Skip to content
Permalink
Browse files

Remove whitespace from key during Yubikey token initialization

Closes #1735
  • Loading branch information...
fredreichbier committed Jul 22, 2019
1 parent e98cefa commit 828f13e5341f56062865deb28266c6ac24eb27e4
@@ -49,8 +49,7 @@ initialized the yubikey with the external *ykpersonalize* tool.

When using the yubikey personalization GUI you need to copy the value of
"Secret Key (16 bytes Hex)". This is the secret OTP key, which you need to
copy and paste in the field "OTP Key" in the privacyIDEA Web UI. (Remove
possible white spaces!)
copy and paste in the field "OTP Key" in the privacyIDEA Web UI.

.. figure:: images/enroll_yubikey.png
:width: 500
@@ -456,5 +456,10 @@ def check_yubikey_pass(passw):

@log_with(log)
def update(self, param, reset_failcount=True):
TokenClass.update(self, param, reset_failcount)
update_params = param.copy()
# As the secret is usually copy-pasted from the Yubikey personalization GUI,
# which separates hexlified bytes by spaces, we remove all spaces from the OTP key.
if "otpkey" in update_params:
update_params["otpkey"] = update_params["otpkey"].replace(" ", "")
TokenClass.update(self, update_params, reset_failcount)
self.add_tokeninfo("tokenkind", TOKENKIND.HARDWARE)
@@ -38,7 +38,7 @@ <h4 translate>Token data</h4>

<div class="form-group">
<label for="otpkey" translate>OTP Key</label>
<input type="text" ng-pattern="/^[0-9a-fA-F]*$/"
<input type="text" ng-pattern="/^[0-9a-fA-F ]*$/"
ng-init="form.genkey=false"
autofocus
class="form-control"
@@ -199,6 +199,43 @@ def test_10_api_endpoint(self):
self.assertTrue("status=OK" in result, result)
self.assertTrue("nonce={0!s}".format(nonce) in result, result)

def test_11_strip_whitespace(self):
fixed = "ebedeeefegeheiej"
# The backend automatically strips whitespace from the OTP key
otpkey = "cc 17 a4 d7 7e ae d9 6e 9d 14 b5 c8 7a 02 e7 18"
uid = "000000000000"
otps = ["ebedeeefegeheiejtjtrutblehenfjljrirgdihrfuetljtt",
"ebedeeefegeheiejlekvlrlkrcluvctenlnnjfknrhgtjned",
"ebedeeefegeheiejktudedbktcnbuntrhdueikggtrugckij",
"ebedeeefegeheiejjvjncbnffdrvjcvrbgdfufjgndfetieu",
"ebedeeefegeheiejdruibhvlvktcgfjiruhltketifnitbuk"
]

token = init_token({"type": "yubikey",
"otpkey": otpkey,
"otplen": len(otps[0]),
"yubikey.prefix": fixed,
"serial": "UBAM12345678_1"})

builder = EnvironBuilder(method='GET',
headers={})
env = builder.get_environ()
# Set the remote address so that we can filter for it
env["REMOTE_ADDR"] = "10.0.0.1"
g.client_ip = env["REMOTE_ADDR"]
req = Request(env)
nonce = "random nonce"
apiid = "hallo"
apikey = "1YMEbMZijD3DzL21UfKGnOOI13c="
set_privacyidea_config("yubikey.apiid.{0!s}".format(apiid), apikey)
req.all_data = {'id': apiid,
"otp": otps[0],
"nonce": nonce}
text_type, result = YubikeyTokenClass.api_endpoint(req, g)
self.assertEqual(text_type, "plain")
self.assertTrue("status=OK" in result, result)
self.assertTrue("nonce={0!s}".format(nonce) in result, result)

def test_98_wrong_tokenid(self):
db_token = Token.query.filter(Token.serial == self.serial1).first()
token = YubikeyTokenClass(db_token)

0 comments on commit 828f13e

Please sign in to comment.
You can’t perform that action at this time.