410c8acf |
1 | /* -*-c-*- |
2 | * |
7ed14135 |
3 | * $Id: tripe.h,v 1.16 2003/07/13 11:19:49 mdw Exp $ |
410c8acf |
4 | * |
5 | * Main header file for TrIPE |
6 | * |
7 | * (c) 2001 Straylight/Edgeware |
8 | */ |
9 | |
10 | /*----- Licensing notice --------------------------------------------------* |
11 | * |
12 | * This file is part of Trivial IP Encryption (TrIPE). |
13 | * |
14 | * TrIPE is free software; you can redistribute it and/or modify |
15 | * it under the terms of the GNU General Public License as published by |
16 | * the Free Software Foundation; either version 2 of the License, or |
17 | * (at your option) any later version. |
18 | * |
19 | * TrIPE is distributed in the hope that it will be useful, |
20 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
21 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
22 | * GNU General Public License for more details. |
23 | * |
24 | * You should have received a copy of the GNU General Public License |
25 | * along with TrIPE; if not, write to the Free Software Foundation, |
26 | * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
27 | */ |
28 | |
29 | /*----- Revision history --------------------------------------------------* |
30 | * |
31 | * $Log: tripe.h,v $ |
7ed14135 |
32 | * Revision 1.16 2003/07/13 11:19:49 mdw |
33 | * Incopatible protocol fix! Include message type code under MAC tag to prevent |
34 | * cut-and-paste from key-exchange messages to general packet transport. |
35 | * |
767b36e2 |
36 | * Revision 1.15 2003/05/16 12:09:03 mdw |
37 | * Allow binding to a chosen address. |
38 | * |
110d564e |
39 | * Revision 1.14 2003/04/06 10:36:33 mdw |
40 | * Rearrange so as not to include Linux headers unless we need to. |
41 | * |
9466fafa |
42 | * Revision 1.13 2003/04/06 10:26:35 mdw |
43 | * Report peer name on decrypt errors. |
44 | * |
37075862 |
45 | * Revision 1.12 2003/04/06 10:25:17 mdw |
46 | * Support Linux TUN/TAP device. Fix some bugs. |
47 | * |
17f0adc1 |
48 | * Revision 1.11 2002/01/13 14:57:42 mdw |
49 | * Fix crap typo. |
50 | * |
1d27afe6 |
51 | * Revision 1.10 2002/01/13 14:54:58 mdw |
52 | * Provide MGF macros. |
53 | * |
00e64b67 |
54 | * Revision 1.9 2001/06/22 19:40:36 mdw |
55 | * Support expiry of other peers' public keys. |
56 | * |
aeeb5611 |
57 | * Revision 1.8 2001/06/19 22:10:57 mdw |
58 | * Some more constants for the algorithms. Document the packet format |
59 | * change for non-malleability. Moved @buf@ definitions to separate header |
60 | * file. |
61 | * |
52307fee |
62 | * Revision 1.7 2001/03/03 12:07:08 mdw |
63 | * Rename word get and put functions now that there's 16-bit support. |
64 | * |
fd3cf232 |
65 | * Revision 1.6 2001/02/19 19:11:09 mdw |
66 | * Output buffering on admin connections. |
67 | * |
832a2ab6 |
68 | * Revision 1.5 2001/02/16 21:41:43 mdw |
69 | * Major changes. See source files for details. |
70 | * |
1484d822 |
71 | * Revision 1.4 2001/02/05 19:56:37 mdw |
72 | * Sequence number protection, and BSD tunnels. |
73 | * |
73189848 |
74 | * Revision 1.3 2001/02/04 01:17:55 mdw |
75 | * Create a configuration header file to tidy up command lines. |
76 | * |
8d0c7a83 |
77 | * Revision 1.2 2001/02/03 22:40:29 mdw |
78 | * Put timer information into the entropy pool when packets are received |
79 | * and on similar events. Reseed the generator on the interval timer. |
80 | * |
410c8acf |
81 | * Revision 1.1 2001/02/03 20:26:37 mdw |
82 | * Initial checkin. |
83 | * |
84 | */ |
85 | |
86 | #ifndef TRIPE_H |
87 | #define TRIPE_H |
88 | |
89 | #ifdef __cplusplus |
90 | extern "C" { |
91 | #endif |
92 | |
93 | /*----- Header files ------------------------------------------------------*/ |
94 | |
73189848 |
95 | #include "config.h" |
96 | |
410c8acf |
97 | #include <assert.h> |
98 | #include <ctype.h> |
99 | #include <errno.h> |
100 | #include <signal.h> |
101 | #include <stdarg.h> |
102 | #include <stddef.h> |
103 | #include <stdio.h> |
104 | #include <stdlib.h> |
105 | #include <string.h> |
106 | #include <time.h> |
107 | |
108 | #include <sys/types.h> |
109 | #include <sys/time.h> |
110 | #include <unistd.h> |
111 | #include <fcntl.h> |
112 | #include <sys/stat.h> |
113 | |
114 | #include <sys/socket.h> |
115 | #include <sys/un.h> |
116 | #include <netinet/in.h> |
117 | #include <arpa/inet.h> |
118 | #include <netdb.h> |
119 | |
120 | #include <pwd.h> |
121 | #include <grp.h> |
122 | |
123 | #include <mLib/alloc.h> |
124 | #include <mLib/arena.h> |
125 | #include <mLib/bres.h> |
126 | #include <mLib/dstr.h> |
127 | #include <mLib/env.h> |
128 | #include <mLib/fdflags.h> |
129 | #include <mLib/fwatch.h> |
130 | #include <mLib/mdwopt.h> |
131 | #include <mLib/quis.h> |
132 | #include <mLib/report.h> |
133 | #include <mLib/sel.h> |
134 | #include <mLib/selbuf.h> |
135 | #include <mLib/sig.h> |
136 | #include <mLib/str.h> |
137 | #include <mLib/sub.h> |
138 | #include <mLib/trace.h> |
139 | |
140 | #include <catacomb/gcipher.h> |
141 | #include <catacomb/gmac.h> |
142 | #include <catacomb/grand.h> |
143 | #include <catacomb/key.h> |
144 | #include <catacomb/paranoia.h> |
145 | |
410c8acf |
146 | #include <catacomb/noise.h> |
147 | #include <catacomb/rand.h> |
410c8acf |
148 | |
149 | #include <catacomb/mp.h> |
150 | #include <catacomb/mpmont.h> |
151 | #include <catacomb/mprand.h> |
152 | #include <catacomb/dh.h> |
153 | |
aeeb5611 |
154 | #include "buf.h" |
410c8acf |
155 | #include "util.h" |
156 | |
157 | #undef sun |
158 | |
159 | /*----- Magic numbers -----------------------------------------------------*/ |
160 | |
161 | /* --- Tunnel types --- */ |
162 | |
163 | #define TUN_NOTDEF 0 |
164 | #define TUN_UNET 1 |
165 | #define TUN_BSD 2 |
37075862 |
166 | #define TUN_LINUX 3 |
410c8acf |
167 | |
168 | /* --- Trace flags --- */ |
169 | |
170 | #define T_TUNNEL 1u |
171 | #define T_PEER 2u |
172 | #define T_PACKET 4u |
173 | #define T_ADMIN 8u |
174 | #define T_CRYPTO 16u |
175 | #define T_KEYSET 32u |
176 | #define T_KEYEXCH 64u |
177 | #define T_KEYMGMT 128u |
178 | |
179 | #define T_ALL 255u |
180 | |
181 | /* --- Units --- */ |
182 | |
183 | #define SEC(n) (n##u) |
184 | #define MIN(n) (n##u * 60u) |
185 | #define MEG(n) (n##ul * 1024ul * 1024ul) |
186 | |
187 | /* --- Other things --- */ |
188 | |
189 | #define PKBUFSZ 65536 |
190 | |
191 | /*----- TrIPE protocol ----------------------------------------------------*/ |
192 | |
832a2ab6 |
193 | /* --- TrIPE message format --- * |
410c8acf |
194 | * |
832a2ab6 |
195 | * A packet begins with a single-byte message type. The top four bits are a |
196 | * category code used to send the message to the right general place in the |
197 | * code; the bottom bits identify the actual message type. |
410c8acf |
198 | */ |
199 | |
832a2ab6 |
200 | #define MSG_CATMASK 0xf0 |
201 | #define MSG_TYPEMASK 0x0f |
410c8acf |
202 | |
832a2ab6 |
203 | /* --- Encrypted message packets --- * |
204 | * |
205 | * Messages of category @MSG_PACKET@ contain encrypted network packets. The |
206 | * message content is a symmetric-encrypted block (see below). Reception of |
207 | * a packet encrypted under a new key implicitly permits that key to be used |
208 | * to send further packets. |
209 | * |
210 | * The only packet type accepted is zero. |
211 | * |
212 | * Packets may be encrypted under any live keyset, but should use the most |
213 | * recent one. |
410c8acf |
214 | */ |
215 | |
832a2ab6 |
216 | #define MSG_PACKET 0x00 |
217 | |
218 | /* --- Key exchange packets --- */ |
219 | |
220 | #define MSG_KEYEXCH 0x10 |
221 | |
222 | #define KX_PRECHAL 0u |
223 | #define KX_COOKIE 1u |
224 | #define KX_CHAL 2u |
225 | #define KX_REPLY 3u |
226 | #define KX_SWITCH 4u |
227 | #define KX_SWITCHOK 5u |
228 | #define KX_NMSG 6u |
410c8acf |
229 | |
832a2ab6 |
230 | /* --- Symmetric encryption and keysets --- * |
231 | * |
aeeb5611 |
232 | * Packets consist of an 80-bit MAC, a 32-bit sequence number, and the |
832a2ab6 |
233 | * encrypted payload. |
234 | * |
832a2ab6 |
235 | * The plaintext is encrypted using Blowfish in CBC mode with ciphertext |
236 | * stealing (as described in [Schneier]. The initialization vector is |
aeeb5611 |
237 | * selected randomly, and prepended to the actual ciphertext. |
238 | * |
239 | * The MAC is computed using the HMAC construction with RIPEMD160 over the |
17f0adc1 |
240 | * sequence number and the ciphertext (with IV); the first 80 bits of the |
aeeb5611 |
241 | * output are used. (This is the minimum allowed by the draft FIPS for HMAC, |
242 | * and the recommended truncation.) |
832a2ab6 |
243 | * |
244 | * A keyset consists of |
245 | * |
246 | * * an integrity (MAC) key; |
247 | * * a confidentiality (encryption) key; and |
248 | * * a sequence numbering space |
249 | * |
250 | * in each direction. The packets sent by a host encrypted under a |
251 | * particular keyset are assigned consecutive sequence numbers starting from |
252 | * zero. The receiving host must ensure that it only accepts each packet at |
253 | * most once. It should maintain a window of sequence numbers: packets with |
254 | * numbers beyond the end of the window are accepted and cause the window to |
255 | * be advanced; packets with numbers before the start of the window are |
256 | * rejected; packets with numbers which appear within the window are accepted |
257 | * only if the number has not been seen before. |
258 | * |
259 | * When a host sends a @KX_SWITCH@ or @KX_SWITCHOK@ message, it installs the |
260 | * newly-negotiated keyset in a `listen-only' state: it may not send a packet |
261 | * encrypted under the keyset until either it has received a @KX_SWITCH@ or |
262 | * @KX_SWITCHOK@ message, or a @MSG_PACKET@ encrypted under the keyset, from |
263 | * its peer. |
410c8acf |
264 | */ |
265 | |
832a2ab6 |
266 | /*----- Cipher selections -------------------------------------------------*/ |
267 | |
268 | #include <catacomb/blowfish.h> |
269 | #include <catacomb/blowfish-cbc.h> |
1d27afe6 |
270 | #include <catacomb/blowfish-counter.h> |
832a2ab6 |
271 | #include <catacomb/rmd160.h> |
272 | #include <catacomb/rmd160-hmac.h> |
273 | |
274 | #define CIPHER (&blowfish_cbc) |
275 | #define MAC (&rmd160_hmac) |
276 | |
277 | #define HASH_CTX rmd160_ctx |
278 | #define HASH_INIT rmd160_init |
279 | #define HASH rmd160_hash |
280 | #define HASH_STRING(c, s) HASH((c), s, sizeof(s)) |
281 | #define HASH_DONE rmd160_done |
282 | #define HASHSZ RMD160_HASHSZ |
283 | |
1d27afe6 |
284 | #define MGF_CTX blowfish_counterctx |
285 | #define MGF_INIT blowfish_counterinit |
286 | #define MGF_CRYPT blowfish_counterencrypt |
287 | |
aeeb5611 |
288 | #define SEQSZ 4 |
289 | #define IVSZ BLOWFISH_BLKSZ |
290 | #define MACSZ 10 |
410c8acf |
291 | |
aeeb5611 |
292 | /*----- Data structures ---------------------------------------------------*/ |
410c8acf |
293 | |
294 | /* --- Socket addresses --- * |
295 | * |
296 | * A magic union of supported socket addresses. |
297 | */ |
298 | |
299 | typedef union addr { |
300 | struct sockaddr sa; |
301 | struct sockaddr_in sin; |
302 | } addr; |
303 | |
304 | /* --- A symmetric keyset --- * |
305 | * |
306 | * A keyset contains a set of symmetric keys for encrypting and decrypting |
307 | * packets. Keysets are stored in a list, sorted in reverse order of |
308 | * creation, so that the most recent keyset (the one most likely to be used) |
309 | * is first. |
310 | * |
311 | * Each keyset has a time limit and a data limit. The keyset is destroyed |
312 | * when either it has existed for too long, or it has been used to encrypt |
313 | * too much data. New key exchanges are triggered when keys are close to |
314 | * expiry. |
315 | */ |
316 | |
317 | typedef struct keyset { |
318 | struct keyset *next; /* Next active keyset in the list */ |
832a2ab6 |
319 | unsigned ref; /* Reference count for keyset */ |
9466fafa |
320 | struct peer *p; /* Pointer to peer structure */ |
410c8acf |
321 | time_t t_exp; /* Expiry time for this keyset */ |
322 | unsigned long sz_exp; /* Data limit for the keyset */ |
832a2ab6 |
323 | T( unsigned seq; ) /* Sequence number for tracing */ |
324 | unsigned f; /* Various useful flags */ |
325 | gcipher *cin, *cout; /* Keyset ciphers for encryption */ |
326 | gmac *min, *mout; /* Keyset MACs for integrity */ |
1484d822 |
327 | uint32 oseq; /* Outbound sequence number */ |
328 | uint32 iseq, iwin; /* Inbound sequence number */ |
410c8acf |
329 | } keyset; |
330 | |
1484d822 |
331 | #define KS_SEQWINSZ 32 /* Bits in sequence number window */ |
332 | |
832a2ab6 |
333 | #define KSF_LISTEN 1u /* Don't encrypt packets yet */ |
334 | #define KSF_LINK 2u /* Key is in a linked list */ |
335 | |
410c8acf |
336 | /* --- Key exchange --- * |
337 | * |
338 | * TrIPE uses the Wrestlers Protocol for its key exchange. The Wrestlers |
339 | * Protocol has a number of desirable features (e.g., perfect forward |
340 | * secrecy, and zero-knowledge authentication) which make it attractive for |
341 | * use in TrIPE. The Wrestlers Protocol was designed by Mark Wooding and |
342 | * Clive Jones. |
343 | */ |
344 | |
832a2ab6 |
345 | #define KX_NCHAL 16u |
346 | #define KX_THRESH 4u |
347 | |
348 | typedef struct kxchal { |
349 | struct keyexch *kx; /* Pointer back to key exchange */ |
350 | mp *c; /* Responder's challenge */ |
351 | mp *r; /* My reply to the challenge */ |
352 | keyset *ks; /* Pointer to temporary keyset */ |
353 | unsigned f; /* Various useful flags */ |
354 | sel_timer t; /* Response timer for challenge */ |
355 | octet hc[HASHSZ]; /* Hash of his challenge */ |
1d27afe6 |
356 | mp *ck; /* The check value */ |
832a2ab6 |
357 | octet hswrq_in[HASHSZ]; /* Inbound switch request message */ |
358 | octet hswok_in[HASHSZ]; /* Inbound switch confirmation */ |
359 | octet hswrq_out[HASHSZ]; /* Outbound switch request message */ |
360 | octet hswok_out[HASHSZ]; /* Outbound switch confirmation */ |
361 | } kxchal; |
362 | |
410c8acf |
363 | typedef struct keyexch { |
410c8acf |
364 | struct peer *p; /* Pointer back to the peer */ |
832a2ab6 |
365 | keyset **ks; /* Peer's list of keysets */ |
410c8acf |
366 | unsigned f; /* Various useful flags */ |
832a2ab6 |
367 | unsigned s; /* Current state in exchange */ |
410c8acf |
368 | sel_timer t; /* Timer for next exchange */ |
369 | dh_pub kpub; /* Peer's public key */ |
00e64b67 |
370 | time_t texp_kpub; /* Expiry time for public key */ |
832a2ab6 |
371 | mp *alpha; /* My temporary secret */ |
372 | mp *c; /* My challenge */ |
373 | mp *rx; /* The expected response */ |
374 | unsigned nr; /* Number of extant responses */ |
410c8acf |
375 | time_t t_valid; /* When this exchange goes bad */ |
832a2ab6 |
376 | octet hc[HASHSZ]; /* Hash of my challenge */ |
377 | kxchal *r[KX_NCHAL]; /* Array of challenges */ |
410c8acf |
378 | } keyexch; |
379 | |
380 | #define KXF_TIMER 1u /* Waiting for a timer to go off */ |
00e64b67 |
381 | #define KXF_DEAD 2u /* The key-exchanger isn't up */ |
382 | #define KXF_PUBKEY 4u /* Key exchanger has a public key */ |
832a2ab6 |
383 | |
384 | enum { |
385 | KXS_DEAD, /* Uninitialized state (magical) */ |
386 | KXS_CHAL, /* Main answer-challenges state */ |
387 | KXS_COMMIT, /* Committed: send switch request */ |
388 | KXS_SWITCH /* Switched: send confirmation */ |
389 | }; |
410c8acf |
390 | |
391 | /* --- Tunnel structure --- * |
392 | * |
393 | * Used to maintain system-specific information about the tunnel interface. |
394 | */ |
395 | |
110d564e |
396 | #if TUN_TYPE == TUN_LINUX |
397 | # include <linux/if.h> |
398 | # include <linux/if_tun.h> |
399 | #endif |
400 | |
410c8acf |
401 | typedef struct tunnel { |
37075862 |
402 | #if TUN_TYPE == TUN_UNET |
410c8acf |
403 | sel_file f; /* Selector for Usernet device */ |
404 | struct peer *p; /* Pointer to my peer */ |
37075862 |
405 | #elif TUN_TYPE == TUN_LINUX |
406 | sel_file f; /* Selector for TUN/TAP device */ |
407 | struct peer *p; /* Pointer to my peer */ |
408 | char ifn[IFNAMSIZ]; /* Interface name buffer */ |
1484d822 |
409 | #elif TUN_TYPE == TUN_BSD |
410 | sel_file f; /* Selector for tunnel device */ |
411 | struct peer *p; /* Pointer to my peer */ |
412 | unsigned n; /* Number of my tunnel device */ |
410c8acf |
413 | #else |
414 | # error "No support for this tunnel type" |
415 | #endif |
416 | } tunnel; |
417 | |
832a2ab6 |
418 | /* --- Peer statistics --- * |
419 | * |
420 | * Contains various interesting and not-so-interesting statistics about a |
421 | * peer. This is updated by various parts of the code. The format of the |
422 | * structure isn't considered private, and @p_stats@ returns a pointer to the |
423 | * statistics block for a given peer. |
424 | */ |
425 | |
426 | typedef struct stats { |
427 | unsigned long sz_in, sz_out; /* Size of all data in and out */ |
428 | unsigned long sz_kxin, sz_kxout; /* Size of key exchange messages */ |
429 | unsigned long sz_ipin, sz_ipout; /* Size of encapsulated IP packets */ |
430 | time_t t_start, t_last; /* Time peer created, last recv */ |
431 | unsigned long n_reject; /* Number of rejected packets */ |
432 | unsigned long n_in, n_out; /* Number of packets in and out */ |
433 | unsigned long n_kxin, n_kxout; /* Number of key exchange packets */ |
434 | unsigned long n_ipin, n_ipout; /* Number of encrypted packets */ |
435 | } stats; |
436 | |
410c8acf |
437 | /* --- Peer structure --- * |
438 | * |
439 | * The main structure which glues everything else together. |
440 | */ |
441 | |
442 | typedef struct peer { |
443 | struct peer *next, *prev; /* Links to next and previous */ |
444 | char *name; /* Name of this peer */ |
445 | tunnel t; /* Tunnel for local packets */ |
446 | keyset *ks; /* List head for keysets */ |
410c8acf |
447 | buf b; /* Buffer for sending packets */ |
448 | addr peer; /* Peer socket address */ |
449 | size_t sasz; /* Socket address size */ |
832a2ab6 |
450 | stats st; /* Statistics */ |
451 | keyexch kx; /* Key exchange protocol block */ |
410c8acf |
452 | } peer; |
453 | |
454 | /* --- Admin structure --- */ |
455 | |
fd3cf232 |
456 | #define OBUFSZ 16384u |
457 | |
458 | typedef struct obuf { |
459 | struct obuf *next; /* Next buffer in list */ |
460 | char *p_in, *p_out; /* Pointers into the buffer */ |
461 | char buf[OBUFSZ]; /* The actual buffer */ |
462 | } obuf; |
463 | |
410c8acf |
464 | typedef struct admin { |
465 | struct admin *next, *prev; /* Links to next and previous */ |
fd3cf232 |
466 | unsigned f; /* Various useful flags */ |
410c8acf |
467 | #ifndef NTRACE |
468 | unsigned seq; /* Sequence number for tracing */ |
469 | #endif |
470 | char *pname; /* Peer name to create */ |
471 | char *paddr; /* Address string to resolve */ |
fd3cf232 |
472 | obuf *o_head, *o_tail; /* Output buffer list */ |
473 | selbuf b; /* Line buffer for commands */ |
474 | sel_file w; /* Selector for write buffering */ |
410c8acf |
475 | bres_client r; /* Background resolver task */ |
476 | sel_timer t; /* Timer for resolver */ |
477 | addr peer; /* Address to set */ |
478 | size_t sasz; /* Size of the address */ |
479 | } admin; |
480 | |
fd3cf232 |
481 | #define AF_DEAD 1u /* Destroy this admin block */ |
482 | #define AF_LOCK 2u /* Don't destroy it yet */ |
483 | |
410c8acf |
484 | /*----- Global variables --------------------------------------------------*/ |
485 | |
486 | extern sel_state sel; /* Global I/O event state */ |
487 | extern dh_priv kpriv; /* Our private key */ |
488 | extern mpmont mg; /* Montgomery context for DH group */ |
832a2ab6 |
489 | extern octet buf_i[PKBUFSZ], buf_o[PKBUFSZ], buf_t[PKBUFSZ]; |
410c8acf |
490 | |
491 | #ifndef NTRACE |
492 | extern const trace_opt tr_opts[]; /* Trace options array */ |
493 | extern unsigned tr_flags; /* Trace options flags */ |
494 | #endif |
495 | |
8d0c7a83 |
496 | /*----- Other macros ------------------------------------------------------*/ |
497 | |
498 | #define TIMER noise_timer(RAND_GLOBAL) |
499 | |
410c8acf |
500 | /*----- Key management ----------------------------------------------------*/ |
501 | |
502 | /* --- @km_interval@ --- * |
503 | * |
504 | * Arguments: --- |
505 | * |
506 | * Returns: Zero if OK, nonzero to force reloading of keys. |
507 | * |
508 | * Use: Called on the interval timer to perform various useful jobs. |
509 | */ |
510 | |
511 | extern int km_interval(void); |
512 | |
513 | /* --- @km_init@ --- * |
514 | * |
515 | * Arguments: @const char *kr_priv@ = private keyring file |
516 | * @const char *kr_pub@ = public keyring file |
517 | * @const char *tag@ = tag to load |
518 | * |
519 | * Returns: --- |
520 | * |
521 | * Use: Initializes, and loads the private key. |
522 | */ |
523 | |
524 | extern void km_init(const char */*kr_priv*/, const char */*kr_pub*/, |
525 | const char */*tag*/); |
526 | |
527 | /* --- @km_getpubkey@ --- * |
528 | * |
529 | * Arguments: @const char *tag@ = public key tag to load |
530 | * @dh_pub *kpub@ = where to put the public key |
00e64b67 |
531 | * @time_t *t_exp@ = where to put the expiry time |
410c8acf |
532 | * |
533 | * Returns: Zero if OK, nonzero if it failed. |
534 | * |
535 | * Use: Fetches a public key from the keyring. |
536 | */ |
537 | |
00e64b67 |
538 | extern int km_getpubkey(const char */*tag*/, dh_pub */*kpub*/, |
539 | time_t */*t_exp*/); |
410c8acf |
540 | |
541 | /*----- Key exchange ------------------------------------------------------*/ |
542 | |
543 | /* --- @kx_start@ --- * |
544 | * |
545 | * Arguments: @keyexch *kx@ = pointer to key exchange context |
546 | * |
547 | * Returns: --- |
548 | * |
549 | * Use: Stimulates a key exchange. If a key exchage is in progress, |
550 | * a new challenge is sent (unless the quiet timer forbids |
551 | * this); if no exchange is in progress, one is commenced. |
552 | */ |
553 | |
554 | extern void kx_start(keyexch */*kx*/); |
555 | |
832a2ab6 |
556 | /* --- @kx_message@ --- * |
410c8acf |
557 | * |
558 | * Arguments: @keyexch *kx@ = pointer to key exchange context |
832a2ab6 |
559 | * @unsigned msg@ = the message code |
560 | * @buf *b@ = pointer to buffer containing the packet |
410c8acf |
561 | * |
562 | * Returns: --- |
563 | * |
832a2ab6 |
564 | * Use: Reads a packet containing key exchange messages and handles |
565 | * it. |
410c8acf |
566 | */ |
567 | |
832a2ab6 |
568 | extern void kx_message(keyexch */*kx*/, unsigned /*msg*/, buf */*b*/); |
410c8acf |
569 | |
570 | /* --- @kx_free@ --- * |
571 | * |
572 | * Arguments: @keyexch *kx@ = pointer to key exchange context |
573 | * |
574 | * Returns: --- |
575 | * |
576 | * Use: Frees everything in a key exchange context. |
577 | */ |
578 | |
579 | extern void kx_free(keyexch */*kx*/); |
580 | |
581 | /* --- @kx_newkeys@ --- * |
582 | * |
583 | * Arguments: @keyexch *kx@ = pointer to key exchange context |
584 | * |
585 | * Returns: --- |
586 | * |
587 | * Use: Informs the key exchange module that its keys may have |
588 | * changed. If fetching the new keys fails, the peer will be |
589 | * destroyed, we log messages and struggle along with the old |
590 | * keys. |
591 | */ |
592 | |
593 | extern void kx_newkeys(keyexch */*kx*/); |
594 | |
595 | /* --- @kx_init@ --- * |
596 | * |
597 | * Arguments: @keyexch *kx@ = pointer to key exchange context |
598 | * @peer *p@ = pointer to peer context |
599 | * @keyset **ks@ = pointer to keyset list |
600 | * |
601 | * Returns: Zero if OK, nonzero if it failed. |
602 | * |
603 | * Use: Initializes a key exchange module. The module currently |
604 | * contains no keys, and will attempt to initiate a key |
605 | * exchange. |
606 | */ |
607 | |
608 | extern int kx_init(keyexch */*kx*/, peer */*p*/, keyset **/*ks*/); |
609 | |
610 | /*----- Keysets and symmetric cryptography --------------------------------*/ |
611 | |
832a2ab6 |
612 | /* --- @ks_drop@ --- * |
613 | * |
614 | * Arguments: @keyset *ks@ = pointer to a keyset |
615 | * |
616 | * Returns: --- |
617 | * |
618 | * Use: Decrements a keyset's reference counter. If the counter hits |
619 | * zero, the keyset is freed. |
620 | */ |
621 | |
622 | extern void ks_drop(keyset */*ks*/); |
623 | |
624 | /* --- @ks_gen@ --- * |
625 | * |
626 | * Arguments: @const void *k@ = pointer to key material |
627 | * @size_t x, y, z@ = offsets into key material (see below) |
9466fafa |
628 | * @peer *p@ = pointer to peer information |
832a2ab6 |
629 | * |
630 | * Returns: A pointer to the new keyset. |
631 | * |
632 | * Use: Derives a new keyset from the given key material. The |
633 | * offsets @x@, @y@ and @z@ separate the key material into three |
634 | * parts. Between the @k@ and @k + x@ is `my' contribution to |
635 | * the key material; between @k + x@ and @k + y@ is `your' |
636 | * contribution; and between @k + y@ and @k + z@ is a shared |
637 | * value we made together. These are used to construct two |
638 | * pairs of symmetric keys. Each pair consists of an encryption |
639 | * key and a message authentication key. One pair is used for |
640 | * outgoing messages, the other for incoming messages. |
641 | * |
642 | * The new key is marked so that it won't be selected for output |
643 | * by @ksl_encrypt@. You can still encrypt data with it by |
644 | * calling @ks_encrypt@ directly. |
645 | */ |
646 | |
647 | extern keyset *ks_gen(const void */*k*/, |
9466fafa |
648 | size_t /*x*/, size_t /*y*/, size_t /*z*/, |
649 | peer */*p*/); |
832a2ab6 |
650 | |
651 | /* --- @ks_tregen@ --- * |
652 | * |
653 | * Arguments: @keyset *ks@ = pointer to a keyset |
654 | * |
655 | * Returns: The time at which moves ought to be made to replace this key. |
656 | */ |
657 | |
658 | extern time_t ks_tregen(keyset */*ks*/); |
659 | |
660 | /* --- @ks_activate@ --- * |
661 | * |
662 | * Arguments: @keyset *ks@ = pointer to a keyset |
663 | * |
664 | * Returns: --- |
665 | * |
666 | * Use: Activates a keyset, so that it can be used for encrypting |
667 | * outgoing messages. |
668 | */ |
669 | |
670 | extern void ks_activate(keyset */*ks*/); |
671 | |
672 | /* --- @ks_encrypt@ --- * |
673 | * |
674 | * Arguments: @keyset *ks@ = pointer to a keyset |
7ed14135 |
675 | * @unsigned ty@ = message type |
832a2ab6 |
676 | * @buf *b@ = pointer to input buffer |
677 | * @buf *bb@ = pointer to output buffer |
678 | * |
679 | * Returns: Zero if OK, nonzero if the key needs replacing. If the |
680 | * encryption failed, the output buffer is broken and zero is |
681 | * returned. |
682 | * |
683 | * Use: Encrypts a block of data using the key. Note that the `key |
684 | * ought to be replaced' notification is only ever given once |
685 | * for each key. Also note that this call forces a keyset to be |
686 | * used even if it's marked as not for data output. |
687 | */ |
688 | |
7ed14135 |
689 | extern int ks_encrypt(keyset */*ks*/, unsigned /*ty*/, |
690 | buf */*b*/, buf */*bb*/); |
832a2ab6 |
691 | |
692 | /* --- @ks_decrypt@ --- * |
693 | * |
694 | * Arguments: @keyset *ks@ = pointer to a keyset |
7ed14135 |
695 | * @unsigned ty@ = expected type code |
832a2ab6 |
696 | * @buf *b@ = pointer to an input buffer |
697 | * @buf *bb@ = pointer to an output buffer |
698 | * |
699 | * Returns: Zero on success, or nonzero if there was some problem. |
700 | * |
701 | * Use: Attempts to decrypt a message using a given key. Note that |
702 | * requesting decryption with a key directly won't clear a |
703 | * marking that it's not for encryption. |
704 | */ |
705 | |
7ed14135 |
706 | extern int ks_decrypt(keyset */*ks*/, unsigned /*ty*/, |
707 | buf */*b*/, buf */*bb*/); |
832a2ab6 |
708 | |
709 | /* --- @ksl_free@ --- * |
410c8acf |
710 | * |
711 | * Arguments: @keyset **ksroot@ = pointer to keyset list head |
712 | * |
713 | * Returns: --- |
714 | * |
832a2ab6 |
715 | * Use: Frees (releases references to) all of the keys in a keyset. |
410c8acf |
716 | */ |
717 | |
832a2ab6 |
718 | extern void ksl_free(keyset **/*ksroot*/); |
410c8acf |
719 | |
832a2ab6 |
720 | /* --- @ksl_link@ --- * |
410c8acf |
721 | * |
722 | * Arguments: @keyset **ksroot@ = pointer to keyset list head |
832a2ab6 |
723 | * @keyset *ks@ = pointer to a keyset |
410c8acf |
724 | * |
725 | * Returns: --- |
726 | * |
832a2ab6 |
727 | * Use: Links a keyset into a list. A keyset can only be on one list |
728 | * at a time. Bad things happen otherwise. |
410c8acf |
729 | */ |
730 | |
832a2ab6 |
731 | extern void ksl_link(keyset **/*ksroot*/, keyset */*ks*/); |
410c8acf |
732 | |
832a2ab6 |
733 | /* --- @ksl_prune@ --- * |
410c8acf |
734 | * |
735 | * Arguments: @keyset **ksroot@ = pointer to keyset list head |
410c8acf |
736 | * |
832a2ab6 |
737 | * Returns: --- |
410c8acf |
738 | * |
832a2ab6 |
739 | * Use: Prunes the keyset list by removing keys which mustn't be used |
740 | * any more. |
410c8acf |
741 | */ |
742 | |
832a2ab6 |
743 | extern void ksl_prune(keyset **/*ksroot*/); |
410c8acf |
744 | |
832a2ab6 |
745 | /* --- @ksl_encrypt@ --- * |
410c8acf |
746 | * |
747 | * Arguments: @keyset **ksroot@ = pointer to keyset list head |
7ed14135 |
748 | * @unsigned ty@ = message type |
410c8acf |
749 | * @buf *b@ = pointer to input buffer |
750 | * @buf *bb@ = pointer to output buffer |
751 | * |
752 | * Returns: Nonzero if a new key is needed. |
753 | * |
754 | * Use: Encrypts a packet. |
755 | */ |
756 | |
7ed14135 |
757 | extern int ksl_encrypt(keyset **/*ksroot*/, unsigned /*ty*/, |
758 | buf */*b*/, buf */*bb*/); |
410c8acf |
759 | |
832a2ab6 |
760 | /* --- @ksl_decrypt@ --- * |
410c8acf |
761 | * |
762 | * Arguments: @keyset **ksroot@ = pointer to keyset list head |
7ed14135 |
763 | * @unsigned ty@ = expected type code |
410c8acf |
764 | * @buf *b@ = pointer to input buffer |
765 | * @buf *bb@ = pointer to output buffer |
766 | * |
767 | * Returns: Nonzero if the packet couldn't be decrypted. |
768 | * |
769 | * Use: Decrypts a packet. |
770 | */ |
771 | |
7ed14135 |
772 | extern int ksl_decrypt(keyset **/*ksroot*/, unsigned /*ty*/, |
773 | buf */*b*/, buf */*bb*/); |
410c8acf |
774 | |
775 | /*----- Administration interface ------------------------------------------*/ |
776 | |
777 | /* --- @a_warn@ --- * |
778 | * |
779 | * Arguments: @const char *fmt@ = pointer to format string |
780 | * @...@ = other arguments |
781 | * |
782 | * Returns: --- |
783 | * |
784 | * Use: Informs all admin connections of a warning. |
785 | */ |
786 | |
787 | extern void a_warn(const char */*fmt*/, ...); |
788 | |
789 | /* --- @a_create@ --- * |
790 | * |
791 | * Arguments: @int fd_in, fd_out@ = file descriptors to use |
792 | * |
793 | * Returns: --- |
794 | * |
795 | * Use: Creates a new admin connection. |
796 | */ |
797 | |
798 | extern void a_create(int /*fd_in*/, int /*fd_out*/); |
799 | |
800 | /* --- @a_quit@ --- * |
801 | * |
802 | * Arguments: --- |
803 | * |
804 | * Returns: --- |
805 | * |
806 | * Use: Shuts things down nicely. |
807 | */ |
808 | |
809 | extern void a_quit(void); |
810 | |
811 | /* --- @a_daemon@ --- * |
812 | * |
813 | * Arguments: --- |
814 | * |
815 | * Returns: --- |
816 | * |
817 | * Use: Informs the admin module that it's a daemon. |
818 | */ |
819 | |
820 | extern void a_daemon(void); |
821 | |
822 | /* --- @a_init@ --- * |
823 | * |
824 | * Arguments: @const char *sock@ = socket name to create |
825 | * |
826 | * Returns: --- |
827 | * |
828 | * Use: Creates the admin listening socket. |
829 | */ |
830 | |
831 | extern void a_init(const char */*sock*/); |
832 | |
833 | /*----- Peer management ---------------------------------------------------*/ |
834 | |
835 | /* --- @p_txstart@ --- * |
836 | * |
837 | * Arguments: @peer *p@ = pointer to peer block |
838 | * @unsigned msg@ = message type code |
839 | * |
840 | * Returns: A pointer to a buffer to write to. |
841 | * |
842 | * Use: Starts sending to a peer. Only one send can happen at a |
843 | * time. |
844 | */ |
845 | |
846 | extern buf *p_txstart(peer */*p*/, unsigned /*msg*/); |
847 | |
848 | /* --- @p_txend@ --- * |
849 | * |
850 | * Arguments: @peer *p@ = pointer to peer block |
851 | * |
852 | * Returns: --- |
853 | * |
854 | * Use: Sends a packet to the peer. |
855 | */ |
856 | |
857 | extern void p_txend(peer */*p*/); |
858 | |
859 | /* --- @p_tun@ --- * |
860 | * |
861 | * Arguments: @peer *p@ = pointer to peer block |
862 | * @buf *b@ = buffer containing incoming packet |
863 | * |
864 | * Returns: --- |
865 | * |
866 | * Use: Handles a packet which needs to be sent to a peer. |
867 | */ |
868 | |
869 | extern void p_tun(peer */*p*/, buf */*b*/); |
870 | |
871 | /* --- @p_interval@ --- * |
872 | * |
873 | * Arguments: --- |
874 | * |
875 | * Returns: --- |
876 | * |
877 | * Use: Called periodically to do tidying. |
878 | */ |
879 | |
880 | extern void p_interval(void); |
881 | |
832a2ab6 |
882 | /* --- @p_stats@ --- * |
883 | * |
884 | * Arguments: @peer *p@ = pointer to a peer block |
885 | * |
886 | * Returns: A pointer to the peer's statistics. |
887 | */ |
888 | |
889 | extern stats *p_stats(peer */*p*/); |
890 | |
410c8acf |
891 | /* --- @p_ifname@ --- * |
892 | * |
893 | * Arguments: @peer *p@ = pointer to a peer block |
894 | * |
895 | * Returns: A pointer to the peer's interface name. |
896 | */ |
897 | |
898 | extern const char *p_ifname(peer */*p*/); |
899 | |
900 | /* --- @p_addr@ --- * |
901 | * |
902 | * Arguments: @peer *p@ = pointer to a peer block |
903 | * |
904 | * Returns: A pointer to the peer's address. |
905 | */ |
906 | |
907 | extern const addr *p_addr(peer */*p*/); |
908 | |
909 | /* --- @p_init@ --- * |
910 | * |
767b36e2 |
911 | * Arguments: @struct in_addr addr@ = address to bind to |
912 | * @unsigned port@ = port number to listen to |
410c8acf |
913 | * |
914 | * Returns: --- |
915 | * |
916 | * Use: Initializes the peer system; creates the socket. |
917 | */ |
918 | |
767b36e2 |
919 | extern void p_init(struct in_addr /*addr*/, unsigned /*port*/); |
410c8acf |
920 | |
921 | /* --- @p_port@ --- * |
922 | * |
923 | * Arguments: --- |
924 | * |
925 | * Returns: Port number used for socket. |
926 | */ |
927 | |
928 | unsigned p_port(void); |
929 | |
930 | /* --- @p_create@ --- * |
931 | * |
932 | * Arguments: @const char *name@ = name for this peer |
933 | * @struct sockaddr *sa@ = socket address of peer |
934 | * @size_t sz@ = size of socket address |
935 | * |
936 | * Returns: Pointer to the peer block, or null if it failed. |
937 | * |
938 | * Use: Creates a new named peer block. No peer is actually attached |
939 | * by this point. |
940 | */ |
941 | |
942 | extern peer *p_create(const char */*name*/, |
943 | struct sockaddr */*sa*/, size_t /*sz*/); |
944 | |
945 | /* --- @p_name@ --- * |
946 | * |
947 | * Arguments: @peer *p@ = pointer to a peer block |
948 | * |
949 | * Returns: A pointer to the peer's name. |
950 | */ |
951 | |
952 | extern const char *p_name(peer */*p*/); |
953 | |
954 | /* --- @p_find@ --- * |
955 | * |
956 | * Arguments: @const char *name@ = name to look up |
957 | * |
958 | * Returns: Pointer to the peer block, or null if not found. |
959 | * |
960 | * Use: Finds a peer by name. |
961 | */ |
962 | |
963 | extern peer *p_find(const char */*name*/); |
964 | |
965 | /* --- @p_destroy@ --- * |
966 | * |
967 | * Arguments: @peer *p@ = pointer to a peer |
968 | * |
969 | * Returns: --- |
970 | * |
971 | * Use: Destroys a peer. |
972 | */ |
973 | |
974 | extern void p_destroy(peer */*p*/); |
975 | |
976 | /* --- @p_first@, @p_next@ --- * |
977 | * |
978 | * Arguments: @peer *p@ = a peer block |
979 | * |
980 | * Returns: @peer_first@ returns the first peer in some ordering; |
981 | * @peer_next@ returns the peer following a given one in the |
982 | * same ordering. Null is returned for the end of the list. |
983 | */ |
984 | |
985 | extern peer *p_first(void); |
986 | extern peer *p_next(peer */*p*/); |
987 | |
988 | /*----- Tunnel interface --------------------------------------------------*/ |
989 | |
990 | /* --- @tun_init@ --- * |
991 | * |
992 | * Arguments: --- |
993 | * |
994 | * Returns: --- |
995 | * |
996 | * Use: Initializes the tunneling system. Maybe this will require |
997 | * opening file descriptors or something. |
998 | */ |
999 | |
1000 | extern void tun_init(void); |
1001 | |
1002 | /* --- @tun_create@ --- * |
1003 | * |
1004 | * Arguments: @tunnel *t@ = pointer to tunnel block |
1005 | * @peer *p@ = pointer to peer block |
1006 | * |
1007 | * Returns: Zero if it worked, nonzero on failure. |
1008 | * |
1009 | * Use: Initializes a new tunnel. |
1010 | */ |
1011 | |
1012 | extern int tun_create(tunnel */*t*/, peer */*p*/); |
1013 | |
1014 | /* --- @tun_ifname@ --- * |
1015 | * |
1016 | * Arguments: @tunnel *t@ = pointer to tunnel block |
1017 | * |
1018 | * Returns: A pointer to the tunnel's interface name. |
1019 | */ |
1020 | |
1021 | extern const char *tun_ifname(tunnel */*t*/); |
1022 | |
1023 | /* --- @tun_inject@ --- * |
1024 | * |
1025 | * Arguments: @tunnel *t@ = pointer to tunnel block |
1026 | * @buf *b@ = buffer to send |
1027 | * |
1028 | * Returns: --- |
1029 | * |
1030 | * Use: Injects a packet into the local network stack. |
1031 | */ |
1032 | |
1033 | extern void tun_inject(tunnel */*t*/, buf */*b*/); |
1034 | |
1035 | /* --- @tun_destroy@ --- * |
1036 | * |
1037 | * Arguments: @tunnel *t@ = pointer to tunnel block |
1038 | * |
1039 | * Returns: --- |
1040 | * |
1041 | * Use: Destroys a tunnel. |
1042 | */ |
1043 | |
1044 | extern void tun_destroy(tunnel */*t*/); |
1045 | |
410c8acf |
1046 | /*----- Other handy utilities ---------------------------------------------*/ |
1047 | |
1048 | /* --- @mpstr@ --- * |
1049 | * |
1050 | * Arguments: @mp *m@ = a multiprecision integer |
1051 | * |
1052 | * Returns: A pointer to the integer's textual representation. |
1053 | * |
1054 | * Use: Converts a multiprecision integer to a string. Corrupts |
832a2ab6 |
1055 | * @buf_t@. |
410c8acf |
1056 | */ |
1057 | |
1058 | extern const char *mpstr(mp */*m*/); |
1059 | |
832a2ab6 |
1060 | /* --- @timestr@ --- * |
1061 | * |
1062 | * Arguments: @time_t t@ = a time to convert |
1063 | * |
1064 | * Returns: A pointer to a textual representation of the time. |
1065 | * |
1066 | * Use: Converts a time to a textual representation. Corrupts |
1067 | * @buf_t@. |
1068 | */ |
1069 | |
1070 | extern const char *timestr(time_t /*t*/); |
1071 | |
410c8acf |
1072 | /*----- That's all, folks -------------------------------------------------*/ |
1073 | |
1074 | #ifdef __cplusplus |
1075 | } |
1076 | #endif |
1077 | |
1078 | #endif |