Skip to content

Commit

Permalink
OTP: Check length of public ID.
Browse files Browse the repository at this point in the history
  • Loading branch information
@dainnilsson
dainnilsson committed Apr 19, 2023
1 parent 4df0e4c commit b3e69b4
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
2 changes: 2 additions & 0 deletions ykman/_cli/otp.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -428,6 +428,8 @@ def yubiotp(
else:
public_id = click_prompt("Enter public ID")

if len(public_id) % 2:
ctx.fail("Invalid public ID, length must be a multiple of 2.")
try:
public_id = modhex_decode(public_id)
except ValueError:
Expand Down
3 changes: 3 additions & 0 deletions yubikit/core/otp.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,9 @@ def modhex_encode(data: bytes) -> str:

def modhex_decode(string: str) -> bytes:
"""Decode the Modhex (modified hexadecimal) string."""
if len(string) % 2:
raise ValueError("Length must be a multiple of 2")

return bytes(
MODHEX_ALPHABET.index(string[i]) << 4 | MODHEX_ALPHABET.index(string[i + 1])
for i in range(0, len(string), 2)
Expand Down

0 comments on commit b3e69b4

Please sign in to comment.