Commit Graph

147 Commits

Author SHA1 Message Date
Tony Arcieri cf8f3c88cf Document project status in README.md and lib.rs
This commit adds quite a bit of documentation about the current status
of the project, including links to GitHub issues for the different Rust
modules which map to specific pieces of functionality.

The intent is to track the current status of the project in the
README.md as that's more up-to-date than the docs.rs documentation
(which depends on a crate release to get updated).
2019-11-25 13:42:22 -08:00
Tony Arcieri fd77e9f844 tests: Initial connect test and docs
Adds an extremely basic initial test to ensure that we are able to
connect to a YubiKey.

The test is marked `#[ignore]` in the hope that we can eventually start
adding tests which run in CI, e.g. against a mock card.

This also includes a fix for calculating the APDU size, since the ones
we were sending originally were overly long.
2019-11-25 10:00:56 -08:00
Tony Arcieri 63d7a21c9d transaction: Fix fetch_object result slicing
Needs to match the original C code:

    memmove(data, data + 1 + offs, outlen);
2019-11-25 09:00:53 -08:00
Tony Arcieri 79b1142f21 Remove usages of YKPIV_OBJ_MAX_SIZE
...replacing them with `CB_BUF_MAX`.

Both constants are 3072, however `CB_BUF_MAX` is what the original code
was using.

See discussion here:

https://github.com/tarcieri/yubikey-piv.rs/pull/17#discussion_r350166104
2019-11-25 08:49:29 -08:00
Tony Arcieri 67ed32cbf9 msroots: Use clippy's suggested logic simplification
Also the same one @str4d made originally, guess I should've listened!

https://github.com/tarcieri/yubikey-piv.rs/pull/17#discussion_r349964456
2019-11-25 08:36:30 -08:00
Tony Arcieri c54f66acb4 transaction: Always require padded PIN for verify_pin
Callers of this function always pad up to `CB_PIN_MAX` with `0xFF`.

The logic being changed here was previously identical to the `_verify`
function in `ykpiv.c`:

https://github.com/Yubico/yubico-piv-tool/blob/8ba243f/lib/ykpiv.c#L1299

...but @str4d noticed this potentially allows a caller to send an
unpadded PIN, which may (or may not) be an issue.
2019-11-25 08:27:54 -08:00
Tony Arcieri 6e4819bad1 msroots: Match original C logic for MSROOTS tag matching 2019-11-25 08:26:05 -08:00
Tony Arcieri a9d7996aa6 metadata: Re-add check that we're not at end-of-buffer
It seems like given we're inside a while loop which also has this
conditional, the original code should've been fine, but this change
makes it closer to the original C code.
2019-11-25 08:22:12 -08:00
Tony Arcieri 9367218c7d Apply suggestions from code review
More of @str4d's suggested changes

Co-Authored-By: str4d <thestr4d@gmail.com>
2019-11-25 07:38:33 -08:00
Tony Arcieri e18828d048 Apply suggestions from code review
@str4d's suggested fixes

Co-Authored-By: str4d <thestr4d@gmail.com>
2019-11-25 07:19:20 -08:00
Tony Arcieri ebbf043bc9 Rewrite translated code to use the pcsc crate
This commit contains a "big bang" refactor/rewrite which does the
following:

- Replaces all `SCard*` FFI calls with the `pcsc` crate, which provides
  a safe, portable PC/SC API across Windows, macOS, and Linux
- Refactors the `util` module into modules representing the various
  device functions and concepts, e.g. `certificate`, `key`, `mgm`
- Replaces all usage of `libc` with `std` functionality, and in many
  places rewriting functionality to use safe code.
- Removes `ykpiv_` from all function names, and `Piv*` from type names.

In 20/20 hindsight I wish I had done this commit more incrementally so
as to make it easier to review. Que sera sera.

However, realistically we need to test all functionality on the device
to ensure that it actually works. Going forward I would like to put
pretty much all of the current code behind an `untested` cargo feature,
and then remove it for each bit of functionality we test.
2019-11-24 16:36:43 -08:00
Tony Arcieri bd485eb912 Clean up APDU construction with builder API
Changes the `APDU` struct into a builder for serialized APDU messages.

This makes APDU construction safer and more idiomatic, and also caught a
few bugs in the process (missing templ from the C translation).
2019-11-21 09:05:32 -08:00
Tony Arcieri b5bee1aa2f Factor yubikey module fns into struct methods
Moves all of the functions in the `yubikey` module into an
`impl YubiKey` block, and changes the receiver to `&mut self` making
them methods.
2019-11-21 08:20:08 -08:00
Tony Arcieri f372cfc2a7 Rename ErrorKind to Error
There was originally another `Error` type from the translation. Now that
it's gone, and we don't presently have a type just named `Error`, this
renames the current `ErrorKind` type now that the original was deleted.
2019-11-21 07:41:29 -08:00
Jack Grigg d01d2dec84 Minor internal cleanups 2019-11-21 13:15:57 +00:00
Jack Grigg 7412c02892 Remove dead code from internals 2019-11-21 13:12:46 +00:00
Jack Grigg 6e24660a80 Clean up internal::setting_get_bool 2019-11-21 13:10:23 +00:00
Jack Grigg a71389a820 Remove completed TODO 2019-11-21 00:48:48 +00:00
Jack Grigg 35cc1bbf72 Address clippy lints 2019-11-21 00:44:49 +00:00
Jack Grigg 86fde50c2d Use des crate for 3DES operations 2019-11-21 00:37:16 +00:00
Jack Grigg c5a486cb4b Replace PKCS5_PBKDF2_HMAC_SHA1 with crates
Also tidies up ykpiv_util_get_derived_mgm (which was the only consumer
of the function) and fixes some porting bugs.
2019-11-20 21:20:01 +00:00
Jack Grigg c0bbf9aa06 Replace RAND_bytes with getrandom crate 2019-11-20 21:02:28 +00:00
Tony Arcieri c3d5df1643 Use log crate for logging
Switches all of the previous `state->verbose`-gated `eprintln!` calls to
use macros from the `log` crate, trying to map them onto the previous
verbosity levels, more or less following this mapping:

0. off
1. error/info/warn (depending on context)
2. trace

This additionally includes a bunch of logic/branch reformatting (and
occasional missed constants), since getting rid of all the gating on
verbose provided ample opportunities to clean up the code. Hopefully I
didn't break too much in the process!
2019-11-20 11:34:07 -08:00
Jack Grigg 683e463824 Silence _ykpiv_end_transaction "unused Result" clippy warnings
These calls will be replaced when the pcsc crate is introduced.
2019-11-20 12:38:48 +00:00
Jack Grigg ce55e08af8 Explicitly ignore _cache_pin errors
The only error that _cache_pin can return is a memory allocation failure
which will likely be removed during the refactor.
2019-11-20 12:35:38 +00:00
Jack Grigg 88ec6bcb32 Remove redundant Result from ykpiv_disconnect 2019-11-20 12:32:19 +00:00
Jack Grigg b23ed1d48a Pass response to ykpiv_auth_verifyresponse by value 2019-11-20 12:32:04 +00:00
Jack Grigg 6324f7a75d Document tries field of ErrorKind::WrongPin 2019-11-20 12:26:33 +00:00
Jack Grigg 9252765940 Fix bug in ykpiv_util_block_puk
Introduced in b750b9cbbb.
2019-11-20 12:25:35 +00:00
Jack Grigg a43bddb531 Pointers -> refs in ykpiv_auth_verifyresponse 2019-11-20 12:21:42 +00:00
Jack Grigg 71a334a9b8 fn ykpiv_auth_getchallenge() -> Result<[u8; 8], ErrorKind> 2019-11-20 12:16:58 +00:00
Jack Grigg b750b9cbbb Convert tries pointers into Result elements 2019-11-20 12:07:06 +00:00
Jack Grigg 31ef465571 fn _ykpiv_get_version() -> Result<Version, ErrorKind> 2019-11-20 11:44:13 +00:00
Jack Grigg 90bdda85cb fn _ykpiv_get_serial() -> Result<u32, ErrorKind> 2019-11-20 11:39:58 +00:00
Jack Grigg c394511c60 Convert APDU pointer into mutable reference 2019-11-20 11:31:23 +00:00
Jack Grigg 4e710da32c Remove ErrorKind::Ok 2019-11-20 11:17:17 +00:00
Jack Grigg 7add9bfa41 Convert remaining APIs to Result<(), ErrorKind> 2019-11-20 11:16:44 +00:00
Jack Grigg 6c03ea89ec Return Result<(), ErrorKind> from most internal APIs
Started with _ykpiv_begin_transaction and kept going incrementally until
it compiled again.
2019-11-20 11:09:59 +00:00
Jack Grigg 5733d0b0af Convert Yubikey pointers into mutable references 2019-11-20 01:07:15 +00:00
Jack Grigg 943dd6f146 Return Result<(), ErrorKind> from most APIs
This commit modifies all public APIs where doing so wouldn't require
modifying internal functions.
2019-11-20 01:06:54 +00:00
Tony Arcieri cccdd8dfa9 v0.0.1 2019-11-18 19:10:04 -08:00
Tony Arcieri bf5cda9af9 Remove legacy C implementation
This repository contains the entire history of the C source code since
the project started.

However, the code is largely translated at this point, so keeping the C
code around at this point no longer makes sense. If we need to consult
it or the history of changes, git has them.
2019-11-18 15:47:04 -08:00
Tony Arcieri 7d40a9917e oxidize: Fix second pass of compile errors and commented-out code
This commit gets the Rust code to compile! 🎉

Additionally, it fixes all of the commented out code that was failing
translation from C due to the use of unions, namely around the APDU
messages.

It does a fair amount of reformatting around branches, with the net
result hopefully being something actually a bit closer to the C code,
and a straightforward list of `if` statements.

It also removes all of the remaining externs that aren't supposed to be
externs, replacing them with a more straightforward usage of the module
system.

Finally it fixes all errors and warnings (relating to e.g. usage of
uninitialized memory), in addition to most clippy lints! (some have
been explicitly disabled)

All that said, it still doesn't do anything: it needs to be wired up to
a PCSC library first before that will be possible. But hey, it compiles!
2019-11-18 15:32:45 -08:00
Tony Arcieri 1d86885ab1 oxidize: Fix first pass of compile errors
This commit contains a multitude of fixes and some initial translation
work so the first rustc pass compiles.

It removes `unsafe extern "C"` declarations, so now there are a number
of errors about invocations of unsafe functions that need to be
addressed. They should each be scoped to an `unsafe` block so as to aid
in an eventual safe translation.

Some of the functions are now using the module system rather than
`extern "C"` bindings, but the translation is not complete.
2019-11-17 08:21:48 -08:00
Tony Arcieri 4cd59cb992 oxidize: Add pub mod directives and run rustfmt
Makes all translated files part of the crate, and then runs rustfmt
on all of them, hopefully making them marginally more bearable.
2019-08-10 14:53:25 -07:00
Tony Arcieri 5e0e0fe0c2 oxidize: Fix or note any translation errata
This either fixes or adds "FIXME" notes for any parts of the code that
corrode had trouble translating.

Namely there are a number of places members of the APDU struct(?) were
accessed which corrode failed to translate.
2019-08-10 14:50:36 -07:00
Tony Arcieri 29fe670896 oxidize: Factor into standard Rust crate structure
- Adds initial `Cargo.toml` (and `Cargo.lock` to `.gitignore`)
- Deletes `tool` (it seems hard to `corrode`)
- Moves `lib/tests` => `tests` (we should figure out how to translate them)
- Moves `lib` => `src` to match Rust conventions
- Renames `lib/ykpiv.rs` => `src/lib.rs` to match Rust conventions
- Adds copyright from `ykpiv.h` to the top of all `*.rs` files
2019-08-10 14:49:48 -07:00