From 31ac28c7dec54d8bdff92a51ae8c0457461f06f7 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Tue, 8 Jul 2025 13:51:24 +0200
Subject: [PATCH] Fix touch policy on mgmt key change.

Fixes #38.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/openpgp/piv.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/openpgp/piv.c b/src/openpgp/piv.c
index e2568bf..1f1a95a 100644
--- a/src/openpgp/piv.c
+++ b/src/openpgp/piv.c
@@ -983,12 +983,13 @@ static int cmd_set_mgmkey() {
     }
     uint8_t touch = P2(apdu);
     if (touch != 0xFF && touch != 0xFE) {
-        if (touch == 0xFF) {
-            touch = TOUCHPOLICY_NEVER;
-        }
-        else if (touch == 0xFE) {
-            touch = TOUCHPOLICY_ALWAYS;
-        }
+        return SW_INCORRECT_P1P2();
+    }
+    if (touch == 0xFF) {
+        touch = TOUCHPOLICY_NEVER;
+    }
+    else if (touch == 0xFE) {
+        touch = TOUCHPOLICY_ALWAYS;
     }
     uint8_t algo = apdu.data[0], key_ref = apdu.data[1], pinlen = apdu.data[2];
     if ((key_ref != EF_PIV_KEY_CARDMGM) || (!(algo == PIV_ALGO_AES128 && pinlen == 16) && !(algo == PIV_ALGO_AES192 && pinlen == 24) && !(algo == PIV_ALGO_AES256 && pinlen == 32) && !(algo == PIV_ALGO_3DES && pinlen == 24))) {