/*
sptps.c -- Simple Peer-to-Peer Security
- Copyright (C) 2011-2014 Guus Sliepen <guus@tinc-vpn.org>,
+ Copyright (C) 2011-2015 Guus Sliepen <guus@tinc-vpn.org>,
2010 Brandon L. Black <blblack@gmail.com>
This program is free software; you can redistribute it and/or modify
if (update_state)
s->farfuture++;
if(farfuture)
- return error(s, EIO, "Packet is %d seqs in the future, dropped (%u)\n", seqno - s->inseqno, s->farfuture);
+ return update_state ? error(s, EIO, "Packet is %d seqs in the future, dropped (%u)\n", seqno - s->inseqno, s->farfuture) : false;
// Unless we have seen lots of them, in which case we consider the others lost.
- warning(s, "Lost %d packets\n", seqno - s->inseqno);
+ if(update_state)
+ warning(s, "Lost %d packets\n", seqno - s->inseqno);
if (update_state) {
// Mark all packets in the replay window as being late.
memset(s->late, 255, s->replaywin);
} else if (seqno < s->inseqno) {
// If the sequence number is farther in the past than the bitmap goes, or if the packet was already received, drop it.
if((s->inseqno >= s->replaywin * 8 && seqno < s->inseqno - s->replaywin * 8) || !(s->late[(seqno / 8) % s->replaywin] & (1 << seqno % 8)))
- return error(s, EIO, "Received late or replayed packet, seqno %d, last received %d\n", seqno, s->inseqno);
+ return update_state ? error(s, EIO, "Received late or replayed packet, seqno %d, last received %d\n", seqno, s->inseqno) : false;
} else if (update_state) {
// We missed some packets. Mark them in the bitmap as being late.
for(int i = s->inseqno; i < seqno; i++)
uint32_t seqno;
memcpy(&seqno, data, 4);
seqno = ntohl(seqno);
+ data += 4; len -= 4;
if(!s->instate) {
if(seqno != s->inseqno)
s->inseqno = seqno + 1;
- uint8_t type = data[4];
+ uint8_t type = *(data++); len--;
if(type != SPTPS_HANDSHAKE)
return error(s, EIO, "Application record received before handshake finished");
- return receive_handshake(s, data + 5, len - 5);
+ return receive_handshake(s, data, len);
}
// Decrypt
char buffer[len];
-
size_t outlen;
-
- if(!chacha_poly1305_decrypt(s->incipher, seqno, data + 4, len - 4, buffer, &outlen))
+ if(!chacha_poly1305_decrypt(s->incipher, seqno, data, len, buffer, &outlen))
return error(s, EIO, "Failed to decrypt and verify packet");
if(!sptps_check_seqno(s, seqno, true))
return false;
// Append a NULL byte for safety.
- buffer[len - 20] = 0;
+ buffer[outlen] = 0;
+
+ data = buffer;
+ len = outlen;
- uint8_t type = buffer[0];
+ uint8_t type = *(data++); len--;
if(type < SPTPS_HANDSHAKE) {
if(!s->instate)
return error(s, EIO, "Application record received before handshake finished");
- if(!s->receive_record(s->handle, type, buffer + 1, len - 21))
+ if(!s->receive_record(s->handle, type, data, len))
return false;
} else if(type == SPTPS_HANDSHAKE) {
- if(!receive_handshake(s, buffer + 1, len - 21))
+ if(!receive_handshake(s, data, len))
return false;
} else {
return error(s, EIO, "Invalid record type %d", type);