From 031ee5992e3ad249a0baf50743aa2ebc1d6329af Mon Sep 17 00:00:00 2001
From: z4yx <z4yx@users.noreply.github.com>
Date: Fri, 13 Oct 2023 12:35:23 +0800
Subject: [PATCH] fix policy parsing in PIV

---
 src/key.c | 62 +++++++++++++++++++++++++++----------------------------
 1 file changed, 31 insertions(+), 31 deletions(-)

diff --git a/src/key.c b/src/key.c
index 93c7e1e1..2278e4cd 100644
--- a/src/key.c
+++ b/src/key.c
@@ -72,38 +72,38 @@ int ck_encode_public_key(const ck_key_t *key, uint8_t *buf, bool include_length)
 int ck_parse_piv_policies(ck_key_t *key, const uint8_t *buf, size_t buf_len) {
   const uint8_t *end = buf + buf_len;
 
-  if (buf < end) {
-    DBG_MSG("May have pin policy\n");
-    if (buf < end && *buf++ != 0xAA) {
-      DBG_MSG("Wrong tag for pin policy\n");
-      return KEY_ERR_DATA;
-    }
-    if (buf < end && *buf++ != 0x01) {
-      DBG_MSG("Wrong length for pin policy\n");
-      return KEY_ERR_LENGTH;
-    }
-    if (buf < end && (*buf > PIN_POLICY_ALWAYS || *buf < PIN_POLICY_NEVER)) {
-      DBG_MSG("Wrong data for pin policy\n");
-      return KEY_ERR_DATA;
-    }
-    key->meta.pin_policy = *buf++;
-  }
-
-  if (buf < end) {
-    DBG_MSG("May have touch policy\n");
-    if (buf < end && *buf++ != 0xAB) {
-      DBG_MSG("Wrong tag for touch policy\n");
-      return KEY_ERR_DATA;
-    }
-    if (buf < end && *buf++ != 0x01) {
-      DBG_MSG("Wrong length for touch policy\n");
-      return KEY_ERR_LENGTH;
-    }
-    if (buf < end && (*buf > TOUCH_POLICY_CACHED || *buf < TOUCH_POLICY_NEVER)) {
-      DBG_MSG("Wrong data for touch policy\n");
-      return KEY_ERR_DATA;
+  while (buf < end) {
+    switch (*buf++) {
+    case 0xAA:
+      DBG_MSG("May have pin policy\n");
+      if (buf < end && *buf++ != 0x01) {
+        DBG_MSG("Wrong length for pin policy\n");
+        return KEY_ERR_LENGTH;
+      }
+      if (buf < end && (*buf > PIN_POLICY_ALWAYS || *buf < PIN_POLICY_NEVER)) {
+        DBG_MSG("Wrong data for pin policy\n");
+        return KEY_ERR_DATA;
+      }
+      key->meta.pin_policy = *buf++;
+      break;
+
+    case 0xAB:
+      DBG_MSG("May have touch policy\n");
+      if (buf < end && *buf++ != 0x01) {
+        DBG_MSG("Wrong length for touch policy\n");
+        return KEY_ERR_LENGTH;
+      }
+      if (buf < end && (*buf > TOUCH_POLICY_CACHED || *buf < TOUCH_POLICY_NEVER)) {
+        DBG_MSG("Wrong data for touch policy\n");
+        return KEY_ERR_DATA;
+      }
+      key->meta.touch_policy = *buf++;
+      break;
+    
+    default:
+      buf = end;
+      break;
     }
-    key->meta.touch_policy = *buf++;
   }
 
   return 0;