if the password supplied is 32 bit long, we should use it AS if
This commit is contained in:
parent
17058b59af
commit
502ba4ac9b
30
auth.c
30
auth.c
@ -63,6 +63,8 @@ static int derive_key(struct vtun_host *host)
|
||||
{
|
||||
unsigned char salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES];
|
||||
int ret = -1;
|
||||
size_t bin_len;
|
||||
const char ** const hex_end;
|
||||
|
||||
if (host->key != NULL) {
|
||||
return 0;
|
||||
@ -70,17 +72,27 @@ static int derive_key(struct vtun_host *host)
|
||||
if ((host->key = sodium_malloc(HOST_KEYBYTES)) == NULL) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
sodium_hex2bin(host->key, HOST_KEYBYTES,host->passwd,
|
||||
strlen(host->passwd), "", &bin_len, hex_end);
|
||||
if (bin_len == HOST_KEYBYTES) {
|
||||
vtun_syslog(LOG_ERR,"supplied password is long enough to be the secret");
|
||||
return 0;
|
||||
}
|
||||
|
||||
vtun_syslog(LOG_ERR,"supplied password is %i bits, adjusting it to 32 bits", bin_len);
|
||||
memset(salt, 0xd1, sizeof salt);
|
||||
if (crypto_pwhash_scryptsalsa208sha256
|
||||
(host->key, HOST_KEYBYTES, host->passwd, strlen(host->passwd), salt,
|
||||
crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE,
|
||||
crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) == 0) {
|
||||
ret = 0;
|
||||
}
|
||||
sodium_memzero(host->passwd, strlen(host->passwd));
|
||||
free(host->passwd);
|
||||
host->passwd = NULL;
|
||||
vtun_syslog(LOG_DEBUG,"Key ready for host %s.", host->host);
|
||||
(host->key, HOST_KEYBYTES, host->passwd, strlen(host->passwd), salt,
|
||||
crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE,
|
||||
crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) == 0) {
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
sodium_memzero(host->passwd, strlen(host->passwd));
|
||||
free(host->passwd);
|
||||
host->passwd = NULL;
|
||||
vtun_syslog(LOG_DEBUG,"Key ready for host %s.", host->host);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
2
main.c
2
main.c
@ -261,7 +261,7 @@ static void write_pid(void)
|
||||
FILE *f;
|
||||
|
||||
if( !(f=fopen(VTUN_PID_FILE,"w")) ){
|
||||
vtun_syslog(LOG_ERR,"Can't write PID file");
|
||||
vtun_syslog(LOG_ERR,"Can't write PID file %s", VTUN_PID_FILE);
|
||||
return;
|
||||
}
|
||||
|
||||
|
5
server.c
5
server.c
@ -127,7 +127,6 @@ static void listener(void)
|
||||
vtun_syslog(LOG_ERR, "Can't fill in listen socket");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if( (s=socket(AF_INET,SOCK_STREAM,0))== -1 ){
|
||||
vtun_syslog(LOG_ERR,"Can't create socket");
|
||||
exit(1);
|
||||
@ -137,8 +136,8 @@ static void listener(void)
|
||||
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
|
||||
|
||||
if( bind(s,(struct sockaddr *)&my_addr,sizeof(my_addr)) ){
|
||||
vtun_syslog(LOG_ERR,"Can't bind to the socket");
|
||||
exit(1);
|
||||
vtun_syslog(LOG_ERR,"Can't bind to the socket %s", inet_ntoa(my_addr.sin_addr));
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if( listen(s, 10) ){
|
||||
|
Loading…
Reference in New Issue
Block a user