*
* secnet is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version d of the License, or
+ * the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* secnet is distributed in the hope that it will be useful, but
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
+#include <limits.h>
#include <fnmatch.h>
#include <sys/poll.h>
#include <sys/types.h>
#define MAX_PEER_ADDRS 5
/* send at most this many copies; honour at most that many addresses */
+struct hash_if;
struct comm_if;
struct comm_addr;
#define CL_PURE 0
#define CL_RESOLVER 1
#define CL_RANDOMSRC 2
-#define CL_RSAPUBKEY 3
-#define CL_RSAPRIVKEY 4
+#define CL_SIGPUBKEY 3
+#define CL_SIGPRIVKEY 4
#define CL_COMM 5
#define CL_IPIF 6
#define CL_LOG 7
struct buffer_if;
+struct alg_msg_data {
+ uint8_t *sigstart;
+ int32_t siglen;
+};
+
/* PURE closure requires no interface */
/* RESOLVER interface */
/* RANDOMSRC interface */
-/* Return some random data. Returns TRUE for success. */
-typedef bool_t random_fn(void *st, int32_t bytes, uint8_t *buff);
+/* Return some random data. Cannot fail. */
+typedef void random_fn(void *st, int32_t bytes, uint8_t *buff);
struct random_if {
void *st;
random_fn *generate;
};
-/* RSAPUBKEY interface */
+/* SIGPUBKEY interface */
-typedef bool_t rsa_checksig_fn(void *st, uint8_t *data, int32_t datalen,
- cstring_t signature);
-struct rsapubkey_if {
+typedef void sig_sethash_fn(void *st, struct hash_if *hash);
+typedef bool_t sig_unpick_fn(void *sst, struct buffer_if *msg,
+ struct alg_msg_data *sig);
+typedef bool_t sig_checksig_fn(void *st, uint8_t *data, int32_t datalen,
+ const struct alg_msg_data *sig);
+struct sigpubkey_if {
void *st;
- rsa_checksig_fn *check;
+ sig_sethash_fn *sethash; /* must be called before check, if non-0 */
+ sig_unpick_fn *unpick;
+ sig_checksig_fn *check;
};
-/* RSAPRIVKEY interface */
+/* SIGPRIVKEY interface */
-typedef string_t rsa_makesig_fn(void *st, uint8_t *data, int32_t datalen);
-struct rsaprivkey_if {
+/* Appends the signature to msg.
+ * Can fail and returnn False, eg if the buffer is too small. */
+typedef bool_t sig_makesig_fn(void *st, uint8_t *data, int32_t datalen,
+ struct buffer_if *msg);
+struct sigprivkey_if {
void *st;
- rsa_makesig_fn *sign;
+ sig_sethash_fn *sethash; /* must be called before sign, if non-0 */
+ sig_makesig_fn *sign;
};
/* COMM interface */
typedef bool_t transform_valid_fn(void *st); /* 0: no key; 1: ok */
typedef void transform_delkey_fn(void *st);
typedef void transform_destroyinstance_fn(void *st);
-/* Returns:
- * 0: all is well
- * 1: for any other problem
- * 2: message decrypted but sequence number was out of range
- */
-typedef uint32_t transform_apply_fn(void *st, struct buffer_if *buf,
- const char **errmsg);
+
+typedef enum {
+ transform_apply_ok = 0, /* all is well (everyone may assume==0) */
+ transform_apply_err = 1, /* any other problem */
+ transform_apply_seqrange = 2,
+ /* message decrypted but sequence number was out of recent range */
+ transform_apply_seqdupe = 3,
+ /* message decrypted but was dupe of recent packet */
+} transform_apply_return;
+
+static inline bool_t
+transform_apply_return_badseq(transform_apply_return problem) {
+ return problem == transform_apply_seqrange ||
+ problem == transform_apply_seqdupe;
+}
+
+typedef transform_apply_return transform_apply_fn(void *st,
+ struct buffer_if *buf, const char **errmsg);
struct transform_inst_if {
void *st;
struct transform_if {
void *st;
- int capab_transformnum;
+ int capab_bit;
int32_t keylen; /* <<< INT_MAX */
transform_createinstance_fn *create;
};