X-Git-Url: http://www.average.org/gitweb/?p=pam_pcsc_cr.git;a=blobdiff_plain;f=test_auth.c;h=af9e885259cbce53b95fca1bc2cb33360db0f712;hp=0251b47f29e33962892c45556f7c1074e162ac5c;hb=0262298f8fc324fb4a1577f0c205bdf339ded782;hpb=f58e5aa7a6302c73e94f4cb5f5d8a3cbc199e0b3 diff --git a/test_auth.c b/test_auth.c index 0251b47..af9e885 100644 --- a/test_auth.c +++ b/test_auth.c @@ -1,53 +1,97 @@ #include #include +#include #include "authobj.h" #include "crypto.h" +#include "pcsc_cr.h" + +unsigned char secret[] = { + 0xb4, 0x62, 0xf2, 0x60, 0x87, 0x78, 0x16, 0x87, 0xde, 0xce, + 0x80, 0x09, 0x24, 0x0b, 0x93, 0xfc, 0xa0, 0xfc, 0x56, 0x56 +}; + +static struct _auth_chunk +conjure_key(const unsigned char *challenge, const int challengesize) +{ + struct _auth_chunk ho = {0}; + long rc; + int keysize = sizeof(ho.data); + + if ((rc = hmac(secret, sizeof(secret), challenge, challengesize, + &ho.data, &keysize))) { + ho.err = crypto_errstr(rc); + } else if (keysize != sizeof(ho.data)) { + ho.err = "make_key: hash size is wrong"; + } + return ho; +} + +static struct _auth_chunk +token_key(const unsigned char *challenge, const int challengesize) +{ + struct _auth_chunk ho = {0}; + long rc; + int keysize = sizeof(ho.data); + + if ((rc = pcsc_cr(challenge, challengesize, ho.data, &keysize))) { + ho.err = pcsc_errstr(rc); + } + return ho; +} int main(int argc, char *argv[]) { const char *id = "testuser"; const char *pass = "testpassword"; const char *nonce = "1"; - const unsigned char secret[] = {0xb4, 0x62, 0xf2, 0x60, 0x87, - 0x78, 0x16, 0x87, 0xde, 0xce, - 0x80, 0x09, 0x24, 0x0b, 0x93, - 0xfc, 0xa0, 0xfc, 0x56, 0x56}; const unsigned char *payload = (unsigned char *) "To authorize or not to authorize?"; - unsigned char authobj[128]; - int authsize = sizeof(authobj); - unsigned char challenge[128]; - int challengesize = sizeof(challenge); - int rc; - unsigned char key[20]; - int keysize = sizeof(key); - unsigned char newsecret[20]; - int newsecsize = sizeof(newsecret); - unsigned char newload[128]; - int newloadsize=sizeof(newload); - - rc = make_authobj(id, pass, nonce, secret, sizeof(secret), + int i; + struct _auth_obj ao; + struct _auth_obj nao; + struct _auth_chunk (*fetch_key)(const unsigned char *challenge, + const int challengesize); + + if (argc == 2 && strlen(argv[1]) == 40 && + strspn(argv[1], "0123456789abcdefABCDEF") == 40) { + for (i = 0; i < sizeof(secret); i++) + sscanf(&argv[1][i*2], "%2hhx", &secret[i]); + fetch_key = token_key; + } else { + fetch_key = conjure_key; + } + + ao = authobj(id, pass, NULL, nonce, secret, sizeof(secret), payload, strlen((char *)payload), - authobj, &authsize); - printf("make_authobj() rc=%d size=%d\n", rc, authsize); - if (rc) return rc; - - rc = make_challenge(id, pass, nonce, challenge, &challengesize); - printf("make_challenge() rc=%d size=%d\n", rc, challengesize); - if (rc) return rc; - rc = hmac(secret, sizeof(secret), challenge, challengesize, - &key, &keysize); - printf("hmac(secret, challenge) rc=%d new_key_size=%d\n", - rc, keysize); - if (rc) return rc; - - rc = parse_authobj(key, sizeof(key), authobj, authsize, - newsecret, &newsecsize, newload, &newloadsize); - printf("parse_authobj() rc=%d secretsize=%d payload=\"%.*s\" (%d)\n", - rc, newsecsize, newloadsize, newload, newloadsize); - if (memcmp(secret, newsecret, newsecsize)) { - printf("extracted secret does not match\n"); - return -1; + NULL, 0, NULL); + printf("new_authobj err=%s\n", ao.err?ao.err:""); + printf("data(%d):", ao.datasize); + for (i = 0; i < ao.datasize; i++) printf(" %02x", ao.data[i]); + printf("\npayload(%d): \"%.*s\"\n", ao.paylsize, ao.paylsize, + ao.payload?(char*)ao.payload:""); + if (ao.err) { + if (ao.buffer) free(ao.buffer); + return 1; } + + nao = authobj(id, pass, nonce, nonce, NULL, 0, NULL, 0, + ao.data, ao.datasize, fetch_key); + printf("verify_authobj err=%s\n", nao.err?nao.err:""); + printf("data(%d):", nao.datasize); + for (i = 0; i < nao.datasize; i++) printf(" %02x", nao.data[i]); + printf("\npayload(%d): \"%.*s\"\n", nao.paylsize, nao.paylsize, + nao.payload?(char*)nao.payload:""); + if (nao.err) { + if (nao.buffer) free(nao.buffer); + return 1; + } + if (ao.paylsize != nao.paylsize || + memcmp(ao.payload, nao.payload, ao.paylsize)) { + printf("payload does not match"); + return 1; + } + + if (ao.buffer) free(ao.buffer); + if (nao.buffer) free(nao.buffer); return 0; }