Changeset 643 in openpam for trunk/modules/pam_oath/oath_hotp.c


Ignore:
Timestamp:
Mar 5, 2013, 3:24:00 PM (8 years ago)
Author:
Dag-Erling Smørgrav
Message:
  • Add a provisional API for computing the current HOTP or TOTP code.
  • Add a provisional API for matching a user response.
  • Add a provisional API for generating a dummy key. When one of the matching functions recognizes a dummy key, it will go through the motions but never report a match.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/modules/pam_oath/oath_hotp.c

    r623 r643  
    3838
    3939#include <stdint.h>
     40#include <string.h>
    4041
    4142#include "oath.h"
     
    8889        return (D);
    8990}
     91
     92/*
     93 * Computes the current code for the given key and advances the counter.
     94 */
     95int
     96oath_hotp_current(struct oath_key *k)
     97{
     98        unsigned int code;
     99
     100        if (k == NULL)
     101                return (-1);
     102        if (k->mode != om_hotp)
     103                return (-1);
     104        if (k->counter == UINT64_MAX)
     105                return (-1);
     106        code = oath_hotp(k->key, k->keylen, k->counter, k->digits);
     107        k->counter += 1;
     108        return (code);
     109}
     110
     111/*
     112 * Compares the code provided by the user with expected values within a
     113 * given window.  Returns 1 if there was a match, 0 if not, and -1 if an
     114 * error occurred.
     115 */
     116int
     117oath_hotp_match(struct oath_key *k, unsigned int response, int window)
     118{
     119        unsigned int code;
     120        int dummy;
     121
     122        if (k == NULL)
     123                return (-1);
     124        if (window < 1)
     125                return (-1);
     126        if (k->mode != om_hotp)
     127                return (-1);
     128        if (k->counter >= UINT64_MAX - window)
     129                return (-1);
     130        dummy = (memcmp(k->label, DUMMY_LABEL, DUMMY_LABELLEN) == 0);
     131        for (int i = 0; i < window; ++i) {
     132                code = oath_hotp(k->key, k->keylen, k->counter + i, k->digits);
     133                if (code == response && !dummy) {
     134                        k->counter = k->counter + i;
     135                        return (1);
     136                }
     137        }
     138        return (0);
     139}
Note: See TracChangeset for help on using the changeset viewer.