mirrors/yubi-oath-rs
1
0
Fork 0
mirror of https://github.com/LordGrimmauld/yubi-oath-rs.git synced 2025-03-04 05:44:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: version check guards

Browse source
This commit is contained in:
Grimmauld 2025-02-15 12:42:43 +01:00
parent d57c03e643
commit 75c869defd
No known key found for this signature in database
2 changed files with 29 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
src/lib.rs
View file

@ -154,6 +154,22 @@ impl OathSession {
&self.version &self.version
} }
fn is_at_least_version(&self, minimum_version: Vec<u8>) -> bool {
for (local, compare) in self.version.iter().zip(minimum_version) {
if *local < compare {
return false;
}
}
true
}
pub fn require_version(&self, version: Vec<u8>) -> Result<(), Error> {
if !self.is_at_least_version(version.to_owned()) {
return Err(Error::Version(self.version.clone(), version));
}
Ok(())
}
pub fn unlock_session(&mut self, key: &[u8]) -> Result<(), Error> { pub fn unlock_session(&mut self, key: &[u8]) -> Result<(), Error> {
let chal = match self.challenge.to_owned() { let chal = match self.challenge.to_owned() {
Some(chal) => chal, Some(chal) => chal,
@ -240,7 +256,7 @@ impl OathSession {
return Err(Error::Authentication); return Err(Error::Authentication);
} }
// require_version(self.version, (5, 3, 1)) TODO: version checking self.require_version(vec![5, 3, 1])?;
self.transaction_context.apdu( self.transaction_context.apdu(
0, 0,
Instruction::Rename as u8, Instruction::Rename as u8,
@ -337,9 +353,6 @@ impl OathSession {
let id_data = CredentialIDData::from_tlv(cred_id.value(), meta.tag()); let id_data = CredentialIDData::from_tlv(cred_id.value(), meta.tag());
let code = OathCodeDisplay::from_tlv(meta); let code = OathCodeDisplay::from_tlv(meta);
// println!("id bytes: {:?}", cred_id.value());
// println!("id recon: {:?}", id_data.format_cred_id());
let cred = OathCredential { let cred = OathCredential {
device_id: self.name.clone(), device_id: self.name.clone(),
id_data, id_data,

12
src/transaction.rs
View file

@ -16,6 +16,7 @@ pub enum Error {
DeviceMismatch, DeviceMismatch,
Authentication, Authentication,
Random(getrandom::Error), Random(getrandom::Error),
Version(Vec<u8>, Vec<u8>),
} }
impl Error { impl Error {
@ -56,6 +57,17 @@ impl Display for Error {
Self::DeviceMismatch => f.write_str("Devices do not match"), Self::DeviceMismatch => f.write_str("Devices do not match"),
Self::Authentication => f.write_str("Authentication failure"), Self::Authentication => f.write_str("Authentication failure"),
Self::Random(error_response) => f.write_fmt(format_args!("{}", error_response)), Self::Random(error_response) => f.write_fmt(format_args!("{}", error_response)),
Self::Version(ver, req) => f.write_fmt(format_args!(
"Version requirement not met: is {}, required {}",
ver.iter()
.map(u8::to_string)
.collect::<Vec<String>>()
.join("."),
req.iter()
.map(u8::to_string)
.collect::<Vec<String>>()
.join(".")
)),
} }
} }
} }