X-Git-Url: http://www.average.org/gitweb/?p=pam_pcsc_cr.git;a=blobdiff_plain;f=authobj.c;fp=authobj.c;h=ec929071a7c723a02bb71786c8464f3f3f4b6fc3;hp=0000000000000000000000000000000000000000;hb=8e164eeff8c7d7f08b473d37ebb01093f574d6a2;hpb=0e1a2e8a78cb806312813c7c944660cdb63233b7

diff --git a/authobj.c b/authobj.c
new file mode 100644
index 0000000..ec92907
--- /dev/null
+++ b/authobj.c
@@ -0,0 +1,88 @@
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+#include <stdio.h>
+#include <string.h>
+#include <alloca.h>
+#include "serial.h"
+#include "crypto.h"
+#include "authobj.h"
+
+int make_authobj(const char *id, const char *pass, const char *nonce,
+		const unsigned char *secret, const int secsize,
+		const unsigned char *payload, const int paysize,
+		unsigned char *buffer, int *bufsize)
+{
+	unsigned char *data;
+	int datasize;
+	unsigned char datahash[HASHSIZE];
+	int datahashsize = HASHSIZE;
+	unsigned char *hmacdata;
+	int hmacdatasize;
+	unsigned char key[HASHSIZE];
+	int keysize = HASHSIZE;
+	serializer_t srl;
+
+	datasize = ((secsize + paysize + HASHSIZE * 4 * sizeof(short) - 1) /
+			CBLKSIZE + 1) * CBLKSIZE;
+	data = alloca(datasize);
+	if (serial_init(&srl, data, datasize)) return -1;
+	if (serial_put(&srl, secret, secsize) != secsize) return -1;
+	if (serial_put(&srl, payload, paysize) != paysize) return -1;
+	if (hash(data, serial_size(&srl), datahash, &datahashsize))
+		return -1;
+	if (serial_put(&srl, datahash, datahashsize) != datahashsize)
+		return -1;
+	if (serial_put(&srl, NULL, 0) != 0) return -1;
+	datasize = ((serial_size(&srl) -1) / CBLKSIZE + 1) * CBLKSIZE;
+
+	hmacdatasize = ((strlen(id) + strlen(pass) + strlen(nonce) +
+			4 * sizeof(short) - 1) / CBLKSIZE + 1) * CBLKSIZE;
+	hmacdata = alloca(hmacdatasize);
+	if (serial_init(&srl, hmacdata, hmacdatasize)) return -1;
+	if (serial_put(&srl, id, strlen(id)) != strlen(id)) return -1;
+	if (serial_put(&srl, pass, strlen(pass)) != strlen(pass)) return -1;
+	if (serial_put(&srl, nonce, strlen(nonce)) != strlen(nonce)) return -1;
+	if (serial_put(&srl, NULL, 0) != 0) return -1;
+	hmacdatasize = ((serial_size(&srl) -1) / CBLKSIZE + 1) * CBLKSIZE;
+
+	if (hmac(secret, secsize, hmacdata, hmacdatasize,
+		key, &keysize)) return -1;
+
+	if (*bufsize < datasize) return -1;
+	*bufsize = datasize;
+	if (encrypt(key, keysize, data, buffer, datasize)) return -1;
+
+	return 0;
+}
+
+int parse_authobj(const unsigned char *hmacdata, const int hmacdatasize,
+		const unsigned char *buffer, const int bufsize,
+		unsigned char *secret, int *secsize,
+		unsigned char *payload, int *paysize)
+{
+	int datasize = bufsize;
+	unsigned char *data = alloca(datasize);
+	serializer_t srl;
+	int tsize;
+	unsigned char myhash[HASHSIZE];
+	int myhashsize = HASHSIZE;
+	unsigned char theirhash[HASHSIZE];
+	int theirhashsize = HASHSIZE;
+
+	if (decrypt(hmacdata, hmacdatasize, buffer, data, datasize))
+		return -1;
+	if (serial_init(&srl, data, datasize)) return -1;
+	tsize = *secsize;
+	if ((*secsize = serial_get(&srl, secret, tsize)) > tsize) return -1;
+	tsize = *paysize;
+	if ((*paysize = serial_get(&srl, payload, tsize)) > tsize) return -1;
+	if (hash(data, serial_size(&srl), myhash, &myhashsize))
+		return -1;
+	if ((theirhashsize = serial_get(&srl, theirhash, theirhashsize)) != HASHSIZE)
+		return -1;
+	if ((myhashsize != theirhashsize) ||
+				memcmp(myhash, theirhash, myhashsize))
+		return -1;
+	return 0;
+}