/* -*-c-*-
*
- * $Id: tripe.h,v 1.9 2001/06/22 19:40:36 mdw Exp $
+ * $Id: tripe.h,v 1.16 2003/07/13 11:19:49 mdw Exp $
*
* Main header file for TrIPE
*
/*----- Revision history --------------------------------------------------*
*
* $Log: tripe.h,v $
+ * Revision 1.16 2003/07/13 11:19:49 mdw
+ * Incopatible protocol fix! Include message type code under MAC tag to prevent
+ * cut-and-paste from key-exchange messages to general packet transport.
+ *
+ * Revision 1.15 2003/05/16 12:09:03 mdw
+ * Allow binding to a chosen address.
+ *
+ * Revision 1.14 2003/04/06 10:36:33 mdw
+ * Rearrange so as not to include Linux headers unless we need to.
+ *
+ * Revision 1.13 2003/04/06 10:26:35 mdw
+ * Report peer name on decrypt errors.
+ *
+ * Revision 1.12 2003/04/06 10:25:17 mdw
+ * Support Linux TUN/TAP device. Fix some bugs.
+ *
+ * Revision 1.11 2002/01/13 14:57:42 mdw
+ * Fix crap typo.
+ *
+ * Revision 1.10 2002/01/13 14:54:58 mdw
+ * Provide MGF macros.
+ *
* Revision 1.9 2001/06/22 19:40:36 mdw
* Support expiry of other peers' public keys.
*
#define TUN_NOTDEF 0
#define TUN_UNET 1
#define TUN_BSD 2
+#define TUN_LINUX 3
/* --- Trace flags --- */
* selected randomly, and prepended to the actual ciphertext.
*
* The MAC is computed using the HMAC construction with RIPEMD160 over the
- * sequence number and the ciphertext (with iV); the first 80 bits of the
+ * sequence number and the ciphertext (with IV); the first 80 bits of the
* output are used. (This is the minimum allowed by the draft FIPS for HMAC,
* and the recommended truncation.)
*
#include <catacomb/blowfish.h>
#include <catacomb/blowfish-cbc.h>
+#include <catacomb/blowfish-counter.h>
#include <catacomb/rmd160.h>
#include <catacomb/rmd160-hmac.h>
#define HASH_DONE rmd160_done
#define HASHSZ RMD160_HASHSZ
+#define MGF_CTX blowfish_counterctx
+#define MGF_INIT blowfish_counterinit
+#define MGF_CRYPT blowfish_counterencrypt
+
#define SEQSZ 4
#define IVSZ BLOWFISH_BLKSZ
#define MACSZ 10
typedef struct keyset {
struct keyset *next; /* Next active keyset in the list */
unsigned ref; /* Reference count for keyset */
+ struct peer *p; /* Pointer to peer structure */
time_t t_exp; /* Expiry time for this keyset */
unsigned long sz_exp; /* Data limit for the keyset */
T( unsigned seq; ) /* Sequence number for tracing */
unsigned f; /* Various useful flags */
sel_timer t; /* Response timer for challenge */
octet hc[HASHSZ]; /* Hash of his challenge */
- octet hrx[HASHSZ]; /* My expected reply hash */
+ mp *ck; /* The check value */
octet hswrq_in[HASHSZ]; /* Inbound switch request message */
octet hswok_in[HASHSZ]; /* Inbound switch confirmation */
octet hswrq_out[HASHSZ]; /* Outbound switch request message */
* Used to maintain system-specific information about the tunnel interface.
*/
+#if TUN_TYPE == TUN_LINUX
+# include <linux/if.h>
+# include <linux/if_tun.h>
+#endif
+
typedef struct tunnel {
-#if TUN_TYPE == TUN_UNET
+#if TUN_TYPE == TUN_UNET
sel_file f; /* Selector for Usernet device */
struct peer *p; /* Pointer to my peer */
+#elif TUN_TYPE == TUN_LINUX
+ sel_file f; /* Selector for TUN/TAP device */
+ struct peer *p; /* Pointer to my peer */
+ char ifn[IFNAMSIZ]; /* Interface name buffer */
#elif TUN_TYPE == TUN_BSD
sel_file f; /* Selector for tunnel device */
struct peer *p; /* Pointer to my peer */
*
* Arguments: @const void *k@ = pointer to key material
* @size_t x, y, z@ = offsets into key material (see below)
+ * @peer *p@ = pointer to peer information
*
* Returns: A pointer to the new keyset.
*
*/
extern keyset *ks_gen(const void */*k*/,
- size_t /*x*/, size_t /*y*/, size_t /*z*/);
+ size_t /*x*/, size_t /*y*/, size_t /*z*/,
+ peer */*p*/);
/* --- @ks_tregen@ --- *
*
/* --- @ks_encrypt@ --- *
*
* Arguments: @keyset *ks@ = pointer to a keyset
+ * @unsigned ty@ = message type
* @buf *b@ = pointer to input buffer
* @buf *bb@ = pointer to output buffer
*
* used even if it's marked as not for data output.
*/
-extern int ks_encrypt(keyset */*ks*/, buf */*b*/, buf */*bb*/);
+extern int ks_encrypt(keyset */*ks*/, unsigned /*ty*/,
+ buf */*b*/, buf */*bb*/);
/* --- @ks_decrypt@ --- *
*
* Arguments: @keyset *ks@ = pointer to a keyset
+ * @unsigned ty@ = expected type code
* @buf *b@ = pointer to an input buffer
* @buf *bb@ = pointer to an output buffer
*
* marking that it's not for encryption.
*/
-extern int ks_decrypt(keyset */*ks*/, buf */*b*/, buf */*bb*/);
+extern int ks_decrypt(keyset */*ks*/, unsigned /*ty*/,
+ buf */*b*/, buf */*bb*/);
/* --- @ksl_free@ --- *
*
/* --- @ksl_encrypt@ --- *
*
* Arguments: @keyset **ksroot@ = pointer to keyset list head
+ * @unsigned ty@ = message type
* @buf *b@ = pointer to input buffer
* @buf *bb@ = pointer to output buffer
*
* Use: Encrypts a packet.
*/
-extern int ksl_encrypt(keyset **/*ksroot*/, buf */*b*/, buf */*bb*/);
+extern int ksl_encrypt(keyset **/*ksroot*/, unsigned /*ty*/,
+ buf */*b*/, buf */*bb*/);
/* --- @ksl_decrypt@ --- *
*
* Arguments: @keyset **ksroot@ = pointer to keyset list head
+ * @unsigned ty@ = expected type code
* @buf *b@ = pointer to input buffer
* @buf *bb@ = pointer to output buffer
*
* Use: Decrypts a packet.
*/
-extern int ksl_decrypt(keyset **/*ksroot*/, buf */*b*/, buf */*bb*/);
+extern int ksl_decrypt(keyset **/*ksroot*/, unsigned /*ty*/,
+ buf */*b*/, buf */*bb*/);
/*----- Administration interface ------------------------------------------*/
/* --- @p_init@ --- *
*
- * Arguments: @unsigned port@ = port number to listen to
+ * Arguments: @struct in_addr addr@ = address to bind to
+ * @unsigned port@ = port number to listen to
*
* Returns: ---
*
* Use: Initializes the peer system; creates the socket.
*/
-extern void p_init(unsigned /*port*/);
+extern void p_init(struct in_addr /*addr*/, unsigned /*port*/);
/* --- @p_port@ --- *
*