SRP6 functions get broken because allocBytesQuerying calls botan_srp6_server_session_step1 twice

[mikatammi]

I tried to investigate why SRP6 tests are failing with the following error message:

uncaught exception: SomeBotanException
InvalidObjectStateException (-35) "Invalid state: expr !m_group was false in step1:src/lib/misc/srp6/srp6.cpp" [("throwBotanIfNegative_",SrcLoc {srcLocPackage = "botan-low-0.0.1.0-inplace", srcLocModule = "Botan.Low.Make", srcLocFile = "src/Botan/Low/Make.hs", srcLocStartLine = 435, srcLocStartCol = 45, srcLocEndLine = 435, srcLocEndCol = 66})]

My guess is, because allocBytesQuerying calls the function twice, during the first call the m_group gets set to the given group_id, and during the second call the state check assertion then bites in. I'm not sure should this be considered a bug in the Botan's FFI, but I was able to write a C code which replicates this behaviour. First call botan_srp6_server_session_step1 with too small output buffer, and then second time with large enough buffer:

#include <botan/ffi.h>
#include <stdio.h>

int main (int argc, char** argv) {
        const char *username = "user";
        const char *password = "Awellchosen1_to_be_sure_";
        const char *hash_id = "SHA-256";
        const char *group_id = "modp/srp/4096";
        const char salt[16] = "saltsaltsaltsalt";

        char verifier[4096];
        size_t verifier_len = 4096;

        int ret = botan_srp6_generate_verifier(username, password, salt, 16, group_id, hash_id, verifier, &verifier_len);
        if (ret != 0) {
                printf("Generate Verifier: ret = %i, ret != 0", ret);
                return 1;
        }

        botan_rng_t rng;
        ret = botan_rng_init(&rng, "system");
        if (ret != 0) {
                printf("ret != 0");
                return 1;
        }

        botan_srp6_server_session_t ctx;
        ret = botan_srp6_server_session_init(&ctx);
        if (ret != 0) {
                printf("ret != 0");
                return 1;
        }

        char b_pub[512];
        size_t b_pub_len = 511;
        ret = botan_srp6_server_session_step1(ctx, verifier, verifier_len, group_id, hash_id, rng, b_pub, &b_pub_len);
        if (ret != 0) {
                printf("botan_srp6_server_session_step1: ret = %i, ret != 0\n", ret);
                // return 1;
        }

        b_pub_len = 512;
        ret = botan_srp6_server_session_step1(ctx, verifier, verifier_len, group_id, hash_id, rng, b_pub, &b_pub_len);
        if (ret != 0) {
                printf("botan_srp6_server_session_step1: ret = %i, ret != 0\n", ret);
                return 1;
        }

        return 0;
};

[jorisdral]

My guess is, because allocBytesQuerying calls the function twice, during the first call the m_group gets set to the given group_id, and during the second call the state check assertion then bites in.

Good catch. That indeeds seems to be the problem. I'm going to introduce a work-around in #65.

I'm not sure should this be considered a bug in the Botan's FFI, ...

It might be. I've asked for clarification in randombit/botan#5112