public function testCountersHigherThanOrEqual() { $sl = new SyncLib(); $localParams = array('yk_counter' => 100, 'yk_use' => 10); $otpParams = array('yk_counter' => 100, 'yk_use' => 11); $this->assertTrue($sl->countersHigherThanOrEqual($otpParams, $localParams)); $this->assertFalse($sl->countersHigherThanOrEqual($localParams, $otpParams)); $otpParams['yk_use'] = 10; $this->assertTrue($sl->countersHigherThanOrEqual($otpParams, $localParams)); $otpParams['yk_counter'] = 99; $this->assertFalse($sl->countersHigherThanOrEqual($otpParams, $localParams)); $otpParams['yk_counter'] = 101; $this->assertTrue($sl->countersHigherThanOrEqual($otpParams, $localParams)); }
sendResp(S_BACKEND_ERROR, $myLog, $apiKey); } $myLog->log(LOG_DEBUG, 'Auth data:', $localParams); if ($localParams['active'] != 1) { $myLog->log(LOG_NOTICE, "De-activated Yubikey {$yk_publicname}"); sendResp(S_BAD_OTP, $myLog, $apiKey); } /* Build OTP params */ $otpParams = array('modified' => time(), 'otp' => $otp, 'nonce' => $nonce, 'yk_publicname' => $yk_publicname, 'yk_counter' => $otpinfo['session_counter'], 'yk_use' => $otpinfo['session_use'], 'yk_high' => $otpinfo['high'], 'yk_low' => $otpinfo['low']); /* First check if OTP is seen with the same nonce, in such case we have an replayed request */ if ($sync->countersEqual($localParams, $otpParams) && $localParams['nonce'] == $otpParams['nonce']) { $myLog->log(LOG_WARNING, 'Replayed request'); sendResp(S_REPLAYED_REQUEST, $myLog, $apiKey, $extra); } /* Check the OTP counters against local db */ if ($sync->countersHigherThanOrEqual($localParams, $otpParams)) { $sync->log(LOG_WARNING, 'replayed OTP: Local counters higher'); $sync->log(LOG_WARNING, 'replayed OTP: Local counters ', $localParams); $sync->log(LOG_WARNING, 'replayed OTP: Otp counters ', $otpParams); sendResp(S_REPLAYED_OTP, $myLog, $apiKey, $extra); } /* Valid OTP, update database. */ if (!$sync->updateDbCounters($otpParams)) { $myLog->log(LOG_CRIT, 'Failed to update yubikey counters in database'); sendResp(S_BACKEND_ERROR, $myLog, $apiKey); } /* Queue sync requests */ if (!$sync->queue($otpParams, $localParams)) { $myLog->log(LOG_CRIT, 'ykval-verify:critical:failed to queue sync requests'); sendResp(S_BACKEND_ERROR, $myLog, $apiKey); }