X-Git-Url: http://www.average.org/gitweb/?p=pam_pcsc_cr.git;a=blobdiff_plain;f=authobj.c;h=b402094df224cd13651227c15e47bb9184976343;hp=d6f4f09212ec918e180338de6fdede073eadf096;hb=d22113b275de00c81f31641700f63be826f929dd;hpb=930c02fb520924fcd7a1a11a5a29ebba9abd19c6

diff --git a/authobj.c b/authobj.c
index d6f4f09..b402094 100644
--- a/authobj.c
+++ b/authobj.c
@@ -1,13 +1,36 @@
+/*
+Copyright (c) 2013 Eugene Crosser
+
+This software is provided 'as-is', without any express or implied
+warranty. In no event will the authors be held liable for any damages
+arising from the use of this software.
+
+Permission is granted to anyone to use this software for any purpose,
+including commercial applications, and to alter it and redistribute it
+freely, subject to the following restrictions:
+
+    1. The origin of this software must not be misrepresented; you must
+    not claim that you wrote the original software. If you use this
+    software in a product, an acknowledgment in the product documentation
+    would be appreciated but is not required.
+
+    2. Altered source versions must be plainly marked as such, and must
+    not be misrepresented as being the original software.
+
+    3. This notice may not be removed or altered from any source
+    distribution.
+*/
+
 #ifdef HAVE_CONFIG_H
 # include "config.h"
 #endif
 #include <stdio.h>
 #include <string.h>
+#include <stdlib.h>
 #include <alloca.h>
 #include "serial.h"
 #include "crypto.h"
 #include "authobj.h"
-#include "pcsc_cr.h"
 
 static struct _auth_chunk
 make_challenge(const char *uid, const char *pass, const char *nonce)
@@ -42,7 +65,7 @@ make_challenge(const char *uid, const char *pass, const char *nonce)
 }
 
 static struct _auth_chunk
-make_key(const unsigned char *challenge, const int challengesize,
+new_key(const unsigned char *challenge, const int challengesize,
 	const unsigned char *secret, const int secsize)
 {
 	struct _auth_chunk ho = {0};
@@ -58,8 +81,37 @@ make_key(const unsigned char *challenge, const int challengesize,
 	return ho;
 }
 
+static struct _auth_chunk
+make_key(const char *userid, const char *password, const char *nonce,
+	const unsigned char *secret, const int secsize,
+	struct _auth_chunk (*fetch_key)(const unsigned char *chal,
+					const int csize))
+{
+	struct _auth_chunk ho_chal, ho_key = {0};
+
+	if (!userid || !password || !nonce) {
+		ho_key.err = "make_key: missing uid, pass or nonce";
+		return ho_key;
+	}
+	ho_chal = make_challenge(userid, password, nonce);
+	if (ho_chal.err) {
+		ho_key.err = ho_chal.err;
+		return ho_key;
+	}
+	if (secret && secsize) {
+		ho_key = new_key(ho_chal.data, sizeof(ho_chal.data),
+				secret, secsize);
+	} else if (fetch_key) {
+		ho_key = (*fetch_key)(ho_chal.data, sizeof(ho_chal.data));
+	} else {
+		ho_key.err = "make_key: neither secret nor fetch_key present";
+	}
+	memset(&ho_chal, 0, sizeof(ho_chal));
+	return ho_key;
+}
+
 static struct _auth_obj
-make_authobj(char *userid, char *password, char *nonce,
+make_authobj(const char *userid, const char *password, const char *nonce,
 		const unsigned char *secret, const int secsize,
 		const unsigned char *payload, const int paylsize)
 {
@@ -71,17 +123,13 @@ make_authobj(char *userid, char *password, char *nonce,
 	int datahashsize = HASHSIZE;
 	serializer_t srl;
 
-	if (keysize < CBLKSIZE) {
-		ao.err = "make authobj: key too short";
-		return ao;
-	}
-	datasize = ((secsize + paysize + HASHSIZE + 4 * sizeof(short) - 1) /
+	datasize = ((secsize + paylsize + HASHSIZE + 4 * sizeof(short) - 1) /
 			CBLKSIZE + 1) * CBLKSIZE;
 	data = alloca(datasize);
 	serial_init(&srl, data, datasize);
 	if (serial_put(&srl, secret, secsize) != secsize) {
 		ao.err = "authobj: serialization of secret failed";
-	} else if (serial_put(&srl, payload, paysize) != paysize) {
+	} else if (serial_put(&srl, payload, paylsize) != paylsize) {
 		ao.err = "authobj: serialization of payload failed";
 	} else if ((rc = hash(data, serial_size(&srl),
 				datahash, &datahashsize))) {
@@ -90,35 +138,38 @@ make_authobj(char *userid, char *password, char *nonce,
 		ao.err = "authobj: serialization of hash failed";
 	} else if (serial_put(&srl, NULL, 0) != 0) {
 		ao.err = "authobj: serialization of terminator failed";
-	}
-
-	if (!ao.err) {
+	} else {
 		unsigned long lrc;
 		int osize = ((serial_size(&srl) -1) / CBLKSIZE + 1) * CBLKSIZE;
+		struct _auth_chunk ho_key;
 
-		if ((ao.buffer = malloc(osize + paysize)) == NULL) {
+		ho_key = make_key(userid, password, nonce,
+					secret, secsize, NULL);
+		if (ho_key.err) {
+			ao.err = ho_key.err;
+		} else if ((ao.buffer = malloc(osize + paylsize)) == NULL) {
 			ao.err = "make authobj: malloc failed";
-		} else if ((lrc = encrypt(key, CBLKSIZE, data,
+		} else if ((lrc = encrypt(ho_key.data, CBLKSIZE, data,
 					ao.buffer, osize))) {
 			ao.err = crypto_errstr(lrc);
 		} else {
 			ao.data = ao.buffer;
 			ao.datasize = osize;
-			if (payload && paysize) {
+			if (payload && paylsize) {
 				/* payload passthrough */
 				ao.payload = ao.data + osize;
-				memcpy(ao.payload, payload, paysize);
-				ao.paylsize = paysize;
+				memcpy(ao.payload, payload, paylsize);
+				ao.paylsize = paylsize;
 			}
 		}
+		memset(&ho_key, 0, sizeof(ho_key));
 	}
-
 	memset(data, 0, datasize);
 	return ao;
 }
 
 static struct _auth_obj
-parse_authobj(char *userid, char *password, char *nonce,
+parse_authobj(const char *userid, const char *password, const char *nonce,
 		const unsigned char *secret, const int secsize,
 		const unsigned char *ablob, const int blobsize,
 		struct _auth_chunk (*fetch_key)(const unsigned char *chal,
@@ -126,12 +177,15 @@ parse_authobj(char *userid, char *password, char *nonce,
 {
 	unsigned long rc;
 	struct _auth_obj ao = {0};
+	struct _auth_chunk ho_key;
 
-	if (keysize < CBLKSIZE) {
-		ao.err = "parse authobj: key too short";
-	} else if ((ao.buffer = malloc(bufsize)) == NULL) {
+	ho_key = make_key(userid, password, nonce, secret, secsize, fetch_key);
+	if (ho_key.err) {
+		ao.err = ho_key.err;
+	} else if ((ao.buffer = malloc(blobsize)) == NULL) {
 		ao.err = "parse authobj: malloc failed";
-	} else if ((rc = decrypt(key, CBLKSIZE, buffer, ao.buffer, bufsize))) {
+	} else if ((rc = decrypt(ho_key.data, CBLKSIZE,
+				ablob, ao.buffer, blobsize))) {
 		ao.err = crypto_errstr(rc);
 	} else {
 		serializer_t srl;
@@ -141,7 +195,7 @@ parse_authobj(char *userid, char *password, char *nonce,
 		int theirhsize;
 		unsigned long rc;
 
-		serial_init(&srl, ao.buffer, bufsize);
+		serial_init(&srl, ao.buffer, blobsize);
 		if (serial_get(&srl, (void**)&ao.data, &ao.datasize)) {
 			ao.err = "mismatch: impossible secret";
 		} else if (serial_get(&srl, (void**)&ao.payload, &ao.paylsize)) {
@@ -158,6 +212,7 @@ parse_authobj(char *userid, char *password, char *nonce,
 			ao.err = "mismatch: different hash";
 		}
 	}
+	memset(&ho_key, 0, sizeof(ho_key));
 	return ao;
 }
 
@@ -169,11 +224,11 @@ struct _auth_obj authobj(const char *userid, const char *password,
 		struct _auth_chunk (*fetch_key)(const unsigned char *chal,
 						const int csize))
 {
-	unsigned char *wsecret;
+	const unsigned char *wsecret;
 	int wsecsize;
-	unsigned char *wpayload;
+	const unsigned char *wpayload;
 	int wpaylsize;
-	struct _auth_obj old_ao;
+	struct _auth_obj old_ao = {0};
 	struct _auth_obj new_ao = {0};
 
 	if (!secret || !secsize || !payload) {
@@ -209,52 +264,10 @@ struct _auth_obj authobj(const char *userid, const char *password,
 
 
 	new_ao = make_authobj(userid, password, newnonce,
-				wsecret, wsecsize, wpayload, wpaysize);
+				wsecret, wsecsize, wpayload, wpaylsize);
 
 	if (old_ao.data) memset(old_ao.data, 0, old_ao.datasize);
 	if (old_ao.payload) memset(old_ao.payload, 0, old_ao.paylsize);
 	if (old_ao.buffer) free(old_ao.buffer);
 	return new_ao;
 }
-
-void dummy() {
-	struct _auth_chunk ho_chal, ho_key;
-
-	ho_chal = make_challenge(userid, password, oldnonce);
-	if (ho_chal.err) {
-		new_ao.err = ho_chal.err;
-		return new_ao;
-	}
-	ho_key = (*fetch_key)(ho_chal.hash, sizeof(ho_chal.hash));
-	memset(&ho_chal, 0, sizeof(ho_chal));
-	if (ho_key.err) {
-		new_ao.err = ho_key.err;
-		return new_ao;
-	}
-	old_ao = parse_authobj(ho_key.hash, sizeof(ho_key.hash),
-				authobj, authsize);
-	memset(&ho_key, 0, sizeof(ho_key));
-	if (old_ao.err) {
-		new_ao.err = old_ao.err;
-		if (old_ao.buffer) free(old_ao.buffer);
-		return new_ao;
-	}
-
-	ho_chal = make_challenge(userid, password, newnonce);
-	if (ho_chal.err) {
-		new_ao.err = ho_chal.err;
-		return new_ao;
-	}
-	ho_key = make_key(ho_chal.hash, sizeof(ho_chal.hash),
-				old_ao.data, old_ao.datasize);
-	memset(&ho_chal, 0, sizeof(ho_chal));
-	if (ho_key.err) {
-		new_ao.err = ho_key.err;
-		return new_ao;
-	}
-	new_ao = make_authobj(ho_key.hash, sizeof(ho_key.hash),
-			old_ao.data, old_ao.datasize,
-			old_ao.payload, old_ao.paylsize);
-	memset(&ho_key, 0, sizeof(ho_key));
-
-}