Fix logrotate script.

[tripe] / tripe-protocol.h

/* -*-c-*-
 *
 * $Id: tripe-protocol.h,v 1.1 2003/10/15 09:30:18 mdw Exp $
 *
 * Protocol definition for TrIPE
 *
 * (c) 2003 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------* 
 *
 * This file is part of Trivial IP Encryption (TrIPE).
 *
 * TrIPE is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 * 
 * TrIPE is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with TrIPE; if not, write to the Free Software Foundation,
 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 */

/*----- Revision history --------------------------------------------------* 
 *
 * $Log: tripe-protocol.h,v $
 * Revision 1.1  2003/10/15 09:30:18  mdw
 * Add support for Ethereal protocol analysis.
 *
 */

#ifndef TRIPE_PROTOCOL_H
#define TRIPE_PROTOCOL_H

/*----- TrIPE protocol ----------------------------------------------------*/

/* --- TrIPE message format --- *
 *
 * A packet begins with a single-byte message type.  The top four bits are a
 * category code used to send the message to the right general place in the
 * code; the bottom bits identify the actual message type.
 */

#define MSG_CATMASK 0xf0
#define MSG_TYPEMASK 0x0f

/* --- Encrypted message packets --- *
 *
 * Messages of category @MSG_PACKET@ contain encrypted network packets.  The
 * message content is a symmetric-encrypted block (see below).  Reception of
 * a packet encrypted under a new key implicitly permits that key to be used
 * to send further packets.
 *
 * The only packet type accepted is zero.
 *
 * Packets may be encrypted under any live keyset, but should use the most
 * recent one.
 */

#define MSG_PACKET 0x00

/* --- Key exchange packets --- */

#define MSG_KEYEXCH 0x10

#define KX_PRECHAL 0u
#define KX_COOKIE 1u
#define KX_CHAL 2u
#define KX_REPLY 3u
#define KX_SWITCH 4u
#define KX_SWITCHOK 5u
#define KX_NMSG 6u

/* --- Symmetric encryption and keysets --- *
 *
 * Packets consist of an 80-bit MAC, a 32-bit sequence number, and the
 * encrypted payload.
 *
 * The plaintext is encrypted using Blowfish in CBC mode with ciphertext
 * stealing (as described in [Schneier].  The initialization vector is
 * selected randomly, and prepended to the actual ciphertext.
 *
 * The MAC is computed using the HMAC construction with RIPEMD160 over the
 * sequence number and the ciphertext (with IV); the first 80 bits of the
 * output are used.  (This is the minimum allowed by the draft FIPS for HMAC,
 * and the recommended truncation.)
 *
 * A keyset consists of
 *
 *   * an integrity (MAC) key;
 *   * a confidentiality (encryption) key; and
 *   * a sequence numbering space
 *
 * in each direction.  The packets sent by a host encrypted under a
 * particular keyset are assigned consecutive sequence numbers starting from
 * zero.  The receiving host must ensure that it only accepts each packet at
 * most once.  It should maintain a window of sequence numbers: packets with
 * numbers beyond the end of the window are accepted and cause the window to
 * be advanced; packets with numbers before the start of the window are
 * rejected; packets with numbers which appear within the window are accepted
 * only if the number has not been seen before.
 *
 * When a host sends a @KX_SWITCH@ or @KX_SWITCHOK@ message, it installs the
 * newly-negotiated keyset in a `listen-only' state: it may not send a packet
 * encrypted under the keyset until either it has received a @KX_SWITCH@ or
 * @KX_SWITCHOK@ message, or a @MSG_PACKET@ encrypted under the keyset, from
 * its peer.
 */

/*----- That's all, folks -------------------------------------------------*/

#endif