aboutsummaryrefslogtreecommitdiff
path: root/src/authorization/anastasis_authorization_plugin_totp.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/authorization/anastasis_authorization_plugin_totp.c')
-rw-r--r--src/authorization/anastasis_authorization_plugin_totp.c47
1 files changed, 36 insertions, 11 deletions
diff --git a/src/authorization/anastasis_authorization_plugin_totp.c b/src/authorization/anastasis_authorization_plugin_totp.c
index 6fcdd39..ee1ab3f 100644
--- a/src/authorization/anastasis_authorization_plugin_totp.c
+++ b/src/authorization/anastasis_authorization_plugin_totp.c
@@ -59,14 +59,14 @@ struct ANASTASIS_AUTHORIZATION_State
59 struct ANASTASIS_CRYPTO_TruthUUIDP truth_uuid; 59 struct ANASTASIS_CRYPTO_TruthUUIDP truth_uuid;
60 60
61 /** 61 /**
62 * Our context. 62 * Was the challenge satisfied?
63 */ 63 */
64 const struct ANASTASIS_AuthorizationContext *ac; 64 struct GNUNET_HashCode valid_replies[TIME_INTERVAL_RANGE * 2 + 1];
65 65
66 /** 66 /**
67 * Was the challenge satisfied? 67 * Our context.
68 */ 68 */
69 bool ok; 69 const struct ANASTASIS_AuthorizationContext *ac;
70 70
71}; 71};
72 72
@@ -212,9 +212,9 @@ compute_totp (int time_off,
212 * @param trigger_cls closure for @a trigger 212 * @param trigger_cls closure for @a trigger
213 * @param truth_uuid Identifier of the challenge, to be (if possible) included in the 213 * @param truth_uuid Identifier of the challenge, to be (if possible) included in the
214 * interaction with the user 214 * interaction with the user
215 * @param code set to secret code that the user provided to satisfy the challenge in 215 * @param code always 0 (direct validation, backend does
216 * the main anastasis protocol 216 * not generate a code in this mode)
217 * @param data input to validate (i.e. the shared secret) 217 * @param data truth for input to validate (i.e. the shared secret)
218 * @param data_length number of bytes in @a data 218 * @param data_length number of bytes in @a data
219 * @return state to track progress on the authorization operation, NULL on failure 219 * @return state to track progress on the authorization operation, NULL on failure
220 */ 220 */
@@ -230,7 +230,9 @@ totp_start (void *cls,
230 const struct ANASTASIS_AuthorizationContext *ac = cls; 230 const struct ANASTASIS_AuthorizationContext *ac = cls;
231 struct ANASTASIS_AUTHORIZATION_State *as; 231 struct ANASTASIS_AUTHORIZATION_State *as;
232 uint64_t want; 232 uint64_t want;
233 unsigned int off = 0;
233 234
235 GNUNET_assert (0 == code);
234 as = GNUNET_new (struct ANASTASIS_AUTHORIZATION_State); 236 as = GNUNET_new (struct ANASTASIS_AUTHORIZATION_State);
235 as->ac = ac; 237 as->ac = ac;
236 as->truth_uuid = *truth_uuid; 238 as->truth_uuid = *truth_uuid;
@@ -241,8 +243,8 @@ totp_start (void *cls,
241 want = compute_totp (i, 243 want = compute_totp (i,
242 data, 244 data,
243 data_length); 245 data_length);
244 if (code == want) 246 ANASTASIS_hash_answer (want,
245 as->ok = true; 247 &as->valid_replies[off++]);
246 } 248 }
247 return as; 249 return as;
248} 250}
@@ -264,9 +266,32 @@ totp_process (struct ANASTASIS_AUTHORIZATION_State *as,
264 MHD_RESULT mres; 266 MHD_RESULT mres;
265 const char *mime; 267 const char *mime;
266 const char *lang; 268 const char *lang;
269 const char *challenge_response_s;
270 struct GNUNET_HashCode challenge_response;
271
272 challenge_response_s = MHD_lookup_connection_value (connection,
273 MHD_GET_ARGUMENT_KIND,
274 "response");
275 if ( (NULL == challenge_response_s) ||
276 (GNUNET_OK !=
277 GNUNET_CRYPTO_hash_from_string (challenge_response_s,
278 &challenge_response)) )
279 {
280 GNUNET_break_op (0);
281 mres = TALER_MHD_reply_with_error (connection,
282 MHD_HTTP_BAD_REQUEST,
283 TALER_EC_GENERIC_PARAMETER_MALFORMED,
284 "response");
285 if (MHD_YES != mres)
286 return ANASTASIS_AUTHORIZATION_RES_FAILED_REPLY_FAILED;
287 return ANASTASIS_AUTHORIZATION_RES_FAILED;
267 288
268 if (as->ok) 289 }
269 return ANASTASIS_AUTHORIZATION_RES_FINISHED; 290 for (unsigned int i = 0; i<=TIME_INTERVAL_RANGE * 2; i++)
291 if (0 ==
292 GNUNET_memcmp (&challenge_response,
293 &as->valid_replies[i]))
294 return ANASTASIS_AUTHORIZATION_RES_FINISHED;
270 mime = MHD_lookup_connection_value (connection, 295 mime = MHD_lookup_connection_value (connection,
271 MHD_HEADER_KIND, 296 MHD_HEADER_KIND,
272 MHD_HTTP_HEADER_ACCEPT); 297 MHD_HTTP_HEADER_ACCEPT);