From 74aef8d2ccc936fe9151864670226c74ca5a53c1 Mon Sep 17 00:00:00 2001
From: z4yx <z4yx@users.noreply.github.com>
Date: Thu, 12 Dec 2024 23:24:32 +0800
Subject: [PATCH 1/6] fix state of current_cmd_src

---
 applets/ctap/ctap.c                    | 16 +++++++++++-----
 include/ctap.h                         |  2 +-
 interfaces/USB/class/ctaphid/ctaphid.c |  2 +-
 3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/applets/ctap/ctap.c b/applets/ctap/ctap.c
index 7d1c3961..e7b4f66d 100644
--- a/applets/ctap/ctap.c
+++ b/applets/ctap/ctap.c
@@ -2159,11 +2159,8 @@ static uint8_t ctap_large_blobs(CborEncoder *encoder, const uint8_t *params, siz
   return 0;
 }
 
-int ctap_process_cbor(uint8_t *req, size_t req_len, uint8_t *resp, size_t *resp_len) {
+static int ctap_process_cbor(uint8_t *req, size_t req_len, uint8_t *resp, size_t *resp_len) {
   if (req_len-- == 0) return -1;
-  if (current_cmd_src != CTAP_SRC_NONE) return -1;
-  // Must set current_cmd_src to CTAP_SRC_NONE before return
-  current_cmd_src = CTAP_SRC_HID;
 
   cp_pin_uv_auth_token_usage_timer_observer();
 
@@ -2233,10 +2230,19 @@ int ctap_process_cbor(uint8_t *req, size_t req_len, uint8_t *resp, size_t *resp_
   if (*resp != 0) { // do not allow GET_NEXT_ASSERTION if error occurs
     last_cmd = CTAP_INVALID_CMD;
   }
-  current_cmd_src = CTAP_SRC_NONE;
   return 0;
 }
 
+int ctap_process_cbor_with_src(uint8_t *req, size_t req_len, uint8_t *resp, size_t *resp_len, ctap_src_t src) {
+  
+  if (current_cmd_src != CTAP_SRC_NONE) return -1;
+  // Must set current_cmd_src to CTAP_SRC_NONE before return
+  current_cmd_src = src;
+  int ret = ctap_process_cbor(req, req_len, resp, resp_len);
+  current_cmd_src = CTAP_SRC_NONE;
+  return ret;
+}
+
 int ctap_process_apdu_with_src(const CAPDU *capdu, RAPDU *rapdu, ctap_src_t src) {
   int ret = 0;
   if (current_cmd_src != CTAP_SRC_NONE) EXCEPT(SW_UNABLE_TO_PROCESS);
diff --git a/include/ctap.h b/include/ctap.h
index 71d3ed8a..43a9f251 100644
--- a/include/ctap.h
+++ b/include/ctap.h
@@ -16,7 +16,7 @@ int ctap_install_private_key(const CAPDU *capdu, RAPDU *rapdu);
 int ctap_install_cert(const CAPDU *capdu, RAPDU *rapdu);
 int ctap_read_sm2_config(const CAPDU *capdu, RAPDU *rapdu);
 int ctap_write_sm2_config(const CAPDU *capdu, RAPDU *rapdu);
-int ctap_process_cbor(uint8_t *req, size_t req_len, uint8_t *resp, size_t *resp_len);
+int ctap_process_cbor_with_src(uint8_t *req, size_t req_len, uint8_t *resp, size_t *resp_len, ctap_src_t src);
 int ctap_process_apdu_with_src(const CAPDU *capdu, RAPDU *rapdu, ctap_src_t src);
 static int ctap_process_apdu(const CAPDU *capdu, RAPDU *rapdu) {
     return ctap_process_apdu_with_src(capdu, rapdu, CTAP_SRC_CCID);
diff --git a/interfaces/USB/class/ctaphid/ctaphid.c b/interfaces/USB/class/ctaphid/ctaphid.c
index bb0f8507..71a2a2aa 100644
--- a/interfaces/USB/class/ctaphid/ctaphid.c
+++ b/interfaces/USB/class/ctaphid/ctaphid.c
@@ -115,7 +115,7 @@ static void CTAPHID_Execute_Cbor(void) {
   DBG_MSG("C: ");
   PRINT_HEX(channel.data, channel.bcnt_total);
   size_t len = sizeof(channel.data);
-  ctap_process_cbor(channel.data, channel.bcnt_total, channel.data, &len);
+  ctap_process_cbor_with_src(channel.data, channel.bcnt_total, channel.data, &len, CTAP_SRC_HID);
   DBG_MSG("R: ");
   PRINT_HEX(channel.data, len);
   CTAPHID_SendResponse(channel.cid, CTAPHID_CBOR, channel.data, len);

From 113565e4b81a48b6980c7d96408d6c6f43100e3c Mon Sep 17 00:00:00 2001
From: z4yx <z4yx@users.noreply.github.com>
Date: Fri, 13 Dec 2024 00:25:07 +0800
Subject: [PATCH 2/6] set LL before EXCEPT

---
 applets/ctap/ctap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/applets/ctap/ctap.c b/applets/ctap/ctap.c
index e7b4f66d..1d474178 100644
--- a/applets/ctap/ctap.c
+++ b/applets/ctap/ctap.c
@@ -2245,10 +2245,10 @@ int ctap_process_cbor_with_src(uint8_t *req, size_t req_len, uint8_t *resp, size
 
 int ctap_process_apdu_with_src(const CAPDU *capdu, RAPDU *rapdu, ctap_src_t src) {
   int ret = 0;
+  LL = 0;
   if (current_cmd_src != CTAP_SRC_NONE) EXCEPT(SW_UNABLE_TO_PROCESS);
   // Must set current_cmd_src to CTAP_SRC_NONE before return
   current_cmd_src = src;
-  LL = 0;
   SW = SW_NO_ERROR;
   if (CLA == 0x80) {
     if (INS == CTAP_INS_MSG) {

From beb1bbd5d6ff79d5fcdb14690f0412eba8964616 Mon Sep 17 00:00:00 2001
From: z4yx <z4yx@users.noreply.github.com>
Date: Fri, 13 Dec 2024 19:31:51 +0800
Subject: [PATCH 3/6] update to opensc-0.25.0

---
 .github/workflows/tests.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 221b2337..056706a8 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -30,15 +30,16 @@ jobs:
       run: |
         sudo sed -i 's/^# deb-src/deb-src/' /etc/apt/sources.list  
         sudo apt-get update
-        sudo apt-get install -q -y curl git gcc g++ cmake swig psmisc procps debian-keyring devscripts libpcsclite-dev check gengetopt help2man openssl zlib1g-dev
+        sudo apt-get install -q -y libeac-dev curl git gcc g++ cmake swig psmisc procps debian-keyring devscripts libpcsclite-dev check gengetopt help2man openssl zlib1g-dev
         sudo apt-get build-dep -q -y opensc
         sudo rm -f /usr/bin/clang-tidy
     - name: Build opensc package
       if: steps.check_opensc.outputs.files_exists == 'false'
       run: |
-        dget http://archive.ubuntu.com/ubuntu/pool/universe/o/opensc/opensc_0.23.0-0.1ubuntu1.dsc  
-        cd opensc-0.23.0
-        curl https://github.com/OpenSC/OpenSC/commit/a0aef25c7f2ce0ec2c7e1014f959f0fe86ff0479.diff | patch -p1
+        dget -u http://archive.ubuntu.com/ubuntu/pool/universe/o/opensc/opensc_0.25.0~rc1-1build2.dsc
+        ls -l
+        cd 'opensc-0.25.0~rc1'
+        #curl https://github.com/OpenSC/OpenSC/commit/a0aef25c7f2ce0ec2c7e1014f959f0fe86ff0479.diff | patch -p1
         dch --local ppa~jammy --distribution jammy "Apply a patch. Backports to Jammy."
         DEB_BUILD_OPTIONS='parallel=2' debuild --no-sign -b
     - name: Build yubico-piv-tool package

From fd3b4bd6d810bfa8bb1b9a31680b7a2c291601f1 Mon Sep 17 00:00:00 2001
From: Yuxiang Zhang <z4yx@users.noreply.github.com>
Date: Fri, 13 Dec 2024 20:01:10 +0800
Subject: [PATCH 4/6] Update tests.yml

---
 .github/workflows/tests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 056706a8..31b48d25 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -81,7 +81,7 @@ jobs:
       run: |
         sudo apt-add-repository ppa:yubico/stable
         sudo apt-get update
-        sudo apt-get install -q -y git gcc g++ cmake swig psmisc procps pcscd pcsc-tools libhidapi-dev libassuan-dev libgcrypt20-dev libksba-dev libnpth0-dev libssl3 zlib1g libglib2.0-0 openssl openssh-server libpcsclite-dev libudev-dev libcmocka-dev python3-pip python3-setuptools python3-wheel lcov yubikey-manager libcbor-dev
+        sudo apt-get install -q -y libeac3 git gcc g++ cmake swig psmisc procps pcscd pcsc-tools libhidapi-dev libassuan-dev libgcrypt20-dev libksba-dev libnpth0-dev libssl3 zlib1g libglib2.0-0 openssl openssh-server libpcsclite-dev libudev-dev libcmocka-dev python3-pip python3-setuptools python3-wheel lcov yubikey-manager libcbor-dev
         sudo dpkg -i opensc*.deb yubico-piv-tool*.deb
         pip3 install --upgrade pip
 

From 12a9d4f4918c15defcd4c8647ea6b65ff5b5a1c1 Mon Sep 17 00:00:00 2001
From: z4yx <z4yx@users.noreply.github.com>
Date: Fri, 13 Dec 2024 22:41:10 +0800
Subject: [PATCH 5/6] lock version of ckman

---
 .github/workflows/tests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 31b48d25..770dfedf 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -201,7 +201,7 @@ jobs:
 
     - name: Test the ckman Utility
       run: |
-        pip3 install canokey-manager
+        pip3 install canokey-manager==5.2.0rc3
         ckman --log-level DEBUG info
         ckman oath accounts add steam1 HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ -i Steam
         ckman oath accounts code

From 5dff24d60186c2ba4bc887bd3ba51b8d14bef50d Mon Sep 17 00:00:00 2001
From: z4yx <z4yx@users.noreply.github.com>
Date: Fri, 13 Dec 2024 23:17:10 +0800
Subject: [PATCH 6/6] skip ckman test

---
 .github/workflows/tests.yml | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 770dfedf..612eac2c 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -199,16 +199,6 @@ jobs:
         echo 0 | ./u2f-ref-code/u2f-tests/NFC/u2f_nfc_test -v | tee /tmp/u2f_nfc_test.log
         test $(grep -c 'PASS(signCheckSignature(regReq, regRsp, authReq, authRsp, rapduLen))' /tmp/u2f_nfc_test.log) -eq 6
 
-    - name: Test the ckman Utility
-      run: |
-        pip3 install canokey-manager==5.2.0rc3
-        ckman --log-level DEBUG info
-        ckman oath accounts add steam1 HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ -i Steam
-        ckman oath accounts code
-        ckman openpgp info
-        ckman piv info
-        #ckman fido credentials list --pin 123456
-
     - name: Test the OATH
       run: go test -v test-via-pcsc/oath_test.go