search

plotters / otpd

Automatically exported from code.google.com/p/otpd
GNU General Public License v2.0
0 stars 0 forks source link

resynctool only works for 6-digit hotp tokens (with patch) #25

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Obtain a HOTP token configurable for 8 digit codes, such as a CryptoCARD 
OATH Crystal-1

2. Hit the button a few times so you're not starting at counter value 1.

3. Try to use resynctool and watch it explode because the duplicate copy of the 
core HOTP function in it can only handle 6 digit responses!

What is the expected output? What do you see instead?

resynctool should work with any valid length HOTP response -- 6, 7, 8, or 9 
digits, just like the main HOTP code in otpd itself.  Instead, it needlessly 
aborts because the responses it's given are not 6 digits long.

What version of the product are you using? On what operating system?

latest from SVN as of tonight, Debian Squeeze.

Please provide any additional information below.

The attached patch fixes this issue by eliminating all the code in resynctool 
that was old, cut-and-pasted code from other files in the program.  To do this 
cleanly it also has to split the x2a and a2x functions out of "xfuncs.c" into 
their own source file -- they are really different from everything else in 
there so that makes sense anyway.  It also removes two mlog() calls from hotp.c 
because leaving them there would require linking almost all of OTPD into 
resynctool.  The removed log calls should *never* fire in any case that would 
not require attaching the debugger to otpd to investigate anyway, so there 
should be no real loss of error reporting or maintainability there.

I have tested the attached patch with a CryptoCARD OATH Crystal-1 token 
configured for 8 digit HOTP. It works great.  I can't paste the resynctool -d 
command line and output here, unfortunately, since that would disclose the 
token's key material... oops. :-)

Original issue reported on code.google.com by t...@panix.com on 24 Jan 2012 at 3:18

Attachments:

GoogleCodeExporter commented 9 years ago 
I'll handle this one.

Original comment by t...@panix.com on 24 Feb 2012 at 2:23

GoogleCodeExporter commented 9 years ago 
Fixed by #81.

Original comment by t...@panix.com on 22 Sep 2012 at 4:02