X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/35c8b547dde529693875087d67fa60bf88319d2b..11ad66c29764521f87f0dd399a1e592147c7af36:/server/chal.c diff --git a/server/chal.c b/server/chal.c index 12b64e21..b463823c 100644 --- a/server/chal.c +++ b/server/chal.c @@ -9,19 +9,18 @@ * * This file is part of Trivial IP Encryption (TrIPE). * - * TrIPE is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. + * TrIPE is free software: you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 3 of the License, or (at your + * option) any later version. * - * TrIPE is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * TrIPE is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. * * You should have received a copy of the GNU General Public License - * along with TrIPE; if not, write to the Free Software Foundation, - * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * along with TrIPE. If not, see . */ /*----- Header files ------------------------------------------------------*/ @@ -30,7 +29,7 @@ /*----- Static variables --------------------------------------------------*/ -static gmac *mac; +static bulkchal *bulk; static uint32 oseq; static seqwin iseq; @@ -47,17 +46,13 @@ static seqwin iseq; static void c_genkey(void) { - if (mac && GM_CLASS(mac) == master->algs.m && oseq < 0x07ffffff) return; - if (mac) GM_DESTROY(mac); - assert(master->algs.mksz < sizeof(buf_t)); - rand_get(RAND_GLOBAL, buf_t, master->algs.mksz); - mac = GM_KEY(master->algs.m, buf_t, master->algs.mksz); + if (bulk && bulk->ops == master->algs.bulk->ops && oseq < 0x07ffffff) + return; + if (bulk) bulk->ops->freechal(bulk); + bulk = master->algs.bulk->ops->genchal(master->algs.bulk); + bulk->ops = master->algs.bulk->ops; oseq = 0; seq_reset(&iseq); - IF_TRACING(T_CHAL, { - trace(T_CHAL, "chal: generated new challenge key"); - trace_block(T_CRYPTO, "chal: new key", buf_t, master->algs.mksz); - }) } /* --- @c_new@ --- * @@ -72,16 +67,11 @@ static void c_genkey(void) int c_new(buf *b) { octet *p; - ghash *h; c_genkey(); p = BCUR(b); - if (buf_putu32(b, oseq++)) return (-1); - h = GM_INIT(mac); - GH_HASH(h, p, BCUR(b) - p); - buf_put(b, GH_DONE(h, 0), master->algs.tagsz); - GH_DESTROY(h); - if (BBAD(b)) return (-1); + if (buf_putu32(b, oseq++) || !buf_get(b, bulk->tagsz)) return (-1); + if (bulk->ops->chaltag(bulk, p, 4, p + 4)) return (-1); IF_TRACING(T_CHAL, { trace(T_CHAL, "chal: issuing challenge %lu", (unsigned long)(oseq - 1)); trace_block(T_CRYPTO, "chal: challenge block", p, BCUR(b) - p); @@ -101,30 +91,25 @@ int c_new(buf *b) int c_check(buf *b) { const octet *p; - size_t sz = 4 + master->algs.tagsz; + size_t sz; uint32 seq; - ghash *h; - int ok; + if (!bulk) { + a_warn("CHAL", "impossible-challenge", A_END); + goto fail; + } + sz = 4 + bulk->tagsz; if ((p = buf_get(b, sz)) == 0) { a_warn("CHAL", "invalid-challenge", A_END); goto fail; } IF_TRACING(T_CHAL, trace_block(T_CRYPTO, "chal: check challenge", p, sz); ) - if (!mac) { - a_warn("CHAL", "impossible-challenge", A_END); - goto fail; - } - h = GM_INIT(mac); - GH_HASH(h, p, 4); - ok = (memcmp(GH_DONE(h, 0), p + 4, master->algs.tagsz) == 0); - GH_DESTROY(h); - if (!ok) { + if (bulk->ops->chalvrf(bulk, p, 4, p + 4)) { a_warn("CHAL", "incorrect-tag", A_END); goto fail; } seq = LOAD32(p); - if (seq_check(&iseq, LOAD32(p), "CHAL")) + if (seq_check(&iseq, seq, "CHAL")) goto fail; T( trace(T_CHAL, "chal: checked challenge %lu", (unsigned long)seq); ) return (0);