author | Michael Krelin <hacker@klever.net> | 2007-06-18 22:02:02 (UTC) |
---|---|---|
committer | Michael Krelin <hacker@klever.net> | 2007-06-18 22:02:02 (UTC) |
commit | 9af3fae2d53a34003af405b68923061c01584bc6 (patch) (unidiff) | |
tree | dd63e5bc3515c47ab074c564c51879b7c9652ab2 /lib | |
parent | 3b404dd029a2aba05efc2edadcc7f67c59746cf7 (diff) | |
download | libopkele-9af3fae2d53a34003af405b68923061c01584bc6.zip libopkele-9af3fae2d53a34003af405b68923061c01584bc6.tar.gz libopkele-9af3fae2d53a34003af405b68923061c01584bc6.tar.bz2 |
reworked zero-padding machinery and added one more instance of zero-padding
-rw-r--r-- | lib/consumer.cc | 13 | ||||
-rw-r--r-- | lib/server.cc | 11 | ||||
-rw-r--r-- | lib/util.cc | 10 |
3 files changed, 20 insertions, 14 deletions
diff --git a/lib/consumer.cc b/lib/consumer.cc index 12866f0..282f0cc 100644 --- a/lib/consumer.cc +++ b/lib/consumer.cc | |||
@@ -99,15 +99,16 @@ namespace opkele { | |||
99 | secret.from_base64(p.get_param("mac_key")); | 99 | secret.from_base64(p.get_param("mac_key")); |
100 | }else{ | 100 | }else{ |
101 | util::bignum_t s_pub = util::base64_to_bignum(p.get_param("dh_server_public")); | 101 | util::bignum_t s_pub = util::base64_to_bignum(p.get_param("dh_server_public")); |
102 | vector<unsigned char> ck(DH_size(dh)); | 102 | vector<unsigned char> ck(DH_size(dh)+1); |
103 | int cklen = DH_compute_key(&(ck.front()),s_pub,dh); | 103 | unsigned char *ckptr = &(ck.front())+1; |
104 | int cklen = DH_compute_key(ckptr,s_pub,dh); | ||
104 | if(cklen<0) | 105 | if(cklen<0) |
105 | throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); | 106 | throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); |
106 | ck.resize(cklen); | 107 | if(cklen && (*ckptr)&0x80) { |
107 | // OpenID algorithm requires extra zero in case of set bit here | 108 | (*(--ckptr)) = 0; ++cklen; |
108 | if(ck[0]&0x80) ck.insert(ck.begin(),1,0); | 109 | } |
109 | unsigned char key_sha1[SHA_DIGEST_LENGTH]; | 110 | unsigned char key_sha1[SHA_DIGEST_LENGTH]; |
110 | SHA1(&(ck.front()),ck.size(),key_sha1); | 111 | SHA1(ckptr,cklen,key_sha1); |
111 | secret.enxor_from_base64(key_sha1,p.get_param("enc_mac_key")); | 112 | secret.enxor_from_base64(key_sha1,p.get_param("enc_mac_key")); |
112 | } | 113 | } |
113 | int expires_in = 0; | 114 | int expires_in = 0; |
diff --git a/lib/server.cc b/lib/server.cc index e81d4b6..8db97be 100644 --- a/lib/server.cc +++ b/lib/server.cc | |||
@@ -34,14 +34,15 @@ namespace opkele { | |||
34 | dh->g = util::dec_to_bignum(data::_default_g); | 34 | dh->g = util::dec_to_bignum(data::_default_g); |
35 | if(!DH_generate_key(dh)) | 35 | if(!DH_generate_key(dh)) |
36 | throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()"); | 36 | throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()"); |
37 | vector<unsigned char> ck(DH_size(dh)); | 37 | vector<unsigned char> ck(DH_size(dh)+1); |
38 | unsigned char *ckptr = &(ck.front())+1; | ||
38 | int cklen = DH_compute_key(&(ck.front()),c_pub,dh); | 39 | int cklen = DH_compute_key(&(ck.front()),c_pub,dh); |
39 | if(cklen<0) | 40 | if(cklen<0) |
40 | throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); | 41 | throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); |
41 | ck.resize(cklen); | 42 | if(cklen && (*ckptr)&0x80) { |
42 | // OpenID algorithm requires extra zero in case of set bit here | 43 | (*(--ckptr)) = 0; ++cklen; |
43 | if(ck[0]&0x80) ck.insert(ck.begin(),1,0); | 44 | } |
44 | SHA1(&(ck.front()),ck.size(),key_sha1); | 45 | SHA1(ckptr,cklen,key_sha1); |
45 | st = sess_dh_sha1; | 46 | st = sess_dh_sha1; |
46 | } | 47 | } |
47 | assoc_t assoc = alloc_assoc(mode_associate); | 48 | assoc_t assoc = alloc_assoc(mode_associate); |
diff --git a/lib/util.cc b/lib/util.cc index d9abca7..94f6f53 100644 --- a/lib/util.cc +++ b/lib/util.cc | |||
@@ -86,9 +86,13 @@ namespace opkele { | |||
86 | } | 86 | } |
87 | 87 | ||
88 | string bignum_to_base64(const BIGNUM *bn) { | 88 | string bignum_to_base64(const BIGNUM *bn) { |
89 | vector<unsigned char> bin(BN_num_bytes(bn)); | 89 | vector<unsigned char> bin(BN_num_bytes(bn)+1); |
90 | int l = BN_bn2bin(bn,&(bin.front())); | 90 | unsigned char *binptr = &(bin.front())+1; |
91 | return encode_base64(&(bin.front()),l); | 91 | int l = BN_bn2bin(bn,binptr); |
92 | if(l && (*binptr)&0x80){ | ||
93 | (*(--binptr)) = 0; ++l; | ||
94 | } | ||
95 | return encode_base64(binptr,l); | ||
92 | } | 96 | } |
93 | 97 | ||
94 | /* | 98 | /* |