From 5f7258ade2dd8bad076d17d3a85fb04d9bf71bda Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Sat, 30 Nov 2013 04:58:05 +0100
Subject: Make crypto implementation configurable (and update a few error
 messages)

---
 src/config.c                   | 21 ++++++++++++++++-----
 src/config.h                   | 10 ++--------
 src/config.y                   | 10 ++++++++++
 src/crypto.h                   |  8 ++++++++
 src/crypto/cipher/ciphers.c.in |  1 -
 src/crypto/mac/macs.c.in       |  1 -
 6 files changed, 36 insertions(+), 15 deletions(-)

diff --git a/src/config.c b/src/config.c
index bfdfd2e..6b91383 100644
--- a/src/config.c
+++ b/src/config.c
@@ -26,6 +26,7 @@
 
 #include "fastd.h"
 #include "config.h"
+#include "crypto.h"
 #include "lex.h"
 #include "method.h"
 #include "peer.h"
@@ -83,7 +84,7 @@ void fastd_config_protocol(fastd_context_t *ctx UNUSED, fastd_config_t *conf, co
 	if (!strcmp(name, "ec25519-fhmqvc"))
 		conf->protocol = &fastd_protocol_ec25519_fhmqvc;
 	else
-		exit_error(ctx, "protocol `%s' not supported", name);
+		exit_error(ctx, "config error: protocol `%s' not supported", name);
 }
 
 void fastd_config_method(fastd_context_t *ctx, fastd_config_t *conf, const char *name) {
@@ -99,10 +100,20 @@ void fastd_config_method(fastd_context_t *ctx, fastd_config_t *conf, const char
 	*method = fastd_string_stack_dup(name);
 }
 
+void fastd_config_cipher(fastd_context_t *ctx, fastd_config_t *conf, const char *name, const char *impl) {
+	if (!fastd_cipher_config(conf->ciphers, name, impl))
+		exit_error(ctx, "config error: implementation `%s' is not supported for cipher `%s' (or cipher `%s' is not supported)", impl, name, name);
+}
+
+void fastd_config_mac(fastd_context_t *ctx, fastd_config_t *conf, const char *name, const char *impl) {
+	if (!fastd_mac_config(conf->macs, name, impl))
+		exit_error(ctx, "config error: implementation `%s' is not supported for MAC `%s' (or MAC `%s' is not supported)", impl, name, name);
+}
+
 void fastd_config_bind_address(fastd_context_t *ctx UNUSED, fastd_config_t *conf, const fastd_peer_address_t *address, const char *bindtodev, bool default_v4, bool default_v6) {
 #ifndef USE_BINDTODEVICE
 	if (bindtodev)
-		exit_error(ctx, "device bind configuration not supported on this system");
+		exit_error(ctx, "config error: device bind configuration not supported on this system");
 #endif
 
 #ifndef USE_MULTIAF_BIND
@@ -421,7 +432,7 @@ static void configure_user(fastd_context_t *ctx, fastd_config_t *conf) {
 			exit_errno(ctx, "getpwnam_r");
 
 		if (!pwdr)
-			exit_error(ctx, "Unable to find user `%s'.", conf->user);
+			exit_error(ctx, "config error: unable to find user `%s'.", conf->user);
 
 		conf->uid = pwdr->pw_uid;
 		conf->gid = pwdr->pw_gid;
@@ -442,7 +453,7 @@ static void configure_user(fastd_context_t *ctx, fastd_config_t *conf) {
 			exit_errno(ctx, "getgrnam_r");
 
 		if (!grpr)
-			exit_error(ctx, "Unable to find group `%s'.", conf->group);
+			exit_error(ctx, "config error: unable to find group `%s'.", conf->group);
 
 		conf->gid = grpr->gr_gid;
 	}
@@ -496,7 +507,7 @@ static void configure_methods(fastd_context_t *ctx, fastd_config_t *conf) {
 	for (i = 0, method_name = conf->method_list; method_name; i++, method_name = method_name->next) {
 		conf->methods[i].name = method_name->str;
 		if (!fastd_method_create_by_name(method_name->str, &conf->methods[i].provider, &conf->methods[i].method))
-			exit_error(ctx, "method `%s' not supported", method_name->str);
+			exit_error(ctx, "config error: method `%s' not supported", method_name->str);
 	}
 
 	configure_method_parameters(conf);
diff --git a/src/config.h b/src/config.h
index 2b43968..d12e5ef 100644
--- a/src/config.h
+++ b/src/config.h
@@ -32,6 +32,8 @@
 
 void fastd_config_protocol(fastd_context_t *ctx, fastd_config_t *conf, const char *name);
 void fastd_config_method(fastd_context_t *ctx, fastd_config_t *conf, const char *name);
+void fastd_config_cipher(fastd_context_t *ctx, fastd_config_t *conf, const char *name, const char *impl);
+void fastd_config_mac(fastd_context_t *ctx, fastd_config_t *conf, const char *name, const char *impl);
 void fastd_config_add_log_file(fastd_context_t *ctx, fastd_config_t *conf, const char *name, fastd_loglevel_t level);
 void fastd_config_bind_address(fastd_context_t *ctx, fastd_config_t *conf, const fastd_peer_address_t *address, const char *bindtodev, bool default_v4, bool default_v6);
 void fastd_config_peer_group_push(fastd_context_t *ctx, fastd_config_t *conf, const char *name);
@@ -44,12 +46,4 @@ void fastd_config_handle_options(fastd_context_t *ctx, fastd_config_t *conf, int
 void fastd_add_peer_dir(fastd_context_t *ctx, fastd_config_t *conf, const char *dir);
 bool fastd_read_config(fastd_context_t *ctx, fastd_config_t *conf, const char *filename, bool peer_config, int depth);
 
-const fastd_cipher_t** fastd_cipher_config_alloc(void);
-void fastd_cipher_config_free(const fastd_cipher_t **cipher_conf);
-bool fastd_cipher_config(const fastd_cipher_t **cipher_conf, const char *name, const char *impl);
-
-const fastd_mac_t** fastd_mac_config_alloc(void);
-void fastd_mac_config_free(const fastd_mac_t **mac_conf);
-bool fastd_mac_config(const fastd_mac_t **mac_conf, const char *name, const char *impl);
-
 #endif /* _FASTD_CONFIG_H_ */
diff --git a/src/config.y b/src/config.y
index 30701c0..94d8320 100644
--- a/src/config.y
+++ b/src/config.y
@@ -169,6 +169,8 @@ statement:	peer_group_statement
 	|	TOK_GROUP group ';'
 	|	TOK_DROP TOK_CAPABILITIES drop_capabilities ';'
 	|	TOK_SECURE TOK_HANDSHAKES secure_handshakes ';'
+	|	TOK_CIPHER cipher ';'
+	|	TOK_MAC mac ';'
 	|	TOK_LOG log ';'
 	|	TOK_HIDE hide ';'
 	|	TOK_INTERFACE interface ';'
@@ -226,6 +228,14 @@ secure_handshakes:
 		}
 	;
 
+cipher:		TOK_STRING TOK_USE TOK_STRING {
+			fastd_config_cipher(ctx, conf, $1->str, $3->str);
+		}
+
+mac:		TOK_STRING TOK_USE TOK_STRING {
+			fastd_config_mac(ctx, conf, $1->str, $3->str);
+		}
+
 log:		TOK_LEVEL log_level {
 			conf->log_stderr_level = $2;
 		}
diff --git a/src/crypto.h b/src/crypto.h
index 1f26058..c52fd42 100644
--- a/src/crypto.h
+++ b/src/crypto.h
@@ -57,9 +57,17 @@ struct fastd_mac {
 };
 
 
+const fastd_cipher_t** fastd_cipher_config_alloc(void);
+void fastd_cipher_config_free(const fastd_cipher_t **cipher_conf);
+bool fastd_cipher_config(const fastd_cipher_t **cipher_conf, const char *name, const char *impl);
+
 const fastd_cipher_info_t* fastd_cipher_info_get_by_name(const char *name);
 const fastd_cipher_t* fastd_cipher_get(fastd_context_t *ctx, const fastd_cipher_info_t *info);
 
+const fastd_mac_t** fastd_mac_config_alloc(void);
+void fastd_mac_config_free(const fastd_mac_t **mac_conf);
+bool fastd_mac_config(const fastd_mac_t **mac_conf, const char *name, const char *impl);
+
 const fastd_mac_info_t* fastd_mac_info_get_by_name(const char *name);
 const fastd_mac_t* fastd_mac_get(fastd_context_t *ctx, const fastd_mac_info_t *info);
 
diff --git a/src/crypto/cipher/ciphers.c.in b/src/crypto/cipher/ciphers.c.in
index cdc9911..19893f6 100644
--- a/src/crypto/cipher/ciphers.c.in
+++ b/src/crypto/cipher/ciphers.c.in
@@ -24,7 +24,6 @@
 */
 
 
-#include <src/config.h>
 #include <src/crypto.h>
 
 
diff --git a/src/crypto/mac/macs.c.in b/src/crypto/mac/macs.c.in
index ee64362..57f327a 100644
--- a/src/crypto/mac/macs.c.in
+++ b/src/crypto/mac/macs.c.in
@@ -24,7 +24,6 @@
 */
 
 
-#include <src/config.h>
 #include <src/crypto.h>
 
 
-- 
cgit v1.2.3