Drop YubiKey NEO support (closes #18)
YubiKey NEOs are legacy YubiKey devices, most of which contain unpatchable security vulnerabilities. They have smaller buffer sizes than YK4 and YK5, which necessitates a whole bunch of conditional gating and buffer size calculations. Getting rid of them simplifies this logic and allows us to assume consistent buffer sizes everywhere. We never tested on NEOs anyway, and looking at the deleted code it seems it may have been miscalculating the NEO's buffer size! If someone *really* wants to support NEOs, it shouldn't be that hard to restore, but the codebase is definitely cleaner without it.
This commit is contained in:
+2
-3
@@ -167,7 +167,6 @@ impl MgmKey {
|
||||
pub fn set_protected(&self, yubikey: &mut YubiKey) -> Result<(), Error> {
|
||||
let mut data = Zeroizing::new(vec![0u8; CB_BUF_MAX]);
|
||||
|
||||
let max_size = yubikey.obj_size_max();
|
||||
let txn = yubikey.begin_transaction()?;
|
||||
|
||||
txn.set_mgm_key(self, None).map_err(|e| {
|
||||
@@ -200,7 +199,7 @@ impl MgmKey {
|
||||
) {
|
||||
error!("could not set protected mgm item, err = {:?}", e);
|
||||
} else {
|
||||
metadata::write(&txn, TAG_PROTECTED, &data, max_size).map_err(|e| {
|
||||
metadata::write(&txn, TAG_PROTECTED, &data).map_err(|e| {
|
||||
error!("could not write protected data, err = {:?}", e);
|
||||
e
|
||||
})?;
|
||||
@@ -247,7 +246,7 @@ impl MgmKey {
|
||||
&flags_1,
|
||||
) {
|
||||
error!("could not set admin flags item, err = {}", e);
|
||||
} else if let Err(e) = metadata::write(&txn, TAG_ADMIN, &data[..cb_data], max_size) {
|
||||
} else if let Err(e) = metadata::write(&txn, TAG_ADMIN, &data[..cb_data]) {
|
||||
error!("could not write admin data, err = {}", e);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user