fix serialization and auth test

[pam_pcsc_cr.git] / authobj.c

diff --git a/authobj.c b/authobj.c
index ec929071a7c723a02bb71786c8464f3f3f4b6fc3..3bd9da5f33e4de709fbf52924e680a11fb015fec 100644 (file)
--- a/authobj.c
+++ b/authobj.c
@@ -8,6 +8,20 @@
 #include "crypto.h"
 #include "authobj.h"
 
+int make_challenge(const char *id, const char *pass, const char *nonce,
+               unsigned char *challenge, int *challengesize)
+{
+       serializer_t srl;
+
+       if (serial_init(&srl, challenge, *challengesize)) return -1;
+       if (serial_put(&srl, id, strlen(id)) != strlen(id)) return -2;
+       if (serial_put(&srl, pass, strlen(pass)) != strlen(pass)) return -3;
+       if (serial_put(&srl, nonce, strlen(nonce)) != strlen(nonce)) return -4;
+       if (serial_put(&srl, NULL, 0) != 0) return -5;
+       *challengesize = serial_size(&srl);
+       return 0;
+}
+
 int make_authobj(const char *id, const char *pass, const char *nonce,
                const unsigned char *secret, const int secsize,
                const unsigned char *payload, const int paysize,
@@ -17,8 +31,8 @@ int make_authobj(const char *id, const char *pass, const char *nonce,
        int datasize;
        unsigned char datahash[HASHSIZE];
        int datahashsize = HASHSIZE;
-       unsigned char *hmacdata;
-       int hmacdatasize;
+       unsigned char *challenge;
+       int challengesize;
        unsigned char key[HASHSIZE];
        int keysize = HASHSIZE;
        serializer_t srl;
@@ -27,36 +41,32 @@ int make_authobj(const char *id, const char *pass, const char *nonce,
                        CBLKSIZE + 1) * CBLKSIZE;
        data = alloca(datasize);
        if (serial_init(&srl, data, datasize)) return -1;
-       if (serial_put(&srl, secret, secsize) != secsize) return -1;
-       if (serial_put(&srl, payload, paysize) != paysize) return -1;
+       if (serial_put(&srl, secret, secsize) != secsize) return -2;
+       if (serial_put(&srl, payload, paysize) != paysize) return -3;
        if (hash(data, serial_size(&srl), datahash, &datahashsize))
-               return -1;
+               return -4;
        if (serial_put(&srl, datahash, datahashsize) != datahashsize)
-               return -1;
-       if (serial_put(&srl, NULL, 0) != 0) return -1;
+               return -5;
+       if (serial_put(&srl, NULL, 0) != 0) return -6;
        datasize = ((serial_size(&srl) -1) / CBLKSIZE + 1) * CBLKSIZE;
 
-       hmacdatasize = ((strlen(id) + strlen(pass) + strlen(nonce) +
+       challengesize = ((strlen(id) + strlen(pass) + strlen(nonce) +
                        4 * sizeof(short) - 1) / CBLKSIZE + 1) * CBLKSIZE;
-       hmacdata = alloca(hmacdatasize);
-       if (serial_init(&srl, hmacdata, hmacdatasize)) return -1;
-       if (serial_put(&srl, id, strlen(id)) != strlen(id)) return -1;
-       if (serial_put(&srl, pass, strlen(pass)) != strlen(pass)) return -1;
-       if (serial_put(&srl, nonce, strlen(nonce)) != strlen(nonce)) return -1;
-       if (serial_put(&srl, NULL, 0) != 0) return -1;
-       hmacdatasize = ((serial_size(&srl) -1) / CBLKSIZE + 1) * CBLKSIZE;
+       challenge = alloca(challengesize);
+       if (make_challenge(id, pass, nonce, challenge, &challengesize))
+               return -7;
 
-       if (hmac(secret, secsize, hmacdata, hmacdatasize,
-               key, &keysize)) return -1;
+       if (hmac(secret, secsize, challenge, challengesize,
+               key, &keysize)) return -8;
 
-       if (*bufsize < datasize) return -1;
+       if (*bufsize < datasize) return -9;
+       if (encrypt(key, CBLKSIZE, data, buffer, datasize)) return -10;
        *bufsize = datasize;
-       if (encrypt(key, keysize, data, buffer, datasize)) return -1;
 
        return 0;
 }
 
-int parse_authobj(const unsigned char *hmacdata, const int hmacdatasize,
+int parse_authobj(const unsigned char *key, const int keysize,
                const unsigned char *buffer, const int bufsize,
                unsigned char *secret, int *secsize,
                unsigned char *payload, int *paysize)
@@ -70,19 +80,20 @@ int parse_authobj(const unsigned char *hmacdata, const int hmacdatasize,
        unsigned char theirhash[HASHSIZE];
        int theirhashsize = HASHSIZE;
 
-       if (decrypt(hmacdata, hmacdatasize, buffer, data, datasize))
+       if (decrypt(key, CBLKSIZE, buffer, data, datasize))
                return -1;
-       if (serial_init(&srl, data, datasize)) return -1;
+       if (serial_init(&srl, data, datasize)) return -2;
        tsize = *secsize;
-       if ((*secsize = serial_get(&srl, secret, tsize)) > tsize) return -1;
+       *secsize = serial_get(&srl, secret, tsize);
+       if (*secsize > tsize || *secsize <= 0) return -3;
        tsize = *paysize;
-       if ((*paysize = serial_get(&srl, payload, tsize)) > tsize) return -1;
-       if (hash(data, serial_size(&srl), myhash, &myhashsize))
-               return -1;
-       if ((theirhashsize = serial_get(&srl, theirhash, theirhashsize)) != HASHSIZE)
-               return -1;
+       *paysize = serial_get(&srl, payload, tsize);
+       if (*paysize > tsize || *paysize <= 0) return -4;
+       if (hash(data, serial_size(&srl), myhash, &myhashsize)) return -5;
+       theirhashsize = serial_get(&srl, theirhash, theirhashsize);
+       if (theirhashsize != HASHSIZE) return -6;
        if ((myhashsize != theirhashsize) ||
                                memcmp(myhash, theirhash, myhashsize))
-               return -1;
+               return -7;
        return 0;
 }