3 * Protocol definition for TrIPE
5 * (c) 2003 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of Trivial IP Encryption (TrIPE).
12 * TrIPE is free software: you can redistribute it and/or modify it under
13 * the terms of the GNU General Public License as published by the Free
14 * Software Foundation; either version 3 of the License, or (at your
15 * option) any later version.
17 * TrIPE is distributed in the hope that it will be useful, but WITHOUT
18 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
19 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * You should have received a copy of the GNU General Public License
23 * along with TrIPE. If not, see <https://www.gnu.org/licenses/>.
26 #ifndef TRIPE_PROTOCOL_H
27 #define TRIPE_PROTOCOL_H
29 /*----- TrIPE protocol ----------------------------------------------------*/
31 #define TRIPE_PORT 4070 /* Assigned by IANA */
33 /* --- TrIPE message format --- *
35 * A packet begins with a single-byte message type. The top four bits are a
36 * category code used to send the message to the right general place in the
37 * code; the bottom bits identify the actual message type.
40 #define MSG_CATMASK 0xf0
41 #define MSG_TYPEMASK 0x0f
43 /* --- Encrypted message packets --- *
45 * Messages of category @MSG_PACKET@ contain encrypted network packets. The
46 * message content is a symmetric-encrypted block (see below). Reception of
47 * a packet encrypted under a new key implicitly permits that key to be used
48 * to send further packets.
50 * The only packet type accepted is zero.
52 * Packets may be encrypted under any live keyset, but should use the most
56 #define MSG_PACKET 0x00
58 /* --- Key exchange packets --- */
60 #define MSG_KEYEXCH 0x10
66 #define KX_SWITCHOK 4u
69 /* --- Miscellaneous packets --- */
73 #define MISC_NOP 0u /* Do nothing; ignore me */
74 #define MISC_PING 1u /* Transport-level ping */
75 #define MISC_PONG 2u /* Transport-level ping response */
76 #define MISC_EPING 3u /* Encrypted ping */
77 #define MISC_EPONG 4u /* Encrypted ping response */
78 #define MISC_GREET 5u /* A greeting from a NATed peer */
80 /* --- Symmetric encryption and keysets --- *
82 * Packets consist of an 80-bit MAC, a 32-bit sequence number, and the
85 * The plaintext is encrypted using Blowfish in CBC mode with ciphertext
86 * stealing (as described in [Schneier]). The initialization vector is
87 * selected randomly, and prepended to the actual ciphertext.
89 * The MAC is computed using the HMAC construction with RIPEMD160 over the
90 * sequence number and the ciphertext (with IV); the first 80 bits of the
91 * output are used. (This is the minimum allowed by the draft FIPS for HMAC,
92 * and the recommended truncation.)
94 * A keyset consists of
96 * * an integrity (MAC) key;
97 * * a confidentiality (encryption) key; and
98 * * a sequence numbering space
100 * in each direction. The packets sent by a host encrypted under a
101 * particular keyset are assigned consecutive sequence numbers starting from
102 * zero. The receiving host must ensure that it only accepts each packet at
103 * most once. It should maintain a window of sequence numbers: packets with
104 * numbers beyond the end of the window are accepted and cause the window to
105 * be advanced; packets with numbers before the start of the window are
106 * rejected; packets with numbers which appear within the window are accepted
107 * only if the number has not been seen before.
109 * When a host sends a @KX_SWITCH@ or @KX_SWITCHOK@ message, it installs the
110 * newly-negotiated keyset in a `listen-only' state: it may not send a packet
111 * encrypted under the keyset until either it has received a @KX_SWITCH@ or
112 * @KX_SWITCHOK@ message, or a @MSG_PACKET@ encrypted under the keyset, from
116 /*----- That's all, folks -------------------------------------------------*/
~mdw / tripe / blob