Skip to content

feat: Always append APDU Le fields#503

Merged
DennisDyallo merged 2 commits into
yubikit-composite-device-newfrom
yubikit-apdu-always-append-le
Jul 1, 2026
Merged

feat: Always append APDU Le fields#503
DennisDyallo merged 2 commits into
yubikit-composite-device-newfrom
yubikit-apdu-always-append-le

Conversation

@DennisDyallo

Copy link
Copy Markdown
Collaborator

Summary

  • Always append short and extended APDU Le fields.
  • Adjust SCP MAC input to exclude MAC placeholder and trailing Le.
  • Add APDU and SCP regression vectors.

Verification

  • Core unit tests
  • PIV integration smoke against serial 125
  • DevTeam review: pass with notes addressed/accepted

@DennisDyallo DennisDyallo changed the title Always append APDU Le fields feat: Always append APDU Le fields Jun 24, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR standardizes APDU wire formatting by always appending the Le field (short and extended APDUs), and updates SCP03 MAC computation so the MAC input excludes both the reserved MAC placeholder bytes and the newly appended trailing Le. It also adds focused regression tests to lock in the updated APDU and SCP behavior across Core, Oath, and SecurityDomain.

Changes:

  • Always append Le in ApduFormatterShort and ApduFormatterExtended (including “zero Le” forms).
  • Update ScpProcessor MAC input slicing to exclude the MAC placeholder and trailing Le bytes deterministically.
  • Add/adjust unit tests to validate formatter output and SCP MAC behavior, and update existing applet tests to expect the appended Le.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated no comments.

Show a summary per file
File Description
src/SecurityDomain/tests/Yubico.YubiKit.SecurityDomain.UnitTests/SecurityDomainSessionTests.cs Update expected transmitted APDUs to include the trailing Le byte.
src/Oath/tests/Yubico.YubiKit.Oath.UnitTests/OathSessionTests.cs Adjust APDU assertions to ignore the appended Le in payload comparisons and assert Le is present.
src/Core/tests/Yubico.YubiKit.Core.UnitTests/Protocols/SmartCard/Scp/PcscProtocolScpTests.cs Add regression vectors ensuring SCP MAC input excludes the appended Le (short + extended).
src/Core/tests/Yubico.YubiKit.Core.UnitTests/Protocols/SmartCard/Apdu/ApduFormatterTests.cs New unit tests verifying always-appended Le behavior for short and extended APDU formatting.
src/Core/src/Protocols/SmartCard/Scp/ScpProcessor.cs Fix MAC input length calculation to exclude MAC placeholder and trailing Le.
src/Core/src/Protocols/SmartCard/Apdu/ApduFormatterShort.cs Always append Le for short APDUs (including Le=0).
src/Core/src/Protocols/SmartCard/Apdu/ApduFormatterExtended.cs Always append extended Le (Case 2E/4E), improve Le validation, and use WriteUInt16BigEndian for Lc/Le encoding.

@DennisDyallo DennisDyallo marked this pull request as ready for review June 27, 2026 08:00
Base automatically changed from yubikit-performance to yubikit-composite-device-new July 1, 2026 10:46
@DennisDyallo DennisDyallo merged commit caa8133 into yubikit-composite-device-new Jul 1, 2026
4 checks passed
@DennisDyallo DennisDyallo deleted the yubikit-apdu-always-append-le branch July 1, 2026 12:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Development

Successfully merging this pull request may close these issues.

2 participants