From bbcc7cd3734541122bc84ddeb4e250ff0f0a81d4 Mon Sep 17 00:00:00 2001
From: nemunaire <nemunaire@nemunai.re>
Date: Thu, 22 Feb 2018 05:47:38 +0100
Subject: [PATCH] token-validator: challenge disk done

---
 token-validator/challenge.go | 25 ++++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/token-validator/challenge.go b/token-validator/challenge.go
index 0f35fa0..e3ed15f 100644
--- a/token-validator/challenge.go
+++ b/token-validator/challenge.go
@@ -113,23 +113,27 @@ func challengeTime(s *Student, t *givenToken, chid int) error {
 }
 
 func challengeDisk(s *Student, t *givenToken, chid int) error {
-	pkey := s.GetPKey()
+	pkey := fmt.Sprintf("%x", s.GetPKey())
 
-	n1, err := strconv.Atoi(t.Token[0:2])
+	n1, err := strconv.Atoi(t.Data[0][0:2])
 	if err != nil {
 		return err
 	}
-	n2, err := strconv.Atoi(t.Token[2:4])
+	n2, err := strconv.Atoi(t.Data[0][2:4])
 	if err != nil {
 		return err
 	}
 
-	sum := make([]byte, hex.DecodedLen(len(t.Token[4:])))
-	if _, err := hex.Decode(t.token, []byte(t.Token[4:])); err != nil {
+	sum := make([]byte, hex.DecodedLen(len(t.Data[0][4:])))
+	if _, err := hex.Decode(sum, []byte(t.Data[0][4:])); err != nil {
 		return err
 	}
 
-	expectedToken := sha512.Sum512([]byte(pkey[n1:n2]))
+	if n1+n2 > len(pkey) {
+		n2 = len(pkey)-n1
+	}
+
+	expectedToken := sha512.Sum512([]byte(pkey[n1:n1+n2]))
 
 	if ! hmac.Equal(expectedToken[:], sum) {
 		return errors.New("This is not the expected token.")
@@ -232,10 +236,17 @@ func receiveToken(r *http.Request, ps httprouter.Params, body []byte) (interface
 	if chid, err = strconv.Atoi(string(ps.ByName("chid"))); err != nil {
 		if gt.Challenge > 0 {
 			chid = gt.Challenge
+		} else if string(ps.ByName("chid")) != "" {
+			return nil, err
 		}
+		err = nil
 	}
 
-	if chid == 0 || chid > len(challenges) {
+	if chid == 0 {
+		chid = 4
+	}
+
+	if chid > len(challenges) {
 		return nil, errors.New("This challenge doesn't exist")
 	}