/** Generate a random challenge (ascii chars 0-9) * * @note This is really cryptocard-specific (automatic ASCII conversion * @note and null termination). * * @param[out] challenge Buffer to write random string to. * @param[in] len Number of random bytes to write to buffer. */ void otp_async_challenge(char challenge[OTP_MAX_CHALLENGE_LEN + 1], size_t len) { uint8_t rawchallenge[OTP_MAX_CHALLENGE_LEN]; unsigned int i; otp_get_random(rawchallenge, len); /* Convert the raw bytes to ASCII decimal. */ for (i = 0; i < len; ++i) { challenge[i] = '0' + rawchallenge[i] % 10; } challenge[len] = '\0'; }
/* * Per-instance initialization */ static int mod_instantiate(CONF_SECTION *conf, void *instance) { rlm_otp_t *inst = instance; /* Onetime initialization. */ if (!ninstance) { /* Generate a random key, used to protect the State attribute. */ otp_get_random(inst->hmac_key, sizeof(inst->hmac_key)); /* Initialize the passcode encoding/checking functions. */ otp_pwe_init(); /* * Don't do this again. * Only the main thread instantiates and detaches instances, * so this does not need mutex protection. */ ninstance++; } /* Verify ranges for those vars that are limited. */ if ((inst->challenge_len < 5) || (inst->challenge_len > OTP_MAX_CHALLENGE_LEN)) { inst->challenge_len = 6; WDEBUG("invalid challenge_length %d, " "range 5-%d, using default of 6", inst->challenge_len, OTP_MAX_CHALLENGE_LEN); } if (!inst->allow_sync && !inst->allow_async) { cf_log_err_cs(conf, "at least one of {allow_async, " "allow_sync} must be set"); return -1; } if ((inst->mschapv2_mppe_policy > 2) || (inst->mschapv2_mppe_policy < 0)) { inst->mschapv2_mppe_policy = 2; WDEBUG("Invalid value for mschapv2_mppe, " "using default of 2"); } if ((inst->mschapv2_mppe_types > 2) || (inst->mschapv2_mppe_types < 0)) { inst->mschapv2_mppe_types = 2; WDEBUG("Invalid value for " "mschapv2_mppe_bits, using default of 2"); } if ((inst->mschap_mppe_policy > 2) || (inst->mschap_mppe_policy < 0)) { inst->mschap_mppe_policy = 2; WDEBUG("Invalid value for mschap_mppe, " "using default of 2"); } if (inst->mschap_mppe_types != 2) { inst->mschap_mppe_types = 2; WDEBUG("Invalid value for " "mschap_mppe_bits, using default of 2"); } /* set the instance name (for use with authorize()) */ inst->name = cf_section_name2(conf); if (!inst->name) inst->name = cf_section_name1(conf); return 0; }