#include <bsd/sys/queue.h>
+#include "osdep.h"
+
#define MAX_PEER_ADDRS 5
/* send at most this many copies; honour at most that many addresses */
#define MAX_NAK_MSG 80
+#define MAX_SIG_KEYS 4
struct hash_if;
struct comm_if;
struct comm_addr;
struct priomsg;
+struct log_if;
+struct buffer_if;
+struct sigpubkey_if;
+struct sigprivkey_if;
typedef char *string_t;
typedef const char *cstring_t;
return !memcmp(a->b, b->b, KEYIDSZ);
}
+#define SERIALSZ 4
+typedef uint32_t serialt;
+static inline int serial_cmp(serialt a, serialt b) {
+ if (a==b) return 0;
+ if (!a) return -1;
+ if (!b) return +1;
+ return b-a <= (serialt)0x7fffffffUL ? +1 : -1;
+}
+
#define ASSERT(x) do { if (!(x)) { fatal("assertion failed line %d file " \
__FILE__,__LINE__); } } while(0)
extern init_module tun_module;
extern init_module sha1_module;
extern init_module log_module;
+extern init_module privcache_module;
/***** END of module support *****/
+/***** SIGNATURE SCHEMES *****/
+
+struct sigscheme_info;
+
+typedef bool_t sigscheme_loadpub(const struct sigscheme_info *algo,
+ struct buffer_if *pubkeydata,
+ struct sigpubkey_if **sigpub_r,
+ struct log_if *log, struct cloc loc);
+ /* pubkeydata is (supposedly) for this algorithm.
+ * loadpub should log an error if it fails.
+ * pubkeydata may be modified (but not freed) */
+
+typedef bool_t sigscheme_loadpriv(const struct sigscheme_info *algo,
+ struct buffer_if *privkeydata,
+ struct sigprivkey_if **sigpriv_r,
+ struct log_if *log, struct cloc loc);
+ /* Ideally, check whether privkeydata contains data for any algorithm.
+ * That avoids security problems if a key file is misidentified (which
+ * might happen if the file is simply renamed).
+ * If there is an error (including that the key data is not for this
+ * algorithm, return False and log an error at M_ERROR.
+ * On entry privkeydata->base==start. loadpriv may modify
+ * privkeydata, including the contents. */
+
+struct sigscheme_info {
+ const char *name;
+ const uint8_t algid;
+ sigscheme_loadpub *loadpub;
+ sigscheme_loadpriv *loadpriv;
+};
+
+extern const struct sigscheme_info rsa1_sigscheme;
+extern const struct sigscheme_info sigschemes[]; /* sentinel has name==0 */
+
+const struct sigscheme_info *sigscheme_lookup(const char *name);
+
+extern sigscheme_loadpriv rsa1_loadpriv;
+extern sigscheme_loadpub rsa1_loadpub;
+
+/***** END of signature schemes *****/
+
/***** CLOSURE TYPES and interface definitions *****/
#define CL_PURE 0
#define CL_HASH 12
#define CL_BUFFER 13
#define CL_NETLINK 14
+#define CL_PRIVCACHE 15
struct buffer_if;
/* SIGPUBKEY interface */
typedef void sig_sethash_fn(void *st, struct hash_if *hash);
+typedef void sig_dispose_fn(void *st);
+
typedef bool_t sig_unpick_fn(void *sst, struct buffer_if *msg,
struct alg_msg_data *sig);
typedef bool_t sig_checksig_fn(void *st, uint8_t *data, int32_t datalen,
const struct alg_msg_data *sig);
struct sigpubkey_if {
void *st;
- sig_sethash_fn *sethash; /* must be called before check, if non-0 */
+ sig_sethash_fn *sethash; /* must be called before use, if non-0 */
sig_unpick_fn *unpick;
sig_checksig_fn *check;
+ const struct hash_if *hash;
+ sig_dispose_fn *dispose;
};
/* SIGPRIVKEY interface */
struct buffer_if *msg);
struct sigprivkey_if {
void *st;
- sig_sethash_fn *sethash; /* must be called before sign, if non-0 */
+ sig_sethash_fn *sethash; /* must be called before use, if non-0 */
sig_makesig_fn *sign;
+ const struct hash_if *hash;
+ sig_dispose_fn *dispose;
+};
+
+/* PRIVCACHE interface */
+
+typedef struct sigprivkey_if *privcache_lookup_fn(void *st,
+ const struct sigkeyid *id,
+ struct log_if*);
+ /* Return is valid only until you return from the current event!
+ * You do not need to call ->sethash. */
+
+struct privcache_if {
+ void *st;
+ privcache_lookup_fn *lookup;
};
/* COMM interface */