diff options
Diffstat (limited to 'src/authorization/anastasis_authorization_plugin_totp.c')
| -rw-r--r-- | src/authorization/anastasis_authorization_plugin_totp.c | 62 |
1 files changed, 21 insertions, 41 deletions
diff --git a/src/authorization/anastasis_authorization_plugin_totp.c b/src/authorization/anastasis_authorization_plugin_totp.c index 0934910..c127e38 100644 --- a/src/authorization/anastasis_authorization_plugin_totp.c +++ b/src/authorization/anastasis_authorization_plugin_totp.c @@ -3,7 +3,7 @@ Copyright (C) 2021 Anastasis SARL Anastasis is free software; you can redistribute it and/or modify it under the - terms of the GNU Lesser General Public License as published by the Free Software + terms of the GNU Affero General Public License as published by the Free Software Foundation; either version 3, or (at your option) any later version. Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY @@ -103,7 +103,7 @@ totp_validate (void *cls, GNUNET_break_op (0); if (MHD_NO == TALER_MHD_reply_with_error (connection, - MHD_HTTP_EXPECTATION_FAILED, + MHD_HTTP_CONFLICT, TALER_EC_ANASTASIS_TOTP_KEY_MISSING, NULL)) return GNUNET_SYSERR; @@ -114,7 +114,7 @@ totp_validate (void *cls, GNUNET_break_op (0); if (MHD_NO == TALER_MHD_reply_with_error (connection, - MHD_HTTP_EXPECTATION_FAILED, + MHD_HTTP_CONFLICT, TALER_EC_ANASTASIS_TOTP_KEY_INVALID, NULL)) return GNUNET_SYSERR; @@ -144,7 +144,6 @@ compute_totp (int time_off, uint8_t hmac[20]; /* SHA1: 20 bytes */ now = GNUNET_TIME_absolute_get (); - (void) GNUNET_TIME_round_abs (&now); while (time_off < 0) { now = GNUNET_TIME_absolute_subtract (now, @@ -189,7 +188,7 @@ compute_totp (int time_off, offset = hmac[sizeof (hmac) - 1] & 0x0f; for (int count = 0; count < 4; count++) - code |= hmac[offset + 3 - count] << (8 * count); + code |= ((uint32_t) hmac[offset + 3 - count]) << (8 * count); code &= 0x7fffffff; /* always use 8 digits (maximum) */ code = code % 100000000; @@ -245,47 +244,29 @@ totp_start (void *cls, /** - * Begin issuing authentication challenge to user based on @a data. + * Check authentication response from the user. * * @param as authorization state * @param timeout how long do we have to produce a reply + * @param challenge_response hash of the response * @param connection HTTP client request (for queuing response, such as redirection to video portal) * @return state of the request */ -static enum ANASTASIS_AUTHORIZATION_Result -totp_process (struct ANASTASIS_AUTHORIZATION_State *as, - struct GNUNET_TIME_Absolute timeout, - struct MHD_Connection *connection) +static enum ANASTASIS_AUTHORIZATION_SolveResult +totp_solve (struct ANASTASIS_AUTHORIZATION_State *as, + struct GNUNET_TIME_Absolute timeout, + const struct GNUNET_HashCode *challenge_response, + struct MHD_Connection *connection) { MHD_RESULT mres; const char *mime; const char *lang; - const char *challenge_response_s; - struct GNUNET_HashCode challenge_response; - - challenge_response_s = MHD_lookup_connection_value (connection, - MHD_GET_ARGUMENT_KIND, - "response"); - if ( (NULL == challenge_response_s) || - (GNUNET_OK != - GNUNET_CRYPTO_hash_from_string (challenge_response_s, - &challenge_response)) ) - { - GNUNET_break_op (0); - mres = TALER_MHD_reply_with_error (connection, - MHD_HTTP_BAD_REQUEST, - TALER_EC_GENERIC_PARAMETER_MALFORMED, - "response"); - if (MHD_YES != mres) - return ANASTASIS_AUTHORIZATION_RES_FAILED_REPLY_FAILED; - return ANASTASIS_AUTHORIZATION_RES_FAILED; - } for (unsigned int i = 0; i<=TIME_INTERVAL_RANGE * 2; i++) if (0 == - GNUNET_memcmp (&challenge_response, + GNUNET_memcmp (challenge_response, &as->valid_replies[i])) - return ANASTASIS_AUTHORIZATION_RES_FINISHED; + return ANASTASIS_AUTHORIZATION_SRES_FINISHED; mime = MHD_lookup_connection_value (connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_ACCEPT); @@ -300,10 +281,9 @@ totp_process (struct ANASTASIS_AUTHORIZATION_State *as, /* Build HTTP response */ { struct MHD_Response *resp; - struct GNUNET_TIME_Absolute now; + struct GNUNET_TIME_Timestamp now; - now = GNUNET_TIME_absolute_get (); - (void) GNUNET_TIME_round_abs (&now); + now = GNUNET_TIME_timestamp_get (); if (TALER_MHD_xmime_matches (mime, "application/json")) { @@ -313,8 +293,8 @@ totp_process (struct ANASTASIS_AUTHORIZATION_State *as, GNUNET_JSON_pack_string ("hint", TALER_ErrorCode_get_hint ( TALER_EC_ANASTASIS_TRUTH_CHALLENGE_FAILED)), - GNUNET_JSON_pack_time_abs ("server_time", - now)); + GNUNET_JSON_pack_timestamp ("server_time", + now)); } else { @@ -325,7 +305,7 @@ totp_process (struct ANASTASIS_AUTHORIZATION_State *as, response_size = GNUNET_asprintf (&response, "Server time: %s", - GNUNET_STRINGS_absolute_time_to_string (now)); + GNUNET_TIME_timestamp2s (now)); resp = MHD_create_response_from_buffer (response_size, response, MHD_RESPMEM_MUST_COPY); @@ -341,8 +321,8 @@ totp_process (struct ANASTASIS_AUTHORIZATION_State *as, MHD_destroy_response (resp); } if (MHD_YES != mres) - return ANASTASIS_AUTHORIZATION_RES_FAILED_REPLY_FAILED; - return ANASTASIS_AUTHORIZATION_RES_FAILED; + return ANASTASIS_AUTHORIZATION_SRES_FAILED_REPLY_FAILED; + return ANASTASIS_AUTHORIZATION_SRES_FAILED; } @@ -379,7 +359,7 @@ libanastasis_plugin_authorization_totp_init (void *cls) plugin->code_retransmission_frequency = plugin->code_validity_period; plugin->validate = &totp_validate; plugin->start = &totp_start; - plugin->process = &totp_process; + plugin->solve = &totp_solve; plugin->cleanup = &totp_cleanup; return plugin; } |