Better handling of YK Edge stuck in CCID mode.

Yubico · Aug 19, 2021 · c50f786 · c50f786
1 parent 7fb59f6
commit c50f786
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 5 deletions.
diff --git a/ykman/cli/config.py b/ykman/cli/config.py
@@ -540,7 +540,9 @@ def _mode_from_usb_enabled(usb_enabled):
         interfaces |= USB_INTERFACE.OTP
     if (CAPABILITY.U2F | CAPABILITY.FIDO2) & usb_enabled:
         interfaces |= USB_INTERFACE.FIDO
-    if (CAPABILITY.OPENPGP | CAPABILITY.PIV | CAPABILITY.OATH) & usb_enabled:
+    if (
+        USB_INTERFACE.CCID | CAPABILITY.OPENPGP | CAPABILITY.PIV | CAPABILITY.OATH
+    ) & usb_enabled:
         interfaces |= USB_INTERFACE.CCID
     return Mode(interfaces)
 

diff --git a/ykman/device.py b/ykman/device.py
@@ -459,9 +459,11 @@ def read_info(pid: Optional[PID], conn: Connection) -> DeviceInfo:
     ):
         usb_enabled = info.supported_capabilities[TRANSPORT.USB]
         if usb_enabled == (CAPABILITY.OTP | CAPABILITY.U2F | USB_INTERFACE.CCID):
-            # YubiKey Edge, hide unusable CCID interface
-            usb_enabled = CAPABILITY.OTP | CAPABILITY.U2F
-            info.supported_capabilities = {TRANSPORT.USB: usb_enabled}
+            # YubiKey Edge, hide unusable CCID interface from supported
+            # usb_enabled = CAPABILITY.OTP | CAPABILITY.U2F
+            info.supported_capabilities = {
+                TRANSPORT.USB: CAPABILITY.OTP | CAPABILITY.U2F
+            }
 
         if USB_INTERFACE.OTP not in interfaces:
             usb_enabled &= ~CAPABILITY.OTP

diff --git a/yubikit/management.py b/yubikit/management.py
@@ -354,7 +354,11 @@ def write_config(self, config):
 class _ManagementSmartCardBackend(_Backend):
     def __init__(self, smartcard_connection):
         self.protocol = SmartCardProtocol(smartcard_connection)
-        select_str = self.protocol.select(AID.MANAGEMENT).decode()
+        select_bytes = self.protocol.select(AID.MANAGEMENT)
+        if select_bytes[-2:] == b"\x90\x00":
+            # YubiKey Edge incorrectly appends SW twice.
+            select_bytes = select_bytes[:-2]
+        select_str = select_bytes.decode()
         self.version = Version.from_string(select_str)
         # For YubiKey NEO, we use the OTP application for further commands
         if self.version[0] == 3: