From c5c8b80e1c9d3677319b9f65f3f1a862e70a04a7 Mon Sep 17 00:00:00 2001 From: Dain Nilsson Date: Mon, 17 Jun 2024 13:19:14 +0200 Subject: [PATCH] PIV: Update management_key_type after reset --- tests/device/test_piv.py | 5 +++++ yubikit/piv.py | 6 ++++++ 2 files changed, 11 insertions(+) diff --git a/tests/device/test_piv.py b/tests/device/test_piv.py index 48e44551..c3a46a65 100644 --- a/tests/device/test_piv.py +++ b/tests/device/test_piv.py @@ -728,6 +728,8 @@ def test_management_key_metadata(self, session, info): session.set_management_key( MANAGEMENT_KEY_TYPE.AES192, NON_DEFAULT_MANAGEMENT_KEY ) + assert session.management_key_type == MANAGEMENT_KEY_TYPE.AES192 + data = session.get_management_key_metadata() assert data.key_type == MANAGEMENT_KEY_TYPE.AES192 assert data.default_value is False @@ -744,6 +746,9 @@ def test_management_key_metadata(self, session, info): data = session.get_management_key_metadata() assert data.default_value is False + session.reset() + assert session.management_key_type == default_type + @pytest.mark.parametrize("key_type", list(KEY_TYPE)) def test_slot_metadata_generate(self, session, info, keys, key_type, scp): skip_unsupported_key_type(key_type, info) diff --git a/yubikit/piv.py b/yubikit/piv.py index 8bc442ed..c166c1ae 100755 --- a/yubikit/piv.py +++ b/yubikit/piv.py @@ -570,6 +570,12 @@ def reset(self) -> None: self._current_pin_retries = 3 self._max_pin_retries = 3 + # Update management key type + try: + self._management_key_type = self.get_management_key_metadata().key_type + except NotSupportedError: + self._management_key_type = MANAGEMENT_KEY_TYPE.TDES + logger.info("PIV application data reset performed") @overload