~mdw
/
secnet
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
transform: Allow DH to set the key size
[secnet]
/
site.c
diff --git
a/site.c
b/site.c
index
db65bd8
..
566b215
100644
(file)
--- a/
site.c
+++ b/
site.c
@@
-288,6
+288,7
@@
struct site {
uint64_t timeout; /* Timeout for current state */
uint8_t *dhsecret;
uint8_t *sharedsecret;
uint64_t timeout; /* Timeout for current state */
uint8_t *dhsecret;
uint8_t *sharedsecret;
+ uint32_t sharedsecretlen;
struct transform_inst_if *new_transform; /* For key setup/verify */
};
struct transform_inst_if *new_transform; /* For key setup/verify */
};
@@
-463,7
+464,7
@@
static bool_t check_msg(struct site *st, uint32_t type, struct msg *m,
return False;
}
if (type==LABEL_MSG2) return True;
return False;
}
if (type==LABEL_MSG2) return True;
- if (
memcmp
(m->nR,st->remoteN,NONCELEN)!=0) {
+ if (
!consttime_memeq
(m->nR,st->remoteN,NONCELEN)!=0) {
*error="wrong remotely-generated nonce";
return False;
}
*error="wrong remotely-generated nonce";
return False;
}
@@
-561,11
+562,11
@@
static bool_t process_msg3(struct site *st, struct buffer_if *msg3,
/* Generate the shared key */
st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,m.pk,
/* Generate the shared key */
st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,m.pk,
- st->sharedsecret,st->
transform->key
len);
+ st->sharedsecret,st->
sharedsecret
len);
/* Set up the transform */
st->new_transform->setkey(st->new_transform->st,st->sharedsecret,
/* Set up the transform */
st->new_transform->setkey(st->new_transform->st,st->sharedsecret,
- st->
transform->key
len);
+ st->
sharedsecret
len);
return True;
}
return True;
}
@@
-609,10
+610,10
@@
static bool_t process_msg4(struct site *st, struct buffer_if *msg4,
m.pk[m.pklen]=0;
/* Generate the shared key */
st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,m.pk,
m.pk[m.pklen]=0;
/* Generate the shared key */
st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,m.pk,
- st->sharedsecret,st->
transform->key
len);
+ st->sharedsecret,st->
sharedsecret
len);
/* Set up the transform */
st->new_transform->setkey(st->new_transform->st,st->sharedsecret,
/* Set up the transform */
st->new_transform->setkey(st->new_transform->st,st->sharedsecret,
- st->
transform->key
len);
+ st->
sharedsecret
len);
return True;
}
return True;
}
@@
-1009,7
+1010,7
@@
static void enter_state_run(struct site *st)
memset(st->remoteN,0,NONCELEN);
st->new_transform->delkey(st->new_transform->st);
memset(st->dhsecret,0,st->dh->len);
memset(st->remoteN,0,NONCELEN);
st->new_transform->delkey(st->new_transform->st);
memset(st->dhsecret,0,st->dh->len);
- memset(st->sharedsecret,0,st->
transform->key
len);
+ memset(st->sharedsecret,0,st->
sharedsecret
len);
set_link_quality(st);
}
set_link_quality(st);
}
@@
-1557,7
+1558,8
@@
static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
transport_peers_clear(st,&st->setup_peers);
/* XXX mlock these */
st->dhsecret=safe_malloc(st->dh->len,"site:dhsecret");
transport_peers_clear(st,&st->setup_peers);
/* XXX mlock these */
st->dhsecret=safe_malloc(st->dh->len,"site:dhsecret");
- st->sharedsecret=safe_malloc(st->transform->keylen,"site:sharedsecret");
+ st->sharedsecretlen=st->transform->keylen?:st->dh->ceil_len;
+ st->sharedsecret=safe_malloc(st->sharedsecretlen,"site:sharedsecret");
/* We need to compute some properties of our comms */
#define COMPUTE_WORST(pad) \
/* We need to compute some properties of our comms */
#define COMPUTE_WORST(pad) \