token-validator: challenge disk done

This commit is contained in:
nemunaire 2018-02-22 05:47:38 +01:00 committed by Pierre-Olivier Mercier
parent 843aac8d54
commit bbcc7cd373

View File

@ -113,23 +113,27 @@ func challengeTime(s *Student, t *givenToken, chid int) error {
} }
func challengeDisk(s *Student, t *givenToken, chid int) error { func challengeDisk(s *Student, t *givenToken, chid int) error {
pkey := s.GetPKey() pkey := fmt.Sprintf("%x", s.GetPKey())
n1, err := strconv.Atoi(t.Token[0:2]) n1, err := strconv.Atoi(t.Data[0][0:2])
if err != nil { if err != nil {
return err return err
} }
n2, err := strconv.Atoi(t.Token[2:4]) n2, err := strconv.Atoi(t.Data[0][2:4])
if err != nil { if err != nil {
return err return err
} }
sum := make([]byte, hex.DecodedLen(len(t.Token[4:]))) sum := make([]byte, hex.DecodedLen(len(t.Data[0][4:])))
if _, err := hex.Decode(t.token, []byte(t.Token[4:])); err != nil { if _, err := hex.Decode(sum, []byte(t.Data[0][4:])); err != nil {
return err return err
} }
expectedToken := sha512.Sum512([]byte(pkey[n1:n2])) if n1+n2 > len(pkey) {
n2 = len(pkey)-n1
}
expectedToken := sha512.Sum512([]byte(pkey[n1:n1+n2]))
if ! hmac.Equal(expectedToken[:], sum) { if ! hmac.Equal(expectedToken[:], sum) {
return errors.New("This is not the expected token.") return errors.New("This is not the expected token.")
@ -232,10 +236,17 @@ func receiveToken(r *http.Request, ps httprouter.Params, body []byte) (interface
if chid, err = strconv.Atoi(string(ps.ByName("chid"))); err != nil { if chid, err = strconv.Atoi(string(ps.ByName("chid"))); err != nil {
if gt.Challenge > 0 { if gt.Challenge > 0 {
chid = gt.Challenge chid = gt.Challenge
} else if string(ps.ByName("chid")) != "" {
return nil, err
} }
err = nil
} }
if chid == 0 || chid > len(challenges) { if chid == 0 {
chid = 4
}
if chid > len(challenges) {
return nil, errors.New("This challenge doesn't exist") return nil, errors.New("This challenge doesn't exist")
} }