From f34b9147eb3070bce80d53febaa564164cd6c977 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Wed, 13 Jul 2022 10:40:55 +0900 Subject: [PATCH] scd:openpgp: Fix workaround for Yubikey heuristics. * scd/app-openpgp.c (parse_algorithm_attribute): Handle the case of firmware 5.4, too. -- GnuPG-bug-id: 6070 Signed-off-by: NIIBE Yutaka --- scd/app-openpgp.c | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 8bb346a86..4667416df 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -6259,15 +6259,28 @@ parse_algorithm_attribute (app_t app, int keyno) app->app_local->keyattr[keyno].ecc.algo = *buffer; app->app_local->keyattr[keyno].ecc.flags = 0; - if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY - || buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff) - { /* Found "pubkey required"-byte for private key template. */ - oidlen--; - if (buffer[buflen-1] == 0xff) - app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY; + if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY) + { + /* Yubikey implementations vary. + * Firmware version 5.2 returns "pubkey required"-byte with + * 0x00, but after removal and second time insertion, it + * returns bogus value there. + * Firmware version 5.4 returns none. + */ + curve = ecc_curve (buffer + 1, oidlen); + if (!curve) + curve = ecc_curve (buffer + 1, oidlen - 1); + } + else + { + if (buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff) + { /* Found "pubkey required"-byte for private key template. */ + oidlen--; + if (buffer[buflen-1] == 0xff) + app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY; + } + curve = ecc_curve (buffer + 1, oidlen); } - - curve = ecc_curve (buffer + 1, oidlen); if (!curve) {