Create typed structs for PIN-protected and admin metadata (#223)

MgmKey::set_protected and YubiKey::set_pin_last_changed both contained
bugs resulting from the conversion of C pointer logic (incorrect buffer
management). The new Metadata struct holds its own buffer, avoiding the
problem.

Also adds a protected management key integration test.
This commit is contained in:
str4d
2021-02-01 06:54:13 +13:00
committed by GitHub
parent 37088bba56
commit 9d1da84233
6 changed files with 261 additions and 209 deletions
+29
View File
@@ -107,6 +107,35 @@ fn test_verify_pin() {
assert!(yubikey.verify_pin(b"123456").is_ok());
}
//
// Management key support
//
#[cfg(feature = "untested")]
#[test]
#[ignore]
fn test_protected_mgmkey() {
let mut yubikey = YUBIKEY.lock().unwrap();
assert!(yubikey.verify_pin(b"123456").is_ok());
assert!(yubikey.authenticate(MgmKey::default()).is_ok());
// Set a protected management key.
assert!(MgmKey::generate()
.unwrap()
.set_protected(&mut yubikey)
.is_ok());
let protected = MgmKey::get_protected(&mut yubikey).unwrap();
assert!(yubikey.authenticate(MgmKey::default()).is_err());
assert!(yubikey.authenticate(protected.clone()).is_ok());
// Set back to the default management key.
// TODO: This does not clear the previous key from the protected metadata.
assert!(MgmKey::default().set(&mut yubikey, None).is_ok());
assert!(yubikey.authenticate(protected).is_err());
assert!(yubikey.authenticate(MgmKey::default()).is_ok());
}
//
// Certificate support
//