1
0
mirror of https://github.com/Yubico/yubikey-val.git synced 2024-12-01 15:24:16 +01:00
yubikey-val/common.php

150 lines
3.7 KiB
PHP
Raw Normal View History

2008-09-26 05:21:11 +02:00
<?php
2009-03-11 02:42:23 +01:00
2008-09-26 05:21:11 +02:00
define('S_OK', 'OK');
define('S_BAD_OTP', 'BAD_OTP');
define('S_REPLAYED_OTP', 'REPLAYED_OTP');
2009-03-11 01:19:59 +01:00
define('S_DELAYED_OTP', 'DELAYED_OTP');
2008-09-26 05:21:11 +02:00
define('S_BAD_SIGNATURE', 'BAD_SIGNATURE');
define('S_MISSING_PARAMETER', 'MISSING_PARAMETER');
2009-03-10 23:01:46 +01:00
define('S_NO_SUCH_CLIENT', 'NO_SUCH_CLIENT');
2008-09-26 05:21:11 +02:00
define('S_OPERATION_NOT_ALLOWED', 'OPERATION_NOT_ALLOWED');
define('S_BACKEND_ERROR', 'BACKEND_ERROR');
2009-03-11 02:42:23 +01:00
define('TS_SEC', 1/8);
define('TS_REL_TOLERANCE', 0.3);
define('TS_ABS_TOLERANCE', 20);
2008-09-26 05:21:11 +02:00
2009-03-11 02:42:23 +01:00
define('DEVICE_ID_LEN', 12);
2009-03-10 23:50:35 +01:00
function unescape($s) {
return str_replace('\\', "", $s);
}
function getHttpVal($key, $defaultVal) {
$val = $defaultVal;
if (array_key_exists($key, $_GET)) {
$val = $_GET[$key];
} else if (array_key_exists($key, $_POST)) {
$val = $_POST[$key];
}
$v = unescape(trim($val));
return $v;
}
2009-03-11 03:06:02 +01:00
function query($conn, $q) {
debug('Query: '.$q);
$result = mysql_query($q, $conn);
if (!$result) {
die("Query error: " . mysql_error());
}
return $result;
2009-03-10 23:50:35 +01:00
}
function mysql_quote($value) {
return "'" . mysql_real_escape_string($value) . "'";
}
2009-03-11 01:54:19 +01:00
function debug($msg) {
if (is_array($msg)) {
$str = "";
foreach($msg as $key => $value){
$str .= "$key=$value ";
}
} else {
$str = $msg;
}
error_log($str);
2008-09-26 05:21:11 +02:00
}
// Return eg. 2008-11-21T06:11:55Z0711
2008-11-21 07:41:13 +01:00
//
2008-09-27 11:04:49 +02:00
function getUTCTimeStamp() {
date_default_timezone_set('UTC');
$tiny = substr(microtime(false), 2, 3);
return date('Y-m-d\TH:i:s\Z0', time()) . $tiny;
2008-09-27 11:04:49 +02:00
}
// Sign a http query string in the array of key-value pairs
// return b64 encoded hmac hash
2009-03-11 03:06:02 +01:00
function sign($a, $apiKey) {
2008-09-27 11:04:49 +02:00
ksort($a);
$qs = '';
$n = count($a);
$i = 0;
foreach (array_keys($a) as $key) {
2008-11-21 22:41:26 +01:00
$qs .= trim($key).'='.trim($a[$key]);
2008-09-27 11:04:49 +02:00
if (++$i < $n) {
$qs .= '&';
}
}
// the TRUE at the end states we want the raw value, not hexadecimal form
$hmac = hash_hmac('sha1', utf8_encode($qs), $apiKey, true);
$hmac = base64_encode($hmac);
2009-03-11 02:53:38 +01:00
debug('SIGN: ' . $qs . ' H=' . $hmac);
2008-09-27 11:04:49 +02:00
return $hmac;
2008-10-08 08:29:19 +02:00
} // sign an array of query string
2008-09-27 11:04:49 +02:00
function hex2b64 ($hex_str) {
$bin = pack("H*", $hex_str);
return base64_encode($bin);
2009-03-10 23:50:35 +01:00
}
function modhex2b64 ($modhex_str) {
$hex_str = strtr ($modhex_str, "cbdefghijklnrtuv", "0123456789abcdef");
return hex2b64($hex_str);
2009-03-10 23:50:35 +01:00
}
2009-03-11 02:42:23 +01:00
// $otp: A yubikey OTP
function decryptOTP($otp, $base_url) {
$url = $base_url . $otp;
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_USERAGENT, "YK-VAL");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2009-03-11 03:12:36 +01:00
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
$response = curl_exec($ch);
curl_close($ch);
2009-03-11 11:59:47 +01:00
debug("YK-KSM response: $response (url $url)");
if (sscanf ($response,
"OK counter=%04x high=%02x low=%04x use=%02x",
$ret["session_counter"], $ret["high"],
$ret["low"], $ret["session_use"]) != 4) {
return false;
}
return $ret;
} // End decryptOTP
2009-03-10 23:50:35 +01:00
// $devId: The first 12 chars from the OTP
2009-03-11 03:06:02 +01:00
function getAuthData($conn, $devId) {
$tokenId = modhex2b64($devId);
$stmt = 'SELECT id, client_id, active, counter, '.
2009-03-11 01:54:19 +01:00
'sessionUse, low, high, accessed FROM yubikeys WHERE active '.
'AND tokenId='.mysql_quote($tokenId);
2009-03-11 03:06:02 +01:00
$r = query($conn, $stmt);
2009-03-10 23:50:35 +01:00
if (mysql_num_rows($r) > 0) {
$row = mysql_fetch_assoc($r);
mysql_free_result($r);
return $row;
}
return null;
} // End getAuthData
// $clientId: The decimal client identity
2009-03-11 03:06:02 +01:00
function getClientData($conn, $clientId) {
2009-03-11 02:53:38 +01:00
$stmt = 'SELECT id, secret, chk_sig, chk_owner, chk_time'.
2009-03-11 01:54:19 +01:00
' FROM clients WHERE active AND id='.mysql_quote($clientId);
2009-03-11 03:06:02 +01:00
$r = query($conn, $stmt);
2009-03-10 23:50:35 +01:00
if (mysql_num_rows($r) > 0) {
$row = mysql_fetch_assoc($r);
mysql_free_result($r);
return $row;
}
return null;
} // End getClientData
2008-09-26 05:21:11 +02:00
?>