mirror of
https://gitlab.com/fabinfra/fabaccess/bffh.git
synced 2024-11-23 15:17:57 +01:00
updated binary fabfire to latest rsasl
This commit is contained in:
Kai Jan Kriegel
parent
9ae2e68152
commit
59937fa4bd
@ -2,43 +2,11 @@ mod server;
|
||||
pub use server::FabFire;
|
||||
|
||||
use rsasl::mechname::Mechname;
|
||||
use rsasl::registry::{Mechanism, MECHANISMS};
|
||||
use rsasl::session::Side;
|
||||
use rsasl::registry::{Mechanism, MECHANISMS, Side};
|
||||
|
||||
const MECHNAME: &'static Mechname = &Mechname::const_new_unchecked(b"X-FABFIRE-BIN");
|
||||
|
||||
#[linkme::distributed_slice(MECHANISMS)]
|
||||
pub static FABFIRE_BIN: Mechanism = Mechanism {
|
||||
mechanism: MECHNAME,
|
||||
priority: 300,
|
||||
// In this situation there's one struct for both sides, however you can just as well use
|
||||
// different types than then have different `impl Authentication` instead of checking a value
|
||||
// in self.
|
||||
client: None,
|
||||
server: Some(FabFire::new_server),
|
||||
first: Side::Client,
|
||||
};
|
||||
pub static FABFIRE: Mechanism =
|
||||
Mechanism::build(MECHNAME, 300, None, Some(FabFire::new_server), Side::Client);
|
||||
|
||||
use rsasl::property::{Property, PropertyDefinition, PropertyQ};
|
||||
use std::marker::PhantomData;
|
||||
// All Property types must implement Debug.
|
||||
#[derive(Debug)]
|
||||
// The `PhantomData` in the constructor is only used so external crates can't construct this type.
|
||||
pub struct FabFireCardKey(PhantomData<()>);
|
||||
impl PropertyQ for FabFireCardKey {
|
||||
// This is the type stored for this property. This could also be the struct itself if you
|
||||
// so choose
|
||||
type Item = [u8; 16];
|
||||
// You need to return the constant you define below here for things to work properly
|
||||
fn property() -> Property {
|
||||
FABFIRECARDKEY
|
||||
}
|
||||
}
|
||||
// This const is used by your mechanism to query and by your users to set your property. It
|
||||
// thus needs to be exported from your crate
|
||||
pub const FABFIRECARDKEY: Property = Property::new(&PropertyDefinition::new(
|
||||
// Short name, used in `Debug` output
|
||||
"FabFireCardKey",
|
||||
// A longer user-facing name used in `Display` output
|
||||
"A AES128 key for a FabFire card",
|
||||
));
|
||||
|
||||
@ -2,11 +2,10 @@ use desfire::desfire::desfire::MAX_BYTES_PER_TRANSACTION;
|
||||
use desfire::desfire::Desfire;
|
||||
use desfire::error::Error as DesfireError;
|
||||
use desfire::iso7816_4::apduresponse::APDUResponse;
|
||||
use rsasl::error::{MechanismError, MechanismErrorKind, SASLError, SessionError};
|
||||
use rsasl::mechanism::Authentication;
|
||||
use rsasl::callback::SessionData;
|
||||
use rsasl::mechanism::{Authentication, MechanismData, MechanismError, MechanismErrorKind, State, ThisProvider};
|
||||
use rsasl::prelude::{MessageSent, SASLConfig, SASLError, SessionError};
|
||||
use rsasl::property::AuthId;
|
||||
use rsasl::session::{SessionData, StepResult};
|
||||
use rsasl::SASL;
|
||||
use serde::{Deserialize, Serialize};
|
||||
use std::convert::TryFrom;
|
||||
use std::fmt::{Debug, Display, Formatter};
|
||||
@ -63,6 +62,10 @@ impl Display for FabFireError {
|
||||
}
|
||||
}
|
||||
|
||||
impl std::error::Error for FabFireError {
|
||||
|
||||
}
|
||||
|
||||
impl MechanismError for FabFireError {
|
||||
fn kind(&self) -> MechanismErrorKind {
|
||||
match self {
|
||||
@ -122,7 +125,7 @@ pub struct FabFire {
|
||||
const MAGIC: &'static str = "FABACCESS\0DESFIRE\01.0\0";
|
||||
|
||||
impl FabFire {
|
||||
pub fn new_server(_sasl: &SASL) -> Result<Box<dyn Authentication>, SASLError> {
|
||||
pub fn new_server(_sasl: &SASLConfig) -> Result<Box<dyn Authentication>, SASLError> {
|
||||
Ok(Box::new(Self {
|
||||
step: Step::New,
|
||||
card_info: None,
|
||||
@ -142,10 +145,10 @@ impl FabFire {
|
||||
impl Authentication for FabFire {
|
||||
fn step(
|
||||
&mut self,
|
||||
session: &mut SessionData,
|
||||
session: &mut MechanismData<'_>,
|
||||
input: Option<&[u8]>,
|
||||
writer: &mut dyn Write,
|
||||
) -> StepResult {
|
||||
) -> Result<State, SessionError> {
|
||||
match self.step {
|
||||
Step::New => {
|
||||
tracing::trace!("Step: New");
|
||||
@ -161,7 +164,7 @@ impl Authentication for FabFire {
|
||||
writer
|
||||
.write_all(&data)
|
||||
.map_err(|e| SessionError::Io { source: e })?;
|
||||
Ok(rsasl::session::Step::NeedsMore(Some(data.len())))
|
||||
Ok(State::Running)
|
||||
},
|
||||
Err(e) => {
|
||||
tracing::error!(
|
||||
@ -205,7 +208,7 @@ impl Authentication for FabFire {
|
||||
writer
|
||||
.write_all(&data)
|
||||
.map_err(|e| SessionError::Io { source: e })?;
|
||||
Ok(rsasl::session::Step::NeedsMore(Some(data.len())))
|
||||
Ok(State::Running)
|
||||
},
|
||||
Err(e) => {
|
||||
tracing::error!("Failed to convert APDUCommand to Vec<u8>: {:?}", e);
|
||||
@ -262,7 +265,7 @@ impl Authentication for FabFire {
|
||||
writer
|
||||
.write_all(&data)
|
||||
.map_err(|e| SessionError::Io { source: e })?;
|
||||
Ok(rsasl::session::Step::NeedsMore(Some(data.len())))
|
||||
Ok(State::Running)
|
||||
},
|
||||
Err(e) => {
|
||||
tracing::error!("Failed to convert APDUCommand to Vec<u8>: {:?}", e);
|
||||
@ -323,7 +326,7 @@ impl Authentication for FabFire {
|
||||
writer
|
||||
.write_all(&data)
|
||||
.map_err(|e| SessionError::Io { source: e })?;
|
||||
Ok(rsasl::session::Step::NeedsMore(Some(data.len())))
|
||||
Ok(State::Running)
|
||||
},
|
||||
Err(e) => {
|
||||
tracing::error!("Failed to convert APDUCommand to Vec<u8>: {:?}", e);
|
||||
@ -349,24 +352,9 @@ impl Authentication for FabFire {
|
||||
match apdu_response.body {
|
||||
Some(data) => {
|
||||
let token = String::from_utf8(data).unwrap();
|
||||
session.set_property::<AuthId>(Arc::new(
|
||||
token.trim_matches(char::from(0)).to_string(),
|
||||
));
|
||||
let key = match session.get_property_or_callback::<FabFireCardKey>()
|
||||
{
|
||||
Ok(Some(key)) => Box::from(key.as_slice()),
|
||||
Ok(None) => {
|
||||
tracing::error!("No keys on file for token");
|
||||
return Err(FabFireError::InvalidCredentials(
|
||||
"No keys on file for token".to_string(),
|
||||
)
|
||||
.into());
|
||||
}
|
||||
Err(e) => {
|
||||
tracing::error!("Failed to get key: {:?}", e);
|
||||
return Err(FabFireError::Session(e).into());
|
||||
}
|
||||
};
|
||||
let prov =
|
||||
ThisProvider::<AuthId>::with(token.trim_matches(char::from(0)));
|
||||
let key = session.need_with::<FabFireCardKey, _, _>(&prov, |key| Ok(Box::from(key.as_slice())))?;
|
||||
self.key_info = Some(KeyInfo { key_id: 0x01, key });
|
||||
}
|
||||
None => {
|
||||
@ -391,7 +379,7 @@ impl Authentication for FabFire {
|
||||
writer
|
||||
.write_all(&data)
|
||||
.map_err(|e| SessionError::Io { source: e })?;
|
||||
Ok(rsasl::session::Step::NeedsMore(Some(data.len())))
|
||||
Ok(State::Running)
|
||||
},
|
||||
Err(e) => {
|
||||
tracing::error!("Failed to convert to Vec<u8>: {:?}", e);
|
||||
@ -440,7 +428,7 @@ impl Authentication for FabFire {
|
||||
writer
|
||||
.write_all(&data)
|
||||
.map_err(|e| SessionError::Io { source: e })?;
|
||||
Ok(rsasl::session::Step::NeedsMore(Some(data.len())))
|
||||
Ok(State::Running)
|
||||
},
|
||||
Err(e) => {
|
||||
tracing::error!("Failed to convert to Vec<u8>: {:?}", e);
|
||||
@ -486,7 +474,7 @@ impl Authentication for FabFire {
|
||||
)
|
||||
.is_ok()
|
||||
{
|
||||
return Ok(rsasl::session::Step::Done(None));
|
||||
return Ok(State::Finished(MessageSent::Yes));
|
||||
}
|
||||
},
|
||||
},
|
||||
@ -506,6 +494,6 @@ impl Authentication for FabFire {
|
||||
}
|
||||
}
|
||||
|
||||
return Ok(rsasl::session::Step::Done(None));
|
||||
return Ok(State::Finished(MessageSent::No));
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user