Commit 178222ca authored by Mike Hibler's avatar Mike Hibler

Print some additional info on HMAC mismatch.

parent b4bf59b0
......@@ -1415,7 +1415,7 @@ notify_callback(pubsub_handle_t *server,
handle->keydata &&
event_notification_check_hmac(handle, &notification)) {
ERROR("bad hmac\n");
return;
return;
}
if (0) {
......@@ -1568,13 +1568,27 @@ hmac_fill_hash(void *rock, char *name,
}
#endif
static void
hmac_dump(char *msg, unsigned char *mac, int len)
{
unsigned char *up;
int i;
fprintf(stderr, "%s: ", msg);
up = (unsigned char *)mac;
for (i = 0; i < len; i++, up++) {
fprintf(stderr, "%02hhx", *up);
}
fprintf(stderr, "\n");
}
int
event_notification_insert_hmac(event_handle_t handle,
event_notification_t notification)
{
HMAC_CTX ctx;
unsigned char mac[EVP_MAX_MD_SIZE];
int i, len = EVP_MAX_MD_SIZE;
int len = EVP_MAX_MD_SIZE;
if (0)
INFO("event_notification_insert_hmac (key): %s\n",
......@@ -1609,14 +1623,7 @@ event_notification_insert_hmac(event_handle_t handle,
HMAC_cleanup(&ctx);
if (0) {
unsigned char *up;
INFO("event_notification_insert_hmac: ");
up = (unsigned char *) mac;
for (i = 0; i < len; i++, up++) {
fprintf(stderr, "%02hhx", *up);
}
fprintf(stderr, "\n");
hmac_dump("event_notification_insert_hmac", mac, len);
}
/*
......@@ -1713,8 +1720,8 @@ event_notification_check_hmac(event_handle_t handle,
HMAC_CTX ctx;
unsigned char srcmac[EVP_MAX_MD_SIZE], mac[EVP_MAX_MD_SIZE];
char *pmac;
int i, srclen, len = EVP_MAX_MD_SIZE;
int tmp, elvin, elvin_ordered;
int srclen, len = EVP_MAX_MD_SIZE;
int tmp, elvin, elvincompat, elvin_ordered;
pubsub_notification_t *pubsub_notification;
#ifdef ELVIN_COMPAT
struct elvin_hashtable *hashtable;
......@@ -1738,14 +1745,8 @@ event_notification_check_hmac(event_handle_t handle,
memcpy(srcmac, pmac, srclen);
if (0) {
unsigned char *up;
INFO("event_notification_check_hmac __hmac__: ");
up = (unsigned char *) srcmac;
for (i = 0; i < srclen; i++, up++) {
fprintf(stderr, "%02hhx", *up);
}
fprintf(stderr, "\n");
hmac_dump("event_notification_check_hmac (__hmac__)",
srcmac, srclen);
}
/*
......@@ -1753,7 +1754,10 @@ event_notification_check_hmac(event_handle_t handle,
* client. These would always be a version 0 version of this
* code since we do not generate the elvin HMACs anymore.
*/
elvin = elvin_ordered = 0;
elvin = elvincompat = elvin_ordered = 0;
#ifdef ELVIN_COMPAT
elvincompat = 1;
#endif
if (! pubsub_notification_get_int32(pubsub_notification,
"___PUBSUB___",
......@@ -1814,14 +1818,8 @@ event_notification_check_hmac(event_handle_t handle,
HMAC_cleanup(&ctx);
if (0) {
unsigned char *up;
INFO("event_notification_check_hmac (elvin): ");
up = (unsigned char *) mac;
for (i = 0; i < len; i++, up++) {
fprintf(stderr, "%02hhx", *up);
}
fprintf(stderr, "\n");
hmac_dump("event_notification_check_hmac (elvin)",
mac, len);
}
goto docmp;
}
......@@ -1848,21 +1846,35 @@ event_notification_check_hmac(event_handle_t handle,
HMAC_cleanup(&ctx);
if (0) {
unsigned char *up;
INFO("event_notification_check_hmac plain: ");
up = (unsigned char *) mac;
for (i = 0; i < len; i++, up++) {
fprintf(stderr, "%02hhx", *up);
}
fprintf(stderr, "\n");
hmac_dump("event_notification_check_hmac (plain)", mac, len);
}
docmp:
if (srclen == len && memcmp(srcmac, mac, len) == 0) {
notification->has_hmac = 1;
return 0;
}
ERROR("MAC mismatch! elvin=%d, ordered=%d\n", elvin, elvin_ordered);
ERROR("MAC mismatch! myelvincompat=%d, elvin=%d, ordered=%d\n",
elvincompat, elvin, elvin_ordered);
if (1) {
char _obj[128];
char _evt[128];
char _args[1024];
if (!event_notification_get_objname(handle, notification,
_obj, sizeof(_obj)))
strncpy(_obj, "<UNKNOWN>", sizeof(_obj));
if (!event_notification_get_eventtype(handle, notification,
_evt, sizeof(_evt)))
strncpy(_evt, "<UNKNOWN>", sizeof(_evt));
event_notification_get_arguments(handle, notification,
_args, sizeof(_args));
fprintf(stderr,
" object=%s, event=%s, args=%s\n", _obj, _evt, _args);
if (0) {
hmac_dump(" inmsg", srcmac, srclen);
hmac_dump(" computed", mac, len);
}
}
return 1;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment