svc: Peer management services.

[tripe] / server / keymgmt.c

diff --git a/server/keymgmt.c b/server/keymgmt.c
index edd31b2a443b7bc52e59637190390550e479a2de..ce0d4561d7384cab066caf758121bd86cf188ede 100644 (file)
--- a/server/keymgmt.c
+++ b/server/keymgmt.c
@@ -1,13 +1,11 @@
 /* -*-c-*-
- *
- * $Id$
  *
  * Key loading and storing
  *
  * (c) 2001 Straylight/Edgeware
  */
 
-/*----- Licensing notice --------------------------------------------------* 
+/*----- Licensing notice --------------------------------------------------*
  *
  * This file is part of Trivial IP Encryption (TrIPE).
  *
@@ -15,12 +13,12 @@
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
  * (at your option) any later version.
- * 
+ *
  * TrIPE is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
  * along with TrIPE; if not, write to the Free Software Foundation,
  * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
@@ -249,7 +247,8 @@ static const char *algs_check(algswitch *a, const group *g)
   /* --- Derive the key sizes --- *
    *
    * Must ensure that we have non-empty keys.  This isn't ideal, but it
-   * provides a handy sanity check.
+   * provides a handy sanity check.  Also must be based on a 64- or 128-bit
+   * block cipher or we can't do the data expiry properly.
    */
 
   a->hashsz = a->h->hashsz;
@@ -258,6 +257,11 @@ static const char *algs_check(algswitch *a, const group *g)
   if ((a->mksz = keysz(a->hashsz, a->m->keysz)) == 0)
     return ("no key size found for MAC");
 
+  /* --- Derive the data limit --- */
+
+  if (a->c->blksz < 16) a->expsz = MEG(64);
+  else a->expsz = MEG(2048);
+
   /* --- Ensure that the tag size is sane --- */
 
   if (a->tagsz > a->m->hashsz) return ("tag length too large");
@@ -293,13 +297,13 @@ static int algs_samep(const algswitch *a, const algswitch *aa)
 /* --- @keymoan@ --- *
  *
  * Arguments:  @const char *file@ = name of the file
- *              @int line@ = line number in file
- *              @const char *msg@ = error message
- *              @void *p@ = argument pointer
+ *             @int line@ = line number in file
+ *             @const char *msg@ = error message
+ *             @void *p@ = argument pointer
  *
- * Returns:     ---
+ * Returns:    ---
  *
- * Use:         Reports an error message about loading a key file.
+ * Use:                Reports an error message about loading a key file.
  */
 
 static void keymoan(const char *file, int line, const char *msg, void *p)
@@ -384,7 +388,7 @@ tymatch:;
 
   /* --- Good, we're happy --- *
    *
-   * Dodginess!  We change the group over here, but don't free any old group
+   * Dodginess!         We change the group over here, but don't free any old group
    * elements.  This assumes that the new group is basically the same as the
    * old one, and will happily adopt the existing elements.  If it isn't,
    * then we lose badly.  Check this, then.
@@ -598,7 +602,7 @@ tymatch:;
 
   /* --- Ensure that the group is correct --- *
    *
-   * Dodginess!  We assume that if this works, our global group is willing to
+   * Dodginess!         We assume that if this works, our global group is willing to
    * adopt this public element.  Probably reasonable.
    */