PIV: remove additional PIV MGM methods

GregBowyer · GregBowyer · commit 434d2244cd01 · 2024-08-06T12:01:52.000-07:00
`Yubikey` hosts methods to do authentication with the MGM key in a one
shot method, and via broken out methods (`get_auth_challenge` and
`verify_auth_response`).

These methods are a little hard to make work with AES or 3DES keys and
currently have no integration tests.

Rather than having duplicate logic (and subsequently duplicating error
tests), these methods are being removed.
diff --git a/src/yubikey.rs b/src/yubikey.rs
@@ -66,9 +66,6 @@ use {
 /// Flag for PUK blocked
 pub(crate) const ADMIN_FLAGS_1_PUK_BLOCKED: u8 = 0x01;
 
-/// 3DES authentication
-pub(crate) const ALGO_3DES: u8 = 0x03;
-
 /// Card management key
 pub(crate) const KEY_CARDMGM: u8 = 0x9b;
 
@@ -628,53 +625,6 @@ impl YubiKey {
         txn.save_object(object_id, indata)
     }
 
-    /// Get an auth challenge.
-    #[cfg(feature = "untested")]
-    pub fn get_auth_challenge(&mut self) -> Result<[u8; 8]> {
-        let txn = self.begin_transaction()?;
-
-        let response = Apdu::new(Ins::Authenticate)
-            .params(ALGO_3DES, KEY_CARDMGM)
-            .data([0x7c, 0x02, 0x81, 0x00])
-            .transmit(&txn, 261)?;
-
-        if !response.is_success() {
-            return Err(Error::AuthenticationError);
-        }
-
-        Ok(response
-            .data()
-            .get(4..12)
-            .ok_or(Error::SizeError)?
-            .try_into()?)
-    }
-
-    /// Verify an auth response.
-    #[cfg(feature = "untested")]
-    pub fn verify_auth_response(&mut self, response: [u8; 8]) -> Result<()> {
-        let mut data = [0u8; 12];
-        data[0] = 0x7c;
-        data[1] = 0x0a;
-        data[2] = 0x82;
-        data[3] = 0x08;
-        data[4..12].copy_from_slice(&response);
-
-        let txn = self.begin_transaction()?;
-
-        // send the response to the card and a challenge of our own.
-        let status_words = Apdu::new(Ins::Authenticate)
-            .params(ALGO_3DES, KEY_CARDMGM)
-            .data(data)
-            .transmit(&txn, 261)?
-            .status_words();
-
-        if !status_words.is_success() {
-            return Err(Error::AuthenticationError);
-        }
-
-        Ok(())
-    }
-
     /// Reset YubiKey.
     ///
     /// WARNING: this is a destructive operation which will destroy all keys!
