
# Check if State was signed by us and retrieve any attributes stored
# in the memory module by PUTSTATE; also purges from memory

function GETSTATE (

  State exists or return 0,

  key = -16 firstof State,			
  16 lastof State == key hmacmd5 Process-Secret or return 0,

  Memory(op = Load-Purge, key := -8 lastof key), 
  del op, del key,

  return del rep:int
),


# If State exists, we store the attributes under the given key,
# otherwise, we generate a new key, sign it and set State to it.

function PUTSTATE (

  # See if we have a valid State on the request list

  State exists 
  and str = -16 firstof State 
  and 16 lastof State == str hmacmd5 Process-Secret
  and (

    # Yes, so store under given key 
    # (between 8 octet nonce and 16 octet hmac)

    Memory(op = Store, key = -8 lastof str),
    del op, del key, del str, 
    moveall State,				      # from req to rep
    return del rep:int
  ),

  # Generate new key and new State containing signed key

  Memory(op = Store-Newkey, key = random 8),	      # increments key if it
  del op, del key,				      # exists and returns it

  rep:State = random 8 . rep:key, del rep:key,
  rep:State := rep:State . rep:State hmacmd5 Process-Secret,
  del rep:int
),


# Provide or override exit hook for Access-Challenge

function CHALLENGE (

  PUTSTATE, 
  rep:RAD-Code := Access-Challenge, 
  halt
),

# vim:softtabstop=2:sw=2

