Fix issues found by ckman test cases (#125)

- Fix ed25519 signing in PIV
- Fix length encoding of Algorithm Info DO in OpenPGP
- Test with ckman on CI

Author: z4yx

.github/workflows/tests.yml

@@ -82,6 +82,13 @@ jobs:
         repository: canokeys/piv-go
         path: piv-go
 
+    - name: Prepare - Checkout ckman
+      uses: actions/checkout@v4
+      with:
+        repository: canokeys/yubikey-manager
+        ref: canokey-next
+        path: yubikey-manager
+
     - name: Cache - GO Modules
       uses: actions/cache@v4
       env:
@@ -390,6 +397,14 @@ jobs:
         gpgconf --kill gpg-agent
         go test -v test-via-pcsc/openpgp_test.go -run TestOpenPGPCerts
 
+    - name: Tests - Interoperate with ckman openpgp
+      run: |
+        cd yubikey-manager
+        pipx install poetry
+        poetry install
+        poetry run pytest --reader 'Canokey ' --no-serial --use-version 5.7.0 -s ./tests/device/test_openpgp.py -v
+        poetry run pytest --reader 'Canokey ' --no-serial --use-version 5.7.0 -s ./tests/device/test_piv.py -v
+
     - name: Tests - PIV applet
       run: |
         set -o xtrace
@@ -547,6 +562,7 @@ jobs:
         diff -s /tmp/rand-pi   /tmp/read-pi
         diff -s /tmp/rand-face /tmp/read-face
         diff -s /tmp/rand-fig  /tmp/read-fig
+        yubico-piv-tool -r "$RDID" -a change-pin -N 123456 -P 654321
 
     - name: Wrap-up - Prepare test coverage report
       run: |

.gitignore

@@ -1,4 +1,4 @@
 cmake-build-*
-build/
+build*/
 lfs-root
 virt-card/git-rev.h

applets/openpgp/openpgp.c

@@ -589,8 +589,9 @@ static int openpgp_get_data(const CAPDU *capdu, RAPDU *rapdu) {
 
   case TAG_ALGORITHM_INFORMATION:
     RDATA[0] = TAG_ALGORITHM_INFORMATION;
-    RDATA[1] = add_all_algorithm_info(RDATA + 2);
-    LL = RDATA[1] + 2;
+    RDATA[1] = 0x81;
+    RDATA[2] = add_all_algorithm_info(RDATA + 3);
+    LL = RDATA[2] + 3;
     break;
 
   case TAG_UIF_CACHE_TIME:

applets/piv/piv.c

@@ -632,14 +632,16 @@ static int piv_general_authenticate(const CAPDU *capdu, RAPDU *rapdu) {
 
       memzero(&key, sizeof(key));
     } else if (IS_ECC(key.meta.type)) {
+      size_t input_len = len[IDX_CHALLENGE];
       if (IS_SHORT_WEIERSTRASS(key.meta.type)) {
         // prepend zeros
         memmove(DATA + pos[IDX_CHALLENGE] + (PRIVATE_KEY_LENGTH[key.meta.type] - len[IDX_CHALLENGE]),
                 DATA + pos[IDX_CHALLENGE],
                 len[IDX_CHALLENGE]);
         memzero(DATA + pos[IDX_CHALLENGE], PRIVATE_KEY_LENGTH[key.meta.type] - len[IDX_CHALLENGE]);
+        input_len = PRIVATE_KEY_LENGTH[key.meta.type];
       }
-      int sig_len = ck_sign(&key, DATA + pos[IDX_CHALLENGE], PRIVATE_KEY_LENGTH[key.meta.type], RDATA + 4);
+      int sig_len = ck_sign(&key, DATA + pos[IDX_CHALLENGE], input_len, RDATA + 4);
       if (sig_len < 0) {
         ERR_MSG("Sign failed\n");
         return -1;