From: Guus Sliepen Date: Sat, 25 Feb 2012 14:18:15 +0000 (+0100) Subject: Apply HMAC after encryption. X-Git-Tag: release-1.1pre3~151 X-Git-Url: https://tinc-vpn.org/git/browse?a=commitdiff_plain;h=efd21e232dced3225f119aeb7a585ebf55b7cf77;p=tinc Apply HMAC after encryption. --- diff --git a/src/sptps.c b/src/sptps.c index d22390e8..6668763a 100644 --- a/src/sptps.c +++ b/src/sptps.c @@ -59,32 +59,32 @@ static bool error(sptps_t *s, int s_errno, const char *msg) { // Send a record (private version, accepts all record types, handles encryption and authentication). static bool send_record_priv(sptps_t *s, uint8_t type, const char *data, uint16_t len) { - char plaintext[len + 23]; - char ciphertext[len + 19]; + char buffer[len + 23UL]; + //char ciphertext[len + 19]; // Create header with sequence number, length and record type uint32_t seqno = htonl(s->outseqno++); uint16_t netlen = htons(len); - memcpy(plaintext, &seqno, 4); - memcpy(plaintext + 4, &netlen, 2); - plaintext[6] = type; + memcpy(buffer, &seqno, 4); + memcpy(buffer + 4, &netlen, 2); + buffer[6] = type; // Add plaintext (TODO: avoid unnecessary copy) - memcpy(plaintext + 7, data, len); + memcpy(buffer + 7, data, len); if(s->outstate) { // If first handshake has finished, encrypt and HMAC - if(!digest_create(&s->outdigest, plaintext, len + 7, plaintext + 7 + len)) + if(!cipher_counter_xor(&s->outcipher, buffer + 4, len + 3UL, buffer + 4)) return false; - if(!cipher_counter_xor(&s->outcipher, plaintext + 4, sizeof ciphertext, ciphertext)) + if(!digest_create(&s->outdigest, buffer, len + 7UL, buffer + 7UL + len)) return false; - return s->send_data(s->handle, ciphertext, len + 19); + return s->send_data(s->handle, buffer + 4, len + 19UL); } else { // Otherwise send as plaintext - return s->send_data(s->handle, plaintext + 4, len + 3); + return s->send_data(s->handle, buffer + 4, len + 3UL); } } @@ -343,26 +343,29 @@ bool receive_data(sptps_t *s, const char *data, size_t len) { if(toread > len) toread = len; - if(s->instate) { - if(!cipher_counter_xor(&s->incipher, data, toread, s->inbuf + s->buflen)) - return false; - } else { - memcpy(s->inbuf + s->buflen, data, toread); - } + memcpy(s->inbuf + s->buflen, data, toread); s->buflen += toread; len -= toread; data += toread; - + // Exit early if we don't have the full length. if(s->buflen < 6) return true; + // Decrypt the length bytes + + if(s->instate) { + if(!cipher_counter_xor(&s->incipher, s->inbuf + 4, 2, &s->reclen)) + return false; + } else { + memcpy(&s->reclen, s->inbuf + 4, 2); + } + + s->reclen = ntohs(s->reclen); + // If we have the length bytes, ensure our buffer can hold the whole request. - uint16_t reclen; - memcpy(&reclen, s->inbuf + 4, 2); - reclen = htons(reclen); - s->inbuf = realloc(s->inbuf, reclen + 23UL); + s->inbuf = realloc(s->inbuf, s->reclen + 23UL); if(!s->inbuf) return error(s, errno, strerror(errno)); @@ -376,43 +379,40 @@ bool receive_data(sptps_t *s, const char *data, size_t len) { } // Read up to the end of the record. - uint16_t reclen; - memcpy(&reclen, s->inbuf + 4, 2); - reclen = htons(reclen); - size_t toread = reclen + (s->instate ? 23UL : 7UL) - s->buflen; + size_t toread = s->reclen + (s->instate ? 23UL : 7UL) - s->buflen; if(toread > len) toread = len; - if(s->instate) { - if(!cipher_counter_xor(&s->incipher, data, toread, s->inbuf + s->buflen)) - return false; - } else { - memcpy(s->inbuf + s->buflen, data, toread); - } - + memcpy(s->inbuf + s->buflen, data, toread); s->buflen += toread; len -= toread; data += toread; // If we don't have a whole record, exit. - if(s->buflen < reclen + (s->instate ? 23UL : 7UL)) + if(s->buflen < s->reclen + (s->instate ? 23UL : 7UL)) return true; - // Check HMAC. - if(s->instate) - if(!digest_verify(&s->indigest, s->inbuf, reclen + 7UL, s->inbuf + reclen + 7UL)) - error(s, EIO, "Invalid HMAC"); + // Check HMAC and decrypt. + if(s->instate) { + if(!digest_verify(&s->indigest, s->inbuf, s->reclen + 7UL, s->inbuf + s->reclen + 7UL)) + return error(s, EIO, "Invalid HMAC"); + + if(!cipher_counter_xor(&s->incipher, s->inbuf + 6UL, s->reclen + 1UL, s->inbuf + 6UL)) + return false; + } + + // Append a NULL byte for safety. + s->inbuf[s->reclen + 7UL] = 0; uint8_t type = s->inbuf[6]; - // Handle record. if(type < SPTPS_HANDSHAKE) { if(!s->instate) return error(s, EIO, "Application record received before handshake finished"); - if(!s->receive_record(s->handle, type, s->inbuf + 7, reclen)) + if(!s->receive_record(s->handle, type, s->inbuf + 7, s->reclen)) return false; } else if(type == SPTPS_HANDSHAKE) { - if(!receive_handshake(s, s->inbuf + 7, reclen)) + if(!receive_handshake(s, s->inbuf + 7, s->reclen)) return false; } else { return error(s, EIO, "Invalid record type"); diff --git a/src/sptps.h b/src/sptps.h index 51de5753..f0d25920 100644 --- a/src/sptps.h +++ b/src/sptps.h @@ -46,6 +46,7 @@ typedef struct sptps { char *inbuf; size_t buflen; + uint16_t reclen; bool instate; cipher_t incipher;