Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Tests failing on older YubiKeys #55

Closed
ericchiang opened this issue Apr 28, 2020 · 3 comments · Fixed by #59
Closed

Tests failing on older YubiKeys #55

ericchiang opened this issue Apr 28, 2020 · 3 comments · Fixed by #59

Comments

@ericchiang
Copy link
Collaborator

ericchiang commented Apr 28, 2020
edited
Loading

Yubico Yubikey NEO OTP+U2F+CCID
Applet version: piv.version{major:0x1, minor:0x0, patch:0x4}

Logs

=== RUN   TestYubiKeySignECDSA                                                                        
    TestYubiKeySignECDSA: key_test.go:64: signing failed: command failed: smart card error 6982: security status not satisfied
--- FAIL: TestYubiKeySignECDSA (0.94s)                                                                                                                                                                      
=== RUN   TestPINPrompt                                                                                                                                                                                     
=== RUN   TestPINPrompt/Never            
    TestPINPrompt/Never: key_test.go:110: building private key: get attestation cert: command failed: smart card error 6d00
=== RUN   TestPINPrompt/Once                                                                          
    TestPINPrompt/Once: key_test.go:110: building private key: get attestation cert: command failed: smart card error 6d00
=== RUN   TestPINPrompt/Always                                                                        
    TestPINPrompt/Always: key_test.go:110: building private key: get attestation cert: command failed: smart card error 6d00
--- FAIL: TestPINPrompt (2.01s)                                                                       
    --- FAIL: TestPINPrompt/Never (0.67s)     
    --- FAIL: TestPINPrompt/Once (0.67s)                                                                                                                                                                    
    --- FAIL: TestPINPrompt/Always (0.67s)                                                            
=== RUN   TestSlots                    
=== RUN   TestSlots/Authentication                                                                                                                                                                          
    TestSlots/Authentication: key_test.go:153: attest: got err=command failed: smart card error 6d00, want=ErrNotFound                                                                                      
    TestSlots/Authentication: key_test.go:166: attest: command failed: smart card error 6d00
    TestSlots/Authentication: key_test.go:171: private key: get attestation cert: command failed: smart card error 6d00
=== RUN   TestSlots/CardAuthentication                                                                                                                                                            
    TestSlots/CardAuthentication: key_test.go:153: attest: got err=command failed: smart card error 6d00, want=ErrNotFound
    TestSlots/CardAuthentication: key_test.go:166: attest: command failed: smart card error 6d00
    TestSlots/CardAuthentication: key_test.go:171: private key: get attestation cert: command failed: smart card error 6d00
=== RUN   TestSlots/KeyManagement                  
    TestSlots/KeyManagement: key_test.go:153: attest: got err=command failed: smart card error 6d00, want=ErrNotFound
    TestSlots/KeyManagement: key_test.go:166: attest: command failed: smart card error 6d00
    TestSlots/KeyManagement: key_test.go:171: private key: get attestation cert: command failed: smart card error 6d00
=== RUN   TestSlots/Signature         
    TestSlots/Signature: key_test.go:153: attest: got err=command failed: smart card error 6d00, want=ErrNotFound
    TestSlots/Signature: key_test.go:166: attest: command failed: smart card error 6d00
    TestSlots/Signature: key_test.go:171: private key: get attestation cert: command failed: smart card error 6d00
--- FAIL: TestSlots (6.84s)                                                                           
    --- FAIL: TestSlots/Authentication (0.93s)                                                        
    --- FAIL: TestSlots/CardAuthentication (0.91s)
    --- FAIL: TestSlots/KeyManagement (0.91s)
    --- FAIL: TestSlots/Signature (0.91s)                                                             
=== RUN   TestYubiKeySignRSA          
=== RUN   TestYubiKeySignRSA/rsa1024  
    TestYubiKeySignRSA/rsa1024: key_test.go:249: signing failed: command failed: smart card error 6982: security status not satisfied
=== RUN   TestYubiKeySignRSA/rsa2048    
    TestYubiKeySignRSA/rsa2048: key_test.go:249: signing failed: command failed: smart card error 6982: security status not satisfied
--- FAIL: TestYubiKeySignRSA (19.47s)  
    --- FAIL: TestYubiKeySignRSA/rsa1024 (4.92s)
    --- FAIL: TestYubiKeySignRSA/rsa2048 (14.54s)
=== RUN   TestYubiKeyDecryptRSA       
=== RUN   TestYubiKeyDecryptRSA/rsa1024
    TestYubiKeyDecryptRSA/rsa1024: key_test.go:305: decryption failed: command failed: smart card error 6982: security status not satisfied
=== RUN   TestYubiKeyDecryptRSA/rsa2048  
    TestYubiKeyDecryptRSA/rsa2048: key_test.go:305: decryption failed: command failed: smart card error 6982: security status not satisfied
--- FAIL: TestYubiKeyDecryptRSA (36.03s)     
    --- FAIL: TestYubiKeyDecryptRSA/rsa1024 (4.67s) 
    --- FAIL: TestYubiKeyDecryptRSA/rsa2048 (31.36s)
=== RUN   TestYubiKeyAttestation      
    TestYubiKeyAttestation: key_test.go:325: getting attestation certificate: command failed: smart card error 6a82: data object or application not found
--- FAIL: TestYubiKeyAttestation (0.03s)
=== RUN   TestYubiKeyStoreCertificate              
--- PASS: TestYubiKeyStoreCertificate (3.54s)                                                         
=== RUN   TestYubiKeyGenerateKey                                                                      
=== RUN   TestYubiKeyGenerateKey/ec_256
=== RUN   TestYubiKeyGenerateKey/ec_384                                                                                                                                                                     
    TestYubiKeyGenerateKey/ec_384: key_test.go:462: generating key: command failed: smart card error 6a80: incorrect parameter in command data field
=== RUN   TestYubiKeyGenerateKey/rsa_1024
=== RUN   TestYubiKeyGenerateKey/rsa_2048     
--- FAIL: TestYubiKeyGenerateKey (20.94s)                                                             
    --- PASS: TestYubiKeyGenerateKey/ec_256 (0.67s) 
    --- FAIL: TestYubiKeyGenerateKey/ec_384 (0.07s)                                                   
    --- PASS: TestYubiKeyGenerateKey/rsa_1024 (5.02s)
    --- PASS: TestYubiKeyGenerateKey/rsa_2048 (15.18s)
=== RUN   TestYubiKeyPrivateKey               
    TestYubiKeyPrivateKey: key_test.go:492: getting private key: get attestation cert: command failed: smart card error 6d00
--- FAIL: TestYubiKeyPrivateKey (3.36s)                                                               
=== RUN   TestYubiKeyPrivateKeyPINError
    TestYubiKeyPrivateKeyPINError: key_test.go:542: getting private key: get attestation cert: command failed: smart card error 6d00
--- FAIL: TestYubiKeyPrivateKeyPINError (0.67s)                                                                                                                                                             
=== RUN   TestContextClose             
--- PASS: TestContextClose (0.00s)
=== RUN   TestContextListReaders                                                                                                                                                                  
--- PASS: TestContextListReaders (0.00s)
=== RUN   TestHandle                      
--- PASS: TestHandle (0.00s)                                                                          
=== RUN   TestTransaction                          
--- PASS: TestTransaction (0.00s)      
=== RUN   TestErrors                             
--- PASS: TestErrors (0.00s)
=== RUN   TestGetVersion              
--- PASS: TestGetVersion (0.02s)                                                                      
=== RUN   TestCards                   
--- PASS: TestCards (0.00s)                                                                           
=== RUN   TestNewYubiKey                                                                              
--- PASS: TestNewYubiKey (0.02s)                                                                      
=== RUN   TestMultipleConnections     
--- PASS: TestMultipleConnections (0.02s)
=== RUN   TestYubiKeySerial                                                                           
--- PASS: TestYubiKeySerial (0.05s)   
=== RUN   TestYubiKeyLoginNeeded      
    TestYubiKeyLoginNeeded: piv_test.go:140: expected no login needed
--- FAIL: TestYubiKeyLoginNeeded (0.07s)
=== RUN   TestYubiKeyPINRetries                                                                       
--- PASS: TestYubiKeyPINRetries (0.03s)
=== RUN   TestYubiKeyReset            
--- PASS: TestYubiKeyReset (3.26s)    
=== RUN   TestYubiKeyLogin            
--- PASS: TestYubiKeyLogin (0.05s)    
=== RUN   TestYubiKeyAuthenticate     
--- PASS: TestYubiKeyAuthenticate (0.07s)
=== RUN   TestYubiKeySetManagementKey 
--- PASS: TestYubiKeySetManagementKey (0.19s)
=== RUN   TestYubiKeyUnblockPIN       
--- PASS: TestYubiKeyUnblockPIN (0.20s)
=== RUN   TestYubiKeyChangePIN        
--- PASS: TestYubiKeyChangePIN (0.15s)        
=== RUN   TestYubiKeyChangePUK        
--- PASS: TestYubiKeyChangePUK (0.14s)             
=== RUN   TestChangeManagementKey                                                                     
--- PASS: TestChangeManagementKey (0.18s)                                                             
=== RUN   TestMetadata     
--- PASS: TestMetadata (3.43s)                                                                                                                                                                              
=== RUN   TestMetadataUnmarshal    
--- PASS: TestMetadataUnmarshal (0.00s)
=== RUN   TestMetadataMarshal                 
--- PASS: TestMetadataMarshal (0.00s)                                                                 
=== RUN   TestMetadataUpdate
--- PASS: TestMetadataUpdate (0.00s)                                                                  
=== RUN   TestMetadataAdditoinalFields
--- PASS: TestMetadataAdditoinalFields (0.00s)
FAIL                                          
FAIL    github.com/go-piv/piv-go/piv    102.041s   
FAIL
@joneskoo joneskoo mentioned this issue May 10, 2020
Closed
@joneskoo
Copy link

Maybe #50 introduced this?

@joneskoo
Copy link

joneskoo commented May 10, 2020
edited
Loading

https://developers.yubico.com/PIV/Introduction/PIV_attestation.html

This document describes the attestation feature added to the PIV module in YubiKey 4.3 and 5. For actual commands to work with the attestation feature, please see the yubico-piv-tool documentation.

Probably Yubikey 4.2.8 says "invalid instruction" for the get attestation command and that's why it's failing.

piv-go/piv/key.go

Lines 590 to 599 in 6bdd3b3

// Attempt to determine the key's PIN policy. This helps inform the
// strategy for when to prompt for a PIN.
cert, err := yk.Attest(slot)
if err != nil {
return nil, fmt.Errorf("get attestation cert: %v", err)
}
a, err := parseAttestation(cert)
if err != nil {
return nil, fmt.Errorf("parse attestation cert: %v", err)
}

@ericchiang ericchiang mentioned this issue May 12, 2020
Merged
@ericchiang
Copy link
Collaborator Author

Yep you're right :) Sent #59

This was referenced Jun 10, 2020
Open
Closed
@x2ocoder x2ocoder mentioned this issue May 22, 2024
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

piv: fixes for older YubiKey versions go-piv/piv-go
2 participants
@joneskoo @ericchiang