diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/irmd/oap/srv.c | 8 | ||||
| -rw-r--r-- | src/lib/pb/irm.proto | 4 |
2 files changed, 4 insertions, 8 deletions
diff --git a/src/irmd/oap/srv.c b/src/irmd/oap/srv.c index ce97654f..587a8f9f 100644 --- a/src/irmd/oap/srv.c +++ b/src/irmd/oap/srv.c @@ -180,11 +180,7 @@ static int negotiate_cipher(const struct oap_hdr * peer_hdr, cli_rank = crypt_kdf_rank(peer_hdr->kdf_nid); srv_rank = crypt_kdf_rank(kcfg->k.nid); - /* - * For client-encap KEM, the KDF is baked into - * the ciphertext. The server must use the client's - * KDF and can only verify the minimum. - */ + /* Client-encap KEM bakes KDF into ciphertext; verify min. */ if (OAP_KEX_ROLE(peer_hdr) == KEM_MODE_CLIENT_ENCAP) { if (srv_rank > cli_rank) { log_err_id(id, "Client KDF too weak."); @@ -388,7 +384,7 @@ int oap_srv_process(const struct name_info * info, uint8_t hash_buf[MAX_HASH_SIZE]; buffer_t req_hash = BUF_INIT; ssize_t hash_ret; - char cli_name[NAME_SIZE + 1]; /* TODO */ + char cli_name[NAME_SIZE + 1]; uint8_t * id; void * pkp = NULL; void * crt = NULL; diff --git a/src/lib/pb/irm.proto b/src/lib/pb/irm.proto index 9ed0a29b..579fd388 100644 --- a/src/lib/pb/irm.proto +++ b/src/lib/pb/irm.proto @@ -94,6 +94,6 @@ message irm_msg { optional uint32 timeo_sec = 23; optional uint32 timeo_nsec = 24; optional sint32 result = 25; - optional bytes sym_key = 26; /* symmetric encryption key */ - optional sint32 cipher_nid = 27; /* cipher NID */ + optional bytes sym_key = 26; /* symmetric encryption key */ + optional sint32 cipher_nid = 27; /* cipher NID */ } |