X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fsptps.c;h=12c6c7f022b83fbf89adc2e536932415f4365fd6;hb=5ede437307cc3bbb20431f4b82f4a2ef79c9b746;hp=bdbfb89e61d7de3a64579f67b93c0b4582b5b1d9;hpb=1d9dacb1f26971e19463b5501c2410c57f780ecb;p=tinc diff --git a/src/sptps.c b/src/sptps.c index bdbfb89e..12c6c7f0 100644 --- a/src/sptps.c +++ b/src/sptps.c @@ -78,10 +78,10 @@ static bool send_record_priv_datagram(sptps_t *s, uint8_t type, const char *data if(!digest_create(&s->outdigest, buffer, len + 7UL, buffer + 7UL + len)) return false; - return s->send_data(s->handle, buffer + 2, len + 21UL); + return s->send_data(s->handle, type, buffer + 2, len + 21UL); } else { // Otherwise send as plaintext - return s->send_data(s->handle, buffer + 2, len + 5UL); + return s->send_data(s->handle, type, buffer + 2, len + 5UL); } } // Send a record (private version, accepts all record types, handles encryption and authentication). @@ -110,10 +110,10 @@ static bool send_record_priv(sptps_t *s, uint8_t type, const char *data, uint16_ if(!digest_create(&s->outdigest, buffer, len + 7UL, buffer + 7UL + len)) return false; - return s->send_data(s->handle, buffer + 4, len + 19UL); + return s->send_data(s->handle, type, buffer + 4, len + 19UL); } else { // Otherwise send as plaintext - return s->send_data(s->handle, buffer + 4, len + 3UL); + return s->send_data(s->handle, type, buffer + 4, len + 3UL); } } @@ -376,6 +376,20 @@ static bool receive_handshake(sptps_t *s, const char *data, uint16_t len) { } } +// Check datagram for valid HMAC +bool sptps_verify_datagram(sptps_t *s, const char *data, size_t len) { + if(!s->instate || len < 21) + return false; + + char buffer[len + 23]; + uint16_t netlen = htons(len - 21); + + memcpy(buffer, &netlen, 2); + memcpy(buffer + 2, data, len); + + return digest_verify(&s->indigest, buffer, len - 14, buffer + len - 14); +} + // Receive incoming data, datagram version. static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len) { if(len < (s->instate ? 21 : 5)) @@ -438,6 +452,9 @@ static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len return error(s, EIO, "Application record received before handshake finished"); if(!s->receive_record(s->handle, type, buffer + 7, len - 21)) return false; + } else if(type == SPTPS_HANDSHAKE) { + if(!receive_handshake(s, buffer + 7, len - 21)) + return false; } else { return error(s, EIO, "Invalid record type"); } @@ -576,9 +593,14 @@ bool sptps_stop(sptps_t *s) { // Clean up any resources. ecdh_free(&s->ecdh); free(s->inbuf); + s->inbuf = NULL; free(s->mykex); + s->mykex = NULL; free(s->hiskex); + s->hiskex = NULL; free(s->key); + s->key = NULL; free(s->label); + s->label = NULL; return true; }