From bfaff6b9bf5db2b4b61660601b53b418c0770237 Mon Sep 17 00:00:00 2001
From: Heiko Schaefer <heiko@schaefer.name>
Date: Mon, 31 Oct 2022 18:02:38 +0100
Subject: [PATCH] opgpcard: handle "key status" information for attestation
 key.

---
 tools/src/bin/opgpcard/commands/status.rs | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/tools/src/bin/opgpcard/commands/status.rs b/tools/src/bin/opgpcard/commands/status.rs
index e3f715d..5d1f2e1 100644
--- a/tools/src/bin/opgpcard/commands/status.rs
+++ b/tools/src/bin/opgpcard/commands/status.rs
@@ -176,10 +176,14 @@ pub fn print_status(
     //     attestation_key.public_key_material(pkm.to_string());
     // }
 
-    // TODO: clarify how to reliably map `card.key_information()` output into this field (see below)
-    // if let Some(ks) = ki.as_ref().map(|ki| ki.aut_status()) {
-    //     attestation_key.status(format!("{}", ks));
-    // }
+    // "Key-Ref = 0x81 is reserved for the Attestation key of Yubico"
+    // (see OpenPGP card spec 3.4.1 pg.43)
+    if let Some(ki) = ki.as_ref() {
+        if let Some(n) = (0..ki.num_additional()).find(|&n| ki.additional_ref(n) == 0x81) {
+            let ks = ki.additional_status(n);
+            attestation_key.status(format!("{}", ks));
+        }
+    };
 
     output.attestation_key(attestation_key);
 
@@ -193,7 +197,10 @@ pub fn print_status(
     if let Some(ki) = ki {
         let num = ki.num_additional();
         for i in 0..num {
-            output.key_status(ki.additional_ref(i), ki.additional_status(i).to_string());
+            // 0x81 is the Yubico attestation key, it has already been used above -> skip here
+            if ki.additional_ref(i) != 0x81 {
+                output.key_status(ki.additional_ref(i), ki.additional_status(i).to_string());
+            }
         }
     }