linotp.tokens.yubikeytoken module

This file contains the YubiKey token class where the YubiKey is run in Yubico AES mode without the YubiCloud

class linotp.tokens.yubikeytoken.YubikeyTokenClass(aToken)

Bases: TokenClass

The YubiKey Token in Yubico AES mode

checkOtp(otpVal, counter=None, window=None, options=None)

checkOtp - validate the token otp against a given otpvalue

Parameters

  • otpVal (string) – the to be verified otpvalue

  • counter – the counter state. It is not used by the YubiKey because the current counter value

is sent encrypted inside the OTP value :type counter: int

Parameters

window – the counter +window, which is not used in the YubiKey because the current

counter value is sent encrypted inside the OTP, allowing a simple comparison between the encrypted counter value and the stored counter value :type window: int

Parameters

options (dict) – the dict, which could contain token specific info

Returns

the counter state or an error code (< 0):

-1 if the OTP is old (counter < stored counter) -2 if the private_uid sent in the OTP is wrong (different from the one stored with the token) -3 if the CRC verification fails :rtype: int

From: http://www.yubico.com/wp-content/uploads/2013/04/YubiKey-Manual-v3_1.pdf

6 Implementation details

check_otp_exist(otp, window=None, user=None, autoassign=False)

checks if the given OTP value is/are values of this very token. This is used to autoassign and to determine the serial number of a token.

classmethod getClassInfo(key=None, ret='all')

getClassInfo - returns a subtree of the token definition

Parameters

  • key (string) – subsection identifier

  • ret (user defined) – default return value, if nothing is found

Returns

subsection if key exists or user defined

Return type

s.o.

classmethod getClassPrefix()
classmethod getClassType()
is_challenge_request(passw, user, options=None)

This method checks, if this is a request, that triggers a challenge.

Parameters

  • passw (string) – password, which might be pin or pin+otp

  • user (User object) – The user from the authentication request

  • options (dict) – dictionary of additional request parameters

Returns

true or false

resetTokenInfo()

resetTokenInfo - hook called during token init/update

in yubikey we have to reset the tokeninfo as it preserves the tokenid and or public_uid which changes with an token update

resync(otp1, otp2, options=None)

resyc the yubikey token

this is done by checking two subsequent otp values for their counter

Parameters

  • otp1 – first otp value

  • otp2 – second otp value

Returns

boolean

update(param, reset_failcount=True)

update - process the initialization parameters

Parameters

param (dict) – dict of initialization parameters

Returns

nothing