Skip to content

Don't look at decryption algorithm in yubikey specific code #697

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

Don't look at decryption algorithm in yubikey specific code #697

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8464a16
Fix typo in yubikey deciphering error message
jcgruenhage Jun 27, 2025
982a052
Don't look at decryption algorithm in yubikey specific code
jcgruenhage Jun 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion pass/Services/PasswordDecryptor.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ class PasswordYubiKeyDecryptor {
throw AppError.yubiKey(.connection(message: "Failed to verify PIN"))
}
guard let deciphered = try? await smartCard.decipher(ciphertext: encryptedData) else {
throw AppError.yubiKey(.connection(message: "Failed to dicipher data"))
throw AppError.yubiKey(.connection(message: "Failed to decipher data"))
}
let decryptedData = try decryptData(deciphered: deciphered, ciphertext: encryptedData)
if (connection as? YKFNFCConnection) != nil {
Expand Down
17 changes: 1 addition & 16 deletions passKit/Extensions/YKFSmartCardInterfaceExtension.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,8 @@ import CryptoTokenKit
import Gopenpgp
import YubiKit

public enum Algorithm {
case rsa
case others
}

public struct ApplicationRelatedData {
public let isCommandChaining: Bool
public let decryptionAlgorithm: Algorithm
}

public extension YKFSmartCardInterface {
Expand All @@ -32,7 +26,6 @@ public extension YKFSmartCardInterface {
func getApplicationRelatedData() async throws -> ApplicationRelatedData {
let data = try await executeCommand(YubiKeyAPDU.getApplicationRelatedData())
var isCommandChaining = false
var algorithm = Algorithm.others
let tlv = TKBERTLVRecord.sequenceOfRecords(from: data)!
for record in TKBERTLVRecord.sequenceOfRecords(from: tlv.first!.value)! {
if record.tag == 0x5F52 { // 0x5f52: Historical Bytes
Expand All @@ -47,21 +40,13 @@ public extension YKFSmartCardInterface {
for record2 in TKCompactTLVRecord.sequenceOfRecords(from: dos)! where record2.tag == 7 && record2.value.count == 3 {
isCommandChaining = (record2.value[2] & 0x80) != 0
}
} else if record.tag == 0x73 { // 0x73: Discretionary data objects
// 0xC2: Algorithm attributes decryption, 0x01: RSA
for record2 in TKBERTLVRecord.sequenceOfRecords(from: record.value)! where record2.tag == 0xC2 && record2.value.first! == 0x01 {
algorithm = .rsa
}
}
}
return ApplicationRelatedData(isCommandChaining: isCommandChaining, decryptionAlgorithm: algorithm)
return ApplicationRelatedData(isCommandChaining: isCommandChaining)
}

func decipher(ciphertext: Data) async throws -> Data {
let applicationRelatedData = try await getApplicationRelatedData()
guard applicationRelatedData.decryptionAlgorithm == .rsa else {
throw AppError.yubiKey(.decipher(message: "Encryption key algorithm is not supported. Supported algorithm: RSA."))
}

var error: NSError?
let message = createPGPMessage(from: ciphertext)
Expand Down