- int datasize = bufsize;
- unsigned char *data = alloca(datasize);
- serializer_t srl;
- int tsize;
- unsigned char myhash[HASHSIZE];
- int myhashsize = HASHSIZE;
- unsigned char theirhash[HASHSIZE];
- int theirhashsize = HASHSIZE;
-
- if (decrypt(hmacdata, hmacdatasize, buffer, data, datasize))
- return -1;
- if (serial_init(&srl, data, datasize)) return -1;
- tsize = *secsize;
- if ((*secsize = serial_get(&srl, secret, tsize)) > tsize) return -1;
- tsize = *paysize;
- if ((*paysize = serial_get(&srl, payload, tsize)) > tsize) return -1;
- if (hash(data, serial_size(&srl), myhash, &myhashsize))
- return -1;
- if ((theirhashsize = serial_get(&srl, theirhash, theirhashsize)) != HASHSIZE)
- return -1;
- if ((myhashsize != theirhashsize) ||
- memcmp(myhash, theirhash, myhashsize))
- return -1;
- return 0;
+ unsigned long rc;
+ struct _auth_obj ao = {0};
+
+ if (keysize < CBLKSIZE) {
+ ao.err = "parse authobj: key too short";
+ } else if ((ao.buffer = malloc(bufsize)) == NULL) {
+ ao.err = "parse authobj: malloc failed";
+ } else if ((rc = decrypt(key, CBLKSIZE, buffer, ao.buffer, bufsize))) {
+ ao.err = crypto_errstr(rc);
+ } else {
+ serializer_t srl;
+ unsigned char myhash[HASHSIZE];
+ int myhsize = HASHSIZE;
+ unsigned char *theirhash;
+ int theirhsize;
+ unsigned long rc;
+
+ serial_init(&srl, ao.buffer, bufsize);
+ if (serial_get(&srl, (void**)&ao.data, &ao.datasize)) {
+ ao.err = "mismatch: impossible secret";
+ } else if (serial_get(&srl, (void**)&ao.payload, &ao.paylsize)) {
+ ao.err = "mismatch: impossible payload";
+ } else if ((rc = hash(ao.buffer, serial_size(&srl),
+ myhash, &myhsize))) {
+ ao.err = crypto_errstr(rc);
+ } else if (serial_get(&srl, (void**)&theirhash, &theirhsize)) {
+ ao.err = "mismatch: impossible hash";
+ } else if (theirhsize != HASHSIZE) {
+ ao.err = "mismatch: hash is of wrong size";
+ } else if ((myhsize != theirhsize) ||
+ memcmp(myhash, theirhash, myhsize)) {
+ ao.err = "mismatch: different hash";
+ }
+ }
+ return ao;
+}
+
+struct _auth_obj authobj(const char *userid, const char *password,
+ const char *oldnonce, const char *newnonce,
+ const unsigned char *secret, const int secsize,
+ const unsigned char *payload, const int paylsize,
+ const unsigned char *ablob, const int blobsize,
+ struct _auth_chunk (*fetch_key)(const unsigned char *chal,
+ const int csize))
+{
+ unsigned char *wsecret;
+ int wsecsize;
+ unsigned char *wpayload;
+ int wpaylsize;
+ struct _auth_obj old_ao;
+ struct _auth_obj new_ao = {0};
+
+ if (!secret || !secsize || !payload) {
+ old_ao = parse_authobj(userid, password, oldnonce,
+ secret, secsize,
+ ablob, blobsize, fetch_key);
+ if (old_ao.err) {
+ new_ao.err = old_ao.err;
+ if (old_ao.buffer) free(old_ao.buffer);
+ return new_ao;
+ } else {
+ if (secret && secsize) {
+ wsecret = secret;
+ wsecsize = secsize;
+ } else {
+ wsecret = old_ao.data;
+ wsecsize = old_ao.datasize;
+ }
+ if (payload) {
+ wpayload = payload;
+ wpaylsize = paylsize;
+ } else {
+ wpayload = old_ao.payload;
+ wpaylsize = old_ao.paylsize;
+ }
+ }
+ } else {
+ wsecret = secret;
+ wsecsize = secsize;
+ wpayload = payload;
+ wpaylsize = paylsize;
+ }
+
+
+ new_ao = make_authobj(userid, password, newnonce,
+ wsecret, wsecsize, wpayload, wpaysize);
+
+ if (old_ao.data) memset(old_ao.data, 0, old_ao.datasize);
+ if (old_ao.payload) memset(old_ao.payload, 0, old_ao.paylsize);
+ if (old_ao.buffer) free(old_ao.buffer);
+ return new_ao;
+}
+
+void dummy() {
+ struct _auth_chunk ho_chal, ho_key;
+
+ ho_chal = make_challenge(userid, password, oldnonce);
+ if (ho_chal.err) {
+ new_ao.err = ho_chal.err;
+ return new_ao;
+ }
+ ho_key = (*fetch_key)(ho_chal.hash, sizeof(ho_chal.hash));
+ memset(&ho_chal, 0, sizeof(ho_chal));
+ if (ho_key.err) {
+ new_ao.err = ho_key.err;
+ return new_ao;
+ }
+ old_ao = parse_authobj(ho_key.hash, sizeof(ho_key.hash),
+ authobj, authsize);
+ memset(&ho_key, 0, sizeof(ho_key));
+ if (old_ao.err) {
+ new_ao.err = old_ao.err;
+ if (old_ao.buffer) free(old_ao.buffer);
+ return new_ao;
+ }
+
+ ho_chal = make_challenge(userid, password, newnonce);
+ if (ho_chal.err) {
+ new_ao.err = ho_chal.err;
+ return new_ao;
+ }
+ ho_key = make_key(ho_chal.hash, sizeof(ho_chal.hash),
+ old_ao.data, old_ao.datasize);
+ memset(&ho_chal, 0, sizeof(ho_chal));
+ if (ho_key.err) {
+ new_ao.err = ho_key.err;
+ return new_ao;
+ }
+ new_ao = make_authobj(ho_key.hash, sizeof(ho_key.hash),
+ old_ao.data, old_ao.datasize,
+ old_ao.payload, old_ao.paylsize);
+ memset(&ho_key, 0, sizeof(ho_key));
+