turnkey/openpgp-card
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Implement check_pw1/3(), which calls "7.2.2 VERIFY" with no data ("Lc empty"), to ask the card for verification status.

Browse source 
(It seems that the Yubikey 5 doesn't support this type of request, but instead responds "6A 80: Incorrect parameters")
This commit is contained in:
Heiko Schaefer 2021-07-04 00:04:35 +02:00
parent d1f854f2f0
commit 3bc14e9d19
2 changed files with 22 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
openpgp-card-sequoia/src/main.rs
View file

@ -80,12 +80,18 @@ fn main() -> Result<(), Box<dyn Error>> {
// --------------------------------------------- // ---------------------------------------------
assert_eq!(app_id.ident(), test_card_ident); assert_eq!(app_id.ident(), test_card_ident);
let check = oc.check_pw3();
println!("has pw3 been verified yet? {:x?}", check);
oc.factory_reset()?; oc.factory_reset()?;
match oc.verify_pw3("12345678") { match oc.verify_pw3("12345678") {
Ok(oc_admin) => { Ok(oc_admin) => {
println!("pw3 verify ok"); println!("pw3 verify ok");
let check = oc_admin.check_pw3();
println!("has pw3 been verified yet? {:x?}", check);
let res = oc_admin.set_name("Bar<<Foo")?; let res = oc_admin.set_name("Bar<<Foo")?;
println!("set name {:x?}", res); println!("set name {:x?}", res);
@ -136,10 +142,16 @@ fn main() -> Result<(), Box<dyn Error>> {
// Check that we're still using the expected card // Check that we're still using the expected card
assert_eq!(app_id.ident(), test_card_ident); assert_eq!(app_id.ident(), test_card_ident);
let check = oc.check_pw1();
println!("has pw1/82 been verified yet? {:x?}", check);
match oc.verify_pw1("123456") { match oc.verify_pw1("123456") {
Ok(oc_user) => { Ok(oc_user) => {
println!("pw1 82 verify ok"); println!("pw1 82 verify ok");
let check = oc_user.check_pw1();
println!("has pw1/82 been verified yet? {:x?}", check);
let cert = Cert::from_file(TEST_KEY_PATH)?; let cert = Cert::from_file(TEST_KEY_PATH)?;
let msg = std::fs::read_to_string(TEST_ENC_MSG) let msg = std::fs::read_to_string(TEST_ENC_MSG)
.expect("Unable to read file"); .expect("Unable to read file");

10
openpgp-card/src/lib.rs
View file

@ -587,6 +587,11 @@ impl CardBase {
Err(self) Err(self)
} }
pub fn check_pw1(&self) -> Result<Response, OpenpgpCardError> {
let verify = commands::verify_pw1_82(vec![]);
apdu::send_command(&self.card, verify, Le::None, Some(&self))
}
pub fn verify_pw1(self, pin: &str) -> Result<CardUser, CardBase> { pub fn verify_pw1(self, pin: &str) -> Result<CardUser, CardBase> {
assert!(pin.len() >= 6); // FIXME: Err assert!(pin.len() >= 6); // FIXME: Err
@ -603,6 +608,11 @@ impl CardBase {
Err(self) Err(self)
} }
pub fn check_pw3(&self) -> Result<Response, OpenpgpCardError> {
let verify = commands::verify_pw3(vec![]);
apdu::send_command(&self.card, verify, Le::None, Some(&self))
}
pub fn verify_pw3(self, pin: &str) -> Result<CardAdmin, CardBase> { pub fn verify_pw3(self, pin: &str) -> Result<CardAdmin, CardBase> {
assert!(pin.len() >= 8); // FIXME: Err assert!(pin.len() >= 8); // FIXME: Err