186 				    struct peer *);
189 static	int	crypto_alice	(struct peer *, struct value *);
190 static	int	crypto_alice2	(struct peer *, struct value *);
191 static	int	crypto_alice3	(struct peer *, struct value *);
195 static	int	crypto_iff	(struct exten *, struct peer *);
196 static	int	crypto_gq	(struct exten *, struct peer *);
197 static	int	crypto_mv	(struct exten *, struct peer *);
203 static	struct cert_info *cert_install (struct exten *, struct peer *);
204 static	int	cert_hike	(struct peer *, struct cert_info *);
310 	struct peer *peer,	/* peer structure pointer */
331 	if (peer->keylist == NULL)
332 		peer->keylist = eallocarray(NTP_MAXSESSION,
353 	 * included in the hash is zero if broadcast mode, the peer
356 	mpoll = 1U << min(peer->ppoll, peer->hpoll);
358 	if (peer->hmode == MODE_BROADCAST)
361 		cookie = peer->pcookie;
363 		peer->keylist[i] = keyid;
364 		peer->keynumber = i;
365 		keyid = session_key(&dstadr->sin, &peer->srcadr, keyid,
379 	vp = &peer->sndval;
383 	ap->seq = htonl(peer->keynumber);
399 			peer->flags |= FLAG_ASSOC;
404 		    peer->keynumber, keyid, cookie, ntohl(vp->tstamp),
405 		    ntohl(vp->fstamp), peer->hpoll));
428 	struct peer *peer,	/* peer structure pointer */
477 			    peer->crypto, authlen, len, code >> 16,
533 			if (peer->crypto & CRYPTO_FLAG_CERT) {
537 			if (peer->cmmd) {
538 				if (peer->assoc != associd) {
542 				free(peer->cmmd); /* will be set again! */
546 			fp->associd = htonl(peer->associd);
547 			peer->cmmd = fp;
556 			if (peer->crypto) {
557 				if (peer->assoc != associd)
568 				    crypto_flags, peer->associd, fstamp,
569 				    peer->assoc));
589 			 * It is an error if either peer supports
621 			peer->assoc = associd;
626 			RAND_bytes((u_char *)&peer->hcookie, 4);
627 			peer->crypto = fstamp;
628 			peer->digest = dp;
629 			if (peer->subject != NULL)
630 				free(peer->subject);
631 			peer->subject = emalloc(vallen + 1);
632 			memcpy(peer->subject, ep->pkt, vallen);
633 			peer->subject[vallen] = '\0';
634 			if (peer->issuer != NULL)
635 				free(peer->issuer);
636 			peer->issuer = estrdup(peer->subject);
638 			    "assoc %d %d host %s %s", peer->associd,
639 			    peer->assoc, peer->subject,
641 			record_crypto_stats(&peer->srcadr, statstr);
660 			if ((rval = crypto_verify(ep, NULL, peer)) !=
671 			if ((xinfo = cert_install(ep, peer)) == NULL) {
675 			if ((rval = cert_hike(peer, xinfo)) != XEVNT_OK)
685 			if (peer->pkey == NULL) {
689 				peer->pkey = X509_get_pubkey(cert);
692 			peer->flash &= ~TEST8;
699 			record_crypto_stats(&peer->srcadr, statstr);
717 			if ((rval = crypto_verify(ep, NULL, peer)) !=
729 			if ((rval = crypto_iff(ep, peer)) != XEVNT_OK)
732 			peer->crypto |= CRYPTO_FLAG_VRFY;
733 			peer->flash &= ~TEST8;
735 			    peer->issuer, ntohl(ep->fstamp));
736 			record_crypto_stats(&peer->srcadr, statstr);
755 			if ((rval = crypto_verify(ep, NULL, peer)) !=
767 			if ((rval = crypto_gq(ep, peer)) != XEVNT_OK)
770 			peer->crypto |= CRYPTO_FLAG_VRFY;
771 			peer->flash &= ~TEST8;
773 			    peer->issuer, ntohl(ep->fstamp));
774 			record_crypto_stats(&peer->srcadr, statstr);
792 			if ((rval = crypto_verify(ep, NULL, peer)) !=
804 			if ((rval = crypto_mv(ep, peer)) != XEVNT_OK)
807 			peer->crypto |= CRYPTO_FLAG_VRFY;
808 			peer->flash &= ~TEST8;
810 			    peer->issuer, ntohl(ep->fstamp));
811 			record_crypto_stats(&peer->srcadr, statstr);
828 			if ((rval = crypto_verify(ep, &peer->cookval,
829 			    peer)) != XEVNT_OK)
866 			key_expire(peer);
869 				peer->pcookie = peer->hcookie ^ cookie;
871 				peer->pcookie = cookie;
872 			peer->crypto |= CRYPTO_FLAG_COOK;
873 			peer->flash &= ~TEST8;
875 			    "cook %x ts %u fs %u", peer->pcookie,
877 			record_crypto_stats(&peer->srcadr, statstr);
884 		 * sever/peer cookie changes or a new keylist is
888 		 * or symmetric peer can receive this response without a
898 			if ((rval = crypto_verify(ep, &peer->recval,
899 			    peer)) != XEVNT_OK) 
909 			if ((peer->cast_flags & MDF_BCLNT) &&
910 			    peer->assoc != associd)
920 			if (peer->recval.ptr == NULL)
921 				peer->recval.ptr =
923 			bp = (struct autokey *)peer->recval.ptr;
924 			peer->recval.tstamp = ep->tstamp;
925 			peer->recval.fstamp = ep->fstamp;
929 			peer->pkeyid = bp->key;
930 			peer->crypto |= CRYPTO_FLAG_AUTO;
931 			peer->flash &= ~TEST8;
936 			record_crypto_stats(&peer->srcadr, statstr);
952 			if ((rval = crypto_verify(ep, NULL, peer)) !=
961 			if ((xinfo = cert_install(ep, peer)) == NULL) {
965 			peer->crypto |= CRYPTO_FLAG_SIGN;
966 			peer->flash &= ~TEST8;
973 			record_crypto_stats(&peer->srcadr, statstr);
989 			rval = crypto_verify(ep, NULL, peer);
1005 			mprintf_event(EVNT_TAI, peer,
1007 			peer->crypto |= CRYPTO_FLAG_LEAP;
1008 			peer->flash &= ~TEST8;
1013 			record_crypto_stats(&peer->srcadr, statstr);
1047 			} else if (peer->cmmd == NULL) {
1050 				peer->cmmd = fp;
1062 			record_crypto_stats(&peer->srcadr, statstr);
1091 	struct peer *peer,	/* peer structure pointer */
1123 	if (peer != NULL) {
1124 		srcadr_sin = &peer->srcadr;
1126 			peer->opcode = ep->opcode;
1246 		if (peer == NULL)
1249 		if ((rval = crypto_alice(peer, &vtemp)) == XEVNT_OK) {
1269 		if (peer == NULL)
1272 		if ((rval = crypto_alice2(peer, &vtemp)) == XEVNT_OK) {
1292 		if (peer == NULL)
1295 		if ((rval = crypto_alice3(peer, &vtemp)) == XEVNT_OK) {
1346 		if (peer == NULL)
1349 			tcookie = peer->hcookie;
1358 	 * Find peer and send autokey data and signature in broadcast
1365 		if (peer == NULL) {
1366 			if ((peer = findpeerbyassoc(associd)) == NULL) {
1371 		peer->flags &= ~FLAG_ASSOC;
1372 		len = crypto_send(fp, &peer->sndval, start);
1434 	struct peer *peer	/* peer structure pointer */
1467 	if (opcode == (CRYPTO_AUTO | CRYPTO_RESP) && (peer->pmode ==
1468 	    MODE_BROADCAST || (peer->cast_flags & MDF_BCLNT))) {
1469 		if (ntohl(ep->associd) != peer->assoc)
1472 		if (ntohl(ep->associd) != peer->associd)
1536 	if (crypto_flags & peer->crypto & CRYPTO_FLAG_PRIV)
1539 		pkey = peer->pkey;
1540 	if (siglen == 0 || pkey == NULL || peer->digest == NULL)
1552 	EVP_VerifyInit(ctx, peer->digest);
1562 	if (peer->crypto & CRYPTO_FLAG_VRFY)
1563 		peer->crypto |= CRYPTO_FLAG_PROV;
1653 	struct peer *peer	/* peer structure pointer */
1667 	if (peer->crypto & CRYPTO_FLAG_IFF) {
1670 	} else if (peer->crypto & CRYPTO_FLAG_GQ) {
1673 	} else if (peer->crypto & CRYPTO_FLAG_MV) {
1680 		    scheme_name, peer->ident);
1681 		peer->ident_pkey = crypto_key(filename, NULL,
1682 		    &peer->srcadr);
1683 		if (peer->ident_pkey != NULL)
1689 	    peer->ident);
1710 	struct peer *peer,	/* peer structure pointer */
2168 	struct peer *peer,	/* peer pointer */
2182 	if (peer->ident_pkey == NULL) {
2187 	if ((dsa = EVP_PKEY_get0_DSA(peer->ident_pkey->pkey)) == NULL) {
2195 	if (peer->iffval != NULL)
2196 		BN_free(peer->iffval);
2197 	peer->iffval = BN_new();
2200 	BN_rand(peer->iffval, len * 8, -1, 1);	/* r mod q*/
2202 	BN_mod(peer->iffval, peer->iffval, q, bctx);
2211 	vp->fstamp = htonl(peer->ident_pkey->fstamp);
2214 	BN_bn2bin(peer->iffval, vp->ptr);
2357 	struct peer *peer	/* peer structure pointer */
2375 	if (peer->ident_pkey == NULL) {
2379 	if (ntohl(ep->fstamp) != peer->ident_pkey->fstamp) {
2384 	if ((dsa = EVP_PKEY_get0_DSA(peer->ident_pkey->pkey)) == NULL) {
2388 	if (peer->iffval == NULL) {
2412 	BN_mod_exp(bn, pub_key, peer->iffval, p, bctx);
2422 	BN_free(peer->iffval);
2423 	peer->iffval = NULL;
2500 	struct peer *peer,	/* peer pointer */
2514 	if (peer->ident_pkey == NULL)
2517 	if ((rsa = EVP_PKEY_get0_RSA(peer->ident_pkey->pkey)) == NULL) {
2525 	if (peer->iffval != NULL)
2526 		BN_free(peer->iffval);
2527 	peer->iffval = BN_new();
2530 	BN_rand(peer->iffval, len * 8, -1, 1);	/* r mod n */
2532 	BN_mod(peer->iffval, peer->iffval, n, bctx);
2541 	vp->fstamp = htonl(peer->ident_pkey->fstamp);
2544 	BN_bn2bin(peer->iffval, vp->ptr);
2680 	struct peer *peer	/* peer structure pointer */
2699 	if (peer->ident_pkey == NULL) {
2703 	if (ntohl(ep->fstamp) < peer->ident_pkey->fstamp) {
2708 	if ((rsa = EVP_PKEY_get0_RSA(peer->ident_pkey->pkey)) == NULL) {
2713 	if (peer->iffval == NULL) {
2736 	if (peer->grpkey == NULL) {
2740 	BN_mod_exp(v, peer->grpkey, peer->iffval, n, bctx);
2751 	BN_free(peer->iffval);
2752 	peer->iffval = NULL;
2844 	struct peer *peer,	/* peer pointer */
2858 	if (peer->ident_pkey == NULL)
2861 	if ((dsa = EVP_PKEY_get0_DSA(peer->ident_pkey->pkey)) == NULL) {
2870 	if (peer->iffval != NULL)
2871 		BN_free(peer->iffval);
2872 	peer->iffval = BN_new();
2874 	BN_rand(peer->iffval, len * 8, -1, 1);	/* r mod p */
2876 	BN_mod(peer->iffval, peer->iffval, p, bctx);
2885 	vp->fstamp = htonl(peer->ident_pkey->fstamp);
2888 	BN_bn2bin(peer->iffval, vp->ptr);
3032 	struct peer *peer	/* peer structure pointer */
3050 	if (peer->ident_pkey == NULL) {
3054 	if (ntohl(ep->fstamp) != peer->ident_pkey->fstamp) {
3059 	if ((dsa = EVP_PKEY_get0_DSA(peer->ident_pkey->pkey)) == NULL) {
3065 	if (peer->iffval == NULL) {
3094 	temp = BN_cmp(u, peer->iffval);
3096 	BN_free(peer->iffval);
3097 	peer->iffval = NULL;
3288 	struct peer *peer	/* peer structure */
3353 	struct peer *peer,	/* peer structure pointer */
3365 	if (peer->issuer != NULL)
3366 		free(peer->issuer);
3367 	peer->issuer = estrdup(yp->issuer);
3368 	xp = peer->xinfo;
3369 	peer->xinfo = yp;
3389 		peer->crypto |= CRYPTO_FLAG_CERT;
3390 		peer->grpkey = yp->grpkey;
3391 		if (peer->ident == NULL || !(peer->crypto &
3393 			peer->crypto |= CRYPTO_FLAG_VRFY;

Indexes created Sat Jun 01 22:14:01 MDT 2024