X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/010e6f63edc4be4e127c18fc6c2c2a138efc93d2..12a26b8b34df23103d4da6d7e40705485266a4d6:/server/keyexch.c diff --git a/server/keyexch.c b/server/keyexch.c index e7052729..8eaf1e88 100644 --- a/server/keyexch.c +++ b/server/keyexch.c @@ -77,7 +77,7 @@ /*----- Tunable parameters ------------------------------------------------*/ -#define T_VALID MIN(2) /* Challenge validity period */ +#define T_VALID SEC(20) /* Challenge validity period */ #define T_RETRY SEC(10) /* Challenge retransmit interval */ #define VALIDP(kx, now) ((now) < (kx)->t_valid) @@ -85,8 +85,7 @@ /*----- Static tables -----------------------------------------------------*/ static const char *const pkname[] = { - "pre-challenge", "cookie", "challenge", - "reply", "switch-rq", "switch-ok" + "pre-challenge", "challenge", "reply", "switch-rq", "switch-ok" }; /*----- Various utilities -------------------------------------------------*/ @@ -604,7 +603,7 @@ static kxchal *respond(keyexch *kx, unsigned msg, buf *b) h = GH_INIT(algs.h); HASH_STRING(h, "tripe-check-hash"); GH_HASH(h, ck, indexsz); - GH_DONE(h, kxc->hc); + GH_DONE(h, kxc->ck); GH_DESTROY(h); h = GH_INIT(algs.h); @@ -793,6 +792,7 @@ static int decryptrest(keyexch *kx, kxchal *kxc, unsigned msg, buf *b) a_warn("KX", "?PEER", kx->p, "decrypt-failed", "%s", pkname[msg], A_END); return (-1); } + if (!BOK(&bb)) return (-1); buf_init(b, BBASE(&bb), BLEN(&bb)); return (0); } @@ -1236,7 +1236,7 @@ void kx_free(keyexch *kx) void kx_newkeys(keyexch *kx) { - if (km_getpubkey(p_name(kx->p), kx->kpub, &kx->texp_kpub)) + if (km_getpubkey(p_tag(kx->p), kx->kpub, &kx->texp_kpub)) return; kx->f |= KXF_PUBKEY; if ((kx->f & KXF_DEAD) || kx->s != KXS_SWITCH) { @@ -1267,7 +1267,7 @@ int kx_init(keyexch *kx, peer *p, keyset **ks, unsigned f) kx->ks = ks; kx->p = p; kx->kpub = G_CREATE(gg); - if (km_getpubkey(p_name(p), kx->kpub, &kx->texp_kpub)) { + if (km_getpubkey(p_tag(p), kx->kpub, &kx->texp_kpub)) { G_DESTROY(gg, kx->kpub); return (-1); }