It seems that valgrind does not detect any error:
Your phone or window isn't wide enough to display the code box. If it's a phone, try rotating it to landscape mode.
- Code: Select all
$ valgrind ./minetest_test_srp.out MyName MyPassword "IFrOhR2wlVmgEUYWreUArA" "OdnUTPArLAGNlsqXz1GB4lAosMTZQKS04XwrPpAq+j++EZabl5OIHbwhqwkFT16ijAcT0ziqQsvven34HaDwoitLlE1nAtIT82mT7SC5IVsnCF8J1/SlQ2dMIm4+tmpVe4A4tHlHyQVHjEuOlNaTnat7QykLNZFZbF9BrK1jqnkvHH8zMoGsf7ClOTYejPWWe2j+jLm6xz5h6nASQdSxY34smGDhYKhcok0asSAgDLJILMuA0FTV6U4dY7gjKWbZCiTt5ueLje9fcB1OMS/1t9NCxvylp1p7R9u9PqLhjBnMlDtzy0uyj6kcvS2C0kWg67/PNYRVcmtjGxGGYRGU/A"
==975== Memcheck, a memory error detector
==975== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==975== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==975== Command: ./minetest_test_srp.out MyName MyPassword IFrOhR2wlVmgEUYWreUArA OdnUTPArLAGNlsqXz1GB4lAosMTZQKS04XwrPpAq+j++EZabl5OIHbwhqwkFT16ijAcT0ziqQsvven34HaDwoitLlE1nAtIT82mT7SC5IVsnCF8J1/SlQ2dMIm4+tmpVe4A4tHlHyQVHjEuOlNaTnat7QykLNZFZbF9BrK1jqnkvHH8zMoGsf7ClOTYejPWWe2j+jLm6xz5h6nASQdSxY34smGDhYKhcok0asSAgDLJILMuA0FTV6U4dY7gjKWbZCiTt5ueLje9fcB1OMS/1t9NCxvylp1p7R9u9PqLhjBnMlDtzy0uyj6kcvS2C0kWg67/PNYRVcmtjGxGGYRGU/A
==975==
verification_key = "#1#IFrOhR2wlVmgEUYWreUArA#OdnUTPArLAGNlsqXz1GB4lAosMTZQKS04XwrPpAq+j++EZabl5OIHbwhqwkFT16ijAcT0ziqQsvven34HaDwoitLlE1nAtIT82mT7SC5IVsnCF8J1/SlQ2dMIm4+tmpVe4A4tHlHyQVHjEuOlNaTnat7QykLNZFZbF9BrK1jqnkvHH8zMoGsf7ClOTYejPWWe2j+jLm6xz5h6nASQdSxY34smGDhYKhcok0asSAgDLJILMuA0FTV6U4dY7gjKWbZCiTt5ueLje9fcB1OMS/1t9NCxvylp1p7R9u9PqLhjBnMlDtzy0uyj6kcvS2C0kWg67/PNYRVcmtjGxGGYRGU/A"
verification_key_to_check = "#1#IFrOhR2wlVmgEUYWreU#BHdKeqysUwHyYM0L+1kddDVKnA1cl1PAaDff3HtQ2g6AICNJfbx98igyeFiJ7hkFTwBHssjlaGmNTrLeVibzPrgFsWVnapYyu1L5pQ9jWU4nG5b9ZYR4vtfFnlOZ6egHbblE6nv2U/sXTqX5oVcp1QXmvPr+7IxwUIVGaC640fhgFBBfsbbe+gJz8oNNmmtcfh2d018ZTz5ugZ1jtYpWFY34J3qqwaeNtdH+UsRN9Y4QslQJKHgzPdf0TJq1qOAB3E6rOdpTjCsvDto4YWd0V8NG/QZV1IriRlCHsfFZsWUCOoF0aIlyur3cRUr1pPbAy+UHkhkIsR1fIcKMHdp28g"
Authentication: Failure!
==975==
==975== HEAP SUMMARY:
==975== in use at exit: 0 bytes in 0 blocks
==975== total heap usage: 392 allocs, 392 frees, 61,348 bytes allocated
==975==
==975== All heap blocks were freed -- no leaks are possible
==975==
==975== For counts of detected and suppressed errors, rerun with: -v
==975== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
However, I think I found something interesting.
I have rewritten the code in order to focus on the salt, the base64_decode function and the base64_encode function:
Your phone or window isn't wide enough to display the code box. If it's a phone, try rotating it to landscape mode.
- Code: Select all
#include <stdio.h> /* for printf */
#include <stdlib.h> /* for exit */
#include <string.h> /* for strlen */
#include "base64.h" /* for base64_encode */
int main(int argc, char **argv)
{
char *salt = NULL;
int len_salt = 0;
char *base64_salt = NULL;
if(argc != 2)
{
fprintf(stderr, "Usage: %s BASE64_SALT\n", argv[0]);
exit(EXIT_FAILURE);
}
salt = base64_decode(argv[1]);
len_salt = strlen(salt);
base64_salt = base64_encode((unsigned char *) salt, len_salt);
printf("argv[1] = \"%s\"\n", argv[1]);
printf("salt = \"%s\"\n", salt);
printf("len_salt = \"%d\"\n", len_salt);
printf("base64_salt = \"%s\"\n", base64_salt);
free(salt);
free(base64_salt);
exit(EXIT_SUCCESS);
}
Here is how to use it:
Your phone or window isn't wide enough to display the code box. If it's a phone, try rotating it to landscape mode.
- Code: Select all
$ ./minetest_test_srp.out
Usage: ./minetest_test_srp.out BASE64_SALT
Here is an example:
Your phone or window isn't wide enough to display the code box. If it's a phone, try rotating it to landscape mode.
- Code: Select all
$ ./minetest_test_srp.out "IFrOhR2wlVmgEUYWreUArA"
argv[1] = "IFrOhR2wlVmgEUYWreUArA"
salt = " Z΅°Y Få"
len_salt = "14"
base64_salt = "IFrOhR2wlVmgEUYWreU"
As you can see, I give an encoded base64 salt, then I decode it, then I encode it again and the result is that I don't get the same encoded base64 salt.
I provide the new source code archive [1] containing the Makefile, the base64 library and my code.
I have also rewritten the code in C++:
Your phone or window isn't wide enough to display the code box. If it's a phone, try rotating it to landscape mode.
- Code: Select all
#include <stdio.h> /* for printf */
#include <stdlib.h> /* for exit */
#include <string.h> /* for strlen */
#include "base64.h" /* for base64_encode */
int main(int argc, char **argv)
{
std::string salt;
int len_salt = 0;
std::string base64_salt;
if(argc != 2)
{
fprintf(stderr, "Usage: %s BASE64_SALT\n", argv[0]);
exit(EXIT_FAILURE);
}
salt = base64_decode(argv[1]);
len_salt = salt.size();
base64_salt = base64_encode((unsigned char *) salt.c_str(), len_salt);
printf("argv[1] = \"%s\"\n", argv[1]);
printf("salt = \"%s\"\n", salt.c_str());
printf("len_salt = \"%d\"\n", len_salt);
printf("len_salt = \"%d\"\n", strlen(salt.c_str()));
printf("base64_salt = \"%s\"\n", base64_salt.c_str());
for(int index = 0; index < len_salt; index++)
printf("salt[%d] = \"%c\" (is null character? \"%d\")\n", index, salt[index], salt[index] == '\0');
printf("sizeof(char) = \"%d\"\n", sizeof(char));
exit(EXIT_SUCCESS);
}
The usage is the same:
Your phone or window isn't wide enough to display the code box. If it's a phone, try rotating it to landscape mode.
- Code: Select all
$ ./minetest_test_srp_cpp.out
Usage: ./minetest_test_srp_cpp.out BASE64_SALT
Here is an example:
Your phone or window isn't wide enough to display the code box. If it's a phone, try rotating it to landscape mode.
- Code: Select all
$ ./minetest_test_srp_cpp.out "IFrOhR2wlVmgEUYWreUArA"
argv[1] = "IFrOhR2wlVmgEUYWreUArA"
salt = " Z΅°Y Få"
len_salt = "16"
len_salt = "14"
base64_salt = "IFrOhR2wlVmgEUYWreUArA"
salt[0] = " " (is null character? "0")
salt[1] = "Z" (is null character? "0")
salt[2] = "Î" (is null character? "0")
salt[3] = "" (is null character? "0")
salt[4] = "" (is null character? "0")
salt[5] = "°" (is null character? "0")
salt[6] = "" (is null character? "0")
salt[7] = "Y" (is null character? "0")
salt[8] = " " (is null character? "0")
salt[9] = "" (is null character? "0")
salt[10] = "F" (is null character? "0")
salt[11] = "" (is null character? "0")
salt[12] = "" (is null character? "0")
salt[13] = "å" (is null character? "0")
salt[14] = "" (is null character? "1")
salt[15] = "¬" (is null character? "0")
sizeof(char) = "1"
As you can see, in this C++ version it works!
I give an encoded base64 salt, then I decode it, then I encode it again and the result is that I get the same encoded base64 salt.
Why it works here?
The reason is that instead of using the strlen function (the one we use with C strings), I am using here the size member function (the one we use with C++ strings).
There is a difference between these two functions.
The one from C is computing the size of the string by looking for the first occurrence of the '\0' character in the string.
The one from C++ does not do that, which means that C++ strings can contain a '\0' character.
Unfortunately, the base64_decode function can return a string containing a '\0' character, so the strlen function is not able to compute correctly the size of the string.
As you can see the character at index 14 of the returned string is a '\0', so the length computed is 14 instead of 16.
I provide the C++ source code archive [2] containing the Makefile, the base64 library and my code.
The solution in C is to return the string and the real size of the string (not the one computed with strlen):
Your phone or window isn't wide enough to display the code box. If it's a phone, try rotating it to landscape mode.
- Code: Select all
#include <stdio.h> /* for printf */
#include <stdlib.h> /* for exit */
#include <string.h> /* for strlen */
#include "base64.h" /* for base64_encode */
int main(int argc, char **argv)
{
char *salt = NULL;
int len_salt = 0;
char *base64_salt = NULL;
if(argc != 2)
{
fprintf(stderr, "Usage: %s BASE64_SALT\n", argv[0]);
exit(EXIT_FAILURE);
}
salt = base64_decode(argv[1], &len_salt);
base64_salt = base64_encode((unsigned char *) salt, len_salt);
printf("argv[1] = \"%s\"\n", argv[1]);
printf("salt = \"%s\"\n", salt);
printf("len_salt = \"%d\"\n", len_salt);
printf("base64_salt = \"%s\"\n", base64_salt);
free(salt);
free(base64_salt);
exit(EXIT_SUCCESS);
}
Here is the result:
Your phone or window isn't wide enough to display the code box. If it's a phone, try rotating it to landscape mode.
- Code: Select all
$ ./minetest_test_srp.out "IFrOhR2wlVmgEUYWreUArA"
argv[1] = "IFrOhR2wlVmgEUYWreUArA"
salt = " Z΅°Y Få"
len_salt = "16"
base64_salt = "IFrOhR2wlVmgEUYWreUArA"
It works in C too!
I provide the new C source code archive [3] containing the Makefile, the base64 library and my code.
[1]
http://yugiohjcj.free.fr/minetest-test- ... 604.tar.xz[2]
http://yugiohjcj.free.fr/minetest-test- ... 605.tar.xz[3]
http://yugiohjcj.free.fr/minetest-test- ... 605.tar.xz