Incopatible protocol fix! Include message type code under MAC tag to prevent

[tripe] / keyexch.c

diff --git a/keyexch.c b/keyexch.c
index be7b2a3535777249e39e85e29aa136f72d7df9f4..eb4fc9c8f538ea2eb37daf64f96b456604674b3c 100644 (file)
--- a/keyexch.c
+++ b/keyexch.c
@@ -1,6 +1,6 @@
 /* -*-c-*-
  *
- * $Id: keyexch.c,v 1.5 2002/01/13 14:54:40 mdw Exp $
+ * $Id: keyexch.c,v 1.8 2003/07/13 11:19:49 mdw Exp $
  *
  * Key exchange protocol
  *
@@ -29,6 +29,17 @@
 /*----- Revision history --------------------------------------------------* 
  *
  * $Log: keyexch.c,v $
+ * Revision 1.8  2003/07/13 11:19:49  mdw
+ * Incopatible protocol fix!  Include message type code under MAC tag to prevent
+ * cut-and-paste from key-exchange messages to general packet transport.
+ *
+ * Revision 1.7  2003/05/17 11:01:28  mdw
+ * Handle flags on challenge timers correctly to prevent confusing the event
+ * list.
+ *
+ * Revision 1.6  2003/04/06 10:26:35  mdw
+ * Report peer name on decrypt errors.
+ *
  * Revision 1.5  2002/01/13 14:54:40  mdw
  * Patch up zero-knowledge property by passing an encrypted log with a
  * challenge, so that the prover can verify that the challenge is good.
@@ -53,8 +64,8 @@
 
 /*----- Tunable parameters ------------------------------------------------*/
 
-#define T_VALID MIN(2)
-#define T_RETRY SEC(10)
+#define T_VALID MIN(2)                 /* Challenge validity period */
+#define T_RETRY SEC(10)                        /* Challenge retransmit interval */
 
 #define ISVALID(kx, now) ((now) < (kx)->t_valid)
 
@@ -194,6 +205,7 @@ static void kxc_stoptimer(kxchal *kxc)
 {
   if (kxc->f & KXF_TIMER)
     sel_rmtimer(&kxc->t);
+  kxc->f &= ~KXF_TIMER;
 }
 
 /* --- @kxc_new@ --- *
@@ -320,7 +332,7 @@ static void kxc_answer(keyexch *kx, kxchal *kxc)
     buf_init(&bb, buf_i, sizeof(buf_i));
     buf_putmp(&bb, kxc->r);
     buf_flip(&bb);
-    ks_encrypt(kxc->ks, &bb, b);
+    ks_encrypt(kxc->ks, MSG_KEYEXCH | KX_REPLY, &bb, b);
   }
 
   /* --- Update the statistics --- */
@@ -545,7 +557,7 @@ static int dochallenge(keyexch *kx, unsigned msg, buf *b)
     buf_putmp(b, r); z = BLEN(b);
     assert(BOK(b));
 
-    kxc->ks = ks_gen(BBASE(b), x, y, z);
+    kxc->ks = ks_gen(BBASE(b), x, y, z, kx->p);
     mp_drop(r);
   }
 
@@ -607,7 +619,7 @@ static void resend(keyexch *kx)
       buf_putmp(&bb, kxc->r);
       buf_put(&bb, kxc->hswrq_out, HASHSZ);
       buf_flip(&bb);
-      ks_encrypt(kxc->ks, &bb, b);
+      ks_encrypt(kxc->ks, MSG_KEYEXCH | KX_SWITCH, &bb, b);
       break;
     case KXS_SWITCH:
       T( trace(T_KEYEXCH, "keyexch: sending switch confirmation to `%s'",
@@ -617,7 +629,7 @@ static void resend(keyexch *kx)
       buf_init(&bb, buf_i, sizeof(buf_i));
       buf_put(&bb, kxc->hswok_out, HASHSZ);
       buf_flip(&bb);
-      ks_encrypt(kxc->ks, &bb, b);
+      ks_encrypt(kxc->ks, MSG_KEYEXCH | KX_SWITCHOK, &bb, b);
       break;
     default:
       abort();
@@ -636,6 +648,7 @@ static void resend(keyexch *kx)
 /* --- @matchreply@ --- *
  *
  * Arguments:  @keyexch *kx@ = pointer to key exchange context
+ *             @unsigned ty@ = type of incoming message
  *             @const octet *hc_in@ = a hash of his challenge
  *             @const octet *hc_out@ = a hash of my challenge (cookie)
  *             @mp *ck@ = his expected-reply hash (optional)
@@ -649,7 +662,7 @@ static void resend(keyexch *kx)
  *             challenge is returned.
  */
 
-static kxchal *matchreply(keyexch *kx, const octet *hc_in,
+static kxchal *matchreply(keyexch *kx, unsigned ty, const octet *hc_in,
                          const octet *hc_out, mp *ck, buf *b)
 {
   kxchal *kxc;
@@ -688,7 +701,7 @@ static kxchal *matchreply(keyexch *kx, const octet *hc_in,
   /* --- Decrypt the rest of the packet --- */
 
   buf_init(&bb, buf_o, sizeof(buf_o));
-  if (ks_decrypt(kxc->ks, b, &bb)) {
+  if (ks_decrypt(kxc->ks, ty, b, &bb)) {
     a_warn("failed to decrypt reply from `%s'", p_name(kx->p));
     goto bad;
   }
@@ -767,7 +780,8 @@ static int doreply(keyexch *kx, buf *b)
     a_warn("invalid reply packet from `%s'", p_name(kx->p));
     goto bad;
   }
-  if ((kxc = matchreply(kx, hc_in, hc_out, ck, b)) == 0)
+  if ((kxc = matchreply(kx, MSG_KEYEXCH | KX_REPLY,
+                       hc_in, hc_out, ck, b)) == 0)
     goto bad;
   if (BLEFT(b)) {
     a_warn("invalid reply packet from `%s'", p_name(kx->p));
@@ -805,7 +819,8 @@ static int doswitch(keyexch *kx, buf *b)
     a_warn("invalid switch request from `%s'", p_name(kx->p));
     goto bad;
   }
-  if ((kxc = matchreply(kx, hc_in, hc_out, 0, b)) == 0)
+  if ((kxc = matchreply(kx, MSG_KEYEXCH | KX_SWITCH,
+                       hc_in, hc_out, 0, b)) == 0)
     goto bad;
   if ((hswrq = buf_get(b, HASHSZ)) == 0 || BLEFT(b)) {
     a_warn("invalid switch request from `%s'", p_name(kx->p));
@@ -856,7 +871,7 @@ static int doswitchok(keyexch *kx, buf *b)
   }
   kxc = kx->r[0];
   buf_init(&bb, buf_o, sizeof(buf_o));
-  if (ks_decrypt(kxc->ks, b, &bb)) {
+  if (ks_decrypt(kxc->ks, MSG_KEYEXCH | KX_SWITCHOK, b, &bb)) {
     a_warn("failed to decrypt switch confirmation from `%s'", p_name(kx->p));
     goto bad;
   }