From 50d9aa23342f8a9bc6a87ace12578054eeff36fd Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Mon, 18 Aug 2014 22:30:30 +0200 Subject: Dynamically create peer configs for dynamic peers This avoids duplicating the protocol_config field. --- src/peer.c | 5 +++-- src/peer.h | 3 +-- src/protocols/ec25519_fhmqvc/handshake.c | 30 +++++++++++++++--------------- src/protocols/ec25519_fhmqvc/util.c | 8 ++++---- 4 files changed, 23 insertions(+), 23 deletions(-) (limited to 'src') diff --git a/src/peer.c b/src/peer.c index ac711f0..f621010 100644 --- a/src/peer.c +++ b/src/peer.c @@ -424,7 +424,7 @@ static void delete_peer(fastd_peer_t *peer) { conf.protocol->free_peer_state(peer); if (fastd_peer_is_dynamic(peer)) - free(peer->protocol_config); + fastd_peer_config_free(peer->config); for (i = 0; i < VECTOR_LEN(peer->remotes); i++) free(VECTOR_INDEX(peer->remotes, i).addresses); @@ -718,7 +718,6 @@ fastd_peer_t* fastd_peer_add(fastd_peer_config_t *peer_conf) { if (peer_conf) { peer->config = peer_conf; - peer->protocol_config = peer_conf->protocol_config; VECTOR_ALLOC(peer->remotes, 0); @@ -742,6 +741,8 @@ fastd_peer_t* fastd_peer_add(fastd_peer_config_t *peer_conf) { if (!fastd_shell_command_isset(&conf.on_verify)) exit_bug("tried to add dynamic peer without on-verify command"); + peer->config = fastd_peer_config_new(conf.peer_group); + peer->dynamic = true; peer->verify_timeout = ctx.now; diff --git a/src/peer.h b/src/peer.h index c73f2ea..4229296 100644 --- a/src/peer.h +++ b/src/peer.h @@ -47,7 +47,7 @@ typedef enum fastd_peer_state { struct fastd_peer { uint64_t id; /**< A unique ID assigned to each peer */ - const fastd_peer_config_t *config; /**< The peer's fastd_peer_config_t */ + fastd_peer_config_t *config; /**< The peer's fastd_peer_config_t */ /** The socket used by the peer. This can either be a common bound socket or a dynamic, unbound socket that is used exclusively by this peer */ @@ -80,7 +80,6 @@ struct fastd_peer { struct timespec verify_valid_timeout; /**< Specifies how long a peer stays valid after a successful on-verify run */ #endif - fastd_protocol_peer_config_t *protocol_config; /**< Protocol-specific peer configuration for config-less (on-verify) peers */ fastd_protocol_peer_state_t *protocol_state; /**< Protocol-specific peer state */ }; diff --git a/src/protocols/ec25519_fhmqvc/handshake.c b/src/protocols/ec25519_fhmqvc/handshake.c index fb4fd1e..498a6fd 100644 --- a/src/protocols/ec25519_fhmqvc/handshake.c +++ b/src/protocols/ec25519_fhmqvc/handshake.c @@ -277,7 +277,7 @@ static bool update_shared_handshake_key(const fastd_peer_t *peer, const handshak bool compat = !conf.secure_handshakes; if (!make_shared_handshake_key(&handshake_key->key.secret, false, - &peer->protocol_config->public_key, + &peer->config->protocol_config->public_key, &conf.protocol_config->key.public, peer_handshake_key, &handshake_key->key.public, @@ -315,7 +315,7 @@ static void respond_handshake(const fastd_socket_t *sock, const fastd_peer_addre fastd_buffer_t buffer = fastd_handshake_new_reply(2, method, true, 4*(4+PUBLICKEYBYTES) + 2*(4+HASHBYTES)); fastd_handshake_add(&buffer, RECORD_SENDER_KEY, PUBLICKEYBYTES, &conf.protocol_config->key.public); - fastd_handshake_add(&buffer, RECORD_RECIPIENT_KEY, PUBLICKEYBYTES, &peer->protocol_config->public_key); + fastd_handshake_add(&buffer, RECORD_RECIPIENT_KEY, PUBLICKEYBYTES, &peer->config->protocol_config->public_key); fastd_handshake_add(&buffer, RECORD_SENDER_HANDSHAKE_KEY, PUBLICKEYBYTES, &handshake_key->key.public); fastd_handshake_add(&buffer, RECORD_RECIPIENT_HANDSHAKE_KEY, PUBLICKEYBYTES, peer_handshake_key); @@ -344,7 +344,7 @@ static void finish_handshake(fastd_socket_t *sock, const fastd_peer_address_t *l fastd_sha256_t shared_handshake_key, shared_handshake_key_compat; if (!make_shared_handshake_key(&handshake_key->key.secret, true, &conf.protocol_config->key.public, - &peer->protocol_config->public_key, + &peer->config->protocol_config->public_key, &handshake_key->key.public, peer_handshake_key, &sigma, @@ -361,7 +361,7 @@ static void finish_handshake(fastd_socket_t *sock, const fastd_peer_address_t *l valid = fastd_hmacsha256_verify(mac, shared_handshake_key.w, handshake->tlv_data, handshake->tlv_len); } else { - valid = fastd_hmacsha256_blocks_verify(handshake->records[RECORD_T].data, shared_handshake_key_compat.w, peer->protocol_config->public_key.u32, peer_handshake_key->u32, NULL); + valid = fastd_hmacsha256_blocks_verify(handshake->records[RECORD_T].data, shared_handshake_key_compat.w, peer->config->protocol_config->public_key.u32, peer_handshake_key->u32, NULL); } if (!valid) { @@ -370,13 +370,13 @@ static void finish_handshake(fastd_socket_t *sock, const fastd_peer_address_t *l } if (!establish(peer, method, sock, local_addr, remote_addr, true, &handshake_key->key.public, peer_handshake_key, &conf.protocol_config->key.public, - &peer->protocol_config->public_key, &sigma, compat ? NULL : shared_handshake_key.w, handshake_key->serial)) + &peer->config->protocol_config->public_key, &sigma, compat ? NULL : shared_handshake_key.w, handshake_key->serial)) return; fastd_buffer_t buffer = fastd_handshake_new_reply(3, method, false, 4*(4+PUBLICKEYBYTES) + 2*(4+HASHBYTES)); fastd_handshake_add(&buffer, RECORD_SENDER_KEY, PUBLICKEYBYTES, &conf.protocol_config->key.public); - fastd_handshake_add(&buffer, RECORD_RECIPIENT_KEY, PUBLICKEYBYTES, &peer->protocol_config->public_key); + fastd_handshake_add(&buffer, RECORD_RECIPIENT_KEY, PUBLICKEYBYTES, &peer->config->protocol_config->public_key); fastd_handshake_add(&buffer, RECORD_SENDER_HANDSHAKE_KEY, PUBLICKEYBYTES, &handshake_key->key.public); fastd_handshake_add(&buffer, RECORD_RECIPIENT_HANDSHAKE_KEY, PUBLICKEYBYTES, peer_handshake_key); @@ -415,7 +415,7 @@ static void handle_finish_handshake(fastd_socket_t *sock, const fastd_peer_addre valid = fastd_hmacsha256_verify(mac, peer->protocol_state->shared_handshake_key.w, handshake->tlv_data, handshake->tlv_len); } else { - valid = fastd_hmacsha256_blocks_verify(handshake->records[RECORD_T].data, peer->protocol_state->shared_handshake_key_compat.w, peer->protocol_config->public_key.u32, peer_handshake_key->u32, NULL); + valid = fastd_hmacsha256_blocks_verify(handshake->records[RECORD_T].data, peer->protocol_state->shared_handshake_key_compat.w, peer->config->protocol_config->public_key.u32, peer_handshake_key->u32, NULL); } if (!valid) { @@ -423,7 +423,7 @@ static void handle_finish_handshake(fastd_socket_t *sock, const fastd_peer_addre return; } - establish(peer, method, sock, local_addr, remote_addr, false, peer_handshake_key, &handshake_key->key.public, &peer->protocol_config->public_key, + establish(peer, method, sock, local_addr, remote_addr, false, peer_handshake_key, &handshake_key->key.public, &peer->config->protocol_config->public_key, &conf.protocol_config->key.public, &peer->protocol_state->sigma, compat ? NULL : peer->protocol_state->shared_handshake_key.w, handshake_key->serial); clear_shared_handshake_key(peer); @@ -439,7 +439,7 @@ static fastd_peer_t* find_sender_key(const fastd_peer_address_t *address, const for (i = 0; i < VECTOR_LEN(ctx.peers); i++) { fastd_peer_t *peer = VECTOR_INDEX(ctx.peers, i); - if (memcmp(&peer->protocol_config->public_key, key, PUBLICKEYBYTES) == 0) { + if (memcmp(&peer->config->protocol_config->public_key, key, PUBLICKEYBYTES) == 0) { if (!fastd_peer_matches_address(peer, address)) { errno = EPERM; return NULL; @@ -469,7 +469,7 @@ static fastd_peer_t* match_sender_key(const fastd_socket_t *sock, const fastd_pe exit_bug("packet without correct peer set on dynamic socket"); if (peer) { - if (memcmp(&peer->protocol_config->public_key, key, PUBLICKEYBYTES) == 0) + if (memcmp(&peer->config->protocol_config->public_key, key, PUBLICKEYBYTES) == 0) return peer; if (fastd_peer_owns_address(peer, address)) { @@ -524,7 +524,7 @@ void fastd_protocol_ec25519_fhmqvc_handshake_init(fastd_socket_t *sock, const fa fastd_handshake_add(&buffer, RECORD_SENDER_KEY, PUBLICKEYBYTES, &conf.protocol_config->key.public); if (peer) { - fastd_handshake_add(&buffer, RECORD_RECIPIENT_KEY, PUBLICKEYBYTES, &peer->protocol_config->public_key); + fastd_handshake_add(&buffer, RECORD_RECIPIENT_KEY, PUBLICKEYBYTES, &peer->config->protocol_config->public_key); pr_verbose("sending handshake to %P[%I]...", peer, remote_addr); } @@ -542,9 +542,9 @@ void fastd_protocol_ec25519_fhmqvc_handshake_init(fastd_socket_t *sock, const fa /** Checks if a dynamic peer (added after an on-verify command) can stay after new peers have been configured */ bool fastd_protocol_ec25519_fhmqvc_peer_check_dynamic(fastd_peer_t *peer) { - if (key_count(peer->protocol_config->public_key.u8)) { + if (key_count(peer->config->protocol_config->public_key.u8)) { char buf[65]; - hexdump(buf, peer->protocol_config->public_key.u8); + hexdump(buf, peer->config->protocol_config->public_key.u8); pr_info("key %s is configured now, deleting dynamic peer.", buf); return false; } @@ -580,8 +580,8 @@ static fastd_peer_t * add_dynamic(fastd_socket_t *sock, const fastd_peer_address fastd_peer_t *peer = fastd_peer_add(NULL); - peer->protocol_config = fastd_new(fastd_protocol_peer_config_t); - memcpy(&peer->protocol_config->public_key, key, PUBLICKEYBYTES); + peer->config->protocol_config = fastd_new(fastd_protocol_peer_config_t); + memcpy(&peer->config->protocol_config->public_key, key, PUBLICKEYBYTES); /* Ugly hack */ peer->protocol_state->last_serial--; diff --git a/src/protocols/ec25519_fhmqvc/util.c b/src/protocols/ec25519_fhmqvc/util.c index 2aea52d..c716916 100644 --- a/src/protocols/ec25519_fhmqvc/util.c +++ b/src/protocols/ec25519_fhmqvc/util.c @@ -80,8 +80,8 @@ void fastd_protocol_ec25519_fhmqvc_set_shell_env(fastd_shell_env_t *env, const f hexdump(buf, conf.protocol_config->key.public.u8); fastd_shell_env_set(env, "LOCAL_KEY", buf); - if (peer && peer->protocol_config) { - hexdump(buf, peer->protocol_config->public_key.u8); + if (peer && peer->config->protocol_config) { + hexdump(buf, peer->config->protocol_config->public_key.u8); fastd_shell_env_set(env, "PEER_KEY", buf); } else { @@ -97,10 +97,10 @@ void fastd_protocol_ec25519_fhmqvc_set_shell_env(fastd_shell_env_t *env, const f public key. */ bool fastd_protocol_ec25519_fhmqvc_describe_peer(const fastd_peer_t *peer, char *buf, size_t len) { - if (peer && peer->protocol_config) { + if (peer && peer->config->protocol_config) { char dumpbuf[65]; - hexdump(dumpbuf, peer->protocol_config->public_key.u8); + hexdump(dumpbuf, peer->config->protocol_config->public_key.u8); snprintf(buf, len, "%.16s", dumpbuf); return true; } -- cgit v1.2.3