mirror of
https://github.com/logos-blockchain/logos-execution-zone.git
synced 2026-05-14 12:09:35 +00:00
47 lines
1.5 KiB
Python
47 lines
1.5 KiB
Python
from .. import constants
|
|
from ..card_interface import CardInterface
|
|
from ..preconditions import require_pin_verified
|
|
from ..crypto.generate_pairing_token import generate_pairing_token
|
|
|
|
|
|
@require_pin_verified
|
|
def change_secret(
|
|
card: CardInterface,
|
|
new_value: bytes | str,
|
|
pin_type: constants.PinType
|
|
) -> None:
|
|
"""
|
|
Changes the specified secret (PIN, PUK, PAIRING) or secret on the card.
|
|
|
|
Preconditions:
|
|
- Secure Channel must be opened
|
|
- User PIN must be verified
|
|
|
|
Args:
|
|
card: The card session object.
|
|
new_value (bytes | str): The new PIN/PUK/secret.
|
|
pin_type (PinType): Type of PIN (USER, PUK, or PAIRING)
|
|
|
|
Raises:
|
|
ValueError: If input format is invalid.
|
|
APDUError: If the card returns an error status word.
|
|
"""
|
|
if pin_type == constants.PinType.PAIRING:
|
|
if isinstance(new_value, str):
|
|
new_value = generate_pairing_token(new_value)
|
|
elif len(new_value) != 32:
|
|
raise ValueError("Pairing secret must be 32 bytes.")
|
|
elif isinstance(new_value, str):
|
|
new_value = new_value.encode("utf-8")
|
|
|
|
if pin_type == constants.PinType.USER and len(new_value) != 6:
|
|
raise ValueError("User PIN must be exactly 6 digits.")
|
|
elif pin_type == constants.PinType.PUK and len(new_value) != 12:
|
|
raise ValueError("PUK must be exactly 12 digits.")
|
|
|
|
card.send_secure_apdu(
|
|
ins=constants.INS_CHANGE_SECRET,
|
|
p1=pin_type.value,
|
|
data=new_value
|
|
)
|