diff --git a/Cargo.lock b/Cargo.lock index 983ccff8..2bdd42f0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -277,17 +277,6 @@ dependencies = [ "version_check", ] -[[package]] -name = "getrandom" -version = "0.1.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce" -dependencies = [ - "cfg-if", - "libc", - "wasi 0.9.0+wasi-snapshot-preview1", -] - [[package]] name = "getrandom" version = "0.2.3" @@ -296,7 +285,7 @@ checksum = "7fcd999463524c52659517fe2cea98493cfe485d10565e7b0fb07dbba7ad2753" dependencies = [ "cfg-if", "libc", - "wasi 0.10.2+wasi-snapshot-preview1", + "wasi", ] [[package]] @@ -632,7 +621,7 @@ version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7" dependencies = [ - "getrandom 0.2.3", + "getrandom", ] [[package]] @@ -893,7 +882,7 @@ version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bc5cf98d8186244414c848017f0e2676b3fcb46807f6668a97dfe67359a3c4b7" dependencies = [ - "getrandom 0.2.3", + "getrandom", ] [[package]] @@ -902,12 +891,6 @@ version = "0.9.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5fecdca9a5291cc2b8dcf7dc02453fee791a280f3743cb0905f8822ae463b3fe" -[[package]] -name = "wasi" -version = "0.9.0+wasi-snapshot-preview1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519" - [[package]] name = "wasi" version = "0.10.2+wasi-snapshot-preview1" @@ -989,7 +972,6 @@ dependencies = [ "des", "elliptic-curve", "env_logger", - "getrandom 0.1.16", "hmac", "lazy_static", "log", @@ -1001,6 +983,7 @@ dependencies = [ "p384", "pbkdf2", "pcsc", + "rand_core", "rsa", "secrecy", "sha-1", diff --git a/Cargo.toml b/Cargo.toml index 7bfa1f56..be5ff91f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -27,17 +27,17 @@ cookie-factory = "0.3" der-parser = "5" des = "0.7" elliptic-curve = "0.10" -getrandom = "0.1" hmac = "0.11" log = "0.4" nom = "6" -num-bigint-dig = { version = "0.7", features = ["rand"], package = "num-bigint-dig" } +num-bigint-dig = { version = "0.7", features = ["rand"] } num-traits = "0.2" num-integer = "0.1" pbkdf2 = { version = "0.8", default-features = false } p256 = "0.9" p384 = "0.8" pcsc = "2" +rand_core = { version = "0.6", features = ["std"] } rsa = "0.4" secrecy = "0.7" sha-1 = "0.9" diff --git a/src/cccid.rs b/src/cccid.rs index cae71356..bea6e72a 100644 --- a/src/cccid.rs +++ b/src/cccid.rs @@ -31,7 +31,7 @@ // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. use crate::{Error, Result, YubiKey}; -use getrandom::getrandom; +use rand_core::{OsRng, RngCore}; use std::{ fmt::{self, Debug, Display}, str, @@ -68,10 +68,10 @@ impl CardId { pub const BYTE_SIZE: usize = 14; /// Generate a random CCC Card ID - pub fn generate() -> Result { + pub fn generate() -> Self { let mut id = [0u8; Self::BYTE_SIZE]; - getrandom(&mut id).map_err(|_| Error::RandomnessError)?; - Ok(Self(id)) + OsRng.fill_bytes(&mut id); + Self(id) } } diff --git a/src/config.rs b/src/config.rs index 7f366fda..07a58d53 100644 --- a/src/config.rs +++ b/src/config.rs @@ -65,17 +65,22 @@ pub struct Config { pub mgm_type: MgmType, } -impl Config { - /// Get YubiKey config. - pub(crate) fn get(yubikey: &mut YubiKey) -> Result { - let mut config = Config { +impl Default for Config { + fn default() -> Config { + Config { protected_data_available: false, puk_blocked: false, puk_noblock_on_upgrade: false, pin_last_changed: None, mgm_type: MgmType::Manual, - }; + } + } +} +impl Config { + /// Get YubiKey config. + pub(crate) fn get(yubikey: &mut YubiKey) -> Result { + let mut config = Self::default(); let txn = yubikey.begin_transaction()?; if let Ok(admin_data) = AdminData::read(&txn) { diff --git a/src/error.rs b/src/error.rs index d891b5ac..4912c990 100644 --- a/src/error.rs +++ b/src/error.rs @@ -81,9 +81,6 @@ pub enum Error { /// PIN locked PinLocked, - /// Randomness error - RandomnessError, - /// Range error RangeError, @@ -116,7 +113,6 @@ impl Error { Error::ParseError => "YKPIV_PARSE_ERROR", Error::PcscError { .. } => "YKPIV_PCSC_ERROR", Error::PinLocked => "YKPIV_PIN_LOCKED", - Error::RandomnessError => "YKPIV_RANDOMNESS_ERROR", Error::RangeError => "YKPIV_RANGE_ERROR", Error::SizeError => "YKPIV_SIZE_ERROR", Error::WrongPin { .. } => "YKPIV_WRONG_PIN", @@ -140,7 +136,6 @@ impl Error { Error::ParseError => "parse error", Error::PcscError { .. } => "PC/SC error", Error::PinLocked => "PIN locked", - Error::RandomnessError => "randomness error", Error::RangeError => "range error", Error::SizeError => "size error", Error::WrongPin { .. } => "wrong pin", diff --git a/src/key.rs b/src/key.rs index ca938517..d5dc1e73 100644 --- a/src/key.rs +++ b/src/key.rs @@ -47,20 +47,19 @@ use crate::{ yubikey::YubiKey, Buffer, ObjectId, }; -use log::debug; +use elliptic_curve::sec1::EncodedPoint as EcPublicKey; +use log::{debug, error, warn}; +use rsa::{BigUint, RSAPublicKey}; use std::convert::TryFrom; #[cfg(feature = "untested")] -use crate::CB_OBJ_MAX; -use elliptic_curve::sec1::EncodedPoint as EcPublicKey; -use log::{error, warn}; -#[cfg(feature = "untested")] -use num_bigint_dig::traits::ModInverse; -#[cfg(feature = "untested")] -use num_integer::Integer; -#[cfg(feature = "untested")] -use num_traits::{FromPrimitive, One}; -use rsa::{BigUint, RSAPublicKey}; +use { + crate::CB_OBJ_MAX, + num_bigint_dig::traits::ModInverse, + num_integer::Integer, + num_traits::{FromPrimitive, One}, +}; + #[cfg(feature = "untested")] use zeroize::Zeroizing; diff --git a/src/mgm.rs b/src/mgm.rs index d3473250..0c4aca60 100644 --- a/src/mgm.rs +++ b/src/mgm.rs @@ -31,8 +31,8 @@ // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. use crate::{Error, Result}; -use getrandom::getrandom; use log::error; +use rand_core::{OsRng, RngCore}; use std::convert::{TryFrom, TryInto}; use zeroize::{Zeroize, Zeroizing}; @@ -97,14 +97,10 @@ pub struct MgmKey([u8; DES_LEN_3DES]); impl MgmKey { /// Generate a random MGM key - pub fn generate() -> Result { + pub fn generate() -> Self { let mut key_bytes = [0u8; DES_LEN_3DES]; - - if getrandom(&mut key_bytes).is_err() { - return Err(Error::RandomnessError); - } - - MgmKey::new(key_bytes) + OsRng.fill_bytes(&mut key_bytes); + Self(key_bytes) } /// Create an MGM key from byte slice. @@ -127,7 +123,7 @@ impl MgmKey { return Err(Error::KeyError); } - Ok(MgmKey(key_bytes)) + Ok(Self(key_bytes)) } /// Get derived management key (MGM) @@ -152,7 +148,6 @@ impl MgmKey { let mut mgm = [0u8; DES_LEN_3DES]; pbkdf2::>(pin, &salt, ITER_MGM_PBKDF2, &mut mgm); - MgmKey::from_bytes(mgm) } diff --git a/src/yubikey.rs b/src/yubikey.rs index e6e14943..cb9f9e18 100644 --- a/src/yubikey.rs +++ b/src/yubikey.rs @@ -42,6 +42,7 @@ use crate::{ }; use log::{error, info}; use pcsc::Card; +use rand_core::{OsRng, RngCore}; use std::{ convert::{TryFrom, TryInto}, fmt::{self, Display}, @@ -49,15 +50,14 @@ use std::{ }; #[cfg(feature = "untested")] -use crate::{ - apdu::StatusWords, metadata::AdminData, transaction::ChangeRefAction, Buffer, ObjectId, - MGMT_AID, TAG_ADMIN_FLAGS_1, TAG_ADMIN_TIMESTAMP, +use { + crate::{ + apdu::StatusWords, metadata::AdminData, transaction::ChangeRefAction, Buffer, ObjectId, + MGMT_AID, TAG_ADMIN_FLAGS_1, TAG_ADMIN_TIMESTAMP, + }, + secrecy::ExposeSecret, + std::time::{SystemTime, UNIX_EPOCH}, }; -use getrandom::getrandom; -#[cfg(feature = "untested")] -use secrecy::ExposeSecret; -#[cfg(feature = "untested")] -use std::time::{SystemTime, UNIX_EPOCH}; /// Flag for PUK blocked pub(crate) const ADMIN_FLAGS_1_PUK_BLOCKED: u8 = 0x01; @@ -294,11 +294,7 @@ impl YubiKey { data[4..12].copy_from_slice(&response); data[12] = 0x81; data[13] = 8; - - if getrandom(&mut data[14..22]).is_err() { - error!("failed getting randomness for authentication"); - return Err(Error::RandomnessError); - } + OsRng.fill_bytes(&mut data[14..22]); let mut challenge = [0u8; 8]; challenge.copy_from_slice(&data[14..22]); diff --git a/tests/integration.rs b/tests/integration.rs index 9e6fcca0..810c4775 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -3,9 +3,9 @@ #![forbid(unsafe_code)] #![warn(missing_docs, rust_2018_idioms, trivial_casts, unused_qualifications)] -use getrandom::getrandom; use lazy_static::lazy_static; use log::trace; +use rand_core::{OsRng, RngCore}; use rsa::{hash::Hash::SHA2_256, PaddingScheme, PublicKey}; use sha2::{Digest, Sha256}; use std::{convert::TryInto, env, sync::Mutex}; @@ -120,16 +120,13 @@ fn test_set_mgmkey() { assert!(yubikey.authenticate(MgmKey::default()).is_ok()); // Set a protected management key. - assert!(MgmKey::generate() - .unwrap() - .set_protected(&mut yubikey) - .is_ok()); + assert!(MgmKey::generate().set_protected(&mut yubikey).is_ok()); let protected = MgmKey::get_protected(&mut yubikey).unwrap(); assert!(yubikey.authenticate(MgmKey::default()).is_err()); assert!(yubikey.authenticate(protected.clone()).is_ok()); // Set a manual management key. - let manual = MgmKey::generate().unwrap(); + let manual = MgmKey::generate(); assert!(manual.set_manual(&mut yubikey, false).is_ok()); assert!(MgmKey::get_protected(&mut yubikey).is_err()); assert!(yubikey.authenticate(MgmKey::default()).is_err()); @@ -167,7 +164,7 @@ fn generate_self_signed_cert(algorithm: AlgorithmId) -> Certificate { .unwrap(); let mut serial = [0u8; 20]; - getrandom(&mut serial).unwrap(); + OsRng.fill_bytes(&mut serial); // Generate a self-signed certificate for the new key. let extensions: &[x509::Extension<'_, &[u64]>] = &[];