From: Guus Sliepen Date: Tue, 31 Jul 2012 18:36:35 +0000 (+0200) Subject: Handle SPTPS datagrams in try_mac(). X-Git-Tag: release-1.1pre3~75 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=5ede437307cc3bbb20431f4b82f4a2ef79c9b746;p=oweals%2Ftinc.git Handle SPTPS datagrams in try_mac(). --- diff --git a/src/net_packet.c b/src/net_packet.c index 4e65155..a744485 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -252,6 +252,9 @@ static void receive_packet(node_t *n, vpn_packet_t *packet) { } static bool try_mac(node_t *n, const vpn_packet_t *inpkt) { + if(experimental && OPTION_VERSION(n->options) >= 2) + return sptps_verify_datagram(&n->sptps, (char *)inpkt->data - 4, inpkt->len); + if(!digest_active(&n->indigest) || inpkt->len < sizeof inpkt->seqno + digest_length(&n->indigest)) return false; diff --git a/src/sptps.c b/src/sptps.c index 422940c..12c6c7f 100644 --- a/src/sptps.c +++ b/src/sptps.c @@ -376,6 +376,20 @@ static bool receive_handshake(sptps_t *s, const char *data, uint16_t len) { } } +// Check datagram for valid HMAC +bool sptps_verify_datagram(sptps_t *s, const char *data, size_t len) { + if(!s->instate || len < 21) + return false; + + char buffer[len + 23]; + uint16_t netlen = htons(len - 21); + + memcpy(buffer, &netlen, 2); + memcpy(buffer + 2, data, len); + + return digest_verify(&s->indigest, buffer, len - 14, buffer + len - 14); +} + // Receive incoming data, datagram version. static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len) { if(len < (s->instate ? 21 : 5)) diff --git a/src/sptps.h b/src/sptps.h index d8ce3da..0616ac7 100644 --- a/src/sptps.h +++ b/src/sptps.h @@ -82,5 +82,6 @@ extern bool sptps_stop(sptps_t *s); extern bool sptps_send_record(sptps_t *s, uint8_t type, const char *data, uint16_t len); extern bool sptps_receive_data(sptps_t *s, const char *data, size_t len); extern bool sptps_force_kex(sptps_t *s); +extern bool sptps_verify_datagram(sptps_t *s, const char *data, size_t len); #endif