source: openpam/trunk/modules/pam_oath/oath_hotp.c @ 643

Last change on this file since 643 was 643, checked in by Dag-Erling Smørgrav, 8 years ago
  • Add a provisional API for computing the current HOTP or TOTP code.
  • Add a provisional API for matching a user response.
  • Add a provisional API for generating a dummy key. When one of the matching functions recognizes a dummy key, it will go through the motions but never report a match.
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 3.7 KB
Line 
1/*-
2 * Copyright (c) 2012-2013 Universitetet i Oslo
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 * 3. The name of the author may not be used to endorse or promote
14 *    products derived from this software without specific prior written
15 *    permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * $Id: oath_hotp.c 643 2013-03-05 15:24:00Z des $
30 */
31
32#ifdef HAVE_CONFIG_H
33# include "config.h"
34#endif
35
36#include <openssl/evp.h>
37#include <openssl/hmac.h>
38
39#include <stdint.h>
40#include <string.h>
41
42#include "oath.h"
43
44#define StToNum(St) (St)
45
46static uint32_t
47DT(const uint8_t *String)
48{
49        uint8_t OffsetBits;
50        int Offset;
51        uint32_t P;
52
53        OffsetBits = String[19] & 0x0f;
54        Offset = StToNum(OffsetBits);
55        P = (uint32_t)String[Offset + 0] << 24 |
56            (uint32_t)String[Offset + 1] << 16 |
57            (uint32_t)String[Offset + 2] << 8 |
58            (uint32_t)String[Offset + 3];
59        return (P & 0x7fffffffUL);
60}
61
62unsigned int
63oath_hotp(const uint8_t *K, size_t Klen, uint64_t seq, unsigned int Digit)
64{
65        HMAC_CTX ctx;
66        uint8_t C[8];
67        uint8_t HS[20];
68        unsigned int HSlen;
69        uint32_t Sbits, Snum;
70        unsigned int mod, D;
71
72        for (int i = 7; i >= 0; --i) {
73                C[i] = seq & 0xff;
74                seq >>= 8;
75        }
76
77        /* HS = HMAC-SHA-1(K,C) */
78        HMAC_CTX_init(&ctx);
79        HMAC_Init_ex(&ctx, K, Klen, EVP_sha1(), NULL);
80        HMAC_Update(&ctx, (const uint8_t *)&C, sizeof C);
81        HMAC_Final(&ctx, HS, &HSlen);
82        HMAC_CTX_cleanup(&ctx);
83
84        Sbits = DT(HS);
85        Snum = StToNum(Sbits);
86        for (mod = 1; Digit > 0; --Digit)
87                mod *= 10;
88        D = Snum % mod;
89        return (D);
90}
91
92/*
93 * Computes the current code for the given key and advances the counter.
94 */
95int
96oath_hotp_current(struct oath_key *k)
97{
98        unsigned int code;
99
100        if (k == NULL)
101                return (-1);
102        if (k->mode != om_hotp)
103                return (-1);
104        if (k->counter == UINT64_MAX)
105                return (-1);
106        code = oath_hotp(k->key, k->keylen, k->counter, k->digits);
107        k->counter += 1;
108        return (code);
109}
110
111/*
112 * Compares the code provided by the user with expected values within a
113 * given window.  Returns 1 if there was a match, 0 if not, and -1 if an
114 * error occurred.
115 */
116int
117oath_hotp_match(struct oath_key *k, unsigned int response, int window)
118{
119        unsigned int code;
120        int dummy;
121
122        if (k == NULL)
123                return (-1);
124        if (window < 1)
125                return (-1);
126        if (k->mode != om_hotp)
127                return (-1);
128        if (k->counter >= UINT64_MAX - window)
129                return (-1);
130        dummy = (memcmp(k->label, DUMMY_LABEL, DUMMY_LABELLEN) == 0);
131        for (int i = 0; i < window; ++i) {
132                code = oath_hotp(k->key, k->keylen, k->counter + i, k->digits);
133                if (code == response && !dummy) {
134                        k->counter = k->counter + i;
135                        return (1);
136                }
137        }
138        return (0);
139}
Note: See TracBrowser for help on using the repository browser.