From 54198c4fa398d38a2de7107675a0d345d9cd82e3 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 00:45:35 +0000 Subject: [PATCH 1/2] fix(deps): update module cunicu.li/go-iso7816 to v0.8.1 --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 9283656..7c296c0 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ module cunicu.li/go-piv go 1.22.2 -require cunicu.li/go-iso7816 v0.8.0 +require cunicu.li/go-iso7816 v0.8.1 require ( github.com/ebfe/scard v0.0.0-20230420082256-7db3f9b7c8a7 //test-only diff --git a/go.sum b/go.sum index d546563..913d569 100644 --- a/go.sum +++ b/go.sum @@ -12,6 +12,8 @@ cunicu.li/go-iso7816 v0.6.0 h1:l0CzHZWN7FFLJOGY1NUQGyRxv0IuZODpMvEHWFIvOz4= cunicu.li/go-iso7816 v0.6.0/go.mod h1:DBXPMv/k9XQplA9qQT2k/Xo2gPCWQ9/rIh+h4hzJ850= cunicu.li/go-iso7816 v0.8.0 h1:EEQ9hAbdIbTUM0uVrWbfGnQnFjA3P/VoNj1GM71Tf5w= cunicu.li/go-iso7816 v0.8.0/go.mod h1:gSG/jc0iH2bykUasCbyIfnI1PFotnm76Gmk1bc7UFEg= +cunicu.li/go-iso7816 v0.8.1 h1:3kgjW+iCwkw6DtLDh5aKUQfwpwd0zoHHyPxyDS9t7HU= +cunicu.li/go-iso7816 v0.8.1/go.mod h1:bt5Uo0kVcv8+wbIaMdWw3YrcwdhGEDCu/arp7dsHuTY= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= From 2e10b0ff7f3af5d12bcb0e24200a9ac4882c5e8c Mon Sep 17 00:00:00 2001 From: Steffen Vogel Date: Mon, 9 Dec 2024 16:43:32 +0100 Subject: [PATCH 2/2] fix: Data object passed to PUT DATA command is an unstructured byte sequence not a constructed object Signed-off-by: Steffen Vogel --- cert.go | 17 +++++++++++------ pin_protected.go | 7 ++++++- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/cert.go b/cert.go index 9feced0..042a435 100644 --- a/cert.go +++ b/cert.go @@ -52,14 +52,19 @@ func (c *Card) SetCertificate(key ManagementKey, slot Slot, cert *x509.Certifica return fmt.Errorf("failed to authenticate with management key: %w", err) } + // https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-73-4.pdf#page=40 + certData, err := tlv.EncodeBER( + tlv.New(tagCertificate, cert.Raw), + tlv.New(tagCertInfo, 0x00), // "for a certificate encoded in uncompressed form CertInfo shall be 0x00" + tlv.New(tagErrorDetectionCode), + ) + if err != nil { + return err + } + if _, err := sendTLV(c.tx, insPutData, 0x3f, 0xff, slot.Object.TagValue(), - tlv.New(0x53, - // https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-73-4.pdf#page=40 - tlv.New(tagCertificate, cert.Raw), - tlv.New(tagCertInfo, 0x00), // "for a certificate encoded in uncompressed form CertInfo shall be 0x00" - tlv.New(tagErrorDetectionCode), - ), + tlv.New(0x53, certData), ); err != nil { return fmt.Errorf("failed to execute command: %w", err) } diff --git a/pin_protected.go b/pin_protected.go index 2c763ff..c6c18f4 100644 --- a/pin_protected.go +++ b/pin_protected.go @@ -115,9 +115,14 @@ func (c *Card) SetPinProtectedData(key ManagementKey, ppd *PinProtectedData) err return fmt.Errorf("failed to authenticate with key: %w", err) } + ppdData, err := tlv.EncodeBER(ppd.TagValues...) + if err != nil { + return err + } + if _, err := sendTLV(c.tx, insPutData, 0x3f, 0xff, doPrinted.TagValue(), - tlv.New(0x53, ppd.TagValues), + tlv.New(0x53, ppdData), ); err != nil { return fmt.Errorf("failed to execute command: %w", err) }