From: mdw Date: Sun, 6 Apr 2003 10:26:35 +0000 (+0000) Subject: Report peer name on decrypt errors. X-Git-Tag: 1.0.0pre3~10 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/commitdiff_plain/9466fafab433d568f41a01951c5ef2c04b1746d5 Report peer name on decrypt errors. --- diff --git a/keyexch.c b/keyexch.c index be7b2a35..80503b47 100644 --- a/keyexch.c +++ b/keyexch.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: keyexch.c,v 1.5 2002/01/13 14:54:40 mdw Exp $ + * $Id: keyexch.c,v 1.6 2003/04/06 10:26:35 mdw Exp $ * * Key exchange protocol * @@ -29,6 +29,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: keyexch.c,v $ + * Revision 1.6 2003/04/06 10:26:35 mdw + * Report peer name on decrypt errors. + * * Revision 1.5 2002/01/13 14:54:40 mdw * Patch up zero-knowledge property by passing an encrypted log with a * challenge, so that the prover can verify that the challenge is good. @@ -545,7 +548,7 @@ static int dochallenge(keyexch *kx, unsigned msg, buf *b) buf_putmp(b, r); z = BLEN(b); assert(BOK(b)); - kxc->ks = ks_gen(BBASE(b), x, y, z); + kxc->ks = ks_gen(BBASE(b), x, y, z, kx->p); mp_drop(r); } diff --git a/keyset.c b/keyset.c index ed98c14f..774aa450 100644 --- a/keyset.c +++ b/keyset.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: keyset.c,v 1.5 2001/06/19 22:07:43 mdw Exp $ + * $Id: keyset.c,v 1.6 2003/04/06 10:26:35 mdw Exp $ * * Handling of symmetric keysets * @@ -29,6 +29,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: keyset.c,v $ + * Revision 1.6 2003/04/06 10:26:35 mdw + * Report peer name on decrypt errors. + * * Revision 1.5 2001/06/19 22:07:43 mdw * Change the encrypted packet format to be non-malleable. * @@ -214,6 +217,7 @@ static int dodecrypt(keyset *ks, buf *b, buf *bb, uint32 *seq) }) h->ops->destroy(h); if (!eq) { + a_warn("incorrect MAC on packet from `%s'", p_name(ks->p)); IF_TRACING(T_KEYSET, { trace(T_KEYSET, "keyset: decryption failed"); trace_block(T_CRYPTO, "crypto: expected MAC", pmac, MACSZ); @@ -302,6 +306,7 @@ void ks_drop(keyset *ks) * * Arguments: @const void *k@ = pointer to key material * @size_t x, y, z@ = offsets into key material (see below) + * @peer *p@ = pointer to peer information * * Returns: A pointer to the new keyset. * @@ -320,13 +325,13 @@ void ks_drop(keyset *ks) * calling @ks_encrypt@ directly. */ -keyset *ks_gen(const void *k, size_t x, size_t y, size_t z) +keyset *ks_gen(const void *k, size_t x, size_t y, size_t z, peer *p) { HASH_CTX h; octet buf[HASHSZ]; keyset *ks = CREATE(keyset); time_t now = time(0); - const octet *p = k; + const octet *pp = k; T( static unsigned seq = 0; ) T( trace(T_KEYSET, "keyset: adding new keyset %u", seq); ) @@ -336,9 +341,9 @@ keyset *ks_gen(const void *k, size_t x, size_t y, size_t z) * This is done with macros, because it's quite tedious. */ -#define MINE HASH(&h, p, x) -#define YOURS HASH(&h, p + x, y - x) -#define OURS HASH(&h, p + y, z - y) +#define MINE HASH(&h, pp, x) +#define YOURS HASH(&h, pp + x, y - x) +#define OURS HASH(&h, pp + y, z - y) #define IN MINE; YOURS; OURS #define OUT YOURS; MINE; OURS @@ -376,6 +381,7 @@ keyset *ks_gen(const void *k, size_t x, size_t y, size_t z) ks->oseq = ks->iseq = 0; ks->iwin = 0; ks->next = 0; + ks->p = p; ks->f = KSF_LISTEN; BURN(buf); return (ks); diff --git a/tripe.h b/tripe.h index 069840e7..41744837 100644 --- a/tripe.h +++ b/tripe.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: tripe.h,v 1.12 2003/04/06 10:25:17 mdw Exp $ + * $Id: tripe.h,v 1.13 2003/04/06 10:26:35 mdw Exp $ * * Main header file for TrIPE * @@ -29,6 +29,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: tripe.h,v $ + * Revision 1.13 2003/04/06 10:26:35 mdw + * Report peer name on decrypt errors. + * * Revision 1.12 2003/04/06 10:25:17 mdw * Support Linux TUN/TAP device. Fix some bugs. * @@ -309,6 +312,7 @@ typedef union addr { typedef struct keyset { struct keyset *next; /* Next active keyset in the list */ unsigned ref; /* Reference count for keyset */ + struct peer *p; /* Pointer to peer structure */ time_t t_exp; /* Expiry time for this keyset */ unsigned long sz_exp; /* Data limit for the keyset */ T( unsigned seq; ) /* Sequence number for tracing */ @@ -611,6 +615,7 @@ extern void ks_drop(keyset */*ks*/); * * Arguments: @const void *k@ = pointer to key material * @size_t x, y, z@ = offsets into key material (see below) + * @peer *p@ = pointer to peer information * * Returns: A pointer to the new keyset. * @@ -630,7 +635,8 @@ extern void ks_drop(keyset */*ks*/); */ extern keyset *ks_gen(const void */*k*/, - size_t /*x*/, size_t /*y*/, size_t /*z*/); + size_t /*x*/, size_t /*y*/, size_t /*z*/, + peer */*p*/); /* --- @ks_tregen@ --- * *