From 434d2244cd018dafd3f64195faf1ff635c89901f Mon Sep 17 00:00:00 2001
From: Greg Bowyer <gbowyer@fastmail.co.uk>
Date: Mon, 5 Aug 2024 21:06:26 -0700
Subject: [PATCH] PIV: remove additional PIV MGM methods

`Yubikey` hosts methods to do authentication with the MGM key in a one
shot method, and via broken out methods (`get_auth_challenge` and
`verify_auth_response`).

These methods are a little hard to make work with AES or 3DES keys and
currently have no integration tests.

Rather than having duplicate logic (and subsequently duplicating error
tests), these methods are being removed.
---
 src/yubikey.rs | 50 --------------------------------------------------
 1 file changed, 50 deletions(-)

diff --git a/src/yubikey.rs b/src/yubikey.rs
index 1c563705..c3ed08bc 100644
--- a/src/yubikey.rs
+++ b/src/yubikey.rs
@@ -66,9 +66,6 @@ use {
 /// Flag for PUK blocked
 pub(crate) const ADMIN_FLAGS_1_PUK_BLOCKED: u8 = 0x01;
 
-/// 3DES authentication
-pub(crate) const ALGO_3DES: u8 = 0x03;
-
 /// Card management key
 pub(crate) const KEY_CARDMGM: u8 = 0x9b;
 
@@ -628,53 +625,6 @@ impl YubiKey {
         txn.save_object(object_id, indata)
     }
 
-    /// Get an auth challenge.
-    #[cfg(feature = "untested")]
-    pub fn get_auth_challenge(&mut self) -> Result<[u8; 8]> {
-        let txn = self.begin_transaction()?;
-
-        let response = Apdu::new(Ins::Authenticate)
-            .params(ALGO_3DES, KEY_CARDMGM)
-            .data([0x7c, 0x02, 0x81, 0x00])
-            .transmit(&txn, 261)?;
-
-        if !response.is_success() {
-            return Err(Error::AuthenticationError);
-        }
-
-        Ok(response
-            .data()
-            .get(4..12)
-            .ok_or(Error::SizeError)?
-            .try_into()?)
-    }
-
-    /// Verify an auth response.
-    #[cfg(feature = "untested")]
-    pub fn verify_auth_response(&mut self, response: [u8; 8]) -> Result<()> {
-        let mut data = [0u8; 12];
-        data[0] = 0x7c;
-        data[1] = 0x0a;
-        data[2] = 0x82;
-        data[3] = 0x08;
-        data[4..12].copy_from_slice(&response);
-
-        let txn = self.begin_transaction()?;
-
-        // send the response to the card and a challenge of our own.
-        let status_words = Apdu::new(Ins::Authenticate)
-            .params(ALGO_3DES, KEY_CARDMGM)
-            .data(data)
-            .transmit(&txn, 261)?
-            .status_words();
-
-        if !status_words.is_success() {
-            return Err(Error::AuthenticationError);
-        }
-
-        Ok(())
-    }
-
     /// Reset YubiKey.
     ///
     /// WARNING: this is a destructive operation which will destroy all keys!