/* Bring the new keys into use after a key exchange */
void recv_msg_newkeys() {
TRACE(("enter recv_msg_newkeys"));
/* simply check if we've sent SSH_MSG_NEWKEYS, and if so,
* switch to the new keys */
if (ses.kexstate.sentnewkeys) {
gen_new_keys();
kexinitialise(); /* we've finished with this kex */
} else {
ses.kexstate.recvnewkeys = 1;
}
ses.dataallowed = 1; /* we can send other packets again now */
TRACE(("leave recv_msg_newkeys"));
}
/* Bring new keys into use after a key exchange, and let the client know*/
void send_msg_newkeys() {
TRACE(("enter send_msg_newkeys"));
/* generate the kexinit request */
CHECKCLEARTOWRITE();
buf_putbyte(ses.writepayload, SSH_MSG_NEWKEYS);
encrypt_packet();
/* set up our state */
if (ses.kexstate.recvnewkeys) {
gen_new_keys();
kexinitialise(); /* we've finished with this kex */
} else {
ses.kexstate.sentnewkeys = 1;
}
TRACE(("leave send_msg_newkeys"));
}
NaCl::NaCl()
{
gen_new_nonce();
gen_new_keys();
gen_new_secret();
}
