Changeset 643 in openpam
- Timestamp:
- Mar 5, 2013, 3:24:00 PM (8 years ago)
- Location:
- trunk/modules/pam_oath
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/modules/pam_oath/oath.h
r638 r643 102 102 char *oath_key_to_uri(const struct oath_key *); 103 103 104 #define DUMMY_LABEL ("oath-dummy-key") 105 #define DUMMY_LABELLEN (sizeof DUMMY_LABEL) 106 #define DUMMY_KEYLEN 80 107 108 struct oath_key *oath_dummy_key(enum oath_mode, enum oath_hash, unsigned int); 109 104 110 unsigned int oath_hotp(const uint8_t *, size_t, uint64_t, unsigned int); 111 int oath_hotp_current(struct oath_key *); 112 int oath_hotp_match(struct oath_key *, unsigned int, int); 113 105 114 unsigned int oath_totp(const uint8_t *, size_t, unsigned int); 115 int oath_totp_match(const struct oath_key *, unsigned int, int); 116 unsigned int oath_totp_current(const struct oath_key *); 106 117 107 118 #endif -
trunk/modules/pam_oath/oath_hotp.c
r623 r643 38 38 39 39 #include <stdint.h> 40 #include <string.h> 40 41 41 42 #include "oath.h" … … 88 89 return (D); 89 90 } 91 92 /* 93 * Computes the current code for the given key and advances the counter. 94 */ 95 int 96 oath_hotp_current(struct oath_key *k) 97 { 98 unsigned int code; 99 100 if (k == NULL) 101 return (-1); 102 if (k->mode != om_hotp) 103 return (-1); 104 if (k->counter == UINT64_MAX) 105 return (-1); 106 code = oath_hotp(k->key, k->keylen, k->counter, k->digits); 107 k->counter += 1; 108 return (code); 109 } 110 111 /* 112 * Compares the code provided by the user with expected values within a 113 * given window. Returns 1 if there was a match, 0 if not, and -1 if an 114 * error occurred. 115 */ 116 int 117 oath_hotp_match(struct oath_key *k, unsigned int response, int window) 118 { 119 unsigned int code; 120 int dummy; 121 122 if (k == NULL) 123 return (-1); 124 if (window < 1) 125 return (-1); 126 if (k->mode != om_hotp) 127 return (-1); 128 if (k->counter >= UINT64_MAX - window) 129 return (-1); 130 dummy = (memcmp(k->label, DUMMY_LABEL, DUMMY_LABELLEN) == 0); 131 for (int i = 0; i < window; ++i) { 132 code = oath_hotp(k->key, k->keylen, k->counter + i, k->digits); 133 if (code == response && !dummy) { 134 k->counter = k->counter + i; 135 return (1); 136 } 137 } 138 return (0); 139 } -
trunk/modules/pam_oath/oath_key.c
r628 r643 113 113 goto invalid; 114 114 if (strlcmp("hotp", p, q - p) == 0) { 115 openpam_log(PAM_LOG_DEBUG, "OATH mode: HOTP");116 115 key->mode = om_hotp; 117 116 } else if (strlcmp("totp", p, q - p) == 0) { 118 openpam_log(PAM_LOG_DEBUG, "OATH mode: TOTP");119 117 key->mode = om_totp; 120 118 } else { … … 133 131 134 132 /* extract parameters */ 135 key->counter = UINT MAX_MAX;133 key->counter = UINT64_MAX; 136 134 while (*p != '\0') { 137 135 if ((q = strchr(p, '=')) == NULL) … … 153 151 goto invalid; 154 152 key->key = key->data + key->labellen; 153 key->keylen = key->datalen - key->labellen; 155 154 if (base32_dec(q, r - q, key->key, &key->keylen) != 0) 156 155 goto invalid; … … 180 179 key->digits = *q - '0'; 181 180 } else if (strlcmp("counter=", p, q - p) == 0) { 182 if (key->counter != UINT MAX_MAX)181 if (key->counter != UINT64_MAX) 183 182 /* dupe */ 184 183 goto invalid; 185 184 n = strtoumax(q, &e, 10); 186 if (e != r || n >= UINT MAX_MAX)185 if (e != r || n >= UINT64_MAX) 187 186 goto invalid; 188 187 key->counter = (uint64_t)n; … … 227 226 if (key->keylen == 0) 228 227 goto invalid; 228 return (key); 229 229 230 230 invalid: … … 296 296 297 297 /* compute length of base32-encoded key and append it */ 298 kslen = base32_enclen(key->keylen) ;299 if ((tmp = realloc(uri, urilen + kslen + 1)) == NULL) {298 kslen = base32_enclen(key->keylen) + 1; 299 if ((tmp = realloc(uri, urilen + kslen)) == NULL) { 300 300 free(uri); 301 301 return (NULL); … … 309 309 return (uri); 310 310 } 311 312 struct oath_key * 313 oath_dummy_key(enum oath_mode mode, enum oath_hash hash, unsigned int digits) 314 { 315 struct oath_key *key; 316 317 if ((key = oath_key_alloc(DUMMY_LABELLEN + DUMMY_KEYLEN)) == NULL) 318 return (NULL); 319 key->mode = mode; 320 key->digits = digits; 321 key->counter = 0; 322 key->timestep = 30; 323 key->hash = hash; 324 key->label = (char *)key->data; 325 memcpy(key->label, DUMMY_LABEL, DUMMY_LABELLEN); 326 key->key = key->data + DUMMY_LABELLEN; 327 key->keylen = DUMMY_KEYLEN; 328 return (key); 329 } -
trunk/modules/pam_oath/oath_totp.c
r623 r643 35 35 36 36 #include <stdint.h> 37 #include <string.h> 37 38 #include <time.h> 38 39 … … 49 50 return (oath_hotp(K, Klen, now / TOTP_TIME_STEP, Digit)); 50 51 } 52 53 unsigned int 54 oath_totp_current(const struct oath_key *k) 55 { 56 unsigned int code; 57 uint64_t seq; 58 59 if (k == NULL) 60 return (-1); 61 if (k->mode != om_totp) 62 return (-1); 63 if (k->timestep == 0) 64 return (-1); 65 seq = time(NULL) / k->timestep; 66 code = oath_hotp(k->key, k->keylen, seq, k->digits); 67 return (code); 68 } 69 70 int 71 oath_totp_match(const struct oath_key *k, unsigned int response, int window) 72 { 73 unsigned int code; 74 uint64_t seq; 75 int dummy; 76 77 if (k == NULL) 78 return (-1); 79 if (window < 1) 80 return (-1); 81 if (k->mode != om_totp) 82 return (-1); 83 if (k->timestep == 0) 84 return (-1); 85 seq = time(NULL) / k->timestep; 86 dummy = (memcmp(k->label, DUMMY_LABEL, DUMMY_LABELLEN) == 0); 87 for (int i = -window; i <= window; ++i) { 88 code = oath_hotp(k->key, k->keylen, seq + i, k->digits); 89 if (code == response && !dummy) 90 return (1); 91 } 92 return (0); 93 }
Note: See TracChangeset
for help on using the changeset viewer.