diff options
Diffstat (limited to 'src/protocols/ec25519_fhmqvc/handshake.c')
-rw-r--r-- | src/protocols/ec25519_fhmqvc/handshake.c | 236 |
1 files changed, 118 insertions, 118 deletions
diff --git a/src/protocols/ec25519_fhmqvc/handshake.c b/src/protocols/ec25519_fhmqvc/handshake.c index dda798b..df53157 100644 --- a/src/protocols/ec25519_fhmqvc/handshake.c +++ b/src/protocols/ec25519_fhmqvc/handshake.c @@ -68,46 +68,46 @@ static void derive_key(fastd_sha256_t *out, size_t blocks, const uint32_t *salt, fastd_hkdf_sha256_expand(out, blocks, &prk, info, sizeof(info)); } -static inline void supersede_session(fastd_context_t *ctx, fastd_peer_t *peer, const fastd_method_info_t *method) { - if (is_session_valid(ctx, &peer->protocol_state->session) && !is_session_valid(ctx, &peer->protocol_state->old_session)) { +static inline void supersede_session(fastd_peer_t *peer, const fastd_method_info_t *method) { + if (is_session_valid(&peer->protocol_state->session) && !is_session_valid(&peer->protocol_state->old_session)) { if (peer->protocol_state->old_session.method) - peer->protocol_state->old_session.method->provider->session_free(ctx, peer->protocol_state->old_session.method_state); + peer->protocol_state->old_session.method->provider->session_free(peer->protocol_state->old_session.method_state); peer->protocol_state->old_session = peer->protocol_state->session; } else { if (peer->protocol_state->session.method) - peer->protocol_state->session.method->provider->session_free(ctx, peer->protocol_state->session.method_state); + peer->protocol_state->session.method->provider->session_free(peer->protocol_state->session.method_state); } if (peer->protocol_state->old_session.method) { if (peer->protocol_state->old_session.method != method) { - pr_debug(ctx, "method of %P has changed, terminating old session", peer); - peer->protocol_state->old_session.method->provider->session_free(ctx, peer->protocol_state->old_session.method_state); + pr_debug("method of %P has changed, terminating old session", peer); + peer->protocol_state->old_session.method->provider->session_free(peer->protocol_state->old_session.method_state); peer->protocol_state->old_session = (protocol_session_t){}; } else { - peer->protocol_state->old_session.method->provider->session_superseded(ctx, peer->protocol_state->old_session.method_state); + peer->protocol_state->old_session.method->provider->session_superseded(peer->protocol_state->old_session.method_state); } } } -static inline bool new_session(fastd_context_t *ctx, fastd_peer_t *peer, const fastd_method_info_t *method, bool initiator, +static inline bool new_session(fastd_peer_t *peer, const fastd_method_info_t *method, bool initiator, const aligned_int256_t *A, const aligned_int256_t *B, const aligned_int256_t *X, const aligned_int256_t *Y, const aligned_int256_t *sigma, const uint32_t *salt, uint64_t serial) { - supersede_session(ctx, peer, method); + supersede_session(peer, method); if (salt) { - size_t blocks = block_count(method->provider->key_length(ctx, method->method), sizeof(fastd_sha256_t)); + size_t blocks = block_count(method->provider->key_length(method->method), sizeof(fastd_sha256_t)); fastd_sha256_t secret[blocks]; derive_key(secret, blocks, salt, method->name, A, B, X, Y, sigma); - peer->protocol_state->session.method_state = method->provider->session_init(ctx, method->method, (const uint8_t*)secret, initiator); + peer->protocol_state->session.method_state = method->provider->session_init(method->method, (const uint8_t*)secret, initiator); } else { fastd_sha256_t hash; fastd_sha256_blocks(&hash, X->u32, Y->u32, A->u32, B->u32, sigma->u32, NULL); - peer->protocol_state->session.method_state = method->provider->session_init_compat(ctx, method->method, hash.b, HASHBYTES, initiator); + peer->protocol_state->session.method_state = method->provider->session_init_compat(method->method, hash.b, HASHBYTES, initiator); } if (!peer->protocol_state->session.method_state) @@ -121,44 +121,44 @@ static inline bool new_session(fastd_context_t *ctx, fastd_peer_t *peer, const f return true; } -static bool establish(fastd_context_t *ctx, fastd_peer_t *peer, const fastd_method_info_t *method, fastd_socket_t *sock, +static bool establish(fastd_peer_t *peer, const fastd_method_info_t *method, fastd_socket_t *sock, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *remote_addr, bool initiator, const aligned_int256_t *A, const aligned_int256_t *B, const aligned_int256_t *X, const aligned_int256_t *Y, const aligned_int256_t *sigma, const uint32_t *salt, uint64_t serial) { if (serial <= peer->protocol_state->last_serial) { - pr_debug(ctx, "ignoring handshake from %P[%I] because of handshake key reuse", peer, remote_addr); + pr_debug("ignoring handshake from %P[%I] because of handshake key reuse", peer, remote_addr); return false; } if (!salt && !method->provider->session_init_compat) { - pr_warn(ctx, "can't establish compat session with %P[%I] (method without compat support)", peer, remote_addr); + pr_warn("can't establish compat session with %P[%I] (method without compat support)", peer, remote_addr); return false; } - pr_verbose(ctx, "%I authorized as %P", remote_addr, peer); + pr_verbose("%I authorized as %P", remote_addr, peer); - if (!fastd_peer_claim_address(ctx, peer, sock, local_addr, remote_addr)) { - pr_warn(ctx, "can't set address %I which is used by a fixed peer", remote_addr); - fastd_peer_reset(ctx, peer); + if (!fastd_peer_claim_address(peer, sock, local_addr, remote_addr)) { + pr_warn("can't set address %I which is used by a fixed peer", remote_addr); + fastd_peer_reset(peer); return false; } - if (!new_session(ctx, peer, method, initiator, A, B, X, Y, sigma, salt, serial)) { - pr_error(ctx, "failed to initialize method session for %P (method `%s'%s)", peer, method->name, salt ? "" : " (compat mode)"); - fastd_peer_reset(ctx, peer); + if (!new_session(peer, method, initiator, A, B, X, Y, sigma, salt, serial)) { + pr_error("failed to initialize method session for %P (method `%s'%s)", peer, method->name, salt ? "" : " (compat mode)"); + fastd_peer_reset(peer); return false; } - peer->establish_handshake_timeout = fastd_in_seconds(ctx, conf.min_handshake_interval); - fastd_peer_seen(ctx, peer); - fastd_peer_set_established(ctx, peer); + peer->establish_handshake_timeout = fastd_in_seconds(conf.min_handshake_interval); + fastd_peer_seen(peer); + fastd_peer_set_established(peer); - pr_verbose(ctx, "new session with %P established using method `%s'%s.", peer, method->name, salt ? "" : " (compat mode)"); + pr_verbose("new session with %P established using method `%s'%s.", peer, method->name, salt ? "" : " (compat mode)"); if (initiator) - fastd_peer_schedule_handshake_default(ctx, peer); + fastd_peer_schedule_handshake_default(peer); else - fastd_protocol_ec25519_fhmqvc_send_empty(ctx, peer, &peer->protocol_state->session); + fastd_protocol_ec25519_fhmqvc_send_empty(peer, &peer->protocol_state->session); return true; } @@ -260,7 +260,7 @@ static bool update_shared_handshake_key(const fastd_peer_t *peer, const handshak return true; } -static void clear_shared_handshake_key(fastd_context_t *ctx UNUSED, const fastd_peer_t *peer) { +static void clear_shared_handshake_key(const fastd_peer_t *peer) { memset(&peer->protocol_state->sigma, 0, sizeof(peer->protocol_state->sigma)); memset(&peer->protocol_state->shared_handshake_key, 0, sizeof(peer->protocol_state->shared_handshake_key)); memset(&peer->protocol_state->shared_handshake_key_compat, 0, sizeof(peer->protocol_state->shared_handshake_key_compat)); @@ -269,37 +269,37 @@ static void clear_shared_handshake_key(fastd_context_t *ctx UNUSED, const fastd_ memset(&peer->protocol_state->peer_handshake_key, 0, sizeof(peer->protocol_state->peer_handshake_key)); } -static void respond_handshake(fastd_context_t *ctx, const fastd_socket_t *sock, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *remote_addr, fastd_peer_t *peer, +static void respond_handshake(const fastd_socket_t *sock, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *remote_addr, fastd_peer_t *peer, const handshake_key_t *handshake_key, const aligned_int256_t *peer_handshake_key, const fastd_handshake_t *handshake, const fastd_method_info_t *method) { - pr_debug(ctx, "responding handshake with %P[%I]...", peer, remote_addr); + pr_debug("responding handshake with %P[%I]...", peer, remote_addr); if (!update_shared_handshake_key(peer, handshake_key, peer_handshake_key)) return; - fastd_buffer_t buffer = fastd_handshake_new_reply(ctx, handshake, method, true, 4*(4+PUBLICKEYBYTES) + 2*(4+HASHBYTES)); + fastd_buffer_t buffer = fastd_handshake_new_reply(handshake, method, true, 4*(4+PUBLICKEYBYTES) + 2*(4+HASHBYTES)); - fastd_handshake_add(ctx, &buffer, RECORD_SENDER_KEY, PUBLICKEYBYTES, &conf.protocol_config->key.public); - fastd_handshake_add(ctx, &buffer, RECORD_RECEIPIENT_KEY, PUBLICKEYBYTES, &peer->protocol_config->public_key); - fastd_handshake_add(ctx, &buffer, RECORD_SENDER_HANDSHAKE_KEY, PUBLICKEYBYTES, &handshake_key->key.public); - fastd_handshake_add(ctx, &buffer, RECORD_RECEIPIENT_HANDSHAKE_KEY, PUBLICKEYBYTES, peer_handshake_key); + fastd_handshake_add(&buffer, RECORD_SENDER_KEY, PUBLICKEYBYTES, &conf.protocol_config->key.public); + fastd_handshake_add(&buffer, RECORD_RECEIPIENT_KEY, PUBLICKEYBYTES, &peer->protocol_config->public_key); + fastd_handshake_add(&buffer, RECORD_SENDER_HANDSHAKE_KEY, PUBLICKEYBYTES, &handshake_key->key.public); + fastd_handshake_add(&buffer, RECORD_RECEIPIENT_HANDSHAKE_KEY, PUBLICKEYBYTES, peer_handshake_key); fastd_sha256_t hmacbuf; if (!conf.secure_handshakes) { fastd_hmacsha256_blocks(&hmacbuf, peer->protocol_state->shared_handshake_key_compat.w, conf.protocol_config->key.public.u32, handshake_key->key.public.u32, NULL); - fastd_handshake_add(ctx, &buffer, RECORD_T, HASHBYTES, hmacbuf.b); + fastd_handshake_add(&buffer, RECORD_T, HASHBYTES, hmacbuf.b); } - uint8_t *mac = fastd_handshake_add_zero(ctx, &buffer, RECORD_TLV_MAC, HASHBYTES); + uint8_t *mac = fastd_handshake_add_zero(&buffer, RECORD_TLV_MAC, HASHBYTES); fastd_hmacsha256(&hmacbuf, peer->protocol_state->shared_handshake_key.w, fastd_handshake_tlv_data(&buffer), fastd_handshake_tlv_len(&buffer)); memcpy(mac, hmacbuf.b, HASHBYTES); - fastd_send_handshake(ctx, sock, local_addr, remote_addr, peer, buffer); + fastd_send_handshake(sock, local_addr, remote_addr, peer, buffer); } -static void finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *remote_addr, fastd_peer_t *peer, const handshake_key_t *handshake_key, const aligned_int256_t *peer_handshake_key, +static void finish_handshake(fastd_socket_t *sock, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *remote_addr, fastd_peer_t *peer, const handshake_key_t *handshake_key, const aligned_int256_t *peer_handshake_key, const fastd_handshake_t *handshake, const fastd_method_info_t *method) { - pr_debug(ctx, "finishing handshake with %P[%I]...", peer, remote_addr); + pr_debug("finishing handshake with %P[%I]...", peer, remote_addr); bool compat = !secure_handshake(handshake); @@ -328,40 +328,40 @@ static void finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, const f } if (!valid) { - pr_warn(ctx, "received invalid protocol handshake response from %P[%I]", peer, remote_addr); + pr_warn("received invalid protocol handshake response from %P[%I]", peer, remote_addr); return; } - if (!establish(ctx, peer, method, sock, local_addr, remote_addr, true, &handshake_key->key.public, peer_handshake_key, &conf.protocol_config->key.public, + if (!establish(peer, method, sock, local_addr, remote_addr, true, &handshake_key->key.public, peer_handshake_key, &conf.protocol_config->key.public, &peer->protocol_config->public_key, &sigma, compat ? NULL : shared_handshake_key.w, handshake_key->serial)) return; - fastd_buffer_t buffer = fastd_handshake_new_reply(ctx, handshake, method, false, 4*(4+PUBLICKEYBYTES) + 2*(4+HASHBYTES)); + fastd_buffer_t buffer = fastd_handshake_new_reply(handshake, method, false, 4*(4+PUBLICKEYBYTES) + 2*(4+HASHBYTES)); - fastd_handshake_add(ctx, &buffer, RECORD_SENDER_KEY, PUBLICKEYBYTES, &conf.protocol_config->key.public); - fastd_handshake_add(ctx, &buffer, RECORD_RECEIPIENT_KEY, PUBLICKEYBYTES, &peer->protocol_config->public_key); - fastd_handshake_add(ctx, &buffer, RECORD_SENDER_HANDSHAKE_KEY, PUBLICKEYBYTES, &handshake_key->key.public); - fastd_handshake_add(ctx, &buffer, RECORD_RECEIPIENT_HANDSHAKE_KEY, PUBLICKEYBYTES, peer_handshake_key); + fastd_handshake_add(&buffer, RECORD_SENDER_KEY, PUBLICKEYBYTES, &conf.protocol_config->key.public); + fastd_handshake_add(&buffer, RECORD_RECEIPIENT_KEY, PUBLICKEYBYTES, &peer->protocol_config->public_key); + fastd_handshake_add(&buffer, RECORD_SENDER_HANDSHAKE_KEY, PUBLICKEYBYTES, &handshake_key->key.public); + fastd_handshake_add(&buffer, RECORD_RECEIPIENT_HANDSHAKE_KEY, PUBLICKEYBYTES, peer_handshake_key); if (!compat) { fastd_sha256_t hmacbuf; - uint8_t *mac = fastd_handshake_add_zero(ctx, &buffer, RECORD_TLV_MAC, HASHBYTES); + uint8_t *mac = fastd_handshake_add_zero(&buffer, RECORD_TLV_MAC, HASHBYTES); fastd_hmacsha256(&hmacbuf, shared_handshake_key.w, fastd_handshake_tlv_data(&buffer), fastd_handshake_tlv_len(&buffer)); memcpy(mac, hmacbuf.b, HASHBYTES); } else { fastd_sha256_t hmacbuf; fastd_hmacsha256_blocks(&hmacbuf, shared_handshake_key_compat.w, conf.protocol_config->key.public.u32, handshake_key->key.public.u32, NULL); - fastd_handshake_add(ctx, &buffer, RECORD_T, HASHBYTES, hmacbuf.b); + fastd_handshake_add(&buffer, RECORD_T, HASHBYTES, hmacbuf.b); } - fastd_send_handshake(ctx, sock, local_addr, remote_addr, peer, buffer); + fastd_send_handshake(sock, local_addr, remote_addr, peer, buffer); } -static void handle_finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *remote_addr, +static void handle_finish_handshake(fastd_socket_t *sock, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *remote_addr, fastd_peer_t *peer, const handshake_key_t *handshake_key, const aligned_int256_t *peer_handshake_key, const fastd_handshake_t *handshake, const fastd_method_info_t *method) { - pr_debug(ctx, "handling handshake finish with %P[%I]...", peer, remote_addr); + pr_debug("handling handshake finish with %P[%I]...", peer, remote_addr); bool compat = !secure_handshake(handshake); @@ -381,27 +381,27 @@ static void handle_finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, } if (!valid) { - pr_warn(ctx, "received invalid protocol handshake finish from %P[%I]", peer, remote_addr); + pr_warn("received invalid protocol handshake finish from %P[%I]", peer, remote_addr); return; } - establish(ctx, peer, method, sock, local_addr, remote_addr, false, peer_handshake_key, &handshake_key->key.public, &peer->protocol_config->public_key, + establish(peer, method, sock, local_addr, remote_addr, false, peer_handshake_key, &handshake_key->key.public, &peer->protocol_config->public_key, &conf.protocol_config->key.public, &peer->protocol_state->sigma, compat ? NULL : peer->protocol_state->shared_handshake_key.w, handshake_key->serial); - clear_shared_handshake_key(ctx, peer); + clear_shared_handshake_key(peer); } -static fastd_peer_t* find_sender_key(fastd_context_t *ctx, const fastd_peer_address_t *address, const unsigned char key[32]) { +static fastd_peer_t* find_sender_key(const fastd_peer_address_t *address, const unsigned char key[32]) { errno = 0; fastd_peer_t *ret = NULL; size_t i; - for (i = 0; i < VECTOR_LEN(ctx->peers); i++) { - fastd_peer_t *peer = VECTOR_INDEX(ctx->peers, i); + for (i = 0; i < VECTOR_LEN(ctx.peers); i++) { + fastd_peer_t *peer = VECTOR_INDEX(ctx.peers, i); if (memcmp(&peer->protocol_config->public_key, key, PUBLICKEYBYTES) == 0) { - if (!fastd_peer_matches_address(ctx, peer, address)) { + if (!fastd_peer_matches_address(peer, address)) { errno = EPERM; return NULL; } @@ -410,7 +410,7 @@ static fastd_peer_t* find_sender_key(fastd_context_t *ctx, const fastd_peer_addr continue; } - if (fastd_peer_owns_address(ctx, peer, address)) { + if (fastd_peer_owns_address(peer, address)) { errno = EPERM; return NULL; } @@ -422,23 +422,23 @@ static fastd_peer_t* find_sender_key(fastd_context_t *ctx, const fastd_peer_addr return ret; } -static fastd_peer_t* match_sender_key(fastd_context_t *ctx, const fastd_socket_t *sock, const fastd_peer_address_t *address, fastd_peer_t *peer, const unsigned char key[32]) { +static fastd_peer_t* match_sender_key(const fastd_socket_t *sock, const fastd_peer_address_t *address, fastd_peer_t *peer, const unsigned char key[32]) { errno = 0; if (sock->peer && peer != sock->peer) - exit_bug(ctx, "packet without correct peer set on dynamic socket"); + exit_bug("packet without correct peer set on dynamic socket"); if (peer) { if (memcmp(&peer->protocol_config->public_key, key, PUBLICKEYBYTES) == 0) return peer; - if (fastd_peer_owns_address(ctx, peer, address)) { + if (fastd_peer_owns_address(peer, address)) { errno = EPERM; return NULL; } } - return find_sender_key(ctx, address, key); + return find_sender_key(address, key); } static size_t key_count(const unsigned char key[32]) { @@ -456,7 +456,7 @@ static size_t key_count(const unsigned char key[32]) { return ret; } -bool fastd_protocol_ec25519_fhmqvc_peer_check(fastd_context_t *ctx, fastd_peer_config_t *peer_conf) { +bool fastd_protocol_ec25519_fhmqvc_peer_check(fastd_peer_config_t *peer_conf) { if (!peer_conf->protocol_config) return false; @@ -466,18 +466,18 @@ bool fastd_protocol_ec25519_fhmqvc_peer_check(fastd_context_t *ctx, fastd_peer_c if (key_count(peer_conf->protocol_config->public_key.u8) > 1) { char buf[65]; hexdump(buf, peer_conf->protocol_config->public_key.u8); - pr_warn(ctx, "more than one peer is configured with key %s, disabling %s", buf, peer_conf->name); + pr_warn("more than one peer is configured with key %s, disabling %s", buf, peer_conf->name); return false; } return true; } -bool fastd_protocol_ec25519_fhmqvc_peer_check_temporary(fastd_context_t *ctx, fastd_peer_t *peer) { +bool fastd_protocol_ec25519_fhmqvc_peer_check_temporary(fastd_peer_t *peer) { if (key_count(peer->protocol_config->public_key.u8)) { char buf[65]; hexdump(buf, peer->protocol_config->public_key.u8); - pr_info(ctx, "key %s is configured now, deleting temporary peer.", buf); + pr_info("key %s is configured now, deleting temporary peer.", buf); return false; } @@ -488,18 +488,18 @@ static inline bool allow_unknown(void) { return fastd_shell_command_isset(&conf.on_verify); } -static inline fastd_peer_t* add_temporary(fastd_context_t *ctx, const fastd_peer_address_t *addr, const unsigned char key[32]) { +static inline fastd_peer_t* add_temporary(const fastd_peer_address_t *addr, const unsigned char key[32]) { if (!allow_unknown()) { - pr_debug(ctx, "ignoring handshake from %I (unknown key)", addr); + pr_debug("ignoring handshake from %I (unknown key)", addr); return NULL; } if (key_count(key)) { - pr_debug(ctx, "ignoring handshake from %I (disabled key)", addr); + pr_debug("ignoring handshake from %I (disabled key)", addr); return NULL; } - fastd_peer_t *peer = fastd_peer_add_temporary(ctx); + fastd_peer_t *peer = fastd_peer_add_temporary(); peer->protocol_config = malloc(sizeof(fastd_protocol_peer_config_t)); memcpy(&peer->protocol_config->public_key, key, PUBLICKEYBYTES); @@ -511,79 +511,79 @@ static inline fastd_peer_t* add_temporary(fastd_context_t *ctx, const fastd_peer } -void fastd_protocol_ec25519_fhmqvc_handshake_init(fastd_context_t *ctx, const fastd_socket_t *sock, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *remote_addr, fastd_peer_t *peer) { - fastd_protocol_ec25519_fhmqvc_maintenance(ctx); +void fastd_protocol_ec25519_fhmqvc_handshake_init(const fastd_socket_t *sock, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *remote_addr, fastd_peer_t *peer) { + fastd_protocol_ec25519_fhmqvc_maintenance(); - fastd_buffer_t buffer = fastd_handshake_new_init(ctx, 3*(4+PUBLICKEYBYTES) /* sender key, receipient key, handshake key */); + fastd_buffer_t buffer = fastd_handshake_new_init(3*(4+PUBLICKEYBYTES) /* sender key, receipient key, handshake key */); - fastd_handshake_add(ctx, &buffer, RECORD_SENDER_KEY, PUBLICKEYBYTES, &conf.protocol_config->key.public); + fastd_handshake_add(&buffer, RECORD_SENDER_KEY, PUBLICKEYBYTES, &conf.protocol_config->key.public); if (peer) - fastd_handshake_add(ctx, &buffer, RECORD_RECEIPIENT_KEY, PUBLICKEYBYTES, &peer->protocol_config->public_key); + fastd_handshake_add(&buffer, RECORD_RECEIPIENT_KEY, PUBLICKEYBYTES, &peer->protocol_config->public_key); else - pr_debug(ctx, "sending handshake to unknown peer %I", remote_addr); + pr_debug("sending handshake to unknown peer %I", remote_addr); - fastd_handshake_add(ctx, &buffer, RECORD_SENDER_HANDSHAKE_KEY, PUBLICKEYBYTES, &ctx->protocol_state->handshake_key.key.public); + fastd_handshake_add(&buffer, RECORD_SENDER_HANDSHAKE_KEY, PUBLICKEYBYTES, &ctx.protocol_state->handshake_key.key.public); if (!peer || !fastd_peer_is_established(peer)) - fastd_shell_command_exec(ctx, &conf.on_connect, peer, (local_addr && local_addr->sa.sa_family) ? local_addr : sock->bound_addr, remote_addr); + fastd_shell_command_exec(&conf.on_connect, peer, (local_addr && local_addr->sa.sa_family) ? local_addr : sock->bound_addr, remote_addr); - fastd_send_handshake(ctx, sock, local_addr, remote_addr, peer, buffer); + fastd_send_handshake(sock, local_addr, remote_addr, peer, buffer); } -void fastd_protocol_ec25519_fhmqvc_handshake_handle(fastd_context_t *ctx, fastd_socket_t *sock, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *remote_addr, +void fastd_protocol_ec25519_fhmqvc_handshake_handle(fastd_socket_t *sock, const fastd_peer_address_t *local_addr, const fastd_peer_address_t *remote_addr, fastd_peer_t *peer, const fastd_handshake_t *handshake, const fastd_method_info_t *method) { - fastd_protocol_ec25519_fhmqvc_maintenance(ctx); + fastd_protocol_ec25519_fhmqvc_maintenance(); if (!has_field(handshake, RECORD_SENDER_KEY, PUBLICKEYBYTES)) { - pr_debug(ctx, "received handshake without sender key from %I", remote_addr); + pr_debug("received handshake without sender key from %I", remote_addr); return; } - peer = match_sender_key(ctx, sock, remote_addr, peer, handshake->records[RECORD_SENDER_KEY].data); + peer = match_sender_key(sock, remote_addr, peer, handshake->records[RECORD_SENDER_KEY].data); if (!peer) { switch (errno) { case EPERM: - pr_debug(ctx, "ignoring handshake from %I (incorrect source address)", remote_addr); + pr_debug("ignoring handshake from %I (incorrect source address)", remote_addr); return; case ENOENT: - peer = add_temporary(ctx, remote_addr, handshake->records[RECORD_SENDER_KEY].data); + peer = add_temporary(remote_addr, handshake->records[RECORD_SENDER_KEY].data); if (peer) break; return; default: - exit_bug(ctx, "match_sender_key: unknown error"); + exit_bug("match_sender_key: unknown error"); } } - if (fastd_peer_is_temporary(peer) && !fastd_peer_verify_temporary(ctx, peer, local_addr, remote_addr)) { - pr_debug(ctx, "ignoring handshake from %P[%I] (verification failed)", peer, remote_addr); - fastd_peer_delete(ctx, peer); + if (fastd_peer_is_temporary(peer) && !fastd_peer_verify_temporary(peer, local_addr, remote_addr)) { + pr_debug("ignoring handshake from %P[%I] (verification failed)", peer, remote_addr); + fastd_peer_delete(peer); return; } - if (!fastd_peer_may_connect(ctx, peer)) { - pr_debug(ctx, "ignoring handshake from %P[%I] because of local constraints", peer, remote_addr); + if (!fastd_peer_may_connect(peer)) { + pr_debug("ignoring handshake from %P[%I] because of local constraints", peer, remote_addr); return; } - if (!fastd_timed_out(ctx, &peer->establish_handshake_timeout)) { - pr_debug(ctx, "received repeated handshakes from %P[%I], ignoring", peer, remote_addr); + if (!fastd_timed_out(&peer->establish_handshake_timeout)) { + pr_debug("received repeated handshakes from %P[%I], ignoring", peer, remote_addr); return; } if (has_field(handshake, RECORD_RECEIPIENT_KEY, PUBLICKEYBYTES)) { if (memcmp(&conf.protocol_config->key.public, handshake->records[RECORD_RECEIPIENT_KEY].data, PUBLICKEYBYTES) != 0) { - pr_debug(ctx, "received protocol handshake with wrong receipient key from %P[%I]", peer, remote_addr); + pr_debug("received protocol handshake with wrong receipient key from %P[%I]", peer, remote_addr); return; } } if (!has_field(handshake, RECORD_SENDER_HANDSHAKE_KEY, PUBLICKEYBYTES)) { - pr_debug(ctx, "received handshake without sender handshake key from %P[%I]", peer, remote_addr); + pr_debug("received handshake without sender handshake key from %P[%I]", peer, remote_addr); return; } @@ -591,65 +591,65 @@ void fastd_protocol_ec25519_fhmqvc_handshake_handle(fastd_context_t *ctx, fastd_ memcpy(&peer_handshake_key, handshake->records[RECORD_SENDER_HANDSHAKE_KEY].data, PUBLICKEYBYTES); if (handshake->type == 1) { - if (!fastd_timed_out(ctx, &peer->last_handshake_response_timeout) + if (!fastd_timed_out(&peer->last_handshake_response_timeout) && fastd_peer_address_equal(remote_addr, &peer->last_handshake_response_address)) { - pr_debug(ctx, "not responding to repeated handshake from %P[%I]", peer, remote_addr); + pr_debug("not responding to repeated handshake from %P[%I]", peer, remote_addr); return; } - pr_verbose(ctx, "received handshake from %P[%I]%s%s", peer, remote_addr, handshake->peer_version ? " using fastd " : "", handshake->peer_version ?: ""); + pr_verbose("received handshake from %P[%I]%s%s", peer, remote_addr, handshake->peer_version ? " using fastd " : "", handshake->peer_version ?: ""); - peer->last_handshake_response_timeout = fastd_in_seconds(ctx, conf.min_handshake_interval); + peer->last_handshake_response_timeout = fastd_in_seconds(conf.min_handshake_interval); peer->last_handshake_response_address = *remote_addr; - respond_handshake(ctx, sock, local_addr, remote_addr, peer, &ctx->protocol_state->handshake_key, &peer_handshake_key, handshake, method); + respond_handshake(sock, local_addr, remote_addr, peer, &ctx.protocol_state->handshake_key, &peer_handshake_key, handshake, method); return; } if (!has_field(handshake, RECORD_RECEIPIENT_KEY, PUBLICKEYBYTES)) { - pr_debug(ctx, "received handshake reply without receipient key from %P[%I]", peer, remote_addr); + pr_debug("received handshake reply without receipient key from %P[%I]", peer, remote_addr); return; } if (!has_field(handshake, RECORD_RECEIPIENT_HANDSHAKE_KEY, PUBLICKEYBYTES)) { - pr_debug(ctx, "received handshake reply without receipient handshake key from %P[%I]", peer, remote_addr); + pr_debug("received handshake reply without receipient handshake key from %P[%I]", peer, remote_addr); return; } if (!secure_handshake(handshake)) { if (conf.secure_handshakes || !has_field(handshake, RECORD_T, HASHBYTES)) { - pr_debug(ctx, "received handshake reply without HMAC from %P[%I]", peer, remote_addr); + pr_debug("received handshake reply without HMAC from %P[%I]", peer, remote_addr); return; } } handshake_key_t *handshake_key; - if (is_handshake_key_valid(ctx, &ctx->protocol_state->handshake_key) && - memcmp(&ctx->protocol_state->handshake_key.key.public, handshake->records[RECORD_RECEIPIENT_HANDSHAKE_KEY].data, PUBLICKEYBYTES) == 0) { - handshake_key = &ctx->protocol_state->handshake_key; + if (is_handshake_key_valid(&ctx.protocol_state->handshake_key) && + memcmp(&ctx.protocol_state->handshake_key.key.public, handshake->records[RECORD_RECEIPIENT_HANDSHAKE_KEY].data, PUBLICKEYBYTES) == 0) { + handshake_key = &ctx.protocol_state->handshake_key; } - else if (is_handshake_key_valid(ctx, &ctx->protocol_state->prev_handshake_key) && - memcmp(&ctx->protocol_state->prev_handshake_key.key.public, handshake->records[RECORD_RECEIPIENT_HANDSHAKE_KEY].data, PUBLICKEYBYTES) == 0) { - handshake_key = &ctx->protocol_state->prev_handshake_key; + else if (is_handshake_key_valid(&ctx.protocol_state->prev_handshake_key) && + memcmp(&ctx.protocol_state->prev_handshake_key.key.public, handshake->records[RECORD_RECEIPIENT_HANDSHAKE_KEY].data, PUBLICKEYBYTES) == 0) { + handshake_key = &ctx.protocol_state->prev_handshake_key; } else { - pr_debug(ctx, "received handshake reply with unexpected receipient handshake key from %P[%I]", peer, remote_addr); + pr_debug("received handshake reply with unexpected receipient handshake key from %P[%I]", peer, remote_addr); return; } switch (handshake->type) { case 2: - pr_verbose(ctx, "received handshake response from %P[%I]%s%s", peer, remote_addr, handshake->peer_version ? " using fastd " : "", handshake->peer_version ?: ""); + pr_verbose("received handshake response from %P[%I]%s%s", peer, remote_addr, handshake->peer_version ? " using fastd " : "", handshake->peer_version ?: ""); - finish_handshake(ctx, sock, local_addr, remote_addr, peer, handshake_key, &peer_handshake_key, handshake, method); + finish_handshake(sock, local_addr, remote_addr, peer, handshake_key, &peer_handshake_key, handshake, method); break; case 3: - pr_debug(ctx, "received handshake finish from %P[%I]%s%s", peer, remote_addr, handshake->peer_version ? " using fastd " : "", handshake->peer_version ?: ""); + pr_debug("received handshake finish from %P[%I]%s%s", peer, remote_addr, handshake->peer_version ? " using fastd " : "", handshake->peer_version ?: ""); - handle_finish_handshake(ctx, sock, local_addr, remote_addr, peer, handshake_key, &peer_handshake_key, handshake, method); + handle_finish_handshake(sock, local_addr, remote_addr, peer, handshake_key, &peer_handshake_key, handshake, method); break; default: - pr_debug(ctx, "received handshake reply with unknown type %u from %P[%I]", handshake->type, peer, remote_addr); + pr_debug("received handshake reply with unknown type %u from %P[%I]", handshake->type, peer, remote_addr); } } |