mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-20 14:37:08 +01:00
scd:piv: Improve APT parser compatibility.
* scd/app-piv.c (app_select_piv): Allow for full AID. -- It appears that SP-800-73-x is not too clear about the format of these objects. Many current cards (such as the Yubikey 5 series) apparently have only the PIX in DO 0x4F and only the RID in object 0x79/0x4F. However, other cards as well as the PivApplet Javacard applet have the full AID in 0x4F (which actually seems closer to what the standard says). PivApplet also has the full AID in 0x79/0x4F, but this is probably incorrect. (Here is a long discussion of the matter from an OpenSC author: https://github.com/arekinath/PivApplet/issues/43#issuecomment-772649709) [Taken from a mail to gnupg-devel date 2021-02-03.] Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
6976a70270
commit
8cad11d13b
@ -3,6 +3,7 @@
|
|||||||
#+TEXT: Some notes on GnuPG internals
|
#+TEXT: Some notes on GnuPG internals
|
||||||
#+STARTUP: showall
|
#+STARTUP: showall
|
||||||
#+OPTIONS: ^:{}
|
#+OPTIONS: ^:{}
|
||||||
|
# Note: This might be a copy; the original lives in gnupg/doc/HACKING.
|
||||||
|
|
||||||
* How to contribute
|
* How to contribute
|
||||||
|
|
||||||
|
@ -3641,20 +3641,23 @@ app_select_piv (app_t app)
|
|||||||
}
|
}
|
||||||
|
|
||||||
s = find_tlv (apt, aptlen, 0x4F, &n);
|
s = find_tlv (apt, aptlen, 0x4F, &n);
|
||||||
if (!s || n != 6 || memcmp (s, piv_aid+5, 4))
|
/* Some cards (new Yubikey) return only the PIX, while others
|
||||||
|
* (old Yubikey, PivApplet) return the RID+PIX. */
|
||||||
|
if (!s || !((n == 6 && !memcmp (s, piv_aid+5, 4))
|
||||||
|
|| (n == 11 && !memcmp (s, piv_aid, 9))))
|
||||||
{
|
{
|
||||||
/* The PIX does not match. */
|
/* The PIX does not match. */
|
||||||
log_error ("piv: missing or invalid DO 0x4F in APT\n");
|
log_error ("piv: missing or invalid DO 0x4F in APT\n");
|
||||||
err = gpg_error (GPG_ERR_CARD);
|
err = gpg_error (GPG_ERR_CARD);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
if (s[4] != 1 || s[5] != 0)
|
if (s[n-2] != 1 || s[n-1] != 0)
|
||||||
{
|
{
|
||||||
log_error ("piv: unknown PIV version %u.%u\n", s[4], s[5]);
|
log_error ("piv: unknown PIV version %u.%u\n", s[4], s[5]);
|
||||||
err = gpg_error (GPG_ERR_CARD);
|
err = gpg_error (GPG_ERR_CARD);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
app->appversion = ((s[4] << 8) | s[5]);
|
app->appversion = ((s[n-2] << 8) | s[n-1]);
|
||||||
|
|
||||||
s = find_tlv (apt, aptlen, 0x79, &n);
|
s = find_tlv (apt, aptlen, 0x79, &n);
|
||||||
if (!s || n < 7)
|
if (!s || n < 7)
|
||||||
@ -3664,7 +3667,9 @@ app_select_piv (app_t app)
|
|||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
s = find_tlv (s, n, 0x4F, &n);
|
s = find_tlv (s, n, 0x4F, &n);
|
||||||
if (!s || n != 5 || memcmp (s, piv_aid, 5))
|
/* Some cards may also return the full AID instead of just
|
||||||
|
* the 5-byte RID here. */
|
||||||
|
if (!s || !(n == 5 || n == 11) || memcmp (s, piv_aid, 5))
|
||||||
{
|
{
|
||||||
/* The RID does not match. */
|
/* The RID does not match. */
|
||||||
log_error ("piv: missing or invalid DO 0x79.4F in APT\n");
|
log_error ("piv: missing or invalid DO 0x79.4F in APT\n");
|
||||||
|
Loading…
x
Reference in New Issue
Block a user