188 				    struct peer *);
191 static	int	crypto_alice	(struct peer *, struct value *);
192 static	int	crypto_alice2	(struct peer *, struct value *);
193 static	int	crypto_alice3	(struct peer *, struct value *);
197 static	int	crypto_iff	(struct exten *, struct peer *);
198 static	int	crypto_gq	(struct exten *, struct peer *);
199 static	int	crypto_mv	(struct exten *, struct peer *);
205 static	struct cert_info *cert_install (struct exten *, struct peer *);
206 static	int	cert_hike	(struct peer *, struct cert_info *);
305 	struct peer *peer,	/* peer structure pointer */
326 	if (peer->keylist == NULL)
327 		peer->keylist = eallocarray(NTP_MAXSESSION,
348 	 * included in the hash is zero if broadcast mode, the peer
351 	mpoll = 1U << min(peer->ppoll, peer->hpoll);
353 	if (peer->hmode == MODE_BROADCAST)
356 		cookie = peer->pcookie;
358 		peer->keylist[i] = keyid;
359 		peer->keynumber = i;
360 		keyid = session_key(&dstadr->sin, &peer->srcadr, keyid,
374 	vp = &peer->sndval;
378 	ap->seq = htonl(peer->keynumber);
394 			peer->flags |= FLAG_ASSOC;
398 		    peer->keynumber, keyid, cookie, ntohl(vp->tstamp),
399 		    ntohl(vp->fstamp), peer->hpoll));
422 	struct peer *peer,	/* peer structure pointer */
471 			    peer->crypto, authlen, len, code >> 16,
527 			if (peer->crypto & CRYPTO_FLAG_CERT) {
531 			if (peer->cmmd) {
532 				if (peer->assoc != associd) {
536 				free(peer->cmmd); /* will be set again! */
540 			fp->associd = htonl(peer->associd);
541 			peer->cmmd = fp;
550 			if (peer->crypto) {
551 				if (peer->assoc != associd)
562 				    crypto_flags, peer->associd, fstamp,
563 				    peer->assoc));
583 			 * It is an error if either peer supports
615 			peer->assoc = associd;
620 			RAND_bytes((u_char *)&peer->hcookie, 4);
621 			peer->crypto = fstamp;
622 			peer->digest = dp;
623 			if (peer->subject != NULL)
624 				free(peer->subject);
625 			peer->subject = emalloc(vallen + 1);
626 			memcpy(peer->subject, ep->pkt, vallen);
627 			peer->subject[vallen] = '\0';
628 			if (peer->issuer != NULL)
629 				free(peer->issuer);
630 			peer->issuer = estrdup(peer->subject);
632 			    "assoc %d %d host %s %s", peer->associd,
633 			    peer->assoc, peer->subject,
635 			record_crypto_stats(&peer->srcadr, statstr);
654 			if ((rval = crypto_verify(ep, NULL, peer)) !=
665 			if ((xinfo = cert_install(ep, peer)) == NULL) {
669 			if ((rval = cert_hike(peer, xinfo)) != XEVNT_OK)
679 			if (peer->pkey == NULL) {
683 				peer->pkey = X509_get_pubkey(cert);
686 			peer->flash &= ~TEST8;
693 			record_crypto_stats(&peer->srcadr, statstr);
711 			if ((rval = crypto_verify(ep, NULL, peer)) !=
723 			if ((rval = crypto_iff(ep, peer)) != XEVNT_OK)
726 			peer->crypto |= CRYPTO_FLAG_VRFY;
727 			peer->flash &= ~TEST8;
729 			    peer->issuer, ntohl(ep->fstamp));
730 			record_crypto_stats(&peer->srcadr, statstr);
749 			if ((rval = crypto_verify(ep, NULL, peer)) !=
761 			if ((rval = crypto_gq(ep, peer)) != XEVNT_OK)
764 			peer->crypto |= CRYPTO_FLAG_VRFY;
765 			peer->flash &= ~TEST8;
767 			    peer->issuer, ntohl(ep->fstamp));
768 			record_crypto_stats(&peer->srcadr, statstr);
786 			if ((rval = crypto_verify(ep, NULL, peer)) !=
798 			if ((rval = crypto_mv(ep, peer)) != XEVNT_OK)
801 			peer->crypto |= CRYPTO_FLAG_VRFY;
802 			peer->flash &= ~TEST8;
804 			    peer->issuer, ntohl(ep->fstamp));
805 			record_crypto_stats(&peer->srcadr, statstr);
822 			if ((rval = crypto_verify(ep, &peer->cookval,
823 			    peer)) != XEVNT_OK)
861 			key_expire(peer);
864 				peer->pcookie = peer->hcookie ^ cookie;
866 				peer->pcookie = cookie;
867 			peer->crypto |= CRYPTO_FLAG_COOK;
868 			peer->flash &= ~TEST8;
870 			    "cook %x ts %u fs %u", peer->pcookie,
872 			record_crypto_stats(&peer->srcadr, statstr);
879 		 * sever/peer cookie changes or a new keylist is
883 		 * or symmetric peer can receive this response without a
893 			if ((rval = crypto_verify(ep, &peer->recval,
894 			    peer)) != XEVNT_OK) 
904 			if ((peer->cast_flags & MDF_BCLNT) &&
905 			    peer->assoc != associd)
915 			if (peer->recval.ptr == NULL)
916 				peer->recval.ptr =
918 			bp = (struct autokey *)peer->recval.ptr;
919 			peer->recval.tstamp = ep->tstamp;
920 			peer->recval.fstamp = ep->fstamp;
924 			peer->pkeyid = bp->key;
925 			peer->crypto |= CRYPTO_FLAG_AUTO;
926 			peer->flash &= ~TEST8;
931 			record_crypto_stats(&peer->srcadr, statstr);
947 			if ((rval = crypto_verify(ep, NULL, peer)) !=
956 			if ((xinfo = cert_install(ep, peer)) == NULL) {
960 			peer->crypto |= CRYPTO_FLAG_SIGN;
961 			peer->flash &= ~TEST8;
968 			record_crypto_stats(&peer->srcadr, statstr);
984 			rval = crypto_verify(ep, NULL, peer);
1000 			mprintf_event(EVNT_TAI, peer,
1002 			peer->crypto |= CRYPTO_FLAG_LEAP;
1003 			peer->flash &= ~TEST8;
1008 			record_crypto_stats(&peer->srcadr, statstr);
1042 			} else if (peer->cmmd == NULL) {
1045 				peer->cmmd = fp;
1057 			record_crypto_stats(&peer->srcadr, statstr);
1086 	struct peer *peer,	/* peer structure pointer */
1118 	if (peer != NULL) {
1119 		srcadr_sin = &peer->srcadr;
1121 			peer->opcode = ep->opcode;
1241 		if (peer == NULL)
1244 		if ((rval = crypto_alice(peer, &vtemp)) == XEVNT_OK) {
1264 		if (peer == NULL)
1267 		if ((rval = crypto_alice2(peer, &vtemp)) == XEVNT_OK) {
1287 		if (peer == NULL)
1290 		if ((rval = crypto_alice3(peer, &vtemp)) == XEVNT_OK) {
1341 		if (peer == NULL)
1344 			tcookie = peer->hcookie;
1353 	 * Find peer and send autokey data and signature in broadcast
1360 		if (peer == NULL) {
1361 			if ((peer = findpeerbyassoc(associd)) == NULL) {
1366 		peer->flags &= ~FLAG_ASSOC;
1367 		len = crypto_send(fp, &peer->sndval, start);
1429 	struct peer *peer	/* peer structure pointer */
1462 	if (opcode == (CRYPTO_AUTO | CRYPTO_RESP) && (peer->pmode ==
1463 	    MODE_BROADCAST || (peer->cast_flags & MDF_BCLNT))) {
1464 		if (ntohl(ep->associd) != peer->assoc)
1467 		if (ntohl(ep->associd) != peer->associd)
1531 	if (crypto_flags & peer->crypto & CRYPTO_FLAG_PRIV)
1534 		pkey = peer->pkey;
1535 	if (siglen == 0 || pkey == NULL || peer->digest == NULL)
1547 	EVP_VerifyInit(ctx, peer->digest);
1556 	if (peer->crypto & CRYPTO_FLAG_VRFY)
1557 		peer->crypto |= CRYPTO_FLAG_PROV;
1651 	struct peer *peer	/* peer structure pointer */
1665 	if (peer->crypto & CRYPTO_FLAG_IFF) {
1668 	} else if (peer->crypto & CRYPTO_FLAG_GQ) {
1671 	} else if (peer->crypto & CRYPTO_FLAG_MV) {
1678 		    scheme_name, peer->ident);
1679 		peer->ident_pkey = crypto_key(filename, NULL,
1680 		    &peer->srcadr);
1681 		if (peer->ident_pkey != NULL)
1687 	    peer->ident);
1708 	struct peer *peer,	/* peer structure pointer */
2158 	struct peer *peer,	/* peer pointer */
2172 	if (peer->ident_pkey == NULL) {
2177 	if ((dsa = __UNCONST(EVP_PKEY_get0_DSA(peer->ident_pkey->pkey))) == NULL) {
2185 	if (peer->iffval != NULL)
2186 		BN_free(peer->iffval);
2187 	peer->iffval = BN_new();
2190 	BN_rand(peer->iffval, len * 8, -1, 1);	/* r mod q*/
2192 	BN_mod(peer->iffval, peer->iffval, q, bctx);
2201 	vp->fstamp = htonl(peer->ident_pkey->fstamp);
2204 	BN_bn2bin(peer->iffval, vp->ptr);
2355 	struct peer *peer	/* peer structure pointer */
2373 	if (peer->ident_pkey == NULL) {
2377 	if (ntohl(ep->fstamp) != peer->ident_pkey->fstamp) {
2382 	if ((dsa = __UNCONST(EVP_PKEY_get0_DSA(peer->ident_pkey->pkey))) == NULL) {
2386 	if (peer->iffval == NULL) {
2410 	BN_mod_exp(bn, pub_key, peer->iffval, p, bctx);
2420 	BN_free(peer->iffval);
2421 	peer->iffval = NULL;
2498 	struct peer *peer,	/* peer pointer */
2512 	if (peer->ident_pkey == NULL)
2515 	if ((rsa = __UNCONST(EVP_PKEY_get0_RSA(peer->ident_pkey->pkey))) == NULL) {
2523 	if (peer->iffval != NULL)
2524 		BN_free(peer->iffval);
2525 	peer->iffval = BN_new();
2528 	BN_rand(peer->iffval, len * 8, -1, 1);	/* r mod n */
2530 	BN_mod(peer->iffval, peer->iffval, n, bctx);
2539 	vp->fstamp = htonl(peer->ident_pkey->fstamp);
2542 	BN_bn2bin(peer->iffval, vp->ptr);
2676 	struct peer *peer	/* peer structure pointer */
2695 	if (peer->ident_pkey == NULL) {
2699 	if (ntohl(ep->fstamp) < peer->ident_pkey->fstamp) {
2704 	if ((rsa = __UNCONST(EVP_PKEY_get0_RSA(peer->ident_pkey->pkey))) == NULL) {
2709 	if (peer->iffval == NULL) {
2732 	if (peer->grpkey == NULL) {
2736 	BN_mod_exp(v, peer->grpkey, peer->iffval, n, bctx);
2747 	BN_free(peer->iffval);
2748 	peer->iffval = NULL;
2840 	struct peer *peer,	/* peer pointer */
2854 	if (peer->ident_pkey == NULL)
2857 	if ((dsa = __UNCONST(EVP_PKEY_get0_DSA(peer->ident_pkey->pkey))) == NULL) {
2866 	if (peer->iffval != NULL)
2867 		BN_free(peer->iffval);
2868 	peer->iffval = BN_new();
2870 	BN_rand(peer->iffval, len * 8, -1, 1);	/* r mod p */
2872 	BN_mod(peer->iffval, peer->iffval, p, bctx);
2881 	vp->fstamp = htonl(peer->ident_pkey->fstamp);
2884 	BN_bn2bin(peer->iffval, vp->ptr);
3026 	struct peer *peer	/* peer structure pointer */
3044 	if (peer->ident_pkey == NULL) {
3048 	if (ntohl(ep->fstamp) != peer->ident_pkey->fstamp) {
3053 	if ((dsa = __UNCONST(EVP_PKEY_get0_DSA(peer->ident_pkey->pkey))) == NULL) {
3059 	if (peer->iffval == NULL) {
3088 	temp = BN_cmp(u, peer->iffval);
3090 	BN_free(peer->iffval);
3091 	peer->iffval = NULL;
3281 	struct peer *peer	/* peer structure */
3346 	struct peer *peer,	/* peer structure pointer */
3358 	if (peer->issuer != NULL)
3359 		free(peer->issuer);
3360 	peer->issuer = estrdup(yp->issuer);
3361 	xp = peer->xinfo;
3362 	peer->xinfo = yp;
3382 		peer->crypto |= CRYPTO_FLAG_CERT;
3383 		peer->grpkey = yp->grpkey;
3384 		if (peer->ident == NULL || !(peer->crypto &
3386 			peer->crypto |= CRYPTO_FLAG_VRFY;

Indexes created Fri Aug 23 12:13:05 MDT 2024