* Enable library users to detect if a smart card doesn't support PIV
Closesiqlusioninc/yubikey.rs#456.
* Avoid resetting the card if we fail to select PIV or fetch version/serial
Re-exports types from the toplevel instead of placing them in individual
modules (often which only contain one type).
This makes the API easier for users to navigate, while still retaining
the same module structure internally.
Additionally, this commit uses the `uuid` crate for modeling UUIDs.
Adds a `yubikey::Result` alias with `yubikey::Error` as the error type.
Since we only have one `Error` type, this simplifies the return types
where a `Result` is returned.
Renames the following to match Rust idioms:
- `APDU` => `Apdu`
- `CCC` => `Ccc`
- `CHUID` => `ChuId`
Also removes `Copy` from `mscmap::Container`, which fixes a clippy lint
about its usage of `to_bytes`.
MgmKey::set_protected and YubiKey::set_pin_last_changed both contained
bugs resulting from the conversion of C pointer logic (incorrect buffer
management). The new Metadata struct holds its own buffer, avoiding the
problem.
Also adds a protected management key integration test.
This factors the junk drawer of constants into the relevant files.
There are still a few "global" ones left but they can be addressed in a
followup commit.
YubiKey NEOs are legacy YubiKey devices, most of which contain
unpatchable security vulnerabilities.
They have smaller buffer sizes than YK4 and YK5, which necessitates a
whole bunch of conditional gating and buffer size calculations.
Getting rid of them simplifies this logic and allows us to assume
consistent buffer sizes everywhere.
We never tested on NEOs anyway, and looking at the deleted code it seems
it may have been miscalculating the NEO's buffer size!
If someone *really* wants to support NEOs, it shouldn't be that hard to
restore, but the codebase is definitely cleaner without it.
Adds a `yubikey-cli` crate to the workspace, with a `yubikey` binary,
which presently provides a `list` command for listing detected readers.
Dependencies:
- `env_logger`: logging
- `gumdrop`: argument parsing
- `termcolor`: colored terminal output
As this repo now contains a binary, it also checks in `Cargo.lock`.
Adds a `yubikey_piv::Readers` type which opens a PC/SC context and can
enumerate detected PC/SC readers with a slightly more ergonomic API than
what's provided in the upstream crate.
Does not support actually instantiating a `YubiKey` from a `Reader<'_>`
yet, but ideally all connections to YubiKeys should go through this API.
- Forbids unsafe code
- Adds a "Safety Dance" badge
- Fixes the GitHub Actions status badge
- Fixes up links that changed with the move to `iqlusioninc` org
This commit merges the `apdu` and `response` modules: the responses are
APDU responses, and so the two are related.
This also moves the `trace` logging into the APDU type, which allows it
to display `Debug` output for APDUs and responses, which makes it easier
to understand what's going on (and will be even better once instructions
are converted into an enum so you can actually see what's happening).
This adds an `untested` feature to any functions which have not yet been
tested live against a YubiKey device (which is presently pretty much
everything).
This sets a clear expectation of what is presently supported, and
additionally documents the status in the README (and a series of GitHub
issues).
Adds a `cargo build --all-features` to GitHub Actions' `test` step in
order to make sure that `untested` functionality still compiles.
This commit adds quite a bit of documentation about the current status
of the project, including links to GitHub issues for the different Rust
modules which map to specific pieces of functionality.
The intent is to track the current status of the project in the
README.md as that's more up-to-date than the docs.rs documentation
(which depends on a crate release to get updated).
Adds an extremely basic initial test to ensure that we are able to
connect to a YubiKey.
The test is marked `#[ignore]` in the hope that we can eventually start
adding tests which run in CI, e.g. against a mock card.
This also includes a fix for calculating the APDU size, since the ones
we were sending originally were overly long.
This commit contains a "big bang" refactor/rewrite which does the
following:
- Replaces all `SCard*` FFI calls with the `pcsc` crate, which provides
a safe, portable PC/SC API across Windows, macOS, and Linux
- Refactors the `util` module into modules representing the various
device functions and concepts, e.g. `certificate`, `key`, `mgm`
- Replaces all usage of `libc` with `std` functionality, and in many
places rewriting functionality to use safe code.
- Removes `ykpiv_` from all function names, and `Piv*` from type names.
In 20/20 hindsight I wish I had done this commit more incrementally so
as to make it easier to review. Que sera sera.
However, realistically we need to test all functionality on the device
to ensure that it actually works. Going forward I would like to put
pretty much all of the current code behind an `untested` cargo feature,
and then remove it for each bit of functionality we test.
This commit gets the Rust code to compile! 🎉
Additionally, it fixes all of the commented out code that was failing
translation from C due to the use of unions, namely around the APDU
messages.
It does a fair amount of reformatting around branches, with the net
result hopefully being something actually a bit closer to the C code,
and a straightforward list of `if` statements.
It also removes all of the remaining externs that aren't supposed to be
externs, replacing them with a more straightforward usage of the module
system.
Finally it fixes all errors and warnings (relating to e.g. usage of
uninitialized memory), in addition to most clippy lints! (some have
been explicitly disabled)
All that said, it still doesn't do anything: it needs to be wired up to
a PCSC library first before that will be possible. But hey, it compiles!
This commit contains a multitude of fixes and some initial translation
work so the first rustc pass compiles.
It removes `unsafe extern "C"` declarations, so now there are a number
of errors about invocations of unsafe functions that need to be
addressed. They should each be scoped to an `unsafe` block so as to aid
in an eventual safe translation.
Some of the functions are now using the module system rather than
`extern "C"` bindings, but the translation is not complete.