Drop YubiKey NEO support (closes #18)
YubiKey NEOs are legacy YubiKey devices, most of which contain unpatchable security vulnerabilities. They have smaller buffer sizes than YK4 and YK5, which necessitates a whole bunch of conditional gating and buffer size calculations. Getting rid of them simplifies this logic and allows us to assume consistent buffer sizes everywhere. We never tested on NEOs anyway, and looking at the deleted code it seems it may have been miscalculating the NEO's buffer size! If someone *really* wants to support NEOs, it shouldn't be that hard to restore, but the codebase is definitely cleaner without it.
This commit is contained in:
+1
-2
@@ -438,8 +438,7 @@ pub fn generate(
|
||||
|
||||
match algorithm {
|
||||
AlgorithmId::Rsa1024 | AlgorithmId::Rsa2048 => {
|
||||
if yubikey.device_model() == DEVTYPE_YK4
|
||||
&& yubikey.version.major == 4
|
||||
if yubikey.version.major == 4
|
||||
&& (yubikey.version.minor < 3
|
||||
|| yubikey.version.minor == 3 && (yubikey.version.patch < 5))
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user