/* --- Derive the key sizes --- *
*
* Must ensure that we have non-empty keys. This isn't ideal, but it
- * provides a handy sanity check.
+ * provides a handy sanity check. Also must be based on a 64- or 128-bit
+ * block cipher or we can't do the data expiry properly.
*/
a->hashsz = a->h->hashsz;
if ((a->mksz = keysz(a->hashsz, a->m->keysz)) == 0)
return ("no key size found for MAC");
+ /* --- Derive the data limit --- */
+
+ if (a->c->blksz < 16) a->expsz = MEG(64);
+ else a->expsz = MEG(2048);
+
/* --- Ensure that the tag size is sane --- */
if (a->tagsz > a->m->hashsz) return ("tag length too large");
/*----- Tunable parameters ------------------------------------------------*/
-/* --- Note on size limits --- *
- *
- * For a 64-bit block cipher (e.g., Blowfish), the probability of a collision
- * occurring after 32 MB is less than %$2^{-21}$%, and the probability of a
- * collision occurring after 64 MB is less than %$2^{-19}$%. These could be
- * adjusted dependent on the encryption scheme, but it's too much pain.
- */
-
#define T_EXP MIN(60) /* Expiry time for a key */
#define T_REGEN MIN(45) /* Regeneration time for a key */
-#define SZ_EXP MEG(64) /* Expiry data size for a key */
-#define SZ_REGEN MEG(32) /* Data size threshold for regen */
/*----- Handy macros ------------------------------------------------------*/
nsz = osz - sz;
else
nsz = 0;
- if (osz >= SZ_REGEN && nsz < SZ_REGEN) {
+ if (osz >= ks->sz_regen && ks->sz_regen > nsz) {
T( trace(T_KEYSET, "keyset: keyset %u data regen limit exceeded -- "
"forcing exchange", ks->seq); )
rc = KSERR_REGEN;
T( ks->seq = seq++; )
ks->ref = 1;
ks->t_exp = now + T_EXP;
- ks->sz_exp = SZ_EXP;
+ ks->sz_exp = algs.expsz;
+ ks->sz_regen = algs.expsz/2;
ks->oseq = 0;
seq_reset(&ks->iseq);
ks->next = 0;
const gcmac *m; /* Message authentication code */
size_t hashsz; /* Hash output size */
size_t tagsz; /* Length to truncate MAC tags */
+ size_t expsz; /* Size of data to process */
size_t cksz, mksz; /* Key lengths for @c@ and @m@ */
} algswitch;
unsigned ref; /* Reference count for keyset */
struct peer *p; /* Pointer to peer structure */
time_t t_exp; /* Expiry time for this keyset */
- unsigned long sz_exp; /* Data limit for the keyset */
+ unsigned long sz_exp, sz_regen; /* Data limits for the keyset */
T( unsigned seq; ) /* Sequence number for tracing */
unsigned f; /* Various useful flags */
gcipher *cin, *cout; /* Keyset ciphers for encryption */