From: Fredrik Thulin Date: Mon, 17 Jan 2011 14:36:34 +0000 (+0100) Subject: 160 bit keys are HMAC keys. X-Git-Tag: v1.4.0~9 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7caf686bf982fc97d4a7b5c0505d5ab4000233b9;p=yubikey-personalization.old 160 bit keys are HMAC keys. --- diff --git a/libykpers-1.map b/libykpers-1.map index dd30e59..260dd70 100644 --- a/libykpers-1.map +++ b/libykpers-1.map @@ -93,7 +93,7 @@ LIBYKPERS_1.0 { LIBYKPERS_1.4 { global: # Functions: - ykp_AES160_key_from_hex; + ykp_HMAC_key_from_hex; ykp_set_tktflag_OATH_HOTP; ykp_set_tktflag_CHAL_RESP; ykp_set_cfgflag_OATH_HOTP8; diff --git a/ykpers.c b/ykpers.c index e6b4bdb..a3e5dfa 100644 --- a/ykpers.c +++ b/ykpers.c @@ -160,18 +160,18 @@ int ykp_AES_key_from_hex(YKP_CONFIG *cfg, const char *hexkey) { return 0; } -/* Decode 160 bits AES key, used with OATH and HMAC challenge-response. +/* Decode 160 bits HMAC key, used with OATH and HMAC challenge-response. * - * The first 128 bits of the AES go key into cfg->ykcore_config.key, + * The first 128 bits of the HMAC go key into cfg->ykcore_config.key, * and 32 bits into the first four bytes of cfg->ykcore_config.uid. */ -int ykp_AES160_key_from_hex(YKP_CONFIG *cfg, const char *hexkey) { +int ykp_HMAC_key_from_hex(YKP_CONFIG *cfg, const char *hexkey) { char aesbin[256]; int i; /* Make sure that the hexkey is exactly 40 characters */ if (strlen(hexkey) != 40) { - return 1; /* Bad AES key */ + return 1; /* Bad HMAC key */ } /* Make sure that the hexkey is made up of only [0-9a-f] */ diff --git a/ykpersonalize.1 b/ykpersonalize.1 index 1ac0895..979bdb1 100644 --- a/ykpersonalize.1 +++ b/ykpersonalize.1 @@ -224,21 +224,21 @@ The Yubikey will wait for the user to press the key (within 15 seconds) before answering the challenge. .SH OATH-HOTP Mode -When using OATH-HOTP mode, an AES key of 160 bits (20 bytes, 40 chars of hex) +When using OATH-HOTP mode, a HMAC key of 160 bits (20 bytes, 40 chars of hex) can be supplied with -a. .PP The token identifier can be set with the -ofixed= option. See section "5.3.4 - OATH-HOTP Token Identifier" of the .URL "http://static.yubico.com/var/uploads/pdfs/YubiKey_Manual_2010-09-16.pdf" "Yubikey manual" for details, but in short the token identifier is 2 bytes manufacturer prefix, -2 character token type and then 8 bytes manufacturer unique ID. +2 bytes token type and then 8 bytes manufacturer unique ID. .SH Challenge-response Mode In \fBCHAL-RESP\fR mode, the token will NOT generate any keypresses when the button is pressed (although it is perfectly possible to have one slot with a keypress-generating configuration, and the other in challenge-response mode). Instead, a program capable of sending USB HID feature reports to the token must be used to send it a challenge, and -read the response. A C-based program to do that will be developed by Yubico shortly. +read the response. .SH BUGS Report ykpersonalize bugs in diff --git a/ykpersonalize.c b/ykpersonalize.c index 3b61480..5775128 100644 --- a/ykpersonalize.c +++ b/ykpersonalize.c @@ -461,7 +461,7 @@ int args_to_config(int argc, char **argv, YKP_CONFIG *cfg, } if (long_key_valid && strlen(aeshash) == 40) { - res = ykp_AES160_key_from_hex(cfg, aeshash); + res = ykp_HMAC_key_from_hex(cfg, aeshash); } else { res = ykp_AES_key_from_hex(cfg, aeshash); }