diff options
| author | Matthias Schiffer <mschiffer@universe-factory.net> | 2013-10-30 22:59:13 +0100 |
|---|---|---|
| committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2013-10-30 22:59:13 +0100 |
| commit | 63b97e9a730544b962d840e07b113e5f2057cd28 (patch) | |
| tree | 896ecd6554938c3b8533025a9b2d02d167638e01 /src | |
| parent | 601efec8e944bfc6ecb8afbfdfa1393030f36b06 (diff) | |
| download | fastd-63b97e9a730544b962d840e07b113e5f2057cd28.tar fastd-63b97e9a730544b962d840e07b113e5f2057cd28.zip | |
ec25519-fhmqvc: include either T or TLV_MAC in handshake finish, but not both
Diffstat (limited to 'src')
| -rw-r--r-- | src/protocols/ec25519_fhmqvc/handshake.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/src/protocols/ec25519_fhmqvc/handshake.c b/src/protocols/ec25519_fhmqvc/handshake.c index 742e310..9e62deb 100644 --- a/src/protocols/ec25519_fhmqvc/handshake.c +++ b/src/protocols/ec25519_fhmqvc/handshake.c @@ -160,9 +160,9 @@ static void respond_handshake(fastd_context_t *ctx, const fastd_socket_t *sock, fastd_handshake_add(ctx, &buffer, RECORD_T, HASHBYTES, hmacbuf.b); } - uint8_t *hmac = fastd_handshake_add_zero(ctx, &buffer, RECORD_TLV_MAC, HASHBYTES); + uint8_t *mac = fastd_handshake_add_zero(ctx, &buffer, RECORD_TLV_MAC, HASHBYTES); fastd_hmacsha256(&hmacbuf, peer->protocol_state->shared_handshake_key.w, fastd_handshake_tlv_data(&buffer), fastd_handshake_tlv_len(&buffer)); - memcpy(hmac, hmacbuf.b, HASHBYTES); + memcpy(mac, hmacbuf.b, HASHBYTES); fastd_send_handshake(ctx, sock, local_addr, remote_addr, peer, buffer); } @@ -320,17 +320,18 @@ static void finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, const f fastd_handshake_add(ctx, &buffer, RECORD_SENDER_HANDSHAKE_KEY, PUBLICKEYBYTES, handshake_key->key1.public.p); fastd_handshake_add(ctx, &buffer, RECORD_RECEIPIENT_HANDSHAKE_KEY, PUBLICKEYBYTES, peer_handshake_key->p); - fastd_sha256_t hmacbuf; - - if (!ctx->conf->secure_handshakes) { + if (secure_handshake(handshake)) { + fastd_sha256_t hmacbuf; + uint8_t *mac = fastd_handshake_add_zero(ctx, &buffer, RECORD_TLV_MAC, HASHBYTES); + fastd_hmacsha256(&hmacbuf, shared_handshake_key.w, fastd_handshake_tlv_data(&buffer), fastd_handshake_tlv_len(&buffer)); + memcpy(mac, hmacbuf.b, HASHBYTES); + } + else { + fastd_sha256_t hmacbuf; fastd_hmacsha256_blocks(&hmacbuf, shared_handshake_key.w, ctx->conf->protocol_config->key.public.p, handshake_key->key1.public.p, NULL); fastd_handshake_add(ctx, &buffer, RECORD_T, HASHBYTES, hmacbuf.b); } - uint8_t *hmac = fastd_handshake_add_zero(ctx, &buffer, RECORD_TLV_MAC, HASHBYTES); - fastd_hmacsha256(&hmacbuf, shared_handshake_key.w, fastd_handshake_tlv_data(&buffer), fastd_handshake_tlv_len(&buffer)); - memcpy(hmac, hmacbuf.b, HASHBYTES); - fastd_send_handshake(ctx, sock, local_addr, remote_addr, peer, buffer); } |