From 278a2fe315eff41a809d6fc473203261fe483b61 Mon Sep 17 00:00:00 2001 From: Tollef Fog Heen Date: Mon, 12 Oct 2009 11:13:58 +0200 Subject: [PATCH] Validate h if it exists in the request --- src/main.c | 47 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) diff --git a/src/main.c b/src/main.c index ec83558..05d037f 100644 --- a/src/main.c +++ b/src/main.c @@ -62,6 +62,42 @@ char *get_timestamp(void) { return ts; } +int validate_signature(const char *key, size_t key_len, const char *h, + const char *id, const char *otp) +{ + char *line = NULL; + char *our_sig = NULL; + gcry_md_hd_t hd; + int r = 0; + asprintf(&line, "i=%s&otp=%s", id, otp); + if (line == NULL) { + r = -1; + goto free_mem; + } + gcry_md_open(&hd, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC); + if (hd == NULL) { + r = -1; + goto free_mem; + } + + gcry_md_setkey(hd, key, key_len); + gcry_md_write(hd, line, strlen(line)); + gcry_md_final(hd); + our_sig = ysc_b64_encode((char *) gcry_md_read(hd, 0), + gcry_md_get_algo_dlen(GCRY_MD_SHA1)); + if (our_sig == NULL || strcmp(our_sig, h) != 0) { + r = -1; + goto free_mem; + } + +free_mem: + gcry_md_close(hd); + free(line); + free(our_sig); + + return r; +} + char *sign_request(char *key, size_t key_len, char *info, char *status, char *timestamp) { char *line; @@ -345,7 +381,16 @@ static int handle_request(void * UNUSED(data), goto free_mem; } - /* XXX: If h exists, verify. FIXME */ + if (h != NULL) { + if (validate_signature(shared_secret, shared_secret_len, h, + id, otp) < 0) { + status = "BAD_SIGNATURE"; + signature = sign_request(shared_secret, shared_secret_len, + NULL, status, timestamp); + send_response(conn, signature, status, NULL, timestamp); + goto free_mem; + } + } /* Validate OTP */ /* Find public uid, if possible */ -- 2.39.5