if the password supplied is 32 bit long, we should use it AS if

This commit is contained in:
Vincent Malguy 2015-10-09 18:00:06 +02:00
parent 17058b59af
commit 502ba4ac9b
3 changed files with 101 additions and 90 deletions

30
auth.c
View File

@ -63,6 +63,8 @@ static int derive_key(struct vtun_host *host)
{ {
unsigned char salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES]; unsigned char salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES];
int ret = -1; int ret = -1;
size_t bin_len;
const char ** const hex_end;
if (host->key != NULL) { if (host->key != NULL) {
return 0; return 0;
@ -70,17 +72,27 @@ static int derive_key(struct vtun_host *host)
if ((host->key = sodium_malloc(HOST_KEYBYTES)) == NULL) { if ((host->key = sodium_malloc(HOST_KEYBYTES)) == NULL) {
return -1; return -1;
} }
sodium_hex2bin(host->key, HOST_KEYBYTES,host->passwd,
strlen(host->passwd), "", &bin_len, hex_end);
if (bin_len == HOST_KEYBYTES) {
vtun_syslog(LOG_ERR,"supplied password is long enough to be the secret");
return 0;
}
vtun_syslog(LOG_ERR,"supplied password is %i bits, adjusting it to 32 bits", bin_len);
memset(salt, 0xd1, sizeof salt); memset(salt, 0xd1, sizeof salt);
if (crypto_pwhash_scryptsalsa208sha256 if (crypto_pwhash_scryptsalsa208sha256
(host->key, HOST_KEYBYTES, host->passwd, strlen(host->passwd), salt, (host->key, HOST_KEYBYTES, host->passwd, strlen(host->passwd), salt,
crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE, crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE,
crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) == 0) { crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) == 0) {
ret = 0; ret = 0;
} }
sodium_memzero(host->passwd, strlen(host->passwd));
free(host->passwd); sodium_memzero(host->passwd, strlen(host->passwd));
host->passwd = NULL; free(host->passwd);
vtun_syslog(LOG_DEBUG,"Key ready for host %s.", host->host); host->passwd = NULL;
vtun_syslog(LOG_DEBUG,"Key ready for host %s.", host->host);
return ret; return ret;
} }

2
main.c
View File

@ -261,7 +261,7 @@ static void write_pid(void)
FILE *f; FILE *f;
if( !(f=fopen(VTUN_PID_FILE,"w")) ){ if( !(f=fopen(VTUN_PID_FILE,"w")) ){
vtun_syslog(LOG_ERR,"Can't write PID file"); vtun_syslog(LOG_ERR,"Can't write PID file %s", VTUN_PID_FILE);
return; return;
} }

View File

@ -127,7 +127,6 @@ static void listener(void)
vtun_syslog(LOG_ERR, "Can't fill in listen socket"); vtun_syslog(LOG_ERR, "Can't fill in listen socket");
exit(1); exit(1);
} }
if( (s=socket(AF_INET,SOCK_STREAM,0))== -1 ){ if( (s=socket(AF_INET,SOCK_STREAM,0))== -1 ){
vtun_syslog(LOG_ERR,"Can't create socket"); vtun_syslog(LOG_ERR,"Can't create socket");
exit(1); exit(1);
@ -137,8 +136,8 @@ static void listener(void)
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)); setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
if( bind(s,(struct sockaddr *)&my_addr,sizeof(my_addr)) ){ if( bind(s,(struct sockaddr *)&my_addr,sizeof(my_addr)) ){
vtun_syslog(LOG_ERR,"Can't bind to the socket"); vtun_syslog(LOG_ERR,"Can't bind to the socket %s", inet_ntoa(my_addr.sin_addr));
exit(1); exit(1);
} }
if( listen(s, 10) ){ if( listen(s, 10) ){