| -rw-r--r-- | lib/basic_op.cc | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/basic_op.cc b/lib/basic_op.cc index 2d82147..c247493 100644 --- a/lib/basic_op.cc +++ b/lib/basic_op.cc | |||
| @@ -76,58 +76,58 @@ namespace opkele { | |||
| 76 | }catch(failed_lookup&) { | 76 | }catch(failed_lookup&) { |
| 77 | dh->p = util::dec_to_bignum(data::_default_p); } | 77 | dh->p = util::dec_to_bignum(data::_default_p); } |
| 78 | try { dh->g = util::base64_to_bignum(inm.get_field("dh_gen")); | 78 | try { dh->g = util::base64_to_bignum(inm.get_field("dh_gen")); |
| 79 | }catch(failed_lookup&) { | 79 | }catch(failed_lookup&) { |
| 80 | dh->g = util::dec_to_bignum(data::_default_g); } | 80 | dh->g = util::dec_to_bignum(data::_default_g); } |
| 81 | if(!DH_generate_key(dh)) | 81 | if(!DH_generate_key(dh)) |
| 82 | throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()"); | 82 | throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()"); |
| 83 | vector<unsigned char> ck(DH_size(dh)+1); | 83 | vector<unsigned char> ck(DH_size(dh)+1); |
| 84 | unsigned char *ckptr = &(ck.front())+1; | 84 | unsigned char *ckptr = &(ck.front())+1; |
| 85 | int cklen = DH_compute_key(ckptr,c_pub,dh); | 85 | int cklen = DH_compute_key(ckptr,c_pub,dh); |
| 86 | if(cklen<0) | 86 | if(cklen<0) |
| 87 | throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); | 87 | throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); |
| 88 | if(cklen && (*ckptr)&0x80) { | 88 | if(cklen && (*ckptr)&0x80) { |
| 89 | (*(--ckptr)) = 0; ++cklen; } | 89 | (*(--ckptr)) = 0; ++cklen; } |
| 90 | if(sts=="DH-SHA1") { | 90 | if(sts=="DH-SHA1") { |
| 91 | SHA1(ckptr,cklen,key_digest); d_len = SHA_DIGEST_LENGTH; | 91 | SHA1(ckptr,cklen,key_digest); d_len = SHA_DIGEST_LENGTH; |
| 92 | }else if(sts=="DH-SHA256") { | 92 | }else if(sts=="DH-SHA256") { |
| 93 | SHA256(ckptr,cklen,key_digest); d_len = SHA256_DIGEST_LENGTH; | 93 | SHA256(ckptr,cklen,key_digest); d_len = SHA256_DIGEST_LENGTH; |
| 94 | }else | 94 | }else |
| 95 | throw internal_error(OPKELE_CP_ "I thought I knew the session type"); | 95 | throw internal_error(OPKELE_CP_ "I thought I knew the session type"); |
| 96 | }else | 96 | }else |
| 97 | throw unsupported(OPKELE_CP_ "Unsupported session_type"); | 97 | throw unsupported(OPKELE_CP_ "Unsupported session_type"); |
| 98 | assoc_t a; | 98 | assoc_t a; |
| 99 | if(ats=="HMAC-SHA1") | 99 | if(ats=="HMAC-SHA1") |
| 100 | a = alloc_assoc(ats,SHA_DIGEST_LENGTH,true); | 100 | a = alloc_assoc(ats,SHA_DIGEST_LENGTH,false); |
| 101 | else if(ats=="HMAC-SHA256") | 101 | else if(ats=="HMAC-SHA256") |
| 102 | a = alloc_assoc(ats,SHA256_DIGEST_LENGTH,true); | 102 | a = alloc_assoc(ats,SHA256_DIGEST_LENGTH,false); |
| 103 | else | 103 | else |
| 104 | throw unsupported(OPKELE_CP_ "Unsupported assoc_type"); | 104 | throw unsupported(OPKELE_CP_ "Unsupported assoc_type"); |
| 105 | oum.reset_fields(); | 105 | oum.reset_fields(); |
| 106 | oum.set_field("ns",OIURI_OPENID20); | 106 | oum.set_field("ns",OIURI_OPENID20); |
| 107 | oum.set_field("assoc_type",a->assoc_type()); | 107 | oum.set_field("assoc_type",a->assoc_type()); |
| 108 | oum.set_field("assoc_handle",a->handle()); | 108 | oum.set_field("assoc_handle",a->handle()); |
| 109 | oum.set_field("expires_in",util::long_to_string(assoc->expires_in())); | 109 | oum.set_field("expires_in",util::long_to_string(a->expires_in())); |
| 110 | secret_t secret = a->secret(); | 110 | secret_t secret = a->secret(); |
| 111 | if(sts=="DH-SHA1" || sts=="DH-SHA256") { | 111 | if(sts=="DH-SHA1" || sts=="DH-SHA256") { |
| 112 | if(d_len != secret.size()) | 112 | if(d_len != secret.size()) |
| 113 | throw bad_input(OPKELE_CP_ "Association secret and session MAC are not of the same size"); | 113 | throw bad_input(OPKELE_CP_ "Association secret and session MAC are not of the same size"); |
| 114 | oum.set_field("session_type",sts); | 114 | oum.set_field("session_type",sts); |
| 115 | oum.set_field("dh_server_public",util::bignum_to_base64(dh->pub_key)); | 115 | oum.set_field("dh_server_public",util::bignum_to_base64(dh->pub_key)); |
| 116 | string b64; secret.enxor_to_base64(key_digest,b64); | 116 | string b64; secret.enxor_to_base64(key_digest,b64); |
| 117 | oum.set_field("enc_mac_key",b64); | 117 | oum.set_field("enc_mac_key",b64); |
| 118 | }else /* TODO: support cleartext over encrypted connection */ | 118 | }else /* TODO: support cleartext over encrypted connection */ |
| 119 | throw unsupported(OPKELE_CP_ "Unsupported session type"); | 119 | throw unsupported(OPKELE_CP_ "Unsupported session type"); |
| 120 | return oum; | 120 | return oum; |
| 121 | } catch(unsupported& u) { | 121 | } catch(unsupported& u) { |
| 122 | oum.reset_fields(); | 122 | oum.reset_fields(); |
| 123 | oum.set_field("ns",OIURI_OPENID20); | 123 | oum.set_field("ns",OIURI_OPENID20); |
| 124 | oum.set_field("error",u.what()); | 124 | oum.set_field("error",u.what()); |
| 125 | oum.set_field("error_code","unsupported-type"); | 125 | oum.set_field("error_code","unsupported-type"); |
| 126 | oum.set_field("session_type","DH-SHA256"); | 126 | oum.set_field("session_type","DH-SHA256"); |
| 127 | oum.set_field("assoc_type","HMAC-SHA256"); | 127 | oum.set_field("assoc_type","HMAC-SHA256"); |
| 128 | return oum; | 128 | return oum; |
| 129 | } | 129 | } |
| 130 | 130 | ||
| 131 | void basic_OP::checkid_(const basic_openid_message& inm, | 131 | void basic_OP::checkid_(const basic_openid_message& inm, |
| 132 | extension_t *ext) { | 132 | extension_t *ext) { |
| 133 | reset_vars(); | 133 | reset_vars(); |