Authenticate the TLV records only

3 files changed, 19 insertions, 8 deletions

diff --git a/src/handshake.c b/src/handshake.c
index 82d47b8..962daa0 100644
--- a/src/handshake.c
+++ b/src/handshake.c
@@ -183,12 +183,11 @@ void fastd_handshake_handle(fastd_context_t *ctx, fastd_socket_t *sock, const fa
 		goto end_free;
 	}
 
-	fastd_handshake_t handshake = { .buffer = buffer };
 	fastd_handshake_packet_t *packet = buffer.data;
 
 	size_t len = buffer.len - sizeof(fastd_handshake_packet_t);
 	if (packet->tlv_len) {
-		size_t tlv_len = ntohs(packet->tlv_len);
+		size_t tlv_len = fastd_handshake_tlv_len(&buffer);
 		if (tlv_len > len) {
 			pr_warn(ctx, "received a short handshake from %I", remote_addr);
 			goto end_free;
@@ -198,6 +197,7 @@ void fastd_handshake_handle(fastd_context_t *ctx, fastd_socket_t *sock, const fa
 	}
 
 	uint8_t *ptr = packet->tlv_data, *end = packet->tlv_data + len;
+	fastd_handshake_t handshake = { .tlv_len = len, .tlv_data = packet->tlv_data };
 
 	while (true) {
 		if (ptr+4 > end)
diff --git a/src/handshake.h b/src/handshake.h
index e548be3..c25d427 100644
--- a/src/handshake.h
+++ b/src/handshake.h
@@ -72,7 +72,8 @@ typedef struct fastd_handshake_record {
 struct fastd_handshake {
 	uint8_t type;
 	fastd_handshake_record_t records[RECORD_MAX];
-	fastd_buffer_t buffer;
+	uint16_t tlv_len;
+	void *tlv_data;
 };
 
 
@@ -82,6 +83,16 @@ fastd_buffer_t fastd_handshake_new_reply(fastd_context_t *ctx, const fastd_hands
 void fastd_handshake_handle(fastd_context_t *ctx, fastd_socket_t *sock, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *remote_addr, fastd_peer_t *peer, fastd_buffer_t buffer);
 
 
+static inline void* fastd_handshake_tlv_data(const fastd_buffer_t *buffer) {
+	fastd_handshake_packet_t *packet = buffer->data;
+	return packet->tlv_data;
+}
+
+static inline uint16_t fastd_handshake_tlv_len(const fastd_buffer_t *buffer) {
+	fastd_handshake_packet_t *packet = buffer->data;
+	return ntohs(packet->tlv_len);
+}
+
 static inline uint8_t* fastd_handshake_extend(fastd_context_t *ctx, fastd_buffer_t *buffer, fastd_handshake_record_type_t type, size_t len) {
 	uint8_t *dst = buffer->data + buffer->len;
 
@@ -91,7 +102,7 @@ static inline uint8_t* fastd_handshake_extend(fastd_context_t *ctx, fastd_buffer
 	buffer->len += 4 + len;
 
 	fastd_handshake_packet_t *packet = buffer->data;
-	packet->tlv_len = htons(ntohs(packet->tlv_len) + 4 + len);
+	packet->tlv_len = htons(fastd_handshake_tlv_len(buffer) + 4 + len);
 
 	dst[0] = type;
 	dst[1] = type >> 8;
diff --git a/src/protocol_ec25519_fhmqvc.c b/src/protocol_ec25519_fhmqvc.c
index c3419d5..5f13244 100644
--- a/src/protocol_ec25519_fhmqvc.c
+++ b/src/protocol_ec25519_fhmqvc.c
@@ -386,7 +386,7 @@ static void respond_handshake(fastd_context_t *ctx, const fastd_socket_t *sock,
 
 	memset(&hmacbuf, 0, sizeof(hmacbuf));
 	fastd_handshake_add(ctx, &buffer, RECORD_HANDSHAKE_MAC, HASHBYTES, hmacbuf.b);
-	fastd_hmacsha256(&hmacbuf, peer->protocol_state->shared_handshake_key.w, buffer.data+sizeof(fastd_handshake_packet_t), buffer.len-sizeof(fastd_handshake_packet_t));
+	fastd_hmacsha256(&hmacbuf, peer->protocol_state->shared_handshake_key.w, fastd_handshake_tlv_data(&buffer), fastd_handshake_tlv_len(&buffer));
 	memcpy(buffer.data+buffer.len-HASHBYTES, hmacbuf.b, HASHBYTES);
 
 	fastd_send_handshake(ctx, sock, local_addr, remote_addr, peer, buffer);
@@ -517,7 +517,7 @@ static void finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, const f
 		memcpy(mac, handshake->records[RECORD_HANDSHAKE_MAC].data, HASHBYTES);
 		memset(handshake->records[RECORD_HANDSHAKE_MAC].data, 0, HASHBYTES);
 
-		valid = fastd_hmacsha256_verify(mac, shared_handshake_key.w, handshake->buffer.data+sizeof(fastd_handshake_packet_t), handshake->buffer.len-sizeof(fastd_handshake_packet_t));
+		valid = fastd_hmacsha256_verify(mac, shared_handshake_key.w, handshake->tlv_data, handshake->tlv_len);
 	}
 	else {
 		valid = fastd_hmacsha256_blocks_verify(handshake->records[RECORD_T].data, shared_handshake_key.w, peer->protocol_config->public_key.p, peer_handshake_key->p, NULL);
@@ -548,7 +548,7 @@ static void finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, const f
 
 	memset(&hmacbuf, 0, sizeof(hmacbuf));
 	fastd_handshake_add(ctx, &buffer, RECORD_HANDSHAKE_MAC, HASHBYTES, hmacbuf.b);
-	fastd_hmacsha256(&hmacbuf, shared_handshake_key.w, buffer.data+sizeof(fastd_handshake_packet_t), buffer.len-sizeof(fastd_handshake_packet_t));
+	fastd_hmacsha256(&hmacbuf, shared_handshake_key.w, fastd_handshake_tlv_data(&buffer), fastd_handshake_tlv_len(&buffer));
 	memcpy(buffer.data+buffer.len-HASHBYTES, hmacbuf.b, HASHBYTES);
 
 	fastd_send_handshake(ctx, sock, local_addr, remote_addr, peer, buffer);
@@ -568,7 +568,7 @@ static void handle_finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock,
 		memcpy(mac, handshake->records[RECORD_HANDSHAKE_MAC].data, HASHBYTES);
 		memset(handshake->records[RECORD_HANDSHAKE_MAC].data, 0, HASHBYTES);
 
-		valid = fastd_hmacsha256_verify(mac, peer->protocol_state->shared_handshake_key.w, handshake->buffer.data+sizeof(fastd_handshake_packet_t), handshake->buffer.len-sizeof(fastd_handshake_packet_t));
+		valid = fastd_hmacsha256_verify(mac, peer->protocol_state->shared_handshake_key.w, handshake->tlv_data, handshake->tlv_len);
 	}
 	else {
 		valid = fastd_hmacsha256_blocks_verify(handshake->records[RECORD_T].data, peer->protocol_state->shared_handshake_key.w, peer->protocol_config->public_key.p, peer_handshake_key->p, NULL);