* <encdec-keys-fd>
* <mtu> <keepalive> <timeout>
* <public-remote-addr> [<public-remote-port>]
- * <mech1> [<mech1-params> ...]
- * <mech2> [<mech2-params> ...]
+ * !<mech1> [<mech1-params> ...]
+ * !<mech2> [<mech2-params> ...]
* ''
*
* Remote addr may '' to mean wait to receive a packet and reply to
*
* <optchars> is zero or more of
* w means generate and write encdec keys, rather than reading them
- * D means do crypto debug (use with care!)
+ * K means do crypto debug (use with care!)
*
* Every must be numeric. There is very little argument checking.
*
#define MAXMECHS 10
static size_t buffer_size;
+static struct utsname uname_result;
static const char *opt_chars;
static int public_local_fd, private_in_fd, private_out_fd;
static void cdebug(int mechno /*or -1*/, const char *msg) {
if (!crypto_debug) return;
- printf("%s: CRYPTO: %-20s encrypt setup\n",
+ printf("%s: CRYPTO: %-20s %s\n",
programid,
- mechno >= 0 ? mechs[i]->name : "",
+ mechno >= 0 ? mechs[mechno]->name : "",
msg);
}
-static void cdebughex(int mechno /*or -1*/, const char *msg,
- size_t skipbefore, const void *ptr, size_t sz, size_t skipafter) {
+static void cdebughex(int mechno /*or -1*/, const char *msg, const void *ptr,
+ size_t sz, size_t skipbefore,
+ int spc_offset, int dot_offset) {
const unsigned char *p;
+ size_t i;
+ unsigned j= dot_offset;
if (!crypto_debug) return;
- printf("%s: CRYPTO: %-20s %s",
- programid,
- mechno >= 0 ? mechs[i]->name : "",
+ printf("%-8.8s: CRYPTO: %-20s %-10s",
+ uname_result.nodename,
+ mechno >= 0 ? mechs[mechno]->name : "",
msg);
- for (i=0; i<skipbefore) fputs(" ..",stdout);
- for (i=0, p=ptr; i<sz; i++, p++) fprintf(" %02x",*p);
- for (i=0; i<skipafter) fputs(" ..",stdout);
+
+ for (i=0; i<spc_offset; i++, j++) fputs(j&3 ? " " : " ",stdout);
+ for (i=0; i<skipbefore; i++, j++) fputs(j&3 ? ".." : " ..",stdout);
+ for (i=0, p=ptr; i<sz; i++, j++, p++) printf(j&3 ? "%02x" : " %02x",*p);
+
fputc('\n',stdout);
}
+static void cdebugbuf(int mechno /*or -1*/, const char *msg,
+ const struct buffer *buf, int spc_offset, int dot_offset) {
+ cdebughex(mechno, msg, buf->start, buf->size, buf->start - buf->base,
+ spc_offset, dot_offset);
+}
+
void get_random(void *ptr, size_t sz) {
static FILE *randfile;
}
r= fread(ptr,1,sz,randfile);
- if (r == sz) return;
- (ferror(randfile) ? sysfail : fail)("cannot read random number generator");
+ if (r != sz)
+ (ferror(randfile) ? sysfail : fail)("cannot read random number generator");
- cdebughex(-1, "get_random", ptr, sz, 0,0);
+ cdebughex(-1, "get_random", ptr, sz, 0,0,0);
}
void random_key(void *ptr, size_t sz) {
if (r==-1) sysfail("fcntl F_SETFL");
}
-static const struct mechanism *getarg_mech(void) {
- const char *name;
+static const struct mechanism *find_mech(const char *name) {
const struct mechanism *mech, *const *mechlist;
- name= getarg_string();
-
for (mechlist= mechanismlists;
*mechlist;
mechlist++)
assert(r <= buf_in.size);
buf_in.size= r;
+ cdebugbuf(-1, "decode", &buf_in, 3,0);
for (i=n_mechs-1; i>=0; i--) {
emsg= mechs[i]->decode(md_in[i],&buf_in);
if (emsg) {
fprintf(stderr, "%s: bad packet: %s: %s\n", programid, mechs[i]->name, emsg);
return;
}
+ cdebugbuf(i, "decode", &buf_in, 3,0);
}
alarm(timeout);
nextsendka= now() + keepalive;
- for (i=0; i<n_mechs; i++) mechs[i]->encode(md_out[i],&buf_out);
+ cdebugbuf(-1, "encode", &buf_out, 4,0);
+ for (i=0; i<n_mechs; i++) {
+ mechs[i]->encode(md_out[i],&buf_out);
+ cdebugbuf(i, "encode", &buf_out, 4,0);
+ }
assert(public_remote_specd);
setnonblock(public_local_fd,1);
int main(int argc, const char *const *const argv_in) {
const char *arg;
+ const char *const *argv_save;
+ const char *const *argv_done;
struct pollfd pollfds[2];
- struct utsname uname_result;
int i, polltimeout, r;
time_t tnow;
sprintf(programid, PROGRAM ": %.*s", SYS_NMLN, uname_result.nodename);
opt_chars= getarg_string();
- encdec_keys_write= !!strchr(opt_chars,"w");
- crypto_debug= !!strchr(opt_chars,"D");
+ encdec_keys_write= !!strchr(opt_chars,'w');
+ crypto_debug= !!strchr(opt_chars,'K');
public_local_fd= getarg_ulong();
private_in_fd= getarg_ulong();
}
maxprefix= 0;
- for (i=0; i<n_mechs; i++) {
- mechs[i]= getarg_mech();
- }
- for (i=0; i<n_mechs; i++) {
- cdebug(i,"encrypt setup");
+ i= 0;
+ while ((arg= *++argv)) {
+ arg_assert(*arg++ == '!');
+ arg_assert(i <= MAXMECHS);
+ mechs[i]= find_mech(arg);
+ cdebug(i,"encsetup");
+
+ argv_save= argv;
mechs[i]->encsetup(&md_in[i], &maxprefix, &maxsuffix);
- }
- for (i=0; i<n_mechs; i++) {
- cdebug(i,"decrypt setup");
+
+ argv_done= argv;
+ argv= argv_save;
+ cdebug(i,"decsetup");
mechs[i]->decsetup(&md_out[i]);
+
+ assert(argv == argv_done);
+
+ i++;
}
+ n_mechs= i;
if (maxprefix<1) maxprefix= 1;
if (maxsuffix<1) maxsuffix= 1;
return show_addr($s).','.show_port($s);
}
sub arg_value ($$) {
- my ($val,$opt);
+ my ($val,$opt) = @_;
$_= '-';
return $val if length $val;
@ARGV or quit("$opt needs value");
$fcmd= arg_value($_,'-f');
} elsif (s/^-e//) {
$encrarg= arg_value($_,'-e');
- push @encrargs, "-e$encrarg";
- push @encryption, split m#/#, $encrarg;
+ push @remoteopts, "-e$encrarg";
+ @thisencryption= split m#/#, $encrarg;
+ $thisencryption[0] =~ s/^/\!/;
+ push @encryption, @thisencryption;
} elsif (s/^-m/-/) {
$masq= 1;
} elsif (s/^-d/-/) {
$dump= 1;
} elsif (s/^-Dcrypto$/-/) {
$xfwdopts.= 'K';
+ push @remoteopts, '-Dcrypto';
} else {
quit("unknown option \`$_'");
}
$rad= xform_remote(show_addr($rs),$ras);
$rpd= xform_remote(show_port($rs),$rps);
@rcmd= (@ARGV,
- @encrargs,
+ @remoteopts,
"$rad,$rpd",
$masq ? 'Wait,Wait' : $lapd,
"$rva,$lva,$mtu,$proto",
pipe(RAPREAD,RCMDREADSUB) or fail("pipe");
select(RCMDREADSUB); $|=1; select(STDOUT);
}
- pipe(DUMPKEYS,RCMDWRITESUB) or fail("pipe");
+ pipe(RCMDWRITESUB,DUMPKEYS) or fail("pipe");
defined($c_rcmd= fork) or fail("fork for remote");
if (!$c_rcmd) {
- open STDIN, ">&RCMDWRITESUB" or fail("reopen stdin for remote command");
+ open STDIN, "<&RCMDWRITESUB" or fail("reopen stdin for remote command");
open STDOUT, ">&RCMDREADSUB" or fail("reopen stdout for remote command")
if $rapcmd;
close RAPREAD if $rapcmd;
defined($c_fwd= fork) or fail("fork for udptunnel-forwarder");
if (!$c_fwd) {
- foreach $fd (qw(L DW UR)) {
+ foreach $fd (qw(L DW UR DUMPKEYS)) {
fcntl($fd, F_SETFD, 0) or fail("set no-close-on-exec $fd");
}
exec @fcmd; fail("cannot execute $fcmd[0]");
while (keys %procs) {
($c= wait) >0 or
fail("wait failed (expecting ". join('; ',keys %procs). ")");
- warning("unexpected child reaped: pid $c, code $?"), next
+ $status= $?;
+ warning("unexpected child reaped: pid $c, code $status"), next
unless exists $procs{$c};
$str= $procs{$c};
delete $procs{$c};
- $? ? warning("subprocess $str failed with code $?")
+ $status ? warning("subprocess $str failed with code $status")
: debug("subprocess $str finished");
if ($c==$c_lcmd || $c==$c_fwd || $c==$c_rcmd) {
kill 15, grep (exists $procs{$_}, $c_fwd, $c_rcmd);