From cd363d197ea2eed48c3f87fd3e1ea5883ff46205 Mon Sep 17 00:00:00 2001
From: Mikkel Krautz <mikkel@krautz.dk>
Date: Sat, 8 Dec 2012 23:50:32 +0100
Subject: [PATCH] grumble: allow for other ciphers than OCB2-AES128.

---
 client.go                    |  2 +-
 pkg/cryptstate/cryptstate.go |  4 ++--
 server.go                    | 14 +++++++++-----
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/client.go b/client.go
index a23af29..2a28b8b 100644
--- a/client.go
+++ b/client.go
@@ -367,7 +367,7 @@ func (client *Client) udpRecvLoop() {
 // through the client's control channel (TCP).
 func (client *Client) SendUDP(buf []byte) error {
 	if client.udp {
-		crypted := make([]byte, len(buf)+4)
+		crypted := make([]byte, len(buf)+client.crypt.Overhead())
 		client.crypt.Encrypt(crypted, buf)
 		return client.server.SendUDP(crypted, client.udpaddr)
 	} else {
diff --git a/pkg/cryptstate/cryptstate.go b/pkg/cryptstate/cryptstate.go
index 43493bf..2b474cc 100644
--- a/pkg/cryptstate/cryptstate.go
+++ b/pkg/cryptstate/cryptstate.go
@@ -109,8 +109,8 @@ func (cs *CryptState) Decrypt(dst, src []byte) error {
 	}
 
 	plain_len := len(src) - cs.Overhead()
-	if len(dst) != plain_len {
-		return errors.New("cryptstate: plain_len and src len mismatch")
+	if len(dst) < plain_len {
+		return errors.New("cryptstate: not enough space in dst for plain text")
 	}
 
 	ivbyte := src[0]
diff --git a/server.go b/server.go
index 8e89b51..2a36f68 100644
--- a/server.go
+++ b/server.go
@@ -514,9 +514,9 @@ func (server *Server) handleAuthenticate(client *Client, msg *Message) {
 	// if it wishes.
 	client.lastResync = time.Now().Unix()
 	err = client.sendMessage(&mumbleproto.CryptSetup{
-		Key:         client.crypt.RawKey[0:],
-		ClientNonce: client.crypt.DecryptIV[0:],
-		ServerNonce: client.crypt.EncryptIV[0:],
+		Key:         client.crypt.Key,
+		ClientNonce: client.crypt.DecryptIV,
+		ServerNonce: client.crypt.EncryptIV,
 	})
 	if err != nil {
 		client.Panicf("%v", err)
@@ -989,7 +989,7 @@ func (server *Server) udpListenLoop() {
 
 func (server *Server) handleUdpPacket(udpaddr *net.UDPAddr, buf []byte, nread int) {
 	var match *Client
-	plain := make([]byte, nread-4)
+	plain := make([]byte, nread)
 
 	// Determine which client sent the the packet.  First, we
 	// check the map 'hpclients' in the server struct. It maps
@@ -1001,7 +1001,7 @@ func (server *Server) handleUdpPacket(udpaddr *net.UDPAddr, buf []byte, nread in
 	defer server.hmutex.Unlock()
 	client, ok := server.hpclients[udpaddr.String()]
 	if ok {
-		err := client.crypt.Decrypt(plain[0:], buf[0:nread])
+		err := client.crypt.Decrypt(plain, buf)
 		if err != nil {
 			client.cryptResync()
 			return
@@ -1029,6 +1029,10 @@ func (server *Server) handleUdpPacket(udpaddr *net.UDPAddr, buf []byte, nread in
 		return
 	}
 
+	// Resize the plaintext slice now that we know
+	// the true encryption overhead.
+	plain = plain[:len(plain)-match.crypt.Overhead()]
+
 	match.udp = true
 	match.udprecv <- plain
 }