projects
/
tinc
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
83a94ab
)
Check HMAC before sequence number.
author
Guus Sliepen
<guus@tinc-vpn.org>
Mon, 14 Jan 2013 12:08:35 +0000
(13:08 +0100)
committer
Guus Sliepen
<guus@tinc-vpn.org>
Mon, 14 Jan 2013 12:08:35 +0000
(13:08 +0100)
src/sptps.c
patch
|
blob
|
history
diff --git
a/src/sptps.c
b/src/sptps.c
index
5a99055
..
386b6fd
100644
(file)
--- a/
src/sptps.c
+++ b/
src/sptps.c
@@
-439,6
+439,19
@@
static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len
return receive_handshake(s, data + 5, len - 5);
}
return receive_handshake(s, data + 5, len - 5);
}
+ // Check HMAC.
+ uint16_t netlen = htons(len - 21);
+
+ char buffer[len + 23];
+
+ memcpy(buffer, &netlen, 2);
+ memcpy(buffer + 2, data, len);
+
+ memcpy(&seqno, buffer + 2, 4);
+
+ if(!digest_verify(&s->indigest, buffer, len - 14, buffer + len - 14))
+ return error(s, EIO, "Invalid HMAC");
+
// Replay protection using a sliding window of configurable size.
// s->inseqno is expected sequence number
// seqno is received sequence number
// Replay protection using a sliding window of configurable size.
// s->inseqno is expected sequence number
// seqno is received sequence number
@@
-473,19
+486,8
@@
static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len
if(seqno > s->inseqno)
s->inseqno = seqno + 1;
if(seqno > s->inseqno)
s->inseqno = seqno + 1;
- uint16_t netlen = htons(len - 21);
-
- char buffer[len + 23];
-
- memcpy(buffer, &netlen, 2);
- memcpy(buffer + 2, data, len);
-
- memcpy(&seqno, buffer + 2, 4);
-
- // Check HMAC and decrypt.
- if(!digest_verify(&s->indigest, buffer, len - 14, buffer + len - 14))
- return error(s, EIO, "Invalid HMAC");
+ // Decrypt.
cipher_set_counter(&s->incipher, &seqno, sizeof seqno);
if(!cipher_counter_xor(&s->incipher, buffer + 6, len - 4, buffer + 6))
return false;
cipher_set_counter(&s->incipher, &seqno, sizeof seqno);
if(!cipher_counter_xor(&s->incipher, buffer + 6, len - 4, buffer + 6))
return false;