From 8464a16c69316f7d6e1026b5b23cb037504b98aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Christian=20Gr=C3=BCnhage?= Date: Fri, 27 Jun 2025 11:23:49 +0200 Subject: [PATCH 1/2] Fix typo in yubikey deciphering error message --- pass/Services/PasswordDecryptor.swift | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pass/Services/PasswordDecryptor.swift b/pass/Services/PasswordDecryptor.swift index 49e7845d..5bb672c2 100644 --- a/pass/Services/PasswordDecryptor.swift +++ b/pass/Services/PasswordDecryptor.swift @@ -88,7 +88,7 @@ class PasswordYubiKeyDecryptor { throw AppError.yubiKey(.connection(message: "Failed to verify PIN")) } guard let deciphered = try? await smartCard.decipher(ciphertext: encryptedData) else { - throw AppError.yubiKey(.connection(message: "Failed to dicipher data")) + throw AppError.yubiKey(.connection(message: "Failed to decipher data")) } let decryptedData = try decryptData(deciphered: deciphered, ciphertext: encryptedData) if (connection as? YKFNFCConnection) != nil { From 982a05279f2a5585522d38061bceab82585adc6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Christian=20Gr=C3=BCnhage?= Date: Fri, 27 Jun 2025 11:25:54 +0200 Subject: [PATCH 2/2] Don't look at decryption algorithm in yubikey specific code --- .../YKFSmartCardInterfaceExtension.swift | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) diff --git a/passKit/Extensions/YKFSmartCardInterfaceExtension.swift b/passKit/Extensions/YKFSmartCardInterfaceExtension.swift index 7ba754b9..0ea680f4 100644 --- a/passKit/Extensions/YKFSmartCardInterfaceExtension.swift +++ b/passKit/Extensions/YKFSmartCardInterfaceExtension.swift @@ -10,14 +10,8 @@ import CryptoTokenKit import Gopenpgp import YubiKit -public enum Algorithm { - case rsa - case others -} - public struct ApplicationRelatedData { public let isCommandChaining: Bool - public let decryptionAlgorithm: Algorithm } public extension YKFSmartCardInterface { @@ -32,7 +26,6 @@ public extension YKFSmartCardInterface { func getApplicationRelatedData() async throws -> ApplicationRelatedData { let data = try await executeCommand(YubiKeyAPDU.getApplicationRelatedData()) var isCommandChaining = false - var algorithm = Algorithm.others let tlv = TKBERTLVRecord.sequenceOfRecords(from: data)! for record in TKBERTLVRecord.sequenceOfRecords(from: tlv.first!.value)! { if record.tag == 0x5F52 { // 0x5f52: Historical Bytes @@ -47,21 +40,13 @@ public extension YKFSmartCardInterface { for record2 in TKCompactTLVRecord.sequenceOfRecords(from: dos)! where record2.tag == 7 && record2.value.count == 3 { isCommandChaining = (record2.value[2] & 0x80) != 0 } - } else if record.tag == 0x73 { // 0x73: Discretionary data objects - // 0xC2: Algorithm attributes decryption, 0x01: RSA - for record2 in TKBERTLVRecord.sequenceOfRecords(from: record.value)! where record2.tag == 0xC2 && record2.value.first! == 0x01 { - algorithm = .rsa - } } } - return ApplicationRelatedData(isCommandChaining: isCommandChaining, decryptionAlgorithm: algorithm) + return ApplicationRelatedData(isCommandChaining: isCommandChaining) } func decipher(ciphertext: Data) async throws -> Data { let applicationRelatedData = try await getApplicationRelatedData() - guard applicationRelatedData.decryptionAlgorithm == .rsa else { - throw AppError.yubiKey(.decipher(message: "Encryption key algorithm is not supported. Supported algorithm: RSA.")) - } var error: NSError? let message = createPGPMessage(from: ciphertext)