X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/8111ced6e2561056d0e34500ea013bd921548081..HEAD:/server/keyset.c diff --git a/server/keyset.c b/server/keyset.c index 2f2b550a..a0c4577d 100644 --- a/server/keyset.c +++ b/server/keyset.c @@ -82,7 +82,7 @@ static int doencrypt(keyset *ks, unsigned ty, buf *b, buf *bb) IF_TRACING(T_KEYSET, { trace(T_KEYSET, - "keyset: encrypting packet %lu (type %u) using keyset %u", + "keyset: encrypting packet %lu (type 0x%02x) using keyset %u", (unsigned long)ks->oseq, ty, ks->seq); trace_block(T_CRYPTO, "crypto: plaintext packet", BCUR(b), sz); }) @@ -134,7 +134,7 @@ static int dodecrypt(keyset *ks, unsigned ty, buf *b, buf *bb, uint32 *seq) IF_TRACING(T_KEYSET, { trace(T_KEYSET, - "keyset: try decrypting packet (type %u) using keyset %u", + "keyset: try decrypting packet (type 0x%02x) using keyset %u", ty, ks->seq); trace_block(T_CRYPTO, "crypto: ciphertext packet", BCUR(b), BLEFT(b)); }) @@ -169,96 +169,33 @@ void ks_drop(keyset *ks) DESTROY(ks); } -/* --- @ks_derivekey@ --- * - * - * Arguments: @octet *k@ = pointer to an output buffer of at least - * @MAXHASHSZ@ bytes - * @size_t ksz@ = actual size wanted (for tracing) - * @const struct rawkey *rk@ = a raw key, as passed into - * @genkeys@ - * @int dir@ = direction for the key (@DIR_IN@ or @DIR_OUT@) - * @const char *what@ = label for the key (input to derivation) - * - * Returns: --- - * - * Use: Derives a session key, for use on incoming or outgoing data. - * This function is part of a private protocol between @ks_gen@ - * and the bulk crypto transform @genkeys@ operation. - */ - -struct rawkey { - const gchash *hc; - const octet *k; - size_t x, y, z; -}; - -void ks_derivekey(octet *k, size_t ksz, const struct rawkey *rk, - int dir, const char *what) -{ - const gchash *hc = rk->hc; - ghash *h; - - assert(ksz <= hc->hashsz); - assert(hc->hashsz <= MAXHASHSZ); - h = GH_INIT(hc); - GH_HASH(h, "tripe-", 6); GH_HASH(h, what, strlen(what) + 1); - switch (dir) { - case DIR_IN: - GH_HASH(h, rk->k, rk->x); - GH_HASH(h, rk->k + rk->x, rk->y - rk->x); - break; - case DIR_OUT: - GH_HASH(h, rk->k + rk->x, rk->y - rk->x); - GH_HASH(h, rk->k, rk->x); - break; - default: - abort(); - } - GH_HASH(h, rk->k + rk->y, rk->z - rk->y); - GH_DONE(h, k); - GH_DESTROY(h); - IF_TRACING(T_KEYSET, { IF_TRACING(T_CRYPTO, { - char _buf[32]; - sprintf(_buf, "crypto: %s key %s", dir ? "outgoing" : "incoming", what); - trace_block(T_CRYPTO, _buf, k, ksz); - }) }) -} - /* --- @ks_gen@ --- * * - * Arguments: @const void *k@ = pointer to key material - * @size_t x, y, z@ = offsets into key material (see below) + * Arguments: @deriveargs *a@ = key derivation parameters (modified) * @peer *p@ = pointer to peer information * * Returns: A pointer to the new keyset. * - * Use: Derives a new keyset from the given key material. The - * offsets @x@, @y@ and @z@ separate the key material into three - * parts. Between the @k@ and @k + x@ is `my' contribution to - * the key material; between @k + x@ and @k + y@ is `your' - * contribution; and between @k + y@ and @k + z@ is a shared - * value we made together. These are used to construct two - * pairs of symmetric keys. Each pair consists of an encryption - * key and a message authentication key. One pair is used for - * outgoing messages, the other for incoming messages. + * Use: Derives a new keyset from the given key material. This will + * set the @what@, @f@, and @hc@ members in @*a@; other members + * must be filled in by the caller. * * The new key is marked so that it won't be selected for output * by @ksl_encrypt@. You can still encrypt data with it by * calling @ks_encrypt@ directly. */ -keyset *ks_gen(const void *k, size_t x, size_t y, size_t z, peer *p) +keyset *ks_gen(deriveargs *a, peer *p) { keyset *ks = CREATE(keyset); time_t now = time(0); const algswitch *algs = &p->kx.kpriv->algs; - struct rawkey rk; T( static unsigned seq = 0; ) T( trace(T_KEYSET, "keyset: adding new keyset %u", seq); ) - rk.hc = algs->h; rk.k = k; rk.x = x; rk.y = y; rk.z = z; - ks->bulk = algs->bulk->ops->genkeys(algs->bulk, &rk); + a->what = "tripe-"; a->f = DF_IN | DF_OUT; a->hc = algs->h; + ks->bulk = algs->bulk->ops->genkeys(algs->bulk, a); ks->bulk->ops = algs->bulk->ops; T( ks->seq = seq++; )