summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--fticks.c37
-rw-r--r--fticks.h8
-rw-r--r--tests/t_fticks.c39
3 files changed, 72 insertions, 12 deletions
diff --git a/fticks.c b/fticks.c
index 0147f1b..8d41c4f 100644
--- a/fticks.c
+++ b/fticks.c
@@ -4,6 +4,8 @@
#include <stdio.h> /* For sprintf(). */
#include <string.h>
+#include <ctype.h>
+#include <errno.h>
#include <nettle/sha.h>
#include <nettle/hmac.h>
@@ -129,18 +131,41 @@ out:
by lowercasing it, removing all but [0-9a-f] and truncating it at
the first ';' found. The truncation is done because RADIUS
supposedly has a praxis of tacking on SSID to the MAC address in
- Calling-Station-Id. */
-void
+ Calling-Station-Id.
+
+ \return 0 on success, -ENOMEM on out of memory.
+*/
+int
fticks_hashmac(const uint8_t *in,
const uint8_t *key,
size_t out_len,
uint8_t *out)
{
- /* TODO: lowercase */
- /* TODO: s/[!0-9a-f]//1 */
- /* TODO: truncate after first ';', if any */
+ uint8_t *in_copy = NULL;
+ uint8_t *p = NULL;
+ int i;
+
+ in_copy = calloc(1, strlen(in) + 1);
+ if (in_copy == NULL)
+ return -ENOMEM;
+
+ /* Sanitise and lowercase 'in' into 'in_copy'. */
+ for (i = 0, p = in_copy; in[i] != '\0'; i++) {
+ if (in[i] == ';') {
+ *p++ = '\0';
+ break;
+ }
+ if (in[i] >= '0' && in[i] <= '9') {
+ *p++ = in[i];
+ }
+ else if (tolower(in[i]) >= 'a' && tolower(in[i]) <= 'f') {
+ *p++ = tolower(in[i]);
+ }
+ }
- _hash(in, key, out_len, out);
+ _hash(in_copy, key, out_len, out);
+ free(in_copy);
+ return 0;
}
void
diff --git a/fticks.h b/fticks.h
index 8af8633..eb880c0 100644
--- a/fticks.h
+++ b/fticks.h
@@ -6,10 +6,10 @@ int fticks_configure(struct options *options,
uint8_t **reportingp,
uint8_t **macp,
uint8_t **keyp);
-void fticks_hashmac(const uint8_t *in,
- const uint8_t *key,
- size_t out_len,
- uint8_t *out);
+int fticks_hashmac(const uint8_t *in,
+ const uint8_t *key,
+ size_t out_len,
+ uint8_t *out);
void fticks_log(const struct options *options,
const struct client *client,
const struct radmsg *msg,
diff --git a/tests/t_fticks.c b/tests/t_fticks.c
index 71a015e..a0e44c3 100644
--- a/tests/t_fticks.c
+++ b/tests/t_fticks.c
@@ -1,11 +1,46 @@
+#include <stdio.h>
+#include <errno.h>
#include "../radsecproxy.h"
#include "../fticks.h"
+static int
+_check_hash(const char *mac, const char *key, const char *hash, const char*hmac)
+{
+ int rv = 0;
+ uint8_t buf[128];
+
+ if (fticks_hashmac((const uint8_t *) mac, NULL, sizeof(buf), buf) != 0)
+ return -ENOMEM;
+ if (strcmp(hash, (const char *) buf) != 0)
+ rv = !!fprintf(stderr, "%s: bad hash: %s\n", mac, buf);
+ if (fticks_hashmac((const uint8_t *) mac, (const uint8_t *) key,
+ sizeof(buf), buf) != 0)
+ return -ENOMEM;
+ if (strcmp(hmac, (const char *) buf) != 0)
+ rv = !!fprintf(stderr, "%s: bad hash (key=\"%s\"): %s\n", mac, key, buf);
+
+ return rv;
+}
+
+#define MAC1 "00:23:14:0a:f7:24"
+#define MAC1_UC "00:23:14:0A:F7:24"
+#define MAC1_APPENDED "00:23:14:0a:f7:24;cruft"
+#define MAC1_WEIRD "00:23:-[?xyzzy!]-14:0a:f7:24"
+#define KEY1 "magic passphrase"
+#define HASH1 "29c0ee9d9c41771795a11ff75fefe9f5ccaab523ad31fc4fd8e776c707ad158129c0ee9d9c41771795a11ff75fefe9f5ccaab523ad31fc4fd8e776c707ad15"
+#define HMAC1 "57c8cd8031142c51ac9747370f48a5aa731006729d0cdf589ba101864f35f39057c8cd8031142c51ac9747370f48a5aa731006729d0cdf589ba101864f35f3"
+
int
main (int argc, char *argv[])
{
- uint8_t buf[128];
+ if (_check_hash(MAC1, KEY1, HASH1, HMAC1) != 0)
+ return 1;
+ if (_check_hash(MAC1_UC, KEY1, HASH1, HMAC1) != 0)
+ return 1;
+ if (_check_hash(MAC1_APPENDED, KEY1, HASH1, HMAC1) != 0)
+ return 1;
+ if (_check_hash(MAC1_WEIRD, KEY1, HASH1, HMAC1) != 0)
+ return 1;
- fticks_hashmac((const uint8_t *) "xyzzy", NULL, sizeof(buf), buf);
return 0;
}