Check HMAC before sequence number.

diff --git a/src/sptps.c b/src/sptps.c
index 5a99055..386b6fd 100644 (file)
--- a/src/sptps.c
+++ b/src/sptps.c
@@ -439,6 +439,19 @@ static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len
                return receive_handshake(s, data + 5, len - 5);
        }
 
+       // Check HMAC.
+       uint16_t netlen = htons(len - 21);
+
+       char buffer[len + 23];
+
+       memcpy(buffer, &netlen, 2);
+       memcpy(buffer + 2, data, len);
+
+       memcpy(&seqno, buffer + 2, 4);
+
+       if(!digest_verify(&s->indigest, buffer, len - 14, buffer + len - 14))
+               return error(s, EIO, "Invalid HMAC");
+
        // Replay protection using a sliding window of configurable size.
        // s->inseqno is expected sequence number
        // seqno is received sequence number
@@ -473,19 +486,8 @@ static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len
        if(seqno > s->inseqno)
                s->inseqno = seqno + 1;
 
-       uint16_t netlen = htons(len - 21);
-
-       char buffer[len + 23];
-
-       memcpy(buffer, &netlen, 2);
-       memcpy(buffer + 2, data, len);
-
-       memcpy(&seqno, buffer + 2, 4);
-
-       // Check HMAC and decrypt.
-       if(!digest_verify(&s->indigest, buffer, len - 14, buffer + len - 14))
-               return error(s, EIO, "Invalid HMAC");
 
+       // Decrypt.
        cipher_set_counter(&s->incipher, &seqno, sizeof seqno);
        if(!cipher_counter_xor(&s->incipher, buffer + 6, len - 4, buffer + 6))
                return false;