// Get shared session keys. Returns 1 if successful.
static int authGetSessionKeys(struct s_auth_state *authstate, struct s_crypto *ctx) {
if(authIsCompleted(authstate)) {
return cryptoSetSessionKeys(ctx, &authstate->crypto_ctx[auth_CRYPTOCTX_SESSION_A], &authstate->crypto_ctx[auth_CRYPTOCTX_SESSION_B], authstate->keygen_nonce, (auth_NONCESIZE + auth_NONCESIZE), crypto_AES256, crypto_SHA256);
}
else {
return 0;
}
}
// Get remote PeerID. Returns 1 if successful.
static int authGetRemotePeerID(struct s_auth_state *authstate, int *remote_peerid) {
if(authIsCompleted(authstate)) {
*remote_peerid = authstate->remote_peerid;
return 1;
}
else {
return 0;
}
}
// Get connection parameters. Returns 1 if successful.
static int authGetConnectionParams(struct s_auth_state *authstate, int64_t *seq, int64_t *flags) {
if(authIsCompleted(authstate)) {
*seq = utilReadInt64(authstate->remote_seq);
*flags = utilReadInt64(authstate->remote_flags);
return 1;
}
else {
return 0;
}
}
// Decode auth message. Returns 1 if message is accepted.
int authmgtDecodeMsg(struct s_authmgt *mgt, const unsigned char *msg, const int msg_len, const struct s_peeraddr *peeraddr) {
int authid;
int authstateid;
int tnow = utilGetClock();
int newsession;
int dupid;
CREATE_HUMAN_IP(peeraddr);
debugf("[%s] AUTH message received", humanIp);
if(msg_len <= 4) {
debugf("[%s] Wrong AUTH message size: %d", humanIp, msg_len);
return 0;
}
authid = utilReadInt32(msg);
if(authid > 0) {
// message belongs to existing auth session
authstateid = (authid - 1);
debugf("Found active auth session: %d", authstateid);
if(authstateid >= idspSize(&mgt->idsp)) {
debugf("[%s] wrong auth state ID", humanIp);
return 0;
}
if(!authDecodeMsg(&mgt->authstate[authstateid], msg, msg_len)) {
debugf("[%s] failed to decode AUTH message", humanIp);
return 0;
}
mgt->lastrecv[authstateid] = tnow;
mgt->peeraddr[authstateid] = *peeraddr;
if(mgt->fastauth) {
mgt->lastsend[authstateid] = (tnow - authmgt_RESEND_TIMEOUT - 3);
}
if((authIsAuthed(&mgt->authstate[authstateid])) && (!authIsCompleted(&mgt->authstate[authstateid]))) mgt->current_authed_id = authstateid;
if((authIsCompleted(&mgt->authstate[authstateid])) && (!authIsPeerCompleted(&mgt->authstate[authstateid]))) {
msgf("Host %s authorized", humanIp);
mgt->current_completed_id = authstateid;
}
return 1;
} else if(authid == 0) {
debugf("starting new session for %s, authid: %d", humanIp, authid);
// message requests new auth session
dupid = authmgtFindAddr(mgt, peeraddr);
// we already have this session
if(dupid >= 0) {
// auth session with same PeerAddr found.
if(authIsPreauth(&mgt->authstate[dupid])) {
return 0;
}
authmgtDelete(mgt, dupid);
}
authstateid = authmgtNew(mgt, peeraddr);
if(authstateid < 0) {
// all auth slots are full, search for unused sessions that can be replaced
dupid = authmgtFindUnused(mgt);
if(!(dupid < 0)) {
authmgtDelete(mgt, dupid);
authstateid = authmgtNew(mgt, peeraddr);
debugf("new auth session started for %s, authstateid %d", humanIp, authstateid);
}
}
if(!(authstateid < 0)) {
if(authDecodeMsg(&mgt->authstate[authstateid], msg, msg_len)) {
mgt->lastrecv[authstateid] = tnow;
mgt->peeraddr[authstateid] = *peeraddr;
if(mgt->fastauth) {
mgt->lastsend[authstateid] = (tnow - authmgt_RESEND_TIMEOUT - 3);
}
return 1;
}
else {
authmgtDelete(mgt, authstateid);
}
}
}
return 0;
}
