3 * $Id: tripe-protocol.h,v 1.1 2003/10/15 09:30:18 mdw Exp $
5 * Protocol definition for TrIPE
7 * (c) 2003 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Trivial IP Encryption (TrIPE).
14 * TrIPE is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
19 * TrIPE is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with TrIPE; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 /*----- Revision history --------------------------------------------------*
31 * $Log: tripe-protocol.h,v $
32 * Revision 1.1 2003/10/15 09:30:18 mdw
33 * Add support for Ethereal protocol analysis.
37 #ifndef TRIPE_PROTOCOL_H
38 #define TRIPE_PROTOCOL_H
40 /*----- TrIPE protocol ----------------------------------------------------*/
42 /* --- TrIPE message format --- *
44 * A packet begins with a single-byte message type. The top four bits are a
45 * category code used to send the message to the right general place in the
46 * code; the bottom bits identify the actual message type.
49 #define MSG_CATMASK 0xf0
50 #define MSG_TYPEMASK 0x0f
52 /* --- Encrypted message packets --- *
54 * Messages of category @MSG_PACKET@ contain encrypted network packets. The
55 * message content is a symmetric-encrypted block (see below). Reception of
56 * a packet encrypted under a new key implicitly permits that key to be used
57 * to send further packets.
59 * The only packet type accepted is zero.
61 * Packets may be encrypted under any live keyset, but should use the most
65 #define MSG_PACKET 0x00
67 /* --- Key exchange packets --- */
69 #define MSG_KEYEXCH 0x10
76 #define KX_SWITCHOK 5u
79 /* --- Symmetric encryption and keysets --- *
81 * Packets consist of an 80-bit MAC, a 32-bit sequence number, and the
84 * The plaintext is encrypted using Blowfish in CBC mode with ciphertext
85 * stealing (as described in [Schneier]. The initialization vector is
86 * selected randomly, and prepended to the actual ciphertext.
88 * The MAC is computed using the HMAC construction with RIPEMD160 over the
89 * sequence number and the ciphertext (with IV); the first 80 bits of the
90 * output are used. (This is the minimum allowed by the draft FIPS for HMAC,
91 * and the recommended truncation.)
93 * A keyset consists of
95 * * an integrity (MAC) key;
96 * * a confidentiality (encryption) key; and
97 * * a sequence numbering space
99 * in each direction. The packets sent by a host encrypted under a
100 * particular keyset are assigned consecutive sequence numbers starting from
101 * zero. The receiving host must ensure that it only accepts each packet at
102 * most once. It should maintain a window of sequence numbers: packets with
103 * numbers beyond the end of the window are accepted and cause the window to
104 * be advanced; packets with numbers before the start of the window are
105 * rejected; packets with numbers which appear within the window are accepted
106 * only if the number has not been seen before.
108 * When a host sends a @KX_SWITCH@ or @KX_SWITCHOK@ message, it installs the
109 * newly-negotiated keyset in a `listen-only' state: it may not send a packet
110 * encrypted under the keyset until either it has received a @KX_SWITCH@ or
111 * @KX_SWITCHOK@ message, or a @MSG_PACKET@ encrypted under the keyset, from
115 /*----- That's all, folks -------------------------------------------------*/
~mdw / tripe / blob