X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=secnet.h;h=7a93ce8147c39ff1f643e4e30a5708554c26228c;hb=ed72f5c5b371013c39fd3438b67a9e4d55544507;hp=8e5dad05d964b55cdfa9a0a735f753100b0690d6;hpb=8f828e0ffdab1adb6f28fd705c5830ef8f7ac2b4;p=secnet.git diff --git a/secnet.h b/secnet.h index 8e5dad0..7a93ce8 100644 --- a/secnet.h +++ b/secnet.h @@ -1,4 +1,22 @@ /* Core interface of secnet, to be used by all modules */ +/* + * This file is part of secnet. + * See README for full list of copyright holders. + * + * secnet is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * secnet is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 3 along with secnet; if not, see + * https://www.gnu.org/licenses/gpl.html. + */ #ifndef secnet_h #define secnet_h @@ -9,11 +27,14 @@ #include #include #include +#include +#include #include #include #include #include #include +#include #include #include #include @@ -24,11 +45,22 @@ #include +#include "osdep.h" + #define MAX_PEER_ADDRS 5 /* send at most this many copies; honour at most that many addresses */ +#define MAX_NAK_MSG 80 +#define MAX_SIG_KEYS 4 + +struct hash_if; struct comm_if; struct comm_addr; +struct priomsg; +struct log_if; +struct buffer_if; +struct sigpubkey_if; +struct sigprivkey_if; typedef char *string_t; typedef const char *cstring_t; @@ -45,6 +77,31 @@ union iaddr { #endif }; +#define GRPIDSZ 4 +#define ALGIDSZ 1 +#define KEYIDSZ (GRPIDSZ+ALGIDSZ) + /* Changing these is complex: this is the group id plus algo id */ + /* They are costructed by pubkeys.fl.pl. Also hardcoded in _PR_ */ +struct sigkeyid { uint8_t b[KEYIDSZ]; }; + +#define SIGKEYID_PR_FMT "%02x%02x%02x%02x%02x" +#define SIGKEYID_PR_VAL(id) /* SIGKEYID_PR_VAL(const sigkeyid *id) */ \ + ((id) == (const struct sigkeyid*)0, (id)->b[0]), \ + (id)->b[1],(id)->b[2],(id)->b[3],(id)->b[4] +static inline bool_t sigkeyid_equal(const struct sigkeyid *a, + const struct sigkeyid *b) { + return !memcmp(a->b, b->b, KEYIDSZ); +} + +#define SERIALSZ 4 +typedef uint32_t serialt; +static inline int serial_cmp(serialt a, serialt b) { + if (a==b) return 0; + if (!a) return -1; + if (!b) return +1; + return b-a <= (serialt)0x7fffffffUL ? +1 : -1; +} + #define ASSERT(x) do { if (!(x)) { fatal("assertion failed line %d file " \ __FILE__,__LINE__); } } while(0) @@ -153,6 +210,8 @@ extern uint32_t dict_read_number(dict_t *dict, cstring_t key, bool_t required, /* return value can safely be assigned to int32_t */ extern bool_t dict_read_bool(dict_t *dict, cstring_t key, bool_t required, cstring_t desc, struct cloc loc, bool_t def); +extern dict_t *dict_read_dict(dict_t *dict, cstring_t key, bool_t required, + cstring_t desc, struct cloc loc); const char **dict_read_string_array(dict_t *dict, cstring_t key, bool_t required, cstring_t desc, struct cloc loc, const char *const *def); @@ -334,16 +393,57 @@ extern init_module slip_module; extern init_module tun_module; extern init_module sha1_module; extern init_module log_module; +extern init_module privcache_module; /***** END of module support *****/ +/***** SIGNATURE SCHEMES *****/ + +struct sigscheme_info; + +typedef bool_t sigscheme_loadpub(const struct sigscheme_info *algo, + struct buffer_if *pubkeydata, + struct sigpubkey_if **sigpub_r, + struct log_if *log, struct cloc loc); + /* pubkeydata is (supposedly) for this algorithm. + * loadpub should log an error if it fails. + * pubkeydata may be modified (but not freed) */ + +typedef bool_t sigscheme_loadpriv(const struct sigscheme_info *algo, + struct buffer_if *privkeydata, + struct sigprivkey_if **sigpriv_r, + struct log_if *log, struct cloc loc); + /* privkeydata may contain data for any algorithm, not necessarily + * this one! If it is not for this algorithm, return False and do + * not log anything (other than at M_DEBUG). If it *is* for this + * algorithm but is wrong, log at M_ERROR. + * On entry privkeydata->base==start. loadpriv may modify base and + * size, but not anything else. So it may use unprepend and + * unappend. */ + +struct sigscheme_info { + const char *name; + const uint8_t algid; + sigscheme_loadpub *loadpub; + sigscheme_loadpriv *loadpriv; +}; + +extern const struct sigscheme_info rsa1_sigscheme; +extern const struct sigscheme_info sigschemes[]; /* sentinel has name==0 */ + +const struct sigscheme_info *sigscheme_lookup(const char *name); + +extern sigscheme_loadpriv rsa1_loadpriv; + +/***** END of signature schemes *****/ + /***** CLOSURE TYPES and interface definitions *****/ #define CL_PURE 0 #define CL_RESOLVER 1 #define CL_RANDOMSRC 2 -#define CL_RSAPUBKEY 3 -#define CL_RSAPRIVKEY 4 +#define CL_SIGPUBKEY 3 +#define CL_SIGPRIVKEY 4 #define CL_COMM 5 #define CL_IPIF 6 #define CL_LOG 7 @@ -353,9 +453,15 @@ extern init_module log_module; #define CL_HASH 12 #define CL_BUFFER 13 #define CL_NETLINK 14 +#define CL_PRIVCACHE 15 struct buffer_if; +struct alg_msg_data { + uint8_t *start; + int32_t len; +}; + /* PURE closure requires no interface */ /* RESOLVER interface */ @@ -381,8 +487,8 @@ struct resolver_if { /* RANDOMSRC interface */ -/* Return some random data. Returns TRUE for success. */ -typedef bool_t random_fn(void *st, int32_t bytes, uint8_t *buff); +/* Return some random data. Cannot fail. */ +typedef void random_fn(void *st, int32_t bytes, uint8_t *buff); struct random_if { void *st; @@ -390,21 +496,49 @@ struct random_if { random_fn *generate; }; -/* RSAPUBKEY interface */ +/* SIGPUBKEY interface */ + +typedef void sig_sethash_fn(void *st, struct hash_if *hash); +typedef void sig_dispose_fn(void *st); + +typedef bool_t sig_unpick_fn(void *sst, struct buffer_if *msg, + struct alg_msg_data *sig); +typedef bool_t sig_checksig_fn(void *st, uint8_t *data, int32_t datalen, + const struct alg_msg_data *sig); +struct sigpubkey_if { + void *st; + sig_sethash_fn *sethash; /* must be called before use, if non-0 */ + sig_unpick_fn *unpick; + sig_checksig_fn *check; + const struct hash_if *hash; + sig_dispose_fn *dispose; +}; + +/* SIGPRIVKEY interface */ -typedef bool_t rsa_checksig_fn(void *st, uint8_t *data, int32_t datalen, - cstring_t signature); -struct rsapubkey_if { +/* Appends the signature to msg. + * Can fail and returnn False, eg if the buffer is too small. */ +typedef bool_t sig_makesig_fn(void *st, uint8_t *data, int32_t datalen, + struct buffer_if *msg); +struct sigprivkey_if { void *st; - rsa_checksig_fn *check; + sig_sethash_fn *sethash; /* must be called before use, if non-0 */ + sig_makesig_fn *sign; + const struct hash_if *hash; + sig_dispose_fn *dispose; }; -/* RSAPRIVKEY interface */ +/* PRIVCACHE interface */ + +typedef struct sigprivkey_if *privcache_lookup_fn(void *st, + const struct sigkeyid *id, + struct log_if*); + /* Return is valid only until you return from the current event! + * You do not need to call ->sethash. */ -typedef string_t rsa_makesig_fn(void *st, uint8_t *data, int32_t datalen); -struct rsaprivkey_if { +struct privcache_if { void *st; - rsa_makesig_fn *sign; + privcache_lookup_fn *lookup; }; /* COMM interface */ @@ -417,16 +551,34 @@ struct comm_addr { int ix; /* see comment `Re comm_addr.ix' in udp.c */ }; +struct comm_clientinfo; /* private for comm */ + +typedef struct comm_clientinfo *comm_clientinfo_fn(void *state, dict_t*, + struct cloc cloc); +/* A comm client may call this during configuration, and then pass + * the resulting comm_clientinfo* to some or all sendmsg calls. + * The semantics depend on the dict and defined by the comm, and + * should be documented in README. */ + +enum { + comm_notify_whynot_general, + comm_notify_whynot_unpick, + comm_notify_whynot_name_local, + comm_notify_whynot_name_remote, +}; + /* Return True if the packet was processed, and shouldn't be passed to any other potential receivers. (buf is freed iff True returned.) */ typedef bool_t comm_notify_fn(void *state, struct buffer_if *buf, - const struct comm_addr *source); + const struct comm_addr *source, + struct priomsg *whynot); typedef void comm_request_notify_fn(void *commst, void *nst, comm_notify_fn *fn); typedef void comm_release_notify_fn(void *commst, void *nst, comm_notify_fn *fn); typedef bool_t comm_sendmsg_fn(void *commst, struct buffer_if *buf, - const struct comm_addr *dest); + const struct comm_addr *dest, + struct comm_clientinfo* /* 0 OK */); /* Only returns false if (we know that) the local network * environment is such that this address cannot work; transient * or unknown/unexpected failures return true. */ @@ -435,6 +587,7 @@ typedef const char *comm_addr_to_string_fn(void *commst, /* Returned string is in a static buffer. */ struct comm_if { void *st; + comm_clientinfo_fn *clientinfo; comm_request_notify_fn *request_notify; comm_release_notify_fn *release_notify; comm_sendmsg_fn *sendmsg; @@ -511,13 +664,24 @@ typedef bool_t transform_setkey_fn(void *st, uint8_t *key, int32_t keylen, typedef bool_t transform_valid_fn(void *st); /* 0: no key; 1: ok */ typedef void transform_delkey_fn(void *st); typedef void transform_destroyinstance_fn(void *st); -/* Returns: - * 0: all is well - * 1: for any other problem - * 2: message decrypted but sequence number was out of range - */ -typedef uint32_t transform_apply_fn(void *st, struct buffer_if *buf, - const char **errmsg); + +typedef enum { + transform_apply_ok = 0, /* all is well (everyone may assume==0) */ + transform_apply_err = 1, /* any other problem */ + transform_apply_seqrange = 2, + /* message decrypted but sequence number was out of recent range */ + transform_apply_seqdupe = 3, + /* message decrypted but was dupe of recent packet */ +} transform_apply_return; + +static inline bool_t +transform_apply_return_badseq(transform_apply_return problem) { + return problem == transform_apply_seqrange || + problem == transform_apply_seqdupe; +} + +typedef transform_apply_return transform_apply_fn(void *st, + struct buffer_if *buf, const char **errmsg); struct transform_inst_if { void *st; @@ -531,7 +695,7 @@ struct transform_inst_if { struct transform_if { void *st; - int capab_transformnum; + int capab_bit; int32_t keylen; /* <<< INT_MAX */ transform_createinstance_fn *create; }; @@ -585,11 +749,12 @@ struct dh_if { /* HASH interface */ -typedef void *hash_init_fn(void); +typedef void hash_init_fn(void *st /* slen bytes alloc'd by caller */); typedef void hash_update_fn(void *st, const void *buf, int32_t len); -typedef void hash_final_fn(void *st, uint8_t *digest); +typedef void hash_final_fn(void *st, uint8_t *digest /* hlen bytes */); struct hash_if { - int32_t len; /* Hash output length in bytes */ + int32_t slen; /* State length in bytes */ + int32_t hlen; /* Hash output length in bytes */ hash_init_fn *init; hash_update_fn *update; hash_final_fn *final; @@ -600,7 +765,6 @@ struct hash_if { struct buffer_if { bool_t free; cstring_t owner; /* Set to constant string */ - uint32_t flags; /* How paranoid should we be? */ struct cloc loc; /* Where we were defined */ uint8_t *base; uint8_t *start; @@ -670,7 +834,7 @@ extern void log_from_fd(int fd, cstring_t prefix, struct log_if *log); * void COPY_OBJ( OBJECT& dst, const OBJECT& src); * void COPY_ARRAY(OBJECT *dst, const OBJECT *src, INTEGER count); * // Typesafe: we check that the type OBJECT is the same in both cases. - * // It is OK to use COPY_OBJ on an array object, provided it's + * // It is OK to use COPY_OBJ on an array object, provided dst is * // _actually_ the whole array object and not decayed into a * // pointer (e.g. a formal parameter). */