Skip to content
Permalink
Browse files

Merge pull request #1754 from privacyidea/1735/yubikey-spaces

Remove whitespace from key during Yubikey token initialization
  • Loading branch information...
plettich committed Jul 23, 2019
2 parents e98cefa + 828f13e commit 96b3e18c63814b771242c1e42cd3ff7109e5b9db
@@ -49,8 +49,7 @@ initialized the yubikey with the external *ykpersonalize* tool.

When using the yubikey personalization GUI you need to copy the value of
"Secret Key (16 bytes Hex)". This is the secret OTP key, which you need to
copy and paste in the field "OTP Key" in the privacyIDEA Web UI. (Remove
possible white spaces!)
copy and paste in the field "OTP Key" in the privacyIDEA Web UI.

.. figure:: images/enroll_yubikey.png
:width: 500
@@ -456,5 +456,10 @@ def check_yubikey_pass(passw):

@log_with(log)
def update(self, param, reset_failcount=True):
TokenClass.update(self, param, reset_failcount)
update_params = param.copy()
# As the secret is usually copy-pasted from the Yubikey personalization GUI,
# which separates hexlified bytes by spaces, we remove all spaces from the OTP key.
if "otpkey" in update_params:
update_params["otpkey"] = update_params["otpkey"].replace(" ", "")
TokenClass.update(self, update_params, reset_failcount)
self.add_tokeninfo("tokenkind", TOKENKIND.HARDWARE)
@@ -38,7 +38,7 @@ <h4 translate>Token data</h4>

<div class="form-group">
<label for="otpkey" translate>OTP Key</label>
<input type="text" ng-pattern="/^[0-9a-fA-F]*$/"
<input type="text" ng-pattern="/^[0-9a-fA-F ]*$/"
ng-init="form.genkey=false"
autofocus
class="form-control"
@@ -199,6 +199,43 @@ def test_10_api_endpoint(self):
self.assertTrue("status=OK" in result, result)
self.assertTrue("nonce={0!s}".format(nonce) in result, result)

def test_11_strip_whitespace(self):
fixed = "ebedeeefegeheiej"
# The backend automatically strips whitespace from the OTP key
otpkey = "cc 17 a4 d7 7e ae d9 6e 9d 14 b5 c8 7a 02 e7 18"
uid = "000000000000"
otps = ["ebedeeefegeheiejtjtrutblehenfjljrirgdihrfuetljtt",
"ebedeeefegeheiejlekvlrlkrcluvctenlnnjfknrhgtjned",
"ebedeeefegeheiejktudedbktcnbuntrhdueikggtrugckij",
"ebedeeefegeheiejjvjncbnffdrvjcvrbgdfufjgndfetieu",
"ebedeeefegeheiejdruibhvlvktcgfjiruhltketifnitbuk"
]

token = init_token({"type": "yubikey",
"otpkey": otpkey,
"otplen": len(otps[0]),
"yubikey.prefix": fixed,
"serial": "UBAM12345678_1"})

builder = EnvironBuilder(method='GET',
headers={})
env = builder.get_environ()
# Set the remote address so that we can filter for it
env["REMOTE_ADDR"] = "10.0.0.1"
g.client_ip = env["REMOTE_ADDR"]
req = Request(env)
nonce = "random nonce"
apiid = "hallo"
apikey = "1YMEbMZijD3DzL21UfKGnOOI13c="
set_privacyidea_config("yubikey.apiid.{0!s}".format(apiid), apikey)
req.all_data = {'id': apiid,
"otp": otps[0],
"nonce": nonce}
text_type, result = YubikeyTokenClass.api_endpoint(req, g)
self.assertEqual(text_type, "plain")
self.assertTrue("status=OK" in result, result)
self.assertTrue("nonce={0!s}".format(nonce) in result, result)

def test_98_wrong_tokenid(self):
db_token = Token.query.filter(Token.serial == self.serial1).first()
token = YubikeyTokenClass(db_token)

0 comments on commit 96b3e18

Please sign in to comment.
You can’t perform that action at this time.