X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/56516aeb66062dd8dd5b4225a67e24096cf3fe3f..a50f9a0eaed03dfe85ff3d7a4c24da20ac705dae:/server/tripe.h

diff --git a/server/tripe.h b/server/tripe.h
index 448f9991..47c8cf0f 100644
--- a/server/tripe.h
+++ b/server/tripe.h
@@ -217,6 +217,10 @@ typedef struct keyset {
 #define KSF_LISTEN 1u			/* Don't encrypt packets yet */
 #define KSF_LINK 2u			/* Key is in a linked list */
 
+#define KSERR_REGEN -1			/* Regenerate keys */
+#define KSERR_NOKEYS -2			/* No keys left */
+#define KSERR_DECRYPT -3		/* Unable to decrypt message */
+
 /* --- Key exchange --- *
  *
  * TrIPE uses the Wrestlers Protocol for its key exchange.  The Wrestlers
@@ -687,9 +691,10 @@ extern void ks_activate(keyset */*ks*/);
  *		@buf *b@ = pointer to input buffer
  *		@buf *bb@ = pointer to output buffer
  *
- * Returns:	Zero if OK, nonzero if the key needs replacing.  If the
- *		encryption failed, the output buffer is broken and zero is
- *		returned.
+ * Returns:	Zero if successful; @KSERR_REGEN@ if we should negotiate a
+ *		new key; @KSERR_NOKEYS@ if the key is not usable.  Also
+ *		returns zero if there was insufficient buffer (but the output
+ *		buffer is broken in this case).
  *
  * Use:		Encrypts a block of data using the key.  Note that the `key
  *		ought to be replaced' notification is only ever given once
@@ -707,7 +712,9 @@ extern int ks_encrypt(keyset */*ks*/, unsigned /*ty*/,
  *		@buf *b@ = pointer to an input buffer
  *		@buf *bb@ = pointer to an output buffer
  *
- * Returns:	Zero on success, or nonzero if there was some problem.
+ * Returns:	Zero on success; @KSERR_DECRYPT@ on failure.  Also returns
+ *		zero if there was insufficient buffer (but the output buffer
+ *		is broken in this case).
  *
  * Use:		Attempts to decrypt a message using a given key.  Note that
  *		requesting decryption with a key directly won't clear a
@@ -760,7 +767,10 @@ extern void ksl_prune(keyset **/*ksroot*/);
  *		@buf *b@ = pointer to input buffer
  *		@buf *bb@ = pointer to output buffer
  *
- * Returns:	Nonzero if a new key is needed.
+ * Returns:	Zero if successful; @KSERR_REGEN@ if it's time to negotiate a
+ *		new key; @KSERR_NOKEYS@ if there are no suitable keys
+ *		available.  Also returns zero if there was insufficient
+ *		buffer space (but the output buffer is broken in this case).
  *
  * Use:		Encrypts a packet.
  */
@@ -775,7 +785,9 @@ extern int ksl_encrypt(keyset **/*ksroot*/, unsigned /*ty*/,
  *		@buf *b@ = pointer to input buffer
  *		@buf *bb@ = pointer to output buffer
  *
- * Returns:	Nonzero if the packet couldn't be decrypted.
+ * Returns:	Zero on success; @KSERR_DECRYPT@ on failure.  Also returns
+ *		zero if there was insufficient buffer (but the output buffer
+ *		is broken in this case).
  *
  * Use:		Decrypts a packet.
  */