profile
viewpoint

Yubico/pam-u2f 343

Pluggable Authentication Module (PAM) for U2F

Yubico/libu2f-host 311

Yubico Universal 2nd Factor (U2F) Host C Library

Yubico/php-u2flib-server 288

U2F library in PHP

Yubico/python-u2flib-server 270

Python based U2F server library

Yubico/libfido2 209

Provides library functionality for FIDO 2.0, including communication with a device over USB.

Yubico/python-fido2 197

Provides library functionality for FIDO 2.0, including communication with a device over USB.

Yubico/python-yubico 186

Python code to talk to YubiKeys

Yubico/java-webauthn-server 157

Server-side Web Authentication library for Java https://www.w3.org/TR/webauthn/#rp-operations

Yubico/php-yubico 131

PHP class for Yubico authentication

Yubico/java-u2flib-server 129

(DEPRECATED) Java server-side library for U2F

startedYubico/java-webauthn-server

started time in 16 minutes

PR opened Yubico/python-fido2

Bump cryptography from 2.8 to 3.2 in /examples/server

Bumps cryptography from 2.8 to 3.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst">cryptography's changelog</a>.</em></p> <blockquote> <p>3.2 - 2020-10-25</p> <pre><code>

  • SECURITY ISSUE: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability and a future release will contain a new API which is designed to be resilient to these for contexts where it is required. Credit to Hubert Kario for reporting the issue. CVE-2020-25659
  • Support for OpenSSL 1.0.2 has been removed. Users on older version of OpenSSL will need to upgrade.
  • Added basic support for PKCS7 signing (including SMIME) via :class:~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7SignatureBuilder. <p>.. _v3-1-1:</p> <p>3.1.1 - 2020-09-22 </code></pre></p> <ul> <li>Updated Windows, macOS, and <code>manylinux</code> wheels to be compiled with OpenSSL 1.1.1h.</li> </ul> <p>.. _v3-1:</p> <p>3.1 - 2020-08-26</p> <pre><code>
  • BACKWARDS INCOMPATIBLE: Removed support for idna based :term:U-label parsing in various X.509 classes. This support was originally deprecated in version 2.1 and moved to an extra in 2.5.
  • Deprecated OpenSSL 1.0.2 support. OpenSSL 1.0.2 is no longer supported by the OpenSSL project. The next version of cryptography will drop support for it.
  • Deprecated support for Python 3.5. This version sees very little use and will be removed in the next release.
  • backend arguments to functions are no longer required and the default backend will automatically be selected if no backend is provided.
  • Added initial support for parsing certificates from PKCS7 files with :func:~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates and :func:~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates .
  • Calling update or update_into on :class:~cryptography.hazmat.primitives.ciphers.CipherContext with data longer than 2\ :sup:31 bytes no longer raises an OverflowError. This also resolves the same issue in :doc:/fernet. <p>.. _v3-0:</p> <p>3.0 - 2020-07-20 </tr></table> </code></pre></p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pyca/cryptography/commit/c9e65222c91df8b6f61650a3460e30232962c1e0"><code>c9e6522</code></a> 3.2 release (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5508">#5508</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494"><code>58494b4</code></a> Attempt to mitigate Bleichenbacher attacks on RSA decryption (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5507">#5507</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/cf9bd6a36bc7b05abca114b76e216598d9ad9b16"><code>cf9bd6a</code></a> move blinding to <strong>init</strong> on both RSA public and private (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5506">#5506</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/bf4b962f4b92a1633835b2d17974f18de2d61620"><code>bf4b962</code></a> be more verbose in the 102 deprecation notice (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5505">#5505</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/ada53e7ca0f04a33711c330a130d34376e5ecc2b"><code>ada53e7</code></a> make the regexes for branches more strict (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5504">#5504</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/8be1d4b1113eabea306dd60ab64e7f00815d6a52"><code>8be1d4b</code></a> Stop using <a href="https://github.com/master">@master</a> for GH actions (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5503">#5503</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/08a97cca715ca0842d6792d0079e351efbb48ec9"><code>08a97cc</code></a> Bump actions/upload-artifact from v1 to v2.2.0 (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5502">#5502</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/52a0e44e97dd6e150509b14c9b1f76a261f12786"><code>52a0e44</code></a> Add a dependabot configuration to bump our github actions (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5501">#5501</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/611c4a340f6c53a7e28a9695a3248bd4e9f8558d"><code>611c4a3</code></a> PKCS7SignatureBuilder now supports new option NoCerts when signing (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5500">#5500</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/836a92a28fbe9df8c37121e340b91ed9cd519ddd"><code>836a92a</code></a> chunking didn't actually work (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5499">#5499</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pyca/cryptography/compare/2.8...3.2">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+88 -71

0 comment

1 changed file

pr created time in 2 hours

push eventYubico/yubikey-manager

Dain Nilsson

commit sha 184c9f74865d3cd0ad19506e963b85a63d93bd56

Log more system info.

view details

Dain Nilsson

commit sha 08f3ae0bcd16daaf0b756d68258aae24ce33eb21

Refactor ykman.piv to get rid of PivController.

view details

push time in 6 hours

startedYubico/libfido2

started time in 7 hours

push eventYubico/yubihsm-shell

Aveen Ismail

commit sha cf4b6e2a01d84cef740ca7eb7190f43d3a6160ce

Adjustments for AppleClang

view details

push time in 9 hours

push eventYubico/yubihsm-shell

Aveen Ismail

commit sha dfd56280df1d401f327d922023d353e4903ec2f4

Adjustments for AppleClang

view details

push time in 9 hours

pull request commentYubico/python-u2flib-server

Support newer metdata formats

Thanks for the further explanation. I agree that there doesn't seem to be a better alternative for you at the moment, as long as the client is stuck on U2F. On an informal basis, I don't disagree with "it's no longer maintained, we accept patches and will release on an as possible basis". Since we can't figure out a good workaround for you I'll make sure we do merge this PR and make a new PyPI release. Not sure exactly when I'll be able to get around to it, but "soonish" I hope.

archoversight

comment created time in 9 hours

push eventYubico/yubihsm-shell

Aveen Ismail

commit sha bd1f038896e3f92b9e29ee216633887b9b303ec3

Adjustments for AppleClang

view details

push time in 11 hours

push eventYubico/yubikey-manager

Dain Nilsson

commit sha c897961a64fd7a9b503788b5839d3a31ed067b91

Fix get_pin_retries.

view details

Dain Nilsson

commit sha a5a4559f7d5c1b41077ea0d4b49916ecb4d63499

Make list_all_devices return devices.

view details

Dain Nilsson

commit sha 9199505cbf377b4d9f0c05cb3241d5d5f60f7da1

Make sure DeviceInfo always has a version.

view details

Dain Nilsson

commit sha 74a152e2ec9227823f04d7c7a158dd28b52565ab

Print warning to stderr if PC/SC isn't available.

view details

push time in 13 hours

issue commentYubico/libfido2

FreeBSD fido2 and ssh-keygen

If you change this line to include || defined(__FreeBSD__), does anything change?

I seem to recall usage_page being unset on FreeBSD, which means libfido2 cannot distinguish between the OTP and FIDO HID interfaces. It might also be worth looking into https://github.com/libusb/hidapi instead of https://github.com/signal11/hidapi - the FreeBSD port uses the latter. From a glance at libusb/hidapi and FreeBSD's libusb code, it should be working.

-p.

nicocaille

comment created time in a day

issue commentYubico/libfido2

FreeBSD fido2 and ssh-keygen

I have recompiled the port with the option --with-security-key-builtin, i checked the output with a grep on fido2:

checking if /usr/local/bin/pkg-config knows about libfido2... yes
[...]
checking for fido_init in -lfido2... yes
[...]
cc -o ssh-sk-helper ssh-sk-helper.o ssh-sk.o sk-usbhid.o -L. -Lopenbsd-compat/ -L/usr/local/lib  -Wl,-rpath,/usr/local/lib -fstack-protector-strong  -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -L/usr/local/lib -L/usr/local/lib -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lcrypto -lldns -lz -L/usr/local/lib -lutil -lcrypt -L/usr/local/lib -lfido2 -lcrypto

I try again and it looks like it get to talk to the device but still fails:

/usr/local/bin/ssh-keygen -t ed25519-sk -f ~/.ssh/id_ed25519-sk -v
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
debug1: start_helper: starting /usr/local/libexec/ssh-sk-helper 
debug1: sshsk_enroll: provider "internal", device "(null)", application "ssh:", userid "(null)", flags 0x01, challenge len 0
debug1: sshsk_enroll: using random challenge
debug1: ssh_sk_enroll: using device 0000:0002:00
cdebug1: ssh_sk_enroll: fido_dev_open: FIDO_ERR_RX
debug1: sshsk_enroll: provider "internal" returned failure -1
debug1: ssh-sk-helper: Enrollment failed: invalid format
debug1: ssh-sk-helper: reply len 8
debug1: client_converse: helper returned error -4
Key enrollment failed: invalid format

I have noticed something though, when i do the fido2-token -L i get two items for the only one key plugged:

root@builder:~ # fido2-token -L
0000:0004:00: vendor=0x046d, product=0xc52b (Logitech USB Receiver)
0000:0004:01: vendor=0x046d, product=0xc52b (Logitech USB Receiver)
0000:0004:02: vendor=0x046d, product=0xc52b (Logitech USB Receiver)
0002:0008:00: vendor=0x05ac, product=0x8242 (Apple, Inc. IR Receiver)
0000:0002:00: vendor=0x1050, product=0x0407 (Yubico YubiKey OTP+FIDO+CCID)
0000:0002:01: vendor=0x1050, product=0x0407 (Yubico YubiKey OTP+FIDO+CCID)

The ssh-keygen is talking to 0000:0002:00 although if i query this device via the fido2-token -I it just hangs and i have to kill it (ctrl+c) but if i query the other "address" i get the correct answer:

root@builder:~ # fido2-token -I "0000:0002:00"
^C
root@builder:~ # fido2-token -I "0000:0002:01"
proto: 0x02
major: 0x05
minor: 0x02
build: 0x04
caps: 0x05 (wink, cbor, msg)
version strings: U2F_V2, FIDO_2_0, FIDO_2_1_PRE
extension strings: credProtect, hmac-secret
aaguid: 2fc05[...]8db9202a
options: rk, up, noplat, clientPin, credentialMgmtPreview
maxmsgsiz: 1200
maxcredcntlst: 8
maxcredlen: 128
fwversion: 0x0
pin protocols: 1
pin retries: 8

I have tried with different generations of yubikeys (Neo, Y4, Y5), on FreeBSD, it always shows two lines for one device for fido2-token -L

nicocaille

comment created time in a day

issue commentYubico/libfido2

FreeBSD fido2 and ssh-keygen

Hi,

yes it looks weird that this flag is not enabled or at least an option from the ports. I tried what you suggested and it still doesn't work:

root@builder:~ # /usr/local/bin/ssh-keygen -t ed25519-sk -f ~/.ssh/id_mykey_sk -C id_mykey_sk -w "/root/libsk-libfido2.so" -v
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
debug1: start_helper: starting /usr/local/libexec/ssh-sk-helper
debug1: sshsk_enroll: provider "/root/libsk-libfido2.so", device "(null)", application "ssh:", userid "(null)", flags 0x01, challenge len 0
debug1: sshsk_enroll: using random challenge
debug1: sshsk_open: provider /root/libsk-libfido2.so implements version 0x00040000
debug1: sshsk_enroll: provider "/root/libsk-libfido2.so" returned failure -1
debug1: ssh-sk-helper: Enrollment failed: invalid format
debug1: ssh-sk-helper: reply len 8
debug1: client_converse: helper returned error -4
Key enrollment failed: invalid format

I will try to recompile openssh-portable from the ports with the config option --with-security-key-builtin. I will also ask the port maintainer to have this enabled if possible.

Thanks

nicocaille

comment created time in a day

issue commentYubico/yubico-piv-tool

yubico-piv-tool import SSH certificate

Any comment on this?

mcarrer

comment created time in a day

startedYubico/yubikit-android

started time in a day

issue commentYubico/libfido2

FreeBSD fido2 and ssh-keygen

Hi,

ssh-keygen -w takes the path to a library implementing communication with FIDO2 devices. To build this library, please follow the steps at https://github.com/pts/external-sk-libfido2/blob/master/README.txt#L62-L69. These extra steps are needed because FreeBSD's port of OpenSSH does not appear to be built with --with-security-key-builtin.

-p.

nicocaille

comment created time in a day

push eventYubico/yubihsm-shell

Per Nilsson

commit sha ead8b15ed15340057a7faf578ab250abf8c10b5a

Avoid segfault if libusb_init fails (Linux subsystem on Windows)

view details

push time in a day

push eventYubico/yubihsm-shell

Per Nilsson

commit sha 9fc3db43105a8c41799f7c2f2b2b8656fc5d20d0

Added Ubuntu Focal to Travis builds

view details

push time in a day

issue openedYubico/libfido2

FreeBSD fido2 and ssh-keygen

Hello,

I am not sure this is relevant to the library itself but I cannot manage to generate an ed25519-sk ssh key from FreeBSD 12.1-RELEASE. The Yubikey is recognized and I am using the latest versions of the different libs:

root@builder:~ # pkg info | grep libfido2
libfido2-1.5.0                 Provides library functionality for FIDO 2.0

root@builder:~ # pkg info | grep openssh-portable
openssh-portable-8.2.p1_1,1    The portable version of OpenBSD's OpenSSH

root@builder:~ # pkg info | grep libudev-devd
libudev-devd-0.4.2_1           libudev-compatible interface for devd

root@builder:~ # cat /etc/devfs.rules
[localrules=5]
add path 'uhid*'    mode 0660 group operator
add path 'da*'    mode 0660 group operator
add path 'cd*'    mode 0660 group operator
add path 'uscanner*'    mode 0660 group operator
add path 'xpt*' mode 660 group operator
add path 'pass*' mode 660 group operator
add path 'md*' mode 0660 group operator
add path 'msdosfs/*' mode 0660 group operator
add path 'ext2fs/*' mode 0660 group operator
add path 'ntfs/*' mode 0660 group operator
add path 'usb/*' mode 0660 group operator

root@builder:~ # fido2-token -L
0000:0004:00: vendor=0x046d, product=0xc52b (Logitech USB Receiver)
0000:0004:01: vendor=0x046d, product=0xc52b (Logitech USB Receiver)
0000:0004:02: vendor=0x046d, product=0xc52b (Logitech USB Receiver)
0002:0008:00: vendor=0x05ac, product=0x8242 (Apple, Inc. IR Receiver)
0000:0002:00: vendor=0x1050, product=0x0407 (Yubico YubiKey OTP+FIDO+CCID)
0000:0002:01: vendor=0x1050, product=0x0407 (Yubico YubiKey OTP+FIDO+CCID)

root@builder:~ # dmesg |grep Yubico
ugen0.2: <Yubico YubiKey OTP+FIDO+CCID> at usbus0
ukbd0: <Yubico YubiKey OTP+FIDO+CCID, class 0/0, rev 2.00/5.24, addr 1> on usbus0
[14] uhid0: <Yubico YubiKey OTP+FIDO+CCID, class 0/0, rev 2.00/5.24, addr 1> on usbus0
[31789] ugen0.2: <Yubico YubiKey OTP+FIDO+CCID> at usbus0 (disconnected)
[65986] ugen0.2: <Yubico YubiKey OTP+FIDO+CCID> at usbus0
[65986] ukbd0: <Yubico YubiKey OTP+FIDO+CCID, class 0/0, rev 2.00/5.24, addr 4> on usbus0
[65986] uhid0: <Yubico YubiKey OTP+FIDO+CCID, class 0/0, rev 2.00/5.24, addr 4> on usbus0

I have tried several combinations for the ssh-keygen:

root@builder:~ # /usr/local/bin/ssh-keygen -t ed25519-sk -w /dev/uhid0 -f .ssh/id_ed25519_sk
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
Provider "/dev/uhid0" dlopen failed: /dev/uhid0: invalid file format
Key enrollment failed: invalid format

root@builder:~ # /usr/local/bin/ssh-keygen -t ed25519-sk -w /dev/ugen0.2 -f /root/.ssh/id_ed25519_sk
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
Provider "/dev/ugen0.2" dlopen failed: /dev/ugen0.2: invalid file format
Key enrollment failed: invalid format

root@builder:~ # /usr/local/bin/ssh-keygen -t ed25519-sk -w /dev/fido -f .ssh/id_ed25519_sk
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
Provider "/dev/fido" dlopen failed: /dev/fido: invalid file format
Key enrollment failed: invalid format

Has anyone successfully managed to generate ED25519-SK on FreeBSD?

Thanks

created time in a day

push eventYubico/yubihsm-shell

Per Nilsson

commit sha 1bf6a517323c524d62fe1df755669f0802032b52

Tweaked docs

view details

Per Nilsson

commit sha 130bf4e2e4d898fd4bccff68e28f3aa718f84053

Seems we need to set a value

view details

push time in a day

push eventYubico/yubihsm-shell

Per Nilsson

commit sha 8d2db19736166ebe45219ca20c69526ea9144c2c

Allow OpenSSL 1.0.2 for hazmat

view details

push time in 2 days

PR closed Yubico/yubikey-manager

Fix typo in `ykman openpgp set-touch` help message

Discovered by lintian (the Debian package linter) in manpages generated by click-man.

+1 -1

1 comment

1 changed file

nbraud

pr closed time in 2 days

pull request commentYubico/yubikey-manager

Fix typo in `ykman openpgp set-touch` help message

Thanks, fixed in https://github.com/Yubico/yubikey-manager/commit/70ef490687d8aa251437a04a9bc6c18f488a1c56

nbraud

comment created time in 2 days

delete branch Yubico/yubikey-manager

delete branch : set-touch/typo/signed

delete time in 2 days

PR merged Yubico/yubikey-manager

Fix typo in `ykman openpgp set-touch` help message

Signed version of https://github.com/Yubico/yubikey-manager/pull/362

+1 -1

0 comment

1 changed file

nevun

pr closed time in 2 days

push eventYubico/yubikey-manager

nicoo

commit sha 70ef490687d8aa251437a04a9bc6c18f488a1c56

Fix typo in `ykman openpgp set-touch` help message Signed-off-by: Gabriel Kihlman <g.kihlman@yubico.com>

view details

push time in 2 days

PR opened Yubico/yubikey-manager

Fix typo in `ykman openpgp set-touch` help message

Signed version of https://github.com/Yubico/yubikey-manager/pull/362

+1 -1

0 comment

1 changed file

pr created time in 2 days

create barnchYubico/yubikey-manager

branch : set-touch/typo/signed

created branch time in 2 days

push eventYubico/yubihsm-shell

Per Nilsson

commit sha 03367cf340e5edcf669a9dfa27555a0ed9020b91

Documented new functions. Adjusted function name & error handling

view details

push time in 2 days

PR opened Yubico/yubioath-desktop

Changed pyscard patch
+4 -7

0 comment

1 changed file

pr created time in 2 days

PR opened Yubico/yubikey-manager

Fix typo in `ykman openpgp set-touch` help message

Discovered by lintian (the Debian package linter) in manpages generated by click-man.

+1 -1

0 comment

1 changed file

pr created time in 2 days

issue commentYubico/java-webauthn-server

Use of EC Keys produces - Point does not match field size

Please note this is happening when we trigger out tests from our mac/linux hosts. We have IOS app as the client and we have so far not seen this issue at all from the last 6 months. Our Android App uses RSA keys and use of RSA keys on all platforms is perfectly working.

Our guess is that it could be with EC Key generation or CBOR serialization of the EC key - as mentioned in the above stack trace.

rajairside

comment created time in 2 days

issue commentYubico/java-webauthn-server

Use of EC Keys produces - Point does not match field size

Example of successful request

{ "username" : "e8a51e4a-52e6-4428-85de-5e9e75e36463", "sessionToken" : "TpiYyGrEIhe5xEa5MhLshJtHWSIKcrmj0iQIbFKLLTQ", "publicKeyCredentialCreationOptions" : { "rp" : { "name" : "https://rajhost:9090", "id" : "rajhost", "icon" : "https://rajhost:9090" }, "user" : { "name" : "e8a51e4a-52e6-4428-85de-5e9e75e36463", "displayName" : "e8a51e4a-52e6-4428-85de-5e9e75e36463", "id" : "G4J2bnVEy8w6emI9YA3pngH1hhCPjUqbGyjLI-MDL-o" }, "challenge" : "bpdD3lZ8xmSudlLhRxnVledvzLi0-gaIcSMTB-JtevE", "pubKeyCredParams" : [ { "alg" : -7, "type" : "public-key" }, { "alg" : -8, "type" : "public-key" }, { "alg" : -257, "type" : "public-key" } ], "excludeCredentials" : [ ], "authenticatorSelection" : { "requireResidentKey" : true, "userVerification" : "preferred" }, "attestation" : "direct", "extensions" : { } } } EC KEY Pair{"kty":"EC","d":"AF3a_zSHtrRaJeNlCzRsbdjHwiwx8IYApKOEyvflCHnkAHp6xOrg0pQmBBXyfUReRaEVXgQNhN7PMX9KsjVZcjji","use":"sig","crv":"P-521","kid":"e7fd81b8-b9df-418d-a3f2-ea96ab6eb2b9","x":"AfTlX16F9tSCSNTkA8I2AbGbQtzye5SsAEt3pDkbBsM1juc1GE1E2qVCu835U6aa-DwILhXPWqj9Cu2H_iSPMjnD","y":"AYR3CgP5ugvVhsXMn3G6LEVzemklQT8bQgVHuK5JESGIRNHL2wwuhh8IzbKKHCHs9SOq98cLr3xEOPk-OqJOeZMh"} { "credential" : { "id" : "bhYNz5g8fyoyIxAccfZ9sl_Agl9z5wBtSHaNmGX-BLA", "response" : { "attestationObject" : "v2dhdHRTdG10v2NzaWdYizCBiAJCAP4zkSNsknUtVUVWB0Pfst-b2lWof1Q1eorWi__O-YW0TsVncAuye91oBXy6nJW99_nHs0bmyaUWvT_sns_HFgduAkIA2WJcAh5QwkgzveGahVcCkEAo8Kp5UAtCQNXmlkKmeaB-F4-ubX14pvniXkjStOLrYlXlCNQMUPuckQameh2Kb31jYWxnJv9oYXV0aERhdGFY6A_SfjJEFTTi7gREm9a5FD7Bxe2J9364ehS4opmKBSEbRQAABTkAAQIDBAUGBwgJCgsMDQ4PACBuFg3PmDx_KjIjEBxx9n2yX8CCX3PnAG1Ido2YZf4EsKUDJgECIAMhWEIB9OVfXoX21IJI1OQDwjYBsZtC3PJ7lKwAS3ekORsGwzWO5zUYTUTapUK7zflTppr4PAguFc9aqP0K7Yf-JI8yOcMiWEIBhHcKA_m6C9WGxcyfcbosRXN6aSVBPxtCBUe4rkkRIYhE0cvbDC6GHwjNsoocIez1I6r3xwuvfEQ4-T46ok55kyFjZm10ZnBhY2tlZP8", "clientDataJSON" : "eyJvcmlnaW4iOiJodHRwczovL3Jhamhvc3Q6OTA5MCIsImNoYWxsZW5nZSI6ImJwZEQzbFo4eG1TdWRsTGhSeG5WbGVkdnpMaTAtZ2FJY1NNVEItSnRldkUiLCJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2xpZW50RXh0ZW5zaW9ucyI6e319" }, "clientExtensionResults" : { }, "type" : "public-key" }, "sessionToken" : "TpiYyGrEIhe5xEa5MhLshJtHWSIKcrmj0iQIbFKLLTQ" }

rajairside

comment created time in 2 days

issue commentYubico/java-webauthn-server

Use of EC Keys produces - Point does not match field size

Example of failed Registration Request

EC Key

{ "kty":"EC", "d":"AeJwFcOE7hDWgaFtZaA9FWV-8wAGfuqDhdQJc1ON6zXVb-7dInnSaXD-fCAL6qsaG44sLRgvweWbmzKZpb3jqsol", "use":"sig", "crv":"P-521", "kid":"6478dbb4-02e4-443d-bf1d-e92054cdf5be", "x":"AAE0GKb_4yhY-Nl-j1Mnw33t0Fo5TDvbbegDMYpB__zG2sbnuIvQEOEePeLlCVirr8cGfw6iTpwGqbf3OOt2FePf", "y":"Aemx4YoFMvPgWJAgBZHAKy3MhFKavPHir2YT7hRehru-HIOuuizVBEgwzVVC0ICCq-Rr-1lz8IUUhEVToI_6Jm7x" }

Registration Request

{ "username" : "c280f136-9a20-4403-b82a-f90435b41167", "sessionToken" : "3PofMJ8641CKxsOSv7cgtUM09ATo_RFDJShm9py-SPM", "publicKeyCredentialCreationOptions" : { "rp" : { "name" : "https://rajhost:9090", "id" : "rajhost", "icon" : "https://rajhost:9090" }, "user" : { "name" : "c280f136-9a20-4403-b82a-f90435b41167", "displayName" : "c280f136-9a20-4403-b82a-f90435b41167", "id" : "V0X0f-d6eA69Gj7Xk6KUb5iqrGREMv8sckgbv0nOhOc" }, "challenge" : "9gezFcmGvJuWvAoaxaBXCE-ObQF5AXRp-JyE0_y8CiE", "pubKeyCredParams" : [ { "alg" : -7, "type" : "public-key" }, { "alg" : -8, "type" : "public-key" }, { "alg" : -257, "type" : "public-key" } ], "excludeCredentials" : [ ], "authenticatorSelection" : { "requireResidentKey" : true, "userVerification" : "preferred" }, "attestation" : "direct", "extensions" : { } } }

{ "credential":{ "id":"9u0jkxlMNgDNDgFgoiwjBMjIpcs8MLV657zocx1pxjk", "response":{ "attestationObject":"v2dhdHRTdG10v2NzaWdYijCBhwJBY_5RcZSkEziTjM7Tb3uvizo2pK8a4e_3gRpI6DEoDApl52o3Hk7LaOHeP7Nnt_fmaQueq-VkUfvDSiOM8jblIcsCQgHu3qkzKT_zDOwyrJbZdGvVUqo2E3BE8YwzF90--xMN_vlQE6A9foKMM29YY65E6TOmzgjjwTrMqb61AXZN5a_l32NhbGcm_2hhdXRoRGF0YVjnD9J-MkQVNOLuBESb1rkUPsHF7Yn3frh6FLiimYoFIRtFAAAFOQABAgMEBQYHCAkKCwwNDg8AIPbtI5MZTDYAzQ4BYKIsIwTIyKXLPDC1eue86HMdacY5pQMmAQIgAyFYQQE0GKb_4yhY-Nl-j1Mnw33t0Fo5TDvbbegDMYpB__zG2sbnuIvQEOEePeLlCVirr8cGfw6iTpwGqbf3OOt2FePfIlhCAemx4YoFMvPgWJAgBZHAKy3MhFKavPHir2YT7hRehru-HIOuuizVBEgwzVVC0ICCq-Rr-1lz8IUUhEVToI_6Jm7xY2ZtdGZwYWNrZWT_", "clientDataJSON":"eyJvcmlnaW4iOiJodHRwczovL3Jhamhvc3Q6OTA5MCIsImNoYWxsZW5nZSI6IjlnZXpGY21Hdkp1V3ZBb2F4YUJYQ0UtT2JRRjVBWFJwLUp5RTBfeThDaUUiLCJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2xpZW50RXh0ZW5zaW9ucyI6e319" }, "clientExtensionResults":{

  },
  "type":"public-key"

}, "sessionToken":"3PofMJ8641CKxsOSv7cgtUM09ATo_RFDJShm9py-SPM" }

rajairside

comment created time in 2 days

startedYubico/yubico-piv-tool

started time in 3 days

startedYubico/yubikey-personalization

started time in 3 days

startedYubico/python-yubico

started time in 3 days

startedYubico/yubikey-personalization-gui-dpkg

started time in 3 days

startedYubico/yubikey-piv-manager

started time in 3 days

startedYubico/python-fido2

started time in 3 days

startedYubico/yubikey-manager-qt

started time in 3 days

startedYubico/yubikey-personalization-gui

started time in 3 days

startedYubico/yubikey-personalization

started time in 3 days

startedYubico/yubico-perl-client

started time in 3 days

startedYubico/yubioath-android

started time in 3 days

startedYubico/gradle-gpg-signing-plugin

started time in 3 days

issue commentYubico/python-yubico

find_yubikey() fails with "Access denied (insufficient permissions)", even as root

Updating this with current links to why this still doesn't work (www.libusb.org doesn't respond for me): https://github.com/pyusb/pyusb/issues/208

Has there been an attempt to use this library instead? https://github.com/libusb/libusb Or does it need to have a BSD license?

Is there another programming language that has better MacOS support from Yubico?

jacobian

comment created time in 4 days

issue commentYubico/yubikey-personalization

ykchalresp: get challange from env variable

Environment variables are considered to be safe on most Linux systems.

Environment variables definitely aren't considered safe for storing secrets as they leak as easy as command args i.e. with ps ewwax. I advice to not introduce new options that may work as footgun for inexperienced users. Using stdin should be the safe approach.

crepererum

comment created time in 4 days

push eventYubico/yubihsm-shell

Per Nilsson

commit sha 4969cdc6236bbd9cee14cac2740cedad5fa54f6c

Get devicepubkey implemented

view details

push time in 4 days

startedYubico/yubico-pam

started time in 4 days

issue commentYubico/java-webauthn-server

Authenticator extensions {credProtect} are not a subset of requested extensions {}

It actually fixes the problem! Thanks a lot.

mttcr

comment created time in 4 days

push eventYubico/yubikit-ios

Jens Utbult

commit sha 9e4861b3a9e885db1854d89a3182aa9978b37df9

Fix bug in FIDO2 demo which only let you do one NFC call per app session.

view details

push time in 4 days

issue commentYubico/java-webauthn-server

Authenticator extensions {credProtect} are not a subset of requested extensions {}

Oh, wait, I'd forgotten - there is the allowUnrequestedExtensions setting on RelyingParty. It's disabled by default, but we should probably change it to be enabled by default. Anyway, try enabling it, that should fix your problem.

mttcr

comment created time in 4 days

issue commentYubico/yubioath-desktop

Not working on Raspberry Pi 3b

Why didn't that version install when I ran sudo apt install yubioath-desktop?

vanderblugen

comment created time in 4 days

delete branch Yubico/yubico-c-client

delete branch : enable_base64_and_hmac_tests

delete time in 4 days

push eventYubico/yubico-c-client

Gabriel Kihlman

commit sha 4650c804028656abbb4e8ea5a720a4f63ca8402d

tests: enable base64 and hmac tests (adding rfc4231 test vectors) This was disabled 2013 in https://github.com/Yubico/yubico-c-client/commit/d2cbfb9c0f9c21d36a7cbe7cdfe0536c3c2c3c3d

view details

Gabriel Kihlman

commit sha 0107b6e36115c5872ec4a012da2a673cad77dbd4

Merge pull request #51 from Yubico/enable_base64_and_hmac_tests tests: enable base64 and hmac tests (adding rfc4231 test vectors)

view details

push time in 4 days

PR merged Yubico/yubico-c-client

tests: enable base64 and hmac tests (adding rfc4231 test vectors)

This was disabled 2013 in https://github.com/Yubico/yubico-c-client/commit/d2cbfb9c0f9c21d36a7cbe7cdfe0536c3c2c3c3d

Enabled them again and added test vectors from rfc4231 for hmac-sha-224, 256, 384 and 512. All pass.

+367 -18

0 comment

3 changed files

nevun

pr closed time in 4 days

PullRequestReviewEvent

push eventYubico/yubihsm-shell

Aveen Ismail

commit sha 55c3e78c6376f81aaeed57726673668c77cf5dda

Adjustments for AppleClang

view details

push time in 5 days

issue closedYubico/yubico-c-client

Failed building from release

Based off the latest version from the yubikey website here https://developers.yubico.com/yubico-c-client/Releases/ykclient-2.15.tar.gz

On debian 9

Running make check resulted in the following output at the end

Testsuite summary for ykclient 2.15
============================================================================ 
# TOTAL: 1
# PASS:  0
# SKIP:  0
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 0
============================================================================
See tests/test-suite.log
Please report to yubico-devel@googlegroups.com
============================================================================
Makefile:698: recipe for target 'test-suite.log' failed```

From a quick check, yubico-devel is dead. So I'm reproducing the test log here.


```FAIL: selftest
==============

selftest: selftest.c:376: main: Assertion `ret == YKCLIENT_REPLAYED_OTP' failed.
ykclient version: header 2.15 library 2.15

Test selftest.c:235 (main): init self
ykclient_init (0): Success

Test selftest.c:240 (main): null client_id, expect REPLAYED_OTP
ykclient_request (2): Yubikey OTP was replayed (REPLAYED_OTP)
used url: https://api4.yubico.com/wsapi/2.0/verify?id=1851&nonce=vznzxtezdhdvcacjxdkrokukewkgvfss&otp=ccccccbchvthlivuitriujjifivbvtrjkjfirllluurj&timestamp=1

Test selftest.c:253 (main): client_id set(20), correct client_key, expect REPLAYED_OTP
ykclient_request (2): Yubikey OTP was replayed (REPLAYED_OTP)
used url: https://api4.yubico.com/wsapi/2.0/verify?id=1851&nonce=rwshjkygzrpwtwbtmxmlsydsagksesty&otp=ccccccbchvthlivuitriujjifivbvtrjkjfirllluurj&timestamp=1&h=F93GlHw1FheGsbYGVXmFtv5VAkM%3D

Test selftest.c:265 (main): wrong client_id set(10), correct client_key, expect BAD_SIGNATURE
ykclient_request (3): Request signature was invalid (BAD_SIGNATURE)
used url: https://api4.yubico.com/wsapi/2.0/verify?id=1851&nonce=ejjpopgzipkiohydyvzxghqstoixolrs&otp=ccccccbchvthlivuitriujjifivbvtrjkjfirllluurj&timestamp=1&h=SOrpEpptN%2BqXpRCx89COcZ89jcY%3D

Test selftest.c:277 (main): invalid client_id set(a), correct client_key, expect HEX_DECODE_ERROR
ykclient_set_client_hex (105): Error decoding hex string

Test selftest.c:282 (main): invalid client_id set(xx), correct client_key, expect HEX_DECODE_ERROR
ykclient_set_client_hex (105): Error decoding hex string

Test selftest.c:287 (main): hex client_id set, correct client_key, expect OK
ykclient_set_client_hex (0): Success

Test selftest.c:293 (main): validation request, expect REPLAYED_OTP
ykclient_request (2): Yubikey OTP was replayed (REPLAYED_OTP)
used url: https://api4.yubico.com/wsapi/2.0/verify?id=1851&nonce=dbhonlwtknecexrawzvlptdxswucotst&otp=ccccccbchvthlivuitriujjifivbvtrjkjfirllluurj&timestamp=1&h=mFf%2BhAYBlRn2%2BTmWmYmIe%2F8ukBM%3D

Test selftest.c:302 (main): set deadbeef client_id, expect OK
ykclient_set_client_hex (0): Success

Test selftest.c:308 (main): validation request, expect BAD_SIGNATURE
ykclient_request (3): Request signature was invalid (BAD_SIGNATURE)
used url: https://api4.yubico.com/wsapi/2.0/verify?id=1851&nonce=xrpbrqslcmrskixjstsuvgovnmpboxtm&otp=ccccccbchvthlivuitriujjifivbvtrjkjfirllluurj&timestamp=1&h=R0OgTEk29uIzs%2BQrYpm0tuS3GQU%3D

Test selftest.c:317 (main): b64 set deadbeef client_id, expect OK
ykclient_set_client_b64 (0): Success

Test selftest.c:327 (main): validation request, expect BAD_SERVER_SIGNATURE
ykclient_request (107): Server response signature was invalid (BAD_SERVER_SIGNATURE)
used url: https://api4.yubico.com/wsapi/2.0/verify?id=1851&nonce=orujfdgbryspizwomgugkuwgfrlmkxbb&otp=ccccccbchvthlivuitriujjifivbvtrjkjfirllluurj&timestamp=1&h=X9VGnRnfSpHLIzL5d04Xc1jMTXM%3D

Test selftest.c:341 (main): validation request, expect BAD_SIGNATURE
ykclient_request (3): Request signature was invalid (BAD_SIGNATURE)
used url: https://api4.yubico.com/wsapi/2.0/verify?id=1851&nonce=psvtqkimrcbfcvqaznziueyctflxojwf&otp=ccccccbchvthlivuitriujjifivbvtrjkjfirllluurj&timestamp=1&h=QdsRm91bvClLdV3ZJ7yCtZBH7Y4%3D

Test selftest.c:351 (main): b64 set client_b64key, expect OK
ykclient_set_client_b64 (0): Success

Test selftest.c:357 (main): validation request, expect REPLAYED_OTP
ykclient_request (2): Yubikey OTP was replayed (REPLAYED_OTP)
used url: https://api4.yubico.com/wsapi/2.0/verify?id=1851&nonce=wzskmidicnsicsxahhfruhnlzxoaakqw&otp=ccccccbchvthlivuitriujjifivbvtrjkjfirllluurj&timestamp=1&h=j%2FiRxRPPa3UTDwAe3LO5%2FmVLvuM%3D

Test selftest.c:366 (main): set WS 2.0 URL template

Test selftest.c:372 (main): validation request, expect REPLAYED_OTP
yubikey_request (101): Could not parse server response
used url: http://api.yubico.com/wsapi/2.0/verify?id=1851&nonce=lrmeunvasnmqnedscpwyqtqpuvydkwpx&otp=ccccccbchvthlivuitriujjifivbvtrjkjfirllluurj&h=KM0KWOLluBt%2B6gZP%2BhyeGWuQCGA%3D
FAIL selftest (exit status: 134)```

What am I doing wrong?

closed time in 5 days

acepace

issue commentYubico/yubico-c-client

Failed building from release

Hi,

Sorry for the late response. Since you filed this issue we have moved to modernized, cloud-based YubiOTP validation service. See https://status.yubico.com/

Because of this we will be closing this issue. If you are still seeing this error, please re-open this issue.

Thank you!

acepace

comment created time in 5 days

push eventYubico/yubioath-desktop

Dennis Fokin

commit sha 4838344716bd6799878ad6a7b8c6604cbd997321

Changed pyscard patch

view details

push time in 5 days

issue commentYubico/yubikit-ios

YubiKitDeviceCapabilities returns supportsMFIAcessoryKey on iPad w/ USB-C

Hey, it looks like there is still a USB-C device missing, specifically: iPad Pro 12.9 inch 3rd Gen (Wifi) iPad Pro 12.9 inch 3rd Gen (Wifi+Cellular)

Ken-CA

comment created time in 5 days

push eventYubico/yubihsm-shell

Aveen Ismail

commit sha d74440fc5c9ee2e0bc49924b54f486aa3edbba82

Adjustments for AppleClang

view details

push time in 5 days

push eventYubico/yubihsm-shell

Aveen Ismail

commit sha 3bb08200459fe693e75f7b93c5f1c75001661917

Adjustments for AppleClang

view details

push time in 5 days

push eventYubico/yubihsm-shell

Aveen Ismail

commit sha 9aac4bcb4919f901ab43dd9e80fd17af7887cdd0

Adjustments for AppleClang

view details

push time in 5 days

CommitCommentEvent

delete branch Yubico/yubihsm-shell

delete branch : speling

delete time in 5 days

push eventYubico/yubihsm-shell

Gabriel Kihlman

commit sha 44ed878adb21db60b06db6db77d8f0bfd8bf2f64

spelling: fixing a couple of to -> too Noticed by @a-dma in my last PR. Also fixing a few additional instances of this typo in the tree while at it.

view details

Alessio Di Mauro

commit sha 469171918bb5c7ecdf152db22ea077d4f0d749d3

Merge pull request #110 from Yubico/speling spelling: fixing a couple of to -> too

view details

push time in 5 days

PR merged Yubico/yubihsm-shell

Reviewers
spelling: fixing a couple of to -> too

Noticed by @a-dma in my last PR.

Also fixing a few additional instances of this typo in the tree while at it.

+5 -5

0 comment

3 changed files

nevun

pr closed time in 5 days

issue commentYubico/yubioath-desktop

Not working on Raspberry Pi 3b

@vanderblugen Latest version of Yubico Authenticator is 5.0.4. This is what you need, if you are on Debian.

vanderblugen

comment created time in 5 days

issue commentYubico/yubioath-desktop

Mac 'Big Sur' crashes with Yubioath-Desktop

@fdennis I installed it two ways, just to make sure. Tried with MAS, and also the pkg from the Yubico website.

kesenwang

comment created time in 5 days

startedYubico/yubico-dotnet-client

started time in 5 days

push eventYubico/yubico-c-client

Gabriel Kihlman

commit sha 4650c804028656abbb4e8ea5a720a4f63ca8402d

tests: enable base64 and hmac tests (adding rfc4231 test vectors) This was disabled 2013 in https://github.com/Yubico/yubico-c-client/commit/d2cbfb9c0f9c21d36a7cbe7cdfe0536c3c2c3c3d

view details

push time in 5 days

push eventYubico/yubico-c-client

Gabriel Kihlman

commit sha 8c0e5d83fc33205dc2b3096e7b706b151f7f8dc0

heh, pucko..

view details

push time in 5 days

push eventYubico/yubihsm-shell

Per Nilsson

commit sha 41de1ed398a45d02cc72bef307743b03f04e136d

Fixed typo

view details

push time in 5 days

issue commentYubico/yubioath-desktop

Install on armhf

@Sp8c3 I did find that if you run yubioath from the terminal it will pull the codes, the gui isn't working.

Sp8c3

comment created time in 5 days

issue commentYubico/java-webauthn-server

Authenticator extensions {credProtect} are not a subset of requested extensions {}

Ah, right. This is intended behaviour that has become a bug because of changes in the WebAuthn spec. In level 1, step 12 of §7.1. Registering a New Credential reads (emphasis added):

  1. Verify that the values of the client extension outputs in clientExtensionResults and the authenticator extension outputs in the extensions in authData are as expected, considering the client extension input values that were given as the extensions option in the create() call. In particular, any extension identifier values in the clientExtensionResults and the extensions in authData MUST be also be present as extension identifier values in the extensions member of options, i.e., no extensions are present that were not requested. In the general case, the meaning of "are as expected" is specific to the Relying Party and which extensions are in use.

In level 2 (which is still a work in progress), precisely because of the new credProtect extension, the requirement to reject unsolicited extensions has been removed:

  1. Verify that the values of the client extension outputs in clientExtensionResults and the authenticator extension outputs in the extensions in authData are as expected, considering the client extension input values that were given in options.extensions and any specific policy of the Relying Party regarding unsolicited extensions, i.e., those that were not specified as part of options.extensions. In the general case, the meaning of "are as expected" is specific to the Relying Party and which extensions are in use.

This will require a rather simple update of the library to fix, but I'm afraid there's nothing you can do as a library user to work around it.

mttcr

comment created time in 5 days

push eventYubico/yubihsm-shell

Per Nilsson

commit sha d3c72c77e73a216ffde6910c6a6568b257a551b3

Fixes to make code scanning happy

view details

push time in 5 days

push eventYubico/yubihsm-shell

Per Nilsson

commit sha 8a849493eb9a0b986185d5c34381b210ebd799df

Removed unrelated yh_algorithm

view details

Per Nilsson

commit sha 4289e451a5adf5b80beb13db83ef9959b289ddac

Validate device pubkey in shell

view details

push time in 5 days

startedYubico/yubikit-ios

started time in 5 days

issue openedYubico/yubikit-ios

NFC unavailable iOS

created time in 5 days

startedYubico/libu2f-host

started time in 5 days

startedYubico/yubioath-desktop

started time in 5 days

issue commentYubico/yubioath-desktop

Not working on Raspberry Pi 3b

Oh hmm, that's interesting.

If I run yubioath it seems to work, granted in the commandline, but if I run the gui yubioath-gui the codes don't populate like they do in windows.

I cannot run yubioath-gui --log-level DEBUG nor yubioath --log-level DEBUG. Get an error for each of them.

Version is 3.0.1 for yubioath

Maybe it has to do with the password cause it never populates in the gui

vanderblugen

comment created time in 5 days

push eventYubico/yubikit-ios

Jens Utbult

commit sha 37826b959843a8581844693b662b8be3ca67ce3f

Support for NFC in FIDO2 demo.

view details

push time in 5 days

push eventYubico/yubikit-android

Dain Nilsson

commit sha 1b14933cded3d023df966f573c1a3ad24dd28096

Dialog styling.

view details

push time in 5 days

push eventYubico/yubico-c-client

Gabriel Kihlman

commit sha a8b6754fd8a1b43bdbed8ce0ea23bb92b00f9c58

tests: enable base64 and hmac tests (adding rfc4231 test vectors) This was disabled 2013 in https://github.com/Yubico/yubico-c-client/commit/d2cbfb9c0f9c21d36a7cbe7cdfe0536c3c2c3c3d Note that test case 7 from rfc4231[1] fails so those are commented out until I figure out why. Our hmac implementation does not handle hmac'ng larger than block-size data? 1: https://tools.ietf.org/html/rfc4231#section-4.8

view details

push time in 5 days

push eventYubico/yubihsm-shell

Aveen Ismail

commit sha 00660b4d1ae5f9987a323b97617c2aff342c5044

Github Actions MacOS workflow

view details

push time in 5 days

PR opened Yubico/yubico-c-client

tests: enable base64 and hmac tests (adding rfc4231 test vectors)

This was disabled 2013 in https://github.com/Yubico/yubico-c-client/commit/d2cbfb9c0f9c21d36a7cbe7cdfe0536c3c2c3c3d

Maybe they still should be?

Anyway, all test vectors pass except test case 7 from rfc4231[1]. I commented those out until I figure out why. Our hmac implementation does not handle hmac'ng larger than block-size data?

1: https://tools.ietf.org/html/rfc4231#section-4.8

+368 -18

0 comment

3 changed files

pr created time in 5 days

create barnchYubico/yubihsm-shell

branch : githubactions

created branch time in 5 days

push eventYubico/yubico-c-client

Gabriel Kihlman

commit sha 22a33e6f794ea2d58048435b65d92fea63622ff0

tests: enable base64 and hmac tests (adding rfc4231 test vectors) This was disabled 2013 in https://github.com/Yubico/yubico-c-client/commit/d2cbfb9c0f9c21d36a7cbe7cdfe0536c3c2c3c3d Note that test case 7 from rfc4231[1] fails so those are commented out until I figure out why. Our hmac implementation does not handle hmac'ng larger than block-size data? 1: https://tools.ietf.org/html/rfc4231#section-4.8

view details

push time in 5 days

push eventYubico/yubico-c-client

Gabriel Kihlman

commit sha d1ed680207c23b4bbe79ad7ee99738041ec6631a

actions: need libcurl

view details

push time in 5 days

create barnchYubico/yubico-c-client

branch : enable_base64_and_hmac_tests

created branch time in 5 days

push eventYubico/python-fido2

Dain Nilsson

commit sha a00150ee2c48fb55f1d9883d35f42800890002f8

Fix AD for Large Blobs.

view details

push time in 5 days

startedYubico/yubikey-manager

started time in 5 days

push eventYubico/yubioath-desktop

Dennis Fokin

commit sha 37221dd866b7a399af0fa1c159fb62116534168a

fix

view details

push time in 6 days

push eventYubico/yubioath-desktop

Dennis Fokin

commit sha d9d43b0c87ad42832a642600bbb344f5e5e6d205

fix

view details

push time in 6 days

push eventYubico/yubioath-desktop

Dennis Fokin

commit sha 1ab6a217f09836bba3a1554b53d23c6cbe632f36

pyscard patch

view details

push time in 6 days

more