From e959556d264e091029c39f2ae8d648a32ece5f3b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sosth=C3=A8ne=20Gu=C3=A9don?= <sosthene@nitrokey.com>
Date: Tue, 26 Sep 2023 11:33:40 +0200
Subject: [PATCH 1/2] Fix puk change

Fix https://github.com/Nitrokey/piv-authenticator/issues/37
---
 src/state.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/state.rs b/src/state.rs
index 2c76f1b..0980ff2 100644
--- a/src/state.rs
+++ b/src/state.rs
@@ -376,7 +376,7 @@ impl Persistent {
     ) -> bool {
         let old_puk = Bytes::from_slice(&old_value.0).expect("Convertion of static array");
         let new_puk = Bytes::from_slice(&new_value.0).expect("Convertion of static array");
-        try_syscall!(client.change_pin(PinType::UserPin, old_puk, new_puk))
+        try_syscall!(client.change_pin(PinType::Puk, old_puk, new_puk))
             .map(|r| r.success)
             .unwrap_or(false)
     }

From c0efb7b676f56c48009fe31c327bb99b83a3f676 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sosth=C3=A8ne=20Gu=C3=A9don?= <sosthene@nitrokey.com>
Date: Tue, 26 Sep 2023 15:00:59 +0200
Subject: [PATCH 2/2] Add test for PUK and PIN change

---
 tests/command_response.ron | 19 ++++++++++++++-
 tests/command_response.rs  | 50 +++++++++++++++++++++++++++++++++++++-
 2 files changed, 67 insertions(+), 2 deletions(-)

diff --git a/tests/command_response.ron b/tests/command_response.ron
index 6c39720..0ff97e9 100644
--- a/tests/command_response.ron
+++ b/tests/command_response.ron
@@ -182,5 +182,22 @@
                 output: Data("53 3b 3019d4e739d821086c1084210d8360d8210842108421804210c3f33410B0BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB30839393939313233313e00fe00"),
             ),
         ]
-    )
+    ),
+    IoTest(
+        name: "Pin and Puk",
+        uuid_config: WithBoth("00112233445566778899AABBCCDDEEFF"),
+        cmd_resp: [
+            ChangePin(
+                new: "01020304FFFFFFFF",
+            ),
+            ChangePuk(
+                new: "0102030405060708",
+            ),
+            VerifyApplicationPin(pin: "0102030405060708", expected_status: RemainingRetries(2)),
+            ChangePuk(
+                old: "0102030405060708",
+                new: "AABBCCDDEEFF0011",
+            ),
+        ]
+    ),
 ]
diff --git a/tests/command_response.rs b/tests/command_response.rs
index 45f7e70..9a88b0e 100644
--- a/tests/command_response.rs
+++ b/tests/command_response.rs
@@ -255,6 +255,10 @@ fn default_app_pin() -> String {
     "313233343536FFFF".into()
 }
 
+fn default_puk() -> String {
+    "3132333435363738".into()
+}
+
 #[derive(Deserialize, Debug)]
 #[serde(deny_unknown_fields)]
 enum IoCmd {
@@ -303,6 +307,20 @@ enum IoCmd {
         #[serde(default)]
         expected_status_response: Status,
     },
+    ChangePin {
+        #[serde(default = "default_app_pin")]
+        old: String,
+        new: String,
+        #[serde(default)]
+        expected_status: Status,
+    },
+    ChangePuk {
+        #[serde(default = "default_puk")]
+        old: String,
+        new: String,
+        #[serde(default)]
+        expected_status: Status,
+    },
     Select,
     Reset {
         #[serde(default)]
@@ -315,6 +333,7 @@ const MATCH_ANY: OutputMatcher = OutputMatcher::All(Cow::Borrowed(&[]), ());
 
 impl IoCmd {
     fn run(&self, card: &mut setup::Piv) {
+        println!("Running {self:?}");
         match self {
             Self::IoData {
                 input,
@@ -354,6 +373,16 @@ impl IoCmd {
                 key,
                 expected_status,
             } => Self::run_set_administration_key(key.algorithm, &key.key, *expected_status, card),
+            Self::ChangePin {
+                old,
+                new,
+                expected_status,
+            } => Self::run_change_pin(old, new, *expected_status, card),
+            Self::ChangePuk {
+                old,
+                new,
+                expected_status,
+            } => Self::run_change_puk(old, new, *expected_status, card),
             Self::Select => Self::run_select(card),
             Self::Reset { expected_status } => Self::run_reset(*expected_status, card),
         }
@@ -405,7 +434,7 @@ impl IoCmd {
             panic!("Bad output. Expected {output:02x?}");
         }
         if status != expected_status {
-            panic!("Bad status. Expected {expected_status:?}");
+            panic!("Bad status. Expected {expected_status:?}, got {status:?}");
         }
         rep
     }
@@ -534,6 +563,25 @@ impl IoCmd {
     fn run_reset(expected_status: Status, card: &mut setup::Piv) {
         Self::run_bytes(&hex!("00 FB 00 00"), &MATCH_EMPTY, expected_status, card);
     }
+
+    fn run_change_pin(old: &str, new: &str, status: Status, card: &mut setup::Piv) {
+        let command = parse_hex(&format!("{old}{new}"));
+        Self::run_bytes(
+            &build_command(0, 0x24, 0x00, 0x80, &command, 0x00),
+            &MATCH_EMPTY,
+            status,
+            card,
+        );
+    }
+    fn run_change_puk(old: &str, new: &str, status: Status, card: &mut setup::Piv) {
+        let command = parse_hex(&format!("{old}{new}"));
+        Self::run_bytes(
+            &build_command(0, 0x24, 0x00, 0x81, &command, 0x00),
+            &MATCH_EMPTY,
+            status,
+            card,
+        );
+    }
 }
 
 #[derive(Deserialize, Debug, PartialEq, Clone)]