From efcafca969d2e789cdf106609b04a86ef9b53a3d Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Wed, 28 May 2014 05:53:26 +0200 Subject: Simplify configuration of cipher and MAC implementations Let the cipher and MAC handlers just store the chosen implementations themselves instead of relying on the global configuration. --- src/config.c | 10 ++-------- src/crypto.h | 10 ++++------ src/crypto/cipher/ciphers.c.in | 26 ++++++++++---------------- src/crypto/mac/macs.c.in | 22 +++++++--------------- src/fastd.c | 4 ++++ src/fastd.h | 3 --- 6 files changed, 27 insertions(+), 48 deletions(-) diff --git a/src/config.c b/src/config.c index ab655e2..8be44bb 100644 --- a/src/config.c +++ b/src/config.c @@ -65,9 +65,6 @@ static void default_config(void) { conf.peer_group = calloc(1, sizeof(fastd_peer_group_t)); conf.peer_group->name = strdup("default"); conf.peer_group->max_connections = -1; - - conf.ciphers = fastd_cipher_config_alloc(); - conf.macs = fastd_mac_config_alloc(); } void fastd_config_protocol(const char *name) { @@ -91,12 +88,12 @@ void fastd_config_method(const char *name) { } void fastd_config_cipher(const char *name, const char *impl) { - if (!fastd_cipher_config(conf.ciphers, name, impl)) + if (!fastd_cipher_config(name, impl)) exit_error("config error: implementation `%s' is not supported for cipher `%s' (or cipher `%s' is not supported)", impl, name, name); } void fastd_config_mac(const char *name, const char *impl) { - if (!fastd_mac_config(conf.macs, name, impl)) + if (!fastd_mac_config(name, impl)) exit_error("config error: implementation `%s' is not supported for MAC `%s' (or MAC `%s' is not supported)", impl, name, name); } @@ -634,9 +631,6 @@ void fastd_config_release(void) { destroy_methods(); fastd_string_stack_free(conf.method_list); - fastd_mac_config_free(conf.macs); - fastd_cipher_config_free(conf.ciphers); - fastd_shell_command_unset(&conf.on_pre_up); fastd_shell_command_unset(&conf.on_up); fastd_shell_command_unset(&conf.on_down); diff --git a/src/crypto.h b/src/crypto.h index 8f94fae..861db5f 100644 --- a/src/crypto.h +++ b/src/crypto.h @@ -77,16 +77,14 @@ struct fastd_mac { }; -const fastd_cipher_t** fastd_cipher_config_alloc(void); -void fastd_cipher_config_free(const fastd_cipher_t **cipher_conf); -bool fastd_cipher_config(const fastd_cipher_t **cipher_conf, const char *name, const char *impl); +void fastd_cipher_init(void); +bool fastd_cipher_config(const char *name, const char *impl); const fastd_cipher_info_t* fastd_cipher_info_get_by_name(const char *name); const fastd_cipher_t* fastd_cipher_get(const fastd_cipher_info_t *info); -const fastd_mac_t** fastd_mac_config_alloc(void); -void fastd_mac_config_free(const fastd_mac_t **mac_conf); -bool fastd_mac_config(const fastd_mac_t **mac_conf, const char *name, const char *impl); +void fastd_mac_init(void); +bool fastd_mac_config(const char *name, const char *impl); const fastd_mac_info_t* fastd_mac_info_get_by_name(const char *name); const fastd_mac_t* fastd_mac_get(const fastd_mac_info_t *info); diff --git a/src/crypto/cipher/ciphers.c.in b/src/crypto/cipher/ciphers.c.in index 1796cc5..01b5a35 100644 --- a/src/crypto/cipher/ciphers.c.in +++ b/src/crypto/cipher/ciphers.c.in @@ -46,14 +46,15 @@ typedef struct cipher_entry { static const cipher_entry_t ciphers[] = { @CIPHER_LIST@ }; +static const fastd_cipher_t *cipher_conf[array_size(ciphers)] = {}; + static inline bool cipher_available(const fastd_cipher_t *cipher) { return (!cipher->available) || cipher->available(); } -const fastd_cipher_t** fastd_cipher_config_alloc(void) { - const fastd_cipher_t **cipher_conf = calloc(array_size(ciphers), sizeof(const fastd_cipher_t*)); - +/** Initializes the list of ciphers */ +void fastd_cipher_init(void) { size_t i, j; for (i = 0; i < array_size(ciphers); i++) { for (j = 0; ciphers[i].impls[j].impl; j++) { @@ -63,15 +64,10 @@ const fastd_cipher_t** fastd_cipher_config_alloc(void) { cipher_conf[i] = ciphers[i].impls[j].impl; } - - return cipher_conf; -} - -void fastd_cipher_config_free(const fastd_cipher_t **cipher_conf) { - free(cipher_conf); } -bool fastd_cipher_config(const fastd_cipher_t **cipher_conf, const char *name, const char *impl) { +/** Configures a cipher to use a specific implementation */ +bool fastd_cipher_config(const char *name, const char *impl) { size_t i; for (i = 0; i < array_size(ciphers); i++) { if (!strcmp(ciphers[i].name, name)) { @@ -94,15 +90,13 @@ bool fastd_cipher_config(const fastd_cipher_t **cipher_conf, const char *name, c } const fastd_cipher_info_t* fastd_cipher_info_get_by_name(const char *name) { - size_t i, j; + size_t i; for (i = 0; i < array_size(ciphers); i++) { if (strcmp(ciphers[i].name, name)) continue; - for (j = 0; ciphers[i].impls[j].impl; j++) { - if (cipher_available(ciphers[i].impls[j].impl)) - return ciphers[i].info; - } + if (cipher_conf[i]) + return ciphers[i].info; break; } @@ -114,7 +108,7 @@ const fastd_cipher_t* fastd_cipher_get(const fastd_cipher_info_t *info) { size_t i; for (i = 0; i < array_size(ciphers); i++) { if (ciphers[i].info == info) - return conf.ciphers[i]; + return cipher_conf[i]; } return NULL; diff --git a/src/crypto/mac/macs.c.in b/src/crypto/mac/macs.c.in index 3a8c943..0db26d9 100644 --- a/src/crypto/mac/macs.c.in +++ b/src/crypto/mac/macs.c.in @@ -46,14 +46,14 @@ typedef struct mac_entry { static const mac_entry_t macs[] = { @MAC_LIST@ }; +static const fastd_mac_t *mac_conf[array_size(macs)] = {}; + static inline bool mac_available(const fastd_mac_t *mac) { return (!mac->available) || mac->available(); } -const fastd_mac_t** fastd_mac_config_alloc(void) { - const fastd_mac_t **mac_conf = calloc(array_size(macs), sizeof(const fastd_mac_t*)); - +void fastd_mac_init(void) { size_t i, j; for (i = 0; i < array_size(macs); i++) { for (j = 0; macs[i].impls[j].impl; j++) { @@ -63,15 +63,9 @@ const fastd_mac_t** fastd_mac_config_alloc(void) { mac_conf[i] = macs[i].impls[j].impl; } - - return mac_conf; -} - -void fastd_mac_config_free(const fastd_mac_t **mac_conf) { - free(mac_conf); } -bool fastd_mac_config(const fastd_mac_t **mac_conf, const char *name, const char *impl) { +bool fastd_mac_config(const char *name, const char *impl) { size_t i; for (i = 0; i < array_size(macs); i++) { if (!strcmp(macs[i].name, name)) { @@ -99,10 +93,8 @@ const fastd_mac_info_t* fastd_mac_info_get_by_name(const char *name) { if (strcmp(macs[i].name, name)) continue; - for (j = 0; macs[i].impls[j].impl; j++) { - if (mac_available(macs[i].impls[j].impl)) - return macs[i].info; - } + if (mac_conf[i]) + return macs[i].info; break; } @@ -114,7 +106,7 @@ const fastd_mac_t* fastd_mac_get(const fastd_mac_info_t *info) { size_t i; for (i = 0; i < array_size(macs); i++) { if (macs[i].info == info) - return conf.macs[i]; + return mac_conf[i]; } return NULL; diff --git a/src/fastd.c b/src/fastd.c index 7e5b640..a33ba66 100644 --- a/src/fastd.c +++ b/src/fastd.c @@ -27,6 +27,7 @@ #include "fastd.h" #include "async.h" #include "config.h" +#include "crypto.h" #include "peer.h" #include "peer_hashtable.h" #include "poll.h" @@ -463,6 +464,9 @@ int main(int argc, char *argv[]) { fastd_random_bytes(&ctx.randseed, sizeof(ctx.randseed), false); + fastd_cipher_init(); + fastd_mac_init(); + fastd_configure(argc, argv); if (conf.verify_config) { diff --git a/src/fastd.h b/src/fastd.h index 3dd5568..0b326b0 100644 --- a/src/fastd.h +++ b/src/fastd.h @@ -201,9 +201,6 @@ struct fastd_config { char *secret; /**< The configured secret key */ - const fastd_cipher_t **ciphers; /**< All supported ciphers */ - const fastd_mac_t **macs; /**< All supported message authentication codes */ - fastd_peer_group_t *peer_group; /**< The root peer group configuration */ fastd_peer_config_t *peers; /**< The configured peers */ -- cgit v1.2.3