From 3b992508b8d9d718848978245807875994c9c045 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= Date: Wed, 21 Aug 2013 15:14:02 +0000 Subject: [PATCH] Use a dummy bit in the key structure instead of relying on the label. git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@726 185d5e19-27fe-0310-9dcf-9bff6b9f3609 --- include/security/oath_types.h | 1 + lib/liboath/oath_hotp.c | 4 +--- lib/liboath/oath_key_dummy.c | 5 +++-- lib/liboath/oath_totp.c | 4 +--- 4 files changed, 6 insertions(+), 8 deletions(-) diff --git a/include/security/oath_types.h b/include/security/oath_types.h index 8877f41..fe1f18a 100644 --- a/include/security/oath_types.h +++ b/include/security/oath_types.h @@ -44,6 +44,7 @@ struct oath_key { uint64_t lastuse; /* housekeeping */ + unsigned int dummy:1; unsigned int mapped:1; unsigned int locked:1; diff --git a/lib/liboath/oath_hotp.c b/lib/liboath/oath_hotp.c index e3df98e..439b2fc 100644 --- a/lib/liboath/oath_hotp.c +++ b/lib/liboath/oath_hotp.c @@ -117,7 +117,6 @@ int oath_hotp_match(struct oath_key *k, unsigned int response, int window) { unsigned int code; - int dummy; if (k == NULL) return (-1); @@ -127,10 +126,9 @@ oath_hotp_match(struct oath_key *k, unsigned int response, int window) return (-1); if (k->counter >= UINT64_MAX - window) return (-1); - dummy = (strcmp(k->label, OATH_DUMMY_LABEL) == 0); for (int i = 0; i < window; ++i) { code = oath_hotp(k->key, k->keylen, k->counter + i, k->digits); - if (code == response && !dummy) { + if (code == response && !k->dummy) { k->counter = k->counter + i; return (1); } diff --git a/lib/liboath/oath_key_dummy.c b/lib/liboath/oath_key_dummy.c index c4cff7c..7c5aa1b 100644 --- a/lib/liboath/oath_key_dummy.c +++ b/lib/liboath/oath_key_dummy.c @@ -51,13 +51,14 @@ oath_key_dummy(enum oath_mode mode, enum oath_hash hash, unsigned int digits) if ((key = oath_key_alloc()) == NULL) return (NULL); + key->dummy = 1; key->mode = mode; key->digits = digits; key->counter = 0; key->timestep = 30; key->hash = hash; - strcpy(key->label, OATH_DUMMY_LABEL); - key->labellen = strlen(key->label); + memcpy(key->label, OATH_DUMMY_LABEL, sizeof OATH_DUMMY_LABEL); + key->labellen = sizeof OATH_DUMMY_LABEL - 1; key->keylen = sizeof key->key; return (key); } diff --git a/lib/liboath/oath_totp.c b/lib/liboath/oath_totp.c index 195e8d5..c033ed7 100644 --- a/lib/liboath/oath_totp.c +++ b/lib/liboath/oath_totp.c @@ -77,7 +77,6 @@ oath_totp_match(struct oath_key *k, unsigned int response, int window) { unsigned int code; uint64_t seq; - int dummy; if (k == NULL) return (-1); @@ -88,7 +87,6 @@ oath_totp_match(struct oath_key *k, unsigned int response, int window) if (k->timestep == 0) return (-1); seq = time(NULL) / k->timestep; - dummy = (strcmp(k->label, OATH_DUMMY_LABEL) == 0); for (int i = -window; i <= window; ++i) { #if OATH_TOTP_PREVENT_REUSE /* XXX disabled for now, should be a key parameter? */ @@ -96,7 +94,7 @@ oath_totp_match(struct oath_key *k, unsigned int response, int window) continue; #endif code = oath_hotp(k->key, k->keylen, seq + i, k->digits); - if (code == response && !dummy) { + if (code == response && !k->dummy) { k->lastuse = seq; return (1); }