From dc5dad0709ae8dd0a4be74248a22a78e47ba90e2 Mon Sep 17 00:00:00 2001
From: Michael Krelin <hacker@klever.net>
Date: Wed, 23 Jan 2008 21:13:27 +0000
Subject: check associate reply for consistency

Reject associate replies returning secret of inconsistent with association type
length.  This way severely broken OPs which return SHA1 association as SHA256
will still work in dumb mode.

Signed-off-by: Michael Krelin <hacker@klever.net>
---
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc
index 763a391..2da8416 100644
--- a/lib/basic_rp.cc
+++ b/lib/basic_rp.cc
@@ -13,7 +13,8 @@ namespace opkele {
 	    secret_t& secret, const basic_openid_message& om,
 	    const char *exp_assoc, const char *exp_sess,
 	    util::dh_t& dh,
-	    size_t d_len, unsigned char *(*d_fun)(const unsigned char*,size_t,unsigned char*) ) try {
+	    size_t d_len, unsigned char *(*d_fun)(const unsigned char*,size_t,unsigned char*),
+	    size_t exp_s_len) try {
 	if(om.get_field("assoc_type")!=exp_assoc || om.get_field("session_type")!=exp_sess)
 	    throw bad_input(OPKELE_CP_ "Unexpected associate response");
 	util::bignum_t s_pub = util::base64_to_bignum(om.get_field("dh_server_public"));
@@ -26,6 +27,8 @@ namespace opkele {
 	    (*(--ckptr))=0; ++cklen; }
 	unsigned char key_digest[d_len];
 	secret.enxor_from_base64((*d_fun)(ckptr,cklen,key_digest),om.get_field("enc_mac_key"));
+	if(secret.size()!=exp_s_len)
+	    throw bad_input(OPKELE_CP_ "Secret length isn't consistent with association type");
     }catch(opkele::failed_lookup& ofl) {
 	throw bad_input(OPKELE_CP_ "Incoherent response from OP");
     } OPKELE_RETHROW
@@ -73,7 +76,7 @@ namespace opkele {
 	    direct_request(res,req,OP);
 	    dh_get_secret( secret, res,
 		    "HMAC-SHA256", "DH-SHA256",
-		    dh, SHA256_DIGEST_LENGTH, SHA256 );
+		    dh, SHA256_DIGEST_LENGTH, SHA256, SHA256_DIGEST_LENGTH );
 	    expires_in = util::string_to_long(res.get_field("expires_in"));
 	}catch(exception& e) {
 	    try {
@@ -82,7 +85,7 @@ namespace opkele {
 		direct_request(res,req,OP);
 		dh_get_secret( secret, res,
 			"HMAC-SHA1", "DH-SHA1",
-			dh, SHA_DIGEST_LENGTH, SHA1 );
+			dh, SHA_DIGEST_LENGTH, SHA1, SHA_DIGEST_LENGTH );
 		expires_in = util::string_to_long(res.get_field("expires_in"));
 	    }catch(bad_input& e) {
 		throw dumb_RP(OPKELE_CP_ "OP failed to supply an association");
--
cgit v0.9.0.2