YubiRuby 1.0.0 → 1.1.0

data/ext/libyubikey/ykaes.c

@@ -1,6 +1,6 @@
 /* ykaes.c --- Implementation of AES-128.
  *
- * Copyright (c) 2006, 2007, 2008, 2009 Yubico AB
+ * Copyright (c) 2006-2012 Yubico AB
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -212,3 +212,103 @@ yubikey_aes_decrypt (uint8_t * state, const uint8_t * key)
 
     }
 }
+
+
+/*******************************************************************
+function aesEncrypt encrypts a single AES-128 block
+
+  void aesEncrypt(unsigned char *state, const unsigned char *key)
+
+Where:
+     "state" is state buffer, i.e. plaintext in, ciphertext out
+     "key" is pointer to AES key
+
+*************************************************************************/
+
+void
+yubikey_aes_encrypt (uint8_t *state, const uint8_t *key)
+{
+  unsigned char i, j, k, tmp, round_key[0x10];
+
+  memcpy (round_key, key, sizeof (round_key));
+
+  for (i = 0; i < 16; i++)
+    state[i] ^= key[i];
+
+  for (i = 0; i < NUMBER_OF_ROUNDS; i++)
+    {
+
+      // byte_sub_shift_row(state);
+
+      /* First row: 0 shift, 0 4 8 12 */
+      state[0] = rijndael_sbox[state[0]];
+      state[4] = rijndael_sbox[state[4]];
+      state[8] = rijndael_sbox[state[8]];
+      state[12] = rijndael_sbox[state[12]];
+
+      /* Second row: 1 shift, 1 5 9 13 */
+      tmp = state[1];
+      state[1] = rijndael_sbox[state[5]];
+      state[5] = rijndael_sbox[state[9]];
+      state[9] = rijndael_sbox[state[13]];
+      state[13] = rijndael_sbox[tmp];
+
+      /* Third row: 2 shift, 2 6 10 14 */
+      tmp = state[2];
+      state[2] = rijndael_sbox[state[10]];
+      state[10] = rijndael_sbox[tmp];
+      tmp = state[6];
+      state[6] = rijndael_sbox[state[14]];
+      state[14] = rijndael_sbox[tmp];
+
+      /* Fourth row: 3 shift, 3 7 11 15 */
+      tmp = state[15];
+      state[15] = rijndael_sbox[state[11]];
+      state[11] = rijndael_sbox[state[7]];
+      state[7] = rijndael_sbox[state[3]];
+      state[3] = rijndael_sbox[tmp];
+
+      if (i != (NUMBER_OF_ROUNDS - 1))
+	{
+
+	  // mix_column(state);
+
+	  for (k = 0; k < 16; k += 4)
+	    {
+
+	      j = state[k] ^ state[k + 1];
+	      tmp = j ^ state[k + 2] ^ state[k + 3];
+
+	      j = xtime (j);
+
+	      state[k] ^= (j ^ tmp);
+
+	      j = state[k + 1] ^ state[k + 2];
+	      j = xtime (j);
+
+	      state[k + 1] ^= (j ^ tmp);
+
+	      j = state[k + 2] ^ state[k + 3];
+	      j = xtime (j);
+
+	      state[k + 2] ^= (j ^ tmp);
+	      state[k + 3] = state[k] ^ state[k + 1] ^ state[k + 2] ^ tmp;
+	    }
+	}
+
+      round_key[0] ^= RC[i];
+
+      round_key[0] ^= rijndael_sbox[round_key[13]];
+      round_key[1] ^= rijndael_sbox[round_key[14]];
+      round_key[2] ^= rijndael_sbox[round_key[15]];
+      round_key[3] ^= rijndael_sbox[round_key[12]];
+
+      for (k = 4; k < 16; k++)
+	round_key[k] ^= round_key[k - 4];
+
+      // add_round_key(state, round_key);
+
+      for (j = 0; j < 16; j++)
+	state[j] ^= round_key[j];
+    }
+}

data/ext/libyubikey/ykcrc.c

@@ -1,7 +1,7 @@
-/* ykcrc.c --- Implementation of Yubikey CRC-16 function.
+/* ykcrc.c --- Implementation of YubiKey CRC-16 function.
  *
  * Written by Simon Josefsson <simon@josefsson.org>.
- * Copyright (c) 2006, 2007, 2008, 2009 Yubico AB
+ * Copyright (c) 2006-2012 Yubico AB
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -33,7 +33,7 @@
 #include "yubikey.h"
 
 uint16_t
-yubikey_crc16 (const uint8_t *buf, size_t buf_size)
+yubikey_crc16 (const uint8_t * buf, size_t buf_size)
 {
   uint16_t m_crc = 0xffff;
 

data/ext/libyubikey/ykhex.c

@@ -1,7 +1,7 @@
 /* ykhex.c --- Implementation of hex encoding/decoding
  *
  * Written by Simon Josefsson <simon@josefsson.org>.
- * Copyright (c) 2006, 2007, 2008, 2009 Yubico AB
+ * Copyright (c) 2006-2012 Yubico AB
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -32,8 +32,6 @@
 
 #include "yubikey.h"
 
-#include <stdbool.h>
-
 static const char trans[] = "0123456789abcdef";
 
 void
@@ -52,8 +50,8 @@ void
 yubikey_hex_decode (char *dst, const char *src, size_t dstSize)
 {
   char b;
-  bool flag = false;
-  char *p1;
+  int flag = 0;
+  const char *p1;
 
   for (; *src && dstSize > 0; src++)
     {

data/ext/libyubikey/ykmodhex.c

@@ -1,7 +1,7 @@
 /* ykmodhex.c --- Implementation of modhex encoding/decoding
  *
  * Written by Simon Josefsson <simon@josefsson.org>.
- * Copyright (c) 2006, 2007, 2008, 2009 Yubico AB
+ * Copyright (c) 2006-2012 Yubico AB
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -32,8 +32,6 @@
 
 #include "yubikey.h"
 
-#include <stdbool.h>
-
 static const char trans[] = YUBIKEY_MODHEX_MAP;
 
 void
@@ -52,8 +50,8 @@ void
 yubikey_modhex_decode (char *dst, const char *src, size_t dstSize)
 {
   char b;
-  bool flag = false;
-  char *p1;
+  int flag = 0;
+  const char *p1;
 
   for (; *src && dstSize > 0; src++)
     {

data/ext/libyubikey/ykparse.c

@@ -1,7 +1,7 @@
-/* ykparse.c --- Implementation of Yubikey token parser.
+/* ykparse.c --- Example command line interface for authentication token.
  *
  * Written by Simon Josefsson <simon@josefsson.org>.
- * Copyright (c) 2006, 2007, 2008, 2009 Yubico AB
+ * Copyright (c) 2006-2012 Yubico AB
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -32,14 +32,120 @@
 
 #include "yubikey.h"
 
+#include <stdio.h>
 #include <stdlib.h>
-#include <stdbool.h>
+#include <stdint.h>
+#include <string.h>
 
-void
-yubikey_parse (const uint8_t token[32],
-	       const uint8_t key[16], yubikey_token_t out)
+int
+main (int argc, char *argv[])
 {
-  memset (out, 0, sizeof (*out));
-  yubikey_modhex_decode ((void *) out, (char *) token, sizeof (*out));
-  yubikey_aes_decrypt ((void *) out, key);
+  uint8_t buf[128];
+  uint8_t key[YUBIKEY_KEY_SIZE];
+  char *aeskey, *token;
+  yubikey_token_st tok;
+
+  /* Parse command line parameters. */
+  if (argc < 2)
+    {
+      printf ("Usage: %s <aeskey> <token>\n", argv[0]);
+      printf (" AESKEY:\tHex encoded AES-key.\n");
+      printf (" TOKEN:\t\tModHex encoded token.\n");
+      return EXIT_FAILURE;
+    }
+
+  aeskey = argv[1];
+  token = argv[2];
+
+  if (strlen (aeskey) != 32)
+    {
+      printf ("error: Hex encoded AES-key must be 32 characters.\n");
+      return EXIT_FAILURE;
+    }
+
+  if (strlen (token) > 32)
+    {
+      printf ("warning: overlong token, ignoring prefix: %.*s\n",
+	      (int) strlen (token) - 32, token);
+      token = token + (strlen (token) - 32);
+    }
+
+  if (strlen (token) != 32)
+    {
+      printf ("error: ModHex encoded token must be 32 characters.\n");
+      return EXIT_FAILURE;
+    }
+
+  /* Debug. */
+  printf ("Input:\n");
+  printf ("  token: %s\n", token);
+
+  yubikey_modhex_decode ((char *) key, token, YUBIKEY_KEY_SIZE);
+
+  {
+    size_t i;
+    printf ("          ");
+    for (i = 0; i < YUBIKEY_KEY_SIZE; i++)
+      printf ("%02x ", key[i] & 0xFF);
+    printf ("\n");
+  }
+
+  printf ("  aeskey: %s\n", aeskey);
+
+  yubikey_hex_decode ((char *) key, aeskey, YUBIKEY_KEY_SIZE);
+
+  {
+    size_t i;
+    printf ("          ");
+    for (i = 0; i < YUBIKEY_KEY_SIZE; i++)
+      printf ("%02x ", key[i] & 0xFF);
+    printf ("\n");
+  }
+
+  /* Pack up dynamic password, decrypt it and verify checksum */
+  yubikey_parse ((uint8_t *) token, key, &tok);
+
+  printf ("Output:\n");
+  {
+    size_t i;
+    printf ("          ");
+    for (i = 0; i < YUBIKEY_BLOCK_SIZE; i++)
+      printf ("%02x ", ((uint8_t *) & tok)[i] & 0xFF);
+    printf ("\n");
+  }
+
+  printf ("\nStruct:\n");
+  /* Debug */
+  {
+    size_t i;
+    printf ("  uid: ");
+    for (i = 0; i < YUBIKEY_UID_SIZE; i++)
+      printf ("%02x ", tok.uid[i] & 0xFF);
+    printf ("\n");
+  }
+  printf ("  counter: %d (0x%04x)\n", tok.ctr, tok.ctr);
+  printf ("  timestamp (low): %d (0x%04x)\n", tok.tstpl, tok.tstpl);
+  printf ("  timestamp (high): %d (0x%02x)\n", tok.tstph, tok.tstph);
+  printf ("  session use: %d (0x%02x)\n", tok.use, tok.use);
+  printf ("  random: %d (0x%02x)\n", tok.rnd, tok.rnd);
+  printf ("  crc: %d (0x%04x)\n", tok.crc, tok.crc);
+
+  printf ("\nDerived:\n");
+  printf ("  cleaned counter: %d (0x%04x)\n",
+	  yubikey_counter (tok.ctr), yubikey_counter (tok.ctr));
+  yubikey_modhex_encode ((char *) buf, (char *) tok.uid, YUBIKEY_UID_SIZE);
+  printf ("  modhex uid: %s\n", buf);
+  printf ("  triggered by caps lock: %s\n",
+	  yubikey_capslock (tok.ctr) ? "yes" : "no");
+  printf ("  crc: %04X\n", yubikey_crc16 ((void *) &tok, YUBIKEY_KEY_SIZE));
+
+  printf ("  crc check: ");
+  if (yubikey_crc_ok_p ((uint8_t *) & tok))
+    {
+      printf ("ok\n");
+      return EXIT_SUCCESS;
+    }
+
+  printf ("fail\n");
+  return EXIT_FAILURE;
 }

data/ext/libyubikey/yktoken.c

@@ -0,0 +1,52 @@
+/* ykparse.c --- Implementation of YubiKey token parser.
+ *
+ * Written by Simon Josefsson <simon@josefsson.org>.
+ * Copyright (c) 2006-2012 Yubico AB
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *    * Redistributions of source code must retain the above copyright
+ *      notice, this list of conditions and the following disclaimer.
+ *
+ *    * Redistributions in binary form must reproduce the above
+ *      copyright notice, this list of conditions and the following
+ *      disclaimer in the documentation and/or other materials provided
+ *      with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "yubikey.h"
+
+#include <stdlib.h>
+
+void
+yubikey_parse (const uint8_t token[32],
+	       const uint8_t key[16], yubikey_token_t out)
+{
+  memset (out, 0, sizeof (*out));
+  yubikey_modhex_decode ((char *) out, (const char *) token, sizeof (*out));
+  yubikey_aes_decrypt ((uint8_t *) out, key);
+}
+
+void
+yubikey_generate (yubikey_token_t token,
+		  const uint8_t key[YUBIKEY_KEY_SIZE], char out[32])
+{
+  yubikey_aes_encrypt ((uint8_t *) token, key);
+  yubikey_modhex_encode (out, (const char *) token, YUBIKEY_KEY_SIZE);
+}

data/ext/libyubikey/yubikey.h

@@ -1,7 +1,7 @@
-/* yubikey.h --- Prototypes for low-level Yubikey OTP functions.
+/* yubikey.h --- Prototypes for low-level YubiKey OTP functions.
  *
  * Written by Simon Josefsson <simon@josefsson.org>.
- * Copyright (c) 2006, 2007, 2008, 2009 Yubico AB
+ * Copyright (c) 2006-2012 Yubico AB
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -36,9 +36,15 @@
 # include <stdint.h>
 # include <string.h>
 
+# ifdef __cplusplus
+extern "C"
+{
+# endif
+
 # define YUBIKEY_BLOCK_SIZE 16
 # define YUBIKEY_KEY_SIZE 16
 # define YUBIKEY_UID_SIZE 6
+# define YUBIKEY_OTP_SIZE (2 * YUBIKEY_BLOCK_SIZE)
 
 typedef struct
 {
@@ -63,6 +69,7 @@ typedef yubikey_token_st *yubikey_token_t;
 
 /* High-level functions. */
 
+
 /* Decrypt TOKEN using KEY and store output in OUT structure.  Note
    that there is no error checking whether the output data is valid or
    not, use yubikey_check_* for that. */
@@ -70,6 +77,11 @@ extern void yubikey_parse (const uint8_t token[YUBIKEY_BLOCK_SIZE],
 			   const uint8_t key[YUBIKEY_KEY_SIZE],
 			   yubikey_token_t out);
 
+/* Generate OTP */
+extern void yubikey_generate (yubikey_token_t token,
+			      const uint8_t key[YUBIKEY_KEY_SIZE],
+			      char out[YUBIKEY_OTP_SIZE]);
+
 # define yubikey_counter(ctr) ((ctr) & 0x7FFF)
 # define yubikey_capslock(ctr) ((ctr) & 0x8000)
 # define yubikey_crc_ok_p(tok) \
@@ -86,15 +98,13 @@ extern void yubikey_parse (const uint8_t token[YUBIKEY_BLOCK_SIZE],
    must be at least 2*SRCSIZE+1.  The output string is always
    2*SRCSIZE large plus the terminating zero.  */
 extern void yubikey_modhex_encode (char *dst,
-				   const char *src,
-				   size_t srcsize);
+				   const char *src, size_t srcsize);
 
 /* ModHex decode input string SRC of length DSTSIZE/2 into output
    string DST.  The output string DST is always DSTSIZE/2 large plus
    the terminating zero.  */
 extern void yubikey_modhex_decode (char *dst,
-				   const char *src,
-				   size_t dstsize);
+				   const char *src, size_t dstsize);
 
 /* Hex encode/decode data, same interface as modhex functions. */
 extern void yubikey_hex_encode (char *dst, const char *src, size_t srcsize);
@@ -114,8 +124,13 @@ extern uint16_t yubikey_crc16 (const uint8_t * buf, size_t buf_size);
 
 /* Low-level functions; AES. */
 
-/* AES-decrypt one 16-byte block STATE using the 128-bit KEY, leaving
-   the decrypted output in the STATE buffer. */
+/* AES-decrypt/encrypt one 16-byte block STATE using the 128-bit KEY,
+   leaving the decrypted/encrypted output in the STATE buffer. */
 extern void yubikey_aes_decrypt (uint8_t * state, const uint8_t * key);
+extern void yubikey_aes_encrypt (uint8_t * state, const uint8_t * key);
+
+# ifdef __cplusplus
+}
+# endif
 
 #endif