Personalisation tool should allow proprietary URIs in NDEF payloads about yubikey-personalization HOT 9 CLOSED

Hello,

I've just added missing error checks to ykpersonalize.
What happens is that the url may only be 53 bytes long (subtracting the prefix if it's in the list of known prefixes).

/klas

(edited, typo in the original, the limit is 53 bytes)

from yubikey-personalization.

Ahh... That (unfortunately) makes sense. Why else would there be a scheme to save bytes? :(

During my testing, switching out anyconnect:// for https:// would have saved me 13 bytes.
Maybe I can petition cisco, (or maybe an anyconnect developer will stumble across this post!), to provide some short parameter aliases. prefill_secondary_password is 26 bytes :(

from yubikey-personalization.

What's really irritating is I think I'm only 1 byte over if I use the shortest uri possible...
anyconnect:connect?name=A&prefill_secondary_password=

Which together with the 5 bytes header is 58.

Is the 57 byte limit specific to the yubikey neo or part of the standard?
Thanks,
Alex

from yubikey-personalization.

I made a typo in my previous comment, the limit is 53 bytes: https://github.com/Yubico/yubikey-personalization/blob/master/ykcore/ykdef.h#L181 the first byte of the data field is used for shortening the url, or 0 if it's not shortened.

It's a neo limitation, existing so it can be programmed over the standard interface, where the ndef_st in ykdef.h must fit inside the payload of the frame_st.

/klas

from yubikey-personalization.

I'm almost certainly missing something, but...
I make ndef_st only 62 bytes (1+1+54+6=62). frame_st.payload is 64 bytes?

from yubikey-personalization.

No, you're not.
The reason for that discrepancy is probably that someone made an error in calculating that when creating the struct originally.. =(

from yubikey-personalization.

Why the sad face? Doesn't this mean I can change NDEF_DATA_SIZE to 56?

from yubikey-personalization.

No.. Firstly because the limit is in the hardware as well that the data is 54 bytes, and because of the struct alignment, with a 6 byte accesscode following directly after the data. So increasing it to 56 bytes at this point would be a major headache, requiring different structures for different hardware revisions.

from yubikey-personalization.

Shame. Whilst just a single extra byte would have helped me a lot, it hardly seems worth creating new firmware and supporting both versions for just 2 extra bytes.
10's of extra bytes would allow all the anyconnect uri options to be useable.

I guess I'll just have to host a webpage somewhere that redirects https requests to anyconnect uris. Not a great solution, but I guess it should work ok.

Thanks for your help,
Alex

from yubikey-personalization.