Replace MgmKey::set with MgmKey::{set_default, set_manual} (#224)
* Add MgmKey::set_default method This wipes any metadata related to derived and PIN-protected management keys, returning the management key to its default state. * Transaction::set_mgm_key: Take touch requirement as bool The Option<u8> was inherited from the original C code's usage of an unsigned char. We don't need that flexibility, because only two cases are supported. * Replace MgmKey::set with MgmKey::set_manual MgmKey::set_default is now implemented as a wrapper around MgmKey::set_manual, as they both require clearing metadata related to derived and PIN-protected management keys.
This commit is contained in:
+13
-3
@@ -114,10 +114,11 @@ fn test_verify_pin() {
|
||||
#[cfg(feature = "untested")]
|
||||
#[test]
|
||||
#[ignore]
|
||||
fn test_protected_mgmkey() {
|
||||
fn test_set_mgmkey() {
|
||||
let mut yubikey = YUBIKEY.lock().unwrap();
|
||||
|
||||
assert!(yubikey.verify_pin(b"123456").is_ok());
|
||||
assert!(MgmKey::get_protected(&mut yubikey).is_err());
|
||||
assert!(yubikey.authenticate(MgmKey::default()).is_ok());
|
||||
|
||||
// Set a protected management key.
|
||||
@@ -129,10 +130,19 @@ fn test_protected_mgmkey() {
|
||||
assert!(yubikey.authenticate(MgmKey::default()).is_err());
|
||||
assert!(yubikey.authenticate(protected.clone()).is_ok());
|
||||
|
||||
// Set a manual management key.
|
||||
let manual = MgmKey::generate().unwrap();
|
||||
assert!(manual.set_manual(&mut yubikey, false).is_ok());
|
||||
assert!(MgmKey::get_protected(&mut yubikey).is_err());
|
||||
assert!(yubikey.authenticate(MgmKey::default()).is_err());
|
||||
assert!(yubikey.authenticate(protected.clone()).is_err());
|
||||
assert!(yubikey.authenticate(manual.clone()).is_ok());
|
||||
|
||||
// Set back to the default management key.
|
||||
// TODO: This does not clear the previous key from the protected metadata.
|
||||
assert!(MgmKey::default().set(&mut yubikey, None).is_ok());
|
||||
assert!(MgmKey::set_default(&mut yubikey).is_ok());
|
||||
assert!(MgmKey::get_protected(&mut yubikey).is_err());
|
||||
assert!(yubikey.authenticate(protected).is_err());
|
||||
assert!(yubikey.authenticate(manual).is_err());
|
||||
assert!(yubikey.authenticate(MgmKey::default()).is_ok());
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user