X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=secnet.h;h=0d5b8396d9abf95e63c6a8f56c6d12b5c88ae3b8;hb=c7e6b78d0e867626783850dddc2d61c1c8999801;hp=b72bfc7fc42bc6ca26b65017851b8ffb6147f323;hpb=1957436bba0bcd420f88ae9fa1126ad4574b0c53;p=secnet.git diff --git a/secnet.h b/secnet.h index b72bfc7..0d5b839 100644 --- a/secnet.h +++ b/secnet.h @@ -45,6 +45,8 @@ #include +#include "osdep.h" + #define MAX_PEER_ADDRS 5 /* send at most this many copies; honour at most that many addresses */ @@ -55,6 +57,10 @@ struct hash_if; struct comm_if; struct comm_addr; struct priomsg; +struct log_if; +struct buffer_if; +struct sigpubkey_if; +struct sigprivkey_if; typedef char *string_t; typedef const char *cstring_t; @@ -387,9 +393,48 @@ extern init_module slip_module; extern init_module tun_module; extern init_module sha1_module; extern init_module log_module; +extern init_module privcache_module; /***** END of module support *****/ +/***** SIGNATURE SCHEMES *****/ + +struct sigscheme_info; + +typedef bool_t sigscheme_loadpub(const struct sigscheme_info *algo, + struct buffer_if *pubkeydata, + struct sigpubkey_if **sigpub_r, + struct log_if *log, struct cloc loc); + /* pubkeydata is (supposedly) for this algorithm. + * loadpub should log an error if it fails. + * pubkeydata may be modified (but not freed) */ + +typedef bool_t sigscheme_loadpriv(const struct sigscheme_info *algo, + struct buffer_if *privkeydata, + struct sigprivkey_if **sigpriv_r, + struct log_if *log); + /* privkeydata may contain data for any algorithm, not necessarily + * this one! If it is not for this algorithm, return False and do + * not log anything (other than at M_DEBUG). If it *is* for this + * algorithm but is wrong, log at M_ERROR. + * On entry privkeydata->base==start. loadpriv may modify base and + * size, but not anything else. So it may use unprepend and + * unappend. */ + +struct sigscheme_info { + const char *name; + const uint8_t algid; + sigscheme_loadpub *loadpub; + sigscheme_loadpriv *loadpriv; +}; + +extern const struct sigscheme_info rsa1_sigscheme; +extern const struct sigscheme_info sigschemes[]; /* sentinel has name==0 */ + +const struct sigscheme_info *sigscheme_lookup(const char *name); + +/***** END of signature schemes *****/ + /***** CLOSURE TYPES and interface definitions *****/ #define CL_PURE 0 @@ -406,6 +451,7 @@ extern init_module log_module; #define CL_HASH 12 #define CL_BUFFER 13 #define CL_NETLINK 14 +#define CL_PRIVCACHE 15 struct buffer_if; @@ -451,6 +497,8 @@ struct random_if { /* SIGPUBKEY interface */ typedef void sig_sethash_fn(void *st, struct hash_if *hash); +typedef void sig_dispose_fn(void *st); + typedef bool_t sig_unpick_fn(void *sst, struct buffer_if *msg, struct alg_msg_data *sig); typedef bool_t sig_checksig_fn(void *st, uint8_t *data, int32_t datalen, @@ -461,6 +509,7 @@ struct sigpubkey_if { sig_unpick_fn *unpick; sig_checksig_fn *check; const struct hash_if *hash; + sig_dispose_fn *dispose; }; /* SIGPRIVKEY interface */ @@ -474,6 +523,20 @@ struct sigprivkey_if { sig_sethash_fn *sethash; /* must be called before use, if non-0 */ sig_makesig_fn *sign; const struct hash_if *hash; + sig_dispose_fn *dispose; +}; + +/* PRIVCACHE interface */ + +typedef struct sigprivkey_if *privcache_lookup_fn(void *st, + const struct sigkeyid *id, + struct log_if*); + /* Return is valid only until you return from the current event! + * You do not need to call ->sethash. */ + +struct privcache_if { + void *st; + privcache_lookup_fn *lookup; }; /* COMM interface */