rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-02-01 10:52:18 +01:00
Code Issues Projects Releases Wiki Activity

Fix counter comparison

Browse Source
This commit is contained in:
Paul Chen 2008-09-20 01:36:24 +00:00
parent 8fc5847159
commit ef82bfbc85
1 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
verifyOTP.php
View File

@ -1,6 +1,8 @@
<?php require_once '../yms/appinclude.php'; <?php require_once '../yms/appinclude.php';
require_once '../yms/yubi_lib.php'; require_once '../yms/yubi_lib.php';
if (!isset($trace)) { $trace = 0; }
$id = getHttpVal('id', 0); $id = getHttpVal('id', 0);
if ($id <= 0) { if ($id <= 0) {
echo 'Client ID is missing'; echo 'Client ID is missing';
@ -27,14 +29,13 @@ if ($ad == null) {
} }
$k = b64ToModhex($ad['secret']); $k = b64ToModhex($ad['secret']);
debug('aes key in modhex = '.$k); //debug('aes key in modhex = '.$k);
$key16 = ModHex::Decode($k); $key16 = ModHex::Decode($k);
debug('aes key in hex = ['.$key16.'], length = '.strlen($key16)); //debug('aes key in hex = ['.$key16.'], length = '.strlen($key16));
//// Decode OTP from input //// Decode OTP from input
// //
debug('<h3>From OTP decoded</h3>'); debug('<h3>From OTP decoded</h3>');
//$key= pack('H*', $key16);
$decoded_token = Yubikey::Decode($otp, $key16); $decoded_token = Yubikey::Decode($otp, $key16);
debug($decoded_token); debug($decoded_token);
if ( ! is_array($decoded_token) ) { if ( ! is_array($decoded_token) ) {
@ -67,7 +68,7 @@ if ( strlen($decoded_token["token"]) == 32) {
// Check the session counter // Check the session counter
// //
$sessionCounter = $decoded_token["counter"]; // From the req $sessionCounter = $decoded_token["session_counter"]; // From the req
$seenSessionCounter = $ad['counter']; // From DB $seenSessionCounter = $ad['counter']; // From DB
$scDiff = $seenSessionCounter - $sessionCounter; $scDiff = $seenSessionCounter - $sessionCounter;
if ($scDiff > 0) { if ($scDiff > 0) {
@ -76,7 +77,7 @@ if ($scDiff > 0) {
debug("Counter OK (".$sessionCounter.")"); debug("Counter OK (".$sessionCounter.")");
} }
$hi = $decoded_token["high"] & 0xff; // From the req $hi = $decoded_token["high"]; // From the req
$seenHi = $ad['high']; // From DB $seenHi = $ad['high']; // From DB
$hiDiff = $seenHi - $hi; $hiDiff = $seenHi - $hi;
if ($scDiff == 0 && $hiDiff > 0) { if ($scDiff == 0 && $hiDiff > 0) {
@ -85,10 +86,10 @@ if ($scDiff == 0 && $hiDiff > 0) {
debug("High counter OK (".$hi.")"); debug("High counter OK (".$hi.")");
} }
$lo = $decoded_token["low"] & 0xff; // From the req $lo = $decoded_token["low"]; // From the req
$seenLo = $ad['low']; // From DB $seenLo = $ad['low']; // From DB
$loDiff = $seenLo - $lo; $loDiff = $seenLo - $lo;
if ($scDiff == 0 && $loDiff > 0) { if ($scDiff == 0 && $loDiff >= 0) {
die("Replayed low counter=".$lo.', seen='.$seenLo); die("Replayed low counter=".$lo.', seen='.$seenLo);
} else { } else {
debug("Low counter OK (".$lo.")"); debug("Low counter OK (".$lo.")");
@ -117,12 +118,12 @@ function debug($msg, $exit=false) {
} }
} }
function updDB($id, $a) { function updDB($id, $new) {
$stmt = 'UPDATE yubikeys SET '. $stmt = 'UPDATE yubikeys SET '.
'accessed=NOW(),'. 'accessed=NOW(),'.
'counter='.$a['counter'].','. 'counter='.$new['session_counter'].','.
'low='.$a['low'].','. 'low='.$new['low'].','.
'high='.$a['high']. 'high='.$new['high'].
' WHERE id='.$id; ' WHERE id='.$id;
if (!query($stmt)) { if (!query($stmt)) {
$err = 'Failed to update validation data of key: '.$id.' by '.$stmt; $err = 'Failed to update validation data of key: '.$id.' by '.$stmt;