From 7a3c8bee42879add84a143ff98f28cbd0251dc7b Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sat, 2 Nov 2013 13:42:55 +0100 Subject: Allow flexible specification of methods provided by an implementation --- src/config.c | 4 ++-- src/fastd.h | 8 ++++---- src/methods/aes128_gcm/aes128_gcm.c | 12 ++++++++---- src/methods/methods.c.in | 4 ++-- src/methods/null/null.c | 12 ++++++++---- src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c | 12 ++++++++---- src/protocols/ec25519_fhmqvc/handshake.c | 6 +++--- 7 files changed, 35 insertions(+), 23 deletions(-) diff --git a/src/config.c b/src/config.c index 8cf0dcb..aa5ea59 100644 --- a/src/config.c +++ b/src/config.c @@ -95,7 +95,7 @@ bool fastd_config_protocol(fastd_context_t *ctx UNUSED, fastd_config_t *conf, co } bool fastd_config_method(fastd_context_t *ctx, fastd_config_t *conf, const char *name) { - if (!fastd_method_get_by_name(name)) + if (!fastd_method_get_by_name(ctx, name)) return false; fastd_string_stack_t **method; @@ -508,7 +508,7 @@ static void configure_method_parameters(fastd_context_t *ctx, fastd_config_t *co fastd_string_stack_t *method_name; for (method_name = conf->methods; method_name; method_name = method_name->next) { - const fastd_method_t *method = fastd_method_get_by_name(method_name->str); + const fastd_method_t *method = fastd_method_get_by_name(ctx, method_name->str); conf->max_packet_size = max_size_t(conf->max_packet_size, method->max_packet_size(ctx)); conf->min_encrypt_head_space = max_size_t(conf->min_encrypt_head_space, method->min_encrypt_head_space(ctx)); diff --git a/src/fastd.h b/src/fastd.h index 2607322..5ace535 100644 --- a/src/fastd.h +++ b/src/fastd.h @@ -79,7 +79,7 @@ struct fastd_protocol { }; struct fastd_method { - const char *name; + bool (*provides)(fastd_context_t *ctx, const char *name); size_t (*max_packet_size)(fastd_context_t *ctx); size_t (*min_encrypt_head_space)(fastd_context_t *ctx); @@ -88,8 +88,8 @@ struct fastd_method { size_t (*min_decrypt_tail_space)(fastd_context_t *ctx); size_t (*key_length)(fastd_context_t *ctx); - fastd_method_session_state_t* (*session_init)(fastd_context_t *ctx, const uint8_t *secret, bool initiator); - fastd_method_session_state_t* (*session_init_compat)(fastd_context_t *ctx, const uint8_t *secret, size_t length, bool initiator); + fastd_method_session_state_t* (*session_init)(fastd_context_t *ctx, const char *name, const uint8_t *secret, bool initiator); + fastd_method_session_state_t* (*session_init_compat)(fastd_context_t *ctx, const char *name, const uint8_t *secret, size_t length, bool initiator); bool (*session_is_valid)(fastd_context_t *ctx, fastd_method_session_state_t *session); bool (*session_is_initiator)(fastd_context_t *ctx, fastd_method_session_state_t *session); bool (*session_want_refresh)(fastd_context_t *ctx, fastd_method_session_state_t *session); @@ -359,7 +359,7 @@ void fastd_logf(const fastd_context_t *ctx, fastd_loglevel_t level, const char * void fastd_add_peer_dir(fastd_context_t *ctx, fastd_config_t *conf, const char *dir); bool fastd_read_config(fastd_context_t *ctx, fastd_config_t *conf, const char *filename, bool peer_config, int depth); -const fastd_method_t* fastd_method_get_by_name(const char *name); +const fastd_method_t* fastd_method_get_by_name(fastd_context_t *ctx, const char *name); const fastd_cipher_t** fastd_cipher_config_alloc(void); void fastd_cipher_config_free(const fastd_cipher_t **cipher_conf); diff --git a/src/methods/aes128_gcm/aes128_gcm.c b/src/methods/aes128_gcm/aes128_gcm.c index 59e6914..8a6325e 100644 --- a/src/methods/aes128_gcm/aes128_gcm.c +++ b/src/methods/aes128_gcm/aes128_gcm.c @@ -40,6 +40,10 @@ struct fastd_method_session_state { }; +static bool method_provides(fastd_context_t *ctx UNUSED, const char *name) { + return !strcmp(name, "aes128-gcm"); +} + static size_t method_max_packet_size(fastd_context_t *ctx) { return (fastd_max_packet_size(ctx) + COMMON_NONCEBYTES + sizeof(fastd_block128_t)); } @@ -66,7 +70,7 @@ static size_t method_key_length(fastd_context_t *ctx UNUSED) { return sizeof(fastd_block128_t); } -static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const uint8_t *secret, bool initiator) { +static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const char *name UNUSED, const uint8_t *secret, bool initiator) { fastd_method_session_state_t *session = malloc(sizeof(fastd_method_session_state_t)); fastd_method_common_init(ctx, &session->common, initiator); @@ -87,11 +91,11 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c return session; } -static fastd_method_session_state_t* method_session_init_compat(fastd_context_t *ctx, const uint8_t *secret, size_t length, bool initiator) { +static fastd_method_session_state_t* method_session_init_compat(fastd_context_t *ctx, const char *name, const uint8_t *secret, size_t length, bool initiator) { if (length < sizeof(fastd_block128_t)) exit_bug(ctx, "aes128-gcm: tried to init with short secret"); - return method_session_init(ctx, secret, initiator); + return method_session_init(ctx, name, secret, initiator); } static bool method_session_is_valid(fastd_context_t *ctx, fastd_method_session_state_t *session) { @@ -235,7 +239,7 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho } const fastd_method_t fastd_method_aes128_gcm = { - .name = "aes128-gcm", + .provides = method_provides, .max_packet_size = method_max_packet_size, .min_encrypt_head_space = method_min_encrypt_head_space, diff --git a/src/methods/methods.c.in b/src/methods/methods.c.in index 8f5bb10..f39fbc1 100644 --- a/src/methods/methods.c.in +++ b/src/methods/methods.c.in @@ -33,10 +33,10 @@ static const fastd_method_t *const methods[] = { @METHOD_LIST@ }; -const fastd_method_t* fastd_method_get_by_name(const char *name) { +const fastd_method_t* fastd_method_get_by_name(fastd_context_t *ctx, const char *name) { size_t i; for (i = 0; i < array_size(methods); i++) { - if (!strcmp(methods[i]->name, name)) + if (methods[i]->provides(ctx, name)) return methods[i]; } diff --git a/src/methods/null/null.c b/src/methods/null/null.c index f49d94a..cba7931 100644 --- a/src/methods/null/null.c +++ b/src/methods/null/null.c @@ -33,6 +33,10 @@ struct fastd_method_session_state { }; +static bool method_provides(fastd_context_t *ctx UNUSED, const char *name) { + return !strcmp(name, "null"); +} + static size_t method_max_packet_size(fastd_context_t *ctx) { return fastd_max_packet_size(ctx); } @@ -45,7 +49,7 @@ static size_t method_key_length(fastd_context_t *ctx UNUSED) { return 0; } -static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx UNUSED, const uint8_t *secret UNUSED, bool initiator) { +static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx UNUSED, const char *name UNUSED, const uint8_t *secret UNUSED, bool initiator) { fastd_method_session_state_t *session = malloc(sizeof(fastd_method_session_state_t)); session->valid = true; @@ -54,8 +58,8 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx UN return session; } -static fastd_method_session_state_t* method_session_init_compat(fastd_context_t *ctx, const uint8_t *secret, size_t length UNUSED, bool initiator) { - return method_session_init(ctx, secret, initiator); +static fastd_method_session_state_t* method_session_init_compat(fastd_context_t *ctx, const char *name, const uint8_t *secret, size_t length UNUSED, bool initiator) { + return method_session_init(ctx, name, secret, initiator); } static bool method_session_is_valid(fastd_context_t *ctx UNUSED, fastd_method_session_state_t *session) { @@ -84,7 +88,7 @@ static bool method_passthrough(fastd_context_t *ctx UNUSED, fastd_peer_t *peer U } const fastd_method_t fastd_method_null = { - .name = "null", + .provides = method_provides, .max_packet_size = method_max_packet_size, .min_encrypt_head_space = method_min_head_tail_space, diff --git a/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c b/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c index 768e5c8..220e913 100644 --- a/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c +++ b/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c @@ -37,6 +37,10 @@ struct fastd_method_session_state { }; +static bool method_provides(fastd_context_t *ctx UNUSED, const char *name) { + return !strcmp(name, "xsalsa20-poly1305"); +} + static size_t method_max_packet_size(fastd_context_t *ctx) { return (fastd_max_packet_size(ctx) + COMMON_NONCEBYTES + crypto_secretbox_xsalsa20poly1305_ZEROBYTES - crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES); } @@ -58,7 +62,7 @@ static size_t method_key_length(fastd_context_t *ctx UNUSED) { return crypto_secretbox_xsalsa20poly1305_KEYBYTES; } -static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const uint8_t *secret, bool initiator) { +static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const char *name UNUSED, const uint8_t *secret, bool initiator) { fastd_method_session_state_t *session = malloc(sizeof(fastd_method_session_state_t)); fastd_method_common_init(ctx, &session->common, initiator); @@ -68,11 +72,11 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c return session; } -static fastd_method_session_state_t* method_session_init_compat(fastd_context_t *ctx, const uint8_t *secret, size_t length, bool initiator) { +static fastd_method_session_state_t* method_session_init_compat(fastd_context_t *ctx, const char *name, const uint8_t *secret, size_t length, bool initiator) { if (length < crypto_secretbox_xsalsa20poly1305_KEYBYTES) exit_bug(ctx, "xsalsa20-poly1305: tried to init with short secret"); - return method_session_init(ctx, secret, initiator); + return method_session_init(ctx, name, secret, initiator); } static bool method_session_is_valid(fastd_context_t *ctx, fastd_method_session_state_t *session) { @@ -162,7 +166,7 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho } const fastd_method_t fastd_method_xsalsa20_poly1305 = { - .name = "xsalsa20-poly1305", + .provides = method_provides, .max_packet_size = method_max_packet_size, .min_encrypt_head_space = method_min_encrypt_head_space, diff --git a/src/protocols/ec25519_fhmqvc/handshake.c b/src/protocols/ec25519_fhmqvc/handshake.c index a9fc1a2..cb89462 100644 --- a/src/protocols/ec25519_fhmqvc/handshake.c +++ b/src/protocols/ec25519_fhmqvc/handshake.c @@ -102,12 +102,12 @@ static inline void new_session(fastd_context_t *ctx, fastd_peer_t *peer, const c fastd_sha256_t secret[blocks]; derive_key(secret, blocks, salt, method_name, A, B, X, Y, sigma); - peer->protocol_state->session.method_state = method->session_init(ctx, (const uint8_t*)secret, initiator); + peer->protocol_state->session.method_state = method->session_init(ctx, method_name, (const uint8_t*)secret, initiator); } else { fastd_sha256_t hash; fastd_sha256_blocks(&hash, X->p, Y->p, A->p, B->p, sigma->p, NULL); - peer->protocol_state->session.method_state = method->session_init_compat(ctx, hash.b, HASHBYTES, initiator); + peer->protocol_state->session.method_state = method->session_init_compat(ctx, method_name, hash.b, HASHBYTES, initiator); } peer->protocol_state->session.established = ctx->now; @@ -126,7 +126,7 @@ static bool establish(fastd_context_t *ctx, fastd_peer_t *peer, const char *meth return false; } - const fastd_method_t *method = fastd_method_get_by_name(method_name); + const fastd_method_t *method = fastd_method_get_by_name(ctx, method_name); if (!salt && !method->session_init_compat) { pr_warn(ctx, "can't establish session with %P[%I] (method without compat support)"); return false; -- cgit v1.2.3