implemented per-packet HMAC to avoid MITM tampering.

1 files changed, 37 insertions, 0 deletions

diff --git a/net.c b/net.c
index d645eb4..12c2c5b 100644
--- a/net.c
+++ b/net.c
@@ -1,6 +1,8 @@
 #include <u.h>
 #include <libc.h>
 #include <ip.h>
+#include <mp.h>
+#include <libsec.h>
 #include <thread.h>
 #include <draw.h>
 #include <geometry.h>
@@ -69,6 +71,7 @@ newframe(Frame *pf, u8int type, u32int seq, u32int ack, u16int len, uchar *data)
 	Frame *f;
 
 	f = emalloc(sizeof(Frame)+len);
+	memset(f, 0, sizeof(Frame));
 	f->id = ProtocolID;
 	f->type = type;
 	if(pf != nil){
@@ -88,6 +91,40 @@ newframe(Frame *pf, u8int type, u32int seq, u32int ack, u16int len, uchar *data)
 }
 
 void
+signframe(Frame *f, ulong key)
+{
+	uchar k[sizeof(ulong)];
+	uchar h[MD5dlen];
+	uchar msg[MTU];
+	int n;
+
+	k[0] = key; k[1] = key>>8; k[2] = key>>16; k[3] = key>>24;
+
+	memset(f->sig, 0, MD5dlen);
+	n = pack(msg, sizeof msg, "f", f);
+	hmac_md5(msg, n, k, sizeof k, h, nil);
+	memmove(f->sig, h, MD5dlen);
+}
+
+int
+verifyframe(Frame *f, ulong key)
+{
+	uchar k[sizeof(ulong)];
+	uchar h0[MD5dlen], h1[MD5dlen];
+	uchar msg[MTU];
+	int n;
+
+	k[0] = key; k[1] = key>>8; k[2] = key>>16; k[3] = key>>24;
+
+	memmove(h0, f->sig, MD5dlen);
+	memset(f->sig, 0, MD5dlen);
+	n = pack(msg, sizeof msg, "f", f);
+	hmac_md5(msg, n, k, sizeof k, h1, nil);
+	memmove(f->sig, h0, MD5dlen);
+	return memcmp(h0, h1, MD5dlen);
+}
+
+void
 delframe(Frame *f)
 {
 	free(f);