chiark / gitweb /
~mdw / tripe / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
server/: Make bulk crypto transforms responsible for algorithm selection.
[tripe] / server / chal.c
CommitLineData
37941236 1/* -*-c-*-
37941236 2 *
3 * Cryptographic challenges
4 *
5 * (c) 2005 Straylight/Edgeware
6 */
7
e04c2d50 8/*----- Licensing notice --------------------------------------------------*
37941236 9 *
10 * This file is part of Trivial IP Encryption (TrIPE).
11 *
12 * TrIPE is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
e04c2d50 16 *
37941236 17 * TrIPE is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
e04c2d50 21 *
37941236 22 * You should have received a copy of the GNU General Public License
23 * along with TrIPE; if not, write to the Free Software Foundation,
24 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
25 */
26
27/*----- Header files ------------------------------------------------------*/
28
29#include "tripe.h"
30
31/*----- Static variables --------------------------------------------------*/
32
c70a7c5c 33static bulkchal *bulk;
37941236 34static uint32 oseq;
35static seqwin iseq;
36
37/*----- Main code ---------------------------------------------------------*/
38
39/* --- @c_genkey@ --- *
40 *
41 * Arguments: ---
42 *
43 * Returns: ---
44 *
45 * Use: Generates a new challenge key.
46 */
47
48static void c_genkey(void)
49{
c70a7c5c
MW		 50 if (bulk && bulk->ops == master->algs.bulk->ops && oseq < 0x07ffffff)
51 return;
52 if (bulk) bulk->ops->freechal(bulk);
53 bulk = master->algs.bulk->ops->genchal(master->algs.bulk);
54 bulk->ops = master->algs.bulk->ops;
37941236 55 oseq = 0;
56 seq_reset(&iseq);
37941236 57}
58
59/* --- @c_new@ --- *
60 *
61 * Arguments: @buf *b@ = where to put the challenge
62 *
63 * Returns: Zero if OK, nonzero on error.
64 *
65 * Use: Issues a new challenge.
66 */
67
68int c_new(buf *b)
69{
70 octet *p;
37941236 71
72 c_genkey();
73 p = BCUR(b);
c70a7c5c
MW		 74 if (buf_putu32(b, oseq++) || !buf_get(b, bulk->tagsz)) return (-1);
75 if (bulk->ops->chaltag(bulk, p, 4, p + 4)) return (-1);
37941236 76 IF_TRACING(T_CHAL, {
77 trace(T_CHAL, "chal: issuing challenge %lu", (unsigned long)(oseq - 1));
78 trace_block(T_CRYPTO, "chal: challenge block", p, BCUR(b) - p);
79 })
80 return (0);
81}
82
83/* --- @c_check@ --- *
84 *
85 * Arguments: @buf *b@ = where to find the challenge
86 *
87 * Returns: Zero if OK, nonzero if it didn't work.
88 *
89 * Use: Checks a challenge. On failure, the buffer is broken.
90 */
91
92int c_check(buf *b)
93{
94 const octet *p;
c70a7c5c 95 size_t sz;
37941236 96 uint32 seq;
37941236 97
c70a7c5c
MW		 98 if (!bulk) {
99 a_warn("CHAL", "impossible-challenge", A_END);
100 goto fail;
101 }
102 sz = 4 + bulk->tagsz;
37941236 103 if ((p = buf_get(b, sz)) == 0) {
f43df819 104 a_warn("CHAL", "invalid-challenge", A_END);
37941236 105 goto fail;
106 }
107 IF_TRACING(T_CHAL, trace_block(T_CRYPTO, "chal: check challenge", p, sz); )
c70a7c5c 108 if (bulk->ops->chalvrf(bulk, p, 4, p + 4)) {
f43df819 109 a_warn("CHAL", "incorrect-tag", A_END);
37941236 110 goto fail;
111 }
112 seq = LOAD32(p);
4416b2ef 113 if (seq_check(&iseq, seq, "CHAL"))
f43df819 114 goto fail;
37941236 115 T( trace(T_CHAL, "chal: checked challenge %lu", (unsigned long)seq); )
116 return (0);
117
118fail:
119 buf_break(b);
120 return (-1);
121}
122
123/*----- That's all, folks -------------------------------------------------*/
Trivial IP Encryption: a simple VPN