[tripe] / keyset.c

/* -*-c-*-
 *
 * $Id: keyset.c,v 1.2 2001/02/05 19:53:23 mdw Exp $
 *
 * Handling of symmetric keysets
 *
 * (c) 2001 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------* 
 *
 * This file is part of Trivial IP Encryption (TrIPE).
 *
 * TrIPE is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 * 
 * TrIPE is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with TrIPE; if not, write to the Free Software Foundation,
 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 */

/*----- Revision history --------------------------------------------------* 
 *
 * $Log: keyset.c,v $
 * Revision 1.2  2001/02/05 19:53:23  mdw
 * Add sequence number protection.
 *
 * Revision 1.1  2001/02/03 20:26:37  mdw
 * Initial checkin.
 *
 */

/*----- Header files ------------------------------------------------------*/

#include "tripe.h"

/*----- Tunable parameters ------------------------------------------------*/

#define KEY_EXPTIME MIN(60)		/* Expiry time for a key */
#define KEY_REGENTIME MIN(45)		/* Regeneration time for a key */
#define KEY_EXPSZ MEG(512)		/* Expiry data size for a key */
#define KEY_REGENSZ MEG(256)		/* Data size threshold for regen */

/*----- Handy macros ------------------------------------------------------*/

#define KEYOK(ks, now) ((ks)->sz_exp > 0 && (ks)->t_exp > now)

/*----- Main code ---------------------------------------------------------*/

/* --- @freeks@ --- *
 *
 * Arguments:	@keyset *ks@ = pointer to a keyset
 *
 * Returns:	---
 *
 * Use:		Frees a keyset.
 */

static void freeks(keyset *ks)
{
  ks->c->ops->destroy(ks->c);
  ks->m->ops->destroy(ks->m);
  DESTROY(ks);
}

/* --- @ks_free@ --- *
 *
 * Arguments:	@keyset **ksroot@ = pointer to keyset list head
 *
 * Returns:	---
 *
 * Use:		Frees all of the keys in a keyset.
 */

void ks_free(keyset **ksroot)
{
  keyset *ks, *ksn;
  for (ks = *ksroot; ks; ks = ksn) {
    ksn = ks->next;
    freeks(ks);
  }
}

/* --- @ks_prune@ --- *
 *
 * Arguments:	@keyset **ksroot@ = pointer to keyset list head
 *
 * Returns:	---
 *
 * Use:		Prunes the keyset list by removing keys which mustn't be used
 *		any more.
 */

void ks_prune(keyset **ksroot)
{
  time_t now = time(0);

  while (*ksroot) {
    keyset *ks = *ksroot;
    if (ks->t_exp <= now) {
      T( trace(T_KEYSET, "keyset: expiring keyset %u (time limit reached)",
	       ks->seq); )
      *ksroot = ks->next;
      freeks(ks);
    } else if (ks->sz_exp == 0) {
      T( trace(T_KEYSET, "keyset: expiring keyset %u (data limit reached)",
	       ks->seq); )
      *ksroot = ks->next;
      freeks(ks);
    } else
      ksroot = &ks->next;
  }
}

/* --- @ks_gen@ --- *
 *
 * Arguments:	@keyset **ksroot@ = pointer to keyset list head
 *		@const void *k@ = pointer to key material
 *		@size_t sz@ = size of the key material
 *
 * Returns:	The regeneration time for the new key.
 *
 * Use:		Derives a keyset from the given key material and adds it to
 *		the list.
 */

time_t ks_gen(keyset **ksroot, const void *k, size_t sz)
{
  rmd160_ctx r;
  octet buf[RMD160_HASHSZ];
  keyset *ks = CREATE(keyset);
  time_t now = time(0);
  T( static unsigned seq = 0; )

  T( trace(T_KEYSET, "keyset: adding new keyset %u", seq); )

#define GETHASH(str) do {						\
  rmd160_init(&r);							\
  rmd160_hash(&r, str, sizeof(str) - 1);				\
  rmd160_hash(&r, k, sz);						\
  rmd160_done(&r, buf);							\
  IF_TRACING(T_KEYSET, {						\
    trace_block(T_CRYPTO, "crypto: key " str, buf, sizeof(buf));	\
  })									\
} while (0)

  GETHASH("tripe-encryption "); ks->c = blowfish_cbc.init(buf, sizeof(buf));
  GETHASH("tripe-integrity "); ks->m = rmd160_hmac.key(buf, sizeof(buf));

#undef GETHASH

  T( ks->seq = seq++; )
  ks->t_exp = now + KEY_EXPTIME;
  ks->sz_exp = KEY_EXPSZ;
  ks->oseq = ks->iseq = 0;
  ks->iwin = 0;
  ks->next = *ksroot;
  *ksroot = ks;
  BURN(buf);
  return (now + KEY_REGENTIME);
}

/* --- @ks_encrypt@ --- *
 *
 * Arguments:	@keyset **ksroot@ = pointer to keyset list head
 *		@buf *b@ = pointer to input buffer
 *		@buf *bb@ = pointer to output buffer
 *
 * Returns:	Nonzero if a new key is needed.
 *
 * Use:		Encrypts a packet.
 */

int ks_encrypt(keyset **ksroot, buf *b, buf *bb)
{
  time_t now = time(0);
  keyset *ks;
  ghash *h;
  gcipher *c;
  size_t ivsz;
  const octet *p = BCUR(b);
  size_t sz = BLEFT(b);
  octet *qiv, *qseq, *qpk;
  uint32 oseq;
  size_t osz, nsz;
  int rc = 0;

  /* --- Get the latest valid key --- */

  ks = *ksroot;
  for (;;) {
    if (!ks) {
      T( trace(T_KEYSET, "keyset: no active keys -- forcing exchange"); )
      buf_break(bb);
      return (-1);
    }
    if (KEYOK(ks, now))
      break;
    ks = ks->next;
  }

  /* --- Allocate the required buffer space --- */

  c = ks->c;
  ivsz = c->ops->c->blksz;
  if (buf_ensure(bb, ivsz + 4 + sz)) return (0);
  qiv = BCUR(bb); qseq = qiv + ivsz; qpk = qseq + 4;
  BSTEP(bb, ivsz + 4 + sz);

  /* --- MAC and encrypt the packet --- */

  oseq = ks->oseq++; STORE32(qseq, oseq);
  h = ks->m->ops->init(ks->m);
  h->ops->hash(h, qseq, 4);
  h->ops->hash(h, p, sz);
  memcpy(qiv, h->ops->done(h, 0), ivsz);
  h->ops->destroy(h);
  IF_TRACING(T_KEYSET, {
    trace(T_KEYSET, "keyset: encrypting packet %lu using keyset %u",
	  (unsigned long)oseq, ks->seq);
    trace_block(T_CRYPTO, "crypto: computed MAC", qiv, ivsz);
  })
  c->ops->setiv(c, qiv);
  c->ops->encrypt(c, p, qpk, sz);
  IF_TRACING(T_KEYSET, {
    trace_block(T_CRYPTO, "crypto: encrypted packet", qpk, sz);
  })

  /* --- Deduct the packet size from the key's data life --- */

  osz = ks->sz_exp;
  if (osz > sz)
    nsz = osz - sz;
  else
    nsz = 0;
  if (osz >= KEY_REGENSZ && nsz < KEY_REGENSZ) {
    T( trace(T_KEYSET, "keyset: keyset %u data regen limit exceeded -- "
	     "forcing exchange", ks->seq); )
    rc = 1;
  }
  ks->sz_exp = nsz;
  return (rc);
}

/* --- @ks_decrypt@ --- *
 *
 * Arguments:	@keyset **ksroot@ = pointer to keyset list head
 *		@buf *b@ = pointer to input buffer
 *		@buf *bb@ = pointer to output buffer
 *
 * Returns:	Nonzero if the packet couldn't be decrypted.
 *
 * Use:		Decrypts a packet.
 */

int ks_decrypt(keyset **ksroot, buf *b, buf *bb)
{
  time_t now = time(0);
  const octet *piv, *pseq, *ppk;
  size_t psz = BLEFT(b);
  size_t sz;
  octet *q = BCUR(bb);
  uint32 iseq;
  unsigned seqbit;
  keyset *ks;

  /* --- Allocate space in the output buffer --- */

  T( trace(T_KEYSET, "keyset: attempting to decrypt packet"); )
  if (buf_ensure(bb, psz))
    return (-1);

  /* --- Try all of the valid keys --- */

  for (ks = *ksroot; ks; ks = ks->next) {
    ghash *h;
    gcipher *c = ks->c;
    size_t ivsz = c->ops->c->blksz;
    octet *mac;
    int eq;

    /* --- Break up the packet into its components --- */

    if (!KEYOK(ks, now))
      continue;
    if (psz < ivsz + 4) {
      T( trace(T_KEYSET, "keyset: block too small for keyset %u", ks->seq); )
      continue;
    }
    sz = psz - ivsz - 4;
    piv = BCUR(b); pseq = piv + ivsz; ppk = pseq + 4;

    /* --- Attempt to decrypt the packet --- */

    c->ops->setiv(c, piv);
    c->ops->decrypt(c, ppk, q, sz);
    h = ks->m->ops->init(ks->m);
    h->ops->hash(h, pseq, 4);
    h->ops->hash(h, q, sz);
    mac = h->ops->done(h, 0);
    eq = !memcmp(mac, piv, ivsz);
    IF_TRACING(T_KEYSET, {
      trace(T_KEYSET, "keyset: decrypting using keyset %u", ks->seq);
      trace_block(T_CRYPTO, "crypto: computed MAC", mac, ivsz);
    })
    h->ops->destroy(h);
    if (eq) {
      BSTEP(bb, sz);
      goto match;
    }
    IF_TRACING(T_KEYSET, {
      trace(T_KEYSET, "keyset: decryption failed");
      trace_block(T_CRYPTO, "crypto: expected MAC", piv, ivsz);
      trace_block(T_CRYPTO, "crypto: invalid packet", q, sz);
    })
  }
  T( trace(T_KEYSET, "keyset: no matching keys"); )
  return (-1);

  /* --- We've found a match, so check the sequence number --- */

match:
  iseq = LOAD32(pseq);
  IF_TRACING(T_KEYSET, {
    trace(T_KEYSET, "keyset: decrypted OK (sequence = %lu)",
	  (unsigned long)iseq);
    trace_block(T_CRYPTO, "crypto: decrypted packet", q, sz);
  })
  if (iseq < ks->iseq) {
    a_warn("received packet has old sequence number (possible replay)");
    return (-1);
  }
  if (iseq >= ks->iseq + KS_SEQWINSZ) {
    uint32 n = iseq - (ks->iseq + KS_SEQWINSZ - 1);
    if (n < KS_SEQWINSZ)
      ks->iwin >>= n;
    else
      ks->iwin = 0;
    ks->iseq += n;
  }
  seqbit = 1 << (iseq - ks->iseq);
  if (ks->iwin & seqbit) {
    a_warn("received packet repeats old sequence number");
    return (-1);
  }
  ks->iwin |= seqbit;
  return (0);
}

/*----- That's all, folks -------------------------------------------------*/
Commit	Line	Data
410c8acf	1	/* --c--
410c8acf	2	*
09585a65	3	* $Id: keyset.c,v 1.2 2001/02/05 19:53:23 mdw Exp $
410c8acf	4	*
	5	* Handling of symmetric keysets
	6	*
	7	* (c) 2001 Straylight/Edgeware
	8	*/
	9
	10	/----- Licensing notice --------------------------------------------------
	11	*
	12	* This file is part of Trivial IP Encryption (TrIPE).
	13	*
	14	* TrIPE is free software; you can redistribute it and/or modify
	15	* it under the terms of the GNU General Public License as published by
	16	* the Free Software Foundation; either version 2 of the License, or
	17	* (at your option) any later version.
	18	*
	19	* TrIPE is distributed in the hope that it will be useful,
	20	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	22	* GNU General Public License for more details.
	23	*
	24	* You should have received a copy of the GNU General Public License
	25	* along with TrIPE; if not, write to the Free Software Foundation,
	26	* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	27	*/
	28
	29	/----- Revision history --------------------------------------------------
	30	*
	31	* $Log: keyset.c,v $
09585a65	32	* Revision 1.2 2001/02/05 19:53:23 mdw
	33	* Add sequence number protection.
	34	*
410c8acf	35	* Revision 1.1 2001/02/03 20:26:37 mdw
	36	* Initial checkin.
	37	*
	38	*/
	39
	40	/----- Header files ------------------------------------------------------/
	41
	42	#include "tripe.h"
	43
	44	/----- Tunable parameters ------------------------------------------------/
	45
	46	#define KEY_EXPTIME MIN(60) /* Expiry time for a key */
	47	#define KEY_REGENTIME MIN(45) /* Regeneration time for a key */
	48	#define KEY_EXPSZ MEG(512) /* Expiry data size for a key */
	49	#define KEY_REGENSZ MEG(256) /* Data size threshold for regen */
	50
	51	/----- Handy macros ------------------------------------------------------/
	52
	53	#define KEYOK(ks, now) ((ks)->sz_exp > 0 && (ks)->t_exp > now)
	54
	55	/----- Main code ---------------------------------------------------------/
	56
	57	/* --- @freeks@ --- *
	58	*
	59	* Arguments: @keyset *ks@ = pointer to a keyset
	60	*
	61	* Returns: ---
	62	*
	63	* Use: Frees a keyset.
	64	*/
	65
	66	static void freeks(keyset *ks)
	67	{
	68	ks->c->ops->destroy(ks->c);
	69	ks->m->ops->destroy(ks->m);
	70	DESTROY(ks);
	71	}
	72
	73	/* --- @ks_free@ --- *
	74	*
	75	* Arguments: @keyset **ksroot@ = pointer to keyset list head
	76	*
	77	* Returns: ---
	78	*
	79	* Use: Frees all of the keys in a keyset.
	80	*/
	81
	82	void ks_free(keyset **ksroot)
	83	{
	84	keyset ks, ksn;
	85	for (ks = *ksroot; ks; ks = ksn) {
	86	ksn = ks->next;
	87	freeks(ks);
	88	}
	89	}
	90
	91	/* --- @ks_prune@ --- *
	92	*
	93	* Arguments: @keyset **ksroot@ = pointer to keyset list head
	94	*
	95	* Returns: ---
	96	*
	97	* Use: Prunes the keyset list by removing keys which mustn't be used
	98	* any more.
99	*/
100
101	void ks_prune(keyset **ksroot)
102	{
103	time_t now = time(0);
104
105	while (*ksroot) {
106	keyset ks = ksroot;
107	if (ks->t_exp <= now) {
108	T( trace(T_KEYSET, "keyset: expiring keyset %u (time limit reached)",
109	ks->seq); )
110	*ksroot = ks->next;
111	freeks(ks);
112	} else if (ks->sz_exp == 0) {
113	T( trace(T_KEYSET, "keyset: expiring keyset %u (data limit reached)",
114	ks->seq); )
115	*ksroot = ks->next;
116	freeks(ks);
117	} else
118	ksroot = &ks->next;
119	}
120	}
121
122	/* --- @ks_gen@ --- *
123	*
124	* Arguments: @keyset **ksroot@ = pointer to keyset list head
125	* @const void *k@ = pointer to key material
126	* @size_t sz@ = size of the key material
127	*
128	* Returns: The regeneration time for the new key.
129	*
130	* Use: Derives a keyset from the given key material and adds it to
131	* the list.
132	*/
133
134	time_t ks_gen(keyset *ksroot, const void k, size_t sz)
135	{
136	rmd160_ctx r;
137	octet buf[RMD160_HASHSZ];
138	keyset *ks = CREATE(keyset);
139	time_t now = time(0);
140	T( static unsigned seq = 0; )
141
142	T( trace(T_KEYSET, "keyset: adding new keyset %u", seq); )
143
144	#define GETHASH(str) do { \
145	rmd160_init(&r); \
146	rmd160_hash(&r, str, sizeof(str) - 1); \
147	rmd160_hash(&r, k, sz); \
148	rmd160_done(&r, buf); \
149	IF_TRACING(T_KEYSET, { \
150	trace_block(T_CRYPTO, "crypto: key " str, buf, sizeof(buf)); \
151	}) \
152	} while (0)
153
154	GETHASH("tripe-encryption "); ks->c = blowfish_cbc.init(buf, sizeof(buf));
155	GETHASH("tripe-integrity "); ks->m = rmd160_hmac.key(buf, sizeof(buf));
156
157	#undef GETHASH
158
159	T( ks->seq = seq++; )
160	ks->t_exp = now + KEY_EXPTIME;
161	ks->sz_exp = KEY_EXPSZ;
09585a65	162	ks->oseq = ks->iseq = 0;
09585a65	163	ks->iwin = 0;
410c8acf	164	ks->next = *ksroot;
	165	*ksroot = ks;
	166	BURN(buf);
	167	return (now + KEY_REGENTIME);
	168	}
	169
	170	/* --- @ks_encrypt@ --- *
	171	*
	172	* Arguments: @keyset **ksroot@ = pointer to keyset list head
	173	* @buf *b@ = pointer to input buffer
	174	* @buf *bb@ = pointer to output buffer
	175	*
	176	* Returns: Nonzero if a new key is needed.
	177	*
	178	* Use: Encrypts a packet.
	179	*/
	180
	181	int ks_encrypt(keyset *ksroot, buf b, buf *bb)
	182	{
	183	time_t now = time(0);
	184	keyset *ks;
	185	ghash *h;
	186	gcipher *c;
	187	size_t ivsz;
	188	const octet *p = BCUR(b);
410c8acf	189	size_t sz = BLEFT(b);
09585a65	190	octet qiv, qseq, *qpk;
09585a65	191	uint32 oseq;
410c8acf	192	size_t osz, nsz;
	193	int rc = 0;
	194
	195	/* --- Get the latest valid key --- */
	196
	197	ks = *ksroot;
	198	for (;;) {
	199	if (!ks) {
	200	T( trace(T_KEYSET, "keyset: no active keys -- forcing exchange"); )
	201	buf_break(bb);
	202	return (-1);
	203	}
	204	if (KEYOK(ks, now))
	205	break;
	206	ks = ks->next;
	207	}
	208
09585a65	209	/* --- Allocate the required buffer space --- */
410c8acf	210
	211	c = ks->c;
	212	ivsz = c->ops->c->blksz;
09585a65	213	if (buf_ensure(bb, ivsz + 4 + sz)) return (0);
	214	qiv = BCUR(bb); qseq = qiv + ivsz; qpk = qseq + 4;
	215	BSTEP(bb, ivsz + 4 + sz);
	216
	217	/* --- MAC and encrypt the packet --- */
	218
	219	oseq = ks->oseq++; STORE32(qseq, oseq);
410c8acf	220	h = ks->m->ops->init(ks->m);
09585a65	221	h->ops->hash(h, qseq, 4);
410c8acf	222	h->ops->hash(h, p, sz);
09585a65	223	memcpy(qiv, h->ops->done(h, 0), ivsz);
09585a65	224	h->ops->destroy(h);
410c8acf	225	IF_TRACING(T_KEYSET, {
09585a65	226	trace(T_KEYSET, "keyset: encrypting packet %lu using keyset %u",
	227	(unsigned long)oseq, ks->seq);
	228	trace_block(T_CRYPTO, "crypto: computed MAC", qiv, ivsz);
410c8acf	229	})
09585a65	230	c->ops->setiv(c, qiv);
09585a65	231	c->ops->encrypt(c, p, qpk, sz);
410c8acf	232	IF_TRACING(T_KEYSET, {
09585a65	233	trace_block(T_CRYPTO, "crypto: encrypted packet", qpk, sz);
410c8acf	234	})
410c8acf	235
	236	/* --- Deduct the packet size from the key's data life --- */
	237
	238	osz = ks->sz_exp;
	239	if (osz > sz)
	240	nsz = osz - sz;
	241	else
	242	nsz = 0;
	243	if (osz >= KEY_REGENSZ && nsz < KEY_REGENSZ) {
	244	T( trace(T_KEYSET, "keyset: keyset %u data regen limit exceeded -- "
	245	"forcing exchange", ks->seq); )
09585a65	246	rc = 1;
410c8acf	247	}
	248	ks->sz_exp = nsz;
	249	return (rc);
	250	}
	251
	252	/* --- @ks_decrypt@ --- *
	253	*
	254	* Arguments: @keyset **ksroot@ = pointer to keyset list head
	255	* @buf *b@ = pointer to input buffer
	256	* @buf *bb@ = pointer to output buffer
	257	*
	258	* Returns: Nonzero if the packet couldn't be decrypted.
	259	*
	260	* Use: Decrypts a packet.
	261	*/
	262
	263	int ks_decrypt(keyset *ksroot, buf b, buf *bb)
	264	{
	265	time_t now = time(0);
09585a65	266	const octet piv, pseq, *ppk;
	267	size_t psz = BLEFT(b);
	268	size_t sz;
410c8acf	269	octet *q = BCUR(bb);
09585a65	270	uint32 iseq;
09585a65	271	unsigned seqbit;
410c8acf	272	keyset *ks;
410c8acf	273
09585a65	274	/* --- Allocate space in the output buffer --- */
09585a65	275
410c8acf	276	T( trace(T_KEYSET, "keyset: attempting to decrypt packet"); )
09585a65	277	if (buf_ensure(bb, psz))
410c8acf	278	return (-1);
09585a65	279
	280	/* --- Try all of the valid keys --- */
	281
410c8acf	282	for (ks = *ksroot; ks; ks = ks->next) {
	283	ghash *h;
	284	gcipher *c = ks->c;
	285	size_t ivsz = c->ops->c->blksz;
	286	octet *mac;
	287	int eq;
	288
09585a65	289	/* --- Break up the packet into its components --- */
09585a65	290
410c8acf	291	if (!KEYOK(ks, now))
410c8acf	292	continue;
09585a65	293	if (psz < ivsz + 4) {
410c8acf	294	T( trace(T_KEYSET, "keyset: block too small for keyset %u", ks->seq); )
	295	continue;
	296	}
09585a65	297	sz = psz - ivsz - 4;
	298	piv = BCUR(b); pseq = piv + ivsz; ppk = pseq + 4;
	299
	300	/* --- Attempt to decrypt the packet --- */
	301
	302	c->ops->setiv(c, piv);
	303	c->ops->decrypt(c, ppk, q, sz);
410c8acf	304	h = ks->m->ops->init(ks->m);
09585a65	305	h->ops->hash(h, pseq, 4);
09585a65	306	h->ops->hash(h, q, sz);
410c8acf	307	mac = h->ops->done(h, 0);
09585a65	308	eq = !memcmp(mac, piv, ivsz);
410c8acf	309	IF_TRACING(T_KEYSET, {
	310	trace(T_KEYSET, "keyset: decrypting using keyset %u", ks->seq);
	311	trace_block(T_CRYPTO, "crypto: computed MAC", mac, ivsz);
	312	})
	313	h->ops->destroy(h);
	314	if (eq) {
09585a65	315	BSTEP(bb, sz);
09585a65	316	goto match;
410c8acf	317	}
	318	IF_TRACING(T_KEYSET, {
	319	trace(T_KEYSET, "keyset: decryption failed");
09585a65	320	trace_block(T_CRYPTO, "crypto: expected MAC", piv, ivsz);
09585a65	321	trace_block(T_CRYPTO, "crypto: invalid packet", q, sz);
410c8acf	322	})
	323	}
	324	T( trace(T_KEYSET, "keyset: no matching keys"); )
	325	return (-1);
09585a65	326
	327	/* --- We've found a match, so check the sequence number --- */
	328
	329	match:
	330	iseq = LOAD32(pseq);
	331	IF_TRACING(T_KEYSET, {
	332	trace(T_KEYSET, "keyset: decrypted OK (sequence = %lu)",
	333	(unsigned long)iseq);
	334	trace_block(T_CRYPTO, "crypto: decrypted packet", q, sz);
	335	})
	336	if (iseq < ks->iseq) {
	337	a_warn("received packet has old sequence number (possible replay)");
	338	return (-1);
	339	}
	340	if (iseq >= ks->iseq + KS_SEQWINSZ) {
	341	uint32 n = iseq - (ks->iseq + KS_SEQWINSZ - 1);
	342	if (n < KS_SEQWINSZ)
	343	ks->iwin >>= n;
	344	else
	345	ks->iwin = 0;
	346	ks->iseq += n;
	347	}
	348	seqbit = 1 << (iseq - ks->iseq);
	349	if (ks->iwin & seqbit) {
	350	a_warn("received packet repeats old sequence number");
	351	return (-1);
	352	}
	353	ks->iwin \|= seqbit;
	354	return (0);
410c8acf	355	}
	356
	357	/----- That's all, folks -------------------------------------------------/