search

Yubico / yubikey-personalization

YubiKey Personalization cross-platform library and tool
https://developers.yubico.com/yubikey-personalization/
BSD 2-Clause "Simplified" License
300 stars 82 forks source link

Feature Request - Support for 3rd party vendor tokens #136

Closed onlykey closed 5 years ago

onlykey commented 5 years ago

Some background here first for why I am asking:

We have developed open source firmware for a device called OnlyKey that supports the challenge-response feature used by ykpers (HMACSHA1). We are in the process of talking to open source projects that have interest in adding support for open source devices like OnlyKey with this feature. We have created a fork of the ykpers library that supports this but its not really ideal to ask the projects to use the forked library instead of the official library. So that brings me to my request.

Would you consider adding a simple function to ykcore.c to support this? I understand that Yubico would want people to use Yubikeys but there are also user's who desire to use open source products. You can see here that all that is required to support 3rd party devices is to add the VID/PID. If this had official support a better way would just be to have a separate function from yk_open_key to open a 3rd party key where the VID/PID is selectable by the application. Something like this:

YK_KEY *xk_open_key(int index, int pid, int vid)

This would allow projects looking to incorporate 3rd party devices in to do so and ensure that only the devices they choose to use (matching VID/PID) are used. For projects that only support Yubikey they could continue to do so.

I know this is kind of an odd request but in the spirit of supporting open source projects it would be great if you would be able to support this. I would be happy to do a pull request for this feature.

crosser commented 5 years ago

[sorry for hijacking the thread] @onlykey, would you be interested in getting my challenge-response PAM module work with onlykey? If so, open an issue to contact me.

klali commented 5 years ago

We could be amenable to that. I've just pushed a branch with an implementation of this: https://github.com/Yubico/yubikey-personalization/commit/701710dd5ab24858a75d7dd9be434710d4137337

something like that's what you where asking for, right?

onlykey commented 5 years ago

@klali Yes, that looks perfect. I will test this out tomorrow. Thanks!

onlykey commented 5 years ago

@klali I have tested this and everything is working well. I see this is marked for the 1.20.0 release do you have a rough idea of when this will be released?

klali commented 5 years ago

Ok, great. I'll get that branch merged. Unsure when till will be released, no immediate plans for a release of this.