-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathtest-vectors.txt
89 lines (61 loc) · 2.34 KB
/
test-vectors.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
Test vectors for YubiKey
------------------------
The YubiKey output consists of a two fields concatenated with each
other:
YubiKey = [identity]<otp>
The "identity" field is a variable-length (0..16) ModHex encoded
identity field. If no static identity is wanted, it may be omitted
(i.e., of zero length).
The "otp" field is a 32 characters fixed-size ModHex encoded field
with a AES encrypted plaintext block of a specific format.
Test vectors are needed for ModHex, AES-128 in ECB mode, and internal
parsing of the decrypted OTP.
In this file, we'll use the sample YubiKey OTP (in modhex)
'dteffujehknhfjbrjnlnldnhcujvddbikngjrtgh' for demonstration purposes.
The AES encryption key is (in hex) 'ecde18dbe76fbd0c33330f1c354871db'.
Modhex
------
Modhex is an encoding mechanism, much similar to hex-encoding but the
alphabet is the alphanumeric string 'cbdefghijklnrtuv' instead.
The input is an arbitrary binary string. The output is a ASCII
string, twice as large as the input.
INPUT: dteffuje
DECODE: 2d344e83 (in hex)
INPUT: hknhfjbrjnlnldnhcujvddbikngjrtgh
DECODE: 69b6481c8baba2b60e8f22179b58cd56 (in hex)
INPUT: ecde18dbe76fbd0c33330f1c354871db
ENCODE: urtubjtnuihvntcreeeecvbregfjibtn
More test vectors:
INPUT: test
ENCODE: ifhgieif
INPUT: test
ENCODE: hhhvhvhdhbid
AES-ECB
-------
This is standard AES-128 in "raw" mode, i.e. Electronic Code Book. It
is assumed that the same input is never encrypted twice. We only use
key sizes of 128 bits.
INPUT: 69 b6 48 1c 8b ab a2 b6 0e 8f 22 17 9b 58 cd 56
AESKEY ec de 18 db e7 6f bd 0c 33 33 0f 1c 35 48 71 db
OUTPUT: 87 92 eb fe 26 cc 13 00 30 c2 00 11 c8 9f 23 c8
Plaintext
---------
The following plaintext converted into a structure:
PLAINTEXT: 87 92 eb fe 26 cc 13 00 30 c2 00 11 c8 9f 23 c8
uid: 87 92 eb fe 26 cc
counter: 19 (0x0013)
timestamp (low): 49712 (0xc230)
timestamp (high): 0 (0x00)
session use: 17 (0x11)
random: 40904 (0x9fc8)
crc: 51235 (0xc823)
The CRC value is not used for cryptographic authentication, just as a
sanity check. It is CRC-16 checksum computed on the entire structure
(including the provided crc value from the plaintext), and the residue
should be 0xf0b8. The CRC-16 value computed on the above PLAINTEXT
would be:
crc: F0B8
This matches the expected residue.
Questions?
----------
Talk to <simon@yubico.com>.