X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/c3c51798db44f1fd5d2b54c4919cd50373f70376..62b5e3ecc77424add00ad4e5dc86e7248751cdf6:/server/keyexch.c

diff --git a/server/keyexch.c b/server/keyexch.c
index 76aeee00..cd6eae52 100644
--- a/server/keyexch.c
+++ b/server/keyexch.c
@@ -75,13 +75,6 @@
  *	Switch received.  Committed; send data; move to @KXS_SWITCH@.
  */
 
-/*----- Tunable parameters ------------------------------------------------*/
-
-#define T_VALID MIN(2)			/* Challenge validity period */
-#define T_RETRY SEC(10)			/* Challenge retransmit interval */
-
-#define VALIDP(kx, now) ((now) < (kx)->t_valid)
-
 /*----- Static tables -----------------------------------------------------*/
 
 static const char *const pkname[] = {
@@ -90,6 +83,17 @@ static const char *const pkname[] = {
 
 /*----- Various utilities -------------------------------------------------*/
 
+/* --- @VALIDP@ --- *
+ *
+ * Arguments:	@const keyexch *kx@ = key exchange state
+ *		@time_t now@ = current time in seconds
+ *
+ * Returns:	Whether the challenge in the key-exchange state is still
+ *		valid or should be regenerated.
+ */
+
+#define VALIDP(kx, now) ((now) < (kx)->t_valid)
+
 /* --- @hashge@ --- *
  *
  * Arguments:	@ghash *h@ = pointer to hash context
@@ -603,7 +607,7 @@ static kxchal *respond(keyexch *kx, unsigned msg, buf *b)
     h = GH_INIT(algs.h);
     HASH_STRING(h, "tripe-check-hash");
     GH_HASH(h, ck, indexsz);
-    GH_DONE(h, kxc->hc);
+    GH_DONE(h, kxc->ck);
     GH_DESTROY(h);
 
     h = GH_INIT(algs.h);
@@ -792,6 +796,7 @@ static int decryptrest(keyexch *kx, kxchal *kxc, unsigned msg, buf *b)
     a_warn("KX", "?PEER", kx->p, "decrypt-failed", "%s", pkname[msg], A_END);
     return (-1);
   }
+  if (!BOK(&bb)) return (-1);
   buf_init(b, BBASE(&bb), BLEN(&bb));
   return (0);
 }
@@ -908,7 +913,7 @@ static void kxfinish(keyexch *kx)
 {
   kxchal *kxc = kx->r[0];
   ks_activate(kxc->ks);
-  settimer(kx, ks_tregen(kxc->ks));
+  settimer(kx, time(0) + T_REGEN);
   kx->s = KXS_SWITCH;
   a_notify("KXDONE", "?PEER", kx->p, A_END);
   p_stats(kx->p)->t_kx = time(0);
@@ -1235,7 +1240,7 @@ void kx_free(keyexch *kx)
 
 void kx_newkeys(keyexch *kx)
 {
-  if (km_getpubkey(p_name(kx->p), kx->kpub, &kx->texp_kpub))
+  if (km_getpubkey(p_tag(kx->p), kx->kpub, &kx->texp_kpub))
     return;
   kx->f |= KXF_PUBKEY;
   if ((kx->f & KXF_DEAD) || kx->s != KXS_SWITCH) {
@@ -1266,7 +1271,7 @@ int kx_init(keyexch *kx, peer *p, keyset **ks, unsigned f)
   kx->ks = ks;
   kx->p = p;
   kx->kpub = G_CREATE(gg);
-  if (km_getpubkey(p_name(p), kx->kpub, &kx->texp_kpub)) {
+  if (km_getpubkey(p_tag(p), kx->kpub, &kx->texp_kpub)) {
     G_DESTROY(gg, kx->kpub);
     return (-1);
   }