SODIUM_EXPORT int crypto_auth_hmacsha512256_ref_verify(const unsigned char *h, const unsigned char *in, unsigned long long inlen, const unsigned char *k) { return crypto_auth_hmacsha512256_verify(h, in, inlen, k); }
int crypto_secretbox_open( unsigned char *m, const unsigned char *c,unsigned long long clen, const unsigned char *n, const unsigned char *k ) { int i; unsigned char subkey[32]; if (clen < 32) return -1; crypto_stream_salsa20(subkey,32,n,k); if (crypto_auth_hmacsha512256_verify(c,c + 32,clen - 32,subkey) != 0) return -1; crypto_stream_salsa20_xor(m,c,clen,n,k); for (i = 0;i < 32;++i) m[i] = 0; return 0; }
int try_register_user_by_sockaddr(struct curve25519_struct *c, char *src, size_t slen, struct sockaddr_storage *sa, size_t sa_len, int log) { int ret = -1; char *cbuff = NULL; struct user_store *elem; ssize_t clen; size_t real_len = 132; enum is_user_enum err; unsigned char auth[crypto_auth_hmacsha512256_BYTES]; struct taia arrival_taia; /* assert(132 == clen + sizeof(auth)); */ /* * Check hmac first, if malicious, drop immediately before we * investigate more efforts. */ if (slen < real_len) return -1; taia_now(&arrival_taia); memcpy(auth, src, sizeof(auth)); src += sizeof(auth); real_len -= sizeof(auth); if (crypto_auth_hmacsha512256_verify(auth, (unsigned char *) src, real_len, token)) { syslog(LOG_ERR, "Got bad packet hmac! Dropping!\n"); return -1; } else { if (log) syslog(LOG_INFO, "Got good packet hmac!\n"); } rwlock_rd_lock(&store_lock); elem = store; while (elem) { clen = curve25519_decode(c, &elem->proto_inf, (unsigned char *) src, real_len, (unsigned char **) &cbuff, &arrival_taia); if (clen <= 0) { elem = elem->next; continue; } cbuff += crypto_box_zerobytes; clen -= crypto_box_zerobytes; if (log) syslog(LOG_INFO, "Packet decoded successfully!\n"); err = username_msg_is_user(cbuff, clen, elem->username, strlen(elem->username) + 1); if (err == USERNAMES_OK) { if (log) syslog(LOG_INFO, "Found user %s! Registering ...\n", elem->username); ret = register_user_by_sockaddr(sa, sa_len, &elem->proto_inf); break; } elem = elem->next; } rwlock_unlock(&store_lock); if (ret == -1) syslog(LOG_ERR, "User not found! Dropping connection!\n"); return ret; }