Auth-Yubikey_Decrypter-0.07/0000755000175000017500000000000011311011027014436 5ustar philphilAuth-Yubikey_Decrypter-0.07/MANIFEST0000644000175000017500000000026611311011027015573 0ustar philphilChanges MANIFEST Makefile.PL README lib/Auth/Yubikey_Decrypter.pm t/00-load.t t/pod-coverage.t t/pod.t META.yml Module meta-data (added by MakeMaker) Auth-Yubikey_Decrypter-0.07/META.yml0000644000175000017500000000076311311011027015715 0ustar philphil--- #YAML:1.0 name: Auth-Yubikey_Decrypter version: 0.07 abstract: Decrypting the output from the yubikey token license: ~ author: - Phil Massyn generated_by: ExtUtils::MakeMaker version 6.42 distribution_type: module requires: Crypt::Rijndael: 1 Test::More: 0 meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.3.html version: 1.3 Auth-Yubikey_Decrypter-0.07/Changes0000644000175000017500000000017311031153077015745 0ustar philphilRevision history for Auth-Yubikey_Decrypter 0.01 2008/06/27 First version, released on an unsuspecting world. Auth-Yubikey_Decrypter-0.07/t/0000755000175000017500000000000011311011027014701 5ustar philphilAuth-Yubikey_Decrypter-0.07/t/00-load.t0000644000175000017500000000026311031114365016233 0ustar philphil#!perl -T use Test::More tests => 1; BEGIN { use_ok( 'Auth::Yubikey_Decrypter' ); } diag( "Testing Auth::Yubikey_Decrypter $Auth::Yubikey_Decrypter::VERSION, Perl $], $^X" ); Auth-Yubikey_Decrypter-0.07/t/pod.t0000644000175000017500000000035011031114365015656 0ustar philphil#!perl -T use strict; use warnings; use Test::More; # Ensure a recent version of Test::Pod my $min_tp = 1.22; eval "use Test::Pod $min_tp"; plan skip_all => "Test::Pod $min_tp required for testing POD" if $@; all_pod_files_ok(); Auth-Yubikey_Decrypter-0.07/t/pod-coverage.t0000644000175000017500000000104711031114365017453 0ustar philphiluse strict; use warnings; use Test::More; # Ensure a recent version of Test::Pod::Coverage my $min_tpc = 1.08; eval "use Test::Pod::Coverage $min_tpc"; plan skip_all => "Test::Pod::Coverage $min_tpc required for testing POD coverage" if $@; # Test::Pod::Coverage doesn't require a minimum Pod::Coverage version, # but older versions don't recognize some common documentation styles my $min_pc = 0.18; eval "use Pod::Coverage $min_pc"; plan skip_all => "Pod::Coverage $min_pc required for testing POD coverage" if $@; all_pod_coverage_ok(); Auth-Yubikey_Decrypter-0.07/README0000644000175000017500000000231111031153012015313 0ustar philphilAuth-Yubikey_Decrypter The Yubikey Decrypter can be used to decrypt the AES encrypted output generated from the one time password USB generator from Yubico. You need to have the AES key to perform the decryption. You can obtain it by contacting Yubico, or by seeding your own AES key to the Yubikey. INSTALLATION To install this module, run the following commands: perl Makefile.PL make make test make install SUPPORT AND DOCUMENTATION After installing, you can find documentation for this module with the perldoc command. perldoc Auth::Yubikey_Decrypter You can also look for information at: Yubico http://www.yubico.com massyn.net http://www.massyn.net RT, CPAN's request tracker http://rt.cpan.org/NoAuth/Bugs.html?Dist=Auth-Yubikey_Decrypter AnnoCPAN, Annotated CPAN documentation http://annocpan.org/dist/Auth-Yubikey_Decrypter CPAN Ratings http://cpanratings.perl.org/d/Auth-Yubikey_Decrypter Search CPAN http://search.cpan.org/dist/Auth-Yubikey_Decrypter COPYRIGHT AND LICENCE Copyright (C) 2008 Phil Massyn This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. Auth-Yubikey_Decrypter-0.07/lib/0000755000175000017500000000000011311011027015204 5ustar philphilAuth-Yubikey_Decrypter-0.07/lib/Auth/0000755000175000017500000000000011311011027016105 5ustar philphilAuth-Yubikey_Decrypter-0.07/lib/Auth/Yubikey_Decrypter.pm0000644000175000017500000001424011311011022022101 0ustar philphilpackage Auth::Yubikey_Decrypter; use warnings; use strict; require Crypt::Rijndael; =head1 NAME Auth::Yubikey_Decrypter - Decrypting the output from the yubikey token =head1 VERSION Version 0.07 =cut use vars qw($VERSION); $VERSION = '0.07'; =head1 SYNOPSIS The decryption module does only one thing - decrypt the AES encrypted OTP from the Yubikey. To this, it requires the OTP, and the AES key. Please note - this module does not perform authentication - it is a required component to decrypt the token first before authentication can be performed. #!/usr/bin/perl use strict; use Auth::Yubikey_Decrypter; my $fulltoken = "dteffujehknhfjbrjnlnldnhcujvddbikngjrtgh"; my $aeskey = "ecde18dbe76fbd0c33330f1c354871db"; my ($publicID,$secretid_hex,$counter_dec,$timestamp_dec,$session_use_dec,$random_dec,$crc_dec,$crc_ok) = Auth::Yubikey_Decrypter::yubikey_decrypt($fulltoken,$aeskey); print "publicID : $publicID\n"; print "Secret id : $secretid_hex\n"; print "Counter : $counter_dec\n"; print "Timestamp : $timestamp_dec\n"; print "Session : $session_use_dec\n"; print "Random : $random_dec\n"; print "crc : $crc_dec\n"; print "crc ok? : $crc_ok\n"; =head1 FUNCTIONS =head2 yubikey_decrypt Input : token aeskey Token - received by the Yubikey aeskey - either the modhex or hex AES key for your Yubikey (contact Yubico if you don't have the AES key) Output : $publicID $secretid_hex $counter_dec $timestamp_dec $session_use_dec $random_dec $crc_dec $crc_ok =cut sub yubikey_decrypt { my $fulltoken = $_[0]; my $aeskey = $_[1]; my $aeskey_bin; # Let's sanitize the inut, just in case $aeskey =~ s/[^A-Z0-9]//gi; $fulltoken =~ s/[^A-Z0-9]//gi; # Determine what mode the AES key is in if($aeskey =~ /^[a-f0-9]+$/i) { $aeskey_bin = pack "H*", $aeskey; } elsif($aeskey =~ /^[cbdefghijklnrtuv]+$/i) { $aeskey_bin = &yubikey_modhex_decode($aeskey); } else { die "A weird AES key was supplied. Please provide only hex or modhex."; } # strip out the actual token my $publicID = substr($fulltoken,0,length($fulltoken)-32); my $token = substr($fulltoken,length($fulltoken)-32); # decode the token from modhex down to binary my $token_bin = &yubikey_modhex_decode($token); # Decrypt the token using it's key my $cipher = Crypt::Rijndael->new( $aeskey_bin ); my $token_decoded_bin = $cipher->decrypt($token_bin); my $token_decoded_hex = unpack "H*", $token_decoded_bin; # get all the values from the decoded token my $secretid_hex = substr($token_decoded_hex,0,12); my $counter_dec = ord(substr($token_decoded_bin,7,1))*256+ord(substr($token_decoded_bin,6,1)); my $timestamp_dec = ord(substr($token_decoded_bin,10,1))*65536+ord(substr($token_decoded_bin,9,1))*256+ord(substr($token_decoded_bin,8,1)); my $session_use_dec = ord(substr($token_decoded_bin,11,1)); my $random_dec = ord(substr($token_decoded_bin,13,1))*256+ord(substr($token_decoded_bin,12,1)); my $crc_dec = ord(substr($token_decoded_bin,15,1))*256+ord(substr($token_decoded_bin,14,1)); my $crc_ok = &yubikey_crc_check($token_decoded_bin); return ($publicID,$secretid_hex,$counter_dec,$timestamp_dec,$session_use_dec,$random_dec,$crc_dec,$crc_ok); } =head2 yubikey_modhex_decode Input : the modhex code Output : decoded modhex code in hex =cut sub yubikey_modhex_decode { my $mstring = $_[0]; my $cset="cbdefghijklnrtuv"; my $decoded=""; my $hbyte=0; my $pos; for (my $i=0; $i>= 1; if ($j) { $m_crc ^= 0x8408; } } } return $m_crc==0xf0b8; return 0; } =head1 REQUIRES Perl 5, L Order your Yubikey from L =head1 BUGS Please report any bugs or feature requests to C, or through the web interface at L. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes. =head1 SUPPORT You can find documentation for this module with the perldoc command. perldoc Auth::Yubikey_Decrypter You can also look for information at: =over 4 =item * RT: CPAN's request tracker L =item * AnnoCPAN: Annotated CPAN documentation L =item * CPAN Ratings L =item * Search CPAN L =back =head1 AUTHOR Phil Massyn, C<< >> =head1 ACKNOWLEDGEMENTS Based a lot on PHP code by : PHP yubikey decryptor v0.1 by Alex Skov Jensen Thanks to almut from L for code guidance Thanks to Mark Foobar L for reporting the -32 bug on line 91 and 92. =head1 COPYRIGHT & LICENSE Copyright 2008 Phil Massyn, all rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. =cut 1; # End of Auth::Yubikey_Decrypter Auth-Yubikey_Decrypter-0.07/Makefile.PL0000644000175000017500000000105111155441600016417 0ustar philphiluse strict; use warnings; use ExtUtils::MakeMaker; WriteMakefile( NAME => 'Auth::Yubikey_Decrypter', AUTHOR => 'Phil Massyn ', VERSION_FROM => 'lib/Auth/Yubikey_Decrypter.pm', ABSTRACT_FROM => 'lib/Auth/Yubikey_Decrypter.pm', PL_FILES => {}, PREREQ_PM => { 'Test::More' => 0, 'Crypt::Rijndael' => 1, }, dist => { COMPRESS => 'gzip -9f', SUFFIX => 'gz', }, clean => { FILES => 'Auth-Yubikey_Decrypter-*' }, );