-rw-r--r-- | lib/basic_rp.cc | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc index 763a391..2da8416 100644 --- a/lib/basic_rp.cc +++ b/lib/basic_rp.cc | |||
@@ -14,5 +14,6 @@ namespace opkele { | |||
14 | const char *exp_assoc, const char *exp_sess, | 14 | const char *exp_assoc, const char *exp_sess, |
15 | util::dh_t& dh, | 15 | util::dh_t& dh, |
16 | size_t d_len, unsigned char *(*d_fun)(const unsigned char*,size_t,unsigned char*) ) try { | 16 | size_t d_len, unsigned char *(*d_fun)(const unsigned char*,size_t,unsigned char*), |
17 | size_t exp_s_len) try { | ||
17 | if(om.get_field("assoc_type")!=exp_assoc || om.get_field("session_type")!=exp_sess) | 18 | if(om.get_field("assoc_type")!=exp_assoc || om.get_field("session_type")!=exp_sess) |
18 | throw bad_input(OPKELE_CP_ "Unexpected associate response"); | 19 | throw bad_input(OPKELE_CP_ "Unexpected associate response"); |
@@ -27,4 +28,6 @@ namespace opkele { | |||
27 | unsigned char key_digest[d_len]; | 28 | unsigned char key_digest[d_len]; |
28 | secret.enxor_from_base64((*d_fun)(ckptr,cklen,key_digest),om.get_field("enc_mac_key")); | 29 | secret.enxor_from_base64((*d_fun)(ckptr,cklen,key_digest),om.get_field("enc_mac_key")); |
30 | if(secret.size()!=exp_s_len) | ||
31 | throw bad_input(OPKELE_CP_ "Secret length isn't consistent with association type"); | ||
29 | }catch(opkele::failed_lookup& ofl) { | 32 | }catch(opkele::failed_lookup& ofl) { |
30 | throw bad_input(OPKELE_CP_ "Incoherent response from OP"); | 33 | throw bad_input(OPKELE_CP_ "Incoherent response from OP"); |
@@ -74,5 +77,5 @@ namespace opkele { | |||
74 | dh_get_secret( secret, res, | 77 | dh_get_secret( secret, res, |
75 | "HMAC-SHA256", "DH-SHA256", | 78 | "HMAC-SHA256", "DH-SHA256", |
76 | dh, SHA256_DIGEST_LENGTH, SHA256 ); | 79 | dh, SHA256_DIGEST_LENGTH, SHA256, SHA256_DIGEST_LENGTH ); |
77 | expires_in = util::string_to_long(res.get_field("expires_in")); | 80 | expires_in = util::string_to_long(res.get_field("expires_in")); |
78 | }catch(exception& e) { | 81 | }catch(exception& e) { |
@@ -83,5 +86,5 @@ namespace opkele { | |||
83 | dh_get_secret( secret, res, | 86 | dh_get_secret( secret, res, |
84 | "HMAC-SHA1", "DH-SHA1", | 87 | "HMAC-SHA1", "DH-SHA1", |
85 | dh, SHA_DIGEST_LENGTH, SHA1 ); | 88 | dh, SHA_DIGEST_LENGTH, SHA1, SHA_DIGEST_LENGTH ); |
86 | expires_in = util::string_to_long(res.get_field("expires_in")); | 89 | expires_in = util::string_to_long(res.get_field("expires_in")); |
87 | }catch(bad_input& e) { | 90 | }catch(bad_input& e) { |