]> err.no Git - yubikey-personalization/commitdiff
ykp_write_config: Some modes now store four bytes key in uid.
authorFredrik Thulin <fredrik@yubico.com>
Mon, 31 Jan 2011 10:12:35 +0000 (11:12 +0100)
committerFredrik Thulin <fredrik@yubico.com>
Mon, 31 Jan 2011 10:12:35 +0000 (11:12 +0100)
OATH-HOTP and HMAC challenge response have 20 bytes key, but the
key field in the configuration is only 16 bytes. They therefor store
four more bytes in the uid field. The pretty-printer is now aware
of this, and will say "uid: n/a" when there is actually key data in
there, and show the complete 20 bytes key as "key:".

ykpers.c

index c59d41c51fdd734be8bc6121610b4cd66629d43a..b5c88cd8d1c98d3df02de97facb2e7da7151069f 100644 (file)
--- a/ykpers.c
+++ b/ykpers.c
@@ -461,6 +461,18 @@ int ykp_write_config(const YKP_CONFIG *cfg,
                char buffer[256];
                struct map_st *p;
                unsigned char t_flags;
+               bool key_bits_in_uid = false;
+
+               /* for OATH-HOTP and HMAC-SHA1 challenge response, there is four bytes
+                *  additional key data in the uid field
+                */
+               if ((cfg->ykcore_config.tktFlags & TKTFLAG_OATH_HOTP) == TKTFLAG_OATH_HOTP)
+                       key_bits_in_uid = true;
+               
+               if ((cfg->ykcore_config.tktFlags & TKTFLAG_CHAL_RESP) == TKTFLAG_CHAL_RESP &&
+                   (cfg->ykcore_config.cfgFlags & CFGFLAG_CHAL_HMAC) == CFGFLAG_CHAL_HMAC) {
+                       key_bits_in_uid = true;
+               }
 
                /* fixed: */
                writer(str_fixed, strlen(str_fixed), userdata);
@@ -479,11 +491,15 @@ int ykp_write_config(const YKP_CONFIG *cfg,
                writer(str_key_value_separator,
                       strlen(str_key_value_separator),
                       userdata);
-               writer(str_hex_prefix,
-                      strlen(str_key_value_separator),
-                      userdata);
-               yubikey_hex_encode(buffer, (char *)cfg->ykcore_config.uid, UID_SIZE);
-               writer(buffer, strlen(buffer), userdata);
+               if (key_bits_in_uid) {
+                       writer("n/a", 3, userdata);
+               } else {
+                       writer(str_hex_prefix,
+                              strlen(str_key_value_separator),
+                              userdata);
+                       yubikey_hex_encode(buffer, (char *)cfg->ykcore_config.uid, UID_SIZE);
+                       writer(buffer, strlen(buffer), userdata);
+               }
                writer("\n", 1, userdata);
 
                /* key: */
@@ -495,6 +511,9 @@ int ykp_write_config(const YKP_CONFIG *cfg,
                       strlen(str_key_value_separator),
                       userdata);
                yubikey_hex_encode(buffer, (char *)cfg->ykcore_config.key, KEY_SIZE);
+               if (key_bits_in_uid) {
+                       yubikey_hex_encode(buffer + KEY_SIZE * 2, (char *)cfg->ykcore_config.uid, 4);
+               }
                writer(buffer, strlen(buffer), userdata);
                writer("\n", 1, userdata);