scd:openpgp: Fix workaround for Yubikey heuristics.

* scd/app-openpgp.c (parse_algorithm_attribute): Handle the case of firmware 5.4, too. -- GnuPG-bug-id: 6070 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-12-22 10:19:57 +01:00 · 2022-07-13 10:40:55 +09:00 · 2022-07-13 10:40:55 +09:00 · f34b9147eb
commit f34b9147eb
parent 95651d1a4f
1 changed files with 21 additions and 8 deletions
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@ -6259,15 +6259,28 @@ parse_algorithm_attribute (app_t app, int keyno)
      app->app_local->keyattr[keyno].ecc.algo = *buffer;
      app->app_local->keyattr[keyno].ecc.flags = 0;

-      if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY
-	  || buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff)
-        { /* Found "pubkey required"-byte for private key template.  */
-          oidlen--;
-          if (buffer[buflen-1] == 0xff)
-            app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY;
+      if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY)
+        {
+          /* Yubikey implementations vary.
+           * Firmware version 5.2 returns "pubkey required"-byte with
+           * 0x00, but after removal and second time insertion, it
+           * returns bogus value there.
+           * Firmware version 5.4 returns none.
+           */
+          curve = ecc_curve (buffer + 1, oidlen);
+          if (!curve)
+            curve = ecc_curve (buffer + 1, oidlen - 1);
+        }
+      else
+        {
+          if (buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff)
+            { /* Found "pubkey required"-byte for private key template.  */
+              oidlen--;
+              if (buffer[buflen-1] == 0xff)
+                app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY;
+            }
+          curve = ecc_curve (buffer + 1, oidlen);
        }
-
-      curve = ecc_curve (buffer + 1, oidlen);

      if (!curve)
        {