Example #1
0
bool challenge_h(connection_t *c, const char *request) {
	if(!myself->connection->rsa)
		return false;

	char buffer[MAX_STRING_SIZE];
	const size_t len = rsa_size(myself->connection->rsa);
	size_t digestlen = digest_length(c->indigest);
	char digest[digestlen];

	if(sscanf(request, "%*d " MAX_STRING, buffer) != 1) {
		logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "CHALLENGE", c->name, c->hostname);
		return false;
	}

	/* Convert the challenge from hexadecimal back to binary */

	int inlen = hex2bin(buffer, buffer, sizeof buffer);

	/* Check if the length of the challenge is all right */

	if(inlen != len) {
		logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge length");
		return false;
	}

	/* Calculate the hash from the challenge we received */

	if(!digest_create(c->indigest, buffer, len, digest))
		return false;

	/* Convert the hash to a hexadecimal formatted string */

	bin2hex(digest, buffer, digestlen);

	/* Send the reply */

	c->allow_request = CHAL_REPLY;

	return send_request(c, "%d %s", CHAL_REPLY, buffer);
}
Example #2
0
bool chal_reply_h(connection_t *c, const char *request) {
	char hishash[MAX_STRING_SIZE];

	if(sscanf(request, "%*d " MAX_STRING, hishash) != 1) {
		logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "CHAL_REPLY", c->name,
			   c->hostname);
		return false;
	}

	/* Convert the hash to binary format */

	int inlen = hex2bin(hishash, hishash, sizeof hishash);

	/* Check if the length of the hash is all right */

	if(inlen != digest_length(c->outdigest)) {
		logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge reply length");
		return false;
	}


	/* Verify the hash */

	if(!digest_verify(c->outdigest, c->hischallenge, rsa_size(c->rsa), hishash)) {
		logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge reply");
		return false;
	}

	/* Identity has now been positively verified.
	   Send an acknowledgement with the rest of the information needed.
	 */

	free(c->hischallenge);
	c->hischallenge = NULL;
	c->allow_request = ACK;

	return send_ack(c);
}
Example #3
0
int test_hkdf_precond(void)
{
    unsigned char key[4] = {0};
    unsigned char salt[4] = {0};
    unsigned char info[4] = {0};
    unsigned char out[4];

    /* Invalid hash function (failure) */

    ASSERT_FAILURE(kdf_hkdf(0, 0,
                            key, sizeof(key),
                            salt, sizeof(salt),
                            info, sizeof(info),
                            out, sizeof(out)));

    ASSERT_FAILURE(kdf_hkdf(BLOCK_AES, 0,
                            key, sizeof(key),
                            salt, sizeof(salt),
                            info, sizeof(info),
                            out, sizeof(out)));

    /* Zero length key (failure) */

    ASSERT_FAILURE(kdf_hkdf(HASH_SHA256, 0,
                            key, 0,
                            salt, sizeof(salt),
                            info, sizeof(info),
                            out, sizeof(out)));

    /* Zero length output (failure) */

    ASSERT_FAILURE(kdf_hkdf(HASH_SHA256, 0,
                            key, sizeof(key),
                            salt, sizeof(salt),
                            info, sizeof(info),
                            out, 0));

    /* Zero length salt (success) */

    ASSERT_SUCCESS(kdf_hkdf(HASH_SHA256, 0,
                            key, sizeof(key),
                            salt, 0,
                            info, sizeof(info),
                            out, sizeof(out)));

    /* Zero length info (success) */

    ASSERT_SUCCESS(kdf_hkdf(HASH_SHA256, 0,
                            key, sizeof(key),
                            salt, sizeof(salt),
                            info, 0,
                            out, sizeof(out)));

    {
        static unsigned char out_large[HASH_DIGEST_LEN * 255 + 1];
        prim_t hash = prim_default(PRIM_TYPE_HASH);
        size_t digest_len = digest_length(hash);

        /* Largest output length (success) */

        ASSERT_SUCCESS(kdf_hkdf(hash, 0,
                                key, sizeof(key),
                                salt, sizeof(salt),
                                info, sizeof(info),
                                out_large, digest_len * 255));

        /* Too long output length (failure) */

        ASSERT_FAILURE(kdf_hkdf(HASH_SHA256, 0,
                                key, sizeof(key),
                                salt, sizeof(salt),
                                info, sizeof(info),
                                out_large, digest_len * 255 + 1));
    }

    return 1;
}