > cb_data_max {
|
if (*pcb_data).wrapping_add(cb_len).wrapping_add(cb_item) > cb_data_max {
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
*p_temp = tag;
|
*p_temp = tag;
|
||||||
@@ -2029,7 +2023,7 @@ unsafe fn _set_metadata_item(
|
|||||||
- cb_len as (isize));
|
- cb_len as (isize));
|
||||||
|
|
||||||
if (*pcb_data + cb_moved as usize) > cb_data_max {
|
if (*pcb_data + cb_moved as usize) > cb_data_max {
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
memmove(
|
memmove(
|
||||||
@@ -2058,18 +2052,18 @@ unsafe fn _read_metadata(
|
|||||||
tag: u8,
|
tag: u8,
|
||||||
data: *mut u8,
|
data: *mut u8,
|
||||||
pcb_data: *mut usize,
|
pcb_data: *mut usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut p_temp: *mut u8;
|
let mut p_temp: *mut u8;
|
||||||
let mut cb_temp: usize;
|
let mut cb_temp: usize;
|
||||||
|
|
||||||
if data.is_null() || pcb_data.is_null() || YKPIV_OBJ_MAX_SIZE > *pcb_data {
|
if data.is_null() || pcb_data.is_null() || YKPIV_OBJ_MAX_SIZE > *pcb_data {
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
let obj_id = match tag {
|
let obj_id = match tag {
|
||||||
TAG_ADMIN => YKPIV_OBJ_ADMIN_DATA,
|
TAG_ADMIN => YKPIV_OBJ_ADMIN_DATA,
|
||||||
TAG_PROTECTED => YKPIV_OBJ_PRINTED,
|
TAG_PROTECTED => YKPIV_OBJ_PRINTED,
|
||||||
_ => return Err(ErrorKind::InvalidObject),
|
_ => return Err(Error::InvalidObject),
|
||||||
} as i32;
|
} as i32;
|
||||||
|
|
||||||
cb_temp = *pcb_data;
|
cb_temp = *pcb_data;
|
||||||
@@ -2078,7 +2072,7 @@ unsafe fn _read_metadata(
|
|||||||
_ykpiv_fetch_object(state, obj_id, data, &mut cb_temp)?;
|
_ykpiv_fetch_object(state, obj_id, data, &mut cb_temp)?;
|
||||||
|
|
||||||
if cb_temp < CB_OBJ_TAG_MIN {
|
if cb_temp < CB_OBJ_TAG_MIN {
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
p_temp = data;
|
p_temp = data;
|
||||||
|
|
||||||
@@ -2089,14 +2083,14 @@ unsafe fn _read_metadata(
|
|||||||
_old
|
_old
|
||||||
} as (i32)
|
} as (i32)
|
||||||
{
|
{
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
p_temp = p_temp.add(_ykpiv_get_length(p_temp, pcb_data));
|
p_temp = p_temp.add(_ykpiv_get_length(p_temp, pcb_data));
|
||||||
|
|
||||||
if *pcb_data > cb_temp - (p_temp as isize - data as isize) as usize {
|
if *pcb_data > cb_temp - (p_temp as isize - data as isize) as usize {
|
||||||
*pcb_data = 0;
|
*pcb_data = 0;
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
memmove(data as (*mut c_void), p_temp as (*const c_void), *pcb_data);
|
memmove(data as (*mut c_void), p_temp as (*const c_void), *pcb_data);
|
||||||
@@ -2109,18 +2103,18 @@ unsafe fn _write_metadata(
|
|||||||
tag: u8,
|
tag: u8,
|
||||||
data: *mut u8,
|
data: *mut u8,
|
||||||
cb_data: usize,
|
cb_data: usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut buf = [0u8; CB_OBJ_MAX]; // XXX REMEMBER TO ZERO
|
let mut buf = [0u8; CB_OBJ_MAX]; // XXX REMEMBER TO ZERO
|
||||||
let mut p_temp: *mut u8 = buf.as_mut_ptr();
|
let mut p_temp: *mut u8 = buf.as_mut_ptr();
|
||||||
|
|
||||||
if cb_data > _obj_size_max(state) - CB_OBJ_TAG_MAX {
|
if cb_data > _obj_size_max(state) - CB_OBJ_TAG_MAX {
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
let obj_id = match tag {
|
let obj_id = match tag {
|
||||||
TAG_ADMIN => YKPIV_OBJ_ADMIN_DATA,
|
TAG_ADMIN => YKPIV_OBJ_ADMIN_DATA,
|
||||||
TAG_PROTECTED => YKPIV_OBJ_PRINTED,
|
TAG_PROTECTED => YKPIV_OBJ_PRINTED,
|
||||||
_ => return Err(ErrorKind::InvalidObject),
|
_ => return Err(Error::InvalidObject),
|
||||||
} as i32;
|
} as i32;
|
||||||
|
|
||||||
if data.is_null() || cb_data == 0 {
|
if data.is_null() || cb_data == 0 {
|
||||||
|
|||||||
+128
-133
@@ -36,7 +36,7 @@
|
|||||||
use crate::{
|
use crate::{
|
||||||
apdu::APDU,
|
apdu::APDU,
|
||||||
consts::*,
|
consts::*,
|
||||||
error::ErrorKind,
|
error::Error,
|
||||||
internal::{des_decrypt, des_encrypt, yk_des_is_weak_key, DesKey},
|
internal::{des_decrypt, des_encrypt, yk_des_is_weak_key, DesKey},
|
||||||
};
|
};
|
||||||
use getrandom::getrandom;
|
use getrandom::getrandom;
|
||||||
@@ -192,7 +192,7 @@ pub fn ykpiv_init() -> YubiKey {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Cleanup YubiKey session
|
/// Cleanup YubiKey session
|
||||||
pub(crate) unsafe fn _ykpiv_done(state: &mut YubiKey, disconnect: bool) -> Result<(), ErrorKind> {
|
pub(crate) unsafe fn _ykpiv_done(state: &mut YubiKey, disconnect: bool) -> Result<(), Error> {
|
||||||
if disconnect {
|
if disconnect {
|
||||||
ykpiv_disconnect(state);
|
ykpiv_disconnect(state);
|
||||||
}
|
}
|
||||||
@@ -203,12 +203,12 @@ pub(crate) unsafe fn _ykpiv_done(state: &mut YubiKey, disconnect: bool) -> Resul
|
|||||||
|
|
||||||
/// Cleanup YubiKey session with external card upon completion
|
/// Cleanup YubiKey session with external card upon completion
|
||||||
// TODO(tarcieri): make this a `Drop` handler
|
// TODO(tarcieri): make this a `Drop` handler
|
||||||
pub unsafe fn ykpiv_done_with_external_card(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
pub unsafe fn ykpiv_done_with_external_card(state: &mut YubiKey) -> Result<(), Error> {
|
||||||
_ykpiv_done(state, false)
|
_ykpiv_done(state, false)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Cleanup YubiKey session upon completion
|
/// Cleanup YubiKey session upon completion
|
||||||
pub unsafe fn ykpiv_done(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
pub unsafe fn ykpiv_done(state: &mut YubiKey) -> Result<(), Error> {
|
||||||
_ykpiv_done(state, true)
|
_ykpiv_done(state, true)
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -226,7 +226,7 @@ pub unsafe fn ykpiv_disconnect(state: &mut YubiKey) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Select application
|
/// Select application
|
||||||
pub(crate) unsafe fn _ykpiv_select_application(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
pub(crate) unsafe fn _ykpiv_select_application(state: &mut YubiKey) -> Result<(), Error> {
|
||||||
let mut data = [0u8; 255];
|
let mut data = [0u8; 255];
|
||||||
let mut recv_len = data.len() as u32;
|
let mut recv_len = data.len() as u32;
|
||||||
let mut sw = 0i32;
|
let mut sw = 0i32;
|
||||||
@@ -249,7 +249,7 @@ pub(crate) unsafe fn _ykpiv_select_application(state: &mut YubiKey) -> Result<()
|
|||||||
|
|
||||||
if sw != SW_SUCCESS {
|
if sw != SW_SUCCESS {
|
||||||
error!("failed selecting application: {:04x}", sw);
|
error!("failed selecting application: {:04x}", sw);
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
// now that the PIV application is selected, retrieve the version
|
// now that the PIV application is selected, retrieve the version
|
||||||
@@ -272,9 +272,7 @@ pub(crate) unsafe fn _ykpiv_select_application(state: &mut YubiKey) -> Result<()
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Ensure an application is selected (presently noop)
|
/// Ensure an application is selected (presently noop)
|
||||||
pub(crate) unsafe fn _ykpiv_ensure_application_selected(
|
pub(crate) unsafe fn _ykpiv_ensure_application_selected(_state: &mut YubiKey) -> Result<(), Error> {
|
||||||
_state: &mut YubiKey,
|
|
||||||
) -> Result<(), ErrorKind> {
|
|
||||||
// TODO(tarcieri): ENABLE_APPLICATION_RESELECTION support?
|
// TODO(tarcieri): ENABLE_APPLICATION_RESELECTION support?
|
||||||
//
|
//
|
||||||
// Original C code below:
|
// Original C code below:
|
||||||
@@ -307,10 +305,10 @@ pub(crate) unsafe fn _ykpiv_connect(
|
|||||||
state: &mut YubiKey,
|
state: &mut YubiKey,
|
||||||
context: usize,
|
context: usize,
|
||||||
card: usize,
|
card: usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
// if the context has changed, and the new context is not valid, return an error
|
// if the context has changed, and the new context is not valid, return an error
|
||||||
if context != state.context as (usize) && (0x0i32 != SCardIsValidContext(context as (i32))) {
|
if context != state.context as (usize) && (0x0i32 != SCardIsValidContext(context as (i32))) {
|
||||||
return Err(ErrorKind::PcscError);
|
return Err(Error::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
// if card handle has changed, determine if handle is valid (less efficient, but complete)
|
// if card handle has changed, determine if handle is valid (less efficient, but complete)
|
||||||
@@ -332,7 +330,7 @@ pub(crate) unsafe fn _ykpiv_connect(
|
|||||||
&mut atr_len,
|
&mut atr_len,
|
||||||
) != 0
|
) != 0
|
||||||
{
|
{
|
||||||
return Err(ErrorKind::PcscError);
|
return Err(Error::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
state.is_neo = (atr_len as usize == YKPIV_ATR_NEO_R3.len() - 1)
|
state.is_neo = (atr_len as usize == YKPIV_ATR_NEO_R3.len() - 1)
|
||||||
@@ -362,12 +360,12 @@ pub unsafe fn ykpiv_connect_with_external_card(
|
|||||||
state: &mut YubiKey,
|
state: &mut YubiKey,
|
||||||
context: usize,
|
context: usize,
|
||||||
card: usize,
|
card: usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
_ykpiv_connect(state, context, card)
|
_ykpiv_connect(state, context, card)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Connect to a YubiKey
|
/// Connect to a YubiKey
|
||||||
pub unsafe fn ykpiv_connect(state: &mut YubiKey, wanted: *const c_char) -> Result<(), ErrorKind> {
|
pub unsafe fn ykpiv_connect(state: &mut YubiKey, wanted: *const c_char) -> Result<(), Error> {
|
||||||
let mut active_protocol: u32 = 0;
|
let mut active_protocol: u32 = 0;
|
||||||
let mut reader_buf: [c_char; 2048] = [0; 2048];
|
let mut reader_buf: [c_char; 2048] = [0; 2048];
|
||||||
let mut num_readers = reader_buf.len();
|
let mut num_readers = reader_buf.len();
|
||||||
@@ -438,7 +436,7 @@ pub unsafe fn ykpiv_connect(state: &mut YubiKey, wanted: *const c_char) -> Resul
|
|||||||
error!("error: no usable reader found");
|
error!("error: no usable reader found");
|
||||||
SCardReleaseContext(state.context);
|
SCardReleaseContext(state.context);
|
||||||
state.context = -1;
|
state.context = -1;
|
||||||
return Err(ErrorKind::PcscError);
|
return Err(Error::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Select applet. This is done here instead of in _ykpiv_connect() because
|
// Select applet. This is done here instead of in _ykpiv_connect() because
|
||||||
@@ -456,7 +454,7 @@ pub unsafe fn ykpiv_list_readers(
|
|||||||
state: &mut YubiKey,
|
state: &mut YubiKey,
|
||||||
readers: *mut c_char,
|
readers: *mut c_char,
|
||||||
len: *mut usize,
|
len: *mut usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut num_readers: u32 = 0u32;
|
let mut num_readers: u32 = 0u32;
|
||||||
let mut rc: i32;
|
let mut rc: i32;
|
||||||
|
|
||||||
@@ -465,7 +463,7 @@ pub unsafe fn ykpiv_list_readers(
|
|||||||
|
|
||||||
if rc != 0 {
|
if rc != 0 {
|
||||||
error!("error: SCardEstablishContext failed, rc={}", rc);
|
error!("error: SCardEstablishContext failed, rc={}", rc);
|
||||||
return Err(ErrorKind::PcscError);
|
return Err(Error::PcscError);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -480,7 +478,7 @@ pub unsafe fn ykpiv_list_readers(
|
|||||||
error!("error: SCardListReaders failed, rc={}", rc);
|
error!("error: SCardListReaders failed, rc={}", rc);
|
||||||
SCardReleaseContext(state.context);
|
SCardReleaseContext(state.context);
|
||||||
state.context = -1i32;
|
state.context = -1i32;
|
||||||
return Err(ErrorKind::PcscError);
|
return Err(Error::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if num_readers as (usize) > *len {
|
if num_readers as (usize) > *len {
|
||||||
@@ -495,7 +493,7 @@ pub unsafe fn ykpiv_list_readers(
|
|||||||
error!("error: SCardListReaders failed, rc={}", rc);
|
error!("error: SCardListReaders failed, rc={}", rc);
|
||||||
SCardReleaseContext(state.context);
|
SCardReleaseContext(state.context);
|
||||||
state.context = -1i32;
|
state.context = -1i32;
|
||||||
return Err(ErrorKind::PcscError);
|
return Err(Error::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
*len = num_readers as usize;
|
*len = num_readers as usize;
|
||||||
@@ -503,7 +501,7 @@ pub unsafe fn ykpiv_list_readers(
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Reconnect to a YubiKey
|
/// Reconnect to a YubiKey
|
||||||
pub(crate) unsafe fn reconnect(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
pub(crate) unsafe fn reconnect(state: &mut YubiKey) -> Result<(), Error> {
|
||||||
info!("trying to reconnect to current reader");
|
info!("trying to reconnect to current reader");
|
||||||
|
|
||||||
let mut active_protocol: u32 = 0;
|
let mut active_protocol: u32 = 0;
|
||||||
@@ -511,7 +509,7 @@ pub(crate) unsafe fn reconnect(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
|||||||
|
|
||||||
if rc != 0x0 {
|
if rc != 0x0 {
|
||||||
error!("SCardReconnect failed, rc={}", rc);
|
error!("SCardReconnect failed, rc={}", rc);
|
||||||
return Err(ErrorKind::PcscError);
|
return Err(Error::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
_ykpiv_select_application(state)?;
|
_ykpiv_select_application(state)?;
|
||||||
@@ -524,7 +522,7 @@ pub(crate) unsafe fn reconnect(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Begin a transaction
|
/// Begin a transaction
|
||||||
pub(crate) unsafe fn _ykpiv_begin_transaction(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
pub(crate) unsafe fn _ykpiv_begin_transaction(state: &mut YubiKey) -> Result<(), Error> {
|
||||||
let mut rc = SCardBeginTransaction(state.card);
|
let mut rc = SCardBeginTransaction(state.card);
|
||||||
|
|
||||||
if rc as usize & 0xffff_ffff == 0x8010_0068 {
|
if rc as usize & 0xffff_ffff == 0x8010_0068 {
|
||||||
@@ -534,19 +532,19 @@ pub(crate) unsafe fn _ykpiv_begin_transaction(state: &mut YubiKey) -> Result<(),
|
|||||||
|
|
||||||
if rc != 0 {
|
if rc != 0 {
|
||||||
error!("failed to begin pcsc transaction, rc={}", rc);
|
error!("failed to begin pcsc transaction, rc={}", rc);
|
||||||
return Err(ErrorKind::PcscError);
|
return Err(Error::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
/// End a transaction
|
/// End a transaction
|
||||||
pub(crate) unsafe fn _ykpiv_end_transaction(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
pub(crate) unsafe fn _ykpiv_end_transaction(state: &mut YubiKey) -> Result<(), Error> {
|
||||||
let rc = SCardEndTransaction(state.card, 0x0);
|
let rc = SCardEndTransaction(state.card, 0x0);
|
||||||
|
|
||||||
if rc != 0x0 {
|
if rc != 0x0 {
|
||||||
error!("failed to end pcsc transaction, rc={}", rc);
|
error!("failed to end pcsc transaction, rc={}", rc);
|
||||||
return Err(ErrorKind::PcscError);
|
return Err(Error::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
@@ -561,11 +559,11 @@ pub(crate) unsafe fn _ykpiv_transfer_data(
|
|||||||
mut out_data: *mut u8,
|
mut out_data: *mut u8,
|
||||||
out_len: *mut usize,
|
out_len: *mut usize,
|
||||||
sw: *mut i32,
|
sw: *mut i32,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut _currentBlock;
|
let mut _currentBlock;
|
||||||
let mut in_ptr: *const u8 = in_data;
|
let mut in_ptr: *const u8 = in_data;
|
||||||
let max_out = *out_len;
|
let max_out = *out_len;
|
||||||
let mut res: Result<(), ErrorKind>;
|
let mut res: Result<(), Error>;
|
||||||
let mut recv_len: u32;
|
let mut recv_len: u32;
|
||||||
|
|
||||||
*out_len = 0;
|
*out_len = 0;
|
||||||
@@ -686,7 +684,7 @@ pub(crate) unsafe fn _ykpiv_transfer_data(
|
|||||||
max_out
|
max_out
|
||||||
);
|
);
|
||||||
|
|
||||||
return Err(ErrorKind::SizeError);
|
return Err(Error::SizeError);
|
||||||
}
|
}
|
||||||
} else if _currentBlock == 21 {
|
} else if _currentBlock == 21 {
|
||||||
error!(
|
error!(
|
||||||
@@ -695,7 +693,7 @@ pub(crate) unsafe fn _ykpiv_transfer_data(
|
|||||||
max_out
|
max_out
|
||||||
);
|
);
|
||||||
|
|
||||||
return Err(ErrorKind::SizeError);
|
return Err(Error::SizeError);
|
||||||
}
|
}
|
||||||
|
|
||||||
res
|
res
|
||||||
@@ -710,7 +708,7 @@ pub unsafe fn ykpiv_transfer_data(
|
|||||||
out_data: *mut u8,
|
out_data: *mut u8,
|
||||||
out_len: *mut usize,
|
out_len: *mut usize,
|
||||||
sw: *mut i32,
|
sw: *mut i32,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
if let Err(e) = _ykpiv_begin_transaction(state) {
|
if let Err(e) = _ykpiv_begin_transaction(state) {
|
||||||
*out_len = 0;
|
*out_len = 0;
|
||||||
return Err(e);
|
return Err(e);
|
||||||
@@ -728,7 +726,7 @@ pub(crate) unsafe fn _send_data(
|
|||||||
data: *mut u8,
|
data: *mut u8,
|
||||||
recv_len: *mut u32,
|
recv_len: *mut u32,
|
||||||
sw: *mut i32,
|
sw: *mut i32,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let send_len = apdu.lc as u32 + 5;
|
let send_len = apdu.lc as u32 + 5;
|
||||||
let mut tmp_len = *recv_len;
|
let mut tmp_len = *recv_len;
|
||||||
|
|
||||||
@@ -746,7 +744,7 @@ pub(crate) unsafe fn _send_data(
|
|||||||
|
|
||||||
if rc != SCARD_S_SUCCESS {
|
if rc != SCARD_S_SUCCESS {
|
||||||
error!("error: SCardTransmit failed, rc={:08x}", rc);
|
error!("error: SCardTransmit failed, rc={:08x}", rc);
|
||||||
return Err(ErrorKind::PcscError);
|
return Err(Error::PcscError);
|
||||||
}
|
}
|
||||||
|
|
||||||
*recv_len = tmp_len;
|
*recv_len = tmp_len;
|
||||||
@@ -769,7 +767,7 @@ pub const DEFAULT_AUTH_KEY: &[u8; DES_LEN_3DES] = b"\x01\x02\x03\x04\x05\x06\x07
|
|||||||
pub unsafe fn ykpiv_authenticate(
|
pub unsafe fn ykpiv_authenticate(
|
||||||
state: &mut YubiKey,
|
state: &mut YubiKey,
|
||||||
key: Option<&[u8; DES_LEN_3DES]>,
|
key: Option<&[u8; DES_LEN_3DES]>,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut data = [0u8; 261];
|
let mut data = [0u8; 261];
|
||||||
let mut recv_len = data.len() as u32;
|
let mut recv_len = data.len() as u32;
|
||||||
let mut sw: i32 = 0;
|
let mut sw: i32 = 0;
|
||||||
@@ -798,7 +796,7 @@ pub unsafe fn ykpiv_authenticate(
|
|||||||
return res;
|
return res;
|
||||||
} else if sw != SW_SUCCESS {
|
} else if sw != SW_SUCCESS {
|
||||||
let _ = _ykpiv_end_transaction(state);
|
let _ = _ykpiv_end_transaction(state);
|
||||||
return Err(ErrorKind::AuthenticationError);
|
return Err(Error::AuthenticationError);
|
||||||
}
|
}
|
||||||
|
|
||||||
let mut challenge = [0u8; 8];
|
let mut challenge = [0u8; 8];
|
||||||
@@ -824,7 +822,7 @@ pub unsafe fn ykpiv_authenticate(
|
|||||||
if getrandom(&mut data[14..22]).is_err() {
|
if getrandom(&mut data[14..22]).is_err() {
|
||||||
error!("failed getting randomness for authentication.");
|
error!("failed getting randomness for authentication.");
|
||||||
let _ = _ykpiv_end_transaction(state);
|
let _ = _ykpiv_end_transaction(state);
|
||||||
return Err(ErrorKind::RandomnessError);
|
return Err(Error::RandomnessError);
|
||||||
}
|
}
|
||||||
challenge.copy_from_slice(&data[14..22]);
|
challenge.copy_from_slice(&data[14..22]);
|
||||||
|
|
||||||
@@ -837,7 +835,7 @@ pub unsafe fn ykpiv_authenticate(
|
|||||||
return res;
|
return res;
|
||||||
} else if sw != SW_SUCCESS {
|
} else if sw != SW_SUCCESS {
|
||||||
let _ = _ykpiv_end_transaction(state);
|
let _ = _ykpiv_end_transaction(state);
|
||||||
return Err(ErrorKind::AuthenticationError);
|
return Err(Error::AuthenticationError);
|
||||||
}
|
}
|
||||||
|
|
||||||
// compare the response from the card with our challenge
|
// compare the response from the card with our challenge
|
||||||
@@ -847,7 +845,7 @@ pub unsafe fn ykpiv_authenticate(
|
|||||||
if response == data[4..12] {
|
if response == data[4..12] {
|
||||||
res = Ok(());
|
res = Ok(());
|
||||||
} else {
|
} else {
|
||||||
res = Err(ErrorKind::AuthenticationError);
|
res = Err(Error::AuthenticationError);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -859,7 +857,7 @@ pub unsafe fn ykpiv_authenticate(
|
|||||||
pub unsafe fn ykpiv_set_mgmkey(
|
pub unsafe fn ykpiv_set_mgmkey(
|
||||||
state: &mut YubiKey,
|
state: &mut YubiKey,
|
||||||
new_key: &[u8; DES_LEN_3DES],
|
new_key: &[u8; DES_LEN_3DES],
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
ykpiv_set_mgmkey2(state, new_key, 0)
|
ykpiv_set_mgmkey2(state, new_key, 0)
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -868,7 +866,7 @@ pub(crate) unsafe fn ykpiv_set_mgmkey2(
|
|||||||
state: &mut YubiKey,
|
state: &mut YubiKey,
|
||||||
new_key: &[u8; DES_LEN_3DES],
|
new_key: &[u8; DES_LEN_3DES],
|
||||||
touch: u8,
|
touch: u8,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut data = [0u8; 261];
|
let mut data = [0u8; 261];
|
||||||
let mut recv_len = data.len() as u32;
|
let mut recv_len = data.len() as u32;
|
||||||
let mut sw: i32 = 0;
|
let mut sw: i32 = 0;
|
||||||
@@ -883,7 +881,7 @@ pub(crate) unsafe fn ykpiv_set_mgmkey2(
|
|||||||
"won't set new key '{:?}' since it's weak (with odd parity)",
|
"won't set new key '{:?}' since it's weak (with odd parity)",
|
||||||
new_key
|
new_key
|
||||||
);
|
);
|
||||||
res = Err(ErrorKind::KeyError);
|
res = Err(Error::KeyError);
|
||||||
} else {
|
} else {
|
||||||
apdu.ins = YKPIV_INS_SET_MGMKEY;
|
apdu.ins = YKPIV_INS_SET_MGMKEY;
|
||||||
apdu.p1 = 0xff;
|
apdu.p1 = 0xff;
|
||||||
@@ -893,7 +891,7 @@ pub(crate) unsafe fn ykpiv_set_mgmkey2(
|
|||||||
1 => 0xfe,
|
1 => 0xfe,
|
||||||
_ => {
|
_ => {
|
||||||
let _ = _ykpiv_end_transaction(state);
|
let _ = _ykpiv_end_transaction(state);
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -906,7 +904,7 @@ pub(crate) unsafe fn ykpiv_set_mgmkey2(
|
|||||||
res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw);
|
res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw);
|
||||||
|
|
||||||
if res.is_ok() && sw != SW_SUCCESS {
|
if res.is_ok() && sw != SW_SUCCESS {
|
||||||
res = Err(ErrorKind::GenericError);
|
res = Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -926,7 +924,7 @@ pub(crate) unsafe fn _general_authenticate(
|
|||||||
algorithm: u8,
|
algorithm: u8,
|
||||||
key: u8,
|
key: u8,
|
||||||
decipher: bool,
|
decipher: bool,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut _currentBlock;
|
let mut _currentBlock;
|
||||||
let mut indata = [0u8; 1024];
|
let mut indata = [0u8; 1024];
|
||||||
let mut dataptr: *mut u8 = indata.as_mut_ptr();
|
let mut dataptr: *mut u8 = indata.as_mut_ptr();
|
||||||
@@ -946,7 +944,7 @@ pub(crate) unsafe fn _general_authenticate(
|
|||||||
};
|
};
|
||||||
|
|
||||||
if in_len != key_len {
|
if in_len != key_len {
|
||||||
return Err(ErrorKind::SizeError);
|
return Err(Error::SizeError);
|
||||||
} else {
|
} else {
|
||||||
_currentBlock = 16;
|
_currentBlock = 16;
|
||||||
}
|
}
|
||||||
@@ -959,10 +957,10 @@ pub(crate) unsafe fn _general_authenticate(
|
|||||||
};
|
};
|
||||||
|
|
||||||
if (!decipher && (in_len > key_len)) || (decipher && (in_len != (key_len * 2) + 1)) {
|
if (!decipher && (in_len > key_len)) || (decipher && (in_len != (key_len * 2) + 1)) {
|
||||||
return Err(ErrorKind::SizeError);
|
return Err(Error::SizeError);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
_ => return Err(ErrorKind::AlgorithmError),
|
_ => return Err(Error::AlgorithmError),
|
||||||
}
|
}
|
||||||
|
|
||||||
if in_len < 0x80 {
|
if in_len < 0x80 {
|
||||||
@@ -1004,16 +1002,16 @@ pub(crate) unsafe fn _general_authenticate(
|
|||||||
error!("Failed sign command with code {:x}", sw);
|
error!("Failed sign command with code {:x}", sw);
|
||||||
|
|
||||||
if sw == SW_ERR_SECURITY_STATUS {
|
if sw == SW_ERR_SECURITY_STATUS {
|
||||||
return Err(ErrorKind::AuthenticationError);
|
return Err(Error::AuthenticationError);
|
||||||
} else {
|
} else {
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// skip the first 7c tag
|
// skip the first 7c tag
|
||||||
if data[0] != 0x7c {
|
if data[0] != 0x7c {
|
||||||
error!("failed parsing signature reply (0x7c byte)");
|
error!("failed parsing signature reply (0x7c byte)");
|
||||||
return Err(ErrorKind::ParseError);
|
return Err(Error::ParseError);
|
||||||
}
|
}
|
||||||
|
|
||||||
dataptr = data.as_mut_ptr().add(1);
|
dataptr = data.as_mut_ptr().add(1);
|
||||||
@@ -1022,7 +1020,7 @@ pub(crate) unsafe fn _general_authenticate(
|
|||||||
// skip the 82 tag
|
// skip the 82 tag
|
||||||
if *dataptr != 0x82 {
|
if *dataptr != 0x82 {
|
||||||
error!("failed parsing signature reply (0x82 byte)");
|
error!("failed parsing signature reply (0x82 byte)");
|
||||||
return Err(ErrorKind::ParseError);
|
return Err(Error::ParseError);
|
||||||
}
|
}
|
||||||
|
|
||||||
dataptr = dataptr.add(1);
|
dataptr = dataptr.add(1);
|
||||||
@@ -1030,7 +1028,7 @@ pub(crate) unsafe fn _general_authenticate(
|
|||||||
|
|
||||||
if len > *out_len {
|
if len > *out_len {
|
||||||
error!("wrong size on output buffer");
|
error!("wrong size on output buffer");
|
||||||
return Err(ErrorKind::SizeError);
|
return Err(Error::SizeError);
|
||||||
}
|
}
|
||||||
|
|
||||||
*out_len = len;
|
*out_len = len;
|
||||||
@@ -1047,7 +1045,7 @@ pub unsafe fn ykpiv_sign_data(
|
|||||||
out_len: *mut usize,
|
out_len: *mut usize,
|
||||||
algorithm: u8,
|
algorithm: u8,
|
||||||
key: u8,
|
key: u8,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
_ykpiv_begin_transaction(state)?;
|
_ykpiv_begin_transaction(state)?;
|
||||||
|
|
||||||
// don't attempt to reselect in crypt operations to avoid problems with PIN_ALWAYS
|
// don't attempt to reselect in crypt operations to avoid problems with PIN_ALWAYS
|
||||||
@@ -1069,7 +1067,7 @@ pub unsafe fn ykpiv_decrypt_data(
|
|||||||
out_len: *mut usize,
|
out_len: *mut usize,
|
||||||
algorithm: u8,
|
algorithm: u8,
|
||||||
key: u8,
|
key: u8,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
_ykpiv_begin_transaction(state)?;
|
_ykpiv_begin_transaction(state)?;
|
||||||
|
|
||||||
// don't attempt to reselect in crypt operations to avoid problems with PIN_ALWAYS
|
// don't attempt to reselect in crypt operations to avoid problems with PIN_ALWAYS
|
||||||
@@ -1080,7 +1078,7 @@ pub unsafe fn ykpiv_decrypt_data(
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Get the version of the PIV application installed on the YubiKey
|
/// Get the version of the PIV application installed on the YubiKey
|
||||||
pub(crate) unsafe fn _ykpiv_get_version(state: &mut YubiKey) -> Result<Version, ErrorKind> {
|
pub(crate) unsafe fn _ykpiv_get_version(state: &mut YubiKey) -> Result<Version, Error> {
|
||||||
let mut data = [0u8; 261];
|
let mut data = [0u8; 261];
|
||||||
let mut recv_len = data.len() as u32;
|
let mut recv_len = data.len() as u32;
|
||||||
let mut sw: i32 = 0;
|
let mut sw: i32 = 0;
|
||||||
@@ -1097,11 +1095,11 @@ pub(crate) unsafe fn _ykpiv_get_version(state: &mut YubiKey) -> Result<Version,
|
|||||||
_send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw)?;
|
_send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw)?;
|
||||||
|
|
||||||
if sw != SW_SUCCESS {
|
if sw != SW_SUCCESS {
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if recv_len < 3 {
|
if recv_len < 3 {
|
||||||
return Err(ErrorKind::SizeError);
|
return Err(Error::SizeError);
|
||||||
}
|
}
|
||||||
|
|
||||||
state.ver.major = data[0];
|
state.ver.major = data[0];
|
||||||
@@ -1112,8 +1110,8 @@ pub(crate) unsafe fn _ykpiv_get_version(state: &mut YubiKey) -> Result<Version,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Get the YubiKey's PIV application version as a string
|
/// Get the YubiKey's PIV application version as a string
|
||||||
pub unsafe fn ykpiv_get_version(state: &mut YubiKey) -> Result<String, ErrorKind> {
|
pub unsafe fn ykpiv_get_version(state: &mut YubiKey) -> Result<String, Error> {
|
||||||
let mut res = Err(ErrorKind::GenericError);
|
let mut res = Err(Error::GenericError);
|
||||||
|
|
||||||
_ykpiv_begin_transaction(state)?;
|
_ykpiv_begin_transaction(state)?;
|
||||||
|
|
||||||
@@ -1128,10 +1126,7 @@ pub unsafe fn ykpiv_get_version(state: &mut YubiKey) -> Result<String, ErrorKind
|
|||||||
/// Get YubiKey device serial number
|
/// Get YubiKey device serial number
|
||||||
///
|
///
|
||||||
/// NOTE: caller must make sure that this is wrapped in a transaction for synchronized operation
|
/// NOTE: caller must make sure that this is wrapped in a transaction for synchronized operation
|
||||||
pub(crate) unsafe fn _ykpiv_get_serial(
|
pub(crate) unsafe fn _ykpiv_get_serial(state: &mut YubiKey, f_force: bool) -> Result<u32, Error> {
|
||||||
state: &mut YubiKey,
|
|
||||||
f_force: bool,
|
|
||||||
) -> Result<u32, ErrorKind> {
|
|
||||||
let yk_applet: *const u8 = ptr::null();
|
let yk_applet: *const u8 = ptr::null();
|
||||||
let mut data = [0u8; 255];
|
let mut data = [0u8; 255];
|
||||||
let mut recv_len = data.len() as u32;
|
let mut recv_len = data.len() as u32;
|
||||||
@@ -1165,7 +1160,7 @@ pub(crate) unsafe fn _ykpiv_get_serial(
|
|||||||
|
|
||||||
if sw != SW_SUCCESS {
|
if sw != SW_SUCCESS {
|
||||||
error!("failed selecting yk application: {:04x}", sw);
|
error!("failed selecting yk application: {:04x}", sw);
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
recv_len = temp.len() as u32;
|
recv_len = temp.len() as u32;
|
||||||
@@ -1181,7 +1176,7 @@ pub(crate) unsafe fn _ykpiv_get_serial(
|
|||||||
|
|
||||||
if sw != SW_SUCCESS {
|
if sw != SW_SUCCESS {
|
||||||
error!("failed retrieving serial number: {:04x}", sw);
|
error!("failed retrieving serial number: {:04x}", sw);
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
recv_len = temp.len() as u32;
|
recv_len = temp.len() as u32;
|
||||||
@@ -1203,7 +1198,7 @@ pub(crate) unsafe fn _ykpiv_get_serial(
|
|||||||
|
|
||||||
if sw != SW_SUCCESS {
|
if sw != SW_SUCCESS {
|
||||||
error!("failed selecting application: {:04x}", sw);
|
error!("failed selecting application: {:04x}", sw);
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// get serial from yk5 and later devices using the f8 command
|
// get serial from yk5 and later devices using the f8 command
|
||||||
@@ -1217,13 +1212,13 @@ pub(crate) unsafe fn _ykpiv_get_serial(
|
|||||||
|
|
||||||
if sw != SW_SUCCESS {
|
if sw != SW_SUCCESS {
|
||||||
error!("failed retrieving serial number: {:04x}", sw);
|
error!("failed retrieving serial number: {:04x}", sw);
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// check that we received enough data for the serial number
|
// check that we received enough data for the serial number
|
||||||
if recv_len < 4 {
|
if recv_len < 4 {
|
||||||
return Err(ErrorKind::SizeError);
|
return Err(Error::SizeError);
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO(tarcieri): replace pointers and casts with proper references!
|
// TODO(tarcieri): replace pointers and casts with proper references!
|
||||||
@@ -1241,8 +1236,8 @@ pub(crate) unsafe fn _ykpiv_get_serial(
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Get YubiKey device serial number
|
/// Get YubiKey device serial number
|
||||||
pub unsafe fn ykpiv_get_serial(state: &mut YubiKey) -> Result<u32, ErrorKind> {
|
pub unsafe fn ykpiv_get_serial(state: &mut YubiKey) -> Result<u32, Error> {
|
||||||
let mut res = Err(ErrorKind::GenericError);
|
let mut res = Err(Error::GenericError);
|
||||||
|
|
||||||
_ykpiv_begin_transaction(state)?;
|
_ykpiv_begin_transaction(state)?;
|
||||||
|
|
||||||
@@ -1260,7 +1255,7 @@ pub(crate) unsafe fn _cache_pin(
|
|||||||
state: &mut YubiKey,
|
state: &mut YubiKey,
|
||||||
pin: *const c_char,
|
pin: *const c_char,
|
||||||
len: usize,
|
len: usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
if !pin.is_null() && (state.pin as *const c_char == pin) {
|
if !pin.is_null() && (state.pin as *const c_char == pin) {
|
||||||
return Ok(());
|
return Ok(());
|
||||||
}
|
}
|
||||||
@@ -1279,7 +1274,7 @@ pub(crate) unsafe fn _cache_pin(
|
|||||||
state.pin = malloc(len + 1) as (*mut u8);
|
state.pin = malloc(len + 1) as (*mut u8);
|
||||||
|
|
||||||
if state.pin.is_null() {
|
if state.pin.is_null() {
|
||||||
return Err(ErrorKind::MemoryError);
|
return Err(Error::MemoryError);
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy(state.pin as (*mut c_void), pin as (*const c_void), len);
|
memcpy(state.pin as (*mut c_void), pin as (*const c_void), len);
|
||||||
@@ -1292,7 +1287,7 @@ pub(crate) unsafe fn _cache_pin(
|
|||||||
/// Verify device PIN
|
/// Verify device PIN
|
||||||
///
|
///
|
||||||
/// Returns the number of tries remaining both on success and on a wrong PIN.
|
/// Returns the number of tries remaining both on success and on a wrong PIN.
|
||||||
pub unsafe fn ykpiv_verify(state: &mut YubiKey, pin: *const c_char) -> Result<i32, ErrorKind> {
|
pub unsafe fn ykpiv_verify(state: &mut YubiKey, pin: *const c_char) -> Result<i32, Error> {
|
||||||
ykpiv_verify_select(
|
ykpiv_verify_select(
|
||||||
state,
|
state,
|
||||||
pin,
|
pin,
|
||||||
@@ -1308,13 +1303,13 @@ pub(crate) unsafe fn _verify(
|
|||||||
state: &mut YubiKey,
|
state: &mut YubiKey,
|
||||||
pin: *const c_char,
|
pin: *const c_char,
|
||||||
pin_len: usize,
|
pin_len: usize,
|
||||||
) -> Result<i32, ErrorKind> {
|
) -> Result<i32, Error> {
|
||||||
let mut data = [0u8; 261];
|
let mut data = [0u8; 261];
|
||||||
let mut recv_len = data.len() as u32;
|
let mut recv_len = data.len() as u32;
|
||||||
let mut sw: i32 = 0;
|
let mut sw: i32 = 0;
|
||||||
|
|
||||||
if pin_len > CB_PIN_MAX {
|
if pin_len > CB_PIN_MAX {
|
||||||
return Err(ErrorKind::SizeError);
|
return Err(Error::SizeError);
|
||||||
}
|
}
|
||||||
|
|
||||||
let mut apdu = APDU::default();
|
let mut apdu = APDU::default();
|
||||||
@@ -1356,11 +1351,11 @@ pub(crate) unsafe fn _verify(
|
|||||||
|
|
||||||
Ok(sw & 0xf)
|
Ok(sw & 0xf)
|
||||||
} else if sw >> 8 == 0x63 {
|
} else if sw >> 8 == 0x63 {
|
||||||
Err(ErrorKind::WrongPin { tries: sw & 0xf })
|
Err(Error::WrongPin { tries: sw & 0xf })
|
||||||
} else if sw == SW_ERR_AUTH_BLOCKED {
|
} else if sw == SW_ERR_AUTH_BLOCKED {
|
||||||
Err(ErrorKind::WrongPin { tries: 0 })
|
Err(Error::WrongPin { tries: 0 })
|
||||||
} else {
|
} else {
|
||||||
Err(ErrorKind::GenericError)
|
Err(Error::GenericError)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1372,7 +1367,7 @@ pub unsafe fn ykpiv_verify_select(
|
|||||||
pin: *const c_char,
|
pin: *const c_char,
|
||||||
pin_len: usize,
|
pin_len: usize,
|
||||||
force_select: bool,
|
force_select: bool,
|
||||||
) -> Result<i32, ErrorKind> {
|
) -> Result<i32, Error> {
|
||||||
let mut res = Ok(-1);
|
let mut res = Ok(-1);
|
||||||
|
|
||||||
_ykpiv_begin_transaction(state)?;
|
_ykpiv_begin_transaction(state)?;
|
||||||
@@ -1392,7 +1387,7 @@ pub unsafe fn ykpiv_verify_select(
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Get the number of PIN retries
|
/// Get the number of PIN retries
|
||||||
pub unsafe fn ykpiv_get_pin_retries(state: &mut YubiKey) -> Result<i32, ErrorKind> {
|
pub unsafe fn ykpiv_get_pin_retries(state: &mut YubiKey) -> Result<i32, Error> {
|
||||||
// Force a re-select to unverify, because once verified the spec dictates that
|
// Force a re-select to unverify, because once verified the spec dictates that
|
||||||
// subsequent verify calls will return a "verification not needed" instead of
|
// subsequent verify calls will return a "verification not needed" instead of
|
||||||
// the number of tries left...
|
// the number of tries left...
|
||||||
@@ -1402,7 +1397,7 @@ pub unsafe fn ykpiv_get_pin_retries(state: &mut YubiKey) -> Result<i32, ErrorKin
|
|||||||
|
|
||||||
// WRONG_PIN is expected on successful query.
|
// WRONG_PIN is expected on successful query.
|
||||||
match ykrc {
|
match ykrc {
|
||||||
Ok(tries) | Err(ErrorKind::WrongPin { tries }) => Ok(tries),
|
Ok(tries) | Err(Error::WrongPin { tries }) => Ok(tries),
|
||||||
Err(e) => Err(e),
|
Err(e) => Err(e),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1412,7 +1407,7 @@ pub unsafe fn ykpiv_set_pin_retries(
|
|||||||
state: &mut YubiKey,
|
state: &mut YubiKey,
|
||||||
pin_tries: i32,
|
pin_tries: i32,
|
||||||
puk_tries: i32,
|
puk_tries: i32,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut res = Ok(());
|
let mut res = Ok(());
|
||||||
let mut templ = [0, YKPIV_INS_SET_PIN_RETRIES, 0, 0];
|
let mut templ = [0, YKPIV_INS_SET_PIN_RETRIES, 0, 0];
|
||||||
let mut data = [0u8; 255];
|
let mut data = [0u8; 255];
|
||||||
@@ -1425,7 +1420,7 @@ pub unsafe fn ykpiv_set_pin_retries(
|
|||||||
}
|
}
|
||||||
|
|
||||||
if pin_tries > 0xff || puk_tries > 0xff || pin_tries < 1 || puk_tries < 1 {
|
if pin_tries > 0xff || puk_tries > 0xff || pin_tries < 1 || puk_tries < 1 {
|
||||||
return Err(ErrorKind::RangeError);
|
return Err(Error::RangeError);
|
||||||
}
|
}
|
||||||
|
|
||||||
templ[2] = pin_tries as (u8);
|
templ[2] = pin_tries as (u8);
|
||||||
@@ -1447,9 +1442,9 @@ pub unsafe fn ykpiv_set_pin_retries(
|
|||||||
if res.is_ok() {
|
if res.is_ok() {
|
||||||
res = match sw {
|
res = match sw {
|
||||||
SW_SUCCESS => Ok(()),
|
SW_SUCCESS => Ok(()),
|
||||||
SW_ERR_AUTH_BLOCKED => Err(ErrorKind::AuthenticationError),
|
SW_ERR_AUTH_BLOCKED => Err(Error::AuthenticationError),
|
||||||
SW_ERR_SECURITY_STATUS => Err(ErrorKind::AuthenticationError),
|
SW_ERR_SECURITY_STATUS => Err(Error::AuthenticationError),
|
||||||
_ => Err(ErrorKind::GenericError),
|
_ => Err(Error::GenericError),
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1466,7 +1461,7 @@ pub(crate) unsafe fn _ykpiv_change_pin(
|
|||||||
current_pin_len: usize,
|
current_pin_len: usize,
|
||||||
new_pin: *const c_char,
|
new_pin: *const c_char,
|
||||||
new_pin_len: usize,
|
new_pin_len: usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut sw: i32 = 0;
|
let mut sw: i32 = 0;
|
||||||
let mut templ = [0, YKPIV_INS_CHANGE_REFERENCE, 0, 0x80];
|
let mut templ = [0, YKPIV_INS_CHANGE_REFERENCE, 0, 0x80];
|
||||||
let mut indata = [0u8; 16];
|
let mut indata = [0u8; 16];
|
||||||
@@ -1474,7 +1469,7 @@ pub(crate) unsafe fn _ykpiv_change_pin(
|
|||||||
let mut recv_len: usize = data.len();
|
let mut recv_len: usize = data.len();
|
||||||
|
|
||||||
if current_pin_len > 8 || new_pin_len > 8 {
|
if current_pin_len > 8 || new_pin_len > 8 {
|
||||||
return Err(ErrorKind::SizeError);
|
return Err(Error::SizeError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if action == CHREF_ACT_UNBLOCK_PIN {
|
if action == CHREF_ACT_UNBLOCK_PIN {
|
||||||
@@ -1529,15 +1524,15 @@ pub(crate) unsafe fn _ykpiv_change_pin(
|
|||||||
|
|
||||||
if sw != SW_SUCCESS {
|
if sw != SW_SUCCESS {
|
||||||
if sw >> 8 == 0x63 {
|
if sw >> 8 == 0x63 {
|
||||||
return Err(ErrorKind::WrongPin { tries: sw & 0xf });
|
return Err(Error::WrongPin { tries: sw & 0xf });
|
||||||
}
|
}
|
||||||
|
|
||||||
if sw == SW_ERR_AUTH_BLOCKED {
|
if sw == SW_ERR_AUTH_BLOCKED {
|
||||||
return Err(ErrorKind::PinLocked);
|
return Err(Error::PinLocked);
|
||||||
}
|
}
|
||||||
|
|
||||||
error!("failed changing pin, token response code: {:x}.", sw);
|
error!("failed changing pin, token response code: {:x}.", sw);
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
@@ -1552,8 +1547,8 @@ pub unsafe fn ykpiv_change_pin(
|
|||||||
current_pin_len: usize,
|
current_pin_len: usize,
|
||||||
new_pin: *const c_char,
|
new_pin: *const c_char,
|
||||||
new_pin_len: usize,
|
new_pin_len: usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut res = Err(ErrorKind::GenericError);
|
let mut res = Err(Error::GenericError);
|
||||||
|
|
||||||
_ykpiv_begin_transaction(state)?;
|
_ykpiv_begin_transaction(state)?;
|
||||||
|
|
||||||
@@ -1584,8 +1579,8 @@ pub unsafe fn ykpiv_change_puk(
|
|||||||
current_puk_len: usize,
|
current_puk_len: usize,
|
||||||
new_puk: *const c_char,
|
new_puk: *const c_char,
|
||||||
new_puk_len: usize,
|
new_puk_len: usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut res = Err(ErrorKind::GenericError);
|
let mut res = Err(Error::GenericError);
|
||||||
|
|
||||||
_ykpiv_begin_transaction(state)?;
|
_ykpiv_begin_transaction(state)?;
|
||||||
|
|
||||||
@@ -1605,8 +1600,8 @@ pub unsafe fn ykpiv_unblock_pin(
|
|||||||
puk_len: usize,
|
puk_len: usize,
|
||||||
new_pin: *const c_char,
|
new_pin: *const c_char,
|
||||||
new_pin_len: usize,
|
new_pin_len: usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut res = Err(ErrorKind::GenericError);
|
let mut res = Err(Error::GenericError);
|
||||||
|
|
||||||
_ykpiv_begin_transaction(state)?;
|
_ykpiv_begin_transaction(state)?;
|
||||||
|
|
||||||
@@ -1624,7 +1619,7 @@ pub unsafe fn ykpiv_fetch_object(
|
|||||||
object_id: i32,
|
object_id: i32,
|
||||||
data: *mut u8,
|
data: *mut u8,
|
||||||
len: *mut usize,
|
len: *mut usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut res = Ok(());
|
let mut res = Ok(());
|
||||||
|
|
||||||
_ykpiv_begin_transaction(state)?;
|
_ykpiv_begin_transaction(state)?;
|
||||||
@@ -1643,7 +1638,7 @@ pub(crate) unsafe fn _ykpiv_fetch_object(
|
|||||||
object_id: i32,
|
object_id: i32,
|
||||||
data: *mut u8,
|
data: *mut u8,
|
||||||
len: *mut usize,
|
len: *mut usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut sw: i32 = 0;
|
let mut sw: i32 = 0;
|
||||||
let mut indata = [0u8; 5];
|
let mut indata = [0u8; 5];
|
||||||
let mut inptr: *mut u8 = indata.as_mut_ptr();
|
let mut inptr: *mut u8 = indata.as_mut_ptr();
|
||||||
@@ -1652,7 +1647,7 @@ pub(crate) unsafe fn _ykpiv_fetch_object(
|
|||||||
inptr = set_object(object_id, inptr);
|
inptr = set_object(object_id, inptr);
|
||||||
|
|
||||||
if inptr.is_null() {
|
if inptr.is_null() {
|
||||||
return Err(ErrorKind::InvalidObject);
|
return Err(Error::InvalidObject);
|
||||||
}
|
}
|
||||||
|
|
||||||
ykpiv_transfer_data(
|
ykpiv_transfer_data(
|
||||||
@@ -1666,19 +1661,19 @@ pub(crate) unsafe fn _ykpiv_fetch_object(
|
|||||||
)?;
|
)?;
|
||||||
|
|
||||||
if sw != SW_SUCCESS {
|
if sw != SW_SUCCESS {
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
let mut outlen: usize = 0;
|
let mut outlen: usize = 0;
|
||||||
|
|
||||||
if *len < 2 || !_ykpiv_has_valid_length(data.offset(1), (*len).wrapping_sub(1)) {
|
if *len < 2 || !_ykpiv_has_valid_length(data.offset(1), (*len).wrapping_sub(1)) {
|
||||||
return Err(ErrorKind::SizeError);
|
return Err(Error::SizeError);
|
||||||
}
|
}
|
||||||
|
|
||||||
let offs = _ykpiv_get_length(data.offset(1), &mut outlen);
|
let offs = _ykpiv_get_length(data.offset(1), &mut outlen);
|
||||||
|
|
||||||
if offs == 0 {
|
if offs == 0 {
|
||||||
return Err(ErrorKind::SizeError);
|
return Err(Error::SizeError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if outlen.wrapping_add(offs).wrapping_add(1) != *len {
|
if outlen.wrapping_add(offs).wrapping_add(1) != *len {
|
||||||
@@ -1687,7 +1682,7 @@ pub(crate) unsafe fn _ykpiv_fetch_object(
|
|||||||
*len, outlen
|
*len, outlen
|
||||||
);
|
);
|
||||||
|
|
||||||
return Err(ErrorKind::SizeError);
|
return Err(Error::SizeError);
|
||||||
}
|
}
|
||||||
|
|
||||||
memmove(
|
memmove(
|
||||||
@@ -1706,7 +1701,7 @@ pub unsafe fn ykpiv_save_object(
|
|||||||
object_id: i32,
|
object_id: i32,
|
||||||
indata: *mut u8,
|
indata: *mut u8,
|
||||||
len: usize,
|
len: usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut res = Ok(());
|
let mut res = Ok(());
|
||||||
|
|
||||||
_ykpiv_begin_transaction(state)?;
|
_ykpiv_begin_transaction(state)?;
|
||||||
@@ -1725,7 +1720,7 @@ pub unsafe fn _ykpiv_save_object(
|
|||||||
object_id: i32,
|
object_id: i32,
|
||||||
indata: *mut u8,
|
indata: *mut u8,
|
||||||
len: usize,
|
len: usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
|
let mut data = [0u8; YKPIV_OBJ_MAX_SIZE];
|
||||||
let mut dataptr: *mut u8 = data.as_mut_ptr();
|
let mut dataptr: *mut u8 = data.as_mut_ptr();
|
||||||
let templ = [0, YKPIV_INS_PUT_DATA, 0x3f, 0xff];
|
let templ = [0, YKPIV_INS_PUT_DATA, 0x3f, 0xff];
|
||||||
@@ -1733,13 +1728,13 @@ pub unsafe fn _ykpiv_save_object(
|
|||||||
let mut outlen: usize = 0usize;
|
let mut outlen: usize = 0usize;
|
||||||
|
|
||||||
if len > CB_OBJ_MAX {
|
if len > CB_OBJ_MAX {
|
||||||
return Err(ErrorKind::SizeError);
|
return Err(Error::SizeError);
|
||||||
}
|
}
|
||||||
|
|
||||||
dataptr = set_object(object_id, dataptr);
|
dataptr = set_object(object_id, dataptr);
|
||||||
|
|
||||||
if dataptr.is_null() {
|
if dataptr.is_null() {
|
||||||
return Err(ErrorKind::InvalidObject);
|
return Err(Error::InvalidObject);
|
||||||
}
|
}
|
||||||
*{
|
*{
|
||||||
let _old = dataptr;
|
let _old = dataptr;
|
||||||
@@ -1763,8 +1758,8 @@ pub unsafe fn _ykpiv_save_object(
|
|||||||
|
|
||||||
match sw {
|
match sw {
|
||||||
SW_SUCCESS => Ok(()),
|
SW_SUCCESS => Ok(()),
|
||||||
SW_ERR_SECURITY_STATUS => Err(ErrorKind::AuthenticationError),
|
SW_ERR_SECURITY_STATUS => Err(Error::AuthenticationError),
|
||||||
_ => Err(ErrorKind::GenericError),
|
_ => Err(Error::GenericError),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1806,7 +1801,7 @@ pub unsafe fn ykpiv_import_private_key(
|
|||||||
ec_data_len: u8,
|
ec_data_len: u8,
|
||||||
pin_policy: u8,
|
pin_policy: u8,
|
||||||
touch_policy: u8,
|
touch_policy: u8,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut key_data = [0u8; 1024];
|
let mut key_data = [0u8; 1024];
|
||||||
let mut in_ptr: *mut u8 = key_data.as_mut_ptr();
|
let mut in_ptr: *mut u8 = key_data.as_mut_ptr();
|
||||||
let templ = [0, YKPIV_INS_IMPORT_KEY, algorithm, key];
|
let templ = [0, YKPIV_INS_IMPORT_KEY, algorithm, key];
|
||||||
@@ -1824,7 +1819,7 @@ pub unsafe fn ykpiv_import_private_key(
|
|||||||
|| key > YKPIV_KEY_RETIRED20 && (key < YKPIV_KEY_AUTHENTICATION)
|
|| key > YKPIV_KEY_RETIRED20 && (key < YKPIV_KEY_AUTHENTICATION)
|
||||||
|| key > YKPIV_KEY_CARDAUTH && (key != YKPIV_KEY_ATTESTATION)
|
|| key > YKPIV_KEY_CARDAUTH && (key != YKPIV_KEY_ATTESTATION)
|
||||||
{
|
{
|
||||||
return Err(ErrorKind::KeyError);
|
return Err(Error::KeyError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if pin_policy != YKPIV_PINPOLICY_DEFAULT
|
if pin_policy != YKPIV_PINPOLICY_DEFAULT
|
||||||
@@ -1832,7 +1827,7 @@ pub unsafe fn ykpiv_import_private_key(
|
|||||||
&& (pin_policy != YKPIV_PINPOLICY_ONCE)
|
&& (pin_policy != YKPIV_PINPOLICY_ONCE)
|
||||||
&& (pin_policy != YKPIV_PINPOLICY_ALWAYS)
|
&& (pin_policy != YKPIV_PINPOLICY_ALWAYS)
|
||||||
{
|
{
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if touch_policy != YKPIV_TOUCHPOLICY_DEFAULT
|
if touch_policy != YKPIV_TOUCHPOLICY_DEFAULT
|
||||||
@@ -1840,13 +1835,13 @@ pub unsafe fn ykpiv_import_private_key(
|
|||||||
&& (touch_policy != YKPIV_TOUCHPOLICY_ALWAYS)
|
&& (touch_policy != YKPIV_TOUCHPOLICY_ALWAYS)
|
||||||
&& (touch_policy != YKPIV_TOUCHPOLICY_CACHED)
|
&& (touch_policy != YKPIV_TOUCHPOLICY_CACHED)
|
||||||
{
|
{
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
match algorithm {
|
match algorithm {
|
||||||
YKPIV_ALGO_RSA1024 | YKPIV_ALGO_RSA2048 => {
|
YKPIV_ALGO_RSA1024 | YKPIV_ALGO_RSA2048 => {
|
||||||
if p_len + q_len + dp_len + dq_len + qinv_len >= 1024 {
|
if p_len + q_len + dp_len + dq_len + qinv_len >= 1024 {
|
||||||
return Err(ErrorKind::SizeError);
|
return Err(Error::SizeError);
|
||||||
} else {
|
} else {
|
||||||
if algorithm == YKPIV_ALGO_RSA1024 {
|
if algorithm == YKPIV_ALGO_RSA1024 {
|
||||||
elem_len = 64;
|
elem_len = 64;
|
||||||
@@ -1857,7 +1852,7 @@ pub unsafe fn ykpiv_import_private_key(
|
|||||||
}
|
}
|
||||||
|
|
||||||
if p.is_null() || q.is_null() || dp.is_null() || dq.is_null() || qinv.is_null() {
|
if p.is_null() || q.is_null() || dp.is_null() || dq.is_null() || qinv.is_null() {
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
params[0] = p;
|
params[0] = p;
|
||||||
@@ -1876,7 +1871,7 @@ pub unsafe fn ykpiv_import_private_key(
|
|||||||
}
|
}
|
||||||
YKPIV_ALGO_ECCP256 | YKPIV_ALGO_ECCP384 => {
|
YKPIV_ALGO_ECCP256 | YKPIV_ALGO_ECCP384 => {
|
||||||
if ec_data_len as (usize) >= key_data.len() {
|
if ec_data_len as (usize) >= key_data.len() {
|
||||||
return Err(ErrorKind::SizeError);
|
return Err(Error::SizeError);
|
||||||
}
|
}
|
||||||
|
|
||||||
if algorithm == YKPIV_ALGO_ECCP256 {
|
if algorithm == YKPIV_ALGO_ECCP256 {
|
||||||
@@ -1886,7 +1881,7 @@ pub unsafe fn ykpiv_import_private_key(
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ec_data.is_null() {
|
if ec_data.is_null() {
|
||||||
return Err(ErrorKind::GenericError);
|
return Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
params[0] = ec_data;
|
params[0] = ec_data;
|
||||||
@@ -1894,7 +1889,7 @@ pub unsafe fn ykpiv_import_private_key(
|
|||||||
param_tag = 0x6;
|
param_tag = 0x6;
|
||||||
n_params = 1;
|
n_params = 1;
|
||||||
}
|
}
|
||||||
_ => return Err(ErrorKind::AlgorithmError),
|
_ => return Err(Error::AlgorithmError),
|
||||||
}
|
}
|
||||||
|
|
||||||
for i in 0..n_params {
|
for i in 0..n_params {
|
||||||
@@ -1906,7 +1901,7 @@ pub unsafe fn ykpiv_import_private_key(
|
|||||||
let remaining = (key_data.as_mut_ptr() as usize) + 1024 - in_ptr as usize;
|
let remaining = (key_data.as_mut_ptr() as usize) + 1024 - in_ptr as usize;
|
||||||
|
|
||||||
if padding > remaining {
|
if padding > remaining {
|
||||||
return Err(ErrorKind::AlgorithmError);
|
return Err(Error::AlgorithmError);
|
||||||
}
|
}
|
||||||
|
|
||||||
memset(in_ptr as *mut c_void, 0, padding);
|
memset(in_ptr as *mut c_void, 0, padding);
|
||||||
@@ -1948,9 +1943,9 @@ pub unsafe fn ykpiv_import_private_key(
|
|||||||
);
|
);
|
||||||
|
|
||||||
if res.is_ok() && sw != SW_SUCCESS {
|
if res.is_ok() && sw != SW_SUCCESS {
|
||||||
res = Err(ErrorKind::GenericError);
|
res = Err(Error::GenericError);
|
||||||
if sw == SW_ERR_SECURITY_STATUS {
|
if sw == SW_ERR_SECURITY_STATUS {
|
||||||
res = Err(ErrorKind::AuthenticationError);
|
res = Err(Error::AuthenticationError);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1966,14 +1961,14 @@ pub unsafe fn ykpiv_attest(
|
|||||||
key: u8,
|
key: u8,
|
||||||
data: *mut u8,
|
data: *mut u8,
|
||||||
data_len: *mut usize,
|
data_len: *mut usize,
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut res = Err(ErrorKind::GenericError);
|
let mut res = Err(Error::GenericError);
|
||||||
let templ = [0, YKPIV_INS_ATTEST, key, 0];
|
let templ = [0, YKPIV_INS_ATTEST, key, 0];
|
||||||
let mut sw: i32 = 0;
|
let mut sw: i32 = 0;
|
||||||
let mut ul_data_len: usize;
|
let mut ul_data_len: usize;
|
||||||
|
|
||||||
if data.is_null() || data_len.is_null() {
|
if data.is_null() || data_len.is_null() {
|
||||||
return Err(ErrorKind::ArgumentError);
|
return Err(Error::ArgumentError);
|
||||||
}
|
}
|
||||||
|
|
||||||
ul_data_len = *data_len;
|
ul_data_len = *data_len;
|
||||||
@@ -1993,12 +1988,12 @@ pub unsafe fn ykpiv_attest(
|
|||||||
|
|
||||||
if res.is_ok() {
|
if res.is_ok() {
|
||||||
if sw != SW_SUCCESS {
|
if sw != SW_SUCCESS {
|
||||||
res = Err(ErrorKind::GenericError);
|
res = Err(Error::GenericError);
|
||||||
if sw == SW_ERR_NOT_SUPPORTED {
|
if sw == SW_ERR_NOT_SUPPORTED {
|
||||||
res = Err(ErrorKind::NotSupported);
|
res = Err(Error::NotSupported);
|
||||||
}
|
}
|
||||||
} else if *data as i32 != 0x30 {
|
} else if *data as i32 != 0x30 {
|
||||||
res = Err(ErrorKind::GenericError);
|
res = Err(Error::GenericError);
|
||||||
} else {
|
} else {
|
||||||
*data_len = ul_data_len;
|
*data_len = ul_data_len;
|
||||||
}
|
}
|
||||||
@@ -2010,7 +2005,7 @@ pub unsafe fn ykpiv_attest(
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Get an auth challenge
|
/// Get an auth challenge
|
||||||
pub unsafe fn ykpiv_auth_getchallenge(state: &mut YubiKey) -> Result<[u8; 8], ErrorKind> {
|
pub unsafe fn ykpiv_auth_getchallenge(state: &mut YubiKey) -> Result<[u8; 8], Error> {
|
||||||
let mut data = [0u8; 261];
|
let mut data = [0u8; 261];
|
||||||
let mut recv_len = data.len() as u32;
|
let mut recv_len = data.len() as u32;
|
||||||
let mut sw: i32 = 0;
|
let mut sw: i32 = 0;
|
||||||
@@ -2032,7 +2027,7 @@ pub unsafe fn ykpiv_auth_getchallenge(state: &mut YubiKey) -> Result<[u8; 8], Er
|
|||||||
if let Err(e) = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw) {
|
if let Err(e) = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw) {
|
||||||
res = Err(e)
|
res = Err(e)
|
||||||
} else if sw != SW_SUCCESS {
|
} else if sw != SW_SUCCESS {
|
||||||
res = Err(ErrorKind::AuthenticationError);
|
res = Err(Error::AuthenticationError);
|
||||||
} else {
|
} else {
|
||||||
let mut challenge = [0; 8];
|
let mut challenge = [0; 8];
|
||||||
challenge.copy_from_slice(&data[4..12]);
|
challenge.copy_from_slice(&data[4..12]);
|
||||||
@@ -2048,7 +2043,7 @@ pub unsafe fn ykpiv_auth_getchallenge(state: &mut YubiKey) -> Result<[u8; 8], Er
|
|||||||
pub unsafe fn ykpiv_auth_verifyresponse(
|
pub unsafe fn ykpiv_auth_verifyresponse(
|
||||||
state: &mut YubiKey,
|
state: &mut YubiKey,
|
||||||
response: [u8; 8],
|
response: [u8; 8],
|
||||||
) -> Result<(), ErrorKind> {
|
) -> Result<(), Error> {
|
||||||
let mut data = [0u8; 261];
|
let mut data = [0u8; 261];
|
||||||
let mut recv_len = data.len() as u32;
|
let mut recv_len = data.len() as u32;
|
||||||
let mut sw: i32 = 0;
|
let mut sw: i32 = 0;
|
||||||
@@ -2070,7 +2065,7 @@ pub unsafe fn ykpiv_auth_verifyresponse(
|
|||||||
let mut res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw);
|
let mut res = _send_data(state, &mut apdu, data.as_mut_ptr(), &mut recv_len, &mut sw);
|
||||||
|
|
||||||
if res.is_ok() && sw != SW_SUCCESS {
|
if res.is_ok() && sw != SW_SUCCESS {
|
||||||
res = Err(ErrorKind::AuthenticationError);
|
res = Err(Error::AuthenticationError);
|
||||||
}
|
}
|
||||||
|
|
||||||
apdu.zeroize();
|
apdu.zeroize();
|
||||||
@@ -2082,7 +2077,7 @@ pub unsafe fn ykpiv_auth_verifyresponse(
|
|||||||
static mut MGMT_AID: [u8; 8] = [0xa0, 0x00, 0x00, 0x05, 0x27, 0x47, 0x11, 0x17];
|
static mut MGMT_AID: [u8; 8] = [0xa0, 0x00, 0x00, 0x05, 0x27, 0x47, 0x11, 0x17];
|
||||||
|
|
||||||
/// Deauthenticate
|
/// Deauthenticate
|
||||||
pub unsafe fn ykpiv_auth_deauthenticate(state: &mut YubiKey) -> Result<(), ErrorKind> {
|
pub unsafe fn ykpiv_auth_deauthenticate(state: &mut YubiKey) -> Result<(), Error> {
|
||||||
let mut data = [0u8; 255];
|
let mut data = [0u8; 255];
|
||||||
let mut recv_len = data.len() as u32;
|
let mut recv_len = data.len() as u32;
|
||||||
let mut sw: i32 = 0;
|
let mut sw: i32 = 0;
|
||||||
@@ -2108,7 +2103,7 @@ pub unsafe fn ykpiv_auth_deauthenticate(state: &mut YubiKey) -> Result<(), Error
|
|||||||
|
|
||||||
if sw != SW_SUCCESS {
|
if sw != SW_SUCCESS {
|
||||||
error!("Failed selecting mgmt application: {:04x}", sw);
|
error!("Failed selecting mgmt application: {:04x}", sw);
|
||||||
res = Err(ErrorKind::GenericError);
|
res = Err(Error::GenericError);
|
||||||
}
|
}
|
||||||
|
|
||||||
let _ = _ykpiv_end_transaction(state);
|
let _ = _ykpiv_end_transaction(state);
|
||||||
|
|||||||
Reference in New Issue
Block a user