From 3bc14e9d19cf9f5eca24395feebc18f3cfeec642 Mon Sep 17 00:00:00 2001
From: Heiko Schaefer <heiko@schaefer.name>
Date: Sun, 4 Jul 2021 00:04:35 +0200
Subject: [PATCH] Implement check_pw1/3(), which calls "7.2.2 VERIFY" with no
 data ("Lc empty"), to ask the card for verification status.

(It seems that the Yubikey 5 doesn't support this type of request, but instead responds "6A 80: Incorrect parameters")
---
 openpgp-card-sequoia/src/main.rs | 12 ++++++++++++
 openpgp-card/src/lib.rs          | 10 ++++++++++
 2 files changed, 22 insertions(+)

diff --git a/openpgp-card-sequoia/src/main.rs b/openpgp-card-sequoia/src/main.rs
index b6a5c94..f046b38 100644
--- a/openpgp-card-sequoia/src/main.rs
+++ b/openpgp-card-sequoia/src/main.rs
@@ -80,12 +80,18 @@ fn main() -> Result<(), Box<dyn Error>> {
         // ---------------------------------------------
         assert_eq!(app_id.ident(), test_card_ident);
 
+        let check = oc.check_pw3();
+        println!("has pw3 been verified yet? {:x?}", check);
+
         oc.factory_reset()?;
 
         match oc.verify_pw3("12345678") {
             Ok(oc_admin) => {
                 println!("pw3 verify ok");
 
+                let check = oc_admin.check_pw3();
+                println!("has pw3 been verified yet? {:x?}", check);
+
                 let res = oc_admin.set_name("Bar<<Foo")?;
                 println!("set name {:x?}", res);
 
@@ -136,10 +142,16 @@ fn main() -> Result<(), Box<dyn Error>> {
         // Check that we're still using the expected card
         assert_eq!(app_id.ident(), test_card_ident);
 
+        let check = oc.check_pw1();
+        println!("has pw1/82 been verified yet? {:x?}", check);
+
         match oc.verify_pw1("123456") {
             Ok(oc_user) => {
                 println!("pw1 82 verify ok");
 
+                let check = oc_user.check_pw1();
+                println!("has pw1/82 been verified yet? {:x?}", check);
+
                 let cert = Cert::from_file(TEST_KEY_PATH)?;
                 let msg = std::fs::read_to_string(TEST_ENC_MSG)
                     .expect("Unable to read file");
diff --git a/openpgp-card/src/lib.rs b/openpgp-card/src/lib.rs
index 3925420..5dbef09 100644
--- a/openpgp-card/src/lib.rs
+++ b/openpgp-card/src/lib.rs
@@ -587,6 +587,11 @@ impl CardBase {
         Err(self)
     }
 
+    pub fn check_pw1(&self) -> Result<Response, OpenpgpCardError> {
+        let verify = commands::verify_pw1_82(vec![]);
+        apdu::send_command(&self.card, verify, Le::None, Some(&self))
+    }
+
     pub fn verify_pw1(self, pin: &str) -> Result<CardUser, CardBase> {
         assert!(pin.len() >= 6); // FIXME: Err
 
@@ -603,6 +608,11 @@ impl CardBase {
         Err(self)
     }
 
+    pub fn check_pw3(&self) -> Result<Response, OpenpgpCardError> {
+        let verify = commands::verify_pw3(vec![]);
+        apdu::send_command(&self.card, verify, Le::None, Some(&self))
+    }
+
     pub fn verify_pw3(self, pin: &str) -> Result<CardAdmin, CardBase> {
         assert!(pin.len() >= 8); // FIXME: Err