if the password supplied is 32 bit long, we should use it AS if

This commit is contained in:
Vincent Malguy 2015-10-09 18:00:06 +02:00
parent 17058b59af
commit 502ba4ac9b
3 changed files with 101 additions and 90 deletions

12
auth.c
View File

@ -63,6 +63,8 @@ static int derive_key(struct vtun_host *host)
{ {
unsigned char salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES]; unsigned char salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES];
int ret = -1; int ret = -1;
size_t bin_len;
const char ** const hex_end;
if (host->key != NULL) { if (host->key != NULL) {
return 0; return 0;
@ -70,6 +72,15 @@ static int derive_key(struct vtun_host *host)
if ((host->key = sodium_malloc(HOST_KEYBYTES)) == NULL) { if ((host->key = sodium_malloc(HOST_KEYBYTES)) == NULL) {
return -1; return -1;
} }
sodium_hex2bin(host->key, HOST_KEYBYTES,host->passwd,
strlen(host->passwd), "", &bin_len, hex_end);
if (bin_len == HOST_KEYBYTES) {
vtun_syslog(LOG_ERR,"supplied password is long enough to be the secret");
return 0;
}
vtun_syslog(LOG_ERR,"supplied password is %i bits, adjusting it to 32 bits", bin_len);
memset(salt, 0xd1, sizeof salt); memset(salt, 0xd1, sizeof salt);
if (crypto_pwhash_scryptsalsa208sha256 if (crypto_pwhash_scryptsalsa208sha256
(host->key, HOST_KEYBYTES, host->passwd, strlen(host->passwd), salt, (host->key, HOST_KEYBYTES, host->passwd, strlen(host->passwd), salt,
@ -77,6 +88,7 @@ static int derive_key(struct vtun_host *host)
crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) == 0) { crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) == 0) {
ret = 0; ret = 0;
} }
sodium_memzero(host->passwd, strlen(host->passwd)); sodium_memzero(host->passwd, strlen(host->passwd));
free(host->passwd); free(host->passwd);
host->passwd = NULL; host->passwd = NULL;

2
main.c
View File

@ -261,7 +261,7 @@ static void write_pid(void)
FILE *f; FILE *f;
if( !(f=fopen(VTUN_PID_FILE,"w")) ){ if( !(f=fopen(VTUN_PID_FILE,"w")) ){
vtun_syslog(LOG_ERR,"Can't write PID file"); vtun_syslog(LOG_ERR,"Can't write PID file %s", VTUN_PID_FILE);
return; return;
} }

View File

@ -127,7 +127,6 @@ static void listener(void)
vtun_syslog(LOG_ERR, "Can't fill in listen socket"); vtun_syslog(LOG_ERR, "Can't fill in listen socket");
exit(1); exit(1);
} }
if( (s=socket(AF_INET,SOCK_STREAM,0))== -1 ){ if( (s=socket(AF_INET,SOCK_STREAM,0))== -1 ){
vtun_syslog(LOG_ERR,"Can't create socket"); vtun_syslog(LOG_ERR,"Can't create socket");
exit(1); exit(1);
@ -137,7 +136,7 @@ static void listener(void)
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)); setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
if( bind(s,(struct sockaddr *)&my_addr,sizeof(my_addr)) ){ if( bind(s,(struct sockaddr *)&my_addr,sizeof(my_addr)) ){
vtun_syslog(LOG_ERR,"Can't bind to the socket"); vtun_syslog(LOG_ERR,"Can't bind to the socket %s", inet_ntoa(my_addr.sin_addr));
exit(1); exit(1);
} }