#define CASES_MSG3_KNOWN LABEL_MSG3: case LABEL_MSG3BIS
+struct msg;
+
int32_t site_max_start_pad = 4*4;
static cstring_t state_name(uint32_t state)
static void enter_state_run(struct site *st);
static bool_t enter_state_resolve(struct site *st);
static void decrement_resolving_count(struct site *st, int by);
-static bool_t enter_new_state(struct site *st,uint32_t next);
+static bool_t enter_new_state(struct site *st,uint32_t next,
+ const struct msg *prompt
+ /* may be 0 for SENTMSG1 */);
static void enter_state_wait(struct site *st);
static void activate_new_key(struct site *st);
/* Build any of msg1 to msg4. msg5 and msg6 are built from the inside
out using a transform of config data supplied by netlink */
-static bool_t generate_msg(struct site *st, uint32_t type, cstring_t what)
+static bool_t generate_msg(struct site *st, uint32_t type, cstring_t what,
+ const struct msg *prompt
+ /* may be 0 for MSG1 */)
{
string_t dhpub;
unsigned minor;
return False;
}
-static bool_t generate_msg1(struct site *st)
+static bool_t generate_msg1(struct site *st, const struct msg *prompt_maybe_0)
{
st->random->generate(st->random->st,NONCELEN,st->localN);
- return generate_msg(st,LABEL_MSG1,"site:MSG1");
+ return generate_msg(st,LABEL_MSG1,"site:MSG1",prompt_maybe_0);
}
static bool_t process_msg1(struct site *st, struct buffer_if *msg1,
- const struct comm_addr *src, struct msg *m)
+ const struct comm_addr *src,
+ const struct msg *m)
{
/* We've already determined we're in an appropriate state to
process an incoming MSG1, and that the MSG1 has correct values
return True;
}
-static bool_t generate_msg2(struct site *st)
+static bool_t generate_msg2(struct site *st,
+ const struct msg *prompt_may_be_null)
{
st->random->generate(st->random->st,NONCELEN,st->localN);
- return generate_msg(st,LABEL_MSG2,"site:MSG2");
+ return generate_msg(st,LABEL_MSG2,"site:MSG2",prompt_may_be_null);
}
static bool_t process_msg2(struct site *st, struct buffer_if *msg2,
return True;
}
-static bool_t generate_msg3(struct site *st)
+static bool_t generate_msg3(struct site *st, const struct msg *prompt)
{
/* Now we have our nonce and their nonce. Think of a secret key,
and create message number 3. */
(st->remote_capabilities & CAPAB_TRANSFORM_MASK)
? LABEL_MSG3BIS
: LABEL_MSG3,
- "site:MSG3");
+ "site:MSG3",prompt);
}
static bool_t process_msg3_msg4(struct site *st, struct msg *m)
return True;
}
-static bool_t generate_msg4(struct site *st)
+static bool_t generate_msg4(struct site *st, const struct msg *prompt)
{
/* We have both nonces, their public key and our private key. Generate
our public key, sign it and send it to them. */
- return generate_msg(st,LABEL_MSG4,"site:MSG4");
+ return generate_msg(st,LABEL_MSG4,"site:MSG4",prompt);
}
static bool_t process_msg4(struct site *st, struct buffer_if *msg4,
/* Leaves transformed part of buffer untouched */
}
-static bool_t generate_msg5(struct site *st)
+static bool_t generate_msg5(struct site *st, const struct msg *prompt)
{
cstring_t transform_err;
buf_prepend_uint32(&st->buffer,session_id);
}
-static bool_t generate_msg6(struct site *st)
+static bool_t generate_msg6(struct site *st, const struct msg *prompt)
{
if (!is_transform_valid(st->new_transform))
return False;
switch (st->state) {
case SITE_RESOLVE:
if (transport_compute_setupinit_peers(st,addrs,naddrs,0)) {
- enter_new_state(st,SITE_SENTMSG1);
+ enter_new_state(st,SITE_SENTMSG1,0);
} else {
/* Can't figure out who to try to to talk to */
slog(st,LOG_SETUP_INIT,
slog(st,LOG_SETUP_INIT,"resolving peer address(es)");
return enter_state_resolve(st);
} else if (transport_compute_setupinit_peers(st,0,0,prod_hint)) {
- return enter_new_state(st,SITE_SENTMSG1);
+ return enter_new_state(st,SITE_SENTMSG1,0);
}
slog(st,LOG_SETUP_INIT,"key exchange failed: no address for peer");
return False;
return ensure_resolving(st);
}
-static bool_t enter_new_state(struct site *st, uint32_t next)
+static bool_t enter_new_state(struct site *st, uint32_t next,
+ const struct msg *prompt
+ /* may be 0 for SENTMSG1 */)
{
- bool_t (*gen)(struct site *st);
+ bool_t (*gen)(struct site *st, const struct msg *prompt);
int r;
slog(st,LOG_STATE,"entering state %s",state_name(next));
if (hacky_par_start_failnow()) return False;
- r= gen(st) && send_msg(st);
+ r= gen(st,prompt) && send_msg(st);
hacky_par_end(&r,
st->setup_retries, st->setup_retry_interval,
uint32_t dest=get_uint32(buf->start);
uint32_t msgtype=get_uint32(buf->start+8);
struct msg msg;
+ /* initialised by named_for_us, or process_msgN for N!=1 */
if (msgtype==LABEL_MSG1) {
if (!named_for_us(st,buf,msgtype,&msg))
transport_compute_setupinit_peers(st,0,0,source);
if (process_msg1(st,buf,source,&msg)) {
slog(st,LOG_SETUP_INIT,"key setup initiated by peer");
- bool_t entered=enter_new_state(st,SITE_SENTMSG2);
+ bool_t entered=enter_new_state(st,SITE_SENTMSG2,&msg);
if (entered && st->addresses && st->local_mobile)
/* We must do this as the very last thing, because
the resolver callback might reenter us. */
if (process_msg1(st,buf,source,&msg)) {
BUF_FREE(&st->buffer); /* Free our old message 1 */
transport_setup_msgok(st,source);
- enter_new_state(st,SITE_SENTMSG2);
+ enter_new_state(st,SITE_SENTMSG2,&msg);
} else {
slog(st,LOG_ERROR,"failed to process an incoming "
"crossed msg1 (we have low priority)");
slog(st,LOG_UNEXPECTED,"unexpected MSG2");
} else if (process_msg2(st,buf,source,&msg)) {
transport_setup_msgok(st,source);
- enter_new_state(st,SITE_SENTMSG3);
+ enter_new_state(st,SITE_SENTMSG3,&msg);
} else {
slog(st,LOG_SEC,"invalid MSG2");
}
slog(st,LOG_UNEXPECTED,"unexpected MSG3");
} else if (process_msg3(st,buf,source,msgtype,&msg)) {
transport_setup_msgok(st,source);
- enter_new_state(st,SITE_SENTMSG4);
+ enter_new_state(st,SITE_SENTMSG4,&msg);
} else {
slog(st,LOG_SEC,"invalid MSG3");
}
slog(st,LOG_UNEXPECTED,"unexpected MSG4");
} else if (process_msg4(st,buf,source,&msg)) {
transport_setup_msgok(st,source);
- enter_new_state(st,SITE_SENTMSG5);
+ enter_new_state(st,SITE_SENTMSG5,&msg);
} else {
slog(st,LOG_SEC,"invalid MSG4");
}
if (st->state==SITE_SENTMSG4) {
if (process_msg5(st,buf,source,st->new_transform)) {
transport_setup_msgok(st,source);
- enter_new_state(st,SITE_RUN);
+ enter_new_state(st,SITE_RUN,&msg);
} else {
slog(st,LOG_SEC,"invalid MSG5");
}
~ianmdlvl / secnet.git / blobdiff