Yubico Forum https://forum.yubico.com/ |
|
V1.3 bug re: ykFLAG_STATIC_TICKET and ykFLAG_TICKET_FIRST https://forum.yubico.com/viewtopic.php?f=16&t=141 |
Page 1 of 1 |
Author: | caitsith6502 [ Tue Jul 22, 2008 4:52 am ] |
Post subject: | V1.3 bug re: ykFLAG_STATIC_TICKET and ykFLAG_TICKET_FIRST |
Seems I found a bug regarding static OTPs. In playing around with my key, hnirvlrevnegugnucgdvbirglvfgcbnfivrgunvckggt, by setting the configuration to the default for Static OTP, ykStaticID/ykUID/ykKey to the values I know match the OTP just posted, along with ykFLAG_STATIC_TICKET = true, It seems that this flag is outright ignored if you also set ykFLAG_TICKET_FIRST = true. Here are the next 3 keys showing this behaviour. (Use the AES key that decodes the above key posted to decode these, all which are TICKET_FIRST). uerhtvtiffrkengdjncghirlejdjnujkhnirvlrevneg dtkujnhfgeihffdfigcijicddjftilenhnirvlrevneg vevugdfgvuevrnulnkhvliungijeigechnirvlrevneg durebtiubdgektnndlrrufdvktrlvhglhnirvlrevneg crdggekkuvbeuuknfdukhcgkhfglbtuehnirvlrevneg dufeijvnchgcftekffnkjrcnbuffukvuhnirvlrevneg ldnfnjielvvkurkngieljjkhtclrllcnhnirvlrevneg judgnhubkudejuhrfdlgieiiveukubrkhnirvlrevneg Now, if I go and reprogram the key again, with ykFLAG_TICKET_FIRST = false, it goes back to generating Static OTPs once again. |
Author: | caitsith6502 [ Wed Jul 23, 2008 5:56 am ] |
Post subject: | Re: V1.3 bug re: ykFLAG_STATIC_TICKET and ykFLAG_TICKET_FIRST |
I checked to see if other flags gave similar issues. ykFLAG_TICKET_FIRST is the only flag to give this issue. |
Author: | Jakob [ Thu Jul 24, 2008 8:46 pm ] |
Post subject: | Re: V1.3 bug re: ykFLAG_STATIC_TICKET and ykFLAG_TICKET_FIRST |
Confirmed... We'll create a 1.3.1 to fix that issue. I owe you a set of free ones as thanks for finding it. Given that the output is static, I beleive no one will have any practical problems with this one. Whatever, we'll fix it. Regards, JakobE Hardware- and firmware guy @ Yubico |
Author: | gmik [ Wed Jul 30, 2008 7:47 pm ] |
Post subject: | Re: V1.3 bug -- ykFLAG_TICKET_FIRST |
Code: I'm not sure if this is the same underlying issue. The issue I have is that dynamic OTP's become static once the ykFLAG_TICKET_FIRST is set to true. YubiKeyConfig yub = null; IYubiKeyConfig tok = null; Listen listener = null; try { yub = new YubiKeyConfig(); tok = yub.getIYubiKeyConfig(); tok.ykClear(); System.out.println("tok.getYkIsConfigured():" + tok.getYkIsConfigured()); System.out.println("tok.getYkIsInserted():" + tok.getYkIsInserted()); final String key = "dbc2be2addce5d234b6db67e97524915"; final String user1 = "ffeffabcd034"; final String user2 = "ffeffabcd035"; final String user = user2; tok.setYkStaticID(user); tok.setYkUID(user); tok.setYkKey(key); tok.setYkFlagProperty(ykFLAG.ykFLAG_APPEND_CR, 1); tok.setYkFlagProperty(ykFLAG.ykFLAG_ALLOW_HIDTRIG, 1); tok.setYkFlagProperty(ykFLAG.ykFLAG_SEND_REF , 1); //tok.setYkFlagProperty(ykFLAG.ykFLAG_STATIC_TICKET, 0); tok.setYkFlagProperty(ykFLAG.ykFLAG_TICKET_FIRST, 1); // comment out for dynamic otp's ykRETCODE ret = tok.getYkProgram(); System.out.println("tok.getYkProgram():" + RetCode.toString(ret) ); } catch (Exception e) { e.printStackTrace(); } Setting ykFLAG_TICKET_FIRST to false corrects the problem. sample output: cbdefghijklnrtuvvvuvvlnrtcegnflnknuflgbgvnjgutclbblhujirubcu cbdefghijklnrtuvvvuvvlnrtceggtcflvltnrkcjnivfeklhuigfvkfifel cbdefghijklnrtuvvvuvvlnrtcegnnvhbkjlvenrdrdlrnjdrrikruvdfnkg cbdefghijklnrtuvvvuvvlnrtcegjurldgdkujutkutijujdeedelnfhjlhu cbdefghijklnrtuvhddnkbibcrcucbevtjkekciduckgnlkhvvuvvlnrtceg cbdefghijklnrtuvhddnkbibcrcucbevtjkekciduckgnlkhvvuvvlnrtceg cbdefghijklnrtuvhddnkbibcrcucbevtjkekciduckgnlkhvvuvvlnrtceg cbdefghijklnrtuvhddnkbibcrcucbevtjkekciduckgnlkhvvuvvlnrtceg Is it just me? ------------------------------------ |
Author: | caitsith6502 [ Thu Jul 31, 2008 12:23 am ] |
Post subject: | Re: V1.3 bug re: ykFLAG_STATIC_TICKET and ykFLAG_TICKET_FIRST |
Indeed, confirmed the bug. It seems that ykFLAG_TICKET_FIRST xor's ykFLAG_STATIC_TICKET with binary 1, somewhere in the code. Because of this, if you want a Yubikey 1.3 with a static ticket and as well as ticket first, you set ykFLAG_STATIC_TICKET = FALSE and ykFLAG_TICKET_FIRST = TRUE, and if you want ticket first with dynamic ticket, you do ykFLAG_STATIC_TICKET = TRUE and ykFLAG_TICKET_FIRST = FALSE. This is a weird bug indeed, for being a bit counter intuitive for what you want. ykFLAG_STATIC_TICKET = FALSE, ykFLAG_TICKET_FIRST = true. ugnucgdvbirglvfgcbnfivrgunvckggthnirvlrevneg ugnucgdvbirglvfgcbnfivrgunvckggthnirvlrevneg ugnucgdvbirglvfgcbnfivrgunvckggthnirvlrevneg ykFLAG_STATIC_TICKET = TRUE, ykFLAG_TICKET_FIRST = false. vnllvkgejuddrierinbffjdnuhhjlehihnirvlrevneg tegtfvbvkdfnrkngjfefdvvvrggffllnhnirvlrevneg benelvivndvjvlglkvulvnfjcibvddnuhnirvlrevneg ykFLAG_STATIC_TICKET = FALSE, ykFLAG_TICKET_FIRST = FALSE. hnirvlrevnegjbghjlcuevhennfkucbubgfvbdkehuju hnirvlrevnegkfigfdtcuhrgkufhhuhjljdftbkjgrfh hnirvlrevneggcfinlehccfuvkekdhdbgkcbgcfllrlh ykFLAG_STATIC_TICKET = TRUE, ykFLAG_TICKET_FIRST = FALSE. hnirvlrevnegugnucgdvbirglvfgcbnfivrgunvckggt hnirvlrevnegugnucgdvbirglvfgcbnfivrgunvckggt hnirvlrevnegugnucgdvbirglvfgcbnfivrgunvckggt |
Author: | gmik [ Fri Aug 01, 2008 8:57 pm ] |
Post subject: | Re: V1.3 bug re: ykFLAG_STATIC_TICKET and ykFLAG_TICKET_FIRST |
---------- so this should work? Code: YubiKeyConfig yub = null; IYubiKeyConfig tok = null; try { yub = new YubiKeyConfig(); tok = yub.getIYubiKeyConfig(); tok.ykClear(); System.out.println("tok.getYkIsConfigured():" + tok.getYkIsConfigured()); System.out.println("tok.getYkIsInserted():" + tok.getYkIsInserted()); final String key = "dbc2be2addce5d234b6db67e97524915"; final String user = "ffeffabcd035"; tok.setYkStaticID(user); tok.setYkUID(user); tok.setYkKey(key); tok.setYkFlagProperty(ykFLAG.ykFLAG_APPEND_CR, 1); tok.setYkFlagProperty(ykFLAG.ykFLAG_ALLOW_HIDTRIG, 1); tok.setYkFlagProperty(ykFLAG.ykFLAG_SEND_REF , 1); // // -- this flag sequence for v1.3 ? tok.setYkFlagProperty(ykFLAG.ykFLAG_STATIC_TICKET, 0); tok.setYkFlagProperty(ykFLAG.ykFLAG_TICKET_FIRST, 1); tok.setYkFlagProperty(ykFLAG.ykFLAG_STATIC_TICKET, 1); tok.setYkFlagProperty(ykFLAG.ykFLAG_TICKET_FIRST, 0); // // ykRETCODE ret = tok.getYkProgram(); System.out.println("tok.getYkProgram():" + RetCode.toString(ret) ); } catch (Exception e) { e.printStackTrace(); } Is there a flag sequence that should work for all hardware versions (no code changes ) ? ---------- |
Author: | gmik [ Sat Aug 02, 2008 10:24 pm ] |
Post subject: | Re: V1.3 bug re: ykFLAG_STATIC_TICKET and ykFLAG_TICKET_FIRST |
or this? Code: tok.setYkFlagProperty(ykFLAG.ykFLAG_STATIC_TICKET, 0); tok.setYkFlagProperty(ykFLAG.ykFLAG_TICKET_FIRST, 1); ykRETCODE ret = tok.getYkProgram(); tok.setYkFlagProperty(ykFLAG.ykFLAG_STATIC_TICKET, 1); tok.setYkFlagProperty(ykFLAG.ykFLAG_TICKET_FIRST, 0); ykRETCODE ret = tok.getYkProgram(); |
Author: | Jakob [ Sun Aug 10, 2008 12:03 am ] |
Post subject: | Re: V1.3 bug re: ykFLAG_STATIC_TICKET and ykFLAG_TICKET_FIRST |
This issue has been fixed and the maintenance release 1.3.1 will be implemented effective from the next production batch. Only this bug is fixed in 1.3.1. AFAIK, there are no other open firmware issues at this point in time. If there is anyone having an issue with this bug, please let me know and I'll ensure that a replacement is sent f.o.c. We deemed this bug "non critical" so we won't provide this unless there is a real issue. Thanks all for reporting this issue. Everyone involved can send me an e-mail to jakob at yubico dot com and I'll send you some complementary 1.3.1 keys as a sign of my gratitude. Keeping the firmware healthy is a top prio for us and even minor issues like this ones shall (and will) be fixed. Regards, JakobE Hardware- and firmware guy @ Yubico |
Author: | caitsith6502 [ Tue Aug 12, 2008 4:34 am ] |
Post subject: | Re: V1.3 bug re: ykFLAG_STATIC_TICKET and ykFLAG_TICKET_FIRST |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 There, fired off my email. (from d_good at caitsith2 dot com). -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8 wsBVAwUBSKEE1CSkpD9cy+H+AQjgdAf9EaBi/kvvwjWlKrP0Ew4iZXsjs33qJUCe 2wtuDeGmeiBegEHKQ8F2owf/yHI6air+yLIWmXel3Hgg3UwiUFZRlU3QzCTEnmu3 kSjkDIBPTrNtVL6NpY0QaRRYwz+JOAtHs4T04qhtxc90T20R8uTwzsibFJWGPW75 OyFdQZBAuxtIucJ/DngO7I8h4LIALpAKpedjkqtLvBIk7xAA+asEj/6CPCOCBbAk V7Rn/HphLbFKTu+iMH7R7ZnL/FxjcqFa2GuYTOBiOdtu7r7ERwi90O7w8n2Q4jsU I1iRH70YchfLOr3dbUNNGTzMw2+fu5xUNnfnLXOZyWzqzx7tKdp9+g== =SoTu -----END PGP SIGNATURE----- |
Page 1 of 1 | All times are UTC + 1 hour |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |