gcry_error_t err = gcry_md_open(&hd, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
if (err != 0) {
- /* TODO(octo): use gcry_strerror(err) to create an error string. */
- return -1;
+ return (int)err;
}
err = gcry_md_setkey(hd, password, strlen(password));
if (err != 0) {
gcry_md_close(hd);
- return -1;
+ return (int)err;
}
gcry_md_write(hd, username, strlen(username));
void *payload, size_t payload_size,
lcc_network_parse_options_t const *opts) {
if (opts->password_lookup == NULL) {
- /* TODO(octo): print warning */
+ /* The sender signed the packet but we can't verify it. Handle it as if it
+ * were unsigned, i.e. security level NONE. */
return network_parse(payload, payload_size, NONE, opts);
}
static int parse_encrypt_aes256(void *data, size_t data_size,
lcc_network_parse_options_t const *opts) {
if (opts->password_lookup == NULL) {
- /* TODO(octo): print warning */
+ /* Without a password source it's (hopefully) impossible to decrypt the
+ * network packet. */
return ENOENT;
}
return ENOMEM;
char username[((size_t)username_len) + 1];
memset(username, 0, sizeof(username));
- if (buffer_next(b, username, sizeof(username)))
+ if (buffer_next(b, username, (size_t)username_len))
return EINVAL;
char const *password = opts->password_lookup(username);
return EINVAL;
}
- /* TODO(octo): skip if current_security_level < required_security_level */
+ int status = 0;
- int status = opts->writer(&vl);
+ /* Write metrics if they have the required security level. */
+ if (sl >= opts->security_level)
+ status = opts->writer(&vl);
free(vl.values);
free(vl.values_types);