Merge pull request #75 from mscherer/add_sw_const
Replace magic number for status word by constants
This commit is contained in:
+17
-17
@@ -180,7 +180,7 @@ ykpiv_rc ykpiv_connect(ykpiv_state *state, const char *wanted) {
|
|||||||
fprintf(stderr, "Failed communicating with card: '%s'\n", ykpiv_strerror(res));
|
fprintf(stderr, "Failed communicating with card: '%s'\n", ykpiv_strerror(res));
|
||||||
}
|
}
|
||||||
continue;
|
continue;
|
||||||
} else if(sw == 0x9000) {
|
} else if(sw == SW_SUCCESS) {
|
||||||
return YKPIV_OK;
|
return YKPIV_OK;
|
||||||
} else {
|
} else {
|
||||||
if(state->verbose) {
|
if(state->verbose) {
|
||||||
@@ -283,7 +283,7 @@ ykpiv_rc ykpiv_transfer_data(ykpiv_state *state, const unsigned char *templ,
|
|||||||
res = send_data(state, &apdu, data, &recv_len, sw);
|
res = send_data(state, &apdu, data, &recv_len, sw);
|
||||||
if(res != YKPIV_OK) {
|
if(res != YKPIV_OK) {
|
||||||
return res;
|
return res;
|
||||||
} else if(*sw != 0x9000 && *sw >> 8 != 0x61) {
|
} else if(*sw != SW_SUCCESS && *sw >> 8 != 0x61) {
|
||||||
return YKPIV_OK;
|
return YKPIV_OK;
|
||||||
}
|
}
|
||||||
if(*out_len + recv_len - 2 > max_out) {
|
if(*out_len + recv_len - 2 > max_out) {
|
||||||
@@ -313,7 +313,7 @@ ykpiv_rc ykpiv_transfer_data(ykpiv_state *state, const unsigned char *templ,
|
|||||||
res = send_data(state, &apdu, data, &recv_len, sw);
|
res = send_data(state, &apdu, data, &recv_len, sw);
|
||||||
if(res != YKPIV_OK) {
|
if(res != YKPIV_OK) {
|
||||||
return res;
|
return res;
|
||||||
} else if(*sw != 0x9000 && *sw >> 8 != 0x61) {
|
} else if(*sw != SW_SUCCESS && *sw >> 8 != 0x61) {
|
||||||
return YKPIV_OK;
|
return YKPIV_OK;
|
||||||
}
|
}
|
||||||
if(*out_len + recv_len - 2 > max_out) {
|
if(*out_len + recv_len - 2 > max_out) {
|
||||||
@@ -399,7 +399,7 @@ ykpiv_rc ykpiv_authenticate(ykpiv_state *state, unsigned const char *key) {
|
|||||||
apdu.st.data[2] = 0x80;
|
apdu.st.data[2] = 0x80;
|
||||||
if((res = send_data(state, &apdu, data, &recv_len, &sw)) != YKPIV_OK) {
|
if((res = send_data(state, &apdu, data, &recv_len, &sw)) != YKPIV_OK) {
|
||||||
return res;
|
return res;
|
||||||
} else if(sw != 0x9000) {
|
} else if(sw != SW_SUCCESS) {
|
||||||
return YKPIV_AUTHENTICATION_ERROR;
|
return YKPIV_AUTHENTICATION_ERROR;
|
||||||
}
|
}
|
||||||
memcpy(challenge, data + 4, 8);
|
memcpy(challenge, data + 4, 8);
|
||||||
@@ -435,7 +435,7 @@ ykpiv_rc ykpiv_authenticate(ykpiv_state *state, unsigned const char *key) {
|
|||||||
apdu.st.lc = dataptr - apdu.st.data;
|
apdu.st.lc = dataptr - apdu.st.data;
|
||||||
if((res = send_data(state, &apdu, data, &recv_len, &sw)) != YKPIV_OK) {
|
if((res = send_data(state, &apdu, data, &recv_len, &sw)) != YKPIV_OK) {
|
||||||
return res;
|
return res;
|
||||||
} else if(sw != 0x9000) {
|
} else if(sw != SW_SUCCESS) {
|
||||||
return YKPIV_AUTHENTICATION_ERROR;
|
return YKPIV_AUTHENTICATION_ERROR;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -497,7 +497,7 @@ ykpiv_rc ykpiv_set_mgmkey2(ykpiv_state *state, const unsigned char *new_key, con
|
|||||||
memcpy(apdu.st.data + 3, new_key, DES_KEY_SZ * 3);
|
memcpy(apdu.st.data + 3, new_key, DES_KEY_SZ * 3);
|
||||||
if((res = send_data(state, &apdu, data, &recv_len, &sw)) != YKPIV_OK) {
|
if((res = send_data(state, &apdu, data, &recv_len, &sw)) != YKPIV_OK) {
|
||||||
return res;
|
return res;
|
||||||
} else if(sw == 0x9000) {
|
} else if(sw == SW_SUCCESS) {
|
||||||
return YKPIV_OK;
|
return YKPIV_OK;
|
||||||
}
|
}
|
||||||
return YKPIV_GENERIC_ERROR;
|
return YKPIV_GENERIC_ERROR;
|
||||||
@@ -599,11 +599,11 @@ static ykpiv_rc _general_authenticate(ykpiv_state *state,
|
|||||||
fprintf(stderr, "Sign command failed to communicate.\n");
|
fprintf(stderr, "Sign command failed to communicate.\n");
|
||||||
}
|
}
|
||||||
return res;
|
return res;
|
||||||
} else if(sw != 0x9000) {
|
} else if(sw != SW_SUCCESS) {
|
||||||
if(state->verbose) {
|
if(state->verbose) {
|
||||||
fprintf(stderr, "Failed sign command with code %x.\n", sw);
|
fprintf(stderr, "Failed sign command with code %x.\n", sw);
|
||||||
}
|
}
|
||||||
if (sw == 0x6982)
|
if (sw == SW_ERR_SECURITY_STATUS)
|
||||||
return YKPIV_AUTHENTICATION_ERROR;
|
return YKPIV_AUTHENTICATION_ERROR;
|
||||||
else
|
else
|
||||||
return YKPIV_GENERIC_ERROR;
|
return YKPIV_GENERIC_ERROR;
|
||||||
@@ -664,7 +664,7 @@ ykpiv_rc ykpiv_get_version(ykpiv_state *state, char *version, size_t len) {
|
|||||||
apdu.st.ins = YKPIV_INS_GET_VERSION;
|
apdu.st.ins = YKPIV_INS_GET_VERSION;
|
||||||
if((res = send_data(state, &apdu, data, &recv_len, &sw)) != YKPIV_OK) {
|
if((res = send_data(state, &apdu, data, &recv_len, &sw)) != YKPIV_OK) {
|
||||||
return res;
|
return res;
|
||||||
} else if(sw == 0x9000) {
|
} else if(sw == SW_SUCCESS) {
|
||||||
int result = snprintf(version, len, "%d.%d.%d", data[0], data[1], data[2]);
|
int result = snprintf(version, len, "%d.%d.%d", data[0], data[1], data[2]);
|
||||||
if(result < 0) {
|
if(result < 0) {
|
||||||
return YKPIV_SIZE_ERROR;
|
return YKPIV_SIZE_ERROR;
|
||||||
@@ -703,12 +703,12 @@ ykpiv_rc ykpiv_verify(ykpiv_state *state, const char *pin, int *tries) {
|
|||||||
}
|
}
|
||||||
if((res = send_data(state, &apdu, data, &recv_len, &sw)) != YKPIV_OK) {
|
if((res = send_data(state, &apdu, data, &recv_len, &sw)) != YKPIV_OK) {
|
||||||
return res;
|
return res;
|
||||||
} else if(sw == 0x9000) {
|
} else if(sw == SW_SUCCESS) {
|
||||||
return YKPIV_OK;
|
return YKPIV_OK;
|
||||||
} else if((sw >> 8) == 0x63) {
|
} else if((sw >> 8) == 0x63) {
|
||||||
*tries = (sw & 0xf);
|
*tries = (sw & 0xf);
|
||||||
return YKPIV_WRONG_PIN;
|
return YKPIV_WRONG_PIN;
|
||||||
} else if(sw == 0x6983) {
|
} else if(sw == SW_ERR_AUTH_BLOCKED) {
|
||||||
*tries = 0;
|
*tries = 0;
|
||||||
return YKPIV_WRONG_PIN;
|
return YKPIV_WRONG_PIN;
|
||||||
} else {
|
} else {
|
||||||
@@ -750,11 +750,11 @@ static ykpiv_rc _change_pin_internal(ykpiv_state *state, int action, const char
|
|||||||
res = ykpiv_transfer_data(state, templ, indata, sizeof(indata), data, &recv_len, &sw);
|
res = ykpiv_transfer_data(state, templ, indata, sizeof(indata), data, &recv_len, &sw);
|
||||||
if(res != YKPIV_OK) {
|
if(res != YKPIV_OK) {
|
||||||
return res;
|
return res;
|
||||||
} else if(sw != 0x9000) {
|
} else if(sw != SW_SUCCESS) {
|
||||||
if((sw >> 8) == 0x63) {
|
if((sw >> 8) == 0x63) {
|
||||||
*tries = sw & 0xf;
|
*tries = sw & 0xf;
|
||||||
return YKPIV_WRONG_PIN;
|
return YKPIV_WRONG_PIN;
|
||||||
} else if(sw == 0x6983) {
|
} else if(sw == SW_ERR_AUTH_BLOCKED) {
|
||||||
return YKPIV_PIN_LOCKED;
|
return YKPIV_PIN_LOCKED;
|
||||||
} else {
|
} else {
|
||||||
if(state->verbose) {
|
if(state->verbose) {
|
||||||
@@ -796,7 +796,7 @@ ykpiv_rc ykpiv_fetch_object(ykpiv_state *state, int object_id,
|
|||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(sw == 0x9000) {
|
if(sw == SW_SUCCESS) {
|
||||||
size_t outlen;
|
size_t outlen;
|
||||||
int offs = get_length(data + 1, &outlen);
|
int offs = get_length(data + 1, &outlen);
|
||||||
if(offs == 0) {
|
if(offs == 0) {
|
||||||
@@ -837,7 +837,7 @@ ykpiv_rc ykpiv_save_object(ykpiv_state *state, int object_id,
|
|||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(sw == 0x9000) {
|
if(sw == SW_SUCCESS) {
|
||||||
return YKPIV_OK;
|
return YKPIV_OK;
|
||||||
} else {
|
} else {
|
||||||
return YKPIV_GENERIC_ERROR;
|
return YKPIV_GENERIC_ERROR;
|
||||||
@@ -956,10 +956,10 @@ ykpiv_rc ykpiv_import_private_key(ykpiv_state *state, const unsigned char key, u
|
|||||||
if (ykpiv_transfer_data(state, templ, key_data, in_ptr - key_data, data, &recv_len, &sw) != YKPIV_OK)
|
if (ykpiv_transfer_data(state, templ, key_data, in_ptr - key_data, data, &recv_len, &sw) != YKPIV_OK)
|
||||||
return YKPIV_GENERIC_ERROR;
|
return YKPIV_GENERIC_ERROR;
|
||||||
|
|
||||||
if (sw == 0x6982)
|
if (sw == SW_ERR_SECURITY_STATUS)
|
||||||
return YKPIV_AUTHENTICATION_ERROR;
|
return YKPIV_AUTHENTICATION_ERROR;
|
||||||
|
|
||||||
if (sw != 0x9000)
|
if (sw != SW_SUCCESS)
|
||||||
return YKPIV_GENERIC_ERROR;
|
return YKPIV_GENERIC_ERROR;
|
||||||
|
|
||||||
return YKPIV_OK;
|
return YKPIV_OK;
|
||||||
|
|||||||
@@ -189,6 +189,14 @@ extern "C"
|
|||||||
#define YKPIV_INS_GET_DATA 0xcb
|
#define YKPIV_INS_GET_DATA 0xcb
|
||||||
#define YKPIV_INS_PUT_DATA 0xdb
|
#define YKPIV_INS_PUT_DATA 0xdb
|
||||||
|
|
||||||
|
/* sw is status words, see NIST special publication 800-73-4, section 5.6 */
|
||||||
|
#define SW_SUCCESS 0x9000
|
||||||
|
#define SW_ERR_SECURITY_STATUS 0x6982
|
||||||
|
#define SW_ERR_AUTH_BLOCKED 0x6983
|
||||||
|
#define SW_ERR_INCORRECT_PARAM 0x6a80
|
||||||
|
/* this is a custom sw for yubikey */
|
||||||
|
#define SW_ERR_INCORRECT_SLOT 0x6b00
|
||||||
|
|
||||||
/* Yubico vendor specific instructions */
|
/* Yubico vendor specific instructions */
|
||||||
#define YKPIV_INS_SET_MGMKEY 0xff
|
#define YKPIV_INS_SET_MGMKEY 0xff
|
||||||
#define YKPIV_INS_IMPORT_KEY 0xfe
|
#define YKPIV_INS_IMPORT_KEY 0xfe
|
||||||
|
|||||||
@@ -168,11 +168,11 @@ static bool generate_key(ykpiv_state *state, const char *slot,
|
|||||||
&recv_len, &sw) != YKPIV_OK) {
|
&recv_len, &sw) != YKPIV_OK) {
|
||||||
fprintf(stderr, "Failed to communicate.\n");
|
fprintf(stderr, "Failed to communicate.\n");
|
||||||
goto generate_out;
|
goto generate_out;
|
||||||
} else if(sw != 0x9000) {
|
} else if(sw != SW_SUCCESS) {
|
||||||
fprintf(stderr, "Failed to generate new key (");
|
fprintf(stderr, "Failed to generate new key (");
|
||||||
if(sw == 0x6b00) {
|
if(sw == SW_ERR_INCORRECT_SLOT) {
|
||||||
fprintf(stderr, "slot not supported?)\n");
|
fprintf(stderr, "slot not supported?)\n");
|
||||||
} else if(sw == 0x6a80) {
|
} else if(sw == SW_ERR_INCORRECT_PARAM) {
|
||||||
if(pin_policy != pin_policy__NULL) {
|
if(pin_policy != pin_policy__NULL) {
|
||||||
fprintf(stderr, "pin policy not supported?)\n");
|
fprintf(stderr, "pin policy not supported?)\n");
|
||||||
} else if(touch_policy != touch_policy__NULL) {
|
} else if(touch_policy != touch_policy__NULL) {
|
||||||
@@ -297,7 +297,7 @@ static bool reset(ykpiv_state *state) {
|
|||||||
/* note: the reset function is only available when both pins are blocked. */
|
/* note: the reset function is only available when both pins are blocked. */
|
||||||
if(ykpiv_transfer_data(state, templ, NULL, 0, data, &recv_len, &sw) != YKPIV_OK) {
|
if(ykpiv_transfer_data(state, templ, NULL, 0, data, &recv_len, &sw) != YKPIV_OK) {
|
||||||
return false;
|
return false;
|
||||||
} else if(sw == 0x9000) {
|
} else if(sw == SW_SUCCESS) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
@@ -320,7 +320,7 @@ static bool set_pin_retries(ykpiv_state *state, int pin_retries, int puk_retries
|
|||||||
|
|
||||||
if(ykpiv_transfer_data(state, templ, NULL, 0, data, &recv_len, &sw) != YKPIV_OK) {
|
if(ykpiv_transfer_data(state, templ, NULL, 0, data, &recv_len, &sw) != YKPIV_OK) {
|
||||||
return false;
|
return false;
|
||||||
} else if(sw == 0x9000) {
|
} else if(sw == SW_SUCCESS) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
@@ -1676,7 +1676,7 @@ static bool attest(ykpiv_state *state, const char *slot,
|
|||||||
if(ykpiv_transfer_data(state, templ, NULL, 0, data, &len, &sw) != YKPIV_OK) {
|
if(ykpiv_transfer_data(state, templ, NULL, 0, data, &len, &sw) != YKPIV_OK) {
|
||||||
fprintf(stderr, "Failed to communicate.\n");
|
fprintf(stderr, "Failed to communicate.\n");
|
||||||
goto attest_out;
|
goto attest_out;
|
||||||
} else if(sw != 0x9000) {
|
} else if(sw != SW_SUCCESS) {
|
||||||
fprintf(stderr, "Failed to attest key.\n");
|
fprintf(stderr, "Failed to attest key.\n");
|
||||||
goto attest_out;
|
goto attest_out;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user