YubiRuby 0.0.1

data/bin/modhex

@@ -0,0 +1,48 @@
+#!/usr/bin/env ruby -wKU
+$:.unshift File.join(File.dirname(__FILE__),'..','lib')
+$:.unshift File.join(File.dirname(__FILE__),'..','ext')
+
+require 'yubiruby'
+
+if __FILE__ == $PROGRAM_NAME
+  if ARGV.length < 1
+    msg=<<-EOF
+Usage: #{$PROGRAM_NAME} [-dh] <data>
+    
+Convert input DATA as specified and print output to STDOUT.
+
+ -d: Decode data (the default is to encode data).
+ -h: Use hex encoding for all non-modhex data.
+ DATA: string with data to encode
+
+Examples:
+
+  ModHex encode ASCII-string \"test\":
+    #{$PROGRAM_NAME} test
+
+  Decode ModHex data \"ifhgieif\" into ASCII string:
+    #{$PROGRAM_NAME} -d ifhgieif
+
+  ModHex encode hex-encoded data \"b565716f\":
+    #{$PROGRAM_NAME} -h b565716f
+
+  Decode ModHex data \"nghgibhv\" and print hex-encode data:
+    #{$PROGRAM_NAME} -d -h nghgibhv
+EOF
+    abort msg
+  end
+  
+  hex = ARGV.include? "-h"
+  decode = ARGV.include? "-d"
+  data = ARGV.last
+  
+  if decode
+    out = data.modhex_decode
+    out = YubiRuby::HEX.encode(out) if hex
+    puts out
+  else
+    data = YubiRuby::HEX.decode(data) if hex
+    puts data.modhex_encode
+  end
+  
+end

data/ext/extconf.rb

@@ -0,0 +1,14 @@
+require 'mkmf'
+#dir_config("libyubikey")
+if ARGV.include?('-h')
+  abort <<-EOF
+Usage:  #{$PROGRAM_NAME} [options]
+
+Options:
+  -d    debug mode
+  -h    print this help
+EOF
+end
+
+$CFLAGS << " -DNDEBUG" unless ARGV.include?('-d')
+create_makefile('libyubikey')

data/ext/libyubikey.c

@@ -0,0 +1,534 @@
+/* libyubikey.c --- Ruby wrapper for low-level Yubikey OTP functions.
+ *
+ * Written by Alessio Caiazza <nolith@abisso.org>.
+ * Copyright (c) 2010 Alessio Caiazza
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *    * Redistributions of source code must retain the above copyright
+ *      notice, this list of conditions and the following disclaimer.
+ *
+ *    * Redistributions in binary form must reproduce the above
+ *      copyright notice, this list of conditions and the following
+ *      disclaimer in the documentation and/or other materials provided
+ *      with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <ruby.h>
+#include <stdlib.h>
+#include "yubikey.h"
+
+#define MODHEX_SING_ENCODE	"encode"
+#define MODHEX_SING_DECODE	"decode"
+#define MODHEX_ENCODE	"modhex_encode"
+#define MODHEX_DECODE	"modhex_decode"
+#define MODHEX_VALID	"modhex?"
+
+static VALUE mYubiRuby;
+static VALUE mModHex;
+static VALUE cYubikey;
+
+
+/*  ModHex     */
+
+/* 
+ * call-seq:
+ *		YubyRuby::ModHex.encode(obj) -> "modhex string"
+ * 
+ * Encodes <tt>obj.to_str</tt> into a <tt>modhex string</tt>.
+ */
+static VALUE modhex_sing_encode(VALUE self, VALUE obj) 
+{
+	VALUE str = StringValue(obj);
+	int src_size = RSTRING(str)->len;
+	char *dst = (char*) malloc((2*src_size+1)*sizeof(char));
+	/* ModHex encode input string SRC of length SRCSIZE and put the zero
+	   terminated output string in DST.  The size of the output string DST
+	   must be at least 2*SRCSIZE+1.  The output string is always
+	   2*SRCSIZE large plus the terminating zero.  */
+	yubikey_modhex_encode(dst, RSTRING(str)->ptr, src_size);
+	
+	return rb_str_new2(dst);
+}
+
+/* 
+ * call-seq:
+ *		str.modhex_encode -> "modhex string"
+ * 
+ * Invokes YubyRuby::ModHex.encode on +self+.
+ */
+static VALUE modhex_encode(VALUE self) 
+{
+	ID method = rb_intern(MODHEX_SING_ENCODE);
+	
+	return rb_funcall(mModHex, method, 1, self); 
+}
+
+/* 
+ * call-seq:
+ *		YubyRuby::ModHex.decode(obj) -> "string"
+ * 
+ * Decodes <tt>obj.to_str</tt> into a <tt>string</tt>.
+ *
+ * No validatition of format in provided, use YubyRuby::ModHex.modhex?
+ * for checking.
+ */
+static VALUE modhex_sing_decode(VALUE self, VALUE obj) 
+{
+	VALUE str = StringValue(obj);
+	int src_size = RSTRING(str)->len;
+	char *dst = (char*) malloc(((src_size/2)+1)*sizeof(char));
+	/* ModHex decode input string SRC of length DSTSIZE/2 into output
+	   string DST.  The output string DST is always DSTSIZE/2 large plus
+	   the terminating zero.  */
+	yubikey_modhex_decode(dst, RSTRING(str)->ptr, src_size);
+	
+	return rb_str_new2(dst);
+}
+
+/* 
+ * call-seq:
+ *		str.modhec_decode -> "string"
+ * 
+ * Invokes YubyRuby::ModHex.decode on +self+.
+ */
+static VALUE modhex_decode(VALUE self) 
+{
+	ID method = rb_intern(MODHEX_SING_DECODE);
+	
+	return rb_funcall(mModHex, method, 1, self); 
+}
+
+/* 
+ * call-seq:
+ *		YubyRuby::ModHex.modhex?(obj) -> true or false
+ * 
+ * Checks if <tt>obj.to_str</tt> is a valid <tt>modhex string</tt>.
+ */
+static VALUE modhex_sing_is_modhex(VALUE self, VALUE obj) 
+{
+	VALUE str = StringValue(obj);
+	if (yubikey_modhex_p(RSTRING(str)->ptr) != 0)
+		return Qtrue;
+	else
+		return Qfalse;
+}
+
+/* 
+ * call-seq:
+ *		str.modhex? -> true or false
+ * 
+ * Invokes YubyRuby::ModHex.modhex? on +self+
+ */
+static VALUE modhex_is_modhex(VALUE self) 
+{
+	ID method = rb_intern(MODHEX_VALID);
+	
+	return rb_funcall(mModHex, method, 1, self); 
+}
+/*  ModHex  END   */
+
+/*   Yubikey */
+
+typedef struct {
+	uint8_t key[YUBIKEY_KEY_SIZE];
+	yubikey_token_t token;
+} yubikey_data;
+
+static void yubikey_free(void *p) 
+{
+	free(((yubikey_data*)p)->token);
+	free(p);
+}
+
+// allocate space for internal structures
+static VALUE yubikey_alloc(VALUE klass) 
+{
+	yubikey_data* data;
+	VALUE obj;
+	
+	data = (yubikey_data*) malloc(sizeof(yubikey_data));
+	data->token = (yubikey_token_t)malloc(sizeof(yubikey_token_st));
+	
+	obj = Data_Wrap_Struct(klass, 0, yubikey_free, data);
+	
+	return obj;
+}
+
+/* call-seq:
+ * 	yubikey.key = "hex string"
+ *
+ * Sets the AES key to the <tt>hex string</tt>.
+ */
+static VALUE yubikey_set_key(VALUE self, VALUE key) 
+{
+	yubikey_data* data;
+	
+	Data_Get_Struct(self, yubikey_data, data);
+	VALUE sKey = StringValue(key);
+	
+	if (sKey == Qnil)
+		rb_raise(rb_eTypeError, "wrong parameter type.");
+		
+	if (RSTRING(sKey)->len == YUBIKEY_KEY_SIZE*2) {
+		/* Hex */
+		if (yubikey_hex_p(RSTRING(sKey)->ptr) == 0)
+			rb_raise(rb_eTypeError, "not an HEX string."); //TODO:ArgumentError
+		char* buff = (char*) malloc(sizeof(char)*(YUBIKEY_KEY_SIZE +1));
+		yubikey_hex_decode( buff, RSTRING(sKey)->ptr, YUBIKEY_KEY_SIZE );
+		MEMCPY(&data->key, buff, uint8_t, YUBIKEY_KEY_SIZE);
+	}
+	
+	return key;
+}
+
+/* call-seq:
+ * 	yubikey.key -> "hex string"
+ *
+ * Gets the AES key as an hex string.
+ */
+static VALUE yubikey_get_key(VALUE self) 
+{
+	yubikey_data* data;
+	
+	Data_Get_Struct(self, yubikey_data, data);
+	
+	char key[YUBIKEY_KEY_SIZE*2 + 1];
+	char* buff = (char*) malloc(sizeof(char)*(YUBIKEY_KEY_SIZE +1));
+	MEMCPY(buff, &data->key, uint8_t, YUBIKEY_KEY_SIZE);
+	buff[YUBIKEY_KEY_SIZE] = '\0';
+	
+	yubikey_hex_encode( key, buff, YUBIKEY_KEY_SIZE );
+		
+	return rb_str_new2(key);
+}
+
+/* call-seq:
+ * 	Yubikey.new(aes_key) -> new_yubikey
+ *
+ * Creates a yubikey parser whith +aes_key+ ad AES key.
+ *
+ * +aes_key+ musb be encoded with YubiRuby::HEX.encode.
+ */
+static VALUE yubikey_initialize(VALUE self, VALUE key) 
+{
+	yubikey_data* data;
+	
+	Data_Get_Struct(self, yubikey_data, data);
+	
+	yubikey_set_key(self, key);
+	
+	return self;
+}
+
+static VALUE yubikey_init_copy(VALUE copy, VALUE orig) 
+{
+	yubikey_data *t_orig, *t_copy;
+	
+	if (copy == orig)
+		return copy;
+	
+	if (TYPE(orig) != T_DATA ||
+		RDATA(orig)->dfree != (RUBY_DATA_FUNC)yubikey_free) {
+			rb_raise(rb_eTypeError, "wrong argument type.");
+	}
+	
+	Data_Get_Struct(orig, yubikey_data, t_orig);
+	Data_Get_Struct(copy, yubikey_data, t_copy);
+	MEMCPY(&t_copy->key, &t_orig->key, uint8_t, YUBIKEY_KEY_SIZE);
+	MEMCPY(t_copy->token, t_orig->token, yubikey_token_st, 1);
+	
+	return copy;
+}
+
+/* call-seq:
+ * 	yubikey.parse(otp) -> true or false 
+ *
+ * Checks the +otp+ for a valid SSO.
+ */
+static VALUE yubikey_check(VALUE self, VALUE otp) 
+{
+	yubikey_data *data;
+	
+	VALUE str = StringValue(otp);
+	if (str == Qnil)
+		rb_raise(rb_eTypeError, "wrong argument type.");
+	
+	int start = RSTRING(str)->len - 32;
+	
+	if (start < 0)
+		rb_raise(rb_eTypeError, "OTP too short."); //Argument error
+	
+	Data_Get_Struct(self, yubikey_data, data);
+	
+#ifndef NDEBUG
+ /* Debug. */
+	char *buff = (char*)malloc(YUBIKEY_KEY_SIZE+1);
+	yubikey_modhex_decode ((char*)buff, 
+							(RSTRING(str)->ptr+start),
+							YUBIKEY_KEY_SIZE);
+	printf ("Input:\n");
+	printf ("  token: %s\n", (RSTRING(str)->ptr+start));
+
+	{
+	  size_t i;
+	  printf ("          ");
+	  for (i = 0; i < YUBIKEY_KEY_SIZE; i++)
+	    printf ("%02x ", buff[i] & 0xFF);
+	  printf ("\n");
+	}
+
+	printf ("  aeskey: %s\n", RSTRING(yubikey_get_key(self))->ptr);
+
+	{
+	  size_t i;
+	  printf ("          ");
+	  for (i = 0; i < YUBIKEY_KEY_SIZE; i++)
+	    printf ("%02x ", data->key[i] & 0xFF);
+	  printf ("\n");
+	}
+#endif
+
+	/* Decrypt TOKEN using KEY and store output in OUT structure.  Note
+	   that there is no error checking whether the output data is valid or
+	   not, use yubikey_check_* for that. */
+	yubikey_parse ((uint8_t*)(RSTRING(str)->ptr+start), data->key, data->token);	
+	
+#ifndef NDEBUG
+	printf ("Output:\n");
+	{
+	  size_t i;
+	  printf ("          ");
+	  for (i = 0; i < YUBIKEY_BLOCK_SIZE; i++)
+	    printf ("%02x ", ((uint8_t*)data->token)[i] & 0xFF);
+	  printf ("\n");
+	}
+
+	yubikey_token_st tok = *data->token;
+	printf ("\nStruct:\n");
+	/* Debug */
+	{
+	  size_t i;
+	  printf ("  uid: ");
+	  for (i = 0; i < YUBIKEY_UID_SIZE; i++)
+	    printf ("%02x ", data->token->uid[i] & 0xFF);
+	  printf ("\n");
+	}
+	printf ("  counter: %d (0x%04x)\n", tok.ctr, tok.ctr);
+	printf ("  timestamp (low): %d (0x%04x)\n", tok.tstpl, tok.tstpl);
+	printf ("  timestamp (high): %d (0x%02x)\n", tok.tstph, tok.tstph);
+	printf ("  session use: %d (0x%02x)\n", tok.use, tok.use);
+	printf ("  random: %d (0x%02x)\n", tok.rnd, tok.rnd);
+	printf ("  crc: %d (0x%04x)\n", tok.crc, tok.crc);
+
+	printf ("\nDerived:\n");
+	printf ("  cleaned counter: %d (0x%04x)\n",
+	 yubikey_counter (tok.ctr), yubikey_counter (tok.ctr));
+	yubikey_modhex_encode ((char*)buff, (char*)tok.uid, YUBIKEY_UID_SIZE);
+	printf ("  modhex uid: %s\n", buff);
+	printf ("  triggered by caps lock: %s\n",
+	 yubikey_capslock(tok.ctr) ? "yes" : "no");
+	printf ("  crc: %04X\n", yubikey_crc16 ((void*)&tok, YUBIKEY_KEY_SIZE));
+
+	printf ("  crc check: ");
+	if (yubikey_crc_ok_p ((uint8_t*)&tok))
+	    printf("ok\n");
+	else
+	printf ("fail\n");
+#endif
+	if (yubikey_crc_ok_p ((uint8_t*)data->token))
+		return Qtrue;
+	else
+		return Qfalse;
+}
+
+/* call-seq:
+ * 	yubikey.to_str -> String
+ *
+ * Gets the decoded token as <tt>hex string</tt> representation.
+ */
+static VALUE yubikey_to_str(VALUE self) 
+{
+	size_t i;
+	yubikey_data *data;
+	Data_Get_Struct(self, yubikey_data, data);
+	
+	VALUE ary = rb_ary_new2(YUBIKEY_BLOCK_SIZE);
+	for (i = 0; i < YUBIKEY_BLOCK_SIZE; i++) {
+		VALUE num = INT2FIX(((uint8_t*)data->token)[i]);
+		//invoke .to_s 16 on each number
+		rb_ary_store(ary, i, rb_funcall(num, rb_intern("to_s"), 1, INT2FIX(16) ));
+	}
+
+	return rb_funcall(ary, rb_intern("join"), 0); 
+}
+
+/* call-seq:
+ * 	yubikey.uid -> "hex string"
+ *
+ * Gets the decoded token UID field as <tt>hex string</tt> representation.
+ */
+static VALUE yubikey_get_uid(VALUE self) 
+{
+	VALUE out = yubikey_to_str(self);
+	
+	// *2 becaouse of hex
+	return rb_str_new(RSTRING(out)->ptr, YUBIKEY_UID_SIZE*2 );
+}
+
+/* call-seq:
+ * 	yubikey.counter -> Fixnum
+ *
+ * Gets the decoded token counter field.
+ */
+static VALUE yubikey_get_counter(VALUE self) 
+{
+	yubikey_data *data;
+	Data_Get_Struct(self, yubikey_data, data);
+
+	return INT2FIX(yubikey_counter(data->token->ctr)); 
+}
+
+/* call-seq:
+ * 	yubikey.triggered_by_capslock? -> true or false
+ *
+ */
+static VALUE yubikey_get_triggered_by_capslock(VALUE self) 
+{
+	yubikey_data *data;
+	Data_Get_Struct(self, yubikey_data, data);
+
+	if (yubikey_capslock(data->token->ctr))
+		return Qtrue;
+	else
+		return Qfalse;
+}
+
+static VALUE yubikey_get_tsl(VALUE self) 
+{
+	yubikey_data *data;
+	Data_Get_Struct(self, yubikey_data, data);
+
+	return INT2FIX(data->token->tstpl); 
+}
+
+static VALUE yubikey_get_tsh(VALUE self) 
+{
+	yubikey_data *data;
+	Data_Get_Struct(self, yubikey_data, data);
+
+	return INT2FIX(data->token->tstph); 
+}
+
+static VALUE yubikey_get_session(VALUE self) 
+{
+	yubikey_data *data;
+	Data_Get_Struct(self, yubikey_data, data);
+
+	return INT2FIX(data->token->use); 
+}
+
+static VALUE yubikey_get_random(VALUE self) 
+{
+	yubikey_data *data;
+	Data_Get_Struct(self, yubikey_data, data);
+
+	return INT2FIX(data->token->rnd); 
+}
+
+static VALUE yubikey_get_crc(VALUE self) 
+{
+	yubikey_data *data;
+	Data_Get_Struct(self, yubikey_data, data);
+
+	return INT2FIX(data->token->crc); 
+}
+
+static VALUE yubikey_calc_crc(VALUE self) 
+{
+	yubikey_data *data;
+	Data_Get_Struct(self, yubikey_data, data);
+	
+	return INT2FIX(yubikey_crc16 ((void*)data->token, YUBIKEY_KEY_SIZE)); 
+}
+
+static VALUE yubikey_check_crc(VALUE self) 
+{
+	yubikey_data *data;
+	Data_Get_Struct(self, yubikey_data, data);
+	
+	if (yubikey_crc_ok_p ((uint8_t*)data->token))
+		return Qtrue;
+	else
+		return Qfalse;
+}
+/*   Yubikey END */
+
+/* Implementation of Yubikey OTP functions.
+ * This Module may be used to interact with a Yubikey
+ */
+void Init_libyubikey() {
+	mYubiRuby = rb_define_module("YubiRuby");
+	
+	/* ModHex string encoder/decoder
+	 * 
+	 * The YubiKey uses a special data encoding format known as "modhex" rather 
+	 * than normal hex encoding or base64 encoding. 
+	 * Modhex is similar to hex encoding but with a different encoding alphabet. 
+	 * The reason is to achieve a keyboard layout independent encoding.
+	 *
+	 * The String class in extended with this module.
+	 */
+	mModHex = rb_define_module_under(mYubiRuby, "ModHex");
+	rb_define_singleton_method(mModHex, "encode", modhex_sing_encode, 1);
+	rb_define_method(mModHex, "modhex_encode", modhex_encode, 0);
+	rb_define_singleton_method(mModHex, "decode", modhex_sing_decode, 1);
+	rb_define_method(mModHex, "modhex_decode", modhex_decode, 0);
+	rb_define_singleton_method(mModHex, "modhex?", modhex_sing_is_modhex, 1);
+	rb_define_method(mModHex, "modhex?", modhex_is_modhex, 0);
+	/* lists of allowed char in MODHEX enconding */
+	rb_define_const(mModHex, "MODHEX_MAP", rb_str_new2(YUBIKEY_MODHEX_MAP));
+	
+	//extends String with ModHex
+	rb_include_module(rb_cString, mModHex);
+	
+	/* Prototypes for low-level Yubikey OTP functions.
+	 *
+	 */
+	cYubikey = rb_define_class_under(mYubiRuby, "Yubikey", rb_cObject);
+	rb_define_alloc_func(cYubikey, yubikey_alloc);
+	rb_define_method(cYubikey, "initialize", yubikey_initialize, 1);
+	rb_define_method(cYubikey, "initialize_copy", yubikey_init_copy, 1);
+	/* CRC value for a valid token */
+	rb_define_const(cYubikey, "CRC_OK_RESIDUE", INT2FIX(YUBIKEY_CRC_OK_RESIDUE));
+	rb_define_method(cYubikey, "key", yubikey_get_key, 0);
+	rb_define_method(cYubikey, "key=", yubikey_set_key, 1);
+	rb_define_method(cYubikey, "parse", yubikey_check, 1);
+	rb_define_method(cYubikey, "to_str", yubikey_to_str, 0);
+	rb_define_alias(cYubikey, "to_s", "to_str");
+	rb_define_method(cYubikey, "uid", yubikey_get_uid, 0);
+	rb_define_method(cYubikey, "counter", yubikey_get_counter, 0);
+	rb_define_method(cYubikey, "triggered_by_capslock?", yubikey_get_triggered_by_capslock, 0);
+	rb_define_method(cYubikey, "timestamp_low", yubikey_get_tsl, 0);
+	rb_define_method(cYubikey, "timestamp_high", yubikey_get_tsh, 0);
+	rb_define_method(cYubikey, "session", yubikey_get_session, 0);
+	rb_define_method(cYubikey, "random", yubikey_get_random, 0);
+	rb_define_method(cYubikey, "crc", yubikey_get_crc, 0);
+	rb_define_method(cYubikey, "crc_residue", yubikey_calc_crc, 0);
+	rb_define_method(cYubikey, "crc?", yubikey_check_crc, 0);
+}