Handle reference data not found in metadata command (#558)
This commit is contained in:
@@ -24,6 +24,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||
- `ManagementAlgorithmId` has been renamed to `SlotAlgorithmId`, and its
|
||||
`ThreeDes` variant has been replaced by `SlotAlgorithmId::Management`
|
||||
containing a `yubikey::MgmAlgorithmId`.
|
||||
- Metadata command returns `Error:NotFound` instead of `Error::GenericError` when the object doesn't exist ([#558]).
|
||||
|
||||
## 0.8.0 (2023-08-15)
|
||||
### Added
|
||||
|
||||
@@ -421,6 +421,9 @@ pub(crate) enum StatusWords {
|
||||
/// Not enough memory
|
||||
NoSpaceError,
|
||||
|
||||
/// Referenced data or reference data not found
|
||||
ReferenceDataNotFoundError,
|
||||
|
||||
//
|
||||
// Custom Yubico Status Word extensions
|
||||
//
|
||||
@@ -454,6 +457,7 @@ impl StatusWords {
|
||||
StatusWords::IncorrectParamError => 0x6a80,
|
||||
StatusWords::NotFoundError => 0x6a82,
|
||||
StatusWords::NoSpaceError => 0x6a84,
|
||||
StatusWords::ReferenceDataNotFoundError => 0x6a88,
|
||||
StatusWords::IncorrectSlotError => 0x6b00,
|
||||
StatusWords::NotSupportedError => 0x6d00,
|
||||
StatusWords::CommandAbortedError => 0x6f00,
|
||||
@@ -488,6 +492,7 @@ impl From<u16> for StatusWords {
|
||||
0x6a80 => StatusWords::IncorrectParamError,
|
||||
0x6a82 => StatusWords::NotFoundError,
|
||||
0x6a84 => StatusWords::NoSpaceError,
|
||||
0x6a88 => StatusWords::ReferenceDataNotFoundError,
|
||||
0x6b00 => StatusWords::IncorrectSlotError,
|
||||
0x6d00 => StatusWords::NotSupportedError,
|
||||
0x6f00 => StatusWords::CommandAbortedError,
|
||||
|
||||
+8
-9
@@ -163,18 +163,17 @@ impl<'tx> Transaction<'tx> {
|
||||
.p2(slot.into())
|
||||
.transmit(self, CB_OBJ_MAX)?;
|
||||
|
||||
if !response.is_success() {
|
||||
if response.status_words() == StatusWords::NotSupportedError {
|
||||
return Err(Error::NotSupported); // Requires firmware 5.2.3
|
||||
} else {
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
}
|
||||
|
||||
match response.status_words() {
|
||||
StatusWords::Success => {
|
||||
let buf = Buffer::new(response.data().into());
|
||||
|
||||
piv::SlotMetadata::try_from(buf)
|
||||
}
|
||||
StatusWords::ReferenceDataNotFoundError => Err(Error::NotFound),
|
||||
// Requires firmware 5.2.3
|
||||
StatusWords::NotSupportedError => Err(Error::NotSupported),
|
||||
_ => Err(Error::GenericError),
|
||||
}
|
||||
}
|
||||
|
||||
/// Verify device PIN.
|
||||
pub fn verify_pin(&self, pin: &[u8]) -> Result<()> {
|
||||
|
||||
@@ -340,6 +340,52 @@ fn test_read_metadata() {
|
||||
}
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[ignore]
|
||||
fn test_read_metadata_missing_key() {
|
||||
let mut yubikey = YUBIKEY.lock().unwrap();
|
||||
|
||||
assert!(yubikey.verify_pin(b"123456").is_ok());
|
||||
assert!(yubikey.authenticate(MgmKey::default()).is_ok());
|
||||
|
||||
// we assume that at least one of these slots is empty
|
||||
let slots_to_check = [
|
||||
RetiredSlotId::R10,
|
||||
RetiredSlotId::R11,
|
||||
RetiredSlotId::R12,
|
||||
RetiredSlotId::R13,
|
||||
RetiredSlotId::R14,
|
||||
RetiredSlotId::R15,
|
||||
RetiredSlotId::R16,
|
||||
RetiredSlotId::R17,
|
||||
RetiredSlotId::R18,
|
||||
RetiredSlotId::R19,
|
||||
RetiredSlotId::R20,
|
||||
];
|
||||
|
||||
for slot in slots_to_check {
|
||||
let slot = SlotId::Retired(slot);
|
||||
|
||||
match piv::metadata(&mut yubikey, slot) {
|
||||
Ok(_) => {
|
||||
eprintln!("Key {} exists", slot);
|
||||
}
|
||||
Err(Error::NotSupported) => {
|
||||
// Some YubiKeys don't support metadata
|
||||
eprintln!("metadata not supported by this YubiKey");
|
||||
return;
|
||||
}
|
||||
Err(Error::NotFound) => {
|
||||
eprintln!("Key {} doesn't exist, ok.", slot);
|
||||
return;
|
||||
}
|
||||
Err(err) => panic!("{}", err),
|
||||
}
|
||||
}
|
||||
|
||||
panic!("No empty slots to check");
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[ignore]
|
||||
fn test_parse_cert_from_der() {
|
||||
|
||||
Reference in New Issue
Block a user