Introduction
This package make up the low-level C software development kit for the Yubico authentication device, the Yubikey. In particular:
AUTHORS, COPYING, NEWS, README, THANKS: Meta-information about the project.
yubikey.h: Prototypes for library.
yktoken.c, ykmodhex.c, ykhex.c, ykcrc.c, ykaes.c: Library implementation.
selftest.c: Library self tests.
modhex.c: Command-line tool for modhex encoding/decoding.
ykgenerate.c: Command line tool to construct and encrypt an OTP.
ykparse.c: Command line tool to decrypt and parse an OTP.
simple.mk: Simple makefile to build the above parts.
configure.ac, Makefile.am: Autoconf/Automake files.
libyubikey.map: Linker version script.
Building from version controlled sources
Skip to the next section if you are using an official packaged version, which is what we recommend.
You may check out the sources using SVN with the following command:
svn checkout http://yubico-c.googlecode.com/svn/trunk/ yubico-c
This will create a directory 'yubico-c'. Enter the directory:
cd yubico-c
You need to have autoconf, automake and libtool installed if you want to use the normal ./configure based approach. Use simple.mk if you don't want this step. Generate the build system using:
autoreconf --install
Building
To build using the Autoconf, automake and libtool infrastructure, which is recommend for more advanced purposes especially for cross-compilation and shared library support, build it as follows.
$ ./configure
$ make check install
Another way to build the package is by running 'make -f simple.mk check'. It will build each component, and also test it. See below for sample session. This is useful if you want to target a platform that doesn't support Autoconf/automake/libtool well.
$ make -f simple.mk check
cc -I. -Wall -g -c -o yktoken.o yktoken.c
cc -I. -Wall -g -c -o ykmodhex.o ykmodhex.c
cc -I. -Wall -g -c -o ykhex.o ykhex.c
cc -I. -Wall -g -c -o ykcrc.o ykcrc.c
cc -I. -Wall -g -c -o ykaes.o ykaes.c
cc -I. -Wall -g modhex.c yktoken.o ykmodhex.o ykhex.o ykcrc.o ykaes.o yubikey.h -o modhex
cc -I. -Wall -g ykparse.c yktoken.o ykmodhex.o ykhex.o ykcrc.o ykaes.o yubikey.h -o ykparse
cc -I. -Wall -g selftest.c yktoken.o ykmodhex.o ykhex.o ykcrc.o ykaes.o yubikey.h -o selftest
selftest.c: In function ‘main’:
selftest.c:163: warning: pointer targets in passing argument 3 of ‘yubikey_generate’ differ in signedness
./yubikey.h:76: note: expected ‘char *’ but argument is of type ‘uint8_t *’
cc -I. -Wall -g ykgenerate.c yktoken.o ykmodhex.o ykhex.o ykcrc.o ykaes.o yubikey.h -o ykgenerate
./selftest
modhex-encode("test") = ifhgieif
Modhex-1 success
modhex-decode("ifhgieif") = test
Modhex-2 success
hex-p("cbdefghijklnrtuv") = 1
Hex-3 success
hex-p("0123Xabc") = 0
Hex-3 success
hex-encode("test") = 74657374
Hex-1 success
hex-decode("74657374") = test
Hex-2 success
hex-p("0123456789abcdef") = 1
Hex-3 success
hex-p("0123Xabc") = 0
Hex-3 success
aes-decrypt (data=0123456789abcdef, key=abcdef0123456789)
=> 838a467f34639551755bd32a4a2f15e1
AES-1 success
AES-2 success
OTP-1 success
$ Command-line tools
The "modhex" program converts data between modhex, normal hex, and binary form.
The "ykparse" program decrypts and parses one OTP given the OTP and the AES key corresponding to that Yubikey.
The "ykgenerate" program constructs and encrypts one OTP given AES key and internal data values.
Example usage:
$ ./modhex test
ifhgieif
$ ./modhex -d ifhgieif; echo
test
$ ./modhex -h b565716f
nghgibhv
$ ./modhex -h -d nghgibhv
b565716f
$ ./ykparse ecde18dbe76fbd0c33330f1c354871db dteffujedcflcindvdbrblehecuitvjkjevvehjd
warning: overlong token, ignoring prefix: dteffuje
Input:
token: dcflcindvdbrblehecuitvjkjevvehjd
20 4a 07 b2 f2 1c 1a 36 30 e7 df 89 83 ff 36 82
aeskey: ecde18dbe76fbd0c33330f1c354871db
ec de 18 db e7 6f bd 0c 33 33 0f 1c 35 48 71 db
Output:
87 92 eb fe 26 cc 13 00 a8 c0 00 10 b4 08 6f 5b
Struct:
uid: 87 92 eb fe 26 cc
counter: 19 (0x0013)
timestamp (low): 49320 (0xc0a8)
timestamp (high): 0 (0x00)
session use: 16 (0x10)
random: 2228 (0x8b4)
crc: 23407 (0x5b6f)
Derived:
cleaned counter: 19 (0x0013)
modhex uid: jikdunvudhrr
triggered by caps lock: no
crc: F0B8
crc check: ok
$ ./ykparse ecde18dbe76fbd0c33330f1c354871db dteffujehknhfjbrjnlnldnhcujvddbikngjrtgh
warning: overlong token, ignoring prefix: dteffuje
Input:
token: hknhfjbrjnlnldnhcujvddbikngjrtgh
69 b6 48 1c 8b ab a2 b6 0e 8f 22 17 9b 58 cd 56
aeskey: ecde18dbe76fbd0c33330f1c354871db
ec de 18 db e7 6f bd 0c 33 33 0f 1c 35 48 71 db
Output:
87 92 eb fe 26 cc 13 00 30 c2 00 11 c8 9f 23 c8
Struct:
uid: 87 92 eb fe 26 cc
counter: 19 (0x0013)
timestamp (low): 49712 (0xc230)
timestamp (high): 0 (0x00)
session use: 17 (0x11)
random: 40904 (0x9fc8)
crc: 51235 (0xc823)
Derived:
cleaned counter: 19 (0x0013)
modhex uid: jikdunvudhrr
triggered by caps lock: no
crc: F0B8
crc check: ok
$ ./ykgenerate ecde18dbe76fbd0c33330f1c354871db 8792ebfe26cc 0013 c0a8 00 10
hcfktknicvbcnhbkvigcfhgddhhhrknc
$ ./ykparse ecde18dbe76fbd0c33330f1c354871db `./ykgenerate ecde18dbe76fbd0c33330f1c354871db 8792ebfe26cc 0013 c0a8 00 10`
Input:
token: lihggvrgffbjnrehcgnkvknjkvubeekr
a7 65 5f c5 44 18 bc 36 05 b9 f9 b8 9f e1 33 9c
aeskey: ecde18dbe76fbd0c33330f1c354871db
ec de 18 db e7 6f bd 0c 33 33 0f 1c 35 48 71 db
Output:
87 92 eb fe 26 cc 13 00 a8 c0 00 10 95 44 ec e9
Struct:
uid: 87 92 eb fe 26 cc
counter: 19 (0x0013)
timestamp (low): 49320 (0xc0a8)
timestamp (high): 0 (0x00)
session use: 16 (0x10)
random: 17557 (0x4495)
crc: 59884 (0xe9ec)
Derived:
cleaned counter: 19 (0x0013)
modhex uid: jikdunvudhrr
triggered by caps lock: no
crc: F0B8
crc check: ok
$Questions?
Talk to <simon@yubico.com>.
