X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/56516aeb66062dd8dd5b4225a67e24096cf3fe3f..a50f9a0eaed03dfe85ff3d7a4c24da20ac705dae:/server/keyset.c

diff --git a/server/keyset.c b/server/keyset.c
index fe491280..9dd17fac 100644
--- a/server/keyset.c
+++ b/server/keyset.c
@@ -82,7 +82,9 @@
  *		@buf *b@ = pointer to an input buffer
  *		@buf *bb@ = pointer to an output buffer
  *
- * Returns:	Zero if OK, nonzero if a new key is required.
+ * Returns:	Zero if OK; @KSERR_REGEN@ if it's time to generate new keys.
+ *		Also returns zero if there was insufficient buffer space, but
+ *		the buffer is broken in this case.
  *
  * Use:		Encrypts a message with the given key.  We assume that the
  *		keyset is OK to use.
@@ -154,7 +156,7 @@ static int doencrypt(keyset *ks, unsigned ty, buf *b, buf *bb)
   if (osz >= SZ_REGEN && nsz < SZ_REGEN) {
     T( trace(T_KEYSET, "keyset: keyset %u data regen limit exceeded -- "
 	     "forcing exchange", ks->seq); )
-    rc = -1;
+    rc = KSERR_REGEN;
   }
   ks->sz_exp = nsz;
   return (rc);
@@ -168,7 +170,7 @@ static int doencrypt(keyset *ks, unsigned ty, buf *b, buf *bb)
  *		@buf *bb@ = pointer to an output buffer
  *		@uint32 *seq@ = where to store the sequence number
  *
- * Returns:	Zero if OK, nonzero if it failed.
+ * Returns:	Zero on success; @KSERR_DECRYPT@ on failure.
  *
  * Use:		Attempts to decrypt a message with the given key.  No other
  *		checking (e.g., sequence number checks) is performed.  We
@@ -196,7 +198,7 @@ static int dodecrypt(keyset *ks, unsigned ty, buf *b, buf *bb, uint32 *seq)
 
   if (psz < ivsz + SEQSZ + tagsz) {
     T( trace(T_KEYSET, "keyset: block too small for keyset %u", ks->seq); )
-    return (-1);
+    return (KSERR_DECRYPT);
   }
   sz = psz - ivsz - SEQSZ - tagsz;
   pmac = BCUR(b); pseq = pmac + tagsz; piv = pseq + SEQSZ; ppk = piv + ivsz;
@@ -224,7 +226,7 @@ static int dodecrypt(keyset *ks, unsigned ty, buf *b, buf *bb, uint32 *seq)
 	trace(T_KEYSET, "keyset: incorrect MAC: decryption failed");
 	trace_block(T_CRYPTO, "crypto: expected MAC", pmac, tagsz);
       })
-      return (-1);
+      return (KSERR_DECRYPT);
     }
   }
 
@@ -399,9 +401,10 @@ void ks_activate(keyset *ks)
  *		@buf *b@ = pointer to input buffer
  *		@buf *bb@ = pointer to output buffer
  *
- * Returns:	Zero if OK, nonzero if the key needs replacing.  If the
- *		encryption failed, the output buffer is broken and zero is
- *		returned.
+ * Returns:	Zero if successful; @KSERR_REGEN@ if we should negotiate a
+ *		new key; @KSERR_NOKEYS@ if the key is not usable.  Also
+ *		returns zero if there was insufficient buffer (but the output
+ *		buffer is broken in this case).
  *
  * Use:		Encrypts a block of data using the key.  Note that the `key
  *		ought to be replaced' notification is only ever given once
@@ -415,7 +418,7 @@ int ks_encrypt(keyset *ks, unsigned ty, buf *b, buf *bb)
 
   if (!KEYOK(ks, now)) {
     buf_break(bb);
-    return (0);
+    return (KSERR_NOKEYS);
   }
   return (doencrypt(ks, ty, b, bb));
 }
@@ -427,7 +430,9 @@ int ks_encrypt(keyset *ks, unsigned ty, buf *b, buf *bb)
  *		@buf *b@ = pointer to an input buffer
  *		@buf *bb@ = pointer to an output buffer
  *
- * Returns:	Zero on success, or nonzero if there was some problem.
+ * Returns:	Zero on success; @KSERR_DECRYPT@ on failure.  Also returns
+ *		zero if there was insufficient buffer (but the output buffer
+ *		is broken in this case).
  *
  * Use:		Attempts to decrypt a message using a given key.  Note that
  *		requesting decryption with a key directly won't clear a
@@ -443,7 +448,7 @@ int ks_decrypt(keyset *ks, unsigned ty, buf *b, buf *bb)
       buf_ensure(bb, BLEN(b)) ||
       dodecrypt(ks, ty, b, bb, &seq) ||
       seq_check(&ks->iseq, seq, "SYMM"))
-    return (-1);
+    return (KSERR_DECRYPT);
   return (0);
 }
 
@@ -532,7 +537,10 @@ void ksl_prune(keyset **ksroot)
  *		@buf *b@ = pointer to input buffer
  *		@buf *bb@ = pointer to output buffer
  *
- * Returns:	Nonzero if a new key is needed.
+ * Returns:	Zero if successful; @KSERR_REGEN@ if it's time to negotiate a
+ *		new key; @KSERR_NOKEYS@ if there are no suitable keys
+ *		available.  Also returns zero if there was insufficient
+ *		buffer space (but the output buffer is broken in this case).
  *
  * Use:		Encrypts a packet.
  */
@@ -546,7 +554,7 @@ int ksl_encrypt(keyset **ksroot, unsigned ty, buf *b, buf *bb)
     if (!ks) {
       T( trace(T_KEYSET, "keyset: no suitable keysets found"); )
       buf_break(bb);
-      return (-1);
+      return (KSERR_NOKEYS);
     }
     if (KEYOK(ks, now) && !(ks->f & KSF_LISTEN))
       break;
@@ -563,7 +571,9 @@ int ksl_encrypt(keyset **ksroot, unsigned ty, buf *b, buf *bb)
  *		@buf *b@ = pointer to input buffer
  *		@buf *bb@ = pointer to output buffer
  *
- * Returns:	Nonzero if the packet couldn't be decrypted.
+ * Returns:	Zero on success; @KSERR_DECRYPT@ on failure.  Also returns
+ *		zero if there was insufficient buffer (but the output buffer
+ *		is broken in this case).
  *
  * Use:		Decrypts a packet.
  */
@@ -575,7 +585,7 @@ int ksl_decrypt(keyset **ksroot, unsigned ty, buf *b, buf *bb)
   uint32 seq;
 
   if (buf_ensure(bb, BLEN(b)))
-    return (-1);
+    return (KSERR_DECRYPT);
 
   for (ks = *ksroot; ks; ks = ks->next) {
     if (!KEYOK(ks, now))
@@ -586,11 +596,14 @@ int ksl_decrypt(keyset **ksroot, unsigned ty, buf *b, buf *bb)
 		 ks->seq); )
 	ks->f &= ~KSF_LISTEN;
       }
-      return (seq_check(&ks->iseq, seq, "SYMM"));
+      if (seq_check(&ks->iseq, seq, "SYMM"))
+	return (KSERR_DECRYPT);
+      else
+	return (0);
     }
   }
   T( trace(T_KEYSET, "keyset: no matching keys, or incorrect MAC"); )
-  return (-1);
+  return (KSERR_DECRYPT);
 }
 
 /*----- That's all, folks -------------------------------------------------*/