+static int mag_basic_hmac(struct seal_key *key, unsigned char *mac,
+ gss_buffer_desc user, gss_buffer_desc pwd)
+{
+ struct databuf hmacbuf = { mac, 0 };
+ int data_size = user.length + pwd.length + 1;
+ unsigned char data[data_size];
+ struct databuf databuf = { data, data_size };
+
+ memcpy(data, user.value, user.length);
+ data[user.length] = '\0';
+ memcpy(&data[user.length + 1], pwd.value, pwd.length);
+
+ return HMAC_BUFFER(key, &databuf, &hmacbuf);
+}
+
+static int mag_get_mac_size(struct mag_config *cfg)
+{
+ apr_status_t rc;
+
+ if (!cfg->mag_skey) {
+ ap_log_perror(APLOG_MARK, APLOG_INFO, 0, cfg->pool,
+ "Session key not available, generating new one.");
+ rc = SEAL_KEY_CREATE(cfg->pool, &cfg->mag_skey, NULL);
+ if (rc != OK) {
+ ap_log_perror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, cfg->pool,
+ "Failed to create sealing key!");
+ return 0;
+ }
+ }
+
+ return get_mac_size(cfg->mag_skey);
+}
+
+bool mag_basic_check(struct mag_config *cfg, struct mag_conn *mc,
+ gss_buffer_desc user, gss_buffer_desc pwd)
+{
+ int mac_size = mag_get_mac_size(cfg);
+ unsigned char mac[mac_size];
+ int ret, i, j;
+ bool res = false;
+
+ if (mac_size == 0) return false;
+ if (mc->basic_hash.value == NULL) return false;
+
+ ret = mag_basic_hmac(cfg->mag_skey, mac, user, pwd);
+ if (ret != 0) goto done;
+
+ for (i = 0, j = 0; i < mac_size; i++) {
+ if (mc->basic_hash.value[i] != mac[i]) j++;
+ }
+ if (j == 0) res = true;
+
+done:
+ if (res == false) {
+ mc->basic_hash.value = NULL;
+ mc->basic_hash.length = 0;
+ }
+ return res;
+}
+
+void mag_basic_cache(struct mag_config *cfg, struct mag_conn *mc,
+ gss_buffer_desc user, gss_buffer_desc pwd)
+{
+ int mac_size = mag_get_mac_size(cfg);
+ unsigned char mac[mac_size];
+ int ret;
+
+ ret = mag_basic_hmac(cfg->mag_skey, mac, user, pwd);
+ if (ret != 0) return;
+
+ mc->basic_hash.length = mac_size;
+ mc->basic_hash.value = apr_palloc(mc->pool, mac_size);
+ memcpy(mc->basic_hash.value, mac, mac_size);
+}