X-Git-Url: http://git.meshlink.io/?a=blobdiff_plain;f=src%2Fsptps.c;h=2e9ac6fe63331917c320805fdac592fea91753f7;hb=31ab43d8a0691e773db6992fa3b52ca24f7f8db4;hp=133f2b7e043b24235a16db83692aa1a32f7d0c34;hpb=03aafb2c9ea38c9baf9bc0672001ffe38c91c47d;p=meshlink

diff --git a/src/sptps.c b/src/sptps.c
index 133f2b7e..2e9ac6fe 100644
--- a/src/sptps.c
+++ b/src/sptps.c
@@ -80,7 +80,7 @@ static void warning(sptps_t *s, const char *format, ...) {
 }
 
 // Send a record (datagram version, accepts all record types, handles encryption and authentication).
-static bool send_record_priv_datagram(sptps_t *s, uint8_t type, const char *data, uint16_t len) {
+static bool send_record_priv_datagram(sptps_t *s, uint8_t type, const void *data, uint16_t len) {
 	char buffer[len + 21UL];
 
 	// Create header with sequence number, length and record type
@@ -101,7 +101,7 @@ static bool send_record_priv_datagram(sptps_t *s, uint8_t type, const char *data
 	}
 }
 // Send a record (private version, accepts all record types, handles encryption and authentication).
-static bool send_record_priv(sptps_t *s, uint8_t type, const char *data, uint16_t len) {
+static bool send_record_priv(sptps_t *s, uint8_t type, const void *data, uint16_t len) {
 	if(s->datagram)
 		return send_record_priv_datagram(s, type, data, len);
 
@@ -126,7 +126,7 @@ static bool send_record_priv(sptps_t *s, uint8_t type, const char *data, uint16_
 }
 
 // Send an application record.
-bool sptps_send_record(sptps_t *s, uint8_t type, const char *data, uint16_t len) {
+bool sptps_send_record(sptps_t *s, uint8_t type, const void *data, uint16_t len) {
 	// Sanity checks: application cannot send data before handshake is finished,
 	// and only record types 0..127 are allowed.
 	if(!s->outstate)
@@ -370,19 +370,29 @@ static bool receive_handshake(sptps_t *s, const char *data, uint16_t len) {
 }
 
 // Check datagram for valid HMAC
-bool sptps_verify_datagram(sptps_t *s, const char *data, size_t len) {
-	if(!s->instate || len < 21)
-		return error(s, EIO, "Received short packet");
+bool sptps_verify_datagram(sptps_t *s, const void *data, size_t len) {
+	if (!s->instate)
+		return error(s, EIO, "SPTPS state not ready to verify this datagram");
 
-	// TODO: just decrypt without updating the replay window
+	if(len < 21)
+		return error(s, EIO, "Received short packet in sptps_verify_datagram");
 
-	return true;
+	uint32_t seqno;
+	memcpy(&seqno, data, 4);
+	seqno = ntohl(seqno);
+	// TODO: check whether seqno makes sense, to avoid CPU intensive decrypt
+
+	char buffer[len];
+	size_t outlen;
+	return chacha_poly1305_decrypt(s->incipher, seqno, data + 4, len - 4, buffer, &outlen);
 }
 
 // Receive incoming data, datagram version.
-static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len) {
+static bool sptps_receive_data_datagram(sptps_t *s, const void *vdata, size_t len) {
+	const char *data = vdata;
+
 	if(len < (s->instate ? 21 : 5))
-		return error(s, EIO, "Received short packet");
+		return error(s, EIO, "Received short packet in sptps_receive_data_datagram");
 
 	uint32_t seqno;
 	memcpy(&seqno, data, 4);
@@ -467,7 +477,7 @@ static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len
 }
 
 // Receive incoming data. Check if it contains a complete record, if so, handle it.
-bool sptps_receive_data(sptps_t *s, const char *data, size_t len) {
+bool sptps_receive_data(sptps_t *s, const void *data, size_t len) {
 	if(!s->state)
 		return error(s, EIO, "Invalid session state zero");
 
@@ -555,6 +565,9 @@ bool sptps_receive_data(sptps_t *s, const char *data, size_t len) {
 
 // Start a SPTPS session.
 bool sptps_start(sptps_t *s, void *handle, bool initiator, bool datagram, ecdsa_t *mykey, ecdsa_t *hiskey, const char *label, size_t labellen, send_data_t send_data, receive_record_t receive_record) {
+	if(!s || !mykey || !hiskey || !label || !labellen || !send_data || !receive_record)
+		return error(s, EINVAL, "Invalid argument to sptps_start()");
+
 	// Initialise struct sptps
 	memset(s, 0, sizeof *s);