Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix linter warnings from Rust 1.82 #126

Merged
merged 3 commits into from
Dec 6, 2024
Merged

Fix linter warnings from Rust 1.82 #126

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
93faecd
Remove unused struct ChallengingAnswerToSelect
robin-nitrokey Dec 6, 2024
8aca7d6
Remove unnecessary qualifications
robin-nitrokey Dec 6, 2024
4ab0c05
Add dangerous_disable_encryption to the expected cfg items
robin-nitrokey Dec 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions components/encrypted_container/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,6 @@ delog = "0.1.6"

[features]
# Use "dangerous_disable_encryption" config switch to disable the actual encryption, and store data instead in plaintext for debug purposes.

[lints.rust]
unexpected_cfgs = { level = "warn", check-cfg = ['cfg(dangerous_disable_encryption)'] }
35 changes: 7 additions & 28 deletions src/authenticator.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,27 +184,6 @@ struct PINAnswerToSelect {
serial: SerialType,
}

#[derive(Clone, Copy, flexiber::Encodable, Eq, PartialEq)]
struct ChallengingAnswerToSelect {
#[tlv(simple = "0x79")] // Tag::Version
version: OathVersion,
#[tlv(simple = "0x71")] // Tag::Name
salt: [u8; 8],

// the following is listed as "locked" and "FIPS mode"
//
// NB: Current BER-TLV derive macro has limitation that it
// wants a tag. It should learn some kind of "suppress-tag-if-none".
// As we would like to send "nothing" when challeng is None,
// instead of '74 00', as with the tagged/Option derivation.
#[tlv(simple = "0x74")] // Tag::Challenge
challenge: [u8; 8],

#[tlv(simple = "0x7b")] // Tag::Algorithm
// algorithm: oath::Algorithm,
algorithm: [u8; 1],
}

impl AnswerToSelect {
/// The salt is stable and used in modified form as "device ID" in ykman.
/// It gets rotated on device reset.
Expand Down Expand Up @@ -754,7 +733,7 @@ where
reply.extend_from_slice(&credential.label).unwrap();

// calculate the value
if credential.kind == oath::Kind::Totp {
if credential.kind == Kind::Totp {
let truncated_digest = crate::calculate::calculate(
&mut self.trussed,
credential.algorithm,
Expand Down Expand Up @@ -911,13 +890,13 @@ where
self.require_touch_if_needed(&credential)?;

let truncated_digest = match credential.kind {
oath::Kind::Totp => crate::calculate::calculate(
Kind::Totp => crate::calculate::calculate(
&mut self.trussed,
credential.algorithm,
calculate.challenge,
&credential.secret,
)?,
oath::Kind::Hotp => {
Kind::Hotp => {
if let Some(counter) = credential.counter {
self.calculate_hotp_digest_and_bump_counter(&credential, counter)?
} else {
Expand Down Expand Up @@ -979,7 +958,7 @@ where
let code_in = args.response;

let current_counter = match credential.kind {
oath::Kind::HotpReverse => {
Kind::HotpReverse => {
if let Some(counter) = credential.counter {
counter
} else {
Expand Down Expand Up @@ -1116,7 +1095,7 @@ where
fn _extension_check_pin(&mut self, password: &[u8]) -> Result {
let reply = try_syscall!(self.trussed.check_pin(
BACKEND_USER_PIN_ID,
Bytes::from_slice(password).map_err(|_| iso7816::Status::IncorrectDataParameter)?
Bytes::from_slice(password).map_err(|_| Status::IncorrectDataParameter)?
))
.map_err(|_| Status::SecurityStatusNotSatisfied)?;
if !(reply.success) {
Expand All @@ -1137,7 +1116,7 @@ where
fn _extension_set_pin(&mut self, password: &[u8]) -> Result {
try_syscall!(self.trussed.set_pin(
BACKEND_USER_PIN_ID,
Bytes::from_slice(password).map_err(|_| iso7816::Status::IncorrectDataParameter)?,
Bytes::from_slice(password).map_err(|_| Status::IncorrectDataParameter)?,
Some(ATTEMPT_COUNTER_DEFAULT_RETRIES),
true
))
Expand Down Expand Up @@ -1171,7 +1150,7 @@ where
fn _extension_get_key_for_pin(&mut self, password: &[u8]) -> Result<KeyId> {
let reply = try_syscall!(self.trussed.get_pin_key(
BACKEND_USER_PIN_ID,
Bytes::from_slice(password).map_err(|_| iso7816::Status::IncorrectDataParameter)?
Bytes::from_slice(password).map_err(|_| Status::IncorrectDataParameter)?
))
.map_err(|e| Self::_debug_trussed_backend_error(e, line!()))?;
reply.result.ok_or(Status::VerificationFailed)
Expand Down
Loading