From eb78d4882b22bf2f22008b489be3aa5c8e7947a8 Mon Sep 17 00:00:00 2001
From: Klas Lindfors <klas@yubico.com>
Date: Wed, 18 Sep 2013 09:57:52 +0200
Subject: [PATCH] refactor to use chalresp function from ykpers

so challenge_response() now calls yk_challenge_response() to
do the yubikey internal stuff.
---
 pam_yubico.c |  6 ++----
 util.c       | 39 +++++++++++++--------------------------
 util.h       |  4 ++--
 ykpamcfg.c   |  6 ++----
 4 files changed, 19 insertions(+), 36 deletions(-)

diff --git a/pam_yubico.c b/pam_yubico.c
index 82f126b..2a80fda 100644
--- a/pam_yubico.c
+++ b/pam_yubico.c
@@ -461,7 +461,6 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
   char buf[CR_RESPONSE_SIZE + 16], response_hex[CR_RESPONSE_SIZE * 2 + 1];
   int ret, fd;
 
-  unsigned int flags = 0;
   unsigned int response_len = 0;
   YK_KEY *yk = NULL;
   CR_STATE state;
@@ -472,7 +471,6 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
   struct stat st;
 
   ret = PAM_AUTH_ERR;
-  flags |= YK_FLAG_MAYBLOCK;
 
   if (! init_yubikey(&yk)) {
     DBG(("Failed initializing YubiKey"));
@@ -544,7 +542,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
   }
 
   if (! challenge_response(yk, state.slot, state.challenge, state.challenge_len,
-			   true, flags, false,
+			   true, true, false,
 			   buf, sizeof(buf), &response_len)) {
     DBG(("Challenge-response FAILED"));
     goto out;
@@ -573,7 +571,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
 
   errstr = "Error communicating with Yubikey, please check syslog or contact your system administrator";
   if (! challenge_response(yk, state.slot, state.challenge, CR_CHALLENGE_SIZE,
-			   true, flags, false,
+			   true, true, false,
 			   buf, sizeof(buf), &response_len)) {
     DBG(("Second challenge-response FAILED"));
     goto out;
diff --git a/util.c b/util.c
index 01a5279..2d25452 100644
--- a/util.c
+++ b/util.c
@@ -145,15 +145,19 @@ init_yubikey(YK_KEY **yk)
 
 int challenge_response(YK_KEY *yk, int slot,
 		       char *challenge, unsigned int len,
-		       bool hmac, unsigned int flags, bool verbose,
-		       char *response, int res_size, unsigned int *res_len)
+		       bool hmac, bool may_block, bool verbose,
+		       char *response, unsigned int res_size, unsigned int *res_len)
 {
 	int yk_cmd;
-	unsigned int response_len = 0;
-	unsigned int expect_bytes = 0;
 
-	if (res_size < sizeof(64 + 16))
+  if(hmac == true) {
+    *res_len = 20;
+  } else {
+    *res_len = 16;
+  }
+	if (res_size < *res_len) {
 	  return 0;
+  }
 
 	memset(response, 0, res_size);
 
@@ -173,28 +177,11 @@ int challenge_response(YK_KEY *yk, int slot,
 		return 0;
 	}
 
-	if (!yk_write_to_key(yk, yk_cmd, challenge, len))
-		return 0;
+  if(! yk_challenge_response(yk, yk_cmd, may_block, len,
+        (unsigned char*)challenge, res_size, (unsigned char*)response)) {
+    return 0;
+  }
 
-	if (verbose) {
-		fprintf(stderr, "Reading response...\n");
-	}
-
-	/* HMAC responses are 160 bits, Yubico 128 */
-	expect_bytes = (hmac == true) ? 20 : 16;
-
-	if (! yk_read_response_from_key(yk, slot, flags,
-					response, res_size,
-					expect_bytes,
-					&response_len))
-		return 0;
-
-	if (hmac && response_len > 20)
-		response_len = 20;
-	if (! hmac && response_len > 16)
-		response_len = 16;
-
-	*res_len = response_len;
 
 	return 1;
 }
diff --git a/util.h b/util.h
index c0d086e..4ea013f 100644
--- a/util.h
+++ b/util.h
@@ -89,8 +89,8 @@ int init_yubikey(YK_KEY **yk);
 int check_firmware_version(YK_KEY *yk, bool verbose, bool quiet);
 int challenge_response(YK_KEY *yk, int slot,
 		       char *challenge, unsigned int len,
-		       bool hmac, unsigned int flags, bool verbose,
-		       char *response, int res_size, unsigned int *res_len);
+		       bool hmac, bool may_block, bool verbose,
+		       char *response, unsigned int res_size, unsigned int *res_len);
 
 #endif /* HAVE_CR */
 
diff --git a/ykpamcfg.c b/ykpamcfg.c
index 27e73b9..38197a2 100644
--- a/ykpamcfg.c
+++ b/ykpamcfg.c
@@ -126,7 +126,6 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, i
 {
   char buf[CR_RESPONSE_SIZE + 16];
   CR_STATE state;
-  unsigned int flags = 0;
   int ret = 0;
   unsigned int response_len;
   char *fn;
@@ -134,7 +133,6 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, i
   FILE *f = NULL;
 
   state.slot = slot;
-  flags |= YK_FLAG_MAYBLOCK;
   *exit_code = 1;
 
   p = getpwuid (getuid ());
@@ -185,7 +183,7 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, i
   state.challenge_len = CR_CHALLENGE_SIZE;
 
   if (! challenge_response(yk, state.slot, state.challenge, CR_CHALLENGE_SIZE,
-			   true, flags, verbose,
+			   true, true, verbose,
 			   buf, sizeof(buf), &response_len))
     goto out;
 
@@ -202,7 +200,7 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, i
       goto out;
     }
     if (! challenge_response(yk, state.slot, challenge, CR_CHALLENGE_SIZE,
-          true, flags, verbose,
+          true, true, verbose,
           buf2, sizeof(buf2), &response_len))
       goto out;