[PATCH] scd:piv: Fix auth_adm_key.
Heiko Schaefer
heiko at schaefer.name
Sat Jun 24 13:47:53 CEST 2023
* scd/app-piv.c (auth_adm_key): Fix wrong byte in command.
--
The second command sent contained an incorrect value (compare "Special
Publication 800-73-4", A.2 "Mutual Authentication of Client Application
and Card Application").
Authentication against the YubiKey PIV application works without this
patch.
However, with other PIV implementations (like
https://github.com/arekinath/PivApplet and
https://github.com/canokeys/canokey-core), authentication only succeeds
with this patch.
---
scd/app-piv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scd/app-piv.c b/scd/app-piv.c
index a51ac31ec..67c00a108 100644
--- a/scd/app-piv.c
+++ b/scd/app-piv.c
@@ -928,7 +928,7 @@ auth_adm_key (app_t app, const unsigned char *value, size_t valuelen)
tmpl[12] = 0x81;
tmpl[13] = 8;
gcry_create_nonce (tmpl+14, 8);
- tmpl[22] = 0x80;
+ tmpl[22] = 0x82;
tmpl[23] = 0;
tmpllen = 24;
xfree (outdata);
--
2.41.0
More information about the Gnupg-devel
mailing list