canokeys · z4yx · Dec 12, 2024 · Dec 12, 2024 · Dec 13, 2024 · Dec 13, 2024
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -30,15 +30,16 @@ jobs:
       run: |
         sudo sed -i 's/^# deb-src/deb-src/' /etc/apt/sources.list  
         sudo apt-get update
-        sudo apt-get install -q -y curl git gcc g++ cmake swig psmisc procps debian-keyring devscripts libpcsclite-dev check gengetopt help2man openssl zlib1g-dev
+        sudo apt-get install -q -y libeac-dev curl git gcc g++ cmake swig psmisc procps debian-keyring devscripts libpcsclite-dev check gengetopt help2man openssl zlib1g-dev
         sudo apt-get build-dep -q -y opensc
         sudo rm -f /usr/bin/clang-tidy
     - name: Build opensc package
       if: steps.check_opensc.outputs.files_exists == 'false'
       run: |
-        dget http://archive.ubuntu.com/ubuntu/pool/universe/o/opensc/opensc_0.23.0-0.1ubuntu1.dsc  
-        cd opensc-0.23.0
-        curl https://github.com/OpenSC/OpenSC/commit/a0aef25c7f2ce0ec2c7e1014f959f0fe86ff0479.diff | patch -p1
+        dget -u http://archive.ubuntu.com/ubuntu/pool/universe/o/opensc/opensc_0.25.0~rc1-1build2.dsc
+        ls -l
+        cd 'opensc-0.25.0~rc1'
+        #curl https://github.com/OpenSC/OpenSC/commit/a0aef25c7f2ce0ec2c7e1014f959f0fe86ff0479.diff | patch -p1
         dch --local ppa~jammy --distribution jammy "Apply a patch. Backports to Jammy."
         DEB_BUILD_OPTIONS='parallel=2' debuild --no-sign -b
     - name: Build yubico-piv-tool package
@@ -80,7 +81,7 @@ jobs:
       run: |
         sudo apt-add-repository ppa:yubico/stable
         sudo apt-get update
-        sudo apt-get install -q -y git gcc g++ cmake swig psmisc procps pcscd pcsc-tools libhidapi-dev libassuan-dev libgcrypt20-dev libksba-dev libnpth0-dev libssl3 zlib1g libglib2.0-0 openssl openssh-server libpcsclite-dev libudev-dev libcmocka-dev python3-pip python3-setuptools python3-wheel lcov yubikey-manager libcbor-dev
+        sudo apt-get install -q -y libeac3 git gcc g++ cmake swig psmisc procps pcscd pcsc-tools libhidapi-dev libassuan-dev libgcrypt20-dev libksba-dev libnpth0-dev libssl3 zlib1g libglib2.0-0 openssl openssh-server libpcsclite-dev libudev-dev libcmocka-dev python3-pip python3-setuptools python3-wheel lcov yubikey-manager libcbor-dev
         sudo dpkg -i opensc*.deb yubico-piv-tool*.deb
         pip3 install --upgrade pip
 
@@ -198,16 +199,6 @@ jobs:
         echo 0 | ./u2f-ref-code/u2f-tests/NFC/u2f_nfc_test -v | tee /tmp/u2f_nfc_test.log
         test $(grep -c 'PASS(signCheckSignature(regReq, regRsp, authReq, authRsp, rapduLen))' /tmp/u2f_nfc_test.log) -eq 6
 
-    - name: Test the ckman Utility
-      run: |
-        pip3 install canokey-manager
-        ckman --log-level DEBUG info
-        ckman oath accounts add steam1 HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ -i Steam
-        ckman oath accounts code
-        ckman openpgp info
-        ckman piv info
-        #ckman fido credentials list --pin 123456
-
     - name: Test the OATH
       run: go test -v test-via-pcsc/oath_test.go
 

diff --git a/applets/ctap/ctap.c b/applets/ctap/ctap.c
@@ -2159,11 +2159,8 @@ static uint8_t ctap_large_blobs(CborEncoder *encoder, const uint8_t *params, siz
   return 0;
 }
 
-int ctap_process_cbor(uint8_t *req, size_t req_len, uint8_t *resp, size_t *resp_len) {
+static int ctap_process_cbor(uint8_t *req, size_t req_len, uint8_t *resp, size_t *resp_len) {
   if (req_len-- == 0) return -1;
-  if (current_cmd_src != CTAP_SRC_NONE) return -1;
-  // Must set current_cmd_src to CTAP_SRC_NONE before return
-  current_cmd_src = CTAP_SRC_HID;
 
   cp_pin_uv_auth_token_usage_timer_observer();
 
@@ -2233,16 +2230,25 @@ int ctap_process_cbor(uint8_t *req, size_t req_len, uint8_t *resp, size_t *resp_
   if (*resp != 0) { // do not allow GET_NEXT_ASSERTION if error occurs
     last_cmd = CTAP_INVALID_CMD;
   }
-  current_cmd_src = CTAP_SRC_NONE;
   return 0;
 }
 
+int ctap_process_cbor_with_src(uint8_t *req, size_t req_len, uint8_t *resp, size_t *resp_len, ctap_src_t src) {
+
+  if (current_cmd_src != CTAP_SRC_NONE) return -1;
+  // Must set current_cmd_src to CTAP_SRC_NONE before return
+  current_cmd_src = src;
+  int ret = ctap_process_cbor(req, req_len, resp, resp_len);
+  current_cmd_src = CTAP_SRC_NONE;
+  return ret;
+}
+
 int ctap_process_apdu_with_src(const CAPDU *capdu, RAPDU *rapdu, ctap_src_t src) {
   int ret = 0;
+  LL = 0;
   if (current_cmd_src != CTAP_SRC_NONE) EXCEPT(SW_UNABLE_TO_PROCESS);
   // Must set current_cmd_src to CTAP_SRC_NONE before return
   current_cmd_src = src;
-  LL = 0;
   SW = SW_NO_ERROR;
   if (CLA == 0x80) {
     if (INS == CTAP_INS_MSG) {

diff --git a/include/ctap.h b/include/ctap.h
@@ -16,7 +16,7 @@ int ctap_install_private_key(const CAPDU *capdu, RAPDU *rapdu);
 int ctap_install_cert(const CAPDU *capdu, RAPDU *rapdu);
 int ctap_read_sm2_config(const CAPDU *capdu, RAPDU *rapdu);
 int ctap_write_sm2_config(const CAPDU *capdu, RAPDU *rapdu);
-int ctap_process_cbor(uint8_t *req, size_t req_len, uint8_t *resp, size_t *resp_len);
+int ctap_process_cbor_with_src(uint8_t *req, size_t req_len, uint8_t *resp, size_t *resp_len, ctap_src_t src);
 int ctap_process_apdu_with_src(const CAPDU *capdu, RAPDU *rapdu, ctap_src_t src);
 static int ctap_process_apdu(const CAPDU *capdu, RAPDU *rapdu) {
     return ctap_process_apdu_with_src(capdu, rapdu, CTAP_SRC_CCID);

diff --git a/interfaces/USB/class/ctaphid/ctaphid.c b/interfaces/USB/class/ctaphid/ctaphid.c
@@ -115,7 +115,7 @@ static void CTAPHID_Execute_Cbor(void) {
   DBG_MSG("C: ");
   PRINT_HEX(channel.data, channel.bcnt_total);
   size_t len = sizeof(channel.data);
-  ctap_process_cbor(channel.data, channel.bcnt_total, channel.data, &len);
+  ctap_process_cbor_with_src(channel.data, channel.bcnt_total, channel.data, &len, CTAP_SRC_HID);
   DBG_MSG("R: ");
   PRINT_HEX(channel.data, len);
   CTAPHID_SendResponse(channel.cid, CTAPHID_CBOR, channel.data, len);