Yubico Forum
https://forum.yubico.com/

V1.3 bug re: ykFLAG_STATIC_TICKET and ykFLAG_TICKET_FIRST
https://forum.yubico.com/viewtopic.php?f=16&t=141		 Page 1 of 1
Author:  caitsith6502 [ Tue Jul 22, 2008 4:52 am ]
Post subject:  V1.3 bug re: ykFLAG_STATIC_TICKET and ykFLAG_TICKET_FIRST
Seems I found a bug regarding static OTPs.

In playing around with my key, hnirvlrevnegugnucgdvbirglvfgcbnfivrgunvckggt, by setting the configuration to the default for Static OTP, ykStaticID/ykUID/ykKey to the values I know match the OTP just posted, along with ykFLAG_STATIC_TICKET = true, It seems that this flag is outright ignored if you also set ykFLAG_TICKET_FIRST = true.

Here are the next 3 keys showing this behaviour. (Use the AES key that decodes the above key posted to decode these, all which are TICKET_FIRST).

uerhtvtiffrkengdjncghirlejdjnujkhnirvlrevneg
dtkujnhfgeihffdfigcijicddjftilenhnirvlrevneg
vevugdfgvuevrnulnkhvliungijeigechnirvlrevneg
durebtiubdgektnndlrrufdvktrlvhglhnirvlrevneg
crdggekkuvbeuuknfdukhcgkhfglbtuehnirvlrevneg

dufeijvnchgcftekffnkjrcnbuffukvuhnirvlrevneg
ldnfnjielvvkurkngieljjkhtclrllcnhnirvlrevneg
judgnhubkudejuhrfdlgieiiveukubrkhnirvlrevneg

Now, if I go and reprogram the key again, with ykFLAG_TICKET_FIRST = false, it goes back to generating Static OTPs once again.
Author:  caitsith6502 [ Wed Jul 23, 2008 5:56 am ]
Post subject:  Re: V1.3 bug re: ykFLAG_STATIC_TICKET and ykFLAG_TICKET_FIRST
I checked to see if other flags gave similar issues. ykFLAG_TICKET_FIRST is the only flag to give this issue.
Author:  Jakob [ Thu Jul 24, 2008 8:46 pm ]
Post subject:  Re: V1.3 bug re: ykFLAG_STATIC_TICKET and ykFLAG_TICKET_FIRST
Confirmed...

We'll create a 1.3.1 to fix that issue. I owe you a set of free ones as thanks for finding it.

Given that the output is static, I beleive no one will have any practical problems with this one. Whatever, we'll fix it.

Regards,

JakobE
Hardware- and firmware guy @ Yubico
Author:  gmik [ Wed Jul 30, 2008 7:47 pm ]
Post subject:  Re: V1.3 bug -- ykFLAG_TICKET_FIRST
Code:
I'm not sure if this is the same underlying issue.

The issue I have is that dynamic OTP's become static once the ykFLAG_TICKET_FIRST is set to true.
   
      YubiKeyConfig yub = null;
      IYubiKeyConfig tok = null;
      Listen listener = null;
      try {
         yub = new YubiKeyConfig();
         tok = yub.getIYubiKeyConfig();
         tok.ykClear();
         System.out.println("tok.getYkIsConfigured():" + tok.getYkIsConfigured());
         System.out.println("tok.getYkIsInserted():" + tok.getYkIsInserted());
         final String key = "dbc2be2addce5d234b6db67e97524915";
         final String user1 = "ffeffabcd034";
         final String user2 = "ffeffabcd035";      
         final String user = user2;      
         tok.setYkStaticID(user);
         tok.setYkUID(user);
         tok.setYkKey(key);
         tok.setYkFlagProperty(ykFLAG.ykFLAG_APPEND_CR, 1);
         tok.setYkFlagProperty(ykFLAG.ykFLAG_ALLOW_HIDTRIG, 1);
         tok.setYkFlagProperty(ykFLAG.ykFLAG_SEND_REF , 1);
         //tok.setYkFlagProperty(ykFLAG.ykFLAG_STATIC_TICKET, 0);
         tok.setYkFlagProperty(ykFLAG.ykFLAG_TICKET_FIRST, 1);  // comment out for dynamic otp's
         ykRETCODE ret = tok.getYkProgram();
         System.out.println("tok.getYkProgram():" + RetCode.toString(ret) );
      } catch (Exception e) {
         e.printStackTrace();
      }

Setting ykFLAG_TICKET_FIRST to false corrects the problem.
   
sample output:

   cbdefghijklnrtuvvvuvvlnrtcegnflnknuflgbgvnjgutclbblhujirubcu
   cbdefghijklnrtuvvvuvvlnrtceggtcflvltnrkcjnivfeklhuigfvkfifel
   cbdefghijklnrtuvvvuvvlnrtcegnnvhbkjlvenrdrdlrnjdrrikruvdfnkg
   cbdefghijklnrtuvvvuvvlnrtcegjurldgdkujutkutijujdeedelnfhjlhu

   cbdefghijklnrtuvhddnkbibcrcucbevtjkekciduckgnlkhvvuvvlnrtceg
   cbdefghijklnrtuvhddnkbibcrcucbevtjkekciduckgnlkhvvuvvlnrtceg
   cbdefghijklnrtuvhddnkbibcrcucbevtjkekciduckgnlkhvvuvvlnrtceg
   cbdefghijklnrtuvhddnkbibcrcucbevtjkekciduckgnlkhvvuvvlnrtceg


Is it just me?

------------------------------------
Author:  caitsith6502 [ Thu Jul 31, 2008 12:23 am ]
Post subject:  Re: V1.3 bug re: ykFLAG_STATIC_TICKET and ykFLAG_TICKET_FIRST
Indeed, confirmed the bug. It seems that ykFLAG_TICKET_FIRST xor's ykFLAG_STATIC_TICKET with binary 1, somewhere in the code. Because of this, if you want a Yubikey 1.3 with a static ticket and as well as ticket first, you set ykFLAG_STATIC_TICKET = FALSE and ykFLAG_TICKET_FIRST = TRUE, and if you want ticket first with dynamic ticket, you do ykFLAG_STATIC_TICKET = TRUE and ykFLAG_TICKET_FIRST = FALSE. This is a weird bug indeed, for being a bit counter intuitive for what you want.

ykFLAG_STATIC_TICKET = FALSE, ykFLAG_TICKET_FIRST = true.
ugnucgdvbirglvfgcbnfivrgunvckggthnirvlrevneg
ugnucgdvbirglvfgcbnfivrgunvckggthnirvlrevneg
ugnucgdvbirglvfgcbnfivrgunvckggthnirvlrevneg

ykFLAG_STATIC_TICKET = TRUE, ykFLAG_TICKET_FIRST = false.
vnllvkgejuddrierinbffjdnuhhjlehihnirvlrevneg
tegtfvbvkdfnrkngjfefdvvvrggffllnhnirvlrevneg
benelvivndvjvlglkvulvnfjcibvddnuhnirvlrevneg

ykFLAG_STATIC_TICKET = FALSE, ykFLAG_TICKET_FIRST = FALSE.
hnirvlrevnegjbghjlcuevhennfkucbubgfvbdkehuju
hnirvlrevnegkfigfdtcuhrgkufhhuhjljdftbkjgrfh
hnirvlrevneggcfinlehccfuvkekdhdbgkcbgcfllrlh

ykFLAG_STATIC_TICKET = TRUE, ykFLAG_TICKET_FIRST = FALSE.
hnirvlrevnegugnucgdvbirglvfgcbnfivrgunvckggt
hnirvlrevnegugnucgdvbirglvfgcbnfivrgunvckggt
hnirvlrevnegugnucgdvbirglvfgcbnfivrgunvckggt
Author:  gmik [ Fri Aug 01, 2008 8:57 pm ]
Post subject:  Re: V1.3 bug re: ykFLAG_STATIC_TICKET and ykFLAG_TICKET_FIRST
----------
so this should work?

Code:
      YubiKeyConfig yub = null;
      IYubiKeyConfig tok = null;
      try {
         yub = new YubiKeyConfig();
         tok = yub.getIYubiKeyConfig();
         tok.ykClear();
         System.out.println("tok.getYkIsConfigured():" + tok.getYkIsConfigured());
         System.out.println("tok.getYkIsInserted():" + tok.getYkIsInserted());
         final String key = "dbc2be2addce5d234b6db67e97524915";
         final String user = "ffeffabcd035";
         tok.setYkStaticID(user);
         tok.setYkUID(user);
         tok.setYkKey(key);
         tok.setYkFlagProperty(ykFLAG.ykFLAG_APPEND_CR, 1);
         tok.setYkFlagProperty(ykFLAG.ykFLAG_ALLOW_HIDTRIG, 1);
         tok.setYkFlagProperty(ykFLAG.ykFLAG_SEND_REF , 1);
         //
         // -- this flag sequence for v1.3 ?
                tok.setYkFlagProperty(ykFLAG.ykFLAG_STATIC_TICKET, 0);
                tok.setYkFlagProperty(ykFLAG.ykFLAG_TICKET_FIRST, 1);
                tok.setYkFlagProperty(ykFLAG.ykFLAG_STATIC_TICKET, 1);
                tok.setYkFlagProperty(ykFLAG.ykFLAG_TICKET_FIRST, 0);
         //
         //
         ykRETCODE ret = tok.getYkProgram();
         System.out.println("tok.getYkProgram():" + RetCode.toString(ret) );
      } catch (Exception e) {
         e.printStackTrace();
      }


Is there a flag sequence that should work for all hardware versions (no code changes ) ?
----------
Author:  gmik [ Sat Aug 02, 2008 10:24 pm ]
Post subject:  Re: V1.3 bug re: ykFLAG_STATIC_TICKET and ykFLAG_TICKET_FIRST
or this?

Code:

                tok.setYkFlagProperty(ykFLAG.ykFLAG_STATIC_TICKET, 0);
                tok.setYkFlagProperty(ykFLAG.ykFLAG_TICKET_FIRST, 1);
         ykRETCODE ret = tok.getYkProgram();
                tok.setYkFlagProperty(ykFLAG.ykFLAG_STATIC_TICKET, 1);
                tok.setYkFlagProperty(ykFLAG.ykFLAG_TICKET_FIRST, 0);
         ykRETCODE ret = tok.getYkProgram();
Author:  Jakob [ Sun Aug 10, 2008 12:03 am ]
Post subject:  Re: V1.3 bug re: ykFLAG_STATIC_TICKET and ykFLAG_TICKET_FIRST
This issue has been fixed and the maintenance release 1.3.1 will be implemented effective from the next production batch.

Only this bug is fixed in 1.3.1. AFAIK, there are no other open firmware issues at this point in time.

If there is anyone having an issue with this bug, please let me know and I'll ensure that a replacement is sent f.o.c. We deemed this bug "non critical" so we won't provide this unless there is a real issue.

Thanks all for reporting this issue. Everyone involved can send me an e-mail to jakob at yubico dot com and I'll send you some complementary 1.3.1 keys as a sign of my gratitude. Keeping the firmware healthy is a top prio for us and even minor issues like this ones shall (and will) be fixed.

Regards,

JakobE
Hardware- and firmware guy @ Yubico
Author:  caitsith6502 [ Tue Aug 12, 2008 4:34 am ]
Post subject:  Re: V1.3 bug re: ykFLAG_STATIC_TICKET and ykFLAG_TICKET_FIRST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

There, fired off my email. (from d_good at caitsith2 dot com).

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wsBVAwUBSKEE1CSkpD9cy+H+AQjgdAf9EaBi/kvvwjWlKrP0Ew4iZXsjs33qJUCe
2wtuDeGmeiBegEHKQ8F2owf/yHI6air+yLIWmXel3Hgg3UwiUFZRlU3QzCTEnmu3
kSjkDIBPTrNtVL6NpY0QaRRYwz+JOAtHs4T04qhtxc90T20R8uTwzsibFJWGPW75
OyFdQZBAuxtIucJ/DngO7I8h4LIALpAKpedjkqtLvBIk7xAA+asEj/6CPCOCBbAk
V7Rn/HphLbFKTu+iMH7R7ZnL/FxjcqFa2GuYTOBiOdtu7r7ERwi90O7w8n2Q4jsU
I1iRH70YchfLOr3dbUNNGTzMw2+fu5xUNnfnLXOZyWzqzx7tKdp9+g==
=SoTu
-----END PGP SIGNATURE-----
Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/