/* -*-c-*-
*
- * $Id: keyset.c,v 1.11 2004/04/18 18:08:11 mdw Exp $
+ * $Id$
*
* Handling of symmetric keysets
*
return (0);
}
-/* --- @dosequence@ --- *
- *
- * Arguments: @keyset *ks@ = pointer to a keyset
- * @uint32 seq@ = a sequence number from a packet
- *
- * Returns: Zero if the sequence number is OK, nonzero if it's not.
- *
- * Use: Checks a sequence number. The data in the keyset which keeps
- * track of valid sequence numbers is updated if the sequence
- * number given is good. It's assumed that the sequence number
- * has already been checked for authenticity.
- */
-
-static int dosequence(keyset *ks, uint32 seq)
-{
- uint32 seqbit;
- uint32 n;
-
- if (seq < ks->iseq) {
- a_warn("received packet has old sequence number (possible replay)");
- return (-1);
- }
- if (seq >= ks->iseq + KS_SEQWINSZ) {
- n = seq - (ks->iseq + KS_SEQWINSZ - 1);
- if (n < KS_SEQWINSZ)
- ks->iwin >>= n;
- else
- ks->iwin = 0;
- ks->iseq += n;
- }
- seqbit = 1 << (seq - ks->iseq);
- if (ks->iwin & seqbit) {
- a_warn("received packet repeats old sequence number");
- return (-1);
- }
- ks->iwin |= seqbit;
- return (0);
-}
-
/*----- Operations on a single keyset -------------------------------------*/
/* --- @ks_drop@ --- *
ks->ref = 1;
ks->t_exp = now + T_EXP;
ks->sz_exp = SZ_EXP;
- ks->oseq = ks->iseq = 0;
- ks->iwin = 0;
+ ks->oseq = 0;
+ seq_reset(&ks->iseq);
ks->next = 0;
ks->p = p;
ks->f = KSF_LISTEN;
if (!KEYOK(ks, now) ||
buf_ensure(bb, BLEN(b)) ||
dodecrypt(ks, ty, b, bb, &seq) ||
- dosequence(ks, seq))
+ seq_check(&ks->iseq, seq, "SYMM"))
return (-1);
return (0);
}
ks->seq); )
ks->f &= ~KSF_LISTEN;
}
- return (dosequence(ks, seq));
+ return (seq_check(&ks->iseq, seq, "SYMM"));
}
}
T( trace(T_KEYSET, "keyset: no matching keys, or incorrect MAC"); )