verify_pin: Don't set APDU data for empty PIN
This commit is contained in:
+14
-6
@@ -163,15 +163,23 @@ impl<'tx> Transaction<'tx> {
|
|||||||
/// Verify device PIN.
|
/// Verify device PIN.
|
||||||
#[cfg(feature = "untested")]
|
#[cfg(feature = "untested")]
|
||||||
pub fn verify_pin(&self, pin: &[u8]) -> Result<(), Error> {
|
pub fn verify_pin(&self, pin: &[u8]) -> Result<(), Error> {
|
||||||
// TODO(tarcieri): allow unpadded (with `0xFF`) PIN shorter than CB_PIN_MAX?
|
if pin.len() > CB_PIN_MAX {
|
||||||
if pin.len() != CB_PIN_MAX {
|
|
||||||
return Err(Error::SizeError);
|
return Err(Error::SizeError);
|
||||||
}
|
}
|
||||||
|
|
||||||
let response = APDU::new(Ins::Verify)
|
let mut query = APDU::new(Ins::Verify);
|
||||||
.params(0x00, 0x80)
|
query.params(0x00, 0x80);
|
||||||
.data(pin)
|
|
||||||
.transmit(self, 261)?;
|
// Empty pin means we are querying the number of retries. We set no data in this
|
||||||
|
// case; if we instead sent [0xff; CB_PIN_MAX] it would count as an attempt and
|
||||||
|
// decrease the retry counter.
|
||||||
|
if !pin.is_empty() {
|
||||||
|
let mut data = Zeroizing::new([0xff; CB_PIN_MAX]);
|
||||||
|
data[0..pin.len()].copy_from_slice(pin);
|
||||||
|
query.data(data.as_ref());
|
||||||
|
}
|
||||||
|
|
||||||
|
let response = query.transmit(self, 261)?;
|
||||||
|
|
||||||
match response.status_words() {
|
match response.status_words() {
|
||||||
StatusWords::Success => Ok(()),
|
StatusWords::Success => Ok(()),
|
||||||
|
|||||||
Reference in New Issue
Block a user