better errors for fail on pin-policy and touch-policy

This commit is contained in:
Klas Lindfors
2015-06-25 12:37:06 +02:00
parent 600b302c1d
commit 6f5870d884
+21 -4
View File
@@ -143,7 +143,13 @@ static bool generate_key(ykpiv_state *state, const char *slot,
if(sw == 0x6b00) { if(sw == 0x6b00) {
fprintf(stderr, "slot not supported?)\n"); fprintf(stderr, "slot not supported?)\n");
} else if(sw == 0x6a80) { } else if(sw == 0x6a80) {
fprintf(stderr, "algorithm not supported?)\n"); if(pin_policy != pin_policy__NULL) {
fprintf(stderr, "pin policy not supported?)\n");
} else if(touch_policy != touch_policy__NULL) {
fprintf(stderr, "touch policy not supported?)\n");
} else {
fprintf(stderr, "algorithm not supported?)\n");
}
} else { } else {
fprintf(stderr, "error %x)\n", sw); fprintf(stderr, "error %x)\n", sw);
} }
@@ -421,8 +427,15 @@ static bool import_key(ykpiv_state *state, enum enum_key_format key_format,
if(ykpiv_transfer_data(state, templ, in_data, in_ptr - in_data, data, if(ykpiv_transfer_data(state, templ, in_data, in_ptr - in_data, data,
&recv_len, &sw) != YKPIV_OK) { &recv_len, &sw) != YKPIV_OK) {
return false; return false;
} else if(pin_policy != pin_policy__NULL && sw == 0x6a80) { } else if(sw == 0x6a80) {
fprintf(stderr, "Failed import. Maybe pin-policy is not supported on this key?\n"); fprintf(stderr, "Failed import.");
if(pin_policy != pin_policy__NULL) {
fprintf(stderr, "Maybe pin-policy is not supported on this key?\n");
} else if(touch_policy != touch_policy__NULL) {
fprintf(stderr, "Maybe touch-policy is not supported on this key?\n");
} else {
fprintf(stderr, "Maybe algorithm is not supported on this key?\n");
}
} else if(sw != 0x9000) { } else if(sw != 0x9000) {
fprintf(stderr, "Failed import command with code %x.\n", sw); fprintf(stderr, "Failed import command with code %x.\n", sw);
} else { } else {
@@ -1700,7 +1713,11 @@ int main(int argc, char *argv[]) {
fprintf(stderr, "Failed decoding new key!\n"); fprintf(stderr, "Failed decoding new key!\n");
ret = EXIT_FAILURE; ret = EXIT_FAILURE;
} else if(ykpiv_set_mgmkey2(state, new_key, args_info.touch_policy_arg == touch_policy_arg_always ? 1 : 0) != YKPIV_OK) { } else if(ykpiv_set_mgmkey2(state, new_key, args_info.touch_policy_arg == touch_policy_arg_always ? 1 : 0) != YKPIV_OK) {
fprintf(stderr, "Failed setting the new key!\n"); fprintf(stderr, "Failed setting the new key!");
if(args_info.touch_policy_arg != touch_policy__NULL) {
fprintf(stderr, " Maybe touch policy is not supported on this key?");
}
fprintf(stderr, "\n");
ret = EXIT_FAILURE; ret = EXIT_FAILURE;
} else { } else {
fprintf(stderr, "Successfully set new management key.\n"); fprintf(stderr, "Successfully set new management key.\n");