SODIUM_EXPORT int
crypto_auth_hmacsha512256_ref_verify(const unsigned char *h,
const unsigned char *in,
unsigned long long inlen,
const unsigned char *k)
{
return crypto_auth_hmacsha512256_verify(h, in, inlen, k);
}
int crypto_secretbox_open(
unsigned char *m,
const unsigned char *c,unsigned long long clen,
const unsigned char *n,
const unsigned char *k
)
{
int i;
unsigned char subkey[32];
if (clen < 32) return -1;
crypto_stream_salsa20(subkey,32,n,k);
if (crypto_auth_hmacsha512256_verify(c,c + 32,clen - 32,subkey) != 0) return -1;
crypto_stream_salsa20_xor(m,c,clen,n,k);
for (i = 0;i < 32;++i) m[i] = 0;
return 0;
}
int try_register_user_by_sockaddr(struct curve25519_struct *c,
char *src, size_t slen,
struct sockaddr_storage *sa,
size_t sa_len, int log)
{
int ret = -1;
char *cbuff = NULL;
struct user_store *elem;
ssize_t clen;
size_t real_len = 132;
enum is_user_enum err;
unsigned char auth[crypto_auth_hmacsha512256_BYTES];
struct taia arrival_taia;
/* assert(132 == clen + sizeof(auth)); */
/*
* Check hmac first, if malicious, drop immediately before we
* investigate more efforts.
*/
if (slen < real_len)
return -1;
taia_now(&arrival_taia);
memcpy(auth, src, sizeof(auth));
src += sizeof(auth);
real_len -= sizeof(auth);
if (crypto_auth_hmacsha512256_verify(auth, (unsigned char *) src,
real_len, token)) {
syslog(LOG_ERR, "Got bad packet hmac! Dropping!\n");
return -1;
} else {
if (log)
syslog(LOG_INFO, "Got good packet hmac!\n");
}
rwlock_rd_lock(&store_lock);
elem = store;
while (elem) {
clen = curve25519_decode(c, &elem->proto_inf,
(unsigned char *) src, real_len,
(unsigned char **) &cbuff,
&arrival_taia);
if (clen <= 0) {
elem = elem->next;
continue;
}
cbuff += crypto_box_zerobytes;
clen -= crypto_box_zerobytes;
if (log)
syslog(LOG_INFO, "Packet decoded successfully!\n");
err = username_msg_is_user(cbuff, clen, elem->username,
strlen(elem->username) + 1);
if (err == USERNAMES_OK) {
if (log)
syslog(LOG_INFO, "Found user %s! Registering ...\n",
elem->username);
ret = register_user_by_sockaddr(sa, sa_len,
&elem->proto_inf);
break;
}
elem = elem->next;
}
rwlock_unlock(&store_lock);
if (ret == -1)
syslog(LOG_ERR, "User not found! Dropping connection!\n");
return ret;
}
