New accept_unsigned option for HMAC

The possibility to accept packets without HMAC on interfaces configured for HMAC is added to do non-blocking steps when initializing HMAC on a network. We should push this upstream

New accept_unsigned option for HMAC
The possibility to accept packets without HMAC on interfaces configured for HMAC is added to do non-blocking steps when initializing HMAC on a network. We should push this upstream
1f08db8e · Killian Lufau · 42b1604b · 1f08db8e · 1f08db8e · 1f08db8e
Commit 1f08db8e authored May 29, 2019 by Killian Lufau
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 10 deletions

configuration.c configuration.c +4 -0

configuration.h configuration.h +1 -0

hmac.c hmac.c +3 -1

message.c message.c +12 -9

No files found.
--- a/configuration.c
+++ b/configuration.c
@@ -65,6 +65,8 @@ int config_finalised = 0;
 /* get_next_char callback */
 typedef int (*gnc_t)(void*);

+int ignore_no_hmac = 0;
+
 static int
 skip_whitespace(int c, gnc_t gnc, void *closure)
 {
@@ -1227,6 +1229,8 @@ parse_config_line(int c, gnc_t gnc, void *closure,
        }
        add_key(key->id, key->type, key->len, key->value);
        free(key);
+    } else if(strcmp(token, "ignore_no_hmac") == 0) {
+        ignore_no_hmac = 1;
    } else {
        c = parse_option(c, gnc, closure, token);
        if(c < -1)

--- a/configuration.h
+++ b/configuration.h
@@ -59,6 +59,7 @@ struct filter {
 };

 extern struct interface_conf *default_interface_conf;
+extern int ignore_no_hmac;

 void flush_ifconf(struct interface_conf *if_conf);


--- a/hmac.c
+++ b/hmac.c
@@ -276,6 +276,7 @@ check_hmac(const unsigned char *packet, int packetlen, int bodylen,
 {
    int i = bodylen + 4;
    int len;
+    int rc = ignore_no_hmac ? 2 : 0;

    debugf("check_hmac %s -> %s\n",
 	   format_address(src), format_address(dst));
@@ -294,8 +295,9 @@ check_hmac(const unsigned char *packet, int packetlen, int bodylen,
 			    packet + i + 2 , len) == 1) {
 		return 1;
 	    }
+	    rc = 0;
 	}
 	i += len + 2;
    }
-    return 0;
+    return rc;
 }
--- a/message.c
+++ b/message.c
@@ -575,15 +575,18 @@ parse_packet(const unsigned char *from, struct interface *ifp,
    }

    if(ifp->key != NULL) {
-	if(check_hmac(packet, packetlen, bodylen, neigh->address,
-		      to) != 1) {
-	    fprintf(stderr, "Received wrong hmac.\n");
-	    return;
-	}
-
-	if(preparse_packet(packet, bodylen, neigh, ifp) == 0) {
-	    fprintf(stderr, "Received wrong PC or failed the challenge.\n");
-	    return;
+	switch(check_hmac(packet, packetlen, bodylen, neigh->address, to)) {
+	    case 0:
+		fprintf(stderr, "Received wrong hmac.\n");
+		return;
+	    case 1:
+		if(preparse_packet(packet, bodylen, neigh, ifp) == 0) {
+		    fprintf(stderr, "Received wrong PC or failed the challenge.\n");
+		    return;
+		}
+		break;
+	    case 2: /* missing key ignored */
+		;
 	}
    }