Detect if server closed connection on client and only use one packet for authenticating client on server
This commit is contained in:
parent
88602a64b5
commit
79defadf12
3 changed files with 22 additions and 17 deletions
|
@ -211,8 +211,13 @@ void free_packet(packet_t *pkt)
|
||||||
*/
|
*/
|
||||||
int verify_packet(packet_t *pkt, int fd)
|
int verify_packet(packet_t *pkt, int fd)
|
||||||
{
|
{
|
||||||
if (recv_packet(pkt, fd, ZSM_TYP_MESSAGE) != ZSM_STA_SUCCESS) {
|
int status = recv_packet(pkt, fd, ZSM_TYP_MESSAGE);
|
||||||
|
if (status != ZSM_STA_SUCCESS) {
|
||||||
close(fd);
|
close(fd);
|
||||||
|
if (status == ZSM_STA_CLOSED_CONNECTION) {
|
||||||
|
error(1, "Server closed connection");
|
||||||
|
}
|
||||||
|
|
||||||
return ZSM_STA_ERROR_INTEGRITY;
|
return ZSM_STA_ERROR_INTEGRITY;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -66,7 +66,7 @@ void *receive_worker(void *arg)
|
||||||
|
|
||||||
while (1) {
|
while (1) {
|
||||||
packet_t pkt;
|
packet_t pkt;
|
||||||
if (verify_packet(&pkt, sockfd) == 0) {
|
if (verify_packet(&pkt, sockfd) != ZSM_STA_SUCCESS) {
|
||||||
error(0, "Error verifying packet");
|
error(0, "Error verifying packet");
|
||||||
}
|
}
|
||||||
size_t cipher_len = pkt.length - NONCE_SIZE - MAX_NAME * 2;
|
size_t cipher_len = pkt.length - NONCE_SIZE - MAX_NAME * 2;
|
||||||
|
|
|
@ -34,43 +34,43 @@ int authenticate_client(int clientfd, uint8_t *username)
|
||||||
/* Sending fake signature as structure requires it */
|
/* Sending fake signature as structure requires it */
|
||||||
uint8_t *fake_sig = create_signature(NULL, 0, NULL);
|
uint8_t *fake_sig = create_signature(NULL, 0, NULL);
|
||||||
|
|
||||||
packet_t *auth_pkt = create_packet(1, ZSM_TYP_AUTH, CHALLENGE_SIZE,
|
packet_t *pkt = create_packet(1, ZSM_TYP_AUTH, CHALLENGE_SIZE,
|
||||||
challenge, fake_sig);
|
challenge, fake_sig);
|
||||||
if (send_packet(auth_pkt, clientfd) != ZSM_STA_SUCCESS) {
|
if (send_packet(pkt, clientfd) != ZSM_STA_SUCCESS) {
|
||||||
error(0, "Could not authenticate client");
|
error(0, "Could not authenticate client");
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
free(fake_sig);
|
free(fake_sig);
|
||||||
|
|
||||||
packet_t client_auth_pkt;
|
|
||||||
int status;
|
int status;
|
||||||
if ((status = recv_packet(&client_auth_pkt, clientfd, ZSM_TYP_AUTH)
|
if ((status = recv_packet(pkt, clientfd, ZSM_TYP_AUTH)
|
||||||
!= ZSM_STA_SUCCESS)) {
|
!= ZSM_STA_SUCCESS)) {
|
||||||
error(0, "Could not authenticate client");
|
error(0, "Could not authenticate client");
|
||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint8_t pk_bin[PK_RAW_SIZE], pk_username[MAX_NAME];
|
uint8_t pk_bin[PK_RAW_SIZE], pk_username[MAX_NAME];
|
||||||
memcpy(pk_bin, client_auth_pkt.data, PK_RAW_SIZE);
|
memcpy(pk_bin, pkt->data, PK_RAW_SIZE);
|
||||||
memcpy(pk_username, client_auth_pkt.data + PK_RAW_SIZE, MAX_NAME);
|
memcpy(pk_username, pkt->data + PK_RAW_SIZE, MAX_NAME);
|
||||||
|
|
||||||
if (crypto_sign_verify_detached(client_auth_pkt.signature, challenge, CHALLENGE_SIZE, pk_bin) != 0) {
|
if (crypto_sign_verify_detached(pkt->signature, challenge, CHALLENGE_SIZE, pk_bin) != 0) {
|
||||||
free_packet(auth_pkt);
|
free_packet(pkt);
|
||||||
error(0, "Incorrect signature, could not authenticate client");
|
error(0, "Incorrect signature, could not authenticate client");
|
||||||
free(client_auth_pkt.data);
|
|
||||||
goto failure;
|
goto failure;
|
||||||
} else {
|
} else {
|
||||||
packet_t *ok_pkt = create_packet(ZSM_STA_AUTHORISED, ZSM_TYP_INFO
|
pkt->status = ZSM_STA_AUTHORISED;
|
||||||
, 0, NULL, NULL);
|
pkt->type = ZSM_TYP_INFO;
|
||||||
send_packet(ok_pkt, clientfd);
|
pkt->length = 0;
|
||||||
free_packet(ok_pkt);
|
pkt->data = NULL;
|
||||||
|
pkt->signature = NULL;
|
||||||
|
send_packet(pkt, clientfd);
|
||||||
|
free_packet(pkt);
|
||||||
strcpy(username, pk_username);
|
strcpy(username, pk_username);
|
||||||
return ZSM_STA_SUCCESS;
|
return ZSM_STA_SUCCESS;
|
||||||
}
|
}
|
||||||
failure:;
|
failure:;
|
||||||
packet_t *error_pkt = create_packet(ZSM_STA_UNAUTHORISED, ZSM_TYP_ERROR,
|
packet_t *error_pkt = create_packet(ZSM_STA_UNAUTHORISED, ZSM_TYP_ERROR,
|
||||||
0, NULL, create_signature(NULL, 0, NULL));
|
0, NULL, create_signature(NULL, 0, NULL));
|
||||||
|
|
||||||
send_packet(error_pkt, clientfd);
|
send_packet(error_pkt, clientfd);
|
||||||
free_packet(error_pkt);
|
free_packet(error_pkt);
|
||||||
close(clientfd);
|
close(clientfd);
|
||||||
|
|
Loading…
Reference in a new issue