/* -*-c-*-
*
- * $Id: keyexch.c,v 1.5 2002/01/13 14:54:40 mdw Exp $
+ * $Id: keyexch.c,v 1.6 2003/04/06 10:26:35 mdw Exp $
*
* Key exchange protocol
*
/*----- Revision history --------------------------------------------------*
*
* $Log: keyexch.c,v $
+ * Revision 1.6 2003/04/06 10:26:35 mdw
+ * Report peer name on decrypt errors.
+ *
* Revision 1.5 2002/01/13 14:54:40 mdw
* Patch up zero-knowledge property by passing an encrypted log with a
* challenge, so that the prover can verify that the challenge is good.
buf_putmp(b, r); z = BLEN(b);
assert(BOK(b));
- kxc->ks = ks_gen(BBASE(b), x, y, z);
+ kxc->ks = ks_gen(BBASE(b), x, y, z, kx->p);
mp_drop(r);
}
/* -*-c-*-
*
- * $Id: keyset.c,v 1.5 2001/06/19 22:07:43 mdw Exp $
+ * $Id: keyset.c,v 1.6 2003/04/06 10:26:35 mdw Exp $
*
* Handling of symmetric keysets
*
/*----- Revision history --------------------------------------------------*
*
* $Log: keyset.c,v $
+ * Revision 1.6 2003/04/06 10:26:35 mdw
+ * Report peer name on decrypt errors.
+ *
* Revision 1.5 2001/06/19 22:07:43 mdw
* Change the encrypted packet format to be non-malleable.
*
})
h->ops->destroy(h);
if (!eq) {
+ a_warn("incorrect MAC on packet from `%s'", p_name(ks->p));
IF_TRACING(T_KEYSET, {
trace(T_KEYSET, "keyset: decryption failed");
trace_block(T_CRYPTO, "crypto: expected MAC", pmac, MACSZ);
*
* Arguments: @const void *k@ = pointer to key material
* @size_t x, y, z@ = offsets into key material (see below)
+ * @peer *p@ = pointer to peer information
*
* Returns: A pointer to the new keyset.
*
* calling @ks_encrypt@ directly.
*/
-keyset *ks_gen(const void *k, size_t x, size_t y, size_t z)
+keyset *ks_gen(const void *k, size_t x, size_t y, size_t z, peer *p)
{
HASH_CTX h;
octet buf[HASHSZ];
keyset *ks = CREATE(keyset);
time_t now = time(0);
- const octet *p = k;
+ const octet *pp = k;
T( static unsigned seq = 0; )
T( trace(T_KEYSET, "keyset: adding new keyset %u", seq); )
* This is done with macros, because it's quite tedious.
*/
-#define MINE HASH(&h, p, x)
-#define YOURS HASH(&h, p + x, y - x)
-#define OURS HASH(&h, p + y, z - y)
+#define MINE HASH(&h, pp, x)
+#define YOURS HASH(&h, pp + x, y - x)
+#define OURS HASH(&h, pp + y, z - y)
#define IN MINE; YOURS; OURS
#define OUT YOURS; MINE; OURS
ks->oseq = ks->iseq = 0;
ks->iwin = 0;
ks->next = 0;
+ ks->p = p;
ks->f = KSF_LISTEN;
BURN(buf);
return (ks);
/* -*-c-*-
*
- * $Id: tripe.h,v 1.12 2003/04/06 10:25:17 mdw Exp $
+ * $Id: tripe.h,v 1.13 2003/04/06 10:26:35 mdw Exp $
*
* Main header file for TrIPE
*
/*----- Revision history --------------------------------------------------*
*
* $Log: tripe.h,v $
+ * Revision 1.13 2003/04/06 10:26:35 mdw
+ * Report peer name on decrypt errors.
+ *
* Revision 1.12 2003/04/06 10:25:17 mdw
* Support Linux TUN/TAP device. Fix some bugs.
*
typedef struct keyset {
struct keyset *next; /* Next active keyset in the list */
unsigned ref; /* Reference count for keyset */
+ struct peer *p; /* Pointer to peer structure */
time_t t_exp; /* Expiry time for this keyset */
unsigned long sz_exp; /* Data limit for the keyset */
T( unsigned seq; ) /* Sequence number for tracing */
*
* Arguments: @const void *k@ = pointer to key material
* @size_t x, y, z@ = offsets into key material (see below)
+ * @peer *p@ = pointer to peer information
*
* Returns: A pointer to the new keyset.
*
*/
extern keyset *ks_gen(const void */*k*/,
- size_t /*x*/, size_t /*y*/, size_t /*z*/);
+ size_t /*x*/, size_t /*y*/, size_t /*z*/,
+ peer */*p*/);
/* --- @ks_tregen@ --- *
*