X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=secnet.h;h=bd4362e1400fd30608f954a193dc3f8ac01da9e5;hb=403cdd364693a05c700f04085fc05dbf575d97ef;hp=63307ac0f4d33b44fd1ed16997e02aba922f16bd;hpb=cb6dee014612526d8127fee843b71d932968c059;p=secnet.git

diff --git a/secnet.h b/secnet.h
index 63307ac..bd4362e 100644
--- a/secnet.h
+++ b/secnet.h
@@ -5,7 +5,7 @@
  *
  * secnet is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version d of the License, or
+ * the Free Software Foundation; either version 3 of the License, or
  * (at your option) any later version.
  * 
  * secnet is distributed in the hope that it will be useful, but
@@ -32,6 +32,7 @@
 #include <fcntl.h>
 #include <unistd.h>
 #include <errno.h>
+#include <limits.h>
 #include <fnmatch.h>
 #include <sys/poll.h>
 #include <sys/types.h>
@@ -362,8 +363,8 @@ extern init_module log_module;
 #define CL_PURE         0
 #define CL_RESOLVER     1
 #define CL_RANDOMSRC    2
-#define CL_RSAPUBKEY    3
-#define CL_RSAPRIVKEY   4
+#define CL_SIGPUBKEY    3
+#define CL_SIGPRIVKEY   4
 #define CL_COMM         5
 #define CL_IPIF         6
 #define CL_LOG          7
@@ -401,8 +402,8 @@ struct resolver_if {
 
 /* RANDOMSRC interface */
 
-/* Return some random data. Returns TRUE for success. */
-typedef bool_t random_fn(void *st, int32_t bytes, uint8_t *buff);
+/* Return some random data. Cannot fail. */
+typedef void random_fn(void *st, int32_t bytes, uint8_t *buff);
 
 struct random_if {
     void *st;
@@ -410,21 +411,24 @@ struct random_if {
     random_fn *generate;
 };
 
-/* RSAPUBKEY interface */
+/* SIGPUBKEY interface */
 
-typedef bool_t rsa_checksig_fn(void *st, uint8_t *data, int32_t datalen,
+typedef bool_t sig_checksig_fn(void *st, uint8_t *data, int32_t datalen,
 			       cstring_t signature);
-struct rsapubkey_if {
+struct sigpubkey_if {
     void *st;
-    rsa_checksig_fn *check;
+    sig_checksig_fn *check;
 };
 
-/* RSAPRIVKEY interface */
+/* SIGPRIVKEY interface */
 
-typedef string_t rsa_makesig_fn(void *st, uint8_t *data, int32_t datalen);
-struct rsaprivkey_if {
+/* Appends the signature to msg.
+ * Can fail and returnn False, eg if the buffer is too small. */
+typedef bool_t sig_makesig_fn(void *st, uint8_t *data, int32_t datalen,
+			      struct buffer_if *msg);
+struct sigprivkey_if {
     void *st;
-    rsa_makesig_fn *sign;
+    sig_makesig_fn *sign;
 };
 
 /* COMM interface */
@@ -437,6 +441,15 @@ struct comm_addr {
     int ix; /* see comment `Re comm_addr.ix' in udp.c */
 };
 
+struct comm_clientinfo; /* private for comm */
+
+typedef struct comm_clientinfo *comm_clientinfo_fn(void *state, dict_t*,
+						   struct cloc cloc);
+/* A comm client may call this during configuration, and then pass
+ * the resulting comm_clientinfo* to some or all sendmsg calls.
+ * The semantics depend on the dict and defined by the comm, and
+ * should be documented in README. */
+
 /* Return True if the packet was processed, and shouldn't be passed to
    any other potential receivers. (buf is freed iff True returned.) */
 typedef bool_t comm_notify_fn(void *state, struct buffer_if *buf,
@@ -446,7 +459,8 @@ typedef void comm_request_notify_fn(void *commst, void *nst,
 typedef void comm_release_notify_fn(void *commst, void *nst,
 				    comm_notify_fn *fn);
 typedef bool_t comm_sendmsg_fn(void *commst, struct buffer_if *buf,
-			       const struct comm_addr *dest);
+			       const struct comm_addr *dest,
+			       struct comm_clientinfo* /* 0 OK */);
   /* Only returns false if (we know that) the local network
    * environment is such that this address cannot work; transient
    * or unknown/unexpected failures return true. */
@@ -455,6 +469,7 @@ typedef const char *comm_addr_to_string_fn(void *commst,
         /* Returned string is in a static buffer. */
 struct comm_if {
     void *st;
+    comm_clientinfo_fn *clientinfo;
     comm_request_notify_fn *request_notify;
     comm_release_notify_fn *release_notify;
     comm_sendmsg_fn *sendmsg;
@@ -531,13 +546,24 @@ typedef bool_t transform_setkey_fn(void *st, uint8_t *key, int32_t keylen,
 typedef bool_t transform_valid_fn(void *st); /* 0: no key; 1: ok */
 typedef void transform_delkey_fn(void *st);
 typedef void transform_destroyinstance_fn(void *st);
-/* Returns:
- *   0: all is well
- *   1: for any other problem
- *   2: message decrypted but sequence number was out of range
- */
-typedef uint32_t transform_apply_fn(void *st, struct buffer_if *buf,
-				    const char **errmsg);
+
+typedef enum {
+    transform_apply_ok       = 0, /* all is well (everyone may assume==0) */
+    transform_apply_err      = 1, /* any other problem */
+    transform_apply_seqrange = 2,
+        /* message decrypted but sequence number was out of recent range */
+    transform_apply_seqdupe  = 3,
+        /* message decrypted but was dupe of recent packet */
+} transform_apply_return;
+
+static inline bool_t
+transform_apply_return_badseq(transform_apply_return problem) {
+    return problem == transform_apply_seqrange ||
+	   problem == transform_apply_seqdupe;
+}
+
+typedef transform_apply_return transform_apply_fn(void *st,
+        struct buffer_if *buf, const char **errmsg);
 
 struct transform_inst_if {
     void *st;
@@ -551,7 +577,7 @@ struct transform_inst_if {
 
 struct transform_if {
     void *st;
-    int capab_transformnum;
+    int capab_bit;
     int32_t keylen; /* <<< INT_MAX */
     transform_createinstance_fn *create;
 };