#include <stdio.h> /* For sprintf(). */
#include <string.h>
+#include <ctype.h>
+#include <errno.h>
#include <nettle/sha.h>
#include <nettle/hmac.h>
by lowercasing it, removing all but [0-9a-f] and truncating it at
the first ';' found. The truncation is done because RADIUS
supposedly has a praxis of tacking on SSID to the MAC address in
- Calling-Station-Id. */
-void
+ Calling-Station-Id.
+
+ \return 0 on success, -ENOMEM on out of memory.
+*/
+int
fticks_hashmac(const uint8_t *in,
const uint8_t *key,
size_t out_len,
uint8_t *out)
{
- /* TODO: lowercase */
- /* TODO: s/[!0-9a-f]//1 */
- /* TODO: truncate after first ';', if any */
+ uint8_t *in_copy = NULL;
+ uint8_t *p = NULL;
+ int i;
+
+ in_copy = calloc(1, strlen(in) + 1);
+ if (in_copy == NULL)
+ return -ENOMEM;
+
+ /* Sanitise and lowercase 'in' into 'in_copy'. */
+ for (i = 0, p = in_copy; in[i] != '\0'; i++) {
+ if (in[i] == ';') {
+ *p++ = '\0';
+ break;
+ }
+ if (in[i] >= '0' && in[i] <= '9') {
+ *p++ = in[i];
+ }
+ else if (tolower(in[i]) >= 'a' && tolower(in[i]) <= 'f') {
+ *p++ = tolower(in[i]);
+ }
+ }
- _hash(in, key, out_len, out);
+ _hash(in_copy, key, out_len, out);
+ free(in_copy);
+ return 0;
}
void
uint8_t **reportingp,
uint8_t **macp,
uint8_t **keyp);
-void fticks_hashmac(const uint8_t *in,
- const uint8_t *key,
- size_t out_len,
- uint8_t *out);
+int fticks_hashmac(const uint8_t *in,
+ const uint8_t *key,
+ size_t out_len,
+ uint8_t *out);
void fticks_log(const struct options *options,
const struct client *client,
const struct radmsg *msg,
+#include <stdio.h>
+#include <errno.h>
#include "../radsecproxy.h"
#include "../fticks.h"
+static int
+_check_hash(const char *mac, const char *key, const char *hash, const char*hmac)
+{
+ int rv = 0;
+ uint8_t buf[128];
+
+ if (fticks_hashmac((const uint8_t *) mac, NULL, sizeof(buf), buf) != 0)
+ return -ENOMEM;
+ if (strcmp(hash, (const char *) buf) != 0)
+ rv = !!fprintf(stderr, "%s: bad hash: %s\n", mac, buf);
+ if (fticks_hashmac((const uint8_t *) mac, (const uint8_t *) key,
+ sizeof(buf), buf) != 0)
+ return -ENOMEM;
+ if (strcmp(hmac, (const char *) buf) != 0)
+ rv = !!fprintf(stderr, "%s: bad hash (key=\"%s\"): %s\n", mac, key, buf);
+
+ return rv;
+}
+
+#define MAC1 "00:23:14:0a:f7:24"
+#define MAC1_UC "00:23:14:0A:F7:24"
+#define MAC1_APPENDED "00:23:14:0a:f7:24;cruft"
+#define MAC1_WEIRD "00:23:-[?xyzzy!]-14:0a:f7:24"
+#define KEY1 "magic passphrase"
+#define HASH1 "29c0ee9d9c41771795a11ff75fefe9f5ccaab523ad31fc4fd8e776c707ad158129c0ee9d9c41771795a11ff75fefe9f5ccaab523ad31fc4fd8e776c707ad15"
+#define HMAC1 "57c8cd8031142c51ac9747370f48a5aa731006729d0cdf589ba101864f35f39057c8cd8031142c51ac9747370f48a5aa731006729d0cdf589ba101864f35f3"
+
int
main (int argc, char *argv[])
{
- uint8_t buf[128];
+ if (_check_hash(MAC1, KEY1, HASH1, HMAC1) != 0)
+ return 1;
+ if (_check_hash(MAC1_UC, KEY1, HASH1, HMAC1) != 0)
+ return 1;
+ if (_check_hash(MAC1_APPENDED, KEY1, HASH1, HMAC1) != 0)
+ return 1;
+ if (_check_hash(MAC1_WEIRD, KEY1, HASH1, HMAC1) != 0)
+ return 1;
- fticks_hashmac((const uint8_t *) "xyzzy", NULL, sizeof(buf), buf);
return 0;
}