OpenPAM/OpenPAM
OpenPAM
/
OpenPAM
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Use a dummy bit in the key structure instead of relying on the label. 

git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@726 185d5e19-27fe-0310-9dcf-9bff6b9f3609
This commit is contained in:
Dag-Erling Smørgrav 2013-08-21 15:14:02 +00:00
parent 01d54c2924
commit 3b992508b8
4 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/security/oath_types.h
View File

@ -44,6 +44,7 @@ struct oath_key {
uint64_t lastuse; uint64_t lastuse;
/* housekeeping */ /* housekeeping */
unsigned int dummy:1;
unsigned int mapped:1; unsigned int mapped:1;
unsigned int locked:1; unsigned int locked:1;

4
lib/liboath/oath_hotp.c
View File

@ -117,7 +117,6 @@ int
oath_hotp_match(struct oath_key *k, unsigned int response, int window) oath_hotp_match(struct oath_key *k, unsigned int response, int window)
{ {
unsigned int code; unsigned int code;
int dummy;
if (k == NULL) if (k == NULL)
return (-1); return (-1);
@ -127,10 +126,9 @@ oath_hotp_match(struct oath_key *k, unsigned int response, int window)
return (-1); return (-1);
if (k->counter >= UINT64_MAX - window) if (k->counter >= UINT64_MAX - window)
return (-1); return (-1);
dummy = (strcmp(k->label, OATH_DUMMY_LABEL) == 0);
for (int i = 0; i < window; ++i) { for (int i = 0; i < window; ++i) {
code = oath_hotp(k->key, k->keylen, k->counter + i, k->digits); code = oath_hotp(k->key, k->keylen, k->counter + i, k->digits);
if (code == response && !dummy) { if (code == response && !k->dummy) {
k->counter = k->counter + i; k->counter = k->counter + i;
return (1); return (1);
} }

5
lib/liboath/oath_key_dummy.c
View File

@ -51,13 +51,14 @@ oath_key_dummy(enum oath_mode mode, enum oath_hash hash, unsigned int digits)
if ((key = oath_key_alloc()) == NULL) if ((key = oath_key_alloc()) == NULL)
return (NULL); return (NULL);
key->dummy = 1;
key->mode = mode; key->mode = mode;
key->digits = digits; key->digits = digits;
key->counter = 0; key->counter = 0;
key->timestep = 30; key->timestep = 30;
key->hash = hash; key->hash = hash;
strcpy(key->label, OATH_DUMMY_LABEL); memcpy(key->label, OATH_DUMMY_LABEL, sizeof OATH_DUMMY_LABEL);
key->labellen = strlen(key->label); key->labellen = sizeof OATH_DUMMY_LABEL - 1;
key->keylen = sizeof key->key; key->keylen = sizeof key->key;
return (key); return (key);
} }

4
lib/liboath/oath_totp.c
View File

@ -77,7 +77,6 @@ oath_totp_match(struct oath_key *k, unsigned int response, int window)
{ {
unsigned int code; unsigned int code;
uint64_t seq; uint64_t seq;
int dummy;
if (k == NULL) if (k == NULL)
return (-1); return (-1);
@ -88,7 +87,6 @@ oath_totp_match(struct oath_key *k, unsigned int response, int window)
if (k->timestep == 0) if (k->timestep == 0)
return (-1); return (-1);
seq = time(NULL) / k->timestep; seq = time(NULL) / k->timestep;
dummy = (strcmp(k->label, OATH_DUMMY_LABEL) == 0);
for (int i = -window; i <= window; ++i) { for (int i = -window; i <= window; ++i) {
#if OATH_TOTP_PREVENT_REUSE #if OATH_TOTP_PREVENT_REUSE
/* XXX disabled for now, should be a key parameter? */ /* XXX disabled for now, should be a key parameter? */
@ -96,7 +94,7 @@ oath_totp_match(struct oath_key *k, unsigned int response, int window)
continue; continue;
#endif #endif
code = oath_hotp(k->key, k->keylen, seq + i, k->digits); code = oath_hotp(k->key, k->keylen, seq + i, k->digits);
if (code == response && !dummy) { if (code == response && !k->dummy) {
k->lastuse = seq; k->lastuse = seq;
return (1); return (1);
} }