X-Git-Url: http://git.meshlink.io/?a=blobdiff_plain;f=src%2Fsptps.c;h=99a3cea9fca47049bd070f6f3e0c0cc1f0452174;hb=733ef19ab996933c361f5b4f65fd768148a2d07b;hp=133f2b7e043b24235a16db83692aa1a32f7d0c34;hpb=03aafb2c9ea38c9baf9bc0672001ffe38c91c47d;p=meshlink

diff --git a/src/sptps.c b/src/sptps.c
index 133f2b7e..99a3cea9 100644
--- a/src/sptps.c
+++ b/src/sptps.c
@@ -80,7 +80,7 @@ static void warning(sptps_t *s, const char *format, ...) {
 }
 
 // Send a record (datagram version, accepts all record types, handles encryption and authentication).
-static bool send_record_priv_datagram(sptps_t *s, uint8_t type, const char *data, uint16_t len) {
+static bool send_record_priv_datagram(sptps_t *s, uint8_t type, const void *data, uint16_t len) {
 	char buffer[len + 21UL];
 
 	// Create header with sequence number, length and record type
@@ -101,7 +101,7 @@ static bool send_record_priv_datagram(sptps_t *s, uint8_t type, const char *data
 	}
 }
 // Send a record (private version, accepts all record types, handles encryption and authentication).
-static bool send_record_priv(sptps_t *s, uint8_t type, const char *data, uint16_t len) {
+static bool send_record_priv(sptps_t *s, uint8_t type, const void *data, uint16_t len) {
 	if(s->datagram)
 		return send_record_priv_datagram(s, type, data, len);
 
@@ -126,7 +126,7 @@ static bool send_record_priv(sptps_t *s, uint8_t type, const char *data, uint16_
 }
 
 // Send an application record.
-bool sptps_send_record(sptps_t *s, uint8_t type, const char *data, uint16_t len) {
+bool sptps_send_record(sptps_t *s, uint8_t type, const void *data, uint16_t len) {
 	// Sanity checks: application cannot send data before handshake is finished,
 	// and only record types 0..127 are allowed.
 	if(!s->outstate)
@@ -370,19 +370,32 @@ static bool receive_handshake(sptps_t *s, const char *data, uint16_t len) {
 }
 
 // Check datagram for valid HMAC
-bool sptps_verify_datagram(sptps_t *s, const char *data, size_t len) {
-	if(!s->instate || len < 21)
-		return error(s, EIO, "Received short packet");
+bool sptps_verify_datagram(sptps_t *s, const void *data, size_t len) {
+	if(len < 21)
+		return error(s, EIO, "Received short packet in sptps_verify_datagram");
 
-	// TODO: just decrypt without updating the replay window
+	if (!s->instate)
+		return error(s, EIO, "SPTPS state not ready to verify this datagram");
 
-	return true;
+	uint32_t seqno;
+	memcpy(&seqno, data, 4);
+	seqno = ntohl(seqno);
+	// TODO: check whether seqno makes sense, to avoid CPU intensive decrypt
+
+	char buffer[len];
+	size_t outlen;
+	return chacha_poly1305_decrypt(s->incipher, seqno, data + 4, len - 4, buffer, &outlen);
 }
 
 // Receive incoming data, datagram version.
-static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len) {
-	if(len < (s->instate ? 21 : 5))
-		return error(s, EIO, "Received short packet");
+static bool sptps_receive_data_datagram(sptps_t *s, const void *vdata, size_t len) {
+	const char *data = vdata;
+
+	if(len < 21)
+		return error(s, EIO, "Received short packet in sptps_receive_data_datagram");
+
+	if (!s->instate)
+		return error(s, EIO, "SPTPS state not ready to verify this datagram");
 
 	uint32_t seqno;
 	memcpy(&seqno, data, 4);
@@ -467,7 +480,7 @@ static bool sptps_receive_data_datagram(sptps_t *s, const char *data, size_t len
 }
 
 // Receive incoming data. Check if it contains a complete record, if so, handle it.
-bool sptps_receive_data(sptps_t *s, const char *data, size_t len) {
+bool sptps_receive_data(sptps_t *s, const void *data, size_t len) {
 	if(!s->state)
 		return error(s, EIO, "Invalid session state zero");