From d6bafa1fe4d5ac6fedabdb75f8e683cf7cfb08a1 Mon Sep 17 00:00:00 2001
From: Charles Wright <cvwright@futo.org>
Date: Fri, 11 Feb 2022 16:41:13 -0600
Subject: [PATCH] Switch to storing client_id, server_id, and password inside
 the client/server contexts

---
 bsspeke.c | 48 +++++++++++++++++++++++++++++++++++++-----------
 bsspeke.h | 54 +++++++-----------------------------------------------
 2 files changed, 44 insertions(+), 58 deletions(-)

diff --git a/bsspeke.c b/bsspeke.c
index 677c2b7..d9acc0b 100644
--- a/bsspeke.c
+++ b/bsspeke.c
@@ -63,32 +63,58 @@ generate_random_bytes(uint8_t *buf, size_t len)
 #endif
 }
 
-void
+int
 bsspeke_client_init(bsspeke_client_ctx *ctx,
                     const char* client_id, const size_t client_id_len,
                     const char* server_id, const size_t server_id_len,
-                    const char* password, const size_t password_len
-) {
-    ctx->client_id = (uint8_t *)client_id;
+                    const char* password, const size_t password_len)
+{
+    if( client_id_len > 255 ) {
+        return -1;
+    }
+    crypto_wipe(ctx->client_id, 256);
+    memcpy(ctx->client_id, client_id, client_id_len);
     ctx->client_id_len = client_id_len;
 
-    ctx->server_id = (uint8_t *)server_id;
+    if( server_id_len > 255 ) {
+        return -1;
+    }
+    crypto_wipe(ctx->server_id, 256);
+    memcpy(ctx->server_id, server_id, server_id_len);
     ctx->server_id_len = server_id_len;
 
-    ctx->password = (uint8_t *)password;
+    if( password_len > 255 ) {
+        return -1;
+    }
+    crypto_wipe(ctx->password, 256);
+    memcpy(ctx->password, password, password_len);
     ctx->password_len = password_len;
+
+    // Success!
+    return 0;
 }
 
-void
+int
 bsspeke_server_init(bsspeke_server_ctx *ctx,
                     const char* server_id, const size_t server_id_len,
-                    const char* client_id, const size_t client_id_len
-) {
-    ctx->server_id = (uint8_t *)server_id;
+                    const char* client_id, const size_t client_id_len)
+{
+    if( server_id_len > 255 ) {
+        return -1;
+    }
+    crypto_wipe(ctx->server_id, 256);
+    memcpy(ctx->server_id, server_id, server_id_len);
     ctx->server_id_len = server_id_len;
 
-    ctx->client_id = (uint8_t *)client_id;
+    if( client_id_len > 255 ) {
+        return -1;
+    }
+    crypto_wipe(ctx->client_id, 256);
+    memcpy(ctx->client_id, client_id, client_id_len);
     ctx->client_id_len = client_id_len;
+
+    // Success!
+    return 0;
 }
 
 void
diff --git a/bsspeke.h b/bsspeke.h
index b196d68..55fefc3 100644
--- a/bsspeke.h
+++ b/bsspeke.h
@@ -36,12 +36,12 @@ extern "C" {
 
 typedef struct {
     // Login credentials
-    uint8_t *client_id;
+    uint8_t client_id[256];
     size_t client_id_len;
-    uint8_t *password;
+    uint8_t password[256];
     size_t password_len;
     // Server identifier
-    uint8_t *server_id;
+    uint8_t server_id[256];
     size_t server_id_len;
     // Random number to blind the password in the OPRF
     uint8_t r[32];
@@ -58,10 +58,10 @@ typedef struct {
 } bsspeke_client_ctx;
 
 typedef struct {
-    uint8_t *server_id;    // Server's identifier (eg domain name)
+    uint8_t server_id[256];    // Server's identifier (eg domain name)
     size_t server_id_len;
 
-    uint8_t *client_id;    // Client's identifier (eg Matrix user_id)
+    uint8_t client_id[256];    // Client's identifier (eg Matrix user_id)
     size_t client_id_len;
 
     //uint8_t P[32];         // Base point for the user
@@ -76,53 +76,14 @@ typedef struct {
 } bsspeke_server_ctx;
 
 
-typedef struct {
-    char *client_id;
-    uint8_t blind[32];
-} bsspeke_msg1_t;
-
-/*
-typedef bsspeke_msg1_t bsspeke_setup_msg1_t;
-
-typedef struct {
-    uint8_t blind_salt[32];
-} bsspeke_setup_msg2_t;
-
-typedef struct {
-    uint8_t P[32];
-    uint8_t V[32];
-    uint32_t phf_blocks;
-    uint32_t phf_iterations;
-} bsspeke_setup_msg3_t;
-*/
-
-/*
-typedef bsspeke_msg1_t bsspeke_login_msg1_t;
-
-typedef struct {
-    uint8_t blind_salt[32];
-    uint8_t B[32];
-    uint32_t phf_blocks;
-    uint32_t phf_iterations;
-} bsspeke_login_msg2_t;
-
-typedef struct {
-    uint8_t A[32];
-    uint8_t client_verifier[32];
-} bsspeke_login_msg3_t;
-
-typedef struct {
-    uint8_t server_verifier[32];
-} bsspeke_login_msg4_t;
-*/
 
-void
+int
 bsspeke_client_init(bsspeke_client_ctx *ctx,
                     const char* client_id, const size_t client_id_len,
                     const char* server_id, const size_t server_id_len,
                     const char* password, const size_t password_len);
 
-void
+int
 bsspeke_server_init(bsspeke_server_ctx *ctx,
                     const char* server_id, const size_t server_id_len,
                     const char* client_id, const size_t client_id_len);
@@ -131,7 +92,6 @@ void
 bsspeke_client_generate_blind(uint8_t blind[32],
                               bsspeke_client_ctx *client);
 
-
 void
 bsspeke_server_blind_salt(uint8_t blind_salt[32],
                           const uint8_t blind[32],
-- 
GitLab