Commit Graph

120 Commits

Author SHA1 Message Date
Carl Wallace 77302af21e address formatting per cargo fmt 2019-11-30 14:22:33 -05:00
Carl Wallace 78288b4200 address formatting and documentation issues flagged by clippy 2019-11-30 14:13:34 -05:00
Jack Grigg a61a6fd94b Define more YubiKey-recognized status words
Recognized values sourced from https://github.com/Yubico/yubikey-manager
NotFoundError and NoSpaceError are specified in SP 800-73-4 Table 6.
2019-11-30 15:39:11 +00:00
Jack Grigg cfef291ad9 Use u16 for raw StatusWords 2019-11-30 15:39:10 +00:00
Jack Grigg 4b5cd8dd45 Make PIN verification failure a StatusWord case
Retry count is now u8, as  it cannot exceed 16 (being returned in the
lower half of SW2).
2019-11-30 15:39:09 +00:00
Jack Grigg 9fe363661e verify_pin: Don't set APDU data for empty PIN 2019-11-30 15:16:15 +00:00
Tony Arcieri 7f3d821df2 Add #![forbid(unsafe_code)]; fix up README.md badges and links
- Forbids unsafe code
- Adds a "Safety Dance" badge
- Fixes the GitHub Actions status badge
- Fixes up links that changed with the move to `iqlusioninc` org
2019-11-29 10:06:52 -08:00
Carl Wallace 4210571da3 Change CHUID struct to hold complete CHUID value. Add getters for subcomponents. Add additional consts to support this. Modified CCCID struct to be public (as prelude to similar treatment). 2019-11-29 09:31:24 -05:00
Jack Grigg 1db929c10f Mark excluded nested match branches as unreachable 2019-11-29 00:09:08 +00:00
Jack Grigg 8240575bb4 Rewrite YubiKey::import_private_key without unsafe 2019-11-28 23:44:16 +00:00
Jack Grigg 1935216cf3 Rewrite MsRoots::read without unsafe 2019-11-28 23:43:02 +00:00
Jack Grigg 7c08674fac Use slice::copy_within in metadata::read 2019-11-28 23:43:01 +00:00
Jack Grigg 8b86a0f578 Rewrite metadata::get_item without unsafe 2019-11-28 23:42:55 +00:00
Jack Grigg bd5669d9ef Rewrite metadata::set_item without unsafe
Also re-introduces some comments that were lost during corrosion.
2019-11-28 23:06:09 +00:00
Jack Grigg afb6a9479e Use slice::copy_within in read_certificate 2019-11-28 23:03:11 +00:00
Jack Grigg 48d0a2ab04 Use slice::copy_from_slice in Transaction::change_pin 2019-11-28 23:02:33 +00:00
Carl Wallace 13b350f822 change length comparison to is_empty check per clippy 2019-11-27 15:26:13 -05:00
Carl Wallace 0f1ef2f519 Make anonymous field of CHUID struct public. Remove spurious -2 instances inside Transaction::transfer_data (the Response object is already eating the status words) 2019-11-27 15:09:53 -05:00
Tony Arcieri 5bf27f5422 Have sign_data and decrypt_data return a Buffer 2019-11-26 11:06:11 -08:00
Tony Arcieri debde6e765 Ins (APDU instruction codes) enum
Converts a bag of constant values (`YKPIV_INS_*`) into an enum
representing APDU instruction codes (a.k.a. `ins`).

Among other things, this makes the `Debug` output for `APDU` more human
meaningful, since it can print a text label for the instruction rather
than a code number, which is helpful in trace debugging.
2019-11-26 09:52:19 -08:00
Tony Arcieri d3af2f2d80 Factor Response into apdu module; improved debugging
This commit merges the `apdu` and `response` modules: the responses are
APDU responses, and so the two are related.

This also moves the `trace` logging into the APDU type, which allows it
to display `Debug` output for APDUs and responses, which makes it easier
to understand what's going on (and will be even better once instructions
are converted into an enum so you can actually see what's happening).
2019-11-26 09:15:48 -08:00
Tony Arcieri 77d9dd6e97 v0.0.2 2019-11-25 15:27:04 -08:00
Tony Arcieri a23af7dc31 Add untested Cargo feature for untested functionality
This adds an `untested` feature to any functions which have not yet been
tested live against a YubiKey device (which is presently pretty much
everything).

This sets a clear expectation of what is presently supported, and
additionally documents the status in the README (and a series of GitHub
issues).

Adds a `cargo build --all-features` to GitHub Actions' `test` step in
order to make sure that `untested` functionality still compiles.
2019-11-25 15:04:32 -08:00
Tony Arcieri cf8f3c88cf Document project status in README.md and lib.rs
This commit adds quite a bit of documentation about the current status
of the project, including links to GitHub issues for the different Rust
modules which map to specific pieces of functionality.

The intent is to track the current status of the project in the
README.md as that's more up-to-date than the docs.rs documentation
(which depends on a crate release to get updated).
2019-11-25 13:42:22 -08:00
Tony Arcieri fd77e9f844 tests: Initial connect test and docs
Adds an extremely basic initial test to ensure that we are able to
connect to a YubiKey.

The test is marked `#[ignore]` in the hope that we can eventually start
adding tests which run in CI, e.g. against a mock card.

This also includes a fix for calculating the APDU size, since the ones
we were sending originally were overly long.
2019-11-25 10:00:56 -08:00
Tony Arcieri 63d7a21c9d transaction: Fix fetch_object result slicing
Needs to match the original C code:

    memmove(data, data + 1 + offs, outlen);
2019-11-25 09:00:53 -08:00
Tony Arcieri 79b1142f21 Remove usages of YKPIV_OBJ_MAX_SIZE
...replacing them with `CB_BUF_MAX`.

Both constants are 3072, however `CB_BUF_MAX` is what the original code
was using.

See discussion here:

https://github.com/tarcieri/yubikey-piv.rs/pull/17#discussion_r350166104
2019-11-25 08:49:29 -08:00
Tony Arcieri 67ed32cbf9 msroots: Use clippy's suggested logic simplification
Also the same one @str4d made originally, guess I should've listened!

https://github.com/tarcieri/yubikey-piv.rs/pull/17#discussion_r349964456
2019-11-25 08:36:30 -08:00
Tony Arcieri c54f66acb4 transaction: Always require padded PIN for verify_pin
Callers of this function always pad up to `CB_PIN_MAX` with `0xFF`.

The logic being changed here was previously identical to the `_verify`
function in `ykpiv.c`:

https://github.com/Yubico/yubico-piv-tool/blob/8ba243f/lib/ykpiv.c#L1299

...but @str4d noticed this potentially allows a caller to send an
unpadded PIN, which may (or may not) be an issue.
2019-11-25 08:27:54 -08:00
Tony Arcieri 6e4819bad1 msroots: Match original C logic for MSROOTS tag matching 2019-11-25 08:26:05 -08:00
Tony Arcieri a9d7996aa6 metadata: Re-add check that we're not at end-of-buffer
It seems like given we're inside a while loop which also has this
conditional, the original code should've been fine, but this change
makes it closer to the original C code.
2019-11-25 08:22:12 -08:00
Tony Arcieri 9367218c7d Apply suggestions from code review
More of @str4d's suggested changes

Co-Authored-By: str4d <thestr4d@gmail.com>
2019-11-25 07:38:33 -08:00
Tony Arcieri e18828d048 Apply suggestions from code review
@str4d's suggested fixes

Co-Authored-By: str4d <thestr4d@gmail.com>
2019-11-25 07:19:20 -08:00
Tony Arcieri ebbf043bc9 Rewrite translated code to use the pcsc crate
This commit contains a "big bang" refactor/rewrite which does the
following:

- Replaces all `SCard*` FFI calls with the `pcsc` crate, which provides
  a safe, portable PC/SC API across Windows, macOS, and Linux
- Refactors the `util` module into modules representing the various
  device functions and concepts, e.g. `certificate`, `key`, `mgm`
- Replaces all usage of `libc` with `std` functionality, and in many
  places rewriting functionality to use safe code.
- Removes `ykpiv_` from all function names, and `Piv*` from type names.

In 20/20 hindsight I wish I had done this commit more incrementally so
as to make it easier to review. Que sera sera.

However, realistically we need to test all functionality on the device
to ensure that it actually works. Going forward I would like to put
pretty much all of the current code behind an `untested` cargo feature,
and then remove it for each bit of functionality we test.
2019-11-24 16:36:43 -08:00
Tony Arcieri bd485eb912 Clean up APDU construction with builder API
Changes the `APDU` struct into a builder for serialized APDU messages.

This makes APDU construction safer and more idiomatic, and also caught a
few bugs in the process (missing templ from the C translation).
2019-11-21 09:05:32 -08:00
Tony Arcieri b5bee1aa2f Factor yubikey module fns into struct methods
Moves all of the functions in the `yubikey` module into an
`impl YubiKey` block, and changes the receiver to `&mut self` making
them methods.
2019-11-21 08:20:08 -08:00
Tony Arcieri f372cfc2a7 Rename ErrorKind to Error
There was originally another `Error` type from the translation. Now that
it's gone, and we don't presently have a type just named `Error`, this
renames the current `ErrorKind` type now that the original was deleted.
2019-11-21 07:41:29 -08:00
Jack Grigg d01d2dec84 Minor internal cleanups 2019-11-21 13:15:57 +00:00
Jack Grigg 7412c02892 Remove dead code from internals 2019-11-21 13:12:46 +00:00
Jack Grigg 6e24660a80 Clean up internal::setting_get_bool 2019-11-21 13:10:23 +00:00
Jack Grigg a71389a820 Remove completed TODO 2019-11-21 00:48:48 +00:00
Jack Grigg 35cc1bbf72 Address clippy lints 2019-11-21 00:44:49 +00:00
Jack Grigg 86fde50c2d Use des crate for 3DES operations 2019-11-21 00:37:16 +00:00
Jack Grigg c5a486cb4b Replace PKCS5_PBKDF2_HMAC_SHA1 with crates
Also tidies up ykpiv_util_get_derived_mgm (which was the only consumer
of the function) and fixes some porting bugs.
2019-11-20 21:20:01 +00:00
Jack Grigg c0bbf9aa06 Replace RAND_bytes with getrandom crate 2019-11-20 21:02:28 +00:00
Tony Arcieri c3d5df1643 Use log crate for logging
Switches all of the previous `state->verbose`-gated `eprintln!` calls to
use macros from the `log` crate, trying to map them onto the previous
verbosity levels, more or less following this mapping:

0. off
1. error/info/warn (depending on context)
2. trace

This additionally includes a bunch of logic/branch reformatting (and
occasional missed constants), since getting rid of all the gating on
verbose provided ample opportunities to clean up the code. Hopefully I
didn't break too much in the process!
2019-11-20 11:34:07 -08:00
Jack Grigg 683e463824 Silence _ykpiv_end_transaction "unused Result" clippy warnings
These calls will be replaced when the pcsc crate is introduced.
2019-11-20 12:38:48 +00:00
Jack Grigg ce55e08af8 Explicitly ignore _cache_pin errors
The only error that _cache_pin can return is a memory allocation failure
which will likely be removed during the refactor.
2019-11-20 12:35:38 +00:00
Jack Grigg 88ec6bcb32 Remove redundant Result from ykpiv_disconnect 2019-11-20 12:32:19 +00:00
Jack Grigg b23ed1d48a Pass response to ykpiv_auth_verifyresponse by value 2019-11-20 12:32:04 +00:00