X-Git-Url: http://www.average.org/gitweb/?p=pam_pcsc_cr.git;a=blobdiff_plain;f=authobj.c;h=2b774abccae724298d35666d94d9fd83ebbf1f7b;hp=ec929071a7c723a02bb71786c8464f3f3f4b6fc3;hb=4a5da38dfd8b0236564ffe6b70eab1eeb399fff0;hpb=8e164eeff8c7d7f08b473d37ebb01093f574d6a2 diff --git a/authobj.c b/authobj.c index ec92907..2b774ab 100644 --- a/authobj.c +++ b/authobj.c @@ -8,6 +8,24 @@ #include "crypto.h" #include "authobj.h" +int make_challenge(const char *id, const char *pass, const char *nonce, + unsigned char *challenge, int *challengesize) +{ + serializer_t srl; + + serial_init(&srl, challenge, *challengesize); + if (serial_put(&srl, id, strlen(id)) != strlen(id)) + return aoe_serial; + if (serial_put(&srl, pass, strlen(pass)) != strlen(pass)) + return aoe_serial; + if (serial_put(&srl, nonce, strlen(nonce)) != strlen(nonce)) + return aoe_serial; + if (serial_put(&srl, NULL, 0) != 0) + return aoe_serial; + *challengesize = serial_size(&srl); + return 0; +} + int make_authobj(const char *id, const char *pass, const char *nonce, const unsigned char *secret, const int secsize, const unsigned char *payload, const int paysize, @@ -17,8 +35,8 @@ int make_authobj(const char *id, const char *pass, const char *nonce, int datasize; unsigned char datahash[HASHSIZE]; int datahashsize = HASHSIZE; - unsigned char *hmacdata; - int hmacdatasize; + unsigned char *challenge; + int challengesize; unsigned char key[HASHSIZE]; int keysize = HASHSIZE; serializer_t srl; @@ -26,37 +44,33 @@ int make_authobj(const char *id, const char *pass, const char *nonce, datasize = ((secsize + paysize + HASHSIZE * 4 * sizeof(short) - 1) / CBLKSIZE + 1) * CBLKSIZE; data = alloca(datasize); - if (serial_init(&srl, data, datasize)) return -1; - if (serial_put(&srl, secret, secsize) != secsize) return -1; - if (serial_put(&srl, payload, paysize) != paysize) return -1; + serial_init(&srl, data, datasize); + if (serial_put(&srl, secret, secsize) != secsize) return aoe_serial; + if (serial_put(&srl, payload, paysize) != paysize) return aoe_serial; if (hash(data, serial_size(&srl), datahash, &datahashsize)) - return -1; + return aoe_size; if (serial_put(&srl, datahash, datahashsize) != datahashsize) - return -1; - if (serial_put(&srl, NULL, 0) != 0) return -1; + return aoe_serial; + if (serial_put(&srl, NULL, 0) != 0) return aoe_serial; datasize = ((serial_size(&srl) -1) / CBLKSIZE + 1) * CBLKSIZE; - hmacdatasize = ((strlen(id) + strlen(pass) + strlen(nonce) + + challengesize = ((strlen(id) + strlen(pass) + strlen(nonce) + 4 * sizeof(short) - 1) / CBLKSIZE + 1) * CBLKSIZE; - hmacdata = alloca(hmacdatasize); - if (serial_init(&srl, hmacdata, hmacdatasize)) return -1; - if (serial_put(&srl, id, strlen(id)) != strlen(id)) return -1; - if (serial_put(&srl, pass, strlen(pass)) != strlen(pass)) return -1; - if (serial_put(&srl, nonce, strlen(nonce)) != strlen(nonce)) return -1; - if (serial_put(&srl, NULL, 0) != 0) return -1; - hmacdatasize = ((serial_size(&srl) -1) / CBLKSIZE + 1) * CBLKSIZE; + challenge = alloca(challengesize); + if (make_challenge(id, pass, nonce, challenge, &challengesize)) + return aoe_serial; - if (hmac(secret, secsize, hmacdata, hmacdatasize, - key, &keysize)) return -1; + if (hmac(secret, secsize, challenge, challengesize, + key, &keysize)) return aoe_crypt; - if (*bufsize < datasize) return -1; + if (*bufsize < datasize) return aoe_size; + if (encrypt(key, CBLKSIZE, data, buffer, datasize)) return aoe_crypt; *bufsize = datasize; - if (encrypt(key, keysize, data, buffer, datasize)) return -1; return 0; } -int parse_authobj(const unsigned char *hmacdata, const int hmacdatasize, +int parse_authobj(const unsigned char *key, const int keysize, const unsigned char *buffer, const int bufsize, unsigned char *secret, int *secsize, unsigned char *payload, int *paysize) @@ -70,19 +84,21 @@ int parse_authobj(const unsigned char *hmacdata, const int hmacdatasize, unsigned char theirhash[HASHSIZE]; int theirhashsize = HASHSIZE; - if (decrypt(hmacdata, hmacdatasize, buffer, data, datasize)) - return -1; - if (serial_init(&srl, data, datasize)) return -1; + if (decrypt(key, CBLKSIZE, buffer, data, datasize)) + return aoe_crypt; + serial_init(&srl, data, datasize); tsize = *secsize; - if ((*secsize = serial_get(&srl, secret, tsize)) > tsize) return -1; + *secsize = serial_get(&srl, secret, tsize); + if (*secsize > tsize || *secsize <= 0) return aoe_serial; tsize = *paysize; - if ((*paysize = serial_get(&srl, payload, tsize)) > tsize) return -1; + *paysize = serial_get(&srl, payload, tsize); + if (*paysize > tsize || *paysize <= 0) return aoe_serial; if (hash(data, serial_size(&srl), myhash, &myhashsize)) - return -1; - if ((theirhashsize = serial_get(&srl, theirhash, theirhashsize)) != HASHSIZE) - return -1; + return aoe_crypt; + theirhashsize = serial_get(&srl, theirhash, theirhashsize); + if (theirhashsize != HASHSIZE) return aoe_data; if ((myhashsize != theirhashsize) || - memcmp(myhash, theirhash, myhashsize)) - return -1; + memcmp(myhash, theirhash, myhashsize)) + return aoe_data; return 0; }