Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. devel
[PATCH] scd:piv: Fix auth_adm_key.
heiko at schaefer
Jun 24, 2023, 4:47 AM
Post #1 of 2 (146 views)
Permalink
* scd/app-piv.c (auth_adm_key): Fix wrong byte in command.
--

The second command sent contained an incorrect value (compare "Special
Publication 800-73-4", A.2 "Mutual Authentication of Client Application
and Card Application").

Authentication against the YubiKey PIV application works without this
patch.

However, with other PIV implementations (like
https://github.com/arekinath/PivApplet and
https://github.com/canokeys/canokey-core), authentication only succeeds
with this patch.
---
scd/app-piv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scd/app-piv.c b/scd/app-piv.c
index a51ac31ec..67c00a108 100644
--- a/scd/app-piv.c
+++ b/scd/app-piv.c
@@ -928,7 +928,7 @@ auth_adm_key (app_t app, const unsigned char *value, size_t valuelen)
tmpl[12] = 0x81;
tmpl[13] = 8;
gcry_create_nonce (tmpl+14, 8);
- tmpl[22] = 0x80;
+ tmpl[22] = 0x82;
tmpl[23] = 0;
tmpllen = 24;
xfree (outdata);
--
2.41.0


_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: [PATCH] scd:piv: Fix auth_adm_key. [ In reply to ]
gniibe at fsij
Jun 26, 2023, 11:50 PM
Post #2 of 2 (145 views)
Permalink
Hello,

Heiko Schaefer <heiko@schaefer.name> wrote:
> The second command sent contained an incorrect value (compare "Special
> Publication 800-73-4", A.2 "Mutual Authentication of Client Application
> and Card Application").

Thank you, applied to master (the fix of comment as well for
the PIV authentication key).

I will backport to 2.4.
--

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-devel

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal