chiark
/
gitweb
/
~mdw
/
secnet
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
site: Keep old keys, and allow them to be used by peer
[secnet]
/
transform.c
diff --git
a/transform.c
b/transform.c
index 8fdf9fd80a350b254bb4e2d7380a31a9babc77f9..289b02e57e899611d0fc96880dfad435b36fc5be 100644
(file)
--- a/
transform.c
+++ b/
transform.c
@@
-68,6
+68,13
@@
static bool_t transform_setkey(void *sst, uint8_t *key, int32_t keylen)
return True;
}
return True;
}
+static bool_t transform_valid(void *sst)
+{
+ struct transform_inst *ti=sst;
+
+ return ti->keyed;
+}
+
static void transform_delkey(void *sst)
{
struct transform_inst *ti=sst;
static void transform_delkey(void *sst)
{
struct transform_inst *ti=sst;
@@
-171,6
+178,10
@@
static uint32_t transform_reverse(void *sst, struct buffer_if *buf,
return 1;
}
return 1;
}
+ if (buf->size < 4 + 16 + 16) {
+ *errmsg="msg too short";
+ return 1;
+ }
/* CBC */
memset(iv,0,16);
/* CBC */
memset(iv,0,16);
@@
-181,6
+192,7
@@
static uint32_t transform_reverse(void *sst, struct buffer_if *buf,
/* Assert bufsize is multiple of blocksize */
if (buf->size&0xf) {
*errmsg="msg not multiple of cipher blocksize";
/* Assert bufsize is multiple of blocksize */
if (buf->size&0xf) {
*errmsg="msg not multiple of cipher blocksize";
+ return 1;
}
serpent_encrypt(&ti->cryptkey,iv,iv);
for (n=buf->start; n<buf->start+buf->size; n+=16)
}
serpent_encrypt(&ti->cryptkey,iv,iv);
for (n=buf->start; n<buf->start+buf->size; n+=16)
@@
-242,7
+254,7
@@
static uint32_t transform_reverse(void *sst, struct buffer_if *buf,
} else {
/* Too much skew */
*errmsg="seqnum: too much skew";
} else {
/* Too much skew */
*errmsg="seqnum: too much skew";
- return
1
;
+ return
2
;
}
return 0;
}
return 0;
@@
-266,6
+278,7
@@
static struct transform_inst_if *transform_create(void *sst)
ti->ops.st=ti;
ti->ops.setkey=transform_setkey;
ti->ops.st=ti;
ti->ops.setkey=transform_setkey;
+ ti->ops.valid=transform_valid;
ti->ops.delkey=transform_delkey;
ti->ops.forwards=transform_forward;
ti->ops.reverse=transform_reverse;
ti->ops.delkey=transform_delkey;
ti->ops.forwards=transform_forward;
ti->ops.reverse=transform_reverse;
~mdw / secnet / blobdiff