From e2bbe927af85192f9b31ac24af7d529f1c5c8c09 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Mon, 25 Mar 2024 12:43:16 +0100
Subject: [PATCH] Only mark MGM if challenge is the same. Otherwise, send OK
 silently.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/openpgp/piv.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/openpgp/piv.c b/src/openpgp/piv.c
index ead8654..0d194c6 100644
--- a/src/openpgp/piv.c
+++ b/src/openpgp/piv.c
@@ -564,16 +564,15 @@ static int cmd_authenticate() {
             if (!has_challenge) {
                 return SW_COMMAND_NOT_ALLOWED();
             }
-            if (sizeof(challenge) != a80.len || memcmp(a80.data, challenge, a80.len) != 0) {
-                return SW_DATA_INVALID();
-            }
             if (!asn1_len(&a81)) {
                 return SW_INCORRECT_PARAMS();
             }
             if (key_ref != EF_PIV_KEY_CARDMGM) {
                 return SW_INCORRECT_P1P2();
             }
-            has_mgm = true;
+            if (sizeof(challenge) == a80.len && memcmp(a80.data, challenge, a80.len) == 0) {
+                has_mgm = true;
+            }
         }
     }
     if (a81.data) {