New ignore_no_hmac option for HMAC

The possibility to accept packets without HMAC on interfaces configured for HMAC is added to do non-blocking steps when initializing HMAC on a network. TODO: push upstream

New ignore_no_hmac option for HMAC
The possibility to accept packets without HMAC on interfaces configured for HMAC is added to do non-blocking steps when initializing HMAC on a network. TODO: push upstream
21429fdf · Killian Lufau · 42b1604b · 21429fdf · 21429fdf · 21429fdf
Commit 21429fdf authored May 29, 2019 by Killian Lufau
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 10 deletions

configuration.c configuration.c +2 -0

hmac.c hmac.c +4 -1

hmac.h hmac.h +1 -0

message.c message.c +12 -9

No files found.
--- a/configuration.c
+++ b/configuration.c
@@ -1227,6 +1227,8 @@ parse_config_line(int c, gnc_t gnc, void *closure,
        }
        add_key(key->id, key->type, key->len, key->value);
        free(key);
+    } else if(strcmp(token, "ignore_no_hmac") == 0) {
+        ignore_no_hmac = 1;
    } else {
        c = parse_option(c, gnc, closure, token);
        if(c < -1)

--- a/hmac.c
+++ b/hmac.c
@@ -39,6 +39,7 @@ THE SOFTWARE.
 struct key **keys = NULL;
 int numkeys = 0, maxkeys = 0;
+int ignore_no_hmac = 0;
 struct key *
 find_key(const char *id)
@@ -276,6 +277,7 @@ check_hmac(const unsigned char *packet, int packetlen, int bodylen,
 {
    int i = bodylen + 4;
    int len;
+    int rc = ignore_no_hmac ? 2 : 0;
    debugf("check_hmac %s -> %s\n",
 	   format_address(src), format_address(dst));
@@ -294,8 +296,9 @@ check_hmac(const unsigned char *packet, int packetlen, int bodylen,
 			    packet + i + 2 , len) == 1) {
 		return 1;
 	    }
+	    rc = 0;
 	}
 	i += len + 2;
    }
-    return 0;
+    return rc;
 }
--- a/hmac.h
+++ b/hmac.h
@@ -28,6 +28,7 @@ struct key *find_key(const char *id);
 struct key *retain_key(struct key *key);
 void release_key(struct key *key);
 struct key *add_key(char *id, int type, int len, unsigned char *value);
+extern int ignore_no_hmac;
 int add_hmac(struct buffered *buf, struct interface *ifp,
             unsigned char *packet_header);
 int check_hmac(const unsigned char *packet, int packetlen, int bodylen,

--- a/message.c
+++ b/message.c
@@ -575,15 +575,18 @@ parse_packet(const unsigned char *from, struct interface *ifp,
    }
    if(ifp->key != NULL) {
-	if(check_hmac(packet, packetlen, bodylen, neigh->address,
+	switch(check_hmac(packet, packetlen, bodylen, neigh->address, to)) {
-		      to) != 1) {
+	    case 0:
-	    fprintf(stderr, "Received wrong hmac.\n");
+		fprintf(stderr, "Received wrong hmac.\n");
-	    return;
+		return;
-	}
+	    case 1:
+		if(preparse_packet(packet, bodylen, neigh, ifp) == 0) {
-	if(preparse_packet(packet, bodylen, neigh, ifp) == 0) {
+		    fprintf(stderr, "Received wrong PC or failed the challenge.\n");
-	    fprintf(stderr, "Received wrong PC or failed the challenge.\n");
+		    return;
-	    return;
+		}
+		break;
+	    case 2: /* missing key ignored */
+		;
 	}
    }