X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fsptps.c;h=fe978441a912b62249a4f7192b1fecd189afe3a2;hb=cc3c69c892b0dad9a6ece0a0f4ccd429a22fcbff;hp=5a99055d3bd89f8ee2f3589f318765c7d68b5c40;hpb=40ed0c07dd3d4667054b0f5952b89ee39686493b;p=tinc

diff --git a/src/sptps.c b/src/sptps.c
index 5a99055d..fe978441 100644
--- a/src/sptps.c
+++ b/src/sptps.c
@@ -1,6 +1,6 @@
 /*
     sptps.c -- Simple Peer-to-Peer Security
-    Copyright (C) 2011-2012 Guus Sliepen <guus@tinc-vpn.org>,
+    Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>,
                   2010      Brandon L. Black <blblack@gmail.com>
 
     This program is free software; you can redistribute it and/or modify
@@ -439,6 +439,19 @@ static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len
 		return receive_handshake(s, data + 5, len - 5);
 	}
 
+	// Check HMAC.
+	uint16_t netlen = htons(len - 21);
+
+	char buffer[len + 23];
+
+	memcpy(buffer, &netlen, 2);
+	memcpy(buffer + 2, data, len);
+
+	memcpy(&seqno, buffer + 2, 4);
+
+	if(!digest_verify(&s->indigest, buffer, len - 14, buffer + len - 14))
+		return error(s, EIO, "Invalid HMAC");
+
 	// Replay protection using a sliding window of configurable size.
 	// s->inseqno is expected sequence number
 	// seqno is received sequence number
@@ -473,19 +486,12 @@ static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len
 	if(seqno > s->inseqno)
 		s->inseqno = seqno + 1;
 
-	uint16_t netlen = htons(len - 21);
-
-	char buffer[len + 23];
-
-	memcpy(buffer, &netlen, 2);
-	memcpy(buffer + 2, data, len);
-
-	memcpy(&seqno, buffer + 2, 4);
-
-	// Check HMAC and decrypt.
-	if(!digest_verify(&s->indigest, buffer, len - 14, buffer + len - 14))
-		return error(s, EIO, "Invalid HMAC");
+	if(!s->inseqno)
+		s->received = 0;
+	else
+		s->received++;
 
+	// Decrypt.
 	cipher_set_counter(&s->incipher, &seqno, sizeof seqno);
 	if(!cipher_counter_xor(&s->incipher, buffer + 6, len - 4, buffer + 6))
 		return false;