X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fsptps.c;h=422940c9df26d0bc864d6f880ca426c119059e80;hb=153abaa4d940bf2bc9bd7275d5efe5c01c354190;hp=2449e7bcbb613b5fc475a14aeec8a76631f1e8b6;hpb=d756bb92ed52d5b1ecdd42af32f11f733db64d91;p=tinc diff --git a/src/sptps.c b/src/sptps.c index 2449e7bc..422940c9 100644 --- a/src/sptps.c +++ b/src/sptps.c @@ -78,10 +78,10 @@ static bool send_record_priv_datagram(sptps_t *s, uint8_t type, const char *data if(!digest_create(&s->outdigest, buffer, len + 7UL, buffer + 7UL + len)) return false; - return s->send_data(s->handle, buffer + 2, len + 21UL); + return s->send_data(s->handle, type, buffer + 2, len + 21UL); } else { // Otherwise send as plaintext - return s->send_data(s->handle, buffer + 2, len + 5UL); + return s->send_data(s->handle, type, buffer + 2, len + 5UL); } } // Send a record (private version, accepts all record types, handles encryption and authentication). @@ -110,10 +110,10 @@ static bool send_record_priv(sptps_t *s, uint8_t type, const char *data, uint16_ if(!digest_create(&s->outdigest, buffer, len + 7UL, buffer + 7UL + len)) return false; - return s->send_data(s->handle, buffer + 4, len + 19UL); + return s->send_data(s->handle, type, buffer + 4, len + 19UL); } else { // Otherwise send as plaintext - return s->send_data(s->handle, buffer + 4, len + 3UL); + return s->send_data(s->handle, type, buffer + 4, len + 3UL); } } @@ -159,13 +159,14 @@ static bool send_sig(sptps_t *s) { size_t keylen = ECDH_SIZE; size_t siglen = ecdsa_size(&s->mykey); - // Concatenate both KEX messages, plus tag indicating if it is from the connection originator - char msg[(1 + 32 + keylen) * 2 + 1]; + // Concatenate both KEX messages, plus tag indicating if it is from the connection originator, plus label + char msg[(1 + 32 + keylen) * 2 + 1 + s->labellen]; char sig[siglen]; msg[0] = s->initiator; memcpy(msg + 1, s->mykex, 1 + 32 + keylen); - memcpy(msg + 2 + 32 + keylen, s->hiskex, 1 + 32 + keylen); + memcpy(msg + 1 + 33 + keylen, s->hiskex, 1 + 32 + keylen); + memcpy(msg + 1 + 2 * (33 + keylen), s->label, s->labellen); // Sign the result. if(!ecdsa_sign(&s->mykey, msg, sizeof msg, sig)) @@ -275,11 +276,12 @@ static bool receive_sig(sptps_t *s, const char *data, uint16_t len) { return error(s, EIO, "Invalid KEX record length"); // Concatenate both KEX messages, plus tag indicating if it is from the connection originator - char msg[(1 + 32 + keylen) * 2 + 1]; + char msg[(1 + 32 + keylen) * 2 + 1 + s->labellen]; msg[0] = !s->initiator; memcpy(msg + 1, s->hiskex, 1 + 32 + keylen); - memcpy(msg + 2 + 32 + keylen, s->mykex, 1 + 32 + keylen); + memcpy(msg + 1 + 33 + keylen, s->mykex, 1 + 32 + keylen); + memcpy(msg + 1 + 2 * (33 + keylen), s->label, s->labellen); // Verify signature. if(!ecdsa_verify(&s->hiskey, msg, sizeof msg, data)) @@ -436,6 +438,9 @@ static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len return error(s, EIO, "Application record received before handshake finished"); if(!s->receive_record(s->handle, type, buffer + 7, len - 21)) return false; + } else if(type == SPTPS_HANDSHAKE) { + if(!receive_handshake(s, buffer + 7, len - 21)) + return false; } else { return error(s, EIO, "Invalid record type"); } @@ -574,9 +579,14 @@ bool sptps_stop(sptps_t *s) { // Clean up any resources. ecdh_free(&s->ecdh); free(s->inbuf); + s->inbuf = NULL; free(s->mykex); + s->mykex = NULL; free(s->hiskex); + s->hiskex = NULL; free(s->key); + s->key = NULL; free(s->label); + s->label = NULL; return true; }