/* -*-c-*-
*
- * $Id: keyset.c,v 1.5 2001/06/19 22:07:43 mdw Exp $
+ * $Id: keyset.c,v 1.6 2003/04/06 10:26:35 mdw Exp $
*
* Handling of symmetric keysets
*
/*----- Revision history --------------------------------------------------*
*
* $Log: keyset.c,v $
+ * Revision 1.6 2003/04/06 10:26:35 mdw
+ * Report peer name on decrypt errors.
+ *
* Revision 1.5 2001/06/19 22:07:43 mdw
* Change the encrypted packet format to be non-malleable.
*
})
h->ops->destroy(h);
if (!eq) {
+ a_warn("incorrect MAC on packet from `%s'", p_name(ks->p));
IF_TRACING(T_KEYSET, {
trace(T_KEYSET, "keyset: decryption failed");
trace_block(T_CRYPTO, "crypto: expected MAC", pmac, MACSZ);
*
* Arguments: @const void *k@ = pointer to key material
* @size_t x, y, z@ = offsets into key material (see below)
+ * @peer *p@ = pointer to peer information
*
* Returns: A pointer to the new keyset.
*
* calling @ks_encrypt@ directly.
*/
-keyset *ks_gen(const void *k, size_t x, size_t y, size_t z)
+keyset *ks_gen(const void *k, size_t x, size_t y, size_t z, peer *p)
{
HASH_CTX h;
octet buf[HASHSZ];
keyset *ks = CREATE(keyset);
time_t now = time(0);
- const octet *p = k;
+ const octet *pp = k;
T( static unsigned seq = 0; )
T( trace(T_KEYSET, "keyset: adding new keyset %u", seq); )
* This is done with macros, because it's quite tedious.
*/
-#define MINE HASH(&h, p, x)
-#define YOURS HASH(&h, p + x, y - x)
-#define OURS HASH(&h, p + y, z - y)
+#define MINE HASH(&h, pp, x)
+#define YOURS HASH(&h, pp + x, y - x)
+#define OURS HASH(&h, pp + y, z - y)
#define IN MINE; YOURS; OURS
#define OUT YOURS; MINE; OURS
ks->oseq = ks->iseq = 0;
ks->iwin = 0;
ks->next = 0;
+ ks->p = p;
ks->f = KSF_LISTEN;
BURN(buf);
return (ks);
~mdw / tripe / blobdiff