22 uint32_t counter, timestamp;
23 yubikey_token_st
token;
27 char private_id[(YUBIKEY_UID_SIZE * 2) + 1];
32 REDEBUG(
"Dictionary missing entry for 'Yubikey-Key'");
38 REDEBUG(
"Yubikey-Key attribute not found in control list, can't decrypt OTP data");
42 if (key->vp_length != YUBIKEY_KEY_SIZE) {
43 REDEBUG(
"Yubikey-Key length incorrect, expected %u got %zu", YUBIKEY_KEY_SIZE, key->vp_length);
47 yubikey_parse((uint8_t
const *) passcode + inst->
id_len, key->vp_octets, &token);
52 if (!yubikey_crc_ok_p((uint8_t *) &token)) {
53 REDEBUG(
"Decrypting OTP token data failed, rejecting");
57 RDEBUG(
"Token data decrypted successfully");
59 counter = (yubikey_counter(token.ctr) << 8) | token.use;
60 timestamp = (token.tstph << 16) | token.tstpl;
63 (void)
fr_bin2hex((
char *) &private_id, (uint8_t*) &token.uid, YUBIKEY_UID_SIZE);
64 RDEBUG2(
"Private ID : 0x%s", private_id);
65 RDEBUG2(
"Session counter : %u", counter);
67 RDEBUG2(
"Token timestamp : %u", timestamp);
69 RDEBUG2(
"Random data : %u", token.rnd);
70 RDEBUG2(
"CRC data : 0x%x", token.crc);
78 REDEBUG(
"Failed creating Yubikey-Private-ID");
89 REDEBUG(
"Failed creating Yubikey-Timestamp");
93 vp->vp_integer = timestamp;
101 REDEBUG(
"Failed creating Yubikey-Random");
105 vp->vp_integer = token.rnd;
114 REDEBUG(
"Failed creating Yubikey-Counter");
118 vp->vp_integer = counter;
126 RWDEBUG(
"Yubikey-Counter not found in control list, skipping replay attack checks");
131 REDEBUG(
"Replay attack detected! Counter value %u, is lt or eq to last known counter value %u",
132 counter, vp->vp_integer);
VALUE_PAIR * config
VALUE_PAIR (s) used to set per request parameters for modules and the server core at runtime...
The module is OK, continue.
#define RDEBUG_ENABLED2
True if request debug level 1-2 messages are enabled.
VALUE_PAIR * vps
Result of decoding the packet into VALUE_PAIRs.
The module considers the request invalid.
Immediately reject the request.
Stores an attribute, a value and various bits of other data.
enum rlm_rcodes rlm_rcode_t
Return codes indicating the result of the module call.
rlm_rcode_t rlm_yubikey_decrypt(rlm_yubikey_t *inst, REQUEST *request, char const *passcode)
VALUE_PAIR * fr_pair_find_by_da(VALUE_PAIR *head, fr_dict_attr_t const *da, int8_t tag)
Find the pair with the matching DAs.
Module failed, don't reply.
RADIUS_PACKET * packet
Incoming request.
unsigned int id_len
The length of the Public ID portion of the OTP string.
VALUE_PAIR * fr_pair_make(TALLOC_CTX *ctx, VALUE_PAIR **vps, char const *attribute, char const *value, FR_TOKEN op)
Create a VALUE_PAIR from ASCII strings.
size_t fr_bin2hex(char *hex, uint8_t const *bin, size_t inlen)
Convert binary data to a hex string.
void fr_pair_value_memcpy(VALUE_PAIR *vp, uint8_t const *src, size_t len)
Copy data into an "octets" data type.
fr_dict_attr_t const * fr_dict_attr_by_name(fr_dict_t *dict, char const *attr)
Locate a fr_dict_attr_t by its name.