Yubikey Management Server: comparison yms/backend.php

equal deleted inserted replaced

-:b9eb748ac1e4
+:31387f4022e5
 if ( $otp['session'] == $session_count && $otp['count'] <= $token_count )
 {
 return 'REPLAYED_OTP';
 }
-// update DB
-$q = $db->sql_query("UPDATE " . table_prefix . "yms_yubikeys SET session_count = {$otp['session']}, token_count = {$otp['count']}, access_time = " . time() . ", token_time = {$otp['timestamp']} WHERE id = $yubikey_id;");
-if ( !$q )
-$db->_die();
 // check timestamp
 if ( $otp['session'] == $session_count )
 {
 $expect_delta = time() - $access_time;
-// 8Hz Yubikey internal clock
+// Tolerate up to a 0.5Hz deviance from 8Hz. I've observed Yubikey
-$actual_delta = intval(( $otp['timestamp'] - $token_time ) / 8);
+// clocks running at 8.32Hz
-$fuzz = 150;
+$actual_delta = $otp['timestamp'] - $token_time;
+$fuzz = 150 + round(($actual_delta / 7.5) - ($actual_delta / 8.5));
+// Now that we've calculated fuzz, convert the actual delta to quasi-seconds
+$actual_delta /= 8;
 if ( !yms_within($expect_delta, $actual_delta, $fuzz) )
 {
 // if we have a likely wraparound, just pass it
-if ( !($token_time > 0xe80000 && $otp['timestamp'] < 0x800000) )
+if ( !($token_time > 0xe80000 && $otp['timestamp'] < 0x080000) )
 {
 return 'BAD_OTP';
 }
 }
 // $debug_array = array('ts_debug_delta_expected' => $expect_delta, 'ts_debug_delta_received' => $actual_delta);
 }
+// update DB
+$q = $db->sql_query("UPDATE " . table_prefix . "yms_yubikeys SET session_count = {$otp['session']}, token_count = {$otp['count']}, access_time = " . time() . ", token_time = {$otp['timestamp']} WHERE id = $yubikey_id;");
+if ( !$q )
+$db->_die();
 // looks like we're good
 return 'OK';
 }

changeset 12	31387f4022e5
parent 4	9fdc988ce46e
child 13	8a8cdc21aa15