* Switch received. Committed; send data; move to @KXS_SWITCH@.
*/
-/*----- Tunable parameters ------------------------------------------------*/
-
-#define T_VALID SEC(20) /* Challenge validity period */
-#define T_RETRY SEC(10) /* Challenge retransmit interval */
-
-#define VALIDP(kx, now) ((now) < (kx)->t_valid)
-
/*----- Static tables -----------------------------------------------------*/
static const char *const pkname[] = {
/*----- Various utilities -------------------------------------------------*/
+/* --- @VALIDP@ --- *
+ *
+ * Arguments: @const keyexch *kx@ = key exchange state
+ * @time_t now@ = current time in seconds
+ *
+ * Returns: Whether the challenge in the key-exchange state is still
+ * valid or should be regenerated.
+ */
+
+#define VALIDP(kx, now) ((now) < (kx)->t_valid)
+
/* --- @hashge@ --- *
*
* Arguments: @ghash *h@ = pointer to hash context
a_warn("KX", "?PEER", kx->p, "decrypt-failed", "%s", pkname[msg], A_END);
return (-1);
}
+ if (!BOK(&bb)) return (-1);
buf_init(b, BBASE(&bb), BLEN(&bb));
return (0);
}
{
kxchal *kxc = kx->r[0];
ks_activate(kxc->ks);
- settimer(kx, ks_tregen(kxc->ks));
+ settimer(kx, time(0) + T_REGEN);
kx->s = KXS_SWITCH;
a_notify("KXDONE", "?PEER", kx->p, A_END);
p_stats(kx->p)->t_kx = time(0);
void kx_newkeys(keyexch *kx)
{
- if (km_getpubkey(p_name(kx->p), kx->kpub, &kx->texp_kpub))
+ if (km_getpubkey(p_tag(kx->p), kx->kpub, &kx->texp_kpub))
return;
kx->f |= KXF_PUBKEY;
if ((kx->f & KXF_DEAD) || kx->s != KXS_SWITCH) {
kx->ks = ks;
kx->p = p;
kx->kpub = G_CREATE(gg);
- if (km_getpubkey(p_name(p), kx->kpub, &kx->texp_kpub)) {
+ if (km_getpubkey(p_tag(p), kx->kpub, &kx->texp_kpub)) {
G_DESTROY(gg, kx->kpub);
return (-1);
}