/* -*-c-*-
- *
- * $Id$
*
* Key exchange protocol
*
/*----- Tunable parameters ------------------------------------------------*/
-#define T_VALID MIN(2) /* Challenge validity period */
+#define T_VALID SEC(20) /* Challenge validity period */
#define T_RETRY SEC(10) /* Challenge retransmit interval */
#define VALIDP(kx, now) ((now) < (kx)->t_valid)
/*----- Static tables -----------------------------------------------------*/
static const char *const pkname[] = {
- "pre-challenge", "cookie", "challenge",
- "reply", "switch-rq", "switch-ok"
+ "pre-challenge", "challenge", "reply", "switch-rq", "switch-ok"
};
/*----- Various utilities -------------------------------------------------*/
h = GH_INIT(algs.h);
HASH_STRING(h, "tripe-check-hash");
GH_HASH(h, ck, indexsz);
- GH_DONE(h, kxc->hc);
+ GH_DONE(h, kxc->ck);
GH_DESTROY(h);
h = GH_INIT(algs.h);
assert(kx->f & KXF_DEAD);
- kx->f &= ~KXF_DEAD;
+ kx->f &= ~(KXF_DEAD | KXF_CORK);
kx->nr = 0;
kx->alpha = mprand_range(MP_NEW, gg->r, &rand_global, 0);
kx->c = G_CREATE(gg); G_EXP(gg, kx->c, gg->g, kx->alpha);
size_t sz = BSZ(b);
int rc;
+ if (kx->f & KXF_CORK) {
+ start(kx, now);
+ settimer(kx, now + T_RETRY);
+ a_notify("KXSTART", A_END);
+ }
+
if (checkpub(kx))
return;
stop(kx);
start(kx, now);
}
-
T( trace(T_KEYEXCH, "keyexch: processing %s packet from `%s'",
msg < KX_NMSG ? pkname[msg] : "unknown", p_name(kx->p)); )
* Arguments: @keyexch *kx@ = pointer to key exchange context
* @peer *p@ = pointer to peer context
* @keyset **ks@ = pointer to keyset list
+ * @unsigned f@ = various useful flags
*
* Returns: Zero if OK, nonzero if it failed.
*
* exchange.
*/
-int kx_init(keyexch *kx, peer *p, keyset **ks)
+int kx_init(keyexch *kx, peer *p, keyset **ks, unsigned f)
{
kx->ks = ks;
kx->p = p;
G_DESTROY(gg, kx->kpub);
return (-1);
}
- kx->f = KXF_DEAD | KXF_PUBKEY;
- start(kx, time(0));
- resend(kx);
- /* Don't notify here: the ADD message hasn't gone out yet. */
+ kx->f = KXF_DEAD | KXF_PUBKEY | f;
+ if (!(kx->f & KXF_CORK)) {
+ start(kx, time(0));
+ resend(kx);
+ /* Don't notify here: the ADD message hasn't gone out yet. */
+ }
return (0);
}