cryb-to/lib/oath/oath_hotp.c
Dag-Erling Smørgrav f82bbc1400 Catch up with OpenPAM's latest OATH changes:
Add an oath_mode(3) function which translates from mode names to numbers.

 Consistently use UINT_MAX, not -1, to indicate an invalid response.

 Change the meaning of the window parameter to always indicate the number
 of codes to check *in addition* to the current code.  Note that for TOTP,
 the window goes in both directions; a window of 1 means to check the
 current code plus the previous and next.
2014-12-20 01:45:01 +00:00

129 lines
3.6 KiB
C

/*-
* Copyright (c) 2012-2013 The University of Oslo
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "cryb/impl.h"
#include <limits.h>
#include <stdint.h>
#include <string.h>
#include <cryb/hmac_sha1.h>
#include <cryb/oath.h>
#define StToNum(St) (St)
static uint32_t
DT(const uint8_t *String)
{
uint8_t OffsetBits;
int Offset;
uint32_t P;
OffsetBits = String[19] & 0x0f;
Offset = StToNum(OffsetBits);
P = (uint32_t)String[Offset + 0] << 24 |
(uint32_t)String[Offset + 1] << 16 |
(uint32_t)String[Offset + 2] << 8 |
(uint32_t)String[Offset + 3];
return (P & 0x7fffffffUL);
}
unsigned int
oath_hotp(const uint8_t *K, size_t Klen, uint64_t seq, unsigned int Digit)
{
hmac_sha1_ctx ctx;
uint8_t C[8];
uint8_t HS[20];
uint32_t Sbits, Snum;
unsigned int mod, D;
for (int i = 7; i >= 0; --i) {
C[i] = seq & 0xff;
seq >>= 8;
}
/* HS = HMAC-SHA-1(K,C) */
hmac_sha1_init(&ctx, K, Klen);
hmac_sha1_update(&ctx, (const uint8_t *)&C, sizeof C);
hmac_sha1_final(&ctx, HS);
Sbits = DT(HS);
Snum = StToNum(Sbits);
for (mod = 1; Digit > 0; --Digit)
mod *= 10;
D = Snum % mod;
return (D);
}
/*
* Computes the current code for the given key and advances the counter.
*/
unsigned int
oath_hotp_current(struct oath_key *k)
{
unsigned int code;
if (k == NULL)
return (UINT_MAX);
if (k->mode != om_hotp)
return (UINT_MAX);
if (k->counter == UINT64_MAX)
return (UINT_MAX);
code = oath_hotp(k->key, k->keylen, k->counter, k->digits);
k->counter += 1;
return (code);
}
/*
* Compares the code provided by the user with expected values within a
* given window. Returns 1 if there was a match, 0 if not, and -1 if an
* error occurred. Also advances the counter if there was a match.
*/
int
oath_hotp_match(struct oath_key *k, unsigned int response, int window)
{
unsigned int code;
if (k == NULL)
return (-1);
if (window < 0)
return (-1);
if (k->mode != om_hotp)
return (-1);
if (k->counter >= UINT64_MAX - window - 1)
return (-1);
for (int i = 0; i <= window; ++i) {
code = oath_hotp(k->key, k->keylen, k->counter + i, k->digits);
if (code == response && !k->dummy) {
k->counter = k->counter + i;
return (1);
}
}
return (0);
}