serializer_t srl;
if (serial_init(&srl, challenge, *challengesize)) return -1;
- if (serial_put(&srl, id, strlen(id)) != strlen(id)) return -1;
- if (serial_put(&srl, pass, strlen(pass)) != strlen(pass)) return -1;
- if (serial_put(&srl, nonce, strlen(nonce)) != strlen(nonce)) return -1;
- if (serial_put(&srl, NULL, 0) != 0) return -1;
- *challengesize = ((serial_size(&srl) -1) / CBLKSIZE + 1) * CBLKSIZE;
+ if (serial_put(&srl, id, strlen(id)) != strlen(id)) return -2;
+ if (serial_put(&srl, pass, strlen(pass)) != strlen(pass)) return -3;
+ if (serial_put(&srl, nonce, strlen(nonce)) != strlen(nonce)) return -4;
+ if (serial_put(&srl, NULL, 0) != 0) return -5;
+ *challengesize = serial_size(&srl);
return 0;
}
CBLKSIZE + 1) * CBLKSIZE;
data = alloca(datasize);
if (serial_init(&srl, data, datasize)) return -1;
- if (serial_put(&srl, secret, secsize) != secsize) return -1;
- if (serial_put(&srl, payload, paysize) != paysize) return -1;
+ if (serial_put(&srl, secret, secsize) != secsize) return -2;
+ if (serial_put(&srl, payload, paysize) != paysize) return -3;
if (hash(data, serial_size(&srl), datahash, &datahashsize))
- return -1;
+ return -4;
if (serial_put(&srl, datahash, datahashsize) != datahashsize)
- return -1;
- if (serial_put(&srl, NULL, 0) != 0) return -1;
+ return -5;
+ if (serial_put(&srl, NULL, 0) != 0) return -6;
datasize = ((serial_size(&srl) -1) / CBLKSIZE + 1) * CBLKSIZE;
challengesize = ((strlen(id) + strlen(pass) + strlen(nonce) +
4 * sizeof(short) - 1) / CBLKSIZE + 1) * CBLKSIZE;
challenge = alloca(challengesize);
if (make_challenge(id, pass, nonce, challenge, &challengesize))
- return -1;
+ return -7;
if (hmac(secret, secsize, challenge, challengesize,
- key, &keysize)) return -1;
-#if 0
- int i;
- for (i = 0; i < keysize; i++) printf(", 0x%02x", key[i]);
- printf("\n");
-#endif
+ key, &keysize)) return -8;
- if (*bufsize < datasize) return -1;
+ if (*bufsize < datasize) return -9;
+ if (encrypt(key, CBLKSIZE, data, buffer, datasize)) return -10;
*bufsize = datasize;
- if (encrypt(key, CBLKSIZE, data, buffer, datasize)) return -1;
return 0;
}
if (decrypt(key, CBLKSIZE, buffer, data, datasize))
return -1;
- if (serial_init(&srl, data, datasize)) return -1;
+ if (serial_init(&srl, data, datasize)) return -2;
tsize = *secsize;
- if ((*secsize = serial_get(&srl, secret, tsize)) > tsize) return -1;
+ *secsize = serial_get(&srl, secret, tsize);
+ if (*secsize > tsize || *secsize <= 0) return -3;
tsize = *paysize;
- if ((*paysize = serial_get(&srl, payload, tsize)) > tsize) return -1;
- if (hash(data, serial_size(&srl), myhash, &myhashsize))
- return -1;
- if ((theirhashsize = serial_get(&srl, theirhash, theirhashsize)) != HASHSIZE)
- return -1;
+ *paysize = serial_get(&srl, payload, tsize);
+ if (*paysize > tsize || *paysize <= 0) return -4;
+ if (hash(data, serial_size(&srl), myhash, &myhashsize)) return -5;
+ theirhashsize = serial_get(&srl, theirhash, theirhashsize);
+ if (theirhashsize != HASHSIZE) return -6;
if ((myhashsize != theirhashsize) ||
memcmp(myhash, theirhash, myhashsize))
- return -1;
+ return -7;
return 0;
}
int serial_put(serializer_t *srl, const void *item, int size)
{
int left = srl->bufsize - (srl->cursor - srl->buffer);
+
if (left < size + sizeof(short)) return left - sizeof(short);
*((short *)srl->cursor) = size;
- srl->cursor += 2;
+ srl->cursor += sizeof(short);
if (size) memcpy(srl->cursor, item, size);
srl->cursor += size;
return size;
int serial_get(serializer_t *srl, void *item, int bufsize)
{
+ int left = srl->bufsize - (srl->cursor - srl->buffer);
short isize = *((short *)srl->cursor);
- if (isize > bufsize || isize == 0) return isize;
+
+ if (isize > bufsize) return isize;
+ if (isize + sizeof(short) > left) return -1;
srl->cursor += sizeof(short);
- memcpy(item, srl->cursor, isize);
+ if (isize) memcpy(item, srl->cursor, isize);
srl->cursor += isize;
return isize;
}
#include <stdio.h>
#include <string.h>
#include "authobj.h"
+#include "crypto.h"
int main(int argc, char *argv[])
{
const char *id = "testuser";
const char *pass = "testpassword";
const char *nonce = "1";
- const unsigned char secret[] = {0x52, 0xf3, 0xbe, 0x1f, 0x3e,
- 0x22, 0xa8, 0xee, 0xdf, 0x10,
- 0x86, 0xf2, 0x17, 0xd7, 0x21,
- 0x9d, 0x08, 0x14, 0x48, 0x38};
+ const unsigned char secret[] = {0xb4, 0x62, 0xf2, 0x60, 0x87,
+ 0x78, 0x16, 0x87, 0xde, 0xce,
+ 0x80, 0x09, 0x24, 0x0b, 0x93,
+ 0xfc, 0xa0, 0xfc, 0x56, 0x56};
const unsigned char *payload = (unsigned char *)
"To authorize or not to authorize?";
- unsigned char authobj[512];
+ unsigned char authobj[128];
int authsize = sizeof(authobj);
unsigned char challenge[128];
int challengesize = sizeof(challenge);
int rc;
- const unsigned char key[] = {0xcc, 0x21, 0xaa, 0xb7, 0xf5,
- 0x76, 0xd6, 0xe7, 0xed, 0x90,
- 0x69, 0x51, 0x3d, 0x9b, 0x3a,
- 0x9d, 0xa8, 0xcf, 0xf9, 0x2f};
+ unsigned char key[20];
+ int keysize = sizeof(key);
unsigned char newsecret[20];
int newsecsize = sizeof(newsecret);
unsigned char newload[128];
rc = make_challenge(id, pass, nonce, challenge, &challengesize);
printf("make_challenge() rc=%d size=%d\n", rc, challengesize);
if (rc) return rc;
+ rc = hmac(secret, sizeof(secret), challenge, challengesize,
+ &key, &keysize);
+ printf("hmac(secret, challenge) rc=%d new_key_size=%d\n",
+ rc, keysize);
+ if (rc) return rc;
rc = parse_authobj(key, sizeof(key), authobj, authsize,
newsecret, &newsecsize, newload, &newloadsize);
projects / pam_pcsc_cr.git / commitdiff