*/
void sptps_log_quiet(sptps_t *s, int s_errno, const char *format, va_list ap) {
+ (void)s;
+ (void)s_errno;
+ (void)format;
+ (void)ap;
}
void sptps_log_stderr(sptps_t *s, int s_errno, const char *format, va_list ap) {
+ (void)s;
+ (void)s_errno;
+
vfprintf(stderr, format, ap);
fputc('\n', stderr);
}
// Log an error message.
static bool error(sptps_t *s, int s_errno, const char *format, ...) {
+ (void)s;
+ (void)s_errno;
+
if(format) {
va_list ap;
va_start(ap, format);
// Send a record (datagram version, accepts all record types, handles encryption and authentication).
static bool send_record_priv_datagram(sptps_t *s, uint8_t type, const void *data, uint16_t len) {
- char buffer[len + 21UL];
+ uint8_t *buffer = alloca(len + 21UL);
// Create header with sequence number, length and record type
uint32_t seqno = s->outseqno++;
return send_record_priv_datagram(s, type, data, len);
}
- char buffer[len + 19UL];
+ uint8_t *buffer = alloca(len + 19UL);
// Create header with sequence number, length and record type
uint32_t seqno = s->outseqno++;
size_t siglen = ecdsa_size(s->mykey);
// Concatenate both KEX messages, plus tag indicating if it is from the connection originator, plus label
- char msg[(1 + 32 + keylen) * 2 + 1 + s->labellen];
- char sig[siglen];
+ const size_t msglen = (1 + 32 + keylen) * 2 + 1 + s->labellen;
+ uint8_t *msg = alloca(msglen);
+ uint8_t *sig = alloca(siglen);
msg[0] = s->initiator;
memcpy(msg + 1, s->mykex, 1 + 32 + keylen);
memcpy(msg + 1 + 2 * (33 + keylen), s->label, s->labellen);
// Sign the result.
- if(!ecdsa_sign(s->mykey, msg, sizeof(msg), sig)) {
+ if(!ecdsa_sign(s->mykey, msg, msglen, sig)) {
return error(s, EINVAL, "Failed to sign SIG record");
}
// Send the SIG exchange record.
- return send_record_priv(s, SPTPS_HANDSHAKE, sig, sizeof(sig));
+ return send_record_priv(s, SPTPS_HANDSHAKE, sig, siglen);
}
// Generate key material from the shared secret created from the ECDHE key exchange.
-static bool generate_key_material(sptps_t *s, const char *shared, size_t len) {
+static bool generate_key_material(sptps_t *s, const uint8_t *shared, size_t len) {
// Initialise cipher and digest structures if necessary
if(!s->outstate) {
s->incipher = chacha_poly1305_init();
}
// Create the HMAC seed, which is "key expansion" + session label + server nonce + client nonce
- char seed[s->labellen + 64 + 13];
+ uint8_t *seed = alloca(s->labellen + 64 + 13);
memcpy(seed, "key expansion", 13);
if(s->initiator) {
}
// Receive an ACKnowledgement record.
-static bool receive_ack(sptps_t *s, const char *data, uint16_t len) {
+static bool receive_ack(sptps_t *s, const uint8_t *data, uint16_t len) {
+ (void)data;
+
if(len) {
return error(s, EIO, "Invalid ACK record length");
}
}
// Receive a Key EXchange record, respond by sending a SIG record.
-static bool receive_kex(sptps_t *s, const char *data, uint16_t len) {
+static bool receive_kex(sptps_t *s, const uint8_t *data, uint16_t len) {
// Verify length of the HELLO record
if(len != 1 + 32 + ECDH_SIZE) {
return error(s, EIO, "Invalid KEX record length");
memcpy(s->hiskex, data, len);
- return send_sig(s);
+ if(s->initiator) {
+ return send_sig(s);
+ } else {
+ return true;
+ }
}
// Receive a SIGnature record, verify it, if it passed, compute the shared secret and calculate the session keys.
-static bool receive_sig(sptps_t *s, const char *data, uint16_t len) {
+static bool receive_sig(sptps_t *s, const uint8_t *data, uint16_t len) {
size_t keylen = ECDH_SIZE;
size_t siglen = ecdsa_size(s->hiskey);
}
// Concatenate both KEX messages, plus tag indicating if it is from the connection originator
- char msg[(1 + 32 + keylen) * 2 + 1 + s->labellen];
+ const size_t msglen = (1 + 32 + keylen) * 2 + 1 + s->labellen;
+ uint8_t *msg = alloca(msglen);
msg[0] = !s->initiator;
memcpy(msg + 1, s->hiskex, 1 + 32 + keylen);
memcpy(msg + 1 + 2 * (33 + keylen), s->label, s->labellen);
// Verify signature.
- if(!ecdsa_verify(s->hiskey, msg, sizeof(msg), data)) {
+ if(!ecdsa_verify(s->hiskey, msg, msglen, data)) {
return error(s, EIO, "Failed to verify SIG record");
}
// Compute shared secret.
- char shared[ECDH_SHARED_SIZE];
+ uint8_t shared[ECDH_SHARED_SIZE];
if(!ecdh_compute_shared(s->ecdh, s->hiskex + 1 + 32, shared)) {
return error(s, EINVAL, "Failed to compute ECDH shared secret");
return false;
}
+ if(!s->initiator && !send_sig(s)) {
+ return false;
+ }
+
free(s->mykex);
free(s->hiskex);
}
// Receive a handshake record.
-static bool receive_handshake(sptps_t *s, const char *data, uint16_t len) {
+static bool receive_handshake(sptps_t *s, const uint8_t *data, uint16_t len) {
// Only a few states to deal with handshaking.
switch(s->state) {
case SPTPS_SECONDARY_KEX:
return false;
}
+ // Fall through
case SPTPS_KEX:
// We have sent our KEX request, we expect our peer to sent one as well.
}
} else if(update_state) {
// We missed some packets. Mark them in the bitmap as being late.
- for(int i = s->inseqno; i < seqno; i++) {
+ for(uint32_t i = s->inseqno; i < seqno; i++) {
s->late[(i / 8) % s->replaywin] |= 1 << i % 8;
}
}
}
// Check datagram for valid HMAC
-bool sptps_verify_datagram(sptps_t *s, const void *data, size_t len) {
+bool sptps_verify_datagram(sptps_t *s, const void *vdata, size_t len) {
if(!s->instate || len < 21) {
return error(s, EIO, "Received short packet");
}
+ const uint8_t *data = vdata;
uint32_t seqno;
memcpy(&seqno, data, 4);
seqno = ntohl(seqno);
return false;
}
- char buffer[len];
+ uint8_t *buffer = alloca(len);
size_t outlen;
return chacha_poly1305_decrypt(s->incipher, seqno, data + 4, len - 4, buffer, &outlen);
}
// Receive incoming data, datagram version.
-static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len) {
+static bool sptps_receive_data_datagram(sptps_t *s, const uint8_t *data, size_t len) {
if(len < (s->instate ? 21 : 5)) {
return error(s, EIO, "Received short packet");
}
// Decrypt
- char buffer[len];
+ uint8_t *buffer = alloca(len);
size_t outlen;
if(!chacha_poly1305_decrypt(s->incipher, seqno, data, len, buffer, &outlen)) {
}
// Receive incoming data. Check if it contains a complete record, if so, handle it.
-size_t sptps_receive_data(sptps_t *s, const void *data, size_t len) {
+size_t sptps_receive_data(sptps_t *s, const void *vdata, size_t len) {
+ const uint8_t *data = vdata;
size_t total_read = 0;
if(!s->state) {
projects / tinc / blobdiff