YubikeyOTP.OTP (YubikeyOTP v0.2.1) View Source

OTP Format

The format of the OTP is documented in:

https://developers.yubico.com/OTP/OTPs_Explained.html

Link to this section Summary

Functions

Parses an OTP into an OTP struct.

Like parse, but returns the OTP struct directly, and throws exceptions when errors are encountered (to permit specific handling, if desired).

Link to this section Types

Specs

t() :: %YubikeyOTP.OTP{
  checksum: nil | binary(),
  encrypted_otp: binary(),
  prefix: nil | binary(),
  private_id: nil | binary(),
  public_id: binary(),
  random: nil | binary(),
  serial: nil | integer(),
  session_counter: nil | binary(),
  timestamp: integer(),
  use_counter: nil | binary()
}

Link to this section Functions

Specs

device_id(otp :: binary()) :: {:ok, binary()} | {:error, :otp_invalid}

Parses an OTP into an OTP struct.

Without the encryption key, only the public_id, 'prefix,serialandencrypted_otpfields are hydrated. ## Options *:key- provides the 128 bit AES key to decrypt the OTP and load the remaining fields. As part of decryption, the OTP checksum is verified. *:skip_checksum- whether to skip verifying the checksum after decrypting the OTP with the providedkey`. ## Examples iex> YubikeyOTP.OTP.parse("ccccccclulvjbbhccnndrietjjnkeclcvjgrnhcivtgd") {:ok, %YubikeyOTP.OTP{ public_id: "ccccccclulvj", prefix: "cccccc", serial: 715512, encrypted_otp: "bbhccnndrietjjnkeclcvjgrnhcivtgd" } } iex> YubikeyOTP.OTP.parse("nope") :error

Specs

parse!(otp :: binary(), opts :: keyword()) :: t()

Like parse, but returns the OTP struct directly, and throws exceptions when errors are encountered (to permit specific handling, if desired).

Exceptions

  • OTP.ParseError - raised when the OTP cannot be successfully parsed with the given options.
  • OTP.InvalidChecksumError - raised when the checksum of the OTP does not validate.

Examples

Without specifying a decryption key, only the public information can be hydrated.

iex> YubikeyOTP.OTP.parse!("ccccccclulvjbbhccnndrietjjnkeclcvjgrnhcivtgd") %YubikeyOTP.OTP{

public_id: "ccccccclulvj",
prefix: "cccccc",
serial: 715512,
encrypted_otp: "bbhccnndrietjjnkeclcvjgrnhcivtgd"

}

Specifying a decryption key, but skipping the checksum verification will hydrate the data even with a "bad" decryption.

iex> YubikeyOTP.OTP.parse!("ccccccclulvjbbhccnndrietjjnkeclcvjgrnhcivtgd", key: "1111111111111111", skip_checksum: true) %YubikeyOTP.OTP{

public_id: "ccccccclulvj",
prefix: "cccccc",
serial: 715512,
encrypted_otp: "bbhccnndrietjjnkeclcvjgrnhcivtgd",
private_id: <<68, 48, 254, 248, 123, 61>>,
use_counter: 49442,
timestamp: 4703963,
session_counter: 150,
random: "Xn",
checksum: <<1, 15>>

}

Decrypting the token successfully will hydrate all fields.

iex> YubikeyOTP.OTP.parse!("ccccccclulvjhnblleegivrcjlvvtvujejbclrdjdgvk", key: "1111111111111111") %YubikeyOTP.OTP{

public_id: "ccccccclulvj",
prefix: "cccccc",
serial: 715512,
encrypted_otp: "hnblleegivrcjlvvtvujejbclrdjdgvk",
private_id: "111111",
use_counter: 0,
timestamp: 8002816,
session_counter: 0,
random: <<64, 22>>,
checksum: <<44, 51>>

}

Errors will be thrown when the checksum is invalid, an invalid key is provided, or an invalid token is provided.

iex> YubikeyOTP.OTP.parse!("ccccccclulvjbbhccnndrietjjnkeclcvjgrnhcivtgd", key: "1111111111111111") ** (YubikeyOTP.OTP.InvalidChecksumError) OTP checksum is invalid

iex> YubikeyOTP.OTP.parse!("nope") ** (YubikeyOTP.OTP.ParseError) OTP parsing failed

Link to this function

validate(otp, opts \\ [])

View Source