From 7d1a3ef5b0a229df3fd8e6dfe3cf141406815fde Mon Sep 17 00:00:00 2001 From: James Forcier Date: Tue, 24 Apr 2018 16:38:43 -0700 Subject: [PATCH 1/3] types: use correct strings for DeleteWrapKey/DeleteHmacKey --- src/types.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/types.rs b/src/types.rs index 5ee9f2e..79e92c1 100644 --- a/src/types.rs +++ b/src/types.rs @@ -549,8 +549,8 @@ impl<'a> From<&'a Capability> for String { Capability::DeleteOpaque => String::from("delete_opaque"), Capability::DeleteAuthkey => String::from("delete_authkey"), Capability::DeleteAsymmetric => String::from("delete_asymmetric"), - Capability::DeleteWrapKey => String::from("delete_wrap_key"), - Capability::DeleteHmacKey => String::from("delete_hmac_key"), + Capability::DeleteWrapKey => String::from("delete_wrapkey"), + Capability::DeleteHmacKey => String::from("delete_hmackey"), Capability::DeleteTemplate => String::from("delete_template"), Capability::DeleteOtpAeadKey => String::from("delete_otp_aead_key"), Capability::Unknown => String::from("unknown"), @@ -606,8 +606,8 @@ where "delete_opaque" => Capability::DeleteOpaque, "delete_authkey" => Capability::DeleteAuthkey, "delete_asymmetric" => Capability::DeleteAsymmetric, - "delete_wrap_key" => Capability::DeleteWrapKey, - "delete_hmac_key" => Capability::DeleteHmacKey, + "delete_wrapkey" => Capability::DeleteWrapKey, + "delete_hmackey" => Capability::DeleteHmacKey, "delete_template" => Capability::DeleteTemplate, "delete_otp_aead_key" => Capability::DeleteOtpAeadKey, _ => Capability::Unknown, From 4aedf90a5b547a7616ef00c3937146030667ac92 Mon Sep 17 00:00:00 2001 From: James Forcier Date: Tue, 24 Apr 2018 17:22:37 -0700 Subject: [PATCH 2/3] types: derive Fail for ReturnCode Eventually we should just return ReturnCodes directly from most functions rather than formatted strings, and leave it up to the consumer what to do with the ReturnCode. --- src/types.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/types.rs b/src/types.rs index 79e92c1..07dc3a2 100644 --- a/src/types.rs +++ b/src/types.rs @@ -71,7 +71,7 @@ impl From for Vec { } } -#[derive(Clone, Copy, Debug, PartialEq)] +#[derive(Clone, Copy, Debug, PartialEq, Fail)] pub enum ReturnCode { Success, Memory, From b3d0519f8d55a1bca00cc65f14ab6fc643009b25 Mon Sep 17 00:00:00 2001 From: James Forcier Date: Tue, 24 Apr 2018 17:23:21 -0700 Subject: [PATCH 3/3] session: return ReturnCode from reset() on failure Callers of reset() will care about a ReturnCode::NetError, since this is what is actually typically returned on success. The HSM reboots immediately when reset() is called, meaning it vanishes out from under the connector which dutifully returns a NetError. However, don't try to be clever here in the library and let callers deal with it. --- src/session.rs | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/src/session.rs b/src/session.rs index e767f62..1aae9bd 100644 --- a/src/session.rs +++ b/src/session.rs @@ -104,16 +104,19 @@ impl Session { } } + /// Reset the device to factory settings and reboot. + /// + /// Note that since the device reboots when this function is called, this function is far more + /// likely to return a `ReturnCode::NetError` upon success, since it will vanish out from + /// underneath the connector. However, it is left to library consumers to decide whether or not + /// this is an acceptable result. pub fn reset(self) -> Result<(), Error> { - let rc = ReturnCode::from(unsafe { + match ReturnCode::from(unsafe { yubihsm_sys::yh_util_reset(self.this.load(Ordering::Relaxed)) - }); - - if rc != ReturnCode::Success { - bail!("util_reset failed: {}", rc); + }) { + ReturnCode::Success => Ok(()), + rc => Err(rc.into()), } - - Ok(()) } pub fn list_objects(&self) -> ListObjectsQuery {