1 files changed, 36 insertions, 11 deletions

diff --git a/src/authorization/anastasis_authorization_plugin_totp.c b/src/authorization/anastasis_authorization_plugin_totp.c
index 6fcdd39..ee1ab3f 100644
--- a/src/authorization/anastasis_authorization_plugin_totp.c
+++ b/src/authorization/anastasis_authorization_plugin_totp.c
@@ -59,14 +59,14 @@ struct ANASTASIS_AUTHORIZATION_State
   struct ANASTASIS_CRYPTO_TruthUUIDP truth_uuid;
 
   /**
-   * Our context.
+   * Was the challenge satisfied?
    */
-  const struct ANASTASIS_AuthorizationContext *ac;
+  struct GNUNET_HashCode valid_replies[TIME_INTERVAL_RANGE * 2 + 1];
 
   /**
-   * Was the challenge satisfied?
+   * Our context.
    */
-  bool ok;
+  const struct ANASTASIS_AuthorizationContext *ac;
 
 };
 
@@ -212,9 +212,9 @@ compute_totp (int time_off,
  * @param trigger_cls closure for @a trigger
  * @param truth_uuid Identifier of the challenge, to be (if possible) included in the
  *             interaction with the user
- * @param code set to secret code that the user provided to satisfy the challenge in
- *             the main anastasis protocol
- * @param data input to validate (i.e. the shared secret)
+ * @param code always 0 (direct validation, backend does
+ *             not generate a code in this mode)
+ * @param data truth for input to validate (i.e. the shared secret)
  * @param data_length number of bytes in @a data
  * @return state to track progress on the authorization operation, NULL on failure
  */
@@ -230,7 +230,9 @@ totp_start (void *cls,
   const struct ANASTASIS_AuthorizationContext *ac = cls;
   struct ANASTASIS_AUTHORIZATION_State *as;
   uint64_t want;
+  unsigned int off = 0;
 
+  GNUNET_assert (0 == code);
   as = GNUNET_new (struct ANASTASIS_AUTHORIZATION_State);
   as->ac = ac;
   as->truth_uuid = *truth_uuid;
@@ -241,8 +243,8 @@ totp_start (void *cls,
     want = compute_totp (i,
                          data,
                          data_length);
-    if (code == want)
-      as->ok = true;
+    ANASTASIS_hash_answer (want,
+                           &as->valid_replies[off++]);
   }
   return as;
 }
@@ -264,9 +266,32 @@ totp_process (struct ANASTASIS_AUTHORIZATION_State *as,
   MHD_RESULT mres;
   const char *mime;
   const char *lang;
+  const char *challenge_response_s;
+  struct GNUNET_HashCode challenge_response;
+
+  challenge_response_s = MHD_lookup_connection_value (connection,
+                                                      MHD_GET_ARGUMENT_KIND,
+                                                      "response");
+  if ( (NULL == challenge_response_s) ||
+       (GNUNET_OK !=
+        GNUNET_CRYPTO_hash_from_string (challenge_response_s,
+                                        &challenge_response)) )
+  {
+    GNUNET_break_op (0);
+    mres = TALER_MHD_reply_with_error (connection,
+                                       MHD_HTTP_BAD_REQUEST,
+                                       TALER_EC_GENERIC_PARAMETER_MALFORMED,
+                                       "response");
+    if (MHD_YES != mres)
+      return ANASTASIS_AUTHORIZATION_RES_FAILED_REPLY_FAILED;
+    return ANASTASIS_AUTHORIZATION_RES_FAILED;
 
-  if (as->ok)
-    return ANASTASIS_AUTHORIZATION_RES_FINISHED;
+  }
+  for (unsigned int i = 0; i<=TIME_INTERVAL_RANGE * 2; i++)
+    if (0 ==
+        GNUNET_memcmp (&challenge_response,
+                       &as->valid_replies[i]))
+      return ANASTASIS_AUTHORIZATION_RES_FINISHED;
   mime = MHD_lookup_connection_value (connection,
                                       MHD_HEADER_KIND,
                                       MHD_HTTP_HEADER_ACCEPT);