bool challenge_h(connection_t *c, const char *request) {
if(!myself->connection->rsa)
return false;
char buffer[MAX_STRING_SIZE];
const size_t len = rsa_size(myself->connection->rsa);
size_t digestlen = digest_length(c->indigest);
char digest[digestlen];
if(sscanf(request, "%*d " MAX_STRING, buffer) != 1) {
logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "CHALLENGE", c->name, c->hostname);
return false;
}
/* Convert the challenge from hexadecimal back to binary */
int inlen = hex2bin(buffer, buffer, sizeof buffer);
/* Check if the length of the challenge is all right */
if(inlen != len) {
logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge length");
return false;
}
/* Calculate the hash from the challenge we received */
if(!digest_create(c->indigest, buffer, len, digest))
return false;
/* Convert the hash to a hexadecimal formatted string */
bin2hex(digest, buffer, digestlen);
/* Send the reply */
c->allow_request = CHAL_REPLY;
return send_request(c, "%d %s", CHAL_REPLY, buffer);
}
bool chal_reply_h(connection_t *c, const char *request) {
char hishash[MAX_STRING_SIZE];
if(sscanf(request, "%*d " MAX_STRING, hishash) != 1) {
logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "CHAL_REPLY", c->name,
c->hostname);
return false;
}
/* Convert the hash to binary format */
int inlen = hex2bin(hishash, hishash, sizeof hishash);
/* Check if the length of the hash is all right */
if(inlen != digest_length(c->outdigest)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge reply length");
return false;
}
/* Verify the hash */
if(!digest_verify(c->outdigest, c->hischallenge, rsa_size(c->rsa), hishash)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge reply");
return false;
}
/* Identity has now been positively verified.
Send an acknowledgement with the rest of the information needed.
*/
free(c->hischallenge);
c->hischallenge = NULL;
c->allow_request = ACK;
return send_ack(c);
}
int test_hkdf_precond(void)
{
unsigned char key[4] = {0};
unsigned char salt[4] = {0};
unsigned char info[4] = {0};
unsigned char out[4];
/* Invalid hash function (failure) */
ASSERT_FAILURE(kdf_hkdf(0, 0,
key, sizeof(key),
salt, sizeof(salt),
info, sizeof(info),
out, sizeof(out)));
ASSERT_FAILURE(kdf_hkdf(BLOCK_AES, 0,
key, sizeof(key),
salt, sizeof(salt),
info, sizeof(info),
out, sizeof(out)));
/* Zero length key (failure) */
ASSERT_FAILURE(kdf_hkdf(HASH_SHA256, 0,
key, 0,
salt, sizeof(salt),
info, sizeof(info),
out, sizeof(out)));
/* Zero length output (failure) */
ASSERT_FAILURE(kdf_hkdf(HASH_SHA256, 0,
key, sizeof(key),
salt, sizeof(salt),
info, sizeof(info),
out, 0));
/* Zero length salt (success) */
ASSERT_SUCCESS(kdf_hkdf(HASH_SHA256, 0,
key, sizeof(key),
salt, 0,
info, sizeof(info),
out, sizeof(out)));
/* Zero length info (success) */
ASSERT_SUCCESS(kdf_hkdf(HASH_SHA256, 0,
key, sizeof(key),
salt, sizeof(salt),
info, 0,
out, sizeof(out)));
{
static unsigned char out_large[HASH_DIGEST_LEN * 255 + 1];
prim_t hash = prim_default(PRIM_TYPE_HASH);
size_t digest_len = digest_length(hash);
/* Largest output length (success) */
ASSERT_SUCCESS(kdf_hkdf(hash, 0,
key, sizeof(key),
salt, sizeof(salt),
info, sizeof(info),
out_large, digest_len * 255));
/* Too long output length (failure) */
ASSERT_FAILURE(kdf_hkdf(HASH_SHA256, 0,
key, sizeof(key),
salt, sizeof(salt),
info, sizeof(info),
out_large, digest_len * 255 + 1));
}
return 1;
}