mgm: Generalize TDES logic to enable other algorithms (#625)
Co-authored-by: Jack Grigg <thestr4d@gmail.com> Co-authored-by: Greg Bowyer <gbowyer@fastmail.co.uk>
This commit is contained in:
committed by
GitHub
parent
7eb7a31a28
commit
1e1fe34734
+24
-15
@@ -114,32 +114,37 @@ fn test_verify_pin() {
|
||||
#[test]
|
||||
#[ignore]
|
||||
fn test_set_mgmkey() {
|
||||
let mut rng = OsRng;
|
||||
let mut yubikey = YUBIKEY.lock().unwrap();
|
||||
let default_key = MgmKey::get_default(&yubikey).unwrap();
|
||||
|
||||
assert!(yubikey.verify_pin(b"123456").is_ok());
|
||||
assert!(MgmKey::get_protected(&mut yubikey).is_err());
|
||||
assert!(yubikey.authenticate(MgmKey::default()).is_ok());
|
||||
assert!(yubikey.authenticate(&default_key).is_ok());
|
||||
|
||||
// Set a protected management key.
|
||||
assert!(MgmKey::generate().set_protected(&mut yubikey).is_ok());
|
||||
assert!(MgmKey::generate_for(&yubikey, &mut rng)
|
||||
.unwrap()
|
||||
.set_protected(&mut yubikey)
|
||||
.is_ok());
|
||||
let protected = MgmKey::get_protected(&mut yubikey).unwrap();
|
||||
assert!(yubikey.authenticate(MgmKey::default()).is_err());
|
||||
assert!(yubikey.authenticate(protected.clone()).is_ok());
|
||||
assert!(yubikey.authenticate(&default_key).is_err());
|
||||
assert!(yubikey.authenticate(&protected).is_ok());
|
||||
|
||||
// Set a manual management key.
|
||||
let manual = MgmKey::generate();
|
||||
let manual = MgmKey::generate_for(&yubikey, &mut rng).unwrap();
|
||||
assert!(manual.set_manual(&mut yubikey, false).is_ok());
|
||||
assert!(MgmKey::get_protected(&mut yubikey).is_err());
|
||||
assert!(yubikey.authenticate(MgmKey::default()).is_err());
|
||||
assert!(yubikey.authenticate(protected.clone()).is_err());
|
||||
assert!(yubikey.authenticate(manual.clone()).is_ok());
|
||||
assert!(yubikey.authenticate(&default_key).is_err());
|
||||
assert!(yubikey.authenticate(&protected).is_err());
|
||||
assert!(yubikey.authenticate(&manual).is_ok());
|
||||
|
||||
// Set back to the default management key.
|
||||
assert!(MgmKey::set_default(&mut yubikey).is_ok());
|
||||
assert!(MgmKey::get_protected(&mut yubikey).is_err());
|
||||
assert!(yubikey.authenticate(protected).is_err());
|
||||
assert!(yubikey.authenticate(manual).is_err());
|
||||
assert!(yubikey.authenticate(MgmKey::default()).is_ok());
|
||||
assert!(yubikey.authenticate(&protected).is_err());
|
||||
assert!(yubikey.authenticate(&manual).is_err());
|
||||
assert!(yubikey.authenticate(&default_key).is_ok());
|
||||
}
|
||||
|
||||
//
|
||||
@@ -148,9 +153,10 @@ fn test_set_mgmkey() {
|
||||
|
||||
fn generate_self_signed_cert<KT: yubikey_signer::KeyType>() -> Certificate {
|
||||
let mut yubikey = YUBIKEY.lock().unwrap();
|
||||
let default_key = MgmKey::get_default(&yubikey).unwrap();
|
||||
|
||||
assert!(yubikey.verify_pin(b"123456").is_ok());
|
||||
assert!(yubikey.authenticate(MgmKey::default()).is_ok());
|
||||
assert!(yubikey.authenticate(&default_key).is_ok());
|
||||
|
||||
let slot = SlotId::Retired(RetiredSlotId::R1);
|
||||
|
||||
@@ -215,8 +221,9 @@ fn generate_self_signed_rsa_cert() {
|
||||
fn generate_rsa3072() {
|
||||
let mut yubikey = YUBIKEY.lock().unwrap();
|
||||
let version = yubikey.version();
|
||||
let default_key = MgmKey::get_default(&yubikey).unwrap();
|
||||
|
||||
assert!(yubikey.authenticate(MgmKey::default()).is_ok());
|
||||
assert!(yubikey.authenticate(&default_key).is_ok());
|
||||
|
||||
let slot = SlotId::Retired(RetiredSlotId::R1);
|
||||
|
||||
@@ -314,9 +321,10 @@ fn test_slot_id_display() {
|
||||
#[ignore]
|
||||
fn test_read_metadata() {
|
||||
let mut yubikey = YUBIKEY.lock().unwrap();
|
||||
let default_key = MgmKey::get_default(&yubikey).unwrap();
|
||||
|
||||
assert!(yubikey.verify_pin(b"123456").is_ok());
|
||||
assert!(yubikey.authenticate(MgmKey::default()).is_ok());
|
||||
assert!(yubikey.authenticate(&default_key).is_ok());
|
||||
|
||||
let slot = SlotId::Retired(RetiredSlotId::R1);
|
||||
|
||||
@@ -344,9 +352,10 @@ fn test_read_metadata() {
|
||||
#[ignore]
|
||||
fn test_read_metadata_missing_key() {
|
||||
let mut yubikey = YUBIKEY.lock().unwrap();
|
||||
let default_key = MgmKey::get_default(&yubikey).unwrap();
|
||||
|
||||
assert!(yubikey.verify_pin(b"123456").is_ok());
|
||||
assert!(yubikey.authenticate(MgmKey::default()).is_ok());
|
||||
assert!(yubikey.authenticate(&default_key).is_ok());
|
||||
|
||||
// we assume that at least one of these slots is empty
|
||||
let slots_to_check = [
|
||||
|
||||
Reference in New Issue
Block a user