G_EXP(gg, y, gg->g, a);
ok = G_EQ(gg, y, c);
if (!ok) {
- a_warn("KX %s bad-expected-reply-log", p_name(kx->p));
+ a_warn("KX", "?PEER", kx->p, "bad-expected-reply-log", A_END);
IF_TRACING(T_KEYEXCH, IF_TRACING(T_CRYPTO, {
trace(T_CRYPTO, "crypto: computed challenge = %s", gestr(gg, y));
}))
/* --- Ensure that we're in a sensible state --- */
if (kx->s != KXS_CHAL) {
- a_warn("KX %s unexpected %s", p_name(kx->p), pkname[msg]);
+ a_warn("KX", "?PEER", kx->p, "unexpected", "%s", pkname[msg], A_END);
goto bad;
}
(msg >= KX_COOKIE && (hc = buf_get(b, algs.hashsz)) == 0) ||
(msg >= KX_CHAL && (ck = buf_getmp(b)) == 0) ||
BLEFT(b)) {
- a_warn("KX %s invalid %s", p_name(kx->p), pkname[msg]);
+ a_warn("KX", "?PEER", kx->p, "invalid", "%s", pkname[msg], A_END);
goto bad;
}
if (!hc && kx->nr >= KX_THRESH) {
T( trace(T_KEYEXCH, "keyexch: too many challenges -- sending cookie"); )
- a_warn("KX %s sending-cookie", p_name(kx->p));
+ a_warn("KX", "?PEER", p_name, "sending-cookie", A_END);
b = p_txstart(kx->p, MSG_KEYEXCH | KX_COOKIE);
G_TOBUF(gg, b, kx->c);
h = GH_INIT(algs.h);
/* --- Discard a packet with an invalid cookie --- */
if (hc && memcmp(hc, kx->hc, algs.hashsz) != 0) {
- a_warn("KX %s incorrect cookie", p_name(kx->p));
+ a_warn("KX", "?PEER", "incorrect", "cookie", A_END);
goto bad;
}
if (ck) trace(T_CRYPTO, "crypto: check value = %s", mpstr(ck));
}))
if (memcmp(hc_out, kx->hc, algs.hashsz) != 0) {
- a_warn("KX %s incorrect cookie", p_name(kx->p));
+ a_warn("KX", "?PEER", kx->p, "incorrect", "cookie", A_END);
goto bad;
}
if ((kxc = kxc_byhc(kx, hc_in)) == 0) {
- a_warn("KX %s unknown-challenge", p_name(kx->p));
+ a_warn("KX", "?PEER", kx->p, "unknown-challenge", A_END);
goto bad;
}
if (!kxc->r) {
if (!ck) {
- a_warn("KX %s unexpected switch-rq", p_name(kx->p));
+ a_warn("KX", "?PEER", kx->p, "unexpected", "switch-rq", A_END);
goto bad;
}
if ((r = getreply(kx, kxc->c, ck)) == 0)
buf_init(&bb, buf_o, sizeof(buf_o));
if (ks_decrypt(kxc->ks, ty, b, &bb)) {
- a_warn("KX %s decrypt-failed reply", p_name(kx->p));
+ a_warn("KX", "?PEER", kx->p, "decrypt-failed", "reply", A_END);
goto bad;
}
buf_init(b, BBASE(&bb), BLEN(&bb));
r = G_CREATE(gg);
if (G_FROMBUF(gg, b, r)) {
- a_warn("KX %s invalid reply", p_name(kx->p));
+ a_warn("KX", "?PEER", kx->p, "invalid", "reply", A_END);
goto bad;
}
IF_TRACING(T_KEYEXCH, IF_TRACING(T_CRYPTO, {
trace(T_CRYPTO, "crypto: reply = %s", gestr(gg, r));
}))
if (!G_EQ(gg, r, kx->rx)) {
- a_warn("KX %s incorrect reply", p_name(kx->p));
+ a_warn("KX", "?PEER", kx->p, "incorrect", "reply", A_END);
goto bad;
}
kxchal *kxc;
if (kx->s != KXS_CHAL && kx->s != KXS_COMMIT) {
- a_warn("KX %s unexpected-reply", p_name(kx->p));
+ a_warn("KX", "?PEER", kx->p, "unexpected", "reply", A_END);
goto bad;
}
if ((hc_in = buf_get(b, algs.hashsz)) == 0 ||
(hc_out = buf_get(b, algs.hashsz)) == 0 ||
(ck = buf_getmp(b)) == 0) {
- a_warn("KX %s invalid reply", p_name(kx->p));
+ a_warn("KX", "?PEER", kx->p, "invalid", "reply", A_END);
goto bad;
}
if ((kxc = matchreply(kx, MSG_KEYEXCH | KX_REPLY,
hc_in, hc_out, ck, b)) == 0)
goto bad;
if (BLEFT(b)) {
- a_warn("KX %s invalid reply", p_name(kx->p));
+ a_warn("KX", "?PEER", kx->p, "invalid", "reply", A_END);
goto bad;
}
if (kx->s == KXS_CHAL) {
ks_activate(kxc->ks);
settimer(kx, ks_tregen(kxc->ks));
kx->s = KXS_SWITCH;
- a_notify("KXDONE %s", p_name(kx->p));
+ a_notify("KXDONE", "?PEER", kx->p, A_END);
p_stats(kx->p)->t_kx = time(0);
}
if ((hc_in = buf_get(b, algs.hashsz)) == 0 ||
(hc_out = buf_get(b, algs.hashsz)) == 0) {
- a_warn("KX %s invalid switch-rq", p_name(kx->p));
+ a_warn("KX", "?PEER", kx->p, "invalid", "switch-rq", A_END);
goto bad;
}
if ((kxc = matchreply(kx, MSG_KEYEXCH | KX_SWITCH,
hc_in, hc_out, 0, b)) == 0)
goto bad;
if ((hswrq = buf_get(b, algs.hashsz)) == 0 || BLEFT(b)) {
- a_warn("KX %s invalid switch-rq", p_name(kx->p));
+ a_warn("KX", "?PEER", "invalid", "switch-rq", A_END);
goto bad;
}
IF_TRACING(T_KEYEXCH, {
trace_block(T_CRYPTO, "crypto: switch request hash", hswrq, algs.hashsz);
})
if (memcmp(hswrq, kxc->hswrq_in, algs.hashsz) != 0) {
- a_warn("KX %s incorrect switch-rq", p_name(kx->p));
+ a_warn("KX", "?PEER", kx->p, "incorrect", "switch-rq", A_END);
goto bad;
}
switch (kx->s) {
buf bb;
if (kx->s < KXS_COMMIT) {
- a_warn("KX %s unexpected switch-ok", p_name(kx->p));
+ a_warn("KX", "?PEER", kx->p, "unexpected", "switch-ok", A_END);
goto bad;
}
kxc = kx->r[0];
buf_init(&bb, buf_o, sizeof(buf_o));
if (ks_decrypt(kxc->ks, MSG_KEYEXCH | KX_SWITCHOK, b, &bb)) {
- a_warn("KX %s decrypt-failed switch-ok", p_name(kx->p));
+ a_warn("KX", "?PEER", kx->p, "decrypt-failed", "switch-ok", A_END);
goto bad;
}
buf_init(b, BBASE(&bb), BLEN(&bb));
if ((hswok = buf_get(b, algs.hashsz)) == 0 || BLEFT(b)) {
- a_warn("KX %s invalid switch-ok", p_name(kx->p));
+ a_warn("KX", "?PEER", "invalid", "switch-ok", A_END);
goto bad;
}
IF_TRACING(T_KEYEXCH, {
hswok, algs.hashsz);
})
if (memcmp(hswok, kxc->hswok_in, algs.hashsz) != 0) {
- a_warn("KX %s incorrect switch-ok", p_name(kx->p));
+ a_warn("KX", "?PEER", kx->p, "incorrect", "switch-ok", A_END);
goto bad;
}
if (kx->s < KXS_SWITCH)
now = time(0);
if (KEY_EXPIRED(now, kx->texp_kpub)) {
stop(kx);
- a_warn("KX %s public-key-expired", p_name(kx->p));
+ a_warn("KX", "?PEER", kx->p, "public-key-expired", A_END);
G_COPY(gg, kx->kpub, gg->i);
kx->f &= ~KXF_PUBKEY;
return (-1);
if (forcep || !VALIDP(kx, now)) {
stop(kx);
start(kx, now);
- a_notify("KXSTART %s", p_name(kx->p));
+ a_notify("KXSTART", "?PEER", kx->p, A_END);
}
resend(kx);
}
rc = doswitchok(kx, b);
break;
default:
- a_warn("KX %s unknown-message 0x%02x", p_name(kx->p), msg);
+ a_warn("KX", "?PEER", kx->p, "unknown-message", "0x%02x", msg, A_END);
rc = -1;
break;
}