Replace magic number for status word by constants

Most come from NIST special publication 800-73-4, section 5.6,
except one which I assume to be a custom one for yubikey.
This commit is contained in:
Michael Scherer
2016-05-05 00:56:30 +02:00
parent bbde9f91f9
commit 24534bcfcf
3 changed files with 31 additions and 23 deletions
+17 -17
View File
@@ -180,7 +180,7 @@ ykpiv_rc ykpiv_connect(ykpiv_state *state, const char *wanted) {
fprintf(stderr, "Failed communicating with card: '%s'\n", ykpiv_strerror(res));
}
continue;
} else if(sw == 0x9000) {
} else if(sw == SW_SUCCESS) {
return YKPIV_OK;
} else {
if(state->verbose) {
@@ -283,7 +283,7 @@ ykpiv_rc ykpiv_transfer_data(ykpiv_state *state, const unsigned char *templ,
res = send_data(state, &apdu, data, &recv_len, sw);
if(res != YKPIV_OK) {
return res;
} else if(*sw != 0x9000 && *sw >> 8 != 0x61) {
} else if(*sw != SW_SUCCESS && *sw >> 8 != 0x61) {
return YKPIV_OK;
}
if(*out_len + recv_len - 2 > max_out) {
@@ -313,7 +313,7 @@ ykpiv_rc ykpiv_transfer_data(ykpiv_state *state, const unsigned char *templ,
res = send_data(state, &apdu, data, &recv_len, sw);
if(res != YKPIV_OK) {
return res;
} else if(*sw != 0x9000 && *sw >> 8 != 0x61) {
} else if(*sw != SW_SUCCESS && *sw >> 8 != 0x61) {
return YKPIV_OK;
}
if(*out_len + recv_len - 2 > max_out) {
@@ -399,7 +399,7 @@ ykpiv_rc ykpiv_authenticate(ykpiv_state *state, unsigned const char *key) {
apdu.st.data[2] = 0x80;
if((res = send_data(state, &apdu, data, &recv_len, &sw)) != YKPIV_OK) {
return res;
} else if(sw != 0x9000) {
} else if(sw != SW_SUCCESS) {
return YKPIV_AUTHENTICATION_ERROR;
}
memcpy(challenge, data + 4, 8);
@@ -435,7 +435,7 @@ ykpiv_rc ykpiv_authenticate(ykpiv_state *state, unsigned const char *key) {
apdu.st.lc = dataptr - apdu.st.data;
if((res = send_data(state, &apdu, data, &recv_len, &sw)) != YKPIV_OK) {
return res;
} else if(sw != 0x9000) {
} else if(sw != SW_SUCCESS) {
return YKPIV_AUTHENTICATION_ERROR;
}
}
@@ -497,7 +497,7 @@ ykpiv_rc ykpiv_set_mgmkey2(ykpiv_state *state, const unsigned char *new_key, con
memcpy(apdu.st.data + 3, new_key, DES_KEY_SZ * 3);
if((res = send_data(state, &apdu, data, &recv_len, &sw)) != YKPIV_OK) {
return res;
} else if(sw == 0x9000) {
} else if(sw == SW_SUCCESS) {
return YKPIV_OK;
}
return YKPIV_GENERIC_ERROR;
@@ -599,11 +599,11 @@ static ykpiv_rc _general_authenticate(ykpiv_state *state,
fprintf(stderr, "Sign command failed to communicate.\n");
}
return res;
} else if(sw != 0x9000) {
} else if(sw != SW_SUCCESS) {
if(state->verbose) {
fprintf(stderr, "Failed sign command with code %x.\n", sw);
}
if (sw == 0x6982)
if (sw == SW_ERR_SECURITY_STATUS)
return YKPIV_AUTHENTICATION_ERROR;
else
return YKPIV_GENERIC_ERROR;
@@ -664,7 +664,7 @@ ykpiv_rc ykpiv_get_version(ykpiv_state *state, char *version, size_t len) {
apdu.st.ins = YKPIV_INS_GET_VERSION;
if((res = send_data(state, &apdu, data, &recv_len, &sw)) != YKPIV_OK) {
return res;
} else if(sw == 0x9000) {
} else if(sw == SW_SUCCESS) {
int result = snprintf(version, len, "%d.%d.%d", data[0], data[1], data[2]);
if(result < 0) {
return YKPIV_SIZE_ERROR;
@@ -703,12 +703,12 @@ ykpiv_rc ykpiv_verify(ykpiv_state *state, const char *pin, int *tries) {
}
if((res = send_data(state, &apdu, data, &recv_len, &sw)) != YKPIV_OK) {
return res;
} else if(sw == 0x9000) {
} else if(sw == SW_SUCCESS) {
return YKPIV_OK;
} else if((sw >> 8) == 0x63) {
*tries = (sw & 0xf);
return YKPIV_WRONG_PIN;
} else if(sw == 0x6983) {
} else if(sw == SW_ERR_AUTH_BLOCKED) {
*tries = 0;
return YKPIV_WRONG_PIN;
} else {
@@ -750,11 +750,11 @@ static ykpiv_rc _change_pin_internal(ykpiv_state *state, int action, const char
res = ykpiv_transfer_data(state, templ, indata, sizeof(indata), data, &recv_len, &sw);
if(res != YKPIV_OK) {
return res;
} else if(sw != 0x9000) {
} else if(sw != SW_SUCCESS) {
if((sw >> 8) == 0x63) {
*tries = sw & 0xf;
return YKPIV_WRONG_PIN;
} else if(sw == 0x6983) {
} else if(sw == SW_ERR_AUTH_BLOCKED) {
return YKPIV_PIN_LOCKED;
} else {
if(state->verbose) {
@@ -796,7 +796,7 @@ ykpiv_rc ykpiv_fetch_object(ykpiv_state *state, int object_id,
return res;
}
if(sw == 0x9000) {
if(sw == SW_SUCCESS) {
size_t outlen;
int offs = get_length(data + 1, &outlen);
if(offs == 0) {
@@ -837,7 +837,7 @@ ykpiv_rc ykpiv_save_object(ykpiv_state *state, int object_id,
return res;
}
if(sw == 0x9000) {
if(sw == SW_SUCCESS) {
return YKPIV_OK;
} else {
return YKPIV_GENERIC_ERROR;
@@ -956,10 +956,10 @@ ykpiv_rc ykpiv_import_private_key(ykpiv_state *state, const unsigned char key, u
if (ykpiv_transfer_data(state, templ, key_data, in_ptr - key_data, data, &recv_len, &sw) != YKPIV_OK)
return YKPIV_GENERIC_ERROR;
if (sw == 0x6982)
if (sw == SW_ERR_SECURITY_STATUS)
return YKPIV_AUTHENTICATION_ERROR;
if (sw != 0x9000)
if (sw != SW_SUCCESS)
return YKPIV_GENERIC_ERROR;
return YKPIV_OK;
+8
View File
@@ -189,6 +189,14 @@ extern "C"
#define YKPIV_INS_GET_DATA 0xcb
#define YKPIV_INS_PUT_DATA 0xdb
/* sw is status words, see NIST special publication 800-73-4, section 5.6 */
#define SW_SUCCESS 0x9000
#define SW_ERR_SECURITY_STATUS 0x6982
#define SW_ERR_AUTH_BLOCKED 0x6983
#define SW_ERR_INCORRECT_PARAM 0x6a80
/* this is a custom sw for yubikey */
#define SW_ERR_INCORRECT_SLOT 0x6b00
/* Yubico vendor specific instructions */
#define YKPIV_INS_SET_MGMKEY 0xff
#define YKPIV_INS_IMPORT_KEY 0xfe
+6 -6
View File
@@ -168,11 +168,11 @@ static bool generate_key(ykpiv_state *state, const char *slot,
&recv_len, &sw) != YKPIV_OK) {
fprintf(stderr, "Failed to communicate.\n");
goto generate_out;
} else if(sw != 0x9000) {
} else if(sw != SW_SUCCESS) {
fprintf(stderr, "Failed to generate new key (");
if(sw == 0x6b00) {
if(sw == SW_ERR_INCORRECT_SLOT) {
fprintf(stderr, "slot not supported?)\n");
} else if(sw == 0x6a80) {
} else if(sw == SW_ERR_INCORRECT_PARAM) {
if(pin_policy != pin_policy__NULL) {
fprintf(stderr, "pin policy not supported?)\n");
} else if(touch_policy != touch_policy__NULL) {
@@ -297,7 +297,7 @@ static bool reset(ykpiv_state *state) {
/* note: the reset function is only available when both pins are blocked. */
if(ykpiv_transfer_data(state, templ, NULL, 0, data, &recv_len, &sw) != YKPIV_OK) {
return false;
} else if(sw == 0x9000) {
} else if(sw == SW_SUCCESS) {
return true;
}
return false;
@@ -320,7 +320,7 @@ static bool set_pin_retries(ykpiv_state *state, int pin_retries, int puk_retries
if(ykpiv_transfer_data(state, templ, NULL, 0, data, &recv_len, &sw) != YKPIV_OK) {
return false;
} else if(sw == 0x9000) {
} else if(sw == SW_SUCCESS) {
return true;
}
return false;
@@ -1676,7 +1676,7 @@ static bool attest(ykpiv_state *state, const char *slot,
if(ykpiv_transfer_data(state, templ, NULL, 0, data, &len, &sw) != YKPIV_OK) {
fprintf(stderr, "Failed to communicate.\n");
goto attest_out;
} else if(sw != 0x9000) {
} else if(sw != SW_SUCCESS) {
fprintf(stderr, "Failed to attest key.\n");
goto attest_out;
}