* Florian octo Forster <octo at collectd.org>
**/
-#if HAVE_CONFIG_H
#include "config.h"
-#endif
#if !defined(__GNUC__) || !__GNUC__
#define __attribute__(x) /**/
#include <math.h>
#include <pthread.h>
+/* for be{16,64}toh */
+#if HAVE_ENDIAN_H
+#include <endian.h>
+#elif HAVE_SYS_ENDIAN_H
+#include <sys/endian.h>
+#endif
+
#define GCRYPT_NO_DEPRECATED
#include <gcrypt.h>
#include <stdio.h>
#define DEBUG(...) printf(__VA_ARGS__)
+#if GCRYPT_VERSION_NUMBER < 0x010600
GCRY_THREAD_OPTION_PTHREAD_IMPL;
+#endif
/* forward declaration because parse_sign_sha256()/parse_encrypt_aes256() and
* network_parse() need to call each other. */
gcry_error_t err = gcry_md_open(&hd, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
if (err != 0) {
- /* TODO(octo): use gcry_strerror(err) to create an error string. */
- return -1;
+ return (int)err;
}
err = gcry_md_setkey(hd, password, strlen(password));
if (err != 0) {
gcry_md_close(hd);
- return -1;
+ return (int)err;
}
gcry_md_write(hd, username, strlen(username));
void *payload, size_t payload_size,
lcc_network_parse_options_t const *opts) {
if (opts->password_lookup == NULL) {
- /* TODO(octo): print warning */
+ /* The sender signed the packet but we can't verify it. Handle it as if it
+ * were unsigned, i.e. security level NONE. */
return network_parse(payload, payload_size, NONE, opts);
}
static int parse_encrypt_aes256(void *data, size_t data_size,
lcc_network_parse_options_t const *opts) {
if (opts->password_lookup == NULL) {
- /* TODO(octo): print warning */
+ /* Without a password source it's (hopefully) impossible to decrypt the
+ * network packet. */
return ENOENT;
}
return EINVAL;
}
- /* TODO(octo): skip if current_security_level < required_security_level */
+ int status = 0;
- int status = opts->writer(&vl);
+ /* Write metrics if they have the required security level. */
+ if (sl >= opts->security_level)
+ status = opts->writer(&vl);
free(vl.values);
free(vl.values_types);