Handle reference data not found in metadata command (#558)
This commit is contained in:
@@ -24,6 +24,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|||||||
- `ManagementAlgorithmId` has been renamed to `SlotAlgorithmId`, and its
|
- `ManagementAlgorithmId` has been renamed to `SlotAlgorithmId`, and its
|
||||||
`ThreeDes` variant has been replaced by `SlotAlgorithmId::Management`
|
`ThreeDes` variant has been replaced by `SlotAlgorithmId::Management`
|
||||||
containing a `yubikey::MgmAlgorithmId`.
|
containing a `yubikey::MgmAlgorithmId`.
|
||||||
|
- Metadata command returns `Error:NotFound` instead of `Error::GenericError` when the object doesn't exist ([#558]).
|
||||||
|
|
||||||
## 0.8.0 (2023-08-15)
|
## 0.8.0 (2023-08-15)
|
||||||
### Added
|
### Added
|
||||||
|
|||||||
@@ -421,6 +421,9 @@ pub(crate) enum StatusWords {
|
|||||||
/// Not enough memory
|
/// Not enough memory
|
||||||
NoSpaceError,
|
NoSpaceError,
|
||||||
|
|
||||||
|
/// Referenced data or reference data not found
|
||||||
|
ReferenceDataNotFoundError,
|
||||||
|
|
||||||
//
|
//
|
||||||
// Custom Yubico Status Word extensions
|
// Custom Yubico Status Word extensions
|
||||||
//
|
//
|
||||||
@@ -454,6 +457,7 @@ impl StatusWords {
|
|||||||
StatusWords::IncorrectParamError => 0x6a80,
|
StatusWords::IncorrectParamError => 0x6a80,
|
||||||
StatusWords::NotFoundError => 0x6a82,
|
StatusWords::NotFoundError => 0x6a82,
|
||||||
StatusWords::NoSpaceError => 0x6a84,
|
StatusWords::NoSpaceError => 0x6a84,
|
||||||
|
StatusWords::ReferenceDataNotFoundError => 0x6a88,
|
||||||
StatusWords::IncorrectSlotError => 0x6b00,
|
StatusWords::IncorrectSlotError => 0x6b00,
|
||||||
StatusWords::NotSupportedError => 0x6d00,
|
StatusWords::NotSupportedError => 0x6d00,
|
||||||
StatusWords::CommandAbortedError => 0x6f00,
|
StatusWords::CommandAbortedError => 0x6f00,
|
||||||
@@ -488,6 +492,7 @@ impl From<u16> for StatusWords {
|
|||||||
0x6a80 => StatusWords::IncorrectParamError,
|
0x6a80 => StatusWords::IncorrectParamError,
|
||||||
0x6a82 => StatusWords::NotFoundError,
|
0x6a82 => StatusWords::NotFoundError,
|
||||||
0x6a84 => StatusWords::NoSpaceError,
|
0x6a84 => StatusWords::NoSpaceError,
|
||||||
|
0x6a88 => StatusWords::ReferenceDataNotFoundError,
|
||||||
0x6b00 => StatusWords::IncorrectSlotError,
|
0x6b00 => StatusWords::IncorrectSlotError,
|
||||||
0x6d00 => StatusWords::NotSupportedError,
|
0x6d00 => StatusWords::NotSupportedError,
|
||||||
0x6f00 => StatusWords::CommandAbortedError,
|
0x6f00 => StatusWords::CommandAbortedError,
|
||||||
|
|||||||
+8
-9
@@ -163,17 +163,16 @@ impl<'tx> Transaction<'tx> {
|
|||||||
.p2(slot.into())
|
.p2(slot.into())
|
||||||
.transmit(self, CB_OBJ_MAX)?;
|
.transmit(self, CB_OBJ_MAX)?;
|
||||||
|
|
||||||
if !response.is_success() {
|
match response.status_words() {
|
||||||
if response.status_words() == StatusWords::NotSupportedError {
|
StatusWords::Success => {
|
||||||
return Err(Error::NotSupported); // Requires firmware 5.2.3
|
let buf = Buffer::new(response.data().into());
|
||||||
} else {
|
piv::SlotMetadata::try_from(buf)
|
||||||
return Err(Error::GenericError);
|
|
||||||
}
|
}
|
||||||
|
StatusWords::ReferenceDataNotFoundError => Err(Error::NotFound),
|
||||||
|
// Requires firmware 5.2.3
|
||||||
|
StatusWords::NotSupportedError => Err(Error::NotSupported),
|
||||||
|
_ => Err(Error::GenericError),
|
||||||
}
|
}
|
||||||
|
|
||||||
let buf = Buffer::new(response.data().into());
|
|
||||||
|
|
||||||
piv::SlotMetadata::try_from(buf)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Verify device PIN.
|
/// Verify device PIN.
|
||||||
|
|||||||
@@ -340,6 +340,52 @@ fn test_read_metadata() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
#[ignore]
|
||||||
|
fn test_read_metadata_missing_key() {
|
||||||
|
let mut yubikey = YUBIKEY.lock().unwrap();
|
||||||
|
|
||||||
|
assert!(yubikey.verify_pin(b"123456").is_ok());
|
||||||
|
assert!(yubikey.authenticate(MgmKey::default()).is_ok());
|
||||||
|
|
||||||
|
// we assume that at least one of these slots is empty
|
||||||
|
let slots_to_check = [
|
||||||
|
RetiredSlotId::R10,
|
||||||
|
RetiredSlotId::R11,
|
||||||
|
RetiredSlotId::R12,
|
||||||
|
RetiredSlotId::R13,
|
||||||
|
RetiredSlotId::R14,
|
||||||
|
RetiredSlotId::R15,
|
||||||
|
RetiredSlotId::R16,
|
||||||
|
RetiredSlotId::R17,
|
||||||
|
RetiredSlotId::R18,
|
||||||
|
RetiredSlotId::R19,
|
||||||
|
RetiredSlotId::R20,
|
||||||
|
];
|
||||||
|
|
||||||
|
for slot in slots_to_check {
|
||||||
|
let slot = SlotId::Retired(slot);
|
||||||
|
|
||||||
|
match piv::metadata(&mut yubikey, slot) {
|
||||||
|
Ok(_) => {
|
||||||
|
eprintln!("Key {} exists", slot);
|
||||||
|
}
|
||||||
|
Err(Error::NotSupported) => {
|
||||||
|
// Some YubiKeys don't support metadata
|
||||||
|
eprintln!("metadata not supported by this YubiKey");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
Err(Error::NotFound) => {
|
||||||
|
eprintln!("Key {} doesn't exist, ok.", slot);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
Err(err) => panic!("{}", err),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
panic!("No empty slots to check");
|
||||||
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
#[ignore]
|
#[ignore]
|
||||||
fn test_parse_cert_from_der() {
|
fn test_parse_cert_from_der() {
|
||||||
|
|||||||
Reference in New Issue
Block a user