From 435950ee10fc3d58f7ff992a2c2a2a3f73efa806 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 28 Sep 2021 15:50:28 +0200 Subject: theoretically, this completes the TOTP implementation, alas completely untested --- .../anastasis_authorization_plugin_totp.c | 47 +++++++++++++++++----- 1 file changed, 36 insertions(+), 11 deletions(-) (limited to 'src/authorization/anastasis_authorization_plugin_totp.c') diff --git a/src/authorization/anastasis_authorization_plugin_totp.c b/src/authorization/anastasis_authorization_plugin_totp.c index 6fcdd39..ee1ab3f 100644 --- a/src/authorization/anastasis_authorization_plugin_totp.c +++ b/src/authorization/anastasis_authorization_plugin_totp.c @@ -59,14 +59,14 @@ struct ANASTASIS_AUTHORIZATION_State struct ANASTASIS_CRYPTO_TruthUUIDP truth_uuid; /** - * Our context. + * Was the challenge satisfied? */ - const struct ANASTASIS_AuthorizationContext *ac; + struct GNUNET_HashCode valid_replies[TIME_INTERVAL_RANGE * 2 + 1]; /** - * Was the challenge satisfied? + * Our context. */ - bool ok; + const struct ANASTASIS_AuthorizationContext *ac; }; @@ -212,9 +212,9 @@ compute_totp (int time_off, * @param trigger_cls closure for @a trigger * @param truth_uuid Identifier of the challenge, to be (if possible) included in the * interaction with the user - * @param code set to secret code that the user provided to satisfy the challenge in - * the main anastasis protocol - * @param data input to validate (i.e. the shared secret) + * @param code always 0 (direct validation, backend does + * not generate a code in this mode) + * @param data truth for input to validate (i.e. the shared secret) * @param data_length number of bytes in @a data * @return state to track progress on the authorization operation, NULL on failure */ @@ -230,7 +230,9 @@ totp_start (void *cls, const struct ANASTASIS_AuthorizationContext *ac = cls; struct ANASTASIS_AUTHORIZATION_State *as; uint64_t want; + unsigned int off = 0; + GNUNET_assert (0 == code); as = GNUNET_new (struct ANASTASIS_AUTHORIZATION_State); as->ac = ac; as->truth_uuid = *truth_uuid; @@ -241,8 +243,8 @@ totp_start (void *cls, want = compute_totp (i, data, data_length); - if (code == want) - as->ok = true; + ANASTASIS_hash_answer (want, + &as->valid_replies[off++]); } return as; } @@ -264,9 +266,32 @@ totp_process (struct ANASTASIS_AUTHORIZATION_State *as, MHD_RESULT mres; const char *mime; const char *lang; + const char *challenge_response_s; + struct GNUNET_HashCode challenge_response; + + challenge_response_s = MHD_lookup_connection_value (connection, + MHD_GET_ARGUMENT_KIND, + "response"); + if ( (NULL == challenge_response_s) || + (GNUNET_OK != + GNUNET_CRYPTO_hash_from_string (challenge_response_s, + &challenge_response)) ) + { + GNUNET_break_op (0); + mres = TALER_MHD_reply_with_error (connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_GENERIC_PARAMETER_MALFORMED, + "response"); + if (MHD_YES != mres) + return ANASTASIS_AUTHORIZATION_RES_FAILED_REPLY_FAILED; + return ANASTASIS_AUTHORIZATION_RES_FAILED; - if (as->ok) - return ANASTASIS_AUTHORIZATION_RES_FINISHED; + } + for (unsigned int i = 0; i<=TIME_INTERVAL_RANGE * 2; i++) + if (0 == + GNUNET_memcmp (&challenge_response, + &as->valid_replies[i])) + return ANASTASIS_AUTHORIZATION_RES_FINISHED; mime = MHD_lookup_connection_value (connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_ACCEPT); -- cgit v1.2.3