diff --git a/piv/key.go b/piv/key.go index 180c215..d070eac 100644 --- a/piv/key.go +++ b/piv/key.go @@ -415,11 +415,11 @@ var retiredKeyManagementSlots = map[uint32]Slot{ // RetiredKeyManagementSlot provides access to "retired" slots. Slots meant for old Key Management // keys that have been rotated. YubiKeys 4 and later support values between 0x82 and 0x95 (inclusive). // -// slot, ok := RetiredKeyManagementSlot(0x82) -// if !ok { -// // unrecognized slot -// } -// pub, err := yk.GenerateKey(managementKey, slot, key) +// slot, ok := RetiredKeyManagementSlot(0x82) +// if !ok { +// // unrecognized slot +// } +// pub, err := yk.GenerateKey(managementKey, slot, key) // // https://developers.yubico.com/PIV/Introduction/Certificate_slots.html#_slot_82_95_retired_key_management func RetiredKeyManagementSlot(key uint32) (Slot, bool) { @@ -808,7 +808,6 @@ func ykGenerateKey(tx *scTx, slot Slot, o Key) (crypto.PublicKey, error) { alg, ok := algorithmsMap[o.Algorithm] if !ok { return nil, fmt.Errorf("unsupported algorithm") - } tp, ok := touchPolicyMap[o.TouchPolicy] if !ok { @@ -963,12 +962,11 @@ func pinPolicy(yk *YubiKey, slot Slot) (PINPolicy, error) { // If the public key hasn't been stored externally, it can be provided by // fetching the slot's attestation certificate: // -// cert, err := yk.Attest(slot) -// if err != nil { -// // ... -// } -// priv, err := yk.PrivateKey(slot, cert.PublicKey, auth) -// +// cert, err := yk.Attest(slot) +// if err != nil { +// // ... +// } +// priv, err := yk.PrivateKey(slot, cert.PublicKey, auth) func (yk *YubiKey) PrivateKey(slot Slot, public crypto.PublicKey, auth KeyAuth) (crypto.PrivateKey, error) { pp := PINPolicyNever if _, ok := pinPolicyMap[auth.PINPolicy]; ok { @@ -1086,7 +1084,6 @@ func ykImportKey(tx *scTx, tags []byte, slot Slot, o Key) error { alg, ok := algorithmsMap[o.Algorithm] if !ok { return fmt.Errorf("unsupported algorithm") - } tp, ok := touchPolicyMap[o.TouchPolicy] if !ok { diff --git a/piv/key_test.go b/piv/key_test.go index b38f72a..d366dae 100644 --- a/piv/key_test.go +++ b/piv/key_test.go @@ -876,7 +876,6 @@ func TestSetRSAPrivateKey(t *testing.T) { slot Slot wantErr error }{ - { name: "rsa 1024", bits: 1024, diff --git a/piv/pcsc_test.go b/piv/pcsc_test.go index 5902564..b361753 100644 --- a/piv/pcsc_test.go +++ b/piv/pcsc_test.go @@ -93,7 +93,7 @@ func TestTransaction(t *testing.T) { } func TestErrors(t *testing.T) { - var tests = []struct { + tests := []struct { sw1, sw2 byte isErrNotFound bool isAuthErr bool diff --git a/piv/piv.go b/piv/piv.go index 11a04b1..ae1520a 100644 --- a/piv/piv.go +++ b/piv/piv.go @@ -450,15 +450,13 @@ func ykAuthenticate(tx *scTx, key [24]byte, rand io.Reader) error { // are triple-des keys, however padding isn't verified. To generate a new key, // generate 24 random bytes. // -// var newKey [24]byte -// if _, err := io.ReadFull(rand.Reader, newKey[:]); err != nil { -// // ... -// } -// if err := yk.SetManagementKey(piv.DefaultManagementKey, newKey); err != nil { -// // ... -// } -// -// +// var newKey [24]byte +// if _, err := io.ReadFull(rand.Reader, newKey[:]); err != nil { +// // ... +// } +// if err := yk.SetManagementKey(piv.DefaultManagementKey, newKey); err != nil { +// // ... +// } func (yk *YubiKey) SetManagementKey(oldKey, newKey [24]byte) error { if err := ykAuthenticate(yk.tx, oldKey, yk.rand); err != nil { return fmt.Errorf("authenticating with old key: %w", err) @@ -494,17 +492,16 @@ func ykSetManagementKey(tx *scTx, key [24]byte, touch bool) error { // // To generate a new PIN, use the crypto/rand package. // -// // Generate a 6 character PIN. -// newPINInt, err := rand.Int(rand.Reader, bit.NewInt(1_000_000)) -// if err != nil { -// // ... -// } -// // Format with leading zeros. -// newPIN := fmt.Sprintf("%06d", newPINInt) -// if err := yk.SetPIN(piv.DefaultPIN, newPIN); err != nil { -// // ... -// } -// +// // Generate a 6 character PIN. +// newPINInt, err := rand.Int(rand.Reader, bit.NewInt(1_000_000)) +// if err != nil { +// // ... +// } +// // Format with leading zeros. +// newPIN := fmt.Sprintf("%06d", newPINInt) +// if err := yk.SetPIN(piv.DefaultPIN, newPIN); err != nil { +// // ... +// } func (yk *YubiKey) SetPIN(oldPIN, newPIN string) error { return ykChangePIN(yk.tx, oldPIN, newPIN) } @@ -555,17 +552,16 @@ func ykUnblockPIN(tx *scTx, puk, newPIN string) error { // // To generate a new PUK, use the crypto/rand package. // -// // Generate a 8 character PUK. -// newPUKInt, err := rand.Int(rand.Reader, big.NewInt(100_000_000)) -// if err != nil { -// // ... -// } -// // Format with leading zeros. -// newPUK := fmt.Sprintf("%08d", newPUKInt) -// if err := yk.SetPUK(piv.DefaultPUK, newPUK); err != nil { -// // ... -// } -// +// // Generate a 8 character PUK. +// newPUKInt, err := rand.Int(rand.Reader, big.NewInt(100_000_000)) +// if err != nil { +// // ... +// } +// // Format with leading zeros. +// newPUK := fmt.Sprintf("%08d", newPUKInt) +// if err := yk.SetPUK(piv.DefaultPUK, newPUK); err != nil { +// // ... +// } func (yk *YubiKey) SetPUK(oldPUK, newPUK string) error { return ykChangePUK(yk.tx, oldPUK, newPUK) }