Fix to YubiKey Plugin bugs

ae93b4c7 · Emily Ehlert · a42fd0ce · ae93b4c7 · ae93b4c7
Commit ae93b4c7 authored 2 years ago by Emily Ehlert
--- a/YubikeyKeyDerivationLibrary/openvpn_yubikey_key_management.c
+++ b/YubikeyKeyDerivationLibrary/openvpn_yubikey_key_management.c
@@ -280,7 +280,7 @@ calculate_cipher(struct plugin_context *context,
                 const unsigned char *tag,
                 unsigned char* output)
 {
-    unsigned char aes_client_key[RESPONSE_LENGTH] = { 0 };
+    unsigned char aes_client_key[REQ_RESPONSE_LENGTH] = { 0 };
    int return_code = false;

    // Calculate AES Key with Yubikey
@@ -422,12 +422,12 @@ yubikey_wrap(struct plugin_context *context, const char **argv,
    CRYPTO_ECHECK(kc_len < 0,
                  "ovpn_base64_decode() failed");
    // Calculate tag
-    CRYPTO_ECHECK(!calculate_tag(context, kc, kc_len, tag),
+    CRYPTO_ECHECK(!calculate_tag(context, kc, kc_len, wkc),
                "Couldn't calculate tag");

    CRYPTO_ECHECK(!calculate_cipher(context,
                                    kc, kc_len,
-                                    tag, wkc + TLS_CRYPT_V2_TAG_LEN),
+                                    wkc, wkc + TLS_CRYPT_V2_TAG_LEN),
                  "Couldn't encrypt client key");

    uint16_t wkc_len = kc_len + TLS_CRYPT_V2_TAG_LEN + TLS_CRYPT_V2_LEN_LEN;

--- a/YubikeyKeyDerivationLibrary/yubikey_handler.c
+++ b/YubikeyKeyDerivationLibrary/yubikey_handler.c
@@ -84,6 +84,7 @@ key_init(YK_KEY **yk, YK_STATUS *st)
        return false;
    }
    if (!(*yk = yk_open_first_key())) {
+        printf("Could not open YubiKey. Is the YubiKey connected to the computer?");
        return false;
    }