vmario/fabaccess-bffh
1
0
Fork 0
mirror of https://gitlab.com/fabinfra/fabaccess/bffh.git synced 2024-11-23 23:27:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated binary fabfire to latest rsasl

Browse Source
This commit is contained in:
Kai Jan Kriegel 2022-11-07 23:09:07 +01:00
parent 9ae2e68152
commit 59937fa4bd
2 changed files with 24 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
bffhd/authentication/fabfire_bin/mod.rs
View File

@ -2,43 +2,11 @@ mod server;
pub use server::FabFire; pub use server::FabFire;
use rsasl::mechname::Mechname; use rsasl::mechname::Mechname;
use rsasl::registry::{Mechanism, MECHANISMS}; use rsasl::registry::{Mechanism, MECHANISMS, Side};
use rsasl::session::Side;
const MECHNAME: &'static Mechname = &Mechname::const_new_unchecked(b"X-FABFIRE-BIN"); const MECHNAME: &'static Mechname = &Mechname::const_new_unchecked(b"X-FABFIRE-BIN");
#[linkme::distributed_slice(MECHANISMS)] #[linkme::distributed_slice(MECHANISMS)]
pub static FABFIRE_BIN: Mechanism = Mechanism { pub static FABFIRE: Mechanism =
mechanism: MECHNAME, Mechanism::build(MECHNAME, 300, None, Some(FabFire::new_server), Side::Client);
priority: 300,
// In this situation there's one struct for both sides, however you can just as well use
// different types than then have different `impl Authentication` instead of checking a value
// in self.
client: None,
server: Some(FabFire::new_server),
first: Side::Client,
};
use rsasl::property::{Property, PropertyDefinition, PropertyQ};
use std::marker::PhantomData;
// All Property types must implement Debug.
#[derive(Debug)]
// The `PhantomData` in the constructor is only used so external crates can't construct this type.
pub struct FabFireCardKey(PhantomData<()>);
impl PropertyQ for FabFireCardKey {
// This is the type stored for this property. This could also be the struct itself if you
// so choose
type Item = [u8; 16];
// You need to return the constant you define below here for things to work properly
fn property() -> Property {
FABFIRECARDKEY
}
}
// This const is used by your mechanism to query and by your users to set your property. It
// thus needs to be exported from your crate
pub const FABFIRECARDKEY: Property = Property::new(&PropertyDefinition::new(
// Short name, used in `Debug` output
"FabFireCardKey",
// A longer user-facing name used in `Display` output
"A AES128 key for a FabFire card",
));

54
bffhd/authentication/fabfire_bin/server.rs
View File

@ -2,11 +2,10 @@ use desfire::desfire::desfire::MAX_BYTES_PER_TRANSACTION;
use desfire::desfire::Desfire; use desfire::desfire::Desfire;
use desfire::error::Error as DesfireError; use desfire::error::Error as DesfireError;
use desfire::iso7816_4::apduresponse::APDUResponse; use desfire::iso7816_4::apduresponse::APDUResponse;
use rsasl::error::{MechanismError, MechanismErrorKind, SASLError, SessionError}; use rsasl::callback::SessionData;
use rsasl::mechanism::Authentication; use rsasl::mechanism::{Authentication, MechanismData, MechanismError, MechanismErrorKind, State, ThisProvider};
use rsasl::prelude::{MessageSent, SASLConfig, SASLError, SessionError};
use rsasl::property::AuthId; use rsasl::property::AuthId;
use rsasl::session::{SessionData, StepResult};
use rsasl::SASL;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use std::convert::TryFrom; use std::convert::TryFrom;
use std::fmt::{Debug, Display, Formatter}; use std::fmt::{Debug, Display, Formatter};
@ -63,6 +62,10 @@ impl Display for FabFireError {
} }
} }
impl std::error::Error for FabFireError {
}
impl MechanismError for FabFireError { impl MechanismError for FabFireError {
fn kind(&self) -> MechanismErrorKind { fn kind(&self) -> MechanismErrorKind {
match self { match self {
@ -122,7 +125,7 @@ pub struct FabFire {
const MAGIC: &'static str = "FABACCESS\0DESFIRE\01.0\0"; const MAGIC: &'static str = "FABACCESS\0DESFIRE\01.0\0";
impl FabFire { impl FabFire {
pub fn new_server(_sasl: &SASL) -> Result<Box<dyn Authentication>, SASLError> { pub fn new_server(_sasl: &SASLConfig) -> Result<Box<dyn Authentication>, SASLError> {
Ok(Box::new(Self { Ok(Box::new(Self {
step: Step::New, step: Step::New,
card_info: None, card_info: None,
@ -142,10 +145,10 @@ impl FabFire {
impl Authentication for FabFire { impl Authentication for FabFire {
fn step( fn step(
&mut self, &mut self,
session: &mut SessionData, session: &mut MechanismData<'_>,
input: Option<&[u8]>, input: Option<&[u8]>,
writer: &mut dyn Write, writer: &mut dyn Write,
) -> StepResult { ) -> Result<State, SessionError> {
match self.step { match self.step {
Step::New => { Step::New => {
tracing::trace!("Step: New"); tracing::trace!("Step: New");
@ -161,7 +164,7 @@ impl Authentication for FabFire {
writer writer
.write_all(&data) .write_all(&data)
.map_err(|e| SessionError::Io { source: e })?; .map_err(|e| SessionError::Io { source: e })?;
Ok(rsasl::session::Step::NeedsMore(Some(data.len()))) Ok(State::Running)
}, },
Err(e) => { Err(e) => {
tracing::error!( tracing::error!(
@ -205,7 +208,7 @@ impl Authentication for FabFire {
writer writer
.write_all(&data) .write_all(&data)
.map_err(|e| SessionError::Io { source: e })?; .map_err(|e| SessionError::Io { source: e })?;
Ok(rsasl::session::Step::NeedsMore(Some(data.len()))) Ok(State::Running)
}, },
Err(e) => { Err(e) => {
tracing::error!("Failed to convert APDUCommand to Vec<u8>: {:?}", e); tracing::error!("Failed to convert APDUCommand to Vec<u8>: {:?}", e);
@ -262,7 +265,7 @@ impl Authentication for FabFire {
writer writer
.write_all(&data) .write_all(&data)
.map_err(|e| SessionError::Io { source: e })?; .map_err(|e| SessionError::Io { source: e })?;
Ok(rsasl::session::Step::NeedsMore(Some(data.len()))) Ok(State::Running)
}, },
Err(e) => { Err(e) => {
tracing::error!("Failed to convert APDUCommand to Vec<u8>: {:?}", e); tracing::error!("Failed to convert APDUCommand to Vec<u8>: {:?}", e);
@ -323,7 +326,7 @@ impl Authentication for FabFire {
writer writer
.write_all(&data) .write_all(&data)
.map_err(|e| SessionError::Io { source: e })?; .map_err(|e| SessionError::Io { source: e })?;
Ok(rsasl::session::Step::NeedsMore(Some(data.len()))) Ok(State::Running)
}, },
Err(e) => { Err(e) => {
tracing::error!("Failed to convert APDUCommand to Vec<u8>: {:?}", e); tracing::error!("Failed to convert APDUCommand to Vec<u8>: {:?}", e);
@ -349,24 +352,9 @@ impl Authentication for FabFire {
match apdu_response.body { match apdu_response.body {
Some(data) => { Some(data) => {
let token = String::from_utf8(data).unwrap(); let token = String::from_utf8(data).unwrap();
session.set_property::<AuthId>(Arc::new( let prov =
token.trim_matches(char::from(0)).to_string(), ThisProvider::<AuthId>::with(token.trim_matches(char::from(0)));
)); let key = session.need_with::<FabFireCardKey, _, _>(&prov, |key| Ok(Box::from(key.as_slice())))?;
let key = match session.get_property_or_callback::<FabFireCardKey>()
{
Ok(Some(key)) => Box::from(key.as_slice()),
Ok(None) => {
tracing::error!("No keys on file for token");
return Err(FabFireError::InvalidCredentials(
"No keys on file for token".to_string(),
)
.into());
}
Err(e) => {
tracing::error!("Failed to get key: {:?}", e);
return Err(FabFireError::Session(e).into());
}
};
self.key_info = Some(KeyInfo { key_id: 0x01, key }); self.key_info = Some(KeyInfo { key_id: 0x01, key });
} }
None => { None => {
@ -391,7 +379,7 @@ impl Authentication for FabFire {
writer writer
.write_all(&data) .write_all(&data)
.map_err(|e| SessionError::Io { source: e })?; .map_err(|e| SessionError::Io { source: e })?;
Ok(rsasl::session::Step::NeedsMore(Some(data.len()))) Ok(State::Running)
}, },
Err(e) => { Err(e) => {
tracing::error!("Failed to convert to Vec<u8>: {:?}", e); tracing::error!("Failed to convert to Vec<u8>: {:?}", e);
@ -440,7 +428,7 @@ impl Authentication for FabFire {
writer writer
.write_all(&data) .write_all(&data)
.map_err(|e| SessionError::Io { source: e })?; .map_err(|e| SessionError::Io { source: e })?;
Ok(rsasl::session::Step::NeedsMore(Some(data.len()))) Ok(State::Running)
}, },
Err(e) => { Err(e) => {
tracing::error!("Failed to convert to Vec<u8>: {:?}", e); tracing::error!("Failed to convert to Vec<u8>: {:?}", e);
@ -486,7 +474,7 @@ impl Authentication for FabFire {
) )
.is_ok() .is_ok()
{ {
return Ok(rsasl::session::Step::Done(None)); return Ok(State::Finished(MessageSent::Yes));
} }
}, },
}, },
@ -506,6 +494,6 @@ impl Authentication for FabFire {
} }
} }
return Ok(rsasl::session::Step::Done(None)); return Ok(State::Finished(MessageSent::No));
} }
} }