From f98ea9d0aa5909f438092719c0c88f53297126c8 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Thu, 27 Oct 2022 22:29:49 +0200 Subject: [PATCH] opgpcard: only the SIG slot has configurable validity mechanism for PIN verification --- tools/src/bin/opgpcard/commands/status.rs | 6 ++---- tools/src/bin/opgpcard/output/status.rs | 24 +++++++++++++---------- 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/tools/src/bin/opgpcard/commands/status.rs b/tools/src/bin/opgpcard/commands/status.rs index d55b7f0..823aa15 100644 --- a/tools/src/bin/opgpcard/commands/status.rs +++ b/tools/src/bin/opgpcard/commands/status.rs @@ -100,10 +100,6 @@ pub fn print_status( signature_key.status(format!("{}", ks)); } - if pws.pw1_cds_valid_once() { - signature_key.pin_valid_once(); - } - if command.pkm { if let Ok(pkm) = card.public_key(KeyType::Signing) { signature_key.public_key_material(pkm.to_string()); @@ -195,6 +191,8 @@ pub fn print_status( output.attestation_key(attestation_key); // technical details about the card's state + output.user_pin_valid_for_only_one_signature(pws.pw1_cds_valid_once()); + output.user_pin_remaining_attempts(pws.err_count_pw1()); output.admin_pin_remaining_attempts(pws.err_count_pw3()); output.reset_code_remaining_attempts(pws.err_count_rc()); diff --git a/tools/src/bin/opgpcard/output/status.rs b/tools/src/bin/opgpcard/output/status.rs index 6085c77..7b2c004 100644 --- a/tools/src/bin/opgpcard/output/status.rs +++ b/tools/src/bin/opgpcard/output/status.rs @@ -19,6 +19,7 @@ pub struct Status { decryption_key: KeySlotInfo, authentication_key: KeySlotInfo, attestation_key: Option, + user_pin_valid_for_only_one_signature: bool, user_pin_remaining_attempts: u8, admin_pin_remaining_attempts: u8, reset_code_remaining_attempts: u8, @@ -71,6 +72,10 @@ impl Status { self.attestation_key = Some(key); } + pub fn user_pin_valid_for_only_one_signature(&mut self, sign_pin_valid_once: bool) { + self.user_pin_valid_for_only_one_signature = sign_pin_valid_once; + } + pub fn user_pin_remaining_attempts(&mut self, count: u8) { self.user_pin_remaining_attempts = count; } @@ -130,6 +135,13 @@ impl Status { for line in self.signature_key.format(self.verbose) { s.push_str(&format!(" {}\n", line)); } + if self.verbose { + if self.user_pin_valid_for_only_one_signature { + s.push_str(" User PIN presentation valid for one signature\n"); + } else { + s.push_str(" User PIN presentation valid for unlimited signatures\n"); + } + } s.push_str(&format!(" Signatures made: {}\n", self.signature_count)); s.push('\n'); @@ -186,6 +198,7 @@ impl Status { decryption_key: self.decryption_key.clone(), authentication_key: self.authentication_key.clone(), attestation_key: self.attestation_key.clone(), + user_pin_valid_for_only_one_signature: self.user_pin_valid_for_only_one_signature, user_pin_remaining_attempts: self.user_pin_remaining_attempts, admin_pin_remaining_attempts: self.admin_pin_remaining_attempts, reset_code_remaining_attempts: self.reset_code_remaining_attempts, @@ -234,6 +247,7 @@ pub struct StatusV0 { decryption_key: KeySlotInfo, authentication_key: KeySlotInfo, attestation_key: Option, + user_pin_valid_for_only_one_signature: bool, user_pin_remaining_attempts: u8, admin_pin_remaining_attempts: u8, reset_code_remaining_attempts: u8, @@ -253,7 +267,6 @@ pub struct KeySlotInfo { touch_policy: Option, touch_features: Option, status: Option, - pin_valid_once: bool, public_key_material: Option, } @@ -282,10 +295,6 @@ impl KeySlotInfo { self.status = Some(status); } - pub fn pin_valid_once(&mut self) { - self.pin_valid_once = true; - } - pub fn public_key_material(&mut self, material: String) { self.public_key_material = Some(material); } @@ -312,11 +321,6 @@ impl KeySlotInfo { if let Some(status) = &self.status { lines.push(format!("Key Status: {}", status)); } - if self.pin_valid_once { - lines.push("User PIN presentation valid for one signature".into()); - } else { - lines.push("User PIN presentation valid for unlimited signatures".into()); - } } if let Some(material) = &self.public_key_material { lines.push(format!("Public key material: {}", material));