From 8ea118fe91a69fd90511bf1bf51b6f28477ccbe8 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 26 Jan 2026 01:18:51 +0100 Subject: [PATCH] Fix OATH in iOS Authenticator. Fixes #248. For strange reason, iOS app doesn't follow strictly YKOATH spec. When there are remaining bytes after serial, it assumes there's challenge (and thus, access code), but algorithm 7B is there. Apparently algorithm 7B is only returned when challenge is present but I could not see where it is used. Signed-off-by: Pol Henarejos --- src/fido/oath.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/fido/oath.c b/src/fido/oath.c index 0c293c7..f8de9a7 100644 --- a/src/fido/oath.c +++ b/src/fido/oath.c @@ -94,22 +94,22 @@ int oath_select(app_t *a, uint8_t force) { res_APDU[res_APDU_size++] = sizeof(challenge); memcpy(res_APDU + res_APDU_size, challenge, sizeof(challenge)); res_APDU_size += sizeof(challenge); - } - file_t *ef_otp_pin = search_by_fid(EF_OTP_PIN, NULL, SPECIFY_EF); - if (file_has_data(ef_otp_pin)) { - const uint8_t *pin_data = file_get_data(ef_otp_pin); - res_APDU[res_APDU_size++] = TAG_PIN_COUNTER; + res_APDU[res_APDU_size++] = TAG_ALGO; res_APDU[res_APDU_size++] = 1; - res_APDU[res_APDU_size++] = *pin_data; + res_APDU[res_APDU_size++] = ALG_HMAC_SHA1; } - res_APDU[res_APDU_size++] = TAG_ALGO; - res_APDU[res_APDU_size++] = 1; - res_APDU[res_APDU_size++] = ALG_HMAC_SHA1; if (is_nk) { res_APDU[res_APDU_size++] = TAG_SERIAL_NUMBER; res_APDU[res_APDU_size++] = 8; memcpy(res_APDU + res_APDU_size, pico_serial_str, 8); res_APDU_size += 8; + file_t *ef_otp_pin = search_by_fid(EF_OTP_PIN, NULL, SPECIFY_EF); + if (file_has_data(ef_otp_pin)) { + const uint8_t *pin_data = file_get_data(ef_otp_pin); + res_APDU[res_APDU_size++] = TAG_PIN_COUNTER; + res_APDU[res_APDU_size++] = 1; + res_APDU[res_APDU_size++] = *pin_data; + } } apdu.ne = res_APDU_size; return PICOKEY_OK;