if the password supplied is 32 bit long, we should use it AS if
This commit is contained in:
parent
17058b59af
commit
502ba4ac9b
30
auth.c
30
auth.c
@ -63,6 +63,8 @@ static int derive_key(struct vtun_host *host)
|
|||||||
{
|
{
|
||||||
unsigned char salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES];
|
unsigned char salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES];
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
|
size_t bin_len;
|
||||||
|
const char ** const hex_end;
|
||||||
|
|
||||||
if (host->key != NULL) {
|
if (host->key != NULL) {
|
||||||
return 0;
|
return 0;
|
||||||
@ -70,17 +72,27 @@ static int derive_key(struct vtun_host *host)
|
|||||||
if ((host->key = sodium_malloc(HOST_KEYBYTES)) == NULL) {
|
if ((host->key = sodium_malloc(HOST_KEYBYTES)) == NULL) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sodium_hex2bin(host->key, HOST_KEYBYTES,host->passwd,
|
||||||
|
strlen(host->passwd), "", &bin_len, hex_end);
|
||||||
|
if (bin_len == HOST_KEYBYTES) {
|
||||||
|
vtun_syslog(LOG_ERR,"supplied password is long enough to be the secret");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
vtun_syslog(LOG_ERR,"supplied password is %i bits, adjusting it to 32 bits", bin_len);
|
||||||
memset(salt, 0xd1, sizeof salt);
|
memset(salt, 0xd1, sizeof salt);
|
||||||
if (crypto_pwhash_scryptsalsa208sha256
|
if (crypto_pwhash_scryptsalsa208sha256
|
||||||
(host->key, HOST_KEYBYTES, host->passwd, strlen(host->passwd), salt,
|
(host->key, HOST_KEYBYTES, host->passwd, strlen(host->passwd), salt,
|
||||||
crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE,
|
crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE,
|
||||||
crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) == 0) {
|
crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) == 0) {
|
||||||
ret = 0;
|
ret = 0;
|
||||||
}
|
}
|
||||||
sodium_memzero(host->passwd, strlen(host->passwd));
|
|
||||||
free(host->passwd);
|
sodium_memzero(host->passwd, strlen(host->passwd));
|
||||||
host->passwd = NULL;
|
free(host->passwd);
|
||||||
vtun_syslog(LOG_DEBUG,"Key ready for host %s.", host->host);
|
host->passwd = NULL;
|
||||||
|
vtun_syslog(LOG_DEBUG,"Key ready for host %s.", host->host);
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
2
main.c
2
main.c
@ -261,7 +261,7 @@ static void write_pid(void)
|
|||||||
FILE *f;
|
FILE *f;
|
||||||
|
|
||||||
if( !(f=fopen(VTUN_PID_FILE,"w")) ){
|
if( !(f=fopen(VTUN_PID_FILE,"w")) ){
|
||||||
vtun_syslog(LOG_ERR,"Can't write PID file");
|
vtun_syslog(LOG_ERR,"Can't write PID file %s", VTUN_PID_FILE);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
5
server.c
5
server.c
@ -127,7 +127,6 @@ static void listener(void)
|
|||||||
vtun_syslog(LOG_ERR, "Can't fill in listen socket");
|
vtun_syslog(LOG_ERR, "Can't fill in listen socket");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
if( (s=socket(AF_INET,SOCK_STREAM,0))== -1 ){
|
if( (s=socket(AF_INET,SOCK_STREAM,0))== -1 ){
|
||||||
vtun_syslog(LOG_ERR,"Can't create socket");
|
vtun_syslog(LOG_ERR,"Can't create socket");
|
||||||
exit(1);
|
exit(1);
|
||||||
@ -137,8 +136,8 @@ static void listener(void)
|
|||||||
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
|
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
|
||||||
|
|
||||||
if( bind(s,(struct sockaddr *)&my_addr,sizeof(my_addr)) ){
|
if( bind(s,(struct sockaddr *)&my_addr,sizeof(my_addr)) ){
|
||||||
vtun_syslog(LOG_ERR,"Can't bind to the socket");
|
vtun_syslog(LOG_ERR,"Can't bind to the socket %s", inet_ntoa(my_addr.sin_addr));
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
if( listen(s, 10) ){
|
if( listen(s, 10) ){
|
||||||
|
Loading…
Reference in New Issue
Block a user