X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/786989941b7b4504f0234c4a318f929802e981ad..a62f8e8a94bf56194539f7140a1215bc74309b36:/server/keymgmt.c diff --git a/server/keymgmt.c b/server/keymgmt.c index edd31b2a..ce0d4561 100644 --- a/server/keymgmt.c +++ b/server/keymgmt.c @@ -1,13 +1,11 @@ /* -*-c-*- - * - * $Id$ * * Key loading and storing * * (c) 2001 Straylight/Edgeware */ -/*----- Licensing notice --------------------------------------------------* +/*----- Licensing notice --------------------------------------------------* * * This file is part of Trivial IP Encryption (TrIPE). * @@ -15,12 +13,12 @@ * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. - * + * * TrIPE is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with TrIPE; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. @@ -249,7 +247,8 @@ static const char *algs_check(algswitch *a, const group *g) /* --- Derive the key sizes --- * * * Must ensure that we have non-empty keys. This isn't ideal, but it - * provides a handy sanity check. + * provides a handy sanity check. Also must be based on a 64- or 128-bit + * block cipher or we can't do the data expiry properly. */ a->hashsz = a->h->hashsz; @@ -258,6 +257,11 @@ static const char *algs_check(algswitch *a, const group *g) if ((a->mksz = keysz(a->hashsz, a->m->keysz)) == 0) return ("no key size found for MAC"); + /* --- Derive the data limit --- */ + + if (a->c->blksz < 16) a->expsz = MEG(64); + else a->expsz = MEG(2048); + /* --- Ensure that the tag size is sane --- */ if (a->tagsz > a->m->hashsz) return ("tag length too large"); @@ -293,13 +297,13 @@ static int algs_samep(const algswitch *a, const algswitch *aa) /* --- @keymoan@ --- * * * Arguments: @const char *file@ = name of the file - * @int line@ = line number in file - * @const char *msg@ = error message - * @void *p@ = argument pointer + * @int line@ = line number in file + * @const char *msg@ = error message + * @void *p@ = argument pointer * - * Returns: --- + * Returns: --- * - * Use: Reports an error message about loading a key file. + * Use: Reports an error message about loading a key file. */ static void keymoan(const char *file, int line, const char *msg, void *p) @@ -384,7 +388,7 @@ tymatch:; /* --- Good, we're happy --- * * - * Dodginess! We change the group over here, but don't free any old group + * Dodginess! We change the group over here, but don't free any old group * elements. This assumes that the new group is basically the same as the * old one, and will happily adopt the existing elements. If it isn't, * then we lose badly. Check this, then. @@ -598,7 +602,7 @@ tymatch:; /* --- Ensure that the group is correct --- * * - * Dodginess! We assume that if this works, our global group is willing to + * Dodginess! We assume that if this works, our global group is willing to * adopt this public element. Probably reasonable. */