diff --git a/card-functionality/src/tests.rs b/card-functionality/src/tests.rs index 1e88b04..e9c1293 100644 --- a/card-functionality/src/tests.rs +++ b/card-functionality/src/tests.rs @@ -62,7 +62,7 @@ pub fn test_decrypt(card: &mut dyn CardBackend, param: &[&str]) -> Result Result Result Result { @@ -518,7 +518,7 @@ pub fn test_verify(card: &mut dyn CardBackend, _param: &[&str]) -> Result { @@ -551,20 +551,20 @@ pub fn test_change_pw( // first do admin-less pw1 on gnuk // (NOTE: Gnuk requires a key to be loaded before allowing pw changes!) println!("change pw1"); - pgpt.change_pw1("123456", "abcdef00")?; + pgpt.change_pw1(b"123456", b"abcdef00")?; // also set admin pw, which means pw1 is now only user-pw again, on gnuk println!("change pw3"); // ca.change_pw3("abcdef00", "abcdefgh")?; // gnuk - pgpt.change_pw3("12345678", "abcdefgh")?; + pgpt.change_pw3(b"12345678", b"abcdefgh")?; println!("change pw1"); - pgpt.change_pw1("abcdef00", "abcdef")?; // gnuk + pgpt.change_pw1(b"abcdef00", b"abcdef")?; // gnuk // ca.change_pw1("123456", "abcdef")?; println!("verify bad pw1"); - match pgpt.verify_pw1("123456ab") { + match pgpt.verify_pw1(b"123456ab") { Err(Error::CardStatus(StatusBytes::SecurityStatusNotSatisfied)) => { // this is expected } @@ -575,10 +575,10 @@ pub fn test_change_pw( } println!("verify good pw1"); - pgpt.verify_pw1("abcdef")?; + pgpt.verify_pw1(b"abcdef")?; println!("verify bad pw3"); - match pgpt.verify_pw3("00000000") { + match pgpt.verify_pw3(b"00000000") { Err(Error::CardStatus(StatusBytes::SecurityStatusNotSatisfied)) => { // this is expected } @@ -589,13 +589,13 @@ pub fn test_change_pw( } println!("verify good pw3"); - pgpt.verify_pw3("abcdefgh")?; + pgpt.verify_pw3(b"abcdefgh")?; println!("change pw3 back to default"); - pgpt.change_pw3("abcdefgh", "12345678")?; + pgpt.change_pw3(b"abcdefgh", b"12345678")?; println!("change pw1 back to default"); - pgpt.change_pw1("abcdef", "123456")?; + pgpt.change_pw1(b"abcdef", b"123456")?; Ok(out) } @@ -611,15 +611,15 @@ pub fn test_reset_retry_counter( // set pw3, then pw1 (to bring gnuk into non-admin mode) println!("set pw3"); - pgpt.change_pw3("12345678", "12345678")?; + pgpt.change_pw3(b"12345678", b"12345678")?; println!("set pw1"); - pgpt.change_pw1("123456", "123456")?; + pgpt.change_pw1(b"123456", b"123456")?; println!("break pw1"); - let _ = pgpt.verify_pw1("wrong0"); - let _ = pgpt.verify_pw1("wrong0"); - let _ = pgpt.verify_pw1("wrong0"); - let res = pgpt.verify_pw1("wrong0"); + let _ = pgpt.verify_pw1(b"wrong0"); + let _ = pgpt.verify_pw1(b"wrong0"); + let _ = pgpt.verify_pw1(b"wrong0"); + let res = pgpt.verify_pw1(b"wrong0"); match res { Err(Error::CardStatus(StatusBytes::AuthenticationMethodBlocked)) => { @@ -638,23 +638,20 @@ pub fn test_reset_retry_counter( } println!("verify pw3"); - pgpt.verify_pw3("12345678")?; + pgpt.verify_pw3(b"12345678")?; println!("set resetting code"); - pgpt.set_resetting_code("abcdefgh".as_bytes().to_vec())?; + pgpt.set_resetting_code(b"abcdefgh")?; println!("reset retry counter"); // ca.reset_retry_counter_pw1("abcdef".as_bytes().to_vec(), None)?; - let _res = pgpt.reset_retry_counter_pw1( - "abcdef".as_bytes().to_vec(), - Some("abcdefgh".as_bytes().to_vec()), - ); + let _res = pgpt.reset_retry_counter_pw1(b"abcdef", Some(b"abcdefgh")); println!("verify good pw1"); - pgpt.verify_pw1("abcdef")?; + pgpt.verify_pw1(b"abcdef")?; println!("verify bad pw1"); - match pgpt.verify_pw1("00000000") { + match pgpt.verify_pw1(b"00000000") { Err(Error::CardStatus(StatusBytes::SecurityStatusNotSatisfied)) => { // this is expected } diff --git a/openpgp-card-sequoia/src/card.rs b/openpgp-card-sequoia/src/card.rs index ae75d36..cc89f6c 100644 --- a/openpgp-card-sequoia/src/card.rs +++ b/openpgp-card-sequoia/src/card.rs @@ -67,7 +67,7 @@ impl<'a> Open<'a> { } pub fn verify_user(&mut self, pin: &str) -> Result<(), Error> { - let _ = self.opt.verify_pw1(pin)?; + let _ = self.opt.verify_pw1(pin.as_bytes())?; self.pw1 = true; Ok(()) } @@ -81,7 +81,7 @@ impl<'a> Open<'a> { } pub fn verify_user_for_signing(&mut self, pin: &str) -> Result<(), Error> { - let _ = self.opt.verify_pw1_for_signing(pin)?; + let _ = self.opt.verify_pw1_for_signing(pin.as_bytes())?; // FIXME: depending on card mode, pw1_sign is only usable once @@ -101,7 +101,7 @@ impl<'a> Open<'a> { } pub fn verify_admin(&mut self, pin: &str) -> Result<(), Error> { - let _ = self.opt.verify_pw3(pin)?; + let _ = self.opt.verify_pw3(pin.as_bytes())?; self.pw3 = true; Ok(()) } @@ -129,7 +129,7 @@ impl<'a> Open<'a> { } pub fn change_user_pin(&mut self, old: &str, new: &str) -> Result<(), Error> { - self.opt.change_pw1(old, new) + self.opt.change_pw1(old.as_bytes(), new.as_bytes()) } pub fn change_user_pin_pinpad(&mut self, prompt: &dyn Fn()) -> Result<(), Error> { @@ -139,11 +139,11 @@ impl<'a> Open<'a> { pub fn reset_user_pin(&mut self, rst: &str, new: &str) -> Result<(), Error> { self.opt - .reset_retry_counter_pw1(new.into(), Some(rst.into())) + .reset_retry_counter_pw1(new.as_bytes(), Some(rst.as_bytes())) } pub fn change_admin_pin(&mut self, old: &str, new: &str) -> Result<(), Error> { - self.opt.change_pw3(old, new) + self.opt.change_pw3(old.as_bytes(), new.as_bytes()) } pub fn change_admin_pin_pinpad(&mut self, prompt: &dyn Fn()) -> Result<(), Error> { @@ -398,11 +398,11 @@ impl Admin<'_, '_> { } pub fn set_resetting_code(&mut self, pin: &str) -> Result<(), Error> { - self.oc.opt.set_resetting_code(pin.into()) + self.oc.opt.set_resetting_code(pin.as_bytes()) } pub fn reset_user_pin(&mut self, new: &str) -> Result<(), Error> { - self.oc.opt.reset_retry_counter_pw1(new.into(), None) + self.oc.opt.reset_retry_counter_pw1(new.as_bytes(), None) } /// Upload a ValidErasedKeyAmalgamation to the card as a specific KeyType. diff --git a/openpgp-card/src/apdu/commands.rs b/openpgp-card/src/apdu/commands.rs index 6c31bd3..e601904 100644 --- a/openpgp-card/src/apdu/commands.rs +++ b/openpgp-card/src/apdu/commands.rs @@ -147,22 +147,20 @@ pub(crate) fn put_cardholder_certificate(data: Vec) -> Command { /// "RESET RETRY COUNTER" (PW1, user pin) /// Reset the counter of PW1 and set a new pin. -pub(crate) fn reset_retry_counter_pw1( - resetting_code: Option>, - new_pin: Vec, -) -> Command { +pub(crate) fn reset_retry_counter_pw1(resetting_code: Option<&[u8]>, new_pin: &[u8]) -> Command { if let Some(resetting_code) = resetting_code { // Present the Resetting Code (DO D3) in the command data (P1 = 00) // Data field: Resetting Code + New PW - let mut data = resetting_code; + let mut data = vec![]; + data.extend(resetting_code); data.extend(new_pin); Command::new(0x00, 0x2C, 0x00, 0x81, data) } else { // Use after correct verification of PW3 (P1 = 02) // (Usage of secure messaging is equivalent to PW3) - Command::new(0x00, 0x2C, 0x02, 0x81, new_pin) + Command::new(0x00, 0x2C, 0x02, 0x81, new_pin.to_vec()) } } diff --git a/openpgp-card/src/openpgp.rs b/openpgp-card/src/openpgp.rs index 693004a..188350a 100644 --- a/openpgp-card/src/openpgp.rs +++ b/openpgp-card/src/openpgp.rs @@ -308,8 +308,8 @@ impl<'a> OpenPgpTransaction<'a> { /// Depending on the PW1 status byte (see Extended Capabilities) this /// access condition is only valid for one PSO:CDS command or remains /// valid for several attempts. - pub fn verify_pw1_for_signing(&mut self, pin: &str) -> Result<(), Error> { - let verify = commands::verify_pw1_81(pin.as_bytes().to_vec()); + pub fn verify_pw1_for_signing(&mut self, pin: &[u8]) -> Result<(), Error> { + let verify = commands::verify_pw1_81(pin.to_vec()); apdu::send_command(self.tx(), verify, false)?.try_into() } @@ -340,8 +340,8 @@ impl<'a> OpenPgpTransaction<'a> { /// Verify PW1 (user). /// (For operations except signing, mode 82). - pub fn verify_pw1(&mut self, pin: &str) -> Result<(), Error> { - let verify = commands::verify_pw1_82(pin.as_bytes().to_vec()); + pub fn verify_pw1(&mut self, pin: &[u8]) -> Result<(), Error> { + let verify = commands::verify_pw1_82(pin.to_vec()); apdu::send_command(self.tx(), verify, false)?.try_into() } @@ -369,8 +369,8 @@ impl<'a> OpenPgpTransaction<'a> { } /// Verify PW3 (admin). - pub fn verify_pw3(&mut self, pin: &str) -> Result<(), Error> { - let verify = commands::verify_pw3(pin.as_bytes().to_vec()); + pub fn verify_pw3(&mut self, pin: &[u8]) -> Result<(), Error> { + let verify = commands::verify_pw3(pin.to_vec()); apdu::send_command(self.tx(), verify, false)?.try_into() } @@ -397,10 +397,10 @@ impl<'a> OpenPgpTransaction<'a> { /// Change the value of PW1 (user password). /// /// The current value of PW1 must be presented in `old` for authorization. - pub fn change_pw1(&mut self, old: &str, new: &str) -> Result<(), Error> { + pub fn change_pw1(&mut self, old: &[u8], new: &[u8]) -> Result<(), Error> { let mut data = vec![]; - data.extend(old.as_bytes()); - data.extend(new.as_bytes()); + data.extend(old); + data.extend(new); let change = commands::change_pw1(data); apdu::send_command(self.tx(), change, false)?.try_into() @@ -416,10 +416,10 @@ impl<'a> OpenPgpTransaction<'a> { /// Change the value of PW3 (admin password). /// /// The current value of PW3 must be presented in `old` for authorization. - pub fn change_pw3(&mut self, old: &str, new: &str) -> Result<(), Error> { + pub fn change_pw3(&mut self, old: &[u8], new: &[u8]) -> Result<(), Error> { let mut data = vec![]; - data.extend(old.as_bytes()); - data.extend(new.as_bytes()); + data.extend(old); + data.extend(new); let change = commands::change_pw3(data); apdu::send_command(self.tx(), change, false)?.try_into() @@ -441,8 +441,8 @@ impl<'a> OpenPgpTransaction<'a> { /// - the resetting_code must be presented. pub fn reset_retry_counter_pw1( &mut self, - new_pw1: Vec, - resetting_code: Option>, + new_pw1: &[u8], + resetting_code: Option<&[u8]>, ) -> Result<(), Error> { let reset = commands::reset_retry_counter_pw1(resetting_code, new_pw1); apdu::send_command(self.tx(), reset, false)?.try_into() @@ -656,8 +656,8 @@ impl<'a> OpenPgpTransaction<'a> { /// Set resetting code /// (4.3.4 Resetting Code) - pub fn set_resetting_code(&mut self, resetting_code: Vec) -> Result<(), Error> { - let cmd = commands::put_data(&[0xd3], resetting_code); + pub fn set_resetting_code(&mut self, resetting_code: &[u8]) -> Result<(), Error> { + let cmd = commands::put_data(&[0xd3], resetting_code.to_vec()); apdu::send_command(self.tx(), cmd, false)?.try_into() }