Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 2:53 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 10 posts ] 
Author Message
PostPosted: Sat Jul 12, 2014 8:44 pm 
Offline

Joined: Fri Nov 22, 2013 1:03 am
Posts: 14
Location: Germany
Hi,
I am playing around with the yubikey in challenge response and try to reproduce it in python.

I initialize the yubikey like this:
Code:
# ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible
Firmware version 2.2.3 Touch level 1795 Program sequence 3

Passphrase to create AES key: lsjdkflksdjf
Configuration data to be written to key configuration 2:

fixed: m:
uid: n/a/
key: h:a60f076ca60e6d966f3bdcdc96f5e94c3c8efc32
acc_code: h:000000000000
OATH IMF: h:0
ticket_flags: CHAL_RESP
config_flags: CHAL_HMAC|HMAC_LT64
extended_flags: SERIAL_API_VISIBLE


I take it, that a60f076ca60e6d966f3bdcdc96f5e94c3c8efc32 is the stored hmac key.

Now I run:
Code:
ykchalresp -2 -x 57642f9efa71d159181c0f3bbc93a84ccb8d378782e09eae21695395b441f5a22a3f35d46ee596fbab39e38d3fc0c4841780996fd272845af4d92cc31bf5134a
cef9198f3a2d9a378289096da646b7c165090d60


Simuliation this in python I get another response:

Code:
import hmac
import binascii
import hashlib
key = "a60f076ca60e6d966f3bdcdc96f5e94c3c8efc32"
chal = "57642f9efa71d159181c0f3bbc93a84ccb8d378782e09eae21695395b441f5a22a3f35d46ee596fbab39e38d3fc0c4841780996fd272845af4d92cc31bf5134a"
hmac.new(binascii.unhexlify(key), binascii.unhexlify(chal), hashlib.sha1).hexdigest()
'd8352dc4a5ce33639801fb2e2fa87444dbcae55e'


What am I missing here?

Thanks a lot and kind regards
Cornelius


Last edited by corny on Sun Jul 13, 2014 7:34 am, edited 1 time in total.

Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Sun Jul 13, 2014 7:33 am 
Offline

Joined: Fri Nov 22, 2013 1:03 am
Posts: 14
Location: Germany
So tell me!

Why does 32byte challenges work although the yubikey claims to process 64 byte challenges?

Code:
cornelius@puckel ~/src/python-yubico/examples (git)-[master] % python
Python 2.7.6 (default, Mar 22 2014, 22:59:56)
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import hmac
>>> import binascii
>>> import hashlib
>>> import os
>>> key = "a60f076ca60e6d966f3bdcdc96f5e94c3c8efc32"
>>> chal = os.urandom(32)
>>> print binascii.hexlify(chal)
d1835d598bc20c4ce8312ba94f046a015f7a70c48631b88f29922f1183e77873
>>> hmac.new(binascii.unhexlify(key), chal, hashlib.sha1).hexdigest()
'c7f7a081d06a738f913dce36b538091adc6d2e93'
>>> quit()
cornelius@puckel ~/src/python-yubico/examples (git)-[master] % ykchalresp -2 -x d1835d598bc20c4ce8312ba94f046a015f7a70c48631b88f29922f1183e77873
c7f7a081d06a738f913dce36b538091adc6d2e93


So I need to be content with 32 bytes.

Kind regards
Cornelius


Top
 Profile  
Reply with quote  
PostPosted: Mon Jul 14, 2014 9:01 am 
Offline
Site Admin
Site Admin

Joined: Wed Nov 14, 2012 2:59 pm
Posts: 666
ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -a 303132333435363738393a3b3c3d3e3f40414243

HMAC-SHA1 challenge-response
This method allows a challenge of up to 64 bytes (512 bits) to be
hashed using the HMAC-SHA1 algorithm with a 20-byte (160 bits)
secret

_________________
-Tom


Top
 Profile  
Reply with quote  
PostPosted: Mon Jul 14, 2014 9:54 am 
Offline

Joined: Fri Nov 22, 2013 1:03 am
Posts: 14
Location: Germany
Hi Tom,

yes, I read this, but when I use 64bytes, it does not work - while it works fine with 32bytes.
I am willing to provide you any additional information!

Kind regards
Cornelius


Top
 Profile  
Reply with quote  
PostPosted: Mon Jul 14, 2014 10:41 am 
Offline
Site Admin
Site Admin

Joined: Wed Nov 14, 2012 2:59 pm
Posts: 666
can you use KATs (Known Answer Tests) NIST PUB 198 A.2 test vectors?

http://opensource.yubico.com/yubikey-pe ... esp.1.html

_________________
-Tom


Top
 Profile  
Reply with quote  
PostPosted: Mon Jul 14, 2014 11:21 am 
Offline

Joined: Fri Nov 22, 2013 1:03 am
Posts: 14
Location: Germany
Hi Tom,

this test runs perfectly. But this challenge is <=32bytes.

And as soon as I use a challenge >32btes <=64bytes the python code does not produces the same result as the ykchalresp!

Kind regards
Cornelius


Top
 Profile  
Reply with quote  
PostPosted: Fri Jul 18, 2014 7:23 am 
Offline
Site Admin
Site Admin

Joined: Wed Nov 14, 2012 2:59 pm
Posts: 666
use ykchalresp.exe -1 -H -x

program the yubikey with the GUI

Could you use our Python code https://github.com/Yubico/python-yubico ... e_response

also, what version is your Yubikey firmware?

_________________
-Tom


Top
 Profile  
Reply with quote  
PostPosted: Fri Jul 18, 2014 9:40 am 
Offline

Joined: Fri Nov 22, 2013 1:03 am
Posts: 14
Location: Germany
Hi Tom,

(Read to the end, before clicking links - I have the error (my error) narrowed down)

I am running this python code to initialize the yubikey:
https://github.com/privacyidea/privacyi ... yubikey.py

roughlty it does this in MODE_OATH and challenge_response==True:

Code:
Cfg = YK.init_config()
key = binascii.hexlify(os.urandom(20))
Cfg.mode_challenge_response('h:' + key, type="HMAC")
Cfg.ticket_flag('APPEND_CR', False)
Cfg.extended_flag('SERIAL_API_VISIBLE', True)
YK.write_config(Cfg, slot=slot)


which pretty much looks the same to me like this https://github.com/Yubico/python-yubico ... t_test_key:
Code:
Cfg = YK.init_config()
key='h:303132333435363738393a3b3c3d3e3f40414243'
fg.mode_challenge_response(key, type='HMAC', variable=True)
Cfg.extended_flag('SERIAL_API_VISIBLE', True)
YK.write_config(Cfg, slot=slot)


But still it does not work out for me. The command line tool creates another response, than my python program does...
Code:
% ykchalresp -2 -H -x 175ff6a6b675906d748b2a2b74dce6dc2f065685f4a69caa7f65e2167015745f4162f1b508d1eef7f5b319cf4bf3f435daca4e387152005e253e4694e9091781
2008b987214e073127006e4166ef189242dbf035


OK, using my initialized key with some very basic python code:
Code:
cornelius@puckel ~/src/privacyideaadm (git)-[master] % python
Python 2.7.6 (default, Mar 22 2014, 22:59:56)
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import yubico
>>> import sys
>>> YK=yubico.find_yubikey()
>>> chal_hex="175ff6a6b675906d748b2a2b74dce6dc2f065685f4a69caa7f65e2167015745f4162f1b508d1eef7f5b319cf4bf3f435daca4e387152005e253e4694e9091781"
>>> import binascii
>>> chal = binascii.unhexlify(chal_hex)
>>> YK.challenge_response(chal, slot=2)
" \x08\xb9\x87!N\x071'\x00nAf\xef\x18\x92B\xdb\xf05"
>>> binascii.hexlify(YK.challenge_response(chal, slot=2))
'2008b987214e073127006e4166ef189242dbf035'
>>>


Well! This looks fine and produces the same response! So now I know the following:

1. My initialization is working fine.
2. My Yubikey is working fine
3. My response verification code has a problem with challenges larger than 32 bytes....

Thanks for you patience and help.
I will look into this.

Kind regards
Cornelius


Top
 Profile  
Reply with quote  
PostPosted: Fri Jul 18, 2014 10:01 am 
Offline

Joined: Fri Nov 22, 2013 1:03 am
Posts: 14
Location: Germany
Hm, I did some more digging:

The Yubikey calculates an HMAC SHA1 with the challenge.

So this is roughly my verification code:

Code:
>>> hexkey="7b6b585de517c96560f5bd0db211ea58ba1500ca"
>>> import binascii
>>> import hashlib
>>> import hmac
>>> chal_hex="175ff6a6b675906d748b2a2b74dce6dc2f065685f4a69caa7f65e2167015745f4162f1b508d1eef7f5b319cf4bf3f435daca4e387152005e253e4694e9091781"
>>> binascii.hexlify(hmac.new(binascii.unhexlify(hexkey), binascii.unhexlify(chal_hex), hashlib.sha1).digest())
'b8a53bf4d40db429029e89bfc5cd6057645b3ea6'


Indeed the 64 byte response of the python hmac libraray does not match the 64 byte response of the Yubikey.
The python HMAC lib and the Yubikey itself get the same responses for 32 byte, but not for 64 byte.
Thats bad, but at least I know the reason for this...

I tested this on Ubuntu 14.04LTS, with python 2.7.6.

Kind regards
Cornelius


Top
 Profile  
Reply with quote  
PostPosted: Mon Jul 28, 2014 7:48 am 
Offline
Site Admin
Site Admin

Joined: Thu Apr 19, 2012 1:45 pm
Posts: 148
Hello,

You seem to be using the hmac-lt64 option when programming the YubiKey. When this option is in effect the challenge is limited to 63 bytes, but may be less and any challenge longer than 63 bytes will be truncated to 63.
I've verified with a 2.2.3 key and a piece of perl that it behaves correctly with challenges up to 63 bytes. There might be bugs in the yubico-python code, so it'd be good if you could verify with both that and the ykchalresp utility.

/klas


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group