diff options
Diffstat (limited to 'src/authorization/anastasis_authorization_plugin_totp.c')
-rw-r--r-- | src/authorization/anastasis_authorization_plugin_totp.c | 47 |
1 files changed, 36 insertions, 11 deletions
diff --git a/src/authorization/anastasis_authorization_plugin_totp.c b/src/authorization/anastasis_authorization_plugin_totp.c index 6fcdd39..ee1ab3f 100644 --- a/src/authorization/anastasis_authorization_plugin_totp.c +++ b/src/authorization/anastasis_authorization_plugin_totp.c | |||
@@ -59,14 +59,14 @@ struct ANASTASIS_AUTHORIZATION_State | |||
59 | struct ANASTASIS_CRYPTO_TruthUUIDP truth_uuid; | 59 | struct ANASTASIS_CRYPTO_TruthUUIDP truth_uuid; |
60 | 60 | ||
61 | /** | 61 | /** |
62 | * Our context. | 62 | * Was the challenge satisfied? |
63 | */ | 63 | */ |
64 | const struct ANASTASIS_AuthorizationContext *ac; | 64 | struct GNUNET_HashCode valid_replies[TIME_INTERVAL_RANGE * 2 + 1]; |
65 | 65 | ||
66 | /** | 66 | /** |
67 | * Was the challenge satisfied? | 67 | * Our context. |
68 | */ | 68 | */ |
69 | bool ok; | 69 | const struct ANASTASIS_AuthorizationContext *ac; |
70 | 70 | ||
71 | }; | 71 | }; |
72 | 72 | ||
@@ -212,9 +212,9 @@ compute_totp (int time_off, | |||
212 | * @param trigger_cls closure for @a trigger | 212 | * @param trigger_cls closure for @a trigger |
213 | * @param truth_uuid Identifier of the challenge, to be (if possible) included in the | 213 | * @param truth_uuid Identifier of the challenge, to be (if possible) included in the |
214 | * interaction with the user | 214 | * interaction with the user |
215 | * @param code set to secret code that the user provided to satisfy the challenge in | 215 | * @param code always 0 (direct validation, backend does |
216 | * the main anastasis protocol | 216 | * not generate a code in this mode) |
217 | * @param data input to validate (i.e. the shared secret) | 217 | * @param data truth for input to validate (i.e. the shared secret) |
218 | * @param data_length number of bytes in @a data | 218 | * @param data_length number of bytes in @a data |
219 | * @return state to track progress on the authorization operation, NULL on failure | 219 | * @return state to track progress on the authorization operation, NULL on failure |
220 | */ | 220 | */ |
@@ -230,7 +230,9 @@ totp_start (void *cls, | |||
230 | const struct ANASTASIS_AuthorizationContext *ac = cls; | 230 | const struct ANASTASIS_AuthorizationContext *ac = cls; |
231 | struct ANASTASIS_AUTHORIZATION_State *as; | 231 | struct ANASTASIS_AUTHORIZATION_State *as; |
232 | uint64_t want; | 232 | uint64_t want; |
233 | unsigned int off = 0; | ||
233 | 234 | ||
235 | GNUNET_assert (0 == code); | ||
234 | as = GNUNET_new (struct ANASTASIS_AUTHORIZATION_State); | 236 | as = GNUNET_new (struct ANASTASIS_AUTHORIZATION_State); |
235 | as->ac = ac; | 237 | as->ac = ac; |
236 | as->truth_uuid = *truth_uuid; | 238 | as->truth_uuid = *truth_uuid; |
@@ -241,8 +243,8 @@ totp_start (void *cls, | |||
241 | want = compute_totp (i, | 243 | want = compute_totp (i, |
242 | data, | 244 | data, |
243 | data_length); | 245 | data_length); |
244 | if (code == want) | 246 | ANASTASIS_hash_answer (want, |
245 | as->ok = true; | 247 | &as->valid_replies[off++]); |
246 | } | 248 | } |
247 | return as; | 249 | return as; |
248 | } | 250 | } |
@@ -264,9 +266,32 @@ totp_process (struct ANASTASIS_AUTHORIZATION_State *as, | |||
264 | MHD_RESULT mres; | 266 | MHD_RESULT mres; |
265 | const char *mime; | 267 | const char *mime; |
266 | const char *lang; | 268 | const char *lang; |
269 | const char *challenge_response_s; | ||
270 | struct GNUNET_HashCode challenge_response; | ||
271 | |||
272 | challenge_response_s = MHD_lookup_connection_value (connection, | ||
273 | MHD_GET_ARGUMENT_KIND, | ||
274 | "response"); | ||
275 | if ( (NULL == challenge_response_s) || | ||
276 | (GNUNET_OK != | ||
277 | GNUNET_CRYPTO_hash_from_string (challenge_response_s, | ||
278 | &challenge_response)) ) | ||
279 | { | ||
280 | GNUNET_break_op (0); | ||
281 | mres = TALER_MHD_reply_with_error (connection, | ||
282 | MHD_HTTP_BAD_REQUEST, | ||
283 | TALER_EC_GENERIC_PARAMETER_MALFORMED, | ||
284 | "response"); | ||
285 | if (MHD_YES != mres) | ||
286 | return ANASTASIS_AUTHORIZATION_RES_FAILED_REPLY_FAILED; | ||
287 | return ANASTASIS_AUTHORIZATION_RES_FAILED; | ||
267 | 288 | ||
268 | if (as->ok) | 289 | } |
269 | return ANASTASIS_AUTHORIZATION_RES_FINISHED; | 290 | for (unsigned int i = 0; i<=TIME_INTERVAL_RANGE * 2; i++) |
291 | if (0 == | ||
292 | GNUNET_memcmp (&challenge_response, | ||
293 | &as->valid_replies[i])) | ||
294 | return ANASTASIS_AUTHORIZATION_RES_FINISHED; | ||
270 | mime = MHD_lookup_connection_value (connection, | 295 | mime = MHD_lookup_connection_value (connection, |
271 | MHD_HEADER_KIND, | 296 | MHD_HEADER_KIND, |
272 | MHD_HTTP_HEADER_ACCEPT); | 297 | MHD_HTTP_HEADER_ACCEPT); |