#define LOG_DUMP 0x00000100
#define LOG_ERROR 0x00000400
#define LOG_PEER_ADDRS 0x00000800
+#define LOG_SIGKEYS 0x00001000
static struct flagstr log_event_table[]={
{ "unexpected", LOG_UNEXPECTED },
{ "dump-packets", LOG_DUMP },
{ "errors", LOG_ERROR },
{ "peer-addrs", LOG_PEER_ADDRS },
+ { "sigkeys", LOG_SIGKEYS },
{ "default", LOG_SETUP_INIT|LOG_SETUP_TIMEOUT|
- LOG_ACTIVATE_KEY|LOG_TIMEOUT_KEY|LOG_SEC|LOG_ERROR },
+ LOG_ACTIVATE_KEY|LOG_TIMEOUT_KEY|LOG_SEC|LOG_ERROR|LOG_SIGKEYS },
{ "all", 0xffffffff },
{ NULL, 0 }
};
case LOG_DUMP: return M_DEBUG;
case LOG_ERROR: return M_ERR;
case LOG_PEER_ADDRS: return M_DEBUG;
+ case LOG_SIGKEYS: return M_INFO;
default: return M_ERR;
}
}
if (type_is_msg34(type)) {
buf_append_uint16(&st->buffer,st->mtu_target);
}
+ struct sigprivkey_if *privkey=st->privkey;
append_string_xinfo_done(&st->buffer,&xia);
buf_append_string(&st->buffer,st->remotename);
buf_append_string(&st->buffer,dhpub);
free(dhpub);
- bool_t ok=st->privkey->sign(st->privkey->st,
- st->buffer.start,
- st->buffer.size,
- &st->buffer);
+ bool_t ok=privkey->sign(privkey->st,
+ st->buffer.start,
+ st->buffer.size,
+ &st->buffer);
if (!ok) goto fail;
return True;
CHECK_AVAIL(msg,m->pklen);
m->pk=buf_unprepend(msg,m->pklen);
m->hashlen=msg->start-m->hashstart;
+ struct sigpubkey_if *pubkey=st->pubkey;
- if (!st->pubkey->unpick(st->pubkey->st,msg,&m->sig)) {
+ if (!pubkey->unpick(pubkey->st,msg,&m->sig)) {
return False;
}
static bool_t process_msg3_msg4(struct site *st, struct msg *m)
{
+ struct sigpubkey_if *pubkey=st->pubkey;
+
/* Check signature and store g^x mod m */
- if (!st->pubkey->check(st->pubkey->st,
- m->hashstart,m->hashlen,
- &m->sig)) {
+ if (!pubkey->check(pubkey->st,
+ m->hashstart,m->hashlen,
+ &m->sig)) {
slog(st,LOG_SEC,"msg3/msg4 signature failed check!");
return False;
}
crypto operations, but that's a task for another day. */
}
+static void setup_sethash(struct site *st, dict_t *dict,
+ struct hash_if **hash, struct cloc loc,
+ sig_sethash_fn *sethash, void *sigkey_st) {
+ if (!*hash) *hash=find_cl_if(dict,"hash",CL_HASH,True,"site",loc);
+ sethash(sigkey_st,*hash);
+}
+#define SETUP_SETHASH(k) do{ \
+ if ((k)->sethash) \
+ setup_sethash(st,dict, &hash,loc, (k)->sethash,(k)->st); \
+}while(0)
+
static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
list_t *args)
{
st->log=find_cl_if(dict,"log",CL_LOG,True,"site",loc);
st->random=find_cl_if(dict,"random",CL_RANDOMSRC,True,"site",loc);
+ struct hash_if *hash=0;
st->privkey=find_cl_if(dict,"local-key",CL_SIGPRIVKEY,True,"site",loc);
st->addresses=dict_read_string_array(dict,"address",False,"site",loc,0);
if (st->addresses)
st->dh=find_cl_if(dict,"dh",CL_DH,True,"site",loc);
- if (st->privkey->sethash || st->pubkey->sethash) {
- struct hash_if *hash=find_cl_if(dict,"hash",CL_HASH,True,"site",loc);
- if (st->privkey->sethash) st->privkey->sethash(st->privkey->st,hash);
- if (st->pubkey->sethash) st->pubkey->sethash(st->pubkey->st,hash);
- }
+ SETUP_SETHASH(st->privkey);
+ SETUP_SETHASH(st->pubkey);
#define DEFAULT(D) (st->peer_mobile || st->local_mobile \
? DEFAULT_MOBILE_##D : DEFAULT_##D)
~ianmdlvl / secnet.git / blobdiff