rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-02-20 12:54:23 +01:00
Code Issues Projects Releases Wiki Activity

Added option to get timestamp and session counters in the response.

Browse Source 
Use with

verify?id=x&otp=xxx..&timestamp=1

returns timestamp, sessoncounter and session use in response
This commit is contained in:
Olov Danielson 2009-10-05 14:53:28 +00:00
parent ad914034fe
commit 65d150ccde
2 changed files with 28 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ykval-common.php
View File

@ -231,17 +231,25 @@ function getClientData($conn, $clientId) {
return null; return null;
} // End getClientData } // End getClientData
function sendResp($status, $apiKey = '') { function sendResp($status, $apiKey = '', $extra = null) {
if ($status == null) { if ($status == null) {
$status = S_BACKEND_ERROR; $status = S_BACKEND_ERROR;
} }
$a['status'] = $status; $a['status'] = $status;
$a['t'] = getUTCTimeStamp(); $a['t'] = getUTCTimeStamp();
if ($extra){
foreach ($extra as $param => $value) $a[$param] = $value;
}
$h = sign($a, $apiKey); $h = sign($a, $apiKey);
echo "h=" . $h . "\r\n"; echo "h=" . $h . "\r\n";
echo "t=" . ($a['t']) . "\r\n"; echo "t=" . ($a['t']) . "\r\n";
if ($extra){
foreach ($extra as $param => $value) {
echo $param . "=" . $value . "\r\n";
}
}
echo "status=" . ($a['status']) . "\r\n"; echo "status=" . ($a['status']) . "\r\n";
echo "\r\n"; echo "\r\n";
} }

21
ykval-verify.php
View File

@ -26,6 +26,7 @@ $h = getHttpVal('h', '');
$client = getHttpVal('id', 0); $client = getHttpVal('id', 0);
$otp = getHttpVal('otp', ''); $otp = getHttpVal('otp', '');
$otp = strtolower($otp); $otp = strtolower($otp);
$timestamp = getHttpVal('timestamp', 0);
//// Get Client info from DB //// Get Client info from DB
// //
@ -52,6 +53,8 @@ if ($h != '') {
$a = array (); $a = array ();
$a['id'] = $client; $a['id'] = $client;
$a['otp'] = $otp; $a['otp'] = $otp;
// include timestamp in signature if it exists
if ($timestamp) $a['timestamp'] = $timestamp;
$hmac = sign($a, $apiKey); $hmac = sign($a, $apiKey);
// Compare it // Compare it
@ -159,7 +162,14 @@ if ($sessionCounter == $seenSessionCounter && $sessionUse > $seenSessionUse) {
$now = time(); $now = time();
$elapsed = $now - $lastTime; $elapsed = $now - $lastTime;
$deviation = abs($elapsed - $tsDelta); $deviation = abs($elapsed - $tsDelta);
$percent = $deviation/$elapsed;
// Time delta server might verify multiple OTPS in a row. In such case validation server doesn't
// have time to tick a whole second and we need to avoid division by zero.
if ($elapsed != 0) {
$percent = $deviation/$elapsed;
} else {
$percent = 1;
}
debug("Timestamp seen=" . $seenTs . " this=" . $ts . debug("Timestamp seen=" . $seenTs . " this=" . $ts .
" delta=" . $tsDiff . ' secs=' . $tsDelta . " delta=" . $tsDiff . ' secs=' . $tsDelta .
' accessed=' . $lastTime .' (' . $ad['accessed'] . ') now=' ' accessed=' . $lastTime .' (' . $ad['accessed'] . ') now='
@ -176,5 +186,12 @@ if ($sessionCounter == $seenSessionCounter && $sessionUse > $seenSessionUse) {
} }
} }
sendResp(S_OK, $apiKey); if ($timestamp==1){
$extra['timestamp'] = ($otpinfo['high'] << 16) + $otpinfo['low'];
$extra['sessioncounter'] = $sessionCounter;
$extra['sessionuse'] = $sessionUse;
sendResp(S_OK, $apiKey, $extra);
} else {
sendResp(S_OK, $apiKey);
}
?> ?>