check associate reply for consistency

Reject associate replies returning secret of inconsistent with association type length. This way severely broken OPs which return SHA1 association as SHA256 will still work in dumb mode. Signed-off-by: Michael Krelin <hacker@klever.net>
author: Michael Krelin <hacker@klever.net> 2008-01-23 21:13:27 (UTC)
committer: Michael Krelin <hacker@klever.net> 2008-01-23 21:13:27 (UTC)
commit: dc5dad0709ae8dd0a4be74248a22a78e47ba90e2 (patch) (side-by-side diff)
tree: eebd2a18bec33c4250036e1fd92d38cd4268777e /lib
parent: 2a116bce75236e46946bb9564790c26c6a59b9a4 (diff)
download: libopkele-dc5dad0709ae8dd0a4be74248a22a78e47ba90e2.zip
libopkele-dc5dad0709ae8dd0a4be74248a22a78e47ba90e2.tar.gz
libopkele-dc5dad0709ae8dd0a4be74248a22a78e47ba90e2.tar.bz2
1 files changed, 6 insertions, 3 deletions
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc
index 763a391..2da8416 100644
--- a/lib/basic_rp.cc
+++ b/lib/basic_rp.cc
@@ -1,109 +1,112 @@
 #include <openssl/sha.h>
 #include <openssl/hmac.h>
 #include <opkele/basic_rp.h>
 #include <opkele/exception.h>
 #include <opkele/uris.h>
 #include <opkele/data.h>
 #include <opkele/util.h>
 #include <opkele/curl.h>
 
 namespace opkele {
 
     static void dh_get_secret(
 	    secret_t& secret, const basic_openid_message& om,
 	    const char *exp_assoc, const char *exp_sess,
 	    util::dh_t& dh,
-	    size_t d_len, unsigned char *(*d_fun)(const unsigned char*,size_t,unsigned char*) ) try {
+	    size_t d_len, unsigned char *(*d_fun)(const unsigned char*,size_t,unsigned char*),
+	    size_t exp_s_len) try {
 	if(om.get_field("assoc_type")!=exp_assoc || om.get_field("session_type")!=exp_sess)
 	    throw bad_input(OPKELE_CP_ "Unexpected associate response");
 	util::bignum_t s_pub = util::base64_to_bignum(om.get_field("dh_server_public"));
 	vector<unsigned char> ck(DH_size(dh)+1);
 	unsigned char *ckptr = &(ck.front())+1;
 	int cklen = DH_compute_key(ckptr,s_pub,dh);
 	if(cklen<0)
 	    throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
 	if(cklen && (*ckptr)&0x80) {
 	    (*(--ckptr))=0; ++cklen; }
 	unsigned char key_digest[d_len];
 	secret.enxor_from_base64((*d_fun)(ckptr,cklen,key_digest),om.get_field("enc_mac_key"));
+	if(secret.size()!=exp_s_len)
+	    throw bad_input(OPKELE_CP_ "Secret length isn't consistent with association type");
     }catch(opkele::failed_lookup& ofl) {
 	throw bad_input(OPKELE_CP_ "Incoherent response from OP");
     } OPKELE_RETHROW
 
     static void direct_request(basic_openid_message& oum,const basic_openid_message& inm,const string& OP) {
 	util::curl_pick_t curl = util::curl_pick_t::easy_init();
 	if(!curl)
 	    throw exception_curl(OPKELE_CP_ "failed to initialize curl");
 	string request = inm.query_string();
 	CURLcode r;
 	(r=curl.misc_sets())
 	    || (r=curl.easy_setopt(CURLOPT_URL,OP.c_str()))
 	    || (r=curl.easy_setopt(CURLOPT_POST,1))
 	    || (r=curl.easy_setopt(CURLOPT_POSTFIELDS,request.data()))
 	    || (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,request.length()))
 	    || (r=curl.set_write());
 	if(r)
 	    throw exception_curl(OPKELE_CP_ "failed to set curly options",r);
 	if( (r=curl.easy_perform()) )
 	    throw exception_curl(OPKELE_CP_ "failed to perform curly request",r);
 	oum.from_keyvalues(curl.response);
     }
 
 
     assoc_t basic_RP::associate(const string& OP) {
 	util::dh_t dh = DH_new();
 	if(!dh)
 	    throw exception_openssl(OPKELE_CP_ "failed to DH_new()");
 	dh->p = util::dec_to_bignum(data::_default_p);
 	dh->g = util::dec_to_bignum(data::_default_g);
 	if(!DH_generate_key(dh))
 	    throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()");
 	openid_message_t req;
 	req.set_field("ns",OIURI_OPENID20);
 	req.set_field("mode","associate");
 	req.set_field("dh_modulus",util::bignum_to_base64(dh->p));
 	req.set_field("dh_gen",util::bignum_to_base64(dh->g));
 	req.set_field("dh_consumer_public",util::bignum_to_base64(dh->pub_key));
 	openid_message_t res;
 	req.set_field("assoc_type","HMAC-SHA256");
 	req.set_field("session_type","DH-SHA256");
 	secret_t secret;
 	int expires_in;
 	try {
 	    direct_request(res,req,OP);
 	    dh_get_secret( secret, res,
 		    "HMAC-SHA256", "DH-SHA256",
-		    dh, SHA256_DIGEST_LENGTH, SHA256 );
+		    dh, SHA256_DIGEST_LENGTH, SHA256, SHA256_DIGEST_LENGTH );
 	    expires_in = util::string_to_long(res.get_field("expires_in"));
 	}catch(exception& e) {
 	    try {
 		req.set_field("assoc_type","HMAC-SHA1");
 		req.set_field("session_type","DH-SHA1");
 		direct_request(res,req,OP);
 		dh_get_secret( secret, res,
 			"HMAC-SHA1", "DH-SHA1",
-			dh, SHA_DIGEST_LENGTH, SHA1 );
+			dh, SHA_DIGEST_LENGTH, SHA1, SHA_DIGEST_LENGTH );
 		expires_in = util::string_to_long(res.get_field("expires_in"));
 	    }catch(bad_input& e) {
 		throw dumb_RP(OPKELE_CP_ "OP failed to supply an association");
 	    }
 	}
 	return store_assoc(
 		OP, res.get_field("assoc_handle"),
 		res.get_field("assoc_type"), secret,
 		expires_in );
     }
 
     basic_openid_message& basic_RP::checkid_(
 	    basic_openid_message& rv,
 	    mode_t mode,
 	    const string& return_to,const string& realm,
 	    extension_t *ext) {
 	rv.reset_fields();
 	rv.set_field("ns",OIURI_OPENID20);
 	if(mode==mode_checkid_immediate)
 	    rv.set_field("mode","checkid_immediate");
 	else if(mode==mode_checkid_setup)
 	    rv.set_field("mode","checkid_setup");
 	else
 	    throw bad_input(OPKELE_CP_ "unknown checkid_* mode");
author	Michael Krelin <hacker@klever.net>	2008-01-23 21:13:27 (UTC)
committer	Michael Krelin <hacker@klever.net>	2008-01-23 21:13:27 (UTC)
commit	dc5dad0709ae8dd0a4be74248a22a78e47ba90e2 (patch) (side-by-side diff)
tree	eebd2a18bec33c4250036e1fd92d38cd4268777e /lib
parent	2a116bce75236e46946bb9564790c26c6a59b9a4 (diff)
download	libopkele-dc5dad0709ae8dd0a4be74248a22a78e47ba90e2.zip libopkele-dc5dad0709ae8dd0a4be74248a22a78e47ba90e2.tar.gz libopkele-dc5dad0709ae8dd0a4be74248a22a78e47ba90e2.tar.bz2