-rw-r--r-- | lib/server.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/server.cc b/lib/server.cc index 8db97be..b1c5c3a 100644 --- a/lib/server.cc +++ b/lib/server.cc | |||
@@ -1,87 +1,87 @@ | |||
1 | #include <vector> | 1 | #include <vector> |
2 | #include <openssl/sha.h> | 2 | #include <openssl/sha.h> |
3 | #include <openssl/hmac.h> | 3 | #include <openssl/hmac.h> |
4 | #include <opkele/util.h> | 4 | #include <opkele/util.h> |
5 | #include <opkele/exception.h> | 5 | #include <opkele/exception.h> |
6 | #include <opkele/server.h> | 6 | #include <opkele/server.h> |
7 | #include <opkele/data.h> | 7 | #include <opkele/data.h> |
8 | 8 | ||
9 | namespace opkele { | 9 | namespace opkele { |
10 | using namespace std; | 10 | using namespace std; |
11 | 11 | ||
12 | void server_t::associate(const params_t& pin,params_t& pout) { | 12 | void server_t::associate(const params_t& pin,params_t& pout) { |
13 | util::dh_t dh; | 13 | util::dh_t dh; |
14 | util::bignum_t c_pub; | 14 | util::bignum_t c_pub; |
15 | unsigned char key_sha1[SHA_DIGEST_LENGTH]; | 15 | unsigned char key_sha1[SHA_DIGEST_LENGTH]; |
16 | enum { | 16 | enum { |
17 | sess_cleartext, | 17 | sess_cleartext, |
18 | sess_dh_sha1 | 18 | sess_dh_sha1 |
19 | } st = sess_cleartext; | 19 | } st = sess_cleartext; |
20 | if( | 20 | if( |
21 | pin.has_param("openid.session_type") | 21 | pin.has_param("openid.session_type") |
22 | && pin.get_param("openid.session_type")=="DH-SHA1" ) { | 22 | && pin.get_param("openid.session_type")=="DH-SHA1" ) { |
23 | /* TODO: fallback to cleartext in case of exceptions here? */ | 23 | /* TODO: fallback to cleartext in case of exceptions here? */ |
24 | if(!(dh = DH_new())) | 24 | if(!(dh = DH_new())) |
25 | throw exception_openssl(OPKELE_CP_ "failed to DH_new()"); | 25 | throw exception_openssl(OPKELE_CP_ "failed to DH_new()"); |
26 | c_pub = util::base64_to_bignum(pin.get_param("openid.dh_consumer_public")); | 26 | c_pub = util::base64_to_bignum(pin.get_param("openid.dh_consumer_public")); |
27 | if(pin.has_param("openid.dh_modulus")) | 27 | if(pin.has_param("openid.dh_modulus")) |
28 | dh->p = util::base64_to_bignum(pin.get_param("openid.dh_modulus")); | 28 | dh->p = util::base64_to_bignum(pin.get_param("openid.dh_modulus")); |
29 | else | 29 | else |
30 | dh->p = util::dec_to_bignum(data::_default_p); | 30 | dh->p = util::dec_to_bignum(data::_default_p); |
31 | if(pin.has_param("openid.dh_gen")) | 31 | if(pin.has_param("openid.dh_gen")) |
32 | dh->g = util::base64_to_bignum(pin.get_param("openid.dh_gen")); | 32 | dh->g = util::base64_to_bignum(pin.get_param("openid.dh_gen")); |
33 | else | 33 | else |
34 | dh->g = util::dec_to_bignum(data::_default_g); | 34 | dh->g = util::dec_to_bignum(data::_default_g); |
35 | if(!DH_generate_key(dh)) | 35 | if(!DH_generate_key(dh)) |
36 | throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()"); | 36 | throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()"); |
37 | vector<unsigned char> ck(DH_size(dh)+1); | 37 | vector<unsigned char> ck(DH_size(dh)+1); |
38 | unsigned char *ckptr = &(ck.front())+1; | 38 | unsigned char *ckptr = &(ck.front())+1; |
39 | int cklen = DH_compute_key(&(ck.front()),c_pub,dh); | 39 | int cklen = DH_compute_key(ckptr,c_pub,dh); |
40 | if(cklen<0) | 40 | if(cklen<0) |
41 | throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); | 41 | throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()"); |
42 | if(cklen && (*ckptr)&0x80) { | 42 | if(cklen && (*ckptr)&0x80) { |
43 | (*(--ckptr)) = 0; ++cklen; | 43 | (*(--ckptr)) = 0; ++cklen; |
44 | } | 44 | } |
45 | SHA1(ckptr,cklen,key_sha1); | 45 | SHA1(ckptr,cklen,key_sha1); |
46 | st = sess_dh_sha1; | 46 | st = sess_dh_sha1; |
47 | } | 47 | } |
48 | assoc_t assoc = alloc_assoc(mode_associate); | 48 | assoc_t assoc = alloc_assoc(mode_associate); |
49 | time_t now = time(0); | 49 | time_t now = time(0); |
50 | pout.clear(); | 50 | pout.clear(); |
51 | pout["assoc_type"] = assoc->assoc_type(); | 51 | pout["assoc_type"] = assoc->assoc_type(); |
52 | pout["assoc_handle"] = assoc->handle(); | 52 | pout["assoc_handle"] = assoc->handle(); |
53 | /* TODO: eventually remove deprecated stuff */ | 53 | /* TODO: eventually remove deprecated stuff */ |
54 | pout["issued"] = util::time_to_w3c(now); | 54 | pout["issued"] = util::time_to_w3c(now); |
55 | pout["expiry"] = util::time_to_w3c(now+assoc->expires_in()); | 55 | pout["expiry"] = util::time_to_w3c(now+assoc->expires_in()); |
56 | pout["expires_in"] = util::long_to_string(assoc->expires_in()); | 56 | pout["expires_in"] = util::long_to_string(assoc->expires_in()); |
57 | secret_t secret = assoc->secret(); | 57 | secret_t secret = assoc->secret(); |
58 | switch(st) { | 58 | switch(st) { |
59 | case sess_dh_sha1: | 59 | case sess_dh_sha1: |
60 | pout["session_type"] = "DH-SHA1"; | 60 | pout["session_type"] = "DH-SHA1"; |
61 | pout["dh_server_public"] = util::bignum_to_base64(dh->pub_key); | 61 | pout["dh_server_public"] = util::bignum_to_base64(dh->pub_key); |
62 | secret.enxor_to_base64(key_sha1,pout["enc_mac_key"]); | 62 | secret.enxor_to_base64(key_sha1,pout["enc_mac_key"]); |
63 | break; | 63 | break; |
64 | default: | 64 | default: |
65 | secret.to_base64(pout["mac_key"]); | 65 | secret.to_base64(pout["mac_key"]); |
66 | break; | 66 | break; |
67 | } | 67 | } |
68 | } | 68 | } |
69 | 69 | ||
70 | void server_t::checkid_immediate(const params_t& pin,string& return_to,params_t& pout,extension_t *ext) { | 70 | void server_t::checkid_immediate(const params_t& pin,string& return_to,params_t& pout,extension_t *ext) { |
71 | checkid_(mode_checkid_immediate,pin,return_to,pout,ext); | 71 | checkid_(mode_checkid_immediate,pin,return_to,pout,ext); |
72 | } | 72 | } |
73 | 73 | ||
74 | void server_t::checkid_setup(const params_t& pin,string& return_to,params_t& pout,extension_t *ext) { | 74 | void server_t::checkid_setup(const params_t& pin,string& return_to,params_t& pout,extension_t *ext) { |
75 | checkid_(mode_checkid_setup,pin,return_to,pout,ext); | 75 | checkid_(mode_checkid_setup,pin,return_to,pout,ext); |
76 | } | 76 | } |
77 | 77 | ||
78 | void server_t::checkid_(mode_t mode,const params_t& pin,string& return_to,params_t& pout,extension_t *ext) { | 78 | void server_t::checkid_(mode_t mode,const params_t& pin,string& return_to,params_t& pout,extension_t *ext) { |
79 | if(mode!=mode_checkid_immediate && mode!=mode_checkid_setup) | 79 | if(mode!=mode_checkid_immediate && mode!=mode_checkid_setup) |
80 | throw bad_input(OPKELE_CP_ "invalid checkid_* mode"); | 80 | throw bad_input(OPKELE_CP_ "invalid checkid_* mode"); |
81 | pout.clear(); | 81 | pout.clear(); |
82 | assoc_t assoc; | 82 | assoc_t assoc; |
83 | try { | 83 | try { |
84 | assoc = retrieve_assoc(pin.get_param("openid.assoc_handle")); | 84 | assoc = retrieve_assoc(pin.get_param("openid.assoc_handle")); |
85 | }catch(failed_lookup& fl) { | 85 | }catch(failed_lookup& fl) { |
86 | // no handle specified or no valid handle found, going dumb | 86 | // no handle specified or no valid handle found, going dumb |
87 | assoc = alloc_assoc(mode_checkid_setup); | 87 | assoc = alloc_assoc(mode_checkid_setup); |