if(!digest_create(&s->outdigest, buffer, len + 7UL, buffer + 7UL + len))
return false;
- return s->send_data(s->handle, buffer + 2, len + 21UL);
+ return s->send_data(s->handle, type, buffer + 2, len + 21UL);
} else {
// Otherwise send as plaintext
- return s->send_data(s->handle, buffer + 2, len + 5UL);
+ return s->send_data(s->handle, type, buffer + 2, len + 5UL);
}
}
// Send a record (private version, accepts all record types, handles encryption and authentication).
if(!digest_create(&s->outdigest, buffer, len + 7UL, buffer + 7UL + len))
return false;
- return s->send_data(s->handle, buffer + 4, len + 19UL);
+ return s->send_data(s->handle, type, buffer + 4, len + 19UL);
} else {
// Otherwise send as plaintext
- return s->send_data(s->handle, buffer + 4, len + 3UL);
+ return s->send_data(s->handle, type, buffer + 4, len + 3UL);
}
}
}
}
+// Check datagram for valid HMAC
+bool sptps_verify_datagram(sptps_t *s, const char *data, size_t len) {
+ if(!s->instate || len < 21)
+ return false;
+
+ char buffer[len + 23];
+ uint16_t netlen = htons(len - 21);
+
+ memcpy(buffer, &netlen, 2);
+ memcpy(buffer + 2, data, len);
+
+ return digest_verify(&s->indigest, buffer, len - 14, buffer + len - 14);
+}
+
// Receive incoming data, datagram version.
static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len) {
if(len < (s->instate ? 21 : 5))
return error(s, EIO, "Application record received before handshake finished");
if(!s->receive_record(s->handle, type, buffer + 7, len - 21))
return false;
+ } else if(type == SPTPS_HANDSHAKE) {
+ if(!receive_handshake(s, buffer + 7, len - 21))
+ return false;
} else {
return error(s, EIO, "Invalid record type");
}
// Clean up any resources.
ecdh_free(&s->ecdh);
free(s->inbuf);
+ s->inbuf = NULL;
free(s->mykex);
+ s->mykex = NULL;
free(s->hiskex);
+ s->hiskex = NULL;
free(s->key);
+ s->key = NULL;
free(s->label);
+ s->label = NULL;
return true;
}