~mdw
/
tripe
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
keyexch: Group element encodings must have constant length.
[tripe]
/
keymgmt.c
diff --git
a/keymgmt.c
b/keymgmt.c
index
e05706a
..
7163ddd
100644
(file)
--- a/
keymgmt.c
+++ b/
keymgmt.c
@@
-1,6
+1,6
@@
/* -*-c-*-
*
/* -*-c-*-
*
- * $Id
: keymgmt.c,v 1.6 2004/04/18 18:08:11 mdw Exp
$
+ * $Id$
*
* Key loading and storing
*
*
* Key loading and storing
*
@@
-185,20
+185,20
@@
static const char *algs_get(algswitch *a, key_file *kf, key *k)
if ((p = key_getattr(kf, k, "cipher")) == 0)
p = "blowfish-cbc";
if ((a->c = gcipher_byname(p)) == 0)
if ((p = key_getattr(kf, k, "cipher")) == 0)
p = "blowfish-cbc";
if ((a->c = gcipher_byname(p)) == 0)
- FAIL("unknown
cipher");
+ FAIL("unknown
-
cipher");
if ((p = key_getattr(kf, k, "hash")) == 0)
p = "rmd160";
if ((a->h = ghash_byname(p)) == 0)
if ((p = key_getattr(kf, k, "hash")) == 0)
p = "rmd160";
if ((a->h = ghash_byname(p)) == 0)
- FAIL("unknown
hash function
");
+ FAIL("unknown
-hash
");
- if ((p = key_getattr(kf, k, "mgf"))
!
= 0) {
+ if ((p = key_getattr(kf, k, "mgf"))
=
= 0) {
dstr_reset(&d);
dstr_reset(&d);
- dstr_putf(&d, "%s-mgf");
+ dstr_putf(&d, "%s-mgf"
, a->h->name
);
p = d.buf;
}
if ((a->mgf = gcipher_byname(p)) == 0)
p = d.buf;
}
if ((a->mgf = gcipher_byname(p)) == 0)
- FAIL("unknown
MGF
cipher");
+ FAIL("unknown
-mgf-
cipher");
if ((p = key_getattr(kf, k, "mac")) != 0) {
dstr_reset(&d);
if ((p = key_getattr(kf, k, "mac")) != 0) {
dstr_reset(&d);
@@
-206,20
+206,20
@@
static const char *algs_get(algswitch *a, key_file *kf, key *k)
if ((q = strchr(d.buf, '/')) != 0)
*q++ = 0;
if ((a->m = gmac_byname(d.buf)) == 0)
if ((q = strchr(d.buf, '/')) != 0)
*q++ = 0;
if ((a->m = gmac_byname(d.buf)) == 0)
- FAIL("unknown
message authentication code
");
+ FAIL("unknown
-mac
");
if (!q)
a->tagsz = a->m->hashsz;
else {
unsigned long n = strtoul(q, &q, 0);
if (!q)
a->tagsz = a->m->hashsz;
else {
unsigned long n = strtoul(q, &q, 0);
- if (*q) FAIL("bad
tag length
string");
- if (n%8 || n > ~(size_t)0) FAIL("bad
tag
length");
+ if (*q) FAIL("bad
-tag-length-
string");
+ if (n%8 || n > ~(size_t)0) FAIL("bad
-tag-
length");
a->tagsz = n/8;
}
} else {
dstr_reset(&d);
dstr_putf(&d, "%s-hmac", a->h->name);
if ((a->m = gmac_byname(d.buf)) == 0)
a->tagsz = n/8;
}
} else {
dstr_reset(&d);
dstr_putf(&d, "%s-hmac", a->h->name);
if ((a->m = gmac_byname(d.buf)) == 0)
- FAIL("
failed to derive HMAC from hash function
");
+ FAIL("
no-hmac-for-hash
");
a->tagsz = a->h->hashsz/2;
}
a->tagsz = a->h->hashsz/2;
}
@@
-301,7
+301,13
@@
static int algs_samep(const algswitch *a, const algswitch *aa)
*/
static void keymoan(const char *file, int line, const char *msg, void *p)
*/
static void keymoan(const char *file, int line, const char *msg, void *p)
- { a_warn("%s:%i: error: %s", file, line, msg); }
+{
+ a_warn("KEYMGMT",
+ "key-file-error",
+ "%s:%i", file, line,
+ "%s", msg,
+ A_END);
+}
/* --- @loadpriv@ --- *
*
/* --- @loadpriv@ --- *
*
@@
-316,7
+322,7
@@
static int loadpriv(dstr *d)
{
key_file kf;
key *k;
{
key_file kf;
key *k;
- key_data *kd;
+ key_data *
*
kd;
dstr t = DSTR_INIT;
group *g = 0;
mp *x = 0;
dstr t = DSTR_INIT;
group *g = 0;
mp *x = 0;
@@
-353,7
+359,7
@@
tymatch:;
/* --- Load the key --- */
/* --- Load the key --- */
- if ((e = (*ko)->loadpriv(kd, &g, &x, &t)) != 0) {
+ if ((e = (*ko)->loadpriv(
*
kd, &g, &x, &t)) != 0) {
dstr_putf(d, "error reading private key `%s': %s", t.buf, e);
goto done_1;
}
dstr_putf(d, "error reading private key `%s': %s", t.buf, e);
goto done_1;
}
@@
-450,16
+456,16
@@
static int loadpub(dstr *d)
return (0);
}
return (0);
}
-/* --- @km_
interval
@ --- *
+/* --- @km_
reload
@ --- *
*
* Arguments: ---
*
* Returns: Zero if OK, nonzero to force reloading of keys.
*
*
* Arguments: ---
*
* Returns: Zero if OK, nonzero to force reloading of keys.
*
- * Use: C
alled on the interval timer to perform various useful jobs
.
+ * Use: C
hecks the keyrings to see if they need reloading
.
*/
*/
-int km_
interval
(void)
+int km_
reload
(void)
{
dstr d = DSTR_INIT;
key_file *kf;
{
dstr d = DSTR_INIT;
key_file *kf;
@@
-471,7
+477,7
@@
int km_interval(void)
T( trace(T_KEYMGMT, "keymgmt: private keyring updated: reloading..."); )
DRESET(&d);
if (loadpriv(&d))
T( trace(T_KEYMGMT, "keymgmt: private keyring updated: reloading..."); )
DRESET(&d);
if (loadpriv(&d))
- a_warn("
%s -- ignoring changes", d.buf
);
+ a_warn("
KEYMGMT", "bad-private-key", "%s", d.buf, A_END
);
else
reload = 1;
}
else
reload = 1;
}
@@
-483,7
+489,7
@@
int km_interval(void)
kf = kf_pub;
DRESET(&d);
if (loadpub(&d))
kf = kf_pub;
DRESET(&d);
if (loadpub(&d))
- a_warn("
%s -- ignoring changes", d.buf
);
+ a_warn("
KEYMGMT", "bad-public-keyring", "%s", d.buf, A_END
);
else {
reload = 1;
key_close(kf);
else {
reload = 1;
key_close(kf);
@@
-546,7
+552,7
@@
void km_init(const char *priv, const char *pub, const char *tag)
int km_getpubkey(const char *tag, ge *kpub, time_t *t_exp)
{
key *k;
int km_getpubkey(const char *tag, ge *kpub, time_t *t_exp)
{
key *k;
- key_data *kd;
+ key_data *
*
kd;
dstr t = DSTR_INIT;
const kgops **ko;
const char *e;
dstr t = DSTR_INIT;
const kgops **ko;
const char *e;
@@
-558,7
+564,7
@@
int km_getpubkey(const char *tag, ge *kpub, time_t *t_exp)
/* --- Find the key --- */
if (key_qtag(kf_pub, tag, &t, &k, &kd)) {
/* --- Find the key --- */
if (key_qtag(kf_pub, tag, &t, &k, &kd)) {
- a_warn("
public key `%s' not found in keyring `%s'", tag, kr_pub
);
+ a_warn("
KEYMGMT", "public-key", "%s", tag, "not-found", A_END
);
goto done;
}
goto done;
}
@@
-568,14
+574,17
@@
int km_getpubkey(const char *tag, ge *kpub, time_t *t_exp)
if (strcmp((*ko)->ty, k->type) == 0)
goto tymatch;
}
if (strcmp((*ko)->ty, k->type) == 0)
goto tymatch;
}
- a_warn("public key `%s' has unknown type `%s'", t.buf, k->type);
+ a_warn("KEYMGMT",
+ "public-key", "%s", t.buf,
+ "unknown-type", "%s", k->type,
+ A_END);
goto done;
tymatch:;
/* --- Load the key --- */
goto done;
tymatch:;
/* --- Load the key --- */
- if ((e = (*ko)->loadpub(kd, &g, &p, &t)) != 0) {
- a_warn("
error reading public key `%s': %s", t.buf, e
);
+ if ((e = (*ko)->loadpub(
*
kd, &g, &p, &t)) != 0) {
+ a_warn("
KEYMGMT", "public-key", "%s", t.buf, "bad", "%s", e, A_END
);
goto done;
}
goto done;
}
@@
-586,25
+595,34
@@
tymatch:;
*/
if (!group_samep(gg, g)) {
*/
if (!group_samep(gg, g)) {
- a_warn("
public key `%s' has incorrect group", t.buf
);
+ a_warn("
KEYMGMT", "public-key", "%s", t.buf, "incorrect-group", A_END
);
goto done;
}
/* --- Check the public group element --- */
if (group_check(gg, p)) {
goto done;
}
/* --- Check the public group element --- */
if (group_check(gg, p)) {
- a_warn("public key `%s' has bad public group element", t.buf);
+ a_warn("KEYMGMT",
+ "public-key", "%s", t.buf,
+ "bad-public-group-element",
+ A_END);
goto done;
}
/* --- Check the algorithms --- */
if ((e = algs_get(&a, kf_pub, k)) != 0) {
goto done;
}
/* --- Check the algorithms --- */
if ((e = algs_get(&a, kf_pub, k)) != 0) {
- a_warn("public key `%s' has bad algorithm selection: %s", t.buf, e);
+ a_warn("KEYMGMT",
+ "public-key", "%s", t.buf,
+ "bad-algorithm-selection", e,
+ A_END);
goto done;
}
goto done;
}
- if (!algs_samep(&a, &algs)) {
- a_warn("public key `%s' specifies different algorithms", t.buf);
+ if (!algs_samep(&a, &algs)) {
+ a_warn("KEYMGMT",
+ "public-key", "%s", t.buf,
+ "algorithm-mismatch",
+ A_END);
goto done;
}
goto done;
}