/*----- Tunable parameters ------------------------------------------------*/
-#define T_VALID MIN(2) /* Challenge validity period */
+#define T_VALID SEC(20) /* Challenge validity period */
#define T_RETRY SEC(10) /* Challenge retransmit interval */
#define VALIDP(kx, now) ((now) < (kx)->t_valid)
/*----- Static tables -----------------------------------------------------*/
static const char *const pkname[] = {
- "pre-challenge", "cookie", "challenge",
- "reply", "switch-rq", "switch-ok"
+ "pre-challenge", "challenge", "reply", "switch-rq", "switch-ok"
};
/*----- Various utilities -------------------------------------------------*/
return (0);
mgf = GC_INIT(algs.mgf, k, ksz);
IF_TRACING(T_KEYEXCH, IF_TRACING(T_CRYPTO, {
- trace(T_CRYPTO, "masking index = %s", mpstr(x));
- trace_block(T_CRYPTO, "masking key", k, ksz);
+ trace(T_CRYPTO, "crypto: masking index = %s", mpstr(x));
+ trace_block(T_CRYPTO, "crypto: masking key", k, ksz);
}))
mp_storeb(x, buf_t, n);
GC_ENCRYPT(mgf, buf_t, p, n);
IF_TRACING(T_KEYEXCH, IF_TRACING(T_CRYPTO, {
- trace_block(T_CRYPTO, "index plaintext", buf_t, n);
- trace_block(T_CRYPTO, "masked ciphertext", p, n);
+ trace_block(T_CRYPTO, "crypto: index plaintext", buf_t, n);
+ trace_block(T_CRYPTO, "crypto: masked ciphertext", p, n);
}))
GC_DESTROY(mgf);
return (p);
mgf = GC_INIT(algs.mgf, k, ksz);
IF_TRACING(T_KEYEXCH, IF_TRACING(T_CRYPTO, {
- trace_block(T_CRYPTO, "unmasking key", k, ksz);
- trace_block(T_CRYPTO, "masked ciphertext", p, n);
+ trace_block(T_CRYPTO, "crypto: unmasking key", k, ksz);
+ trace_block(T_CRYPTO, "crypto: masked ciphertext", p, n);
}))
GC_DECRYPT(mgf, p, buf_t, n);
d = mp_loadb(d, buf_t, n);
IF_TRACING(T_KEYEXCH, IF_TRACING(T_CRYPTO, {
- trace_block(T_CRYPTO, "index plaintext", buf_t, n);
- trace(T_CRYPTO, "unmasked index = %s", mpstr(d));
+ trace_block(T_CRYPTO, "crypto: index plaintext", buf_t, n);
+ trace(T_CRYPTO, "crypto: unmasked index = %s", mpstr(d));
}))
GC_DESTROY(mgf);
return (d);
hashge(h, y);
GH_DONE(h, buf_t);
IF_TRACING(T_KEYEXCH, IF_TRACING(T_CRYPTO, {
- trace(T_CRYPTO, "computing challenge check hash");
- trace(T_CRYPTO, "public key = %s", gestr(gg, kpub));
- trace(T_CRYPTO, "receiver challenge = %s", gestr(gg, cc));
- trace(T_CRYPTO, "sender challenge = %s", gestr(gg, c));
- trace(T_CRYPTO, "sender reply = %s", gestr(gg, y));
- trace_block(T_CRYPTO, "hash output", buf_t, algs.hashsz);
+ trace(T_CRYPTO, "crypto: computing challenge check hash");
+ trace(T_CRYPTO, "crypto: public key = %s", gestr(gg, kpub));
+ trace(T_CRYPTO, "crypto: receiver challenge = %s", gestr(gg, cc));
+ trace(T_CRYPTO, "crypto: sender challenge = %s", gestr(gg, c));
+ trace(T_CRYPTO, "crypto: sender reply = %s", gestr(gg, y));
+ trace_block(T_CRYPTO, "crypto: hash output", buf_t, algs.hashsz);
}))
GH_DESTROY(h);
return (buf_t);
h = GH_INIT(algs.h);
HASH_STRING(h, "tripe-check-hash");
GH_HASH(h, ck, indexsz);
- GH_DONE(h, kxc->hc);
+ GH_DONE(h, kxc->ck);
GH_DESTROY(h);
h = GH_INIT(algs.h);
a_warn("KX", "?PEER", kx->p, "decrypt-failed", "%s", pkname[msg], A_END);
return (-1);
}
+ if (!BOK(&bb)) return (-1);
buf_init(b, BBASE(&bb), BLEN(&bb));
return (0);
}
assert(kx->f & KXF_DEAD);
- kx->f &= ~KXF_DEAD;
+ kx->f &= ~(KXF_DEAD | KXF_CORK);
kx->nr = 0;
kx->alpha = mprand_range(MP_NEW, gg->r, &rand_global, 0);
kx->c = G_CREATE(gg); G_EXP(gg, kx->c, gg->g, kx->alpha);
size_t sz = BSZ(b);
int rc;
+ if (kx->f & KXF_CORK) {
+ start(kx, now);
+ settimer(kx, now + T_RETRY);
+ a_notify("KXSTART", A_END);
+ }
+
if (checkpub(kx))
return;
stop(kx);
start(kx, now);
}
-
T( trace(T_KEYEXCH, "keyexch: processing %s packet from `%s'",
msg < KX_NMSG ? pkname[msg] : "unknown", p_name(kx->p)); )
void kx_newkeys(keyexch *kx)
{
- if (km_getpubkey(p_name(kx->p), kx->kpub, &kx->texp_kpub))
+ if (km_getpubkey(p_tag(kx->p), kx->kpub, &kx->texp_kpub))
return;
kx->f |= KXF_PUBKEY;
if ((kx->f & KXF_DEAD) || kx->s != KXS_SWITCH) {
* Arguments: @keyexch *kx@ = pointer to key exchange context
* @peer *p@ = pointer to peer context
* @keyset **ks@ = pointer to keyset list
+ * @unsigned f@ = various useful flags
*
* Returns: Zero if OK, nonzero if it failed.
*
* exchange.
*/
-int kx_init(keyexch *kx, peer *p, keyset **ks)
+int kx_init(keyexch *kx, peer *p, keyset **ks, unsigned f)
{
kx->ks = ks;
kx->p = p;
kx->kpub = G_CREATE(gg);
- if (km_getpubkey(p_name(p), kx->kpub, &kx->texp_kpub)) {
+ if (km_getpubkey(p_tag(p), kx->kpub, &kx->texp_kpub)) {
G_DESTROY(gg, kx->kpub);
return (-1);
}
- kx->f = KXF_DEAD | KXF_PUBKEY;
- start(kx, time(0));
- resend(kx);
- /* Don't notify here: the ADD message hasn't gone out yet. */
+ kx->f = KXF_DEAD | KXF_PUBKEY | f;
+ if (!(kx->f & KXF_CORK)) {
+ start(kx, time(0));
+ resend(kx);
+ /* Don't notify here: the ADD message hasn't gone out yet. */
+ }
return (0);
}