Parsing and verifying OTPs locally, using key from Yubikey Manager
binaryape opened this issue · 1 comments
binaryape commented
I can't get the full parsing and verification of OTPs to work with a Yubikey I've configured using Yubikey Manager on a Mac.
Yubikey Manager generates values like this:
Using a 32 character key with YubikeyOTP
produces an error for bad key size
YubikeyOTP.OTP.parse!("ccccccegjdngvritidjdcbggrkgchgigghrtkbnvnfkg", key: "8eb45d90988808c85147451ee4b28adc", skip_checksum: true)
** (YubikeyOTP.OTP.ParseError) Erlang error: {:badarg, {'api_ng.c', 95}, 'Bad key size'}
(crypto 4.6.4) :crypto.ng_crypto_one_time_nif(:aes_128_ecb, "8eb45d90988808c85147451ee4b28adc", "", <<252, 125, 114, 130, 1, 85, 201, 80, 101, 117, 86, 205, 145, 191, 180, 149>>, false)
(yubikey_otp 0.2.0) lib/yubikey_otp/otp.ex:196: YubikeyOTP.OTP.do_parse!/2
The example/test still works fine, but is using a 16 character key
YubikeyOTP.OTP.parse!("ccccccclulvjhnblleegivrcjlvvtvujejbclrdjdgvk", key: "1111111111111111")
%YubikeyOTP.OTP{
checksum: ",3",
encrypted_otp: "hnblleegivrcjlvvtvujejbclrdjdgvk",
prefix: "cccccc",
private_id: "111111",
public_id: "ccccccclulvj",
random: <<64, 22>>,
serial: 715512,
session_counter: 0,
timestamp: 8002816,
use_counter: 0
}
I'm confused - is this an issue with the encoding/base of the keyfile?
binaryape commented
It was an encoding issue:
Base.decode16("8eb45d90988808c85147451ee4b28adc",case: :lower)
{:ok,
<<142, 180, 93, 144, 152, 136, 8, 200, 81, 71, 69, 30, 228, 178, 138, 220>>}
{:ok, key} = Base.decode16("8eb45d90988808c85147451ee4b28adc",case: :lower)
{:ok,
<<142, 180, 93, 144, 152, 136, 8, 200, 81, 71, 69, 30, 228, 178, 138, 220>>}
YubikeyOTP.OTP.parse!("vvccccegjdngttfirtikicjuljtrrjbbvblehluieuib", key: key, skip_checksum: true)
%YubikeyOTP.OTP{
checksum: <<82, 0>>,
encrypted_otp: "ttfirtikicjuljtrrjbbvblehluieuib",
prefix: "vvcccc",
private_id: <<92, 223, 7, 68, 141, 172>>,
public_id: "vvccccegjdng",
random: <<181, 116>>,
serial: 3506869,
session_counter: 0,
timestamp: 10884675,
use_counter: 768
}
If users are going to be using the Yubico tools they'll expect the key to work directly (I did) so this needs to work easily in this library too. Easy to fix.