From 3837f01be0ba92dcf02ca964cf630469d9be1493 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Dec 2024 10:08:16 -0800
Subject: [PATCH] chore(deps): bump github.com/go-piv/piv-go from 1.11.0 to
 2.0.0+incompatible (#3849)

* chore(deps): bump github.com/go-piv/piv-go

Bumps [github.com/go-piv/piv-go](https://github.com/go-piv/piv-go) from 1.11.0 to 2.0.0+incompatible.
- [Release notes](https://github.com/go-piv/piv-go/releases)
- [Commits](https://github.com/go-piv/piv-go/compare/v1.11.0...v2.0.0)

---
updated-dependencies:
- dependency-name: github.com/go-piv/piv-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* go get v2

Signed-off-by: Bob Callaway <bcallaway@google.com>

* move to v2 api

Signed-off-by: Bob Callaway <bcallaway@google.com>

* fix byte slice

Signed-off-by: Bob Callaway <bcallaway@google.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bob Callaway <bcallaway@google.com>
---
 cmd/cosign/cli/pivcli/commands.go | 12 ++++++------
 go.mod                            |  2 +-
 go.sum                            |  4 ++--
 pkg/cosign/pivkey/pivkey.go       |  6 +++---
 pkg/cosign/pivkey/util.go         |  2 +-
 5 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/cmd/cosign/cli/pivcli/commands.go b/cmd/cosign/cli/pivcli/commands.go
index 5ff13fdac5a..2f532eaaf79 100644
--- a/cmd/cosign/cli/pivcli/commands.go
+++ b/cmd/cosign/cli/pivcli/commands.go
@@ -29,7 +29,7 @@ import (
 	"os"
 	"strings"
 
-	"github.com/go-piv/piv-go/piv"
+	"github.com/go-piv/piv-go/v2/piv"
 	"github.com/manifoldco/promptui"
 
 	"github.com/sigstore/cosign/v2/pkg/cosign/pivkey"
@@ -46,7 +46,7 @@ func SetManagementKeyCmd(_ context.Context, oldKey, newKey string, randomKey boo
 	if err != nil {
 		return err
 	}
-	var newBytes *[24]byte
+	var newBytes *[]byte
 	if randomKey {
 		if !Confirm("Resetting management key to random value. You must factory reset the device to change this value") {
 			return nil
@@ -286,14 +286,14 @@ func ResetKeyCmd(ctx context.Context) error {
 	return yk.Reset()
 }
 
-func keyBytes(s string) (*[24]byte, error) {
+func keyBytes(s string) (*[]byte, error) {
 	if s == "" {
 		return &piv.DefaultManagementKey, nil
 	}
 	if len(s) > 24 {
 		return nil, errors.New("key too long, must be <24 characters")
 	}
-	ret := [24]byte{}
+	ret := []byte{}
 	copy(ret[:], s)
 	return &ret, nil
 }
@@ -312,8 +312,8 @@ var Confirm = func(p string) bool {
 	return strings.ToLower(result) == "y"
 }
 
-func randomManagementKey() (*[24]byte, error) {
-	var newKeyBytes [24]byte
+func randomManagementKey() (*[]byte, error) {
+	var newKeyBytes []byte
 	n, err := io.ReadFull(rand.Reader, newKeyBytes[:])
 	if err != nil {
 		return nil, err
diff --git a/go.mod b/go.mod
index fe8c5eed615..f79f7cd3ba8 100644
--- a/go.mod
+++ b/go.mod
@@ -16,7 +16,7 @@ require (
 	github.com/go-openapi/runtime v0.28.0
 	github.com/go-openapi/strfmt v0.23.0
 	github.com/go-openapi/swag v0.23.0
-	github.com/go-piv/piv-go v1.11.0
+	github.com/go-piv/piv-go/v2 v2.2.0
 	github.com/google/certificate-transparency-go v1.2.1
 	github.com/google/go-cmp v0.6.0
 	github.com/google/go-containerregistry v0.20.2
diff --git a/go.sum b/go.sum
index 2d3f2174a4b..201051dcd49 100644
--- a/go.sum
+++ b/go.sum
@@ -310,8 +310,8 @@ github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+Gr
 github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
 github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58=
 github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ=
-github.com/go-piv/piv-go v1.11.0 h1:5vAaCdRTFSIW4PeqMbnsDlUZ7odMYWnHBDGdmtU/Zhg=
-github.com/go-piv/piv-go v1.11.0/go.mod h1:NZ2zmjVkfFaL/CF8cVQ/pXdXtuj110zEKGdJM6fJZZM=
+github.com/go-piv/piv-go/v2 v2.2.0 h1:kOcyd7+JiKLF1BtGUO6vg7XlDJLhchinoMuksOpWBEI=
+github.com/go-piv/piv-go/v2 v2.2.0/go.mod h1:ShZi74nnrWNQEdWzRUd/3cSig3uNOcEZp+EWl0oewnI=
 github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI=
 github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow=
 github.com/go-rod/rod v0.116.2 h1:A5t2Ky2A+5eD/ZJQr1EfsQSe5rms5Xof/qj296e+ZqA=
diff --git a/pkg/cosign/pivkey/pivkey.go b/pkg/cosign/pivkey/pivkey.go
index d179e301a6e..d5d35343f04 100644
--- a/pkg/cosign/pivkey/pivkey.go
+++ b/pkg/cosign/pivkey/pivkey.go
@@ -31,7 +31,7 @@ import (
 	"os"
 	"syscall"
 
-	"github.com/go-piv/piv-go/piv"
+	"github.com/go-piv/piv-go/v2/piv"
 	"golang.org/x/term"
 
 	"github.com/sigstore/sigstore/pkg/signature"
@@ -113,7 +113,7 @@ func (k *Key) GetAttestationCertificate() (*x509.Certificate, error) {
 	return k.card.AttestationCertificate()
 }
 
-func (k *Key) SetManagementKey(old, new [24]byte) error {
+func (k *Key) SetManagementKey(old, new []byte) error {
 	if k.card == nil {
 		return KeyNotInitialized
 	}
@@ -153,7 +153,7 @@ func (k *Key) Unblock(puk, newPIN string) error {
 	return k.card.Unblock(puk, newPIN)
 }
 
-func (k *Key) GenerateKey(mgmtKey [24]byte, slot piv.Slot, opts piv.Key) (crypto.PublicKey, error) {
+func (k *Key) GenerateKey(mgmtKey []byte, slot piv.Slot, opts piv.Key) (crypto.PublicKey, error) {
 	if k.card == nil {
 		return nil, KeyNotInitialized
 	}
diff --git a/pkg/cosign/pivkey/util.go b/pkg/cosign/pivkey/util.go
index a323716e6b4..cb5c4b0a079 100644
--- a/pkg/cosign/pivkey/util.go
+++ b/pkg/cosign/pivkey/util.go
@@ -18,7 +18,7 @@
 package pivkey
 
 import (
-	"github.com/go-piv/piv-go/piv"
+	"github.com/go-piv/piv-go/v2/piv"
 )
 
 func SlotForName(slotName string) *piv.Slot {