X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=secnet.h;h=30a171d4da262160443b9029c1c137fe8f69e027;hb=16339fe17a2a565da0628be523f6ef8ca907f3f5;hp=77ba017bbbdb1bf9b7f86581f7bcb95d35954f3d;hpb=cd8a1c31b9aab10493806953a077c4a75fb91104;p=secnet.git diff --git a/secnet.h b/secnet.h index 77ba017..30a171d 100644 --- a/secnet.h +++ b/secnet.h @@ -45,6 +45,8 @@ #include +#include "osdep.h" + #define MAX_PEER_ADDRS 5 /* send at most this many copies; honour at most that many addresses */ @@ -55,6 +57,10 @@ struct hash_if; struct comm_if; struct comm_addr; struct priomsg; +struct log_if; +struct buffer_if; +struct sigpubkey_if; +struct sigprivkey_if; typedef char *string_t; typedef const char *cstring_t; @@ -387,9 +393,51 @@ extern init_module slip_module; extern init_module tun_module; extern init_module sha1_module; extern init_module log_module; +extern init_module privcache_module; /***** END of module support *****/ +/***** SIGNATURE SCHEMES *****/ + +struct sigscheme_info; + +typedef bool_t sigscheme_loadpub(const struct sigscheme_info *algo, + struct buffer_if *pubkeydata, + struct sigpubkey_if **sigpub_r, + struct log_if *log, struct cloc loc); + /* pubkeydata is (supposedly) for this algorithm. + * loadpub should log an error if it fails. + * pubkeydata may be modified (but not freed) */ + +typedef bool_t sigscheme_loadpriv(const struct sigscheme_info *algo, + struct buffer_if *privkeydata, + struct sigprivkey_if **sigpriv_r, + struct log_if *log, struct cloc loc); + /* Ideally, check whether privkeydata contains data for any algorithm. + * That avoids security problems if a key file is misidentified (which + * might happen if the file is simply renamed). + * If there is an error (including that the key data is not for this + * algorithm, return False and log an error at M_ERROR. + * On entry privkeydata->base==start. loadpriv may modify + * privkeydata, including the contents. */ + +struct sigscheme_info { + const char *name; + const uint8_t algid; + sigscheme_loadpub *loadpub; + sigscheme_loadpriv *loadpriv; +}; + +extern const struct sigscheme_info rsa1_sigscheme; +extern const struct sigscheme_info sigschemes[]; /* sentinel has name==0 */ + +const struct sigscheme_info *sigscheme_lookup(const char *name); + +extern sigscheme_loadpriv rsa1_loadpriv; +extern sigscheme_loadpub rsa1_loadpub; + +/***** END of signature schemes *****/ + /***** CLOSURE TYPES and interface definitions *****/ #define CL_PURE 0 @@ -406,6 +454,7 @@ extern init_module log_module; #define CL_HASH 12 #define CL_BUFFER 13 #define CL_NETLINK 14 +#define CL_PRIVCACHE 15 struct buffer_if; @@ -480,6 +529,19 @@ struct sigprivkey_if { sig_dispose_fn *dispose; }; +/* PRIVCACHE interface */ + +typedef struct sigprivkey_if *privcache_lookup_fn(void *st, + const struct sigkeyid *id, + struct log_if*); + /* Return is valid only until you return from the current event! + * You do not need to call ->sethash. */ + +struct privcache_if { + void *st; + privcache_lookup_fn *lookup; +}; + /* COMM interface */ struct comm_addr {