chiark
/
gitweb
/
~mdw
/
tripe
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
server/peer.c, server/keyset.c: Fix key renegotiation behaviour.
[tripe]
/
server
/
keyset.c
diff --git
a/server/keyset.c
b/server/keyset.c
index 0a4952a8b96498d33bf23bdb6dece605ff61d4e4..9dd17facc3af65fa364905f595a71f26cd6cb944 100644
(file)
--- a/
server/keyset.c
+++ b/
server/keyset.c
@@
-1,6
+1,4
@@
/* -*-c-*-
/* -*-c-*-
- *
- * $Id$
*
* Handling of symmetric keysets
*
*
* Handling of symmetric keysets
*
@@
-84,7
+82,9
@@
* @buf *b@ = pointer to an input buffer
* @buf *bb@ = pointer to an output buffer
*
* @buf *b@ = pointer to an input buffer
* @buf *bb@ = pointer to an output buffer
*
- * Returns: Zero if OK, nonzero if a new key is required.
+ * Returns: Zero if OK; @KSERR_REGEN@ if it's time to generate new keys.
+ * Also returns zero if there was insufficient buffer space, but
+ * the buffer is broken in this case.
*
* Use: Encrypts a message with the given key. We assume that the
* keyset is OK to use.
*
* Use: Encrypts a message with the given key. We assume that the
* keyset is OK to use.
@@
-156,7
+156,7
@@
static int doencrypt(keyset *ks, unsigned ty, buf *b, buf *bb)
if (osz >= SZ_REGEN && nsz < SZ_REGEN) {
T( trace(T_KEYSET, "keyset: keyset %u data regen limit exceeded -- "
"forcing exchange", ks->seq); )
if (osz >= SZ_REGEN && nsz < SZ_REGEN) {
T( trace(T_KEYSET, "keyset: keyset %u data regen limit exceeded -- "
"forcing exchange", ks->seq); )
- rc =
-1
;
+ rc =
KSERR_REGEN
;
}
ks->sz_exp = nsz;
return (rc);
}
ks->sz_exp = nsz;
return (rc);
@@
-170,7
+170,7
@@
static int doencrypt(keyset *ks, unsigned ty, buf *b, buf *bb)
* @buf *bb@ = pointer to an output buffer
* @uint32 *seq@ = where to store the sequence number
*
* @buf *bb@ = pointer to an output buffer
* @uint32 *seq@ = where to store the sequence number
*
- * Returns: Zero
if OK, nonzero if it failed
.
+ * Returns: Zero
on success; @KSERR_DECRYPT@ on failure
.
*
* Use: Attempts to decrypt a message with the given key. No other
* checking (e.g., sequence number checks) is performed. We
*
* Use: Attempts to decrypt a message with the given key. No other
* checking (e.g., sequence number checks) is performed. We
@@
-198,7
+198,7
@@
static int dodecrypt(keyset *ks, unsigned ty, buf *b, buf *bb, uint32 *seq)
if (psz < ivsz + SEQSZ + tagsz) {
T( trace(T_KEYSET, "keyset: block too small for keyset %u", ks->seq); )
if (psz < ivsz + SEQSZ + tagsz) {
T( trace(T_KEYSET, "keyset: block too small for keyset %u", ks->seq); )
- return (
-1
);
+ return (
KSERR_DECRYPT
);
}
sz = psz - ivsz - SEQSZ - tagsz;
pmac = BCUR(b); pseq = pmac + tagsz; piv = pseq + SEQSZ; ppk = piv + ivsz;
}
sz = psz - ivsz - SEQSZ - tagsz;
pmac = BCUR(b); pseq = pmac + tagsz; piv = pseq + SEQSZ; ppk = piv + ivsz;
@@
-226,7
+226,7
@@
static int dodecrypt(keyset *ks, unsigned ty, buf *b, buf *bb, uint32 *seq)
trace(T_KEYSET, "keyset: incorrect MAC: decryption failed");
trace_block(T_CRYPTO, "crypto: expected MAC", pmac, tagsz);
})
trace(T_KEYSET, "keyset: incorrect MAC: decryption failed");
trace_block(T_CRYPTO, "crypto: expected MAC", pmac, tagsz);
})
- return (
-1
);
+ return (
KSERR_DECRYPT
);
}
}
}
}
@@
-401,9
+401,10
@@
void ks_activate(keyset *ks)
* @buf *b@ = pointer to input buffer
* @buf *bb@ = pointer to output buffer
*
* @buf *b@ = pointer to input buffer
* @buf *bb@ = pointer to output buffer
*
- * Returns: Zero if OK, nonzero if the key needs replacing. If the
- * encryption failed, the output buffer is broken and zero is
- * returned.
+ * Returns: Zero if successful; @KSERR_REGEN@ if we should negotiate a
+ * new key; @KSERR_NOKEYS@ if the key is not usable. Also
+ * returns zero if there was insufficient buffer (but the output
+ * buffer is broken in this case).
*
* Use: Encrypts a block of data using the key. Note that the `key
* ought to be replaced' notification is only ever given once
*
* Use: Encrypts a block of data using the key. Note that the `key
* ought to be replaced' notification is only ever given once
@@
-417,7
+418,7
@@
int ks_encrypt(keyset *ks, unsigned ty, buf *b, buf *bb)
if (!KEYOK(ks, now)) {
buf_break(bb);
if (!KEYOK(ks, now)) {
buf_break(bb);
- return (
0
);
+ return (
KSERR_NOKEYS
);
}
return (doencrypt(ks, ty, b, bb));
}
}
return (doencrypt(ks, ty, b, bb));
}
@@
-429,7
+430,9
@@
int ks_encrypt(keyset *ks, unsigned ty, buf *b, buf *bb)
* @buf *b@ = pointer to an input buffer
* @buf *bb@ = pointer to an output buffer
*
* @buf *b@ = pointer to an input buffer
* @buf *bb@ = pointer to an output buffer
*
- * Returns: Zero on success, or nonzero if there was some problem.
+ * Returns: Zero on success; @KSERR_DECRYPT@ on failure. Also returns
+ * zero if there was insufficient buffer (but the output buffer
+ * is broken in this case).
*
* Use: Attempts to decrypt a message using a given key. Note that
* requesting decryption with a key directly won't clear a
*
* Use: Attempts to decrypt a message using a given key. Note that
* requesting decryption with a key directly won't clear a
@@
-445,7
+448,7
@@
int ks_decrypt(keyset *ks, unsigned ty, buf *b, buf *bb)
buf_ensure(bb, BLEN(b)) ||
dodecrypt(ks, ty, b, bb, &seq) ||
seq_check(&ks->iseq, seq, "SYMM"))
buf_ensure(bb, BLEN(b)) ||
dodecrypt(ks, ty, b, bb, &seq) ||
seq_check(&ks->iseq, seq, "SYMM"))
- return (
-1
);
+ return (
KSERR_DECRYPT
);
return (0);
}
return (0);
}
@@
-534,7
+537,10
@@
void ksl_prune(keyset **ksroot)
* @buf *b@ = pointer to input buffer
* @buf *bb@ = pointer to output buffer
*
* @buf *b@ = pointer to input buffer
* @buf *bb@ = pointer to output buffer
*
- * Returns: Nonzero if a new key is needed.
+ * Returns: Zero if successful; @KSERR_REGEN@ if it's time to negotiate a
+ * new key; @KSERR_NOKEYS@ if there are no suitable keys
+ * available. Also returns zero if there was insufficient
+ * buffer space (but the output buffer is broken in this case).
*
* Use: Encrypts a packet.
*/
*
* Use: Encrypts a packet.
*/
@@
-548,7
+554,7
@@
int ksl_encrypt(keyset **ksroot, unsigned ty, buf *b, buf *bb)
if (!ks) {
T( trace(T_KEYSET, "keyset: no suitable keysets found"); )
buf_break(bb);
if (!ks) {
T( trace(T_KEYSET, "keyset: no suitable keysets found"); )
buf_break(bb);
- return (
-1
);
+ return (
KSERR_NOKEYS
);
}
if (KEYOK(ks, now) && !(ks->f & KSF_LISTEN))
break;
}
if (KEYOK(ks, now) && !(ks->f & KSF_LISTEN))
break;
@@
-565,7
+571,9
@@
int ksl_encrypt(keyset **ksroot, unsigned ty, buf *b, buf *bb)
* @buf *b@ = pointer to input buffer
* @buf *bb@ = pointer to output buffer
*
* @buf *b@ = pointer to input buffer
* @buf *bb@ = pointer to output buffer
*
- * Returns: Nonzero if the packet couldn't be decrypted.
+ * Returns: Zero on success; @KSERR_DECRYPT@ on failure. Also returns
+ * zero if there was insufficient buffer (but the output buffer
+ * is broken in this case).
*
* Use: Decrypts a packet.
*/
*
* Use: Decrypts a packet.
*/
@@
-577,7
+585,7
@@
int ksl_decrypt(keyset **ksroot, unsigned ty, buf *b, buf *bb)
uint32 seq;
if (buf_ensure(bb, BLEN(b)))
uint32 seq;
if (buf_ensure(bb, BLEN(b)))
- return (
-1
);
+ return (
KSERR_DECRYPT
);
for (ks = *ksroot; ks; ks = ks->next) {
if (!KEYOK(ks, now))
for (ks = *ksroot; ks; ks = ks->next) {
if (!KEYOK(ks, now))
@@
-588,11
+596,14
@@
int ksl_decrypt(keyset **ksroot, unsigned ty, buf *b, buf *bb)
ks->seq); )
ks->f &= ~KSF_LISTEN;
}
ks->seq); )
ks->f &= ~KSF_LISTEN;
}
- return (seq_check(&ks->iseq, seq, "SYMM"));
+ if (seq_check(&ks->iseq, seq, "SYMM"))
+ return (KSERR_DECRYPT);
+ else
+ return (0);
}
}
T( trace(T_KEYSET, "keyset: no matching keys, or incorrect MAC"); )
}
}
T( trace(T_KEYSET, "keyset: no matching keys, or incorrect MAC"); )
- return (
-1
);
+ return (
KSERR_DECRYPT
);
}
/*----- That's all, folks -------------------------------------------------*/
}
/*----- That's all, folks -------------------------------------------------*/