From 98b4f70caf77e6923bb2307f118844ce290d1f38 Mon Sep 17 00:00:00 2001
From: Fan DANG <i@dang.fan>
Date: Sat, 21 Dec 2024 08:11:59 +0800
Subject: [PATCH] add more restrict to tags in piv import

---
 src/key.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/key.c b/src/key.c
index 539e857e..69ceb788 100644
--- a/src/key.c
+++ b/src/key.c
@@ -126,7 +126,7 @@ int ck_parse_piv(ck_key_t *key, const uint8_t *buf, size_t buf_len) {
       DBG_MSG("too short\n");
       return KEY_ERR_LENGTH;
     }
-    if (*p < 0x06 || *p > 0x08) {
+    if (*p != 0x06 && !(key->meta.type == ED25519 && *p == 0x07) && !(key->meta.type == X25519 && *p == 0x08)) {
       DBG_MSG("invalid tag\n");
       return KEY_ERR_DATA;
     }