YubiKey C low-level library (libyubikey)
C
Pull request Compare This branch is 87 commits behind Yubico:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
m4
tests
.gitignore
AUTHORS
COPYING
Makefile.am
NEWS
README
THANKS
configure.ac
libyubikey.map
modhex.c
simple.mk
test-vectors.txt
ykaes.c
ykcrc.c
ykgenerate.c
ykhex.c
ykmodhex.c
ykparse.c
yktoken.c
yubikey.h

README

Introduction

This package make up the low-level C software development kit for the
Yubico authentication device, the YubiKey.  In particular:

* AUTHORS, COPYING, NEWS, README, THANKS: Meta-information about the project.

* yubikey.h: Prototypes for library.

* yktoken.c, ykmodhex.c, ykhex.c, ykcrc.c, ykaes.c: Library implementation.

* selftest.c: Library self tests.

* modhex.c: Command-line tool for modhex encoding/decoding.

* ykgenerate.c: Command line tool to construct and encrypt an OTP.

* ykparse.c: Command line tool to decrypt and parse an OTP.

* simple.mk: Simple makefile to build the above parts.

* configure.ac, Makefile.am: Autoconf/Automake files.

* libyubikey.map: Linker version script.


License

The project is licensed under a BSD license.  See the file COPYING for
exact wording.  For any copyright year range specified as YYYY-ZZZZ in
this package note that the range specifies every single year in that
closed interval.


Building from version controlled sources

Skip to the next section if you are using an official packaged
version, which is what we recommend.

You may check out the sources using GIT with the following command:

  git clone git://github.com/Yubico/yubico-c.git

This will create a directory 'yubico-c'.  Enter the directory:

  cd yubico-c

You need to have autoconf, automake and libtool installed if you want
to use the normal ./configure based approach.  Use simple.mk if you
don't want this step.  Generate the build system using:

  autoreconf --install


Building

To build using the Autoconf, automake and libtool infrastructure,
which is recommend for more advanced purposes especially for
cross-compilation and shared library support, build it as follows.

  $ ./configure
  $ make check install

Another way to build the package is by running 'make -f simple.mk
check'.  It will build each component, and also test it.  See below
for sample session.  This is useful if you want to target a platform
that doesn't support Autoconf/automake/libtool well.

  $ make -f simple.mk check
  cc -I. -Wall -g   -c -o yktoken.o yktoken.c
  cc -I. -Wall -g   -c -o ykmodhex.o ykmodhex.c
  cc -I. -Wall -g   -c -o ykhex.o ykhex.c
  cc -I. -Wall -g   -c -o ykcrc.o ykcrc.c
  cc -I. -Wall -g   -c -o ykaes.o ykaes.c
  cc -I. -Wall -g    modhex.c yktoken.o ykmodhex.o ykhex.o ykcrc.o ykaes.o yubikey.h   -o modhex
  cc -I. -Wall -g    ykparse.c yktoken.o ykmodhex.o ykhex.o ykcrc.o ykaes.o yubikey.h   -o ykparse
  cc -I. -Wall -g    selftest.c yktoken.o ykmodhex.o ykhex.o ykcrc.o ykaes.o yubikey.h   -o selftest
  selftest.c: In function ‘main’:
  selftest.c:163: warning: pointer targets in passing argument 3 of ‘yubikey_generate’ differ in signedness
  ./yubikey.h:76: note: expected ‘char *’ but argument is of type ‘uint8_t *’
  cc -I. -Wall -g    ykgenerate.c yktoken.o ykmodhex.o ykhex.o ykcrc.o ykaes.o yubikey.h   -o ykgenerate
  ./selftest
  modhex-encode("test") = ifhgieif
  Modhex-1 success
  modhex-decode("ifhgieif") = test
  Modhex-2 success
  hex-p("cbdefghijklnrtuv") = 1
  Hex-3 success
  hex-p("0123Xabc") = 0
  Hex-3 success
  hex-encode("test") = 74657374
  Hex-1 success
  hex-decode("74657374") = test
  Hex-2 success
  hex-p("0123456789abcdef") = 1
  Hex-3 success
  hex-p("0123Xabc") = 0
  Hex-3 success
  aes-decrypt (data=0123456789abcdef, key=abcdef0123456789)
   => 838a467f34639551755bd32a4a2f15e1
  AES-1 success
  AES-2 success
  OTP-1 success
  $


Command-line tools

The "modhex" program converts data between modhex, normal hex, and
binary form.

The "ykparse" program decrypts and parses one OTP given the OTP and
the AES key corresponding to that YubiKey.

The "ykgenerate" program constructs and encrypts one OTP given AES key
and internal data values.

Example usage:

  $ ./modhex test
  ifhgieif
  $ ./modhex -d ifhgieif; echo
  test
  $ ./modhex -h b565716f
  nghgibhv
  $ ./modhex -h -d nghgibhv
  b565716f
  $ ./ykparse ecde18dbe76fbd0c33330f1c354871db dteffujedcflcindvdbrblehecuitvjkjevvehjd
  warning: overlong token, ignoring prefix: dteffuje
  Input:
    token: dcflcindvdbrblehecuitvjkjevvehjd
            20 4a 07 b2 f2 1c 1a 36 30 e7 df 89 83 ff 36 82
    aeskey: ecde18dbe76fbd0c33330f1c354871db
            ec de 18 db e7 6f bd 0c 33 33 0f 1c 35 48 71 db
  Output:
            87 92 eb fe 26 cc 13 00 a8 c0 00 10 b4 08 6f 5b

  Struct:
    uid: 87 92 eb fe 26 cc
    counter: 19 (0x0013)
    timestamp (low): 49320 (0xc0a8)
    timestamp (high): 0 (0x00)
    session use: 16 (0x10)
    random: 2228 (0x8b4)
    crc: 23407 (0x5b6f)

  Derived:
    cleaned counter: 19 (0x0013)
    modhex uid: jikdunvudhrr
    triggered by caps lock: no
    crc: F0B8
    crc check: ok
  $ ./ykparse ecde18dbe76fbd0c33330f1c354871db dteffujehknhfjbrjnlnldnhcujvddbikngjrtgh
  warning: overlong token, ignoring prefix: dteffuje
  Input:
    token: hknhfjbrjnlnldnhcujvddbikngjrtgh
            69 b6 48 1c 8b ab a2 b6 0e 8f 22 17 9b 58 cd 56
    aeskey: ecde18dbe76fbd0c33330f1c354871db
            ec de 18 db e7 6f bd 0c 33 33 0f 1c 35 48 71 db
  Output:
            87 92 eb fe 26 cc 13 00 30 c2 00 11 c8 9f 23 c8

  Struct:
    uid: 87 92 eb fe 26 cc
    counter: 19 (0x0013)
    timestamp (low): 49712 (0xc230)
    timestamp (high): 0 (0x00)
    session use: 17 (0x11)
    random: 40904 (0x9fc8)
    crc: 51235 (0xc823)

  Derived:
    cleaned counter: 19 (0x0013)
    modhex uid: jikdunvudhrr
    triggered by caps lock: no
    crc: F0B8
    crc check: ok
  $ ./ykgenerate ecde18dbe76fbd0c33330f1c354871db 8792ebfe26cc 0013 c0a8 00 10
  hcfktknicvbcnhbkvigcfhgddhhhrknc
  $ ./ykparse ecde18dbe76fbd0c33330f1c354871db `./ykgenerate ecde18dbe76fbd0c33330f1c354871db 8792ebfe26cc 0013 c0a8 00 10`
  Input:
    token: lihggvrgffbjnrehcgnkvknjkvubeekr
            a7 65 5f c5 44 18 bc 36 05 b9 f9 b8 9f e1 33 9c
    aeskey: ecde18dbe76fbd0c33330f1c354871db
            ec de 18 db e7 6f bd 0c 33 33 0f 1c 35 48 71 db
  Output:
            87 92 eb fe 26 cc 13 00 a8 c0 00 10 95 44 ec e9

  Struct:
    uid: 87 92 eb fe 26 cc
    counter: 19 (0x0013)
    timestamp (low): 49320 (0xc0a8)
    timestamp (high): 0 (0x00)
    session use: 16 (0x10)
    random: 17557 (0x4495)
    crc: 59884 (0xe9ec)

  Derived:
    cleaned counter: 19 (0x0013)
    modhex uid: jikdunvudhrr
    triggered by caps lock: no
    crc: F0B8
    crc check: ok
  $


Questions?

Talk to <yubico-devel@googlegroups.com>.