Author Topic: PKYubikey -- Yubikey Registration Issues  (Read 7377 times)

JMcSub

  • Guest
PKYubikey -- Yubikey Registration Issues
« on: July 07, 2010, 09:34:27 PM »
Hello, everyone!

    I'm using pepak's PKYubikey source library to setup a Yubikey registration and authentication system on a program I am working on; however, I'm having a little trouble.  Mainly, I can't seem to get the registration functions to work properly.  I interpreted the PKYubikey library to take variables of the correct format and use them to write the necessary information onto the registry, so basically, I created edit boxes and a button for user input  (edits for the name, user ID, and key).  When I enter all the fields and press the button (sending the necessary parameters to the registration function), I receive an access violation error message.  Image:

[img=Error Message]file:///C:/Users/johns/Desktop/Error%20Message.PNG[/img]

Does anyone know what's going on here?
Here's my code snippet:

Code: [Select]

[b]procedure[/b] TForm1.SubmitbtnClick(Sender: TObject);
[b]var[/b]
  Name: PChar;
  UID: PYubikeyUID;
  Key: PYubikeyKey;
  OtpCounter: LongInt;
  i: integer;
  This: packed array of byte;
  Whatever: packed array of byte;
[/b]begin[b]
  SetLength(This, Length(UserIDEdit.Text));
  [b]for[/b] i := 0 to Length(UserIDEdit.Text) - 1 [b]do[/b]
    This[i] := ord(UserIDEdit.Text[i + 1]);
  SetLength(Whatever, Length(UserIDEdit.Text));
  [b]for[/b] i := 0 to Length(KeyEdit.Text) - 1 [b]do[/b]
    Whatever[i] := ord(KeyEdit.Text[i + 1]);
  Name := PChar(NameEdit.Text);
  UID := PYubikeyUID(This);
  Key := PYubikeyKey(Whatever);
  OtpCounter := -1;
  PKYubikeyRegisterOTP(Name, UID, Key, OtpCounter);
[b]end;[/b]


I did not change anything within either libyubikey or uyubikey.  If my question is hard to understand, a detailed summary of how to create a registration procedure for Yubikeys would probably help!  

Thanks!

JMcSub

JMcSub

  • Guest
PKYubikey -- Yubikey Registration Issues
« Reply #1 on: July 07, 2010, 09:42:17 PM »
Whoops.  Made a few errors in the previous message.

Image:  

Submit Button OnClick Code:

Code: [Select]
procedure TForm1.SubmitbtnClick(Sender: TObject);
var
  Name: PChar;
  UID: PYubikeyUID;
  Key: PYubikeyKey;
  OtpCounter: LongInt;
  i: integer;
  This: packed array of byte;
  Whatever: packed array of byte;
begin
  SetLength(This, Length(UserIDEdit.Text));
  for i := 0 to Length(UserIDEdit.Text) - 1 do
    This[i] := ord(UserIDEdit.Text[i + 1]);
  SetLength(Whatever, Length(UserIDEdit.Text));
  for i := 0 to Length(KeyEdit.Text) - 1 do
    Whatever[i] := ord(KeyEdit.Text[i + 1]);
  Name := PChar(NameEdit.Text);
  UID := PYubikeyUID(This);
  Key := PYubikeyKey(Whatever);
  OtpCounter := -1;
  PKYubikeyRegisterOTP(Name, UID, Key, OtpCounter);
end;

pepak

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 956
    • View Profile
    • Pepak.net
PKYubikey -- Yubikey Registration Issues
« Reply #2 on: July 09, 2010, 07:05:51 PM »
First I need to know which library are you using. Are you simply including the PKYubikey unit in your uses clause or are you using a DLL? In either case, you should check the detailed MAP file of your project (enable it in project settings/linker options) for line number where the error occurs.

What Delphi version are you using? If you use Delphi 2009 or later, your code won't work because Char is a two-byte entity rather than one-byte like in older Delphi. I am not sure if PKYubikey is, of itself, compatible with Delphi 2009+, but it can be made compatible by chnging all Char to AnsiChar, all PChar to PAnsiChar and all String to AnsiString.

Do the example projects (PkYubikey.exe, PkYubikeyDll.dll) compile and work for you? If they do, could you perhaps try to adapt the PkYubikey.exe code to your GUI application? I suspect the problem might lie in data preparation rather than library use, although I might be wrong.

If all else fails, if you send me just the GUI part of the application I can try to compile and debug it myself. Keep it simple and to the basics, as I am limited to Delphi 5 and Delphi 2009.

JMcSub

  • Guest
PKYubikey -- Yubikey Registration Issues
« Reply #3 on: July 12, 2010, 09:53:12 PM »
-I am declaring uYubikey within my own, original source code, and I am calling procedures and functions from that library.

-I am using Delphi 5.

-PKYubikey.exe will not compile and run properly for me (I think...).  When I attempt to open the program, the command prop window flashes open and then quickly closes.  Is this normal.  However, I was able to resolve the issue stated in the previous messages by reading through the example source code.  I was not calling the PKYubikeyRegisterOTPhex function, but simply calling the PKYubikeyRegisterOTP function directly.  So thank you for steering me in the right direction! :)

-Unfortunately, another problem arose.  When attempting to validate a user and an OTP, I am unable to obtain a successful validation.  I did some poking around and found out the problem lies within the first field check (the checksum match), particularly the YubikeyCRC16  function.  I investigated further and found out that my OTP does not equal the constant YUBIKEY_CRC_OK_RESIDUE ($f0b8)  when run through the YubikeyCRC16  function.  Is this an error in the way I am formatting the Yubikey within the Yubikey configuration tool?  I have tried formatting the Yubikey with a public ID, a private ID, and without any ID (obviously, I am using the 'Dynamic Yubikey Configuration' setting.)  Are these settings incorrect for this particular library?  What settings do you usually use?

Thanks a lot! :)

pepak

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 956
    • View Profile
    • Pepak.net
PKYubikey -- Yubikey Registration Issues
« Reply #4 on: July 13, 2010, 05:22:50 AM »
Quote from: JMcSub
-PKYubikey.exe will not compile and run properly for me (I think...).  When I attempt to open the program, the command prop window flashes open and then quickly closes.  Is this normal.
This is normal with console applications. You need to open command prompt and run the application from there to see the messages.

Quote
However, I was able to resolve the issue stated in the previous messages by reading through the example source code.  I was not calling the PKYubikeyRegisterOTPhex function, but simply calling the PKYubikeyRegisterOTP function directly.  So thank you for steering me in the right direction! :)
Glad it is resolved.

Quote
I investigated further and found out that my OTP does not equal the constant YUBIKEY_CRC_OK_RESIDUE ($f0b8)  when run through the YubikeyCRC16  function.  Is this an error in the way I am formatting the Yubikey within the Yubikey configuration tool?
The CRC should always match YUBIKEY_CRC_OK_RESIDUE, provided that the  content of the message was decrypted successfully. So it is likely that the token was not decrypted successfully, and that almost certainly means there is a mismatch between the AES key of your token and AES key registered by PKYubikeyRegisterOTP. Please run RegEdit and open key HKEY_LOCAL_MACHINE\SOFTWARE\Pepak\Yubikey. Here you will find subkeys for your registered users. Make sure the Key value matches your AES key.

Quote
I have tried formatting the Yubikey with a public ID, a private ID, and without any ID (obviously, I am using the 'Dynamic Yubikey Configuration' setting.)  Are these settings incorrect for this particular library?  What settings do you usually use?
- Public ID is ignored by the library. Just to be sure, configure your Youbikey not to use it at all for now. Once we get the library to work for you, we can turn it back on.

- PrivateID is the UID parameter of PKYubikeyRegisterOTP.

- You also need the AES key,  fior the Key parameter of PKYubikeyRegisterOTP.

JMcSub

  • Guest
PKYubikey -- Yubikey Registration Issues
« Reply #5 on: July 13, 2010, 04:16:14 PM »
I checked the RegEdit, and no, the AES keys are not the same.  It seems when I enter the key within my registration application's key field, it does write the same value to the registry.  An example:

When I entered this value as the key:   fb 5f 8f c2 e0 23 80 85 f5 98 b2 5d 35 5b d7 7b
This value was entered into the registry:  fb 05 f0 0c 20 e0 02 30 80 08 50 f5 09 80 b2

I then realized the problem: I am inputting the key with spaces, which the computer inputs as zeroes.  Unfortunately, the Yubikey Configuration Tool spits out randomly generated keys with spaces in them.  So is there any way I can adjust the configuration tool not to put the spaces in, or is there a way to get the Yubikey library to ignore the spaces?

If nothing else, I'm sure I can find a way to delete the spaces when they are entered as a string within the key field.  
The application works great when the spaces are manually deleted, by the way! :)

Thanks for all your help!! :)

pepak

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 956
    • View Profile
    • Pepak.net
PKYubikey -- Yubikey Registration Issues
« Reply #6 on: July 13, 2010, 06:08:46 PM »
I could support space-separated hex values in PKYubikeyRegisterOTPhex, but I don't think it's such a great idea. It is certainly better to let the user of my library remove the spaces if he feels the need.

Glad you got it working!

JMcSub

  • Guest
PKYubikey -- Yubikey Registration Issues
« Reply #7 on: July 13, 2010, 08:06:42 PM »
Right, that would be a little too complicated and dangerous.  

It might be beneficial to mention within the readme file that users need to delete the spaces when registering, though.  It's a pretty easy fix even if you don't want to manually delete the spaces.  There are plenty of remove spaces from string variables algorithms on the internet, and I just went and implemented one within my application's source code.  

Thanks for all the help!  It works like a charm!

pepak

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 956
    • View Profile
    • Pepak.net
PKYubikey -- Yubikey Registration Issues
« Reply #8 on: July 13, 2010, 08:09:08 PM »
Yep. I will mention it in the documentation.

I will also strenghten the check for invalid data, in order to return an error rather than silently registering a "wrong" key.

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Note: this post will not display until it's been approved by a moderator.
Name: Email:
Verification:
This box must be left blank:

Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture: