X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/53a941d3f97a50964587c6e9533b1e43e74a57a8..fb6a9f13a40d1b9e797b4fe858a06cfdbcc1109b:/server/chal.c diff --git a/server/chal.c b/server/chal.c index 3824bb63..68d7f048 100644 --- a/server/chal.c +++ b/server/chal.c @@ -9,19 +9,18 @@ * * This file is part of Trivial IP Encryption (TrIPE). * - * TrIPE is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. + * TrIPE is free software: you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 3 of the License, or (at your + * option) any later version. * - * TrIPE is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * TrIPE is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. * * You should have received a copy of the GNU General Public License - * along with TrIPE; if not, write to the Free Software Foundation, - * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * along with TrIPE. If not, see . */ /*----- Header files ------------------------------------------------------*/ @@ -30,11 +29,11 @@ /*----- Static variables --------------------------------------------------*/ -static gmac *mac; +static bulkchal *bchal; static uint32 oseq; static seqwin iseq; -/*----- Main code ---------------------------------------------------------*/ +/*----- Challenges --------------------------------------------------------*/ /* --- @c_genkey@ --- * * @@ -47,86 +46,84 @@ static seqwin iseq; static void c_genkey(void) { - if (mac && GM_CLASS(mac) == algs.m && oseq < 0x07ffffff) return; - if (mac) GM_DESTROY(mac); - assert(algs.mksz < sizeof(buf_t)); - rand_get(RAND_GLOBAL, buf_t, algs.mksz); - mac = GM_KEY(algs.m, buf_t, algs.mksz); + bulkalgs *bulk = master->algs.bulk; + if (bchal && bchal->ops == bulk->ops && oseq < 0x07ffffff) return; + if (bchal) bchal->ops->freechal(bchal); + bchal = bulk->ops->genchal(bulk); + bchal->ops = bulk->ops; oseq = 0; seq_reset(&iseq); - IF_TRACING(T_CHAL, { - trace(T_CHAL, "chal: generated new challenge key"); - trace_block(T_CRYPTO, "chal: new key", buf_t, algs.mksz); - }) } /* --- @c_new@ --- * * - * Arguments: @buf *b@ = where to put the challenge + * Arguments: @const void *m@ = pointer to associated message, or null + * @size_t msz@ = length of associated message + * @buf *b@ = where to put the challenge * * Returns: Zero if OK, nonzero on error. * * Use: Issues a new challenge. */ -int c_new(buf *b) +int c_new(const void *m, size_t msz, buf *b) { - octet *p; - ghash *h; + const octet *p; + octet *t; + int rc; c_genkey(); p = BCUR(b); - if (buf_putu32(b, oseq++)) return (-1); - h = GM_INIT(mac); - GH_HASH(h, p, BCUR(b) - p); - buf_put(b, GH_DONE(h, 0), algs.tagsz); - GH_DESTROY(h); - if (BBAD(b)) return (-1); + if (buf_putu32(b, oseq) || (t = buf_get(b, bchal->tagsz)) == 0) + { rc = -1; goto done; } + if (bchal->ops->chaltag(bchal, m, msz, oseq, t)) { rc = -1; goto done; } IF_TRACING(T_CHAL, { - trace(T_CHAL, "chal: issuing challenge %lu", (unsigned long)(oseq - 1)); + trace(T_CHAL, "chal: issuing challenge %lu", (unsigned long)oseq); + if (msz) trace_block(T_CRYPTO, "chal: message block", m, msz); trace_block(T_CRYPTO, "chal: challenge block", p, BCUR(b) - p); }) - return (0); + rc = 0; +done: + oseq++; + return (rc); } /* --- @c_check@ --- * * - * Arguments: @buf *b@ = where to find the challenge + * Arguments: @const void *m@ = pointer to associated message, or null + * @size_t msz@ = length of associated message + * @buf *b@ = where to find the challenge * * Returns: Zero if OK, nonzero if it didn't work. * * Use: Checks a challenge. On failure, the buffer is broken. */ -int c_check(buf *b) +int c_check(const void *m, size_t msz, buf *b) { - const octet *p; - size_t sz = 4 + algs.tagsz; + const octet *p, *t; uint32 seq; - ghash *h; - int ok; - if ((p = buf_get(b, sz)) == 0) { - a_warn("CHAL", "invalid-challenge", A_END); + if (!bchal) { + a_warn("CHAL", "impossible-challenge", A_END); goto fail; } - IF_TRACING(T_CHAL, trace_block(T_CRYPTO, "chal: check challenge", p, sz); ) - if (!mac) { - a_warn("CHAL", "impossible-challenge", A_END); + p = BCUR(b); + if (buf_getu32(b, &seq) || (t = buf_get(b, bchal->tagsz)) == 0) { + a_warn("CHAL", "invalid-challenge", A_END); goto fail; } - h = GM_INIT(mac); - GH_HASH(h, p, 4); - ok = (memcmp(GH_DONE(h, 0), p + 4, algs.tagsz) == 0); - GH_DESTROY(h); - if (!ok) { + IF_TRACING(T_CHAL, { + trace(T_CHAL, "chal: checking challenge, seq = %lu", (unsigned long)seq); + if (msz) trace_block(T_CRYPTO, "chal: message block", m, msz); + trace_block(T_CRYPTO, "chal: check challenge", p, BCUR(b) - p); + }) + if (bchal->ops->chalvrf(bchal, m, msz, seq, t)) { a_warn("CHAL", "incorrect-tag", A_END); goto fail; } - seq = LOAD32(p); - if (seq_check(&iseq, LOAD32(p), "CHAL")) - goto fail; - T( trace(T_CHAL, "chal: checked challenge %lu", (unsigned long)seq); ) + if (seq_check(&iseq, seq, "CHAL")) goto fail; + T( trace(T_CHAL, "chal: challenge ok"); ) return (0); fail: