diff --git a/Cargo.toml b/Cargo.toml index 9b5b4f7..5e7401d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -17,7 +17,7 @@ cbor-smol = { version = "0.5", features = ["heapless-bytes-v0-3"] } delog = { version = "0.1.5", optional = true } flexiber = { version = "0.1", features = ["derive", "heapless"] } heapless = "0.7" -hex-literal = "0.3" +hex-literal = "1" iso7816 = "0.1.3" serde = { version = "1", default-features = false, features = ["derive"] } trussed = { version = "0.1", default-features = false, features = ["aes256-cbc", "chacha8-poly1305", "crypto-client", "ed255", "filesystem-client", "p256", "p384", "shared-secret", "serde-extensions", "tdes", "x255"], optional = true } @@ -56,7 +56,7 @@ iso7816 = { version = "0.1.2", features = ["std"] } # Examples # usbip rand = "0.8.5" -asn1 = "0.15.2" +asn1 = "0.22.0" [features] default = [] diff --git a/src/constants.rs b/src/constants.rs index 9a2b8da..ea180b2 100644 --- a/src/constants.rs +++ b/src/constants.rs @@ -43,29 +43,26 @@ pub const YUBICO_DEFAULT_MANAGEMENT_KEY_ALG: AdministrationAlgorithm = AdministrationAlgorithm::Tdes; pub const DISCOVERY_OBJECT: [u8; 18] = hex!( - " - 4f 0b // PIV AID - a000000308000010000100 - 5f2f 02 // PIN usage Policy - 4010" + "4f 0b" // PIV AID + "a000000308000010000100" + "5f2f 02" // PIN usage Policy + "4010" ); pub const CARD_CAP: [u8; 27] = hex!( - " - F0 00 // card identifier - F1 00 // capability container version - F2 00 // capability container grammar - F3 00 // application card url - F4 00 // pkcs15 - F5 01 10 // registereddata model number - F6 00 // access control rule table - F7 00 // card apdus - FA 00 // redirection tag - FB 00 // capability tuples - FC 00 // status tuples - FD 00 // next ccc - FE 00 // Error detection code -" + "F0 00" // card identifier + "F1 00" // capability container version + "F2 00" // capability container grammar + "F3 00" // application card url + "F4 00" // pkcs15 + "F5 01 10" // registereddata model number + "F6 00" // access control rule table + "F7 00" // card apdus + "FA 00" // redirection tag + "FB 00" // capability tuples + "FC 00" // status tuples + "FD 00" // next ccc + "FE 00" // Error detection code ); pub const PRINTED_INFORMATION: [u8; 63] = hex!( diff --git a/src/container.rs b/src/container.rs index 2df0781..84106f0 100644 --- a/src/container.rs +++ b/src/container.rs @@ -1,7 +1,5 @@ use core::convert::TryFrom; -use hex_literal::hex; - use littlefs2_core::{path, Path}; macro_rules! enum_subset { @@ -450,47 +448,60 @@ impl Container { impl TryFrom<&[u8]> for Container { type Error = (); fn try_from(tag: &[u8]) -> Result { + macro_rules! hex_match{ + ($matching:expr => { $($hex:literal => $value:expr,)* _ => $default:expr, } ) => { + $( + if $matching == hex_literal::hex!($hex) { + $value + } else + )* + { + $default + } + } + } + use Container::*; - Ok(match tag { - hex!("5FC107") => CardCapabilityContainer, - hex!("5FC102") => CardHolderUniqueIdentifier, - hex!("5FC105") => X509CertificateFor9A, - hex!("5FC103") => CardholderFingerprints, - hex!("5FC106") => SecurityObject, - hex!("5FC108") => CardholderFacialImage, - hex!("5FC101") => X509CertificateFor9E, - hex!("5FC109") => PrintedInformation, - hex!("5FC10A") => X509CertificateFor9C, - hex!("5FC10B") => X509CertificateFor9D, - hex!("5FC10C") => KeyHistoryObject, - hex!("5FC10D") => RetiredCert01, - hex!("5FC10E") => RetiredCert02, - hex!("5FC10F") => RetiredCert03, - hex!("5FC110") => RetiredCert04, - hex!("5FC111") => RetiredCert05, - hex!("5FC112") => RetiredCert06, - hex!("5FC113") => RetiredCert07, - hex!("5FC114") => RetiredCert08, - hex!("5FC115") => RetiredCert09, - hex!("5FC116") => RetiredCert10, - hex!("5FC117") => RetiredCert11, - hex!("5FC118") => RetiredCert12, - hex!("5FC119") => RetiredCert13, - hex!("5FC11A") => RetiredCert14, - hex!("5FC11B") => RetiredCert15, - hex!("5FC11C") => RetiredCert16, - hex!("5FC11D") => RetiredCert17, - hex!("5FC11E") => RetiredCert18, - hex!("5FC11F") => RetiredCert19, - hex!("5FC120") => RetiredCert20, - - hex!("5FC121") => CardholderIrisImages, - hex!("5FC122") => SecureMessagingCertificateSigner, - hex!("5FC123") => PairingCodeReferenceDataContainer, - - hex!("7E") => DiscoveryObject, - hex!("7F61") => BiometricInformationTemplatesGroupTemplate, + Ok(hex_match! (tag => { + "5FC107" => CardCapabilityContainer, + "5FC102" => CardHolderUniqueIdentifier, + "5FC105" => X509CertificateFor9A, + "5FC103" => CardholderFingerprints, + "5FC106" => SecurityObject, + "5FC108" => CardholderFacialImage, + "5FC101" => X509CertificateFor9E, + "5FC109" => PrintedInformation, + "5FC10A" => X509CertificateFor9C, + "5FC10B" => X509CertificateFor9D, + "5FC10C" => KeyHistoryObject, + "5FC10D" => RetiredCert01, + "5FC10E" => RetiredCert02, + "5FC10F" => RetiredCert03, + "5FC110" => RetiredCert04, + "5FC111" => RetiredCert05, + "5FC112" => RetiredCert06, + "5FC113" => RetiredCert07, + "5FC114" => RetiredCert08, + "5FC115" => RetiredCert09, + "5FC116" => RetiredCert10, + "5FC117" => RetiredCert11, + "5FC118" => RetiredCert12, + "5FC119" => RetiredCert13, + "5FC11A" => RetiredCert14, + "5FC11B" => RetiredCert15, + "5FC11C" => RetiredCert16, + "5FC11D" => RetiredCert17, + "5FC11E" => RetiredCert18, + "5FC11F" => RetiredCert19, + "5FC120" => RetiredCert20, + + "5FC121" => CardholderIrisImages, + "5FC122" => SecureMessagingCertificateSigner, + "5FC123" => PairingCodeReferenceDataContainer, + + "7E" => DiscoveryObject, + "7F61" => BiometricInformationTemplatesGroupTemplate, _ => return Err(()), - }) + })) } } diff --git a/src/vpicc.rs b/src/vpicc.rs index 63ff199..6fb9eae 100644 --- a/src/vpicc.rs +++ b/src/vpicc.rs @@ -31,7 +31,7 @@ impl VpiccCard { } fn handle(&mut self, request: &[u8]) -> (&[u8], Status) { - log::debug!("{:02x?} request", request); + log::debug!("{request:02x?} request"); parse_command(request) .and_then(|command| self.request_buffer.handle(command)) .map(|command| { diff --git a/tests/command_response.rs b/tests/command_response.rs index f576a37..79c8f48 100644 --- a/tests/command_response.rs +++ b/tests/command_response.rs @@ -720,27 +720,25 @@ impl IoCmd { fn run_select(card: &mut setup::Piv) { let matcher = OutputMatcher::Bytes(Cow::Borrowed(&hex!( - " - 61 69 // Card application property template - 4f 06 000010000100 // Application identifier - 50 0c 4e6974726f6b657920504956 // Application label = b\"Nitrokey PIV\" + "61 69" // Card application property template + "4f 06 000010000100" // Application identifier + "50 0c 4e6974726f6b657920504956" // Application label = b"Nitrokey PIV" - // URL = b\"https://github.com/Nitrokey/piv-authenticator\" - 5f50 2d 68747470733a2f2f6769746875622e636f6d2f4e6974726f6b65792f7069762d61757468656e74696361746f72 + // URL = b"https://github.com/Nitrokey/piv-authenticator" + "5f50 2d 68747470733a2f2f6769746875622e636f6d2f4e6974726f6b65792f7069762d61757468656e74696361746f72" // Cryptographic Algorithm Identifier Template - ac 18 - 80 01 03 // TDES - ECB - 80 01 0c // AES256 - ECB - 80 01 11 // P-256 - 80 01 07 // RSA 2048 - 80 01 05 // RSA 3072 - 80 01 16 // RSA 4096 - 80 01 14 // P384 - 06 01 00 + "ac 18" + "80 01 03" // TDES - ECB + "80 01 0c" // AES256 - ECB + "80 01 11" // P-256 + "80 01 07" // RSA 2048 + "80 01 05" // RSA 3072 + "80 01 16" // RSA 4096 + "80 01 14" // P384 + "06 01 00" // Coexistent Tag Allocation Authority Template - 79 07 - 4f 05 a000000308 - " + "79 07" + "4f 05 a000000308" ))); Self::run_bytes( &hex!("00 A4 04 00 0C A000000308000010000100 00"),