return ts;
}
+int validate_signature(const char *key, size_t key_len, const char *h,
+ const char *id, const char *otp)
+{
+ char *line = NULL;
+ char *our_sig = NULL;
+ gcry_md_hd_t hd;
+ int r = 0;
+ asprintf(&line, "i=%s&otp=%s", id, otp);
+ if (line == NULL) {
+ r = -1;
+ goto free_mem;
+ }
+ gcry_md_open(&hd, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
+ if (hd == NULL) {
+ r = -1;
+ goto free_mem;
+ }
+
+ gcry_md_setkey(hd, key, key_len);
+ gcry_md_write(hd, line, strlen(line));
+ gcry_md_final(hd);
+ our_sig = ysc_b64_encode((char *) gcry_md_read(hd, 0),
+ gcry_md_get_algo_dlen(GCRY_MD_SHA1));
+ if (our_sig == NULL || strcmp(our_sig, h) != 0) {
+ r = -1;
+ goto free_mem;
+ }
+
+free_mem:
+ gcry_md_close(hd);
+ free(line);
+ free(our_sig);
+
+ return r;
+}
+
char *sign_request(char *key, size_t key_len, char *info, char *status,
char *timestamp) {
char *line;
goto free_mem;
}
- /* XXX: If h exists, verify. FIXME */
+ if (h != NULL) {
+ if (validate_signature(shared_secret, shared_secret_len, h,
+ id, otp) < 0) {
+ status = "BAD_SIGNATURE";
+ signature = sign_request(shared_secret, shared_secret_len,
+ NULL, status, timestamp);
+ send_response(conn, signature, status, NULL, timestamp);
+ goto free_mem;
+ }
+ }
/* Validate OTP */
/* Find public uid, if possible */
projects / yubikey-server-c / commitdiff