From 59937fa4bd40083b5a089465c549a3849542c816 Mon Sep 17 00:00:00 2001 From: Kai Jan Kriegel Date: Mon, 7 Nov 2022 23:09:07 +0100 Subject: [PATCH] updated binary fabfire to latest rsasl --- bffhd/authentication/fabfire_bin/mod.rs | 38 ++------------- bffhd/authentication/fabfire_bin/server.rs | 54 +++++++++------------- 2 files changed, 24 insertions(+), 68 deletions(-) diff --git a/bffhd/authentication/fabfire_bin/mod.rs b/bffhd/authentication/fabfire_bin/mod.rs index 0c5f271..7256f62 100644 --- a/bffhd/authentication/fabfire_bin/mod.rs +++ b/bffhd/authentication/fabfire_bin/mod.rs @@ -2,43 +2,11 @@ mod server; pub use server::FabFire; use rsasl::mechname::Mechname; -use rsasl::registry::{Mechanism, MECHANISMS}; -use rsasl::session::Side; +use rsasl::registry::{Mechanism, MECHANISMS, Side}; const MECHNAME: &'static Mechname = &Mechname::const_new_unchecked(b"X-FABFIRE-BIN"); #[linkme::distributed_slice(MECHANISMS)] -pub static FABFIRE_BIN: Mechanism = Mechanism { - mechanism: MECHNAME, - priority: 300, - // In this situation there's one struct for both sides, however you can just as well use - // different types than then have different `impl Authentication` instead of checking a value - // in self. - client: None, - server: Some(FabFire::new_server), - first: Side::Client, -}; +pub static FABFIRE: Mechanism = + Mechanism::build(MECHNAME, 300, None, Some(FabFire::new_server), Side::Client); -use rsasl::property::{Property, PropertyDefinition, PropertyQ}; -use std::marker::PhantomData; -// All Property types must implement Debug. -#[derive(Debug)] -// The `PhantomData` in the constructor is only used so external crates can't construct this type. -pub struct FabFireCardKey(PhantomData<()>); -impl PropertyQ for FabFireCardKey { - // This is the type stored for this property. This could also be the struct itself if you - // so choose - type Item = [u8; 16]; - // You need to return the constant you define below here for things to work properly - fn property() -> Property { - FABFIRECARDKEY - } -} -// This const is used by your mechanism to query and by your users to set your property. It -// thus needs to be exported from your crate -pub const FABFIRECARDKEY: Property = Property::new(&PropertyDefinition::new( - // Short name, used in `Debug` output - "FabFireCardKey", - // A longer user-facing name used in `Display` output - "A AES128 key for a FabFire card", -)); diff --git a/bffhd/authentication/fabfire_bin/server.rs b/bffhd/authentication/fabfire_bin/server.rs index 602442e..be88757 100644 --- a/bffhd/authentication/fabfire_bin/server.rs +++ b/bffhd/authentication/fabfire_bin/server.rs @@ -2,11 +2,10 @@ use desfire::desfire::desfire::MAX_BYTES_PER_TRANSACTION; use desfire::desfire::Desfire; use desfire::error::Error as DesfireError; use desfire::iso7816_4::apduresponse::APDUResponse; -use rsasl::error::{MechanismError, MechanismErrorKind, SASLError, SessionError}; -use rsasl::mechanism::Authentication; +use rsasl::callback::SessionData; +use rsasl::mechanism::{Authentication, MechanismData, MechanismError, MechanismErrorKind, State, ThisProvider}; +use rsasl::prelude::{MessageSent, SASLConfig, SASLError, SessionError}; use rsasl::property::AuthId; -use rsasl::session::{SessionData, StepResult}; -use rsasl::SASL; use serde::{Deserialize, Serialize}; use std::convert::TryFrom; use std::fmt::{Debug, Display, Formatter}; @@ -63,6 +62,10 @@ impl Display for FabFireError { } } +impl std::error::Error for FabFireError { + +} + impl MechanismError for FabFireError { fn kind(&self) -> MechanismErrorKind { match self { @@ -122,7 +125,7 @@ pub struct FabFire { const MAGIC: &'static str = "FABACCESS\0DESFIRE\01.0\0"; impl FabFire { - pub fn new_server(_sasl: &SASL) -> Result, SASLError> { + pub fn new_server(_sasl: &SASLConfig) -> Result, SASLError> { Ok(Box::new(Self { step: Step::New, card_info: None, @@ -142,10 +145,10 @@ impl FabFire { impl Authentication for FabFire { fn step( &mut self, - session: &mut SessionData, + session: &mut MechanismData<'_>, input: Option<&[u8]>, writer: &mut dyn Write, - ) -> StepResult { + ) -> Result { match self.step { Step::New => { tracing::trace!("Step: New"); @@ -161,7 +164,7 @@ impl Authentication for FabFire { writer .write_all(&data) .map_err(|e| SessionError::Io { source: e })?; - Ok(rsasl::session::Step::NeedsMore(Some(data.len()))) + Ok(State::Running) }, Err(e) => { tracing::error!( @@ -205,7 +208,7 @@ impl Authentication for FabFire { writer .write_all(&data) .map_err(|e| SessionError::Io { source: e })?; - Ok(rsasl::session::Step::NeedsMore(Some(data.len()))) + Ok(State::Running) }, Err(e) => { tracing::error!("Failed to convert APDUCommand to Vec: {:?}", e); @@ -262,7 +265,7 @@ impl Authentication for FabFire { writer .write_all(&data) .map_err(|e| SessionError::Io { source: e })?; - Ok(rsasl::session::Step::NeedsMore(Some(data.len()))) + Ok(State::Running) }, Err(e) => { tracing::error!("Failed to convert APDUCommand to Vec: {:?}", e); @@ -323,7 +326,7 @@ impl Authentication for FabFire { writer .write_all(&data) .map_err(|e| SessionError::Io { source: e })?; - Ok(rsasl::session::Step::NeedsMore(Some(data.len()))) + Ok(State::Running) }, Err(e) => { tracing::error!("Failed to convert APDUCommand to Vec: {:?}", e); @@ -349,24 +352,9 @@ impl Authentication for FabFire { match apdu_response.body { Some(data) => { let token = String::from_utf8(data).unwrap(); - session.set_property::(Arc::new( - token.trim_matches(char::from(0)).to_string(), - )); - let key = match session.get_property_or_callback::() - { - Ok(Some(key)) => Box::from(key.as_slice()), - Ok(None) => { - tracing::error!("No keys on file for token"); - return Err(FabFireError::InvalidCredentials( - "No keys on file for token".to_string(), - ) - .into()); - } - Err(e) => { - tracing::error!("Failed to get key: {:?}", e); - return Err(FabFireError::Session(e).into()); - } - }; + let prov = + ThisProvider::::with(token.trim_matches(char::from(0))); + let key = session.need_with::(&prov, |key| Ok(Box::from(key.as_slice())))?; self.key_info = Some(KeyInfo { key_id: 0x01, key }); } None => { @@ -391,7 +379,7 @@ impl Authentication for FabFire { writer .write_all(&data) .map_err(|e| SessionError::Io { source: e })?; - Ok(rsasl::session::Step::NeedsMore(Some(data.len()))) + Ok(State::Running) }, Err(e) => { tracing::error!("Failed to convert to Vec: {:?}", e); @@ -440,7 +428,7 @@ impl Authentication for FabFire { writer .write_all(&data) .map_err(|e| SessionError::Io { source: e })?; - Ok(rsasl::session::Step::NeedsMore(Some(data.len()))) + Ok(State::Running) }, Err(e) => { tracing::error!("Failed to convert to Vec: {:?}", e); @@ -486,7 +474,7 @@ impl Authentication for FabFire { ) .is_ok() { - return Ok(rsasl::session::Step::Done(None)); + return Ok(State::Finished(MessageSent::Yes)); } }, }, @@ -506,6 +494,6 @@ impl Authentication for FabFire { } } - return Ok(rsasl::session::Step::Done(None)); + return Ok(State::Finished(MessageSent::No)); } }