diff --git a/card-functionality/src/other.rs b/card-functionality/src/other.rs index df183ee..8e0815c 100644 --- a/card-functionality/src/other.rs +++ b/card-functionality/src/other.rs @@ -16,26 +16,42 @@ fn main() -> Result<()> { for mut card in cards { println!("** Run tests on card '{}' **", card.get_name()); - // println!("Get pubkey"); - // let _ = run_test(&mut card, test_get_pub, &[])?; - // - // panic!(); - // println!("Caps"); // let _ = run_test(&mut card, test_print_caps, &[])?; // continue; // only print caps + // println!("Algo info"); + // let _ = run_test(&mut card, test_print_algo_info, &[])?; + println!("Reset"); let _ = run_test(&mut card, test_reset, &[])?; - // println!("Algo info"); - // let _ = run_test(&mut card, test_print_algo_info, &[])?; + // --- + + // // load private key (change pw on gnuk needs existing keys!) + // println!("load key"); + // run_test(&mut card, test_upload_keys, &["data/rsa2k.sec"])?; + + // println!("Change PW"); + // let _ = run_test(&mut card, test_change_pw, &[])?; + + // println!("reset pw1 retry counter"); + // let _ = run_test(&mut card, test_reset_retry_counter, &[])?; + + // --- // println!("Generate key"); // let _ = run_test(&mut card, test_keygen, &[])?; // // panic!(); + // println!("Get pubkey"); + // let _ = run_test(&mut card, test_get_pub, &[])?; + // + // panic!(); + + // --- + // print!("Verify"); // let verify_out = run_test(&mut card, test_verify, &[])?; // println!(" {:x?}", verify_out); @@ -48,10 +64,10 @@ fn main() -> Result<()> { // let priv_out = run_test(&mut card, test_private_data, &[])?; // println!(" {:x?}", priv_out); - print!("Cardholder Cert"); - let cardh_out = run_test(&mut card, test_cardholder_cert, &[])?; - println!(" {:x?}", cardh_out); - println!(); + // print!("Cardholder Cert"); + // let cardh_out = run_test(&mut card, test_cardholder_cert, &[])?; + // println!(" {:x?}", cardh_out); + // println!(); } Ok(()) diff --git a/card-functionality/src/tests.rs b/card-functionality/src/tests.rs index b371612..09dc27f 100644 --- a/card-functionality/src/tests.rs +++ b/card-functionality/src/tests.rs @@ -530,6 +530,124 @@ pub fn test_verify( Ok(out) } +pub fn test_change_pw( + ca: &mut CardApp, + _param: &[&str], +) -> Result { + let mut out = vec![]; + + // first do admin-less pw1 on gnuk + println!("change pw1"); + ca.change_pw1("123456", "abcdef00")?; + + // also set admin pw, which means pw1 is now only user-pw again, on gnuk + println!("change pw3"); + ca.change_pw3("abcdef00", "abcdefgh")?; // gnuk + + // ca.change_pw3("12345678", "abcdefgh")?; + + println!("change pw1"); + ca.change_pw1("abcdef00", "abcdef")?; // gnuk + + // ca.change_pw1("123456", "abcdef")?; + + println!("verify bad pw1"); + match ca.verify_pw1("123456ab") { + Err(Error::CardStatus(StatusBytes::SecurityStatusNotSatisfied)) => { + // this is expected + } + Err(_) => { + panic!("unexpected error"); + } + Ok(_) => panic!("this value for pw1 should be considered wrong!"), + } + + println!("verify good pw1"); + ca.verify_pw1("abcdef")?; + + println!("verify bad pw3"); + match ca.verify_pw3("00000000") { + Err(Error::CardStatus(StatusBytes::SecurityStatusNotSatisfied)) => { + // this is expected + } + Err(_) => { + panic!("unexpected error"); + } + Ok(_) => panic!("this value for pw3 should be considered wrong!"), + } + + println!("verify good pw3"); + ca.verify_pw3("abcdefgh")?; + + Ok(out) +} + +pub fn test_reset_retry_counter( + ca: &mut CardApp, + _param: &[&str], +) -> Result { + let mut out = vec![]; + + // set pw3, then pw1 (to bring gnuk into non-admin mode) + println!("set pw3"); + ca.change_pw3("12345678", "12345678")?; + println!("set pw1"); + ca.change_pw1("123456", "123456")?; + + println!("break pw1"); + let _ = ca.verify_pw1("wrong"); + let _ = ca.verify_pw1("wrong"); + let _ = ca.verify_pw1("wrong"); + let res = ca.verify_pw1("wrong"); + + match res { + Err(Error::CardStatus(StatusBytes::AuthenticationMethodBlocked)) => { + // this is expected + } + Err(Error::CardStatus( + StatusBytes::IncorrectParametersCommandDataField, + )) => { + println!( + "yk says IncorrectParametersCommandDataField when PW \ + error count is exceeded" + ); + } + Err(e) => { + panic!("unexpected error {:?}", e); + } + Ok(_) => panic!("use of pw1 should be blocked!"), + } + + println!("verify pw3"); + ca.verify_pw3("12345678")?; + + println!("set resetting code"); + ca.set_resetting_code("abcdefgh".as_bytes().to_vec())?; + + println!("reset retry counter"); + // ca.reset_retry_counter_pw1("abcdef".as_bytes().to_vec(), None)?; + let res = ca.reset_retry_counter_pw1( + "abcdef".as_bytes().to_vec(), + Some("abcdefgh".as_bytes().to_vec()), + ); + + println!("verify good pw1"); + ca.verify_pw1("abcdef")?; + + println!("verify bad pw1"); + match ca.verify_pw1("00000000") { + Err(Error::CardStatus(StatusBytes::SecurityStatusNotSatisfied)) => { + // this is expected + } + Err(_) => { + panic!("unexpected error"); + } + Ok(_) => panic!("this value for pw1 should be considered wrong!"), + } + + Ok(out) +} + pub fn run_test( card: &mut TestCardApp, t: fn(&mut CardApp, &[&str]) -> Result,