Clean up some of the management key code (#584)

* mgm: Move TDES weak key checking code into a submodule
* piv: Extract management key algorithm into a separate enum
* mgm: Check management key algorithm when fetching from Yubikey
This commit is contained in:
Jack Grigg
2025-02-11 19:19:53 +00:00
committed by GitHub
parent 19e1cccfec
commit 235eb6215e
7 changed files with 189 additions and 102 deletions
+19
View File
@@ -168,6 +168,25 @@ impl<'tx> Transaction<'tx> {
}
}
/// Read metadata
pub(crate) fn get_metadata(&self, slot: SlotId) -> Result<piv::SlotMetadata> {
let response = Apdu::new(Ins::GetMetadata)
.p2(slot.into())
.transmit(self, CB_OBJ_MAX)?;
if !response.is_success() {
if response.status_words() == StatusWords::NotSupportedError {
return Err(Error::NotSupported); // Requires firmware 5.2.3
} else {
return Err(Error::GenericError);
}
}
let buf = Buffer::new(response.data().into());
piv::SlotMetadata::try_from(buf)
}
/// Verify device PIN.
pub fn verify_pin(&self, pin: &[u8]) -> Result<()> {
if pin.len() > CB_PIN_MAX {