small rearrangements

lib/pairing.c

@@ -27,16 +27,16 @@
 #define SALT_KEY "Pair-Verify-AES-Key"
 #define SALT_IV "Pair-Verify-AES-IV"
 
-struct pairing_s {
-    ed25519_key_t *ed;
-};
-
 typedef struct srp_user_s {
     char username[SRP_USERNAME_SIZE + 1];   
     unsigned char salt[SRP_SALT_SIZE];
     unsigned char verifier[SRP_VERIFIER_SIZE];
 } srp_user_t;
 
+struct pairing_s {
+    ed25519_key_t *ed;
+};
+
 typedef enum {
     STATUS_INITIAL,
     STATUS_SETUP,
@@ -394,11 +394,11 @@ srp_validate_proof(pairing_session_t *session, pairing_t *pairing, const unsigne
     return 0;
 }
 int
-srp_confirm_pair_setup(pairing_session_t *session, const unsigned char *pk,
+srp_confirm_pair_setup(pairing_session_t *session, pairing_t *pairing,
                        unsigned char *epk, unsigned char *auth_tag) {
     unsigned char aesKey[16], aesIV[16];
     unsigned char hash[SHA512_DIGEST_LENGTH];
-    unsigned char pk_client[ED25519_KEY_SIZE];
+    unsigned char pk[ED25519_KEY_SIZE];
     int pk_len_client, epk_len;
 
     /* decrypt client epk to get client pk, authenticate with auth_tag*/ 
@@ -420,12 +420,17 @@ srp_confirm_pair_setup(pairing_session_t *session, const unsigned char *pk,
     memcpy(aesIV, hash, 16);
     aesIV[15]++;
 
-    pk_len_client  = gcm_decrypt(epk, ED25519_KEY_SIZE, pk_client, aesKey, aesIV, auth_tag);
+    /* decrypt client epk to authenticate client using auth_tag */
+    pk_len_client  = gcm_decrypt(epk, ED25519_KEY_SIZE, pk, aesKey, aesIV, auth_tag);
     if (pk_len_client <= 0) {
        /* authentication failed */
          return pk_len_client;
     }
-    /* the previously undocumented necessary "nonce" */
+
+    /* encrypt server epk so client can authenticate server using auth_tag */
+    pairing_get_public_key(pairing, pk);
+
+    /* encryption  needs this previously undocumented additional "nonce" */
     aesIV[15]++;
     epk_len = gcm_encrypt(pk, ED25519_KEY_SIZE, epk, aesKey, aesIV, auth_tag);
     return epk_len;    

lib/pairing.h

@@ -57,6 +57,6 @@ int srp_new_user(pairing_session_t *session, pairing_t *pairing, const char *dev
 		 const char **salt, int *len_salt, const char **pk, int *len_pk);
 int srp_validate_proof(pairing_session_t *session, pairing_t *pairing, const unsigned char *A,
 		       int len_A, unsigned char *proof, int client_proof_len, int proof_len);
-int srp_confirm_pair_setup(pairing_session_t *session, const unsigned char *pk,
-                           unsigned char *epk, unsigned char *auth_tag);
+int srp_confirm_pair_setup(pairing_session_t *session, pairing_t *pairing, unsigned char *epk,
+                           unsigned char *auth_tag);
 #endif

lib/raop_handlers.h

@@ -319,7 +319,6 @@ raop_handler_pairsetup_pin(raop_conn_t *conn,
         uint64_t client_authtag_len;
         unsigned char epk[ED25519_KEY_SIZE];
 	unsigned char authtag[GCM_AUTHTAG_SIZE];
-	unsigned char public_key[32];
 	int ret;
         plist_get_data_val(req_epk_node, &client_epk, &client_epk_len); 
         plist_get_data_val(req_authtag_node, &client_authtag, &client_authtag_len);
@@ -337,8 +336,7 @@ raop_handler_pairsetup_pin(raop_conn_t *conn,
         free (client_authtag);
         free (client_epk);
         plist_free(req_root_node);
-        pairing_get_public_key(conn->raop->pairing, public_key);
-	ret = srp_confirm_pair_setup(conn->session, public_key, epk, authtag);
+	ret = srp_confirm_pair_setup(conn->session, conn->raop->pairing, epk, authtag);
         if (ret < 0) {
             logger_log(conn->raop->logger, LOGGER_ERR, "pair-pin-setup (step 3): client authentication failed\n");
             goto authentication_failed;