From 04004426132495ff5defacab673b53cef577ebac Mon Sep 17 00:00:00 2001
From: Christoph Honal <christoph.honal@web.de>
Date: Sat, 24 Jul 2021 00:16:35 +0200
Subject: [PATCH] Fix padding handling for 64 byte challenges

---
 src/net/cooperi/ykotpapplet/YkOtpApplet.java | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/src/net/cooperi/ykotpapplet/YkOtpApplet.java b/src/net/cooperi/ykotpapplet/YkOtpApplet.java
index 6ab0ec9..263491a 100644
--- a/src/net/cooperi/ykotpapplet/YkOtpApplet.java
+++ b/src/net/cooperi/ykotpapplet/YkOtpApplet.java
@@ -278,6 +278,23 @@ public class YkOtpApplet extends Applet implements ExtendedLength
 			return;
 		}
 
+		// Yubikey considers the last byte as padding 
+		//  if and only if the challenge size is 64 bytes
+		//  but then also all preceding bytes of the same value
+		if(lc == (short)64) {
+			lc--;
+			for(i = (byte)62; i>=(byte)0; i--) {
+				if(buffer[(byte)apdu.getOffsetCdata() + i] != buffer[(byte)apdu.getOffsetCdata() + 63]) {
+					break;
+				}
+				lc--;
+			}
+			if(lc == 0) {
+				ISOException.throwIt(ISO7816.SW_DATA_INVALID);
+				return;
+			}
+		}
+
 		if (hmacSha1 == null) {
 			Util.arrayCopyNonAtomic(slot.ipad, (short)0,
 			    hmacBuf, (short)0, (short)64);