Parsing and verifying OTPs locally, using key from Yubikey Manager

Question

Parsing and verifying OTPs locally, using key from Yubikey Manager

binaryape opened this issue 4 years ago · 1 comments

I can't get the full parsing and verification of OTPs to work with a Yubikey I've configured using Yubikey Manager on a Mac.

Yubikey Manager generates values like this:

Using a 32 character key with YubikeyOTP produces an error for bad key size

YubikeyOTP.OTP.parse!("ccccccegjdngvritidjdcbggrkgchgigghrtkbnvnfkg", key: "8eb45d90988808c85147451ee4b28adc", skip_checksum: true)
** (YubikeyOTP.OTP.ParseError) Erlang error: {:badarg, {'api_ng.c', 95}, 'Bad key size'}
    (crypto 4.6.4) :crypto.ng_crypto_one_time_nif(:aes_128_ecb, "8eb45d90988808c85147451ee4b28adc", "", <<252, 125, 114, 130, 1, 85, 201, 80, 101, 117, 86, 205, 145, 191, 180, 149>>, false)
    (yubikey_otp 0.2.0) lib/yubikey_otp/otp.ex:196: YubikeyOTP.OTP.do_parse!/2

The example/test still works fine, but is using a 16 character key

YubikeyOTP.OTP.parse!("ccccccclulvjhnblleegivrcjlvvtvujejbclrdjdgvk", key: "1111111111111111")
%YubikeyOTP.OTP{
  checksum: ",3",
  encrypted_otp: "hnblleegivrcjlvvtvujejbclrdjdgvk",
  prefix: "cccccc",
  private_id: "111111",
  public_id: "ccccccclulvj",
  random: <<64, 22>>,
  serial: 715512,
  session_counter: 0,
  timestamp: 8002816,
  use_counter: 0
}

I'm confused - is this an issue with the encoding/base of the keyfile?

Answer 1 · 2020-05-30T16:03:23.000Z

It was an encoding issue:

Base.decode16("8eb45d90988808c85147451ee4b28adc",case: :lower)
{:ok,
 <<142, 180, 93, 144, 152, 136, 8, 200, 81, 71, 69, 30, 228, 178, 138, 220>>}

{:ok, key} = Base.decode16("8eb45d90988808c85147451ee4b28adc",case: :lower)
{:ok,
 <<142, 180, 93, 144, 152, 136, 8, 200, 81, 71, 69, 30, 228, 178, 138, 220>>}

YubikeyOTP.OTP.parse!("vvccccegjdngttfirtikicjuljtrrjbbvblehluieuib", key: key, skip_checksum: true)
%YubikeyOTP.OTP{
  checksum: <<82, 0>>,
  encrypted_otp: "ttfirtikicjuljtrrjbbvblehluieuib",
  prefix: "vvcccc",
  private_id: <<92, 223, 7, 68, 141, 172>>,
  public_id: "vvccccegjdng",
  random: <<181, 116>>,
  serial: 3506869,
  session_counter: 0,
  timestamp: 10884675,
  use_counter: 768
}

If users are going to be using the Yubico tools they'll expect the key to work directly (I did) so this needs to work easily in this library too. Easy to fix.