Rename PIN-related functions for clarity
This commit is contained in:
Heiko Schaefer
parent
8ab3a43d6e
commit
e9235164c8
3 changed files with 23 additions and 23 deletions
|
|
@ -62,7 +62,7 @@ pub fn test_decrypt(card: &mut dyn CardBackend, param: &[&str]) -> Result<TestOu
|
||||||
let cert = Cert::from_str(param[0])?;
|
let cert = Cert::from_str(param[0])?;
|
||||||
let msg = param[1].to_string();
|
let msg = param[1].to_string();
|
||||||
|
|
||||||
pgpt.verify_pw1(b"123456")?;
|
pgpt.verify_pw1_user(b"123456")?;
|
||||||
|
|
||||||
let p = StandardPolicy::new();
|
let p = StandardPolicy::new();
|
||||||
|
|
||||||
|
|
@ -81,7 +81,7 @@ pub fn test_sign(card: &mut dyn CardBackend, param: &[&str]) -> Result<TestOutpu
|
||||||
|
|
||||||
assert_eq!(param.len(), 1, "test_sign needs a filename for 'cert'");
|
assert_eq!(param.len(), 1, "test_sign needs a filename for 'cert'");
|
||||||
|
|
||||||
pgpt.verify_pw1_for_signing(b"123456")?;
|
pgpt.verify_pw1_sign(b"123456")?;
|
||||||
|
|
||||||
let cert = Cert::from_str(param[0])?;
|
let cert = Cert::from_str(param[0])?;
|
||||||
|
|
||||||
|
|
@ -360,7 +360,7 @@ pub fn test_private_data(
|
||||||
let d = pgpt.private_use_do(1)?;
|
let d = pgpt.private_use_do(1)?;
|
||||||
println!("data 1 {:?}", d);
|
println!("data 1 {:?}", d);
|
||||||
|
|
||||||
pgpt.verify_pw1(b"123456")?;
|
pgpt.verify_pw1_user(b"123456")?;
|
||||||
|
|
||||||
pgpt.set_private_use_do(1, "Foo bar1!".as_bytes().to_vec())?;
|
pgpt.set_private_use_do(1, "Foo bar1!".as_bytes().to_vec())?;
|
||||||
pgpt.set_private_use_do(3, "Foo bar3!".as_bytes().to_vec())?;
|
pgpt.set_private_use_do(3, "Foo bar3!".as_bytes().to_vec())?;
|
||||||
|
|
@ -518,7 +518,7 @@ pub fn test_verify(card: &mut dyn CardBackend, _param: &[&str]) -> Result<TestOu
|
||||||
let cardholder = pgpt.cardholder_related_data()?;
|
let cardholder = pgpt.cardholder_related_data()?;
|
||||||
assert_eq!(cardholder.name(), Some("Admin<<Hello".as_bytes()));
|
assert_eq!(cardholder.name(), Some("Admin<<Hello".as_bytes()));
|
||||||
|
|
||||||
pgpt.verify_pw1(b"123456")?;
|
pgpt.verify_pw1_user(b"123456")?;
|
||||||
|
|
||||||
match pgpt.check_pw3() {
|
match pgpt.check_pw3() {
|
||||||
Err(Error::CardStatus(s)) => {
|
Err(Error::CardStatus(s)) => {
|
||||||
|
|
@ -564,7 +564,7 @@ pub fn test_change_pw(
|
||||||
// ca.change_pw1("123456", "abcdef")?;
|
// ca.change_pw1("123456", "abcdef")?;
|
||||||
|
|
||||||
println!("verify bad pw1");
|
println!("verify bad pw1");
|
||||||
match pgpt.verify_pw1(b"123456ab") {
|
match pgpt.verify_pw1_user(b"123456ab") {
|
||||||
Err(Error::CardStatus(StatusBytes::SecurityStatusNotSatisfied)) => {
|
Err(Error::CardStatus(StatusBytes::SecurityStatusNotSatisfied)) => {
|
||||||
// this is expected
|
// this is expected
|
||||||
}
|
}
|
||||||
|
|
@ -575,7 +575,7 @@ pub fn test_change_pw(
|
||||||
}
|
}
|
||||||
|
|
||||||
println!("verify good pw1");
|
println!("verify good pw1");
|
||||||
pgpt.verify_pw1(b"abcdef")?;
|
pgpt.verify_pw1_user(b"abcdef")?;
|
||||||
|
|
||||||
println!("verify bad pw3");
|
println!("verify bad pw3");
|
||||||
match pgpt.verify_pw3(b"00000000") {
|
match pgpt.verify_pw3(b"00000000") {
|
||||||
|
|
@ -616,10 +616,10 @@ pub fn test_reset_retry_counter(
|
||||||
pgpt.change_pw1(b"123456", b"123456")?;
|
pgpt.change_pw1(b"123456", b"123456")?;
|
||||||
|
|
||||||
println!("break pw1");
|
println!("break pw1");
|
||||||
let _ = pgpt.verify_pw1(b"wrong0");
|
let _ = pgpt.verify_pw1_user(b"wrong0");
|
||||||
let _ = pgpt.verify_pw1(b"wrong0");
|
let _ = pgpt.verify_pw1_user(b"wrong0");
|
||||||
let _ = pgpt.verify_pw1(b"wrong0");
|
let _ = pgpt.verify_pw1_user(b"wrong0");
|
||||||
let res = pgpt.verify_pw1(b"wrong0");
|
let res = pgpt.verify_pw1_user(b"wrong0");
|
||||||
|
|
||||||
match res {
|
match res {
|
||||||
Err(Error::CardStatus(StatusBytes::AuthenticationMethodBlocked)) => {
|
Err(Error::CardStatus(StatusBytes::AuthenticationMethodBlocked)) => {
|
||||||
|
|
@ -648,10 +648,10 @@ pub fn test_reset_retry_counter(
|
||||||
let _res = pgpt.reset_retry_counter_pw1(b"abcdef", Some(b"abcdefgh"));
|
let _res = pgpt.reset_retry_counter_pw1(b"abcdef", Some(b"abcdefgh"));
|
||||||
|
|
||||||
println!("verify good pw1");
|
println!("verify good pw1");
|
||||||
pgpt.verify_pw1(b"abcdef")?;
|
pgpt.verify_pw1_user(b"abcdef")?;
|
||||||
|
|
||||||
println!("verify bad pw1");
|
println!("verify bad pw1");
|
||||||
match pgpt.verify_pw1(b"00000000") {
|
match pgpt.verify_pw1_user(b"00000000") {
|
||||||
Err(Error::CardStatus(StatusBytes::SecurityStatusNotSatisfied)) => {
|
Err(Error::CardStatus(StatusBytes::SecurityStatusNotSatisfied)) => {
|
||||||
// this is expected
|
// this is expected
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -65,7 +65,7 @@ impl<'a> Open<'a> {
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn verify_user(&mut self, pin: &str) -> Result<(), Error> {
|
pub fn verify_user(&mut self, pin: &str) -> Result<(), Error> {
|
||||||
let _ = self.opt.verify_pw1(pin.as_bytes())?;
|
let _ = self.opt.verify_pw1_user(pin.as_bytes())?;
|
||||||
self.pw1 = true;
|
self.pw1 = true;
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
@ -73,13 +73,13 @@ impl<'a> Open<'a> {
|
||||||
pub fn verify_user_pinpad(&mut self, prompt: &dyn Fn()) -> Result<(), Error> {
|
pub fn verify_user_pinpad(&mut self, prompt: &dyn Fn()) -> Result<(), Error> {
|
||||||
prompt();
|
prompt();
|
||||||
|
|
||||||
let _ = self.opt.verify_pw1_pinpad()?;
|
let _ = self.opt.verify_pw1_user_pinpad()?;
|
||||||
self.pw1 = true;
|
self.pw1 = true;
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn verify_user_for_signing(&mut self, pin: &str) -> Result<(), Error> {
|
pub fn verify_user_for_signing(&mut self, pin: &str) -> Result<(), Error> {
|
||||||
let _ = self.opt.verify_pw1_for_signing(pin.as_bytes())?;
|
let _ = self.opt.verify_pw1_sign(pin.as_bytes())?;
|
||||||
|
|
||||||
// FIXME: depending on card mode, pw1_sign is only usable once
|
// FIXME: depending on card mode, pw1_sign is only usable once
|
||||||
|
|
||||||
|
|
@ -90,7 +90,7 @@ impl<'a> Open<'a> {
|
||||||
pub fn verify_user_for_signing_pinpad(&mut self, prompt: &dyn Fn()) -> Result<(), Error> {
|
pub fn verify_user_for_signing_pinpad(&mut self, prompt: &dyn Fn()) -> Result<(), Error> {
|
||||||
prompt();
|
prompt();
|
||||||
|
|
||||||
let _ = self.opt.verify_pw1_for_signing_pinpad()?;
|
let _ = self.opt.verify_pw1_sign_pinpad()?;
|
||||||
|
|
||||||
// FIXME: depending on card mode, pw1_sign is only usable once
|
// FIXME: depending on card mode, pw1_sign is only usable once
|
||||||
|
|
||||||
|
|
@ -116,7 +116,7 @@ impl<'a> Open<'a> {
|
||||||
///
|
///
|
||||||
/// NOTE: on some cards this functionality seems broken.
|
/// NOTE: on some cards this functionality seems broken.
|
||||||
pub fn check_user_verified(&mut self) -> Result<(), Error> {
|
pub fn check_user_verified(&mut self) -> Result<(), Error> {
|
||||||
self.opt.check_pw1()
|
self.opt.check_pw1_user()
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Ask the card if the admin password has been successfully verified.
|
/// Ask the card if the admin password has been successfully verified.
|
||||||
|
|
|
||||||
|
|
@ -313,7 +313,7 @@ impl<'a> OpenPgpTransaction<'a> {
|
||||||
/// Depending on the PW1 status byte (see Extended Capabilities) this
|
/// Depending on the PW1 status byte (see Extended Capabilities) this
|
||||||
/// access condition is only valid for one PSO:CDS command or remains
|
/// access condition is only valid for one PSO:CDS command or remains
|
||||||
/// valid for several attempts.
|
/// valid for several attempts.
|
||||||
pub fn verify_pw1_for_signing(&mut self, pin: &[u8]) -> Result<(), Error> {
|
pub fn verify_pw1_sign(&mut self, pin: &[u8]) -> Result<(), Error> {
|
||||||
let verify = commands::verify_pw1_81(pin.to_vec());
|
let verify = commands::verify_pw1_81(pin.to_vec());
|
||||||
apdu::send_command(self.tx(), verify, false)?.try_into()
|
apdu::send_command(self.tx(), verify, false)?.try_into()
|
||||||
}
|
}
|
||||||
|
|
@ -325,7 +325,7 @@ impl<'a> OpenPgpTransaction<'a> {
|
||||||
/// Depending on the PW1 status byte (see Extended Capabilities) this
|
/// Depending on the PW1 status byte (see Extended Capabilities) this
|
||||||
/// access condition is only valid for one PSO:CDS command or remains
|
/// access condition is only valid for one PSO:CDS command or remains
|
||||||
/// valid for several attempts.
|
/// valid for several attempts.
|
||||||
pub fn verify_pw1_for_signing_pinpad(&mut self) -> Result<(), Error> {
|
pub fn verify_pw1_sign_pinpad(&mut self) -> Result<(), Error> {
|
||||||
let res = self.tx().pinpad_verify(PinType::Sign)?;
|
let res = self.tx().pinpad_verify(PinType::Sign)?;
|
||||||
RawResponse::try_from(res)?.try_into()
|
RawResponse::try_from(res)?.try_into()
|
||||||
}
|
}
|
||||||
|
|
@ -338,14 +338,14 @@ impl<'a> OpenPgpTransaction<'a> {
|
||||||
/// - some cards don't correctly implement this feature, e.g. YubiKey 5
|
/// - some cards don't correctly implement this feature, e.g. YubiKey 5
|
||||||
/// - some cards that don't support this instruction may decrease the pin's error count,
|
/// - some cards that don't support this instruction may decrease the pin's error count,
|
||||||
/// eventually requiring the user to reset the pin)
|
/// eventually requiring the user to reset the pin)
|
||||||
pub fn check_pw1_for_signing(&mut self) -> Result<(), Error> {
|
pub fn check_pw1_sign(&mut self) -> Result<(), Error> {
|
||||||
let verify = commands::verify_pw1_81(vec![]);
|
let verify = commands::verify_pw1_81(vec![]);
|
||||||
apdu::send_command(self.tx(), verify, false)?.try_into()
|
apdu::send_command(self.tx(), verify, false)?.try_into()
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Verify PW1 (user).
|
/// Verify PW1 (user).
|
||||||
/// (For operations except signing, mode 82).
|
/// (For operations except signing, mode 82).
|
||||||
pub fn verify_pw1(&mut self, pin: &[u8]) -> Result<(), Error> {
|
pub fn verify_pw1_user(&mut self, pin: &[u8]) -> Result<(), Error> {
|
||||||
let verify = commands::verify_pw1_82(pin.to_vec());
|
let verify = commands::verify_pw1_82(pin.to_vec());
|
||||||
apdu::send_command(self.tx(), verify, false)?.try_into()
|
apdu::send_command(self.tx(), verify, false)?.try_into()
|
||||||
}
|
}
|
||||||
|
|
@ -354,7 +354,7 @@ impl<'a> OpenPgpTransaction<'a> {
|
||||||
/// using a pinpad on the card reader. If no usable pinpad is found,
|
/// using a pinpad on the card reader. If no usable pinpad is found,
|
||||||
/// an error is returned.
|
/// an error is returned.
|
||||||
|
|
||||||
pub fn verify_pw1_pinpad(&mut self) -> Result<(), Error> {
|
pub fn verify_pw1_user_pinpad(&mut self) -> Result<(), Error> {
|
||||||
let res = self.tx().pinpad_verify(PinType::User)?;
|
let res = self.tx().pinpad_verify(PinType::User)?;
|
||||||
RawResponse::try_from(res)?.try_into()
|
RawResponse::try_from(res)?.try_into()
|
||||||
}
|
}
|
||||||
|
|
@ -368,7 +368,7 @@ impl<'a> OpenPgpTransaction<'a> {
|
||||||
/// - some cards don't correctly implement this feature, e.g. YubiKey 5
|
/// - some cards don't correctly implement this feature, e.g. YubiKey 5
|
||||||
/// - some cards that don't support this instruction may decrease the pin's error count,
|
/// - some cards that don't support this instruction may decrease the pin's error count,
|
||||||
/// eventually requiring the user to reset the pin)
|
/// eventually requiring the user to reset the pin)
|
||||||
pub fn check_pw1(&mut self) -> Result<(), Error> {
|
pub fn check_pw1_user(&mut self) -> Result<(), Error> {
|
||||||
let verify = commands::verify_pw1_82(vec![]);
|
let verify = commands::verify_pw1_82(vec![]);
|
||||||
apdu::send_command(self.tx(), verify, false)?.try_into()
|
apdu::send_command(self.tx(), verify, false)?.try_into()
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue