diff options
author | Christian Grothoff <christian@grothoff.org> | 2021-09-29 22:11:00 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2021-09-29 22:11:00 +0200 |
commit | 58daaedd2a27aa8a5ff36e5e9f2943d8f1680881 (patch) | |
tree | 8b74d2c3daac6558c778648669aa444b10795f06 | |
parent | 52ed1d5a57647aab1285ac7e2a191936645a69b4 (diff) | |
download | anastasis-58daaedd2a27aa8a5ff36e5e9f2943d8f1680881.tar.gz anastasis-58daaedd2a27aa8a5ff36e5e9f2943d8f1680881.zip |
-totp debugging
-rw-r--r-- | src/authorization/anastasis_authorization_plugin_totp.c | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/src/authorization/anastasis_authorization_plugin_totp.c b/src/authorization/anastasis_authorization_plugin_totp.c index ee1ab3f..68e8def 100644 --- a/src/authorization/anastasis_authorization_plugin_totp.c +++ b/src/authorization/anastasis_authorization_plugin_totp.c | |||
@@ -141,9 +141,10 @@ compute_totp (int time_off, | |||
141 | struct GNUNET_TIME_Absolute now; | 141 | struct GNUNET_TIME_Absolute now; |
142 | time_t t; | 142 | time_t t; |
143 | uint64_t ctr; | 143 | uint64_t ctr; |
144 | uint8_t hmac[16]; /* SHA1: 16 bytes */ | 144 | uint8_t hmac[20]; /* SHA1: 20 bytes */ |
145 | 145 | ||
146 | now = GNUNET_TIME_absolute_get (); | 146 | now = GNUNET_TIME_absolute_get (); |
147 | (void) GNUNET_TIME_round_abs (&now); | ||
147 | while (time_off < 0) | 148 | while (time_off < 0) |
148 | { | 149 | { |
149 | now = GNUNET_TIME_absolute_subtract (now, | 150 | now = GNUNET_TIME_absolute_subtract (now, |
@@ -184,9 +185,11 @@ compute_totp (int time_off, | |||
184 | 185 | ||
185 | { | 186 | { |
186 | uint32_t code = 0; | 187 | uint32_t code = 0; |
188 | int offset; | ||
187 | 189 | ||
190 | offset = hmac[sizeof (hmac) - 1] & 0x0f; | ||
188 | for (int count = 0; count < 4; count++) | 191 | for (int count = 0; count < 4; count++) |
189 | code += hmac[(hmac[sizeof (hmac) - 1] & 0x0f) + 3 - count] << 8 * count; | 192 | code |= hmac[offset + 3 - count] << (8 * count); |
190 | code &= 0x7fffffff; | 193 | code &= 0x7fffffff; |
191 | 194 | ||
192 | #if VAR_DIGITS | 195 | #if VAR_DIGITS |
@@ -237,12 +240,16 @@ totp_start (void *cls, | |||
237 | as->ac = ac; | 240 | as->ac = ac; |
238 | as->truth_uuid = *truth_uuid; | 241 | as->truth_uuid = *truth_uuid; |
239 | for (int i = -TIME_INTERVAL_RANGE; | 242 | for (int i = -TIME_INTERVAL_RANGE; |
240 | i < TIME_INTERVAL_RANGE; | 243 | i <= TIME_INTERVAL_RANGE; |
241 | i++) | 244 | i++) |
242 | { | 245 | { |
243 | want = compute_totp (i, | 246 | want = compute_totp (i, |
244 | data, | 247 | data, |
245 | data_length); | 248 | data_length); |
249 | fprintf (stderr, | ||
250 | "TOTP %d: %llu\n", | ||
251 | i, | ||
252 | (unsigned long long) want); | ||
246 | ANASTASIS_hash_answer (want, | 253 | ANASTASIS_hash_answer (want, |
247 | &as->valid_replies[off++]); | 254 | &as->valid_replies[off++]); |
248 | } | 255 | } |
@@ -309,10 +316,16 @@ totp_process (struct ANASTASIS_AUTHORIZATION_State *as, | |||
309 | struct GNUNET_TIME_Absolute now; | 316 | struct GNUNET_TIME_Absolute now; |
310 | 317 | ||
311 | now = GNUNET_TIME_absolute_get (); | 318 | now = GNUNET_TIME_absolute_get (); |
319 | (void) GNUNET_TIME_round_abs (&now); | ||
312 | if (TALER_MHD_xmime_matches (mime, | 320 | if (TALER_MHD_xmime_matches (mime, |
313 | "application/json")) | 321 | "application/json")) |
314 | { | 322 | { |
315 | resp = TALER_MHD_MAKE_JSON_PACK ( | 323 | resp = TALER_MHD_MAKE_JSON_PACK ( |
324 | GNUNET_JSON_pack_uint64 ("code", | ||
325 | TALER_EC_ANASTASIS_TRUTH_CHALLENGE_FAILED), | ||
326 | GNUNET_JSON_pack_string ("hint", | ||
327 | TALER_ErrorCode_get_hint ( | ||
328 | TALER_EC_ANASTASIS_TRUTH_CHALLENGE_FAILED)), | ||
316 | GNUNET_JSON_pack_time_abs ("server_time", | 329 | GNUNET_JSON_pack_time_abs ("server_time", |
317 | now)); | 330 | now)); |
318 | } | 331 | } |
@@ -341,8 +354,8 @@ totp_process (struct ANASTASIS_AUTHORIZATION_State *as, | |||
341 | MHD_destroy_response (resp); | 354 | MHD_destroy_response (resp); |
342 | } | 355 | } |
343 | if (MHD_YES != mres) | 356 | if (MHD_YES != mres) |
344 | return ANASTASIS_AUTHORIZATION_RES_SUCCESS_REPLY_FAILED; | 357 | return ANASTASIS_AUTHORIZATION_RES_FAILED_REPLY_FAILED; |
345 | return ANASTASIS_AUTHORIZATION_RES_SUCCESS; | 358 | return ANASTASIS_AUTHORIZATION_RES_FAILED; |
346 | } | 359 | } |
347 | 360 | ||
348 | 361 | ||