Replace getrandom with rand_core

`rand_core::OsRng` provides a facade over `getrandom` which simplifies error handling.
iqlusioninc · Jul 12, 2021 · b93b92f · b93b92f
1 parent 1018127
commit b93b92f
Show file tree

Hide file tree

Showing 9 changed files with 46 additions and 73 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -27,17 +27,17 @@ cookie-factory = "0.3"
 der-parser = "5"
 des = "0.7"
 elliptic-curve = "0.10"
-getrandom = "0.1"
 hmac = "0.11"
 log = "0.4"
 nom = "6"
-num-bigint-dig = { version = "0.7", features = ["rand"], package = "num-bigint-dig" }
+num-bigint-dig = { version = "0.7", features = ["rand"] }
 num-traits = "0.2"
 num-integer = "0.1"
 pbkdf2 = { version = "0.8", default-features = false }
 p256 = "0.9"
 p384 = "0.8"
 pcsc = "2"
+rand_core = { version = "0.6", features = ["std"] }
 rsa = "0.4"
 secrecy = "0.7"
 sha-1 = "0.9"

diff --git a/src/cccid.rs b/src/cccid.rs
@@ -31,7 +31,7 @@
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 use crate::{Error, Result, YubiKey};
-use getrandom::getrandom;
+use rand_core::{OsRng, RngCore};
 use std::{
     fmt::{self, Debug, Display},
     str,
@@ -68,10 +68,10 @@ impl CardId {
     pub const BYTE_SIZE: usize = 14;
 
     /// Generate a random CCC Card ID
-    pub fn generate() -> Result<Self> {
+    pub fn generate() -> Self {
         let mut id = [0u8; Self::BYTE_SIZE];
-        getrandom(&mut id).map_err(|_| Error::RandomnessError)?;
-        Ok(Self(id))
+        OsRng.fill_bytes(&mut id);
+        Self(id)
     }
 }
 

diff --git a/src/config.rs b/src/config.rs
@@ -65,17 +65,22 @@ pub struct Config {
     pub mgm_type: MgmType,
 }
 
-impl Config {
-    /// Get YubiKey config.
-    pub(crate) fn get(yubikey: &mut YubiKey) -> Result<Config> {
-        let mut config = Config {
+impl Default for Config {
+    fn default() -> Config {
+        Config {
             protected_data_available: false,
             puk_blocked: false,
             puk_noblock_on_upgrade: false,
             pin_last_changed: None,
             mgm_type: MgmType::Manual,
-        };
+        }
+    }
+}
 
+impl Config {
+    /// Get YubiKey config.
+    pub(crate) fn get(yubikey: &mut YubiKey) -> Result<Config> {
+        let mut config = Self::default();
         let txn = yubikey.begin_transaction()?;
 
         if let Ok(admin_data) = AdminData::read(&txn) {

diff --git a/src/error.rs b/src/error.rs
@@ -81,9 +81,6 @@ pub enum Error {
     /// PIN locked
     PinLocked,
 
-    /// Randomness error
-    RandomnessError,
-
     /// Range error
     RangeError,
 
@@ -116,7 +113,6 @@ impl Error {
             Error::ParseError => "YKPIV_PARSE_ERROR",
             Error::PcscError { .. } => "YKPIV_PCSC_ERROR",
             Error::PinLocked => "YKPIV_PIN_LOCKED",
-            Error::RandomnessError => "YKPIV_RANDOMNESS_ERROR",
             Error::RangeError => "YKPIV_RANGE_ERROR",
             Error::SizeError => "YKPIV_SIZE_ERROR",
             Error::WrongPin { .. } => "YKPIV_WRONG_PIN",
@@ -140,7 +136,6 @@ impl Error {
             Error::ParseError => "parse error",
             Error::PcscError { .. } => "PC/SC error",
             Error::PinLocked => "PIN locked",
-            Error::RandomnessError => "randomness error",
             Error::RangeError => "range error",
             Error::SizeError => "size error",
             Error::WrongPin { .. } => "wrong pin",

diff --git a/src/key.rs b/src/key.rs
@@ -47,20 +47,19 @@ use crate::{
     yubikey::YubiKey,
     Buffer, ObjectId,
 };
-use log::debug;
+use elliptic_curve::sec1::EncodedPoint as EcPublicKey;
+use log::{debug, error, warn};
+use rsa::{BigUint, RSAPublicKey};
 use std::convert::TryFrom;
 
 #[cfg(feature = "untested")]
-use crate::CB_OBJ_MAX;
-use elliptic_curve::sec1::EncodedPoint as EcPublicKey;
-use log::{error, warn};
-#[cfg(feature = "untested")]
-use num_bigint_dig::traits::ModInverse;
-#[cfg(feature = "untested")]
-use num_integer::Integer;
-#[cfg(feature = "untested")]
-use num_traits::{FromPrimitive, One};
-use rsa::{BigUint, RSAPublicKey};
+use {
+    crate::CB_OBJ_MAX,
+    num_bigint_dig::traits::ModInverse,
+    num_integer::Integer,
+    num_traits::{FromPrimitive, One},
+};
+
 #[cfg(feature = "untested")]
 use zeroize::Zeroizing;
 

diff --git a/src/mgm.rs b/src/mgm.rs
@@ -31,8 +31,8 @@
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 use crate::{Error, Result};
-use getrandom::getrandom;
 use log::error;
+use rand_core::{OsRng, RngCore};
 use std::convert::{TryFrom, TryInto};
 use zeroize::{Zeroize, Zeroizing};
 
@@ -97,14 +97,10 @@ pub struct MgmKey([u8; DES_LEN_3DES]);
 
 impl MgmKey {
     /// Generate a random MGM key
-    pub fn generate() -> Result<Self> {
+    pub fn generate() -> Self {
         let mut key_bytes = [0u8; DES_LEN_3DES];
-
-        if getrandom(&mut key_bytes).is_err() {
-            return Err(Error::RandomnessError);
-        }
-
-        MgmKey::new(key_bytes)
+        OsRng.fill_bytes(&mut key_bytes);
+        Self(key_bytes)
     }
 
     /// Create an MGM key from byte slice.
@@ -127,7 +123,7 @@ impl MgmKey {
             return Err(Error::KeyError);
         }
 
-        Ok(MgmKey(key_bytes))
+        Ok(Self(key_bytes))
     }
 
     /// Get derived management key (MGM)
@@ -152,7 +148,6 @@ impl MgmKey {
 
         let mut mgm = [0u8; DES_LEN_3DES];
         pbkdf2::<Hmac<Sha1>>(pin, &salt, ITER_MGM_PBKDF2, &mut mgm);
-
         MgmKey::from_bytes(mgm)
     }
 

diff --git a/src/yubikey.rs b/src/yubikey.rs
@@ -42,22 +42,22 @@ use crate::{
 };
 use log::{error, info};
 use pcsc::Card;
+use rand_core::{OsRng, RngCore};
 use std::{
     convert::{TryFrom, TryInto},
     fmt::{self, Display},
     str::FromStr,
 };
 
 #[cfg(feature = "untested")]
-use crate::{
-    apdu::StatusWords, metadata::AdminData, transaction::ChangeRefAction, Buffer, ObjectId,
-    MGMT_AID, TAG_ADMIN_FLAGS_1, TAG_ADMIN_TIMESTAMP,
+use {
+    crate::{
+        apdu::StatusWords, metadata::AdminData, transaction::ChangeRefAction, Buffer, ObjectId,
+        MGMT_AID, TAG_ADMIN_FLAGS_1, TAG_ADMIN_TIMESTAMP,
+    },
+    secrecy::ExposeSecret,
+    std::time::{SystemTime, UNIX_EPOCH},
 };
-use getrandom::getrandom;
-#[cfg(feature = "untested")]
-use secrecy::ExposeSecret;
-#[cfg(feature = "untested")]
-use std::time::{SystemTime, UNIX_EPOCH};
 
 /// Flag for PUK blocked
 pub(crate) const ADMIN_FLAGS_1_PUK_BLOCKED: u8 = 0x01;
@@ -294,11 +294,7 @@ impl YubiKey {
         data[4..12].copy_from_slice(&response);
         data[12] = 0x81;
         data[13] = 8;
-
-        if getrandom(&mut data[14..22]).is_err() {
-            error!("failed getting randomness for authentication");
-            return Err(Error::RandomnessError);
-        }
+        OsRng.fill_bytes(&mut data[14..22]);
 
         let mut challenge = [0u8; 8];
         challenge.copy_from_slice(&data[14..22]);

diff --git a/tests/integration.rs b/tests/integration.rs
@@ -3,9 +3,9 @@
 #![forbid(unsafe_code)]
 #![warn(missing_docs, rust_2018_idioms, trivial_casts, unused_qualifications)]
 
-use getrandom::getrandom;
 use lazy_static::lazy_static;
 use log::trace;
+use rand_core::{OsRng, RngCore};
 use rsa::{hash::Hash::SHA2_256, PaddingScheme, PublicKey};
 use sha2::{Digest, Sha256};
 use std::{convert::TryInto, env, sync::Mutex};
@@ -167,7 +167,7 @@ fn generate_self_signed_cert(algorithm: AlgorithmId) -> Certificate {
     .unwrap();
 
     let mut serial = [0u8; 20];
-    getrandom(&mut serial).unwrap();
+    OsRng.fill_bytes(&mut serial);
 
     // Generate a self-signed certificate for the new key.
     let extensions: &[x509::Extension<'_, &[u64]>] = &[];