From: Fredrik Thulin <fredrik@yubico.com>
Date: Mon, 17 Jan 2011 14:36:34 +0000 (+0100)
Subject: 160 bit keys are HMAC keys.
X-Git-Tag: v1.4.0~9
X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7caf686bf982fc97d4a7b5c0505d5ab4000233b9;p=yubikey-personalization.old

160 bit keys are HMAC keys.
---

diff --git a/libykpers-1.map b/libykpers-1.map
index dd30e59..260dd70 100644
--- a/libykpers-1.map
+++ b/libykpers-1.map
@@ -93,7 +93,7 @@ LIBYKPERS_1.0 {
 LIBYKPERS_1.4 {
   global:
 # Functions:
-    ykp_AES160_key_from_hex;
+    ykp_HMAC_key_from_hex;
     ykp_set_tktflag_OATH_HOTP;
     ykp_set_tktflag_CHAL_RESP;
     ykp_set_cfgflag_OATH_HOTP8;
diff --git a/ykpers.c b/ykpers.c
index e6b4bdb..a3e5dfa 100644
--- a/ykpers.c
+++ b/ykpers.c
@@ -160,18 +160,18 @@ int ykp_AES_key_from_hex(YKP_CONFIG *cfg, const char *hexkey) {
 	return 0;
 }
 
-/* Decode 160 bits AES key, used with OATH and HMAC challenge-response.
+/* Decode 160 bits HMAC key, used with OATH and HMAC challenge-response.
  *
- * The first 128 bits of the AES go key into cfg->ykcore_config.key,
+ * The first 128 bits of the HMAC go key into cfg->ykcore_config.key,
  * and 32 bits into the first four bytes of cfg->ykcore_config.uid.
 */
-int ykp_AES160_key_from_hex(YKP_CONFIG *cfg, const char *hexkey) {
+int ykp_HMAC_key_from_hex(YKP_CONFIG *cfg, const char *hexkey) {
 	char aesbin[256];
 	int i;
 
 	/* Make sure that the hexkey is exactly 40 characters */
 	if (strlen(hexkey) != 40) {
-		return 1;  /* Bad AES key */
+		return 1;  /* Bad HMAC key */
 	}
 
 	/* Make sure that the hexkey is made up of only [0-9a-f] */
diff --git a/ykpersonalize.1 b/ykpersonalize.1
index 1ac0895..979bdb1 100644
--- a/ykpersonalize.1
+++ b/ykpersonalize.1
@@ -224,21 +224,21 @@ The Yubikey will wait for the user to press the key (within 15 seconds) before
 answering the challenge.
 
 .SH OATH-HOTP Mode
-When using OATH-HOTP mode, an AES key of 160 bits (20 bytes, 40 chars of hex)
+When using OATH-HOTP mode, a HMAC key of 160 bits (20 bytes, 40 chars of hex)
 can be supplied with -a.
 .PP
 The token identifier can be set with the -ofixed= option.
 See section "5.3.4 - OATH-HOTP Token Identifier" of the
 .URL "http://static.yubico.com/var/uploads/pdfs/YubiKey_Manual_2010-09-16.pdf" "Yubikey manual"
 for details, but in short the token identifier is 2 bytes manufacturer prefix,
-2 character token type and then 8 bytes manufacturer unique ID.
+2 bytes token type and then 8 bytes manufacturer unique ID.
 
 .SH Challenge-response Mode
 In \fBCHAL-RESP\fR mode, the token will NOT generate any keypresses when the button
 is pressed (although it is perfectly possible to have one slot with a keypress-generating
 configuration, and the other in challenge-response mode).  Instead, a program capable of
 sending USB HID feature reports to the token must be used to send it a challenge, and
-read the response.  A C-based program to do that will be developed by Yubico shortly.
+read the response.
 
 .SH BUGS
 Report ykpersonalize bugs in 
diff --git a/ykpersonalize.c b/ykpersonalize.c
index 3b61480..5775128 100644
--- a/ykpersonalize.c
+++ b/ykpersonalize.c
@@ -461,7 +461,7 @@ int args_to_config(int argc, char **argv, YKP_CONFIG *cfg,
 		}
 
 		if (long_key_valid && strlen(aeshash) == 40) {
-			res = ykp_AES160_key_from_hex(cfg, aeshash);
+			res = ykp_HMAC_key_from_hex(cfg, aeshash);
 		} else {
 			res = ykp_AES_key_from_hex(cfg, aeshash);
 		}