/* -*-c-*-
*
- * $Id: tripe.h,v 1.4 2001/02/05 19:56:37 mdw Exp $
+ * $Id: tripe.h,v 1.15 2003/05/16 12:09:03 mdw Exp $
*
* Main header file for TrIPE
*
/*----- Revision history --------------------------------------------------*
*
* $Log: tripe.h,v $
+ * Revision 1.15 2003/05/16 12:09:03 mdw
+ * Allow binding to a chosen address.
+ *
+ * Revision 1.14 2003/04/06 10:36:33 mdw
+ * Rearrange so as not to include Linux headers unless we need to.
+ *
+ * Revision 1.13 2003/04/06 10:26:35 mdw
+ * Report peer name on decrypt errors.
+ *
+ * Revision 1.12 2003/04/06 10:25:17 mdw
+ * Support Linux TUN/TAP device. Fix some bugs.
+ *
+ * Revision 1.11 2002/01/13 14:57:42 mdw
+ * Fix crap typo.
+ *
+ * Revision 1.10 2002/01/13 14:54:58 mdw
+ * Provide MGF macros.
+ *
+ * Revision 1.9 2001/06/22 19:40:36 mdw
+ * Support expiry of other peers' public keys.
+ *
+ * Revision 1.8 2001/06/19 22:10:57 mdw
+ * Some more constants for the algorithms. Document the packet format
+ * change for non-malleability. Moved @buf@ definitions to separate header
+ * file.
+ *
+ * Revision 1.7 2001/03/03 12:07:08 mdw
+ * Rename word get and put functions now that there's 16-bit support.
+ *
+ * Revision 1.6 2001/02/19 19:11:09 mdw
+ * Output buffering on admin connections.
+ *
+ * Revision 1.5 2001/02/16 21:41:43 mdw
+ * Major changes. See source files for details.
+ *
* Revision 1.4 2001/02/05 19:56:37 mdw
* Sequence number protection, and BSD tunnels.
*
#include <catacomb/key.h>
#include <catacomb/paranoia.h>
-#include <catacomb/blowfish.h>
-#include <catacomb/blowfish-cbc.h>
#include <catacomb/noise.h>
#include <catacomb/rand.h>
-#include <catacomb/rmd160.h>
-#include <catacomb/rmd160-hmac.h>
#include <catacomb/mp.h>
#include <catacomb/mpmont.h>
#include <catacomb/mprand.h>
#include <catacomb/dh.h>
+#include "buf.h"
#include "util.h"
#undef sun
#define TUN_NOTDEF 0
#define TUN_UNET 1
#define TUN_BSD 2
+#define TUN_LINUX 3
/* --- Trace flags --- */
/*----- TrIPE protocol ----------------------------------------------------*/
-/* --- TrIPE packet format --- *
+/* --- TrIPE message format --- *
*
- * A packet begins with a single-byte packet type. The remaining data
- * depends on the packet type.
+ * A packet begins with a single-byte message type. The top four bits are a
+ * category code used to send the message to the right general place in the
+ * code; the bottom bits identify the actual message type.
*/
-#define MSG_PACKET 0u
-/* Followed by a 64-bit MAC and an encrypted packet. The MAC is used as an
- * IV for a 64-bit block cipher in CBC-stealing mode.
- */
+#define MSG_CATMASK 0xf0
+#define MSG_TYPEMASK 0x0f
-#define MSG_PRECHALLENGE 1u
-/* Followed by the challenge only. Useful for bootstrapping the system.
+/* --- Encrypted message packets --- *
+ *
+ * Messages of category @MSG_PACKET@ contain encrypted network packets. The
+ * message content is a symmetric-encrypted block (see below). Reception of
+ * a packet encrypted under a new key implicitly permits that key to be used
+ * to send further packets.
+ *
+ * The only packet type accepted is zero.
+ *
+ * Packets may be encrypted under any live keyset, but should use the most
+ * recent one.
*/
-#define MSG_CHALLENGE 2u
-/* Followed by a response hash and a large-integer challenge.
- */
+#define MSG_PACKET 0x00
-#define MSG_RESPONSE 3u
-/* Followed by a large-integer response.
- */
+/* --- Key exchange packets --- */
-/*----- Data structures ---------------------------------------------------*/
+#define MSG_KEYEXCH 0x10
+
+#define KX_PRECHAL 0u
+#define KX_COOKIE 1u
+#define KX_CHAL 2u
+#define KX_REPLY 3u
+#define KX_SWITCH 4u
+#define KX_SWITCHOK 5u
+#define KX_NMSG 6u
-/* --- Buffers --- *
+/* --- Symmetric encryption and keysets --- *
+ *
+ * Packets consist of an 80-bit MAC, a 32-bit sequence number, and the
+ * encrypted payload.
+ *
+ * The plaintext is encrypted using Blowfish in CBC mode with ciphertext
+ * stealing (as described in [Schneier]. The initialization vector is
+ * selected randomly, and prepended to the actual ciphertext.
+ *
+ * The MAC is computed using the HMAC construction with RIPEMD160 over the
+ * sequence number and the ciphertext (with IV); the first 80 bits of the
+ * output are used. (This is the minimum allowed by the draft FIPS for HMAC,
+ * and the recommended truncation.)
+ *
+ * A keyset consists of
*
- * Buffers provide a simple stream-like interface for building and parsing
- * packets.
+ * * an integrity (MAC) key;
+ * * a confidentiality (encryption) key; and
+ * * a sequence numbering space
+ *
+ * in each direction. The packets sent by a host encrypted under a
+ * particular keyset are assigned consecutive sequence numbers starting from
+ * zero. The receiving host must ensure that it only accepts each packet at
+ * most once. It should maintain a window of sequence numbers: packets with
+ * numbers beyond the end of the window are accepted and cause the window to
+ * be advanced; packets with numbers before the start of the window are
+ * rejected; packets with numbers which appear within the window are accepted
+ * only if the number has not been seen before.
+ *
+ * When a host sends a @KX_SWITCH@ or @KX_SWITCHOK@ message, it installs the
+ * newly-negotiated keyset in a `listen-only' state: it may not send a packet
+ * encrypted under the keyset until either it has received a @KX_SWITCH@ or
+ * @KX_SWITCHOK@ message, or a @MSG_PACKET@ encrypted under the keyset, from
+ * its peer.
*/
-typedef struct buf {
- octet *base, *p, *limit; /* Pointers to the buffer */
- unsigned f; /* Various flags */
-} buf;
+/*----- Cipher selections -------------------------------------------------*/
+
+#include <catacomb/blowfish.h>
+#include <catacomb/blowfish-cbc.h>
+#include <catacomb/blowfish-counter.h>
+#include <catacomb/rmd160.h>
+#include <catacomb/rmd160-hmac.h>
+
+#define CIPHER (&blowfish_cbc)
+#define MAC (&rmd160_hmac)
+
+#define HASH_CTX rmd160_ctx
+#define HASH_INIT rmd160_init
+#define HASH rmd160_hash
+#define HASH_STRING(c, s) HASH((c), s, sizeof(s))
+#define HASH_DONE rmd160_done
+#define HASHSZ RMD160_HASHSZ
-#define BF_BROKEN 1u /* Buffer is broken */
+#define MGF_CTX blowfish_counterctx
+#define MGF_INIT blowfish_counterinit
+#define MGF_CRYPT blowfish_counterencrypt
+
+#define SEQSZ 4
+#define IVSZ BLOWFISH_BLKSZ
+#define MACSZ 10
+
+/*----- Data structures ---------------------------------------------------*/
/* --- Socket addresses --- *
*
typedef struct keyset {
struct keyset *next; /* Next active keyset in the list */
+ unsigned ref; /* Reference count for keyset */
+ struct peer *p; /* Pointer to peer structure */
time_t t_exp; /* Expiry time for this keyset */
unsigned long sz_exp; /* Data limit for the keyset */
-#ifndef NTRACE
- unsigned seq; /* Sequence number for tracing */
-#endif
- gcipher *c; /* Keyset cipher for encryption */
- gmac *m; /* Keyset MAC for integrity */
+ T( unsigned seq; ) /* Sequence number for tracing */
+ unsigned f; /* Various useful flags */
+ gcipher *cin, *cout; /* Keyset ciphers for encryption */
+ gmac *min, *mout; /* Keyset MACs for integrity */
uint32 oseq; /* Outbound sequence number */
uint32 iseq, iwin; /* Inbound sequence number */
} keyset;
#define KS_SEQWINSZ 32 /* Bits in sequence number window */
+#define KSF_LISTEN 1u /* Don't encrypt packets yet */
+#define KSF_LINK 2u /* Key is in a linked list */
+
/* --- Key exchange --- *
*
* TrIPE uses the Wrestlers Protocol for its key exchange. The Wrestlers
* Clive Jones.
*/
+#define KX_NCHAL 16u
+#define KX_THRESH 4u
+
+typedef struct kxchal {
+ struct keyexch *kx; /* Pointer back to key exchange */
+ mp *c; /* Responder's challenge */
+ mp *r; /* My reply to the challenge */
+ keyset *ks; /* Pointer to temporary keyset */
+ unsigned f; /* Various useful flags */
+ sel_timer t; /* Response timer for challenge */
+ octet hc[HASHSZ]; /* Hash of his challenge */
+ mp *ck; /* The check value */
+ octet hswrq_in[HASHSZ]; /* Inbound switch request message */
+ octet hswok_in[HASHSZ]; /* Inbound switch confirmation */
+ octet hswrq_out[HASHSZ]; /* Outbound switch request message */
+ octet hswok_out[HASHSZ]; /* Outbound switch confirmation */
+} kxchal;
+
typedef struct keyexch {
- keyset **ks; /* Peer's list of keysets */
struct peer *p; /* Pointer back to the peer */
+ keyset **ks; /* Peer's list of keysets */
unsigned f; /* Various useful flags */
+ unsigned s; /* Current state in exchange */
sel_timer t; /* Timer for next exchange */
dh_pub kpub; /* Peer's public key */
- mp *my_x, *my_gx, *my_gxy; /* My half of the exchange */
- octet my_h[RMD160_HASHSZ]; /* My challenge hash */
- mp *your_gx, *your_gxy; /* Your half of the exchange */
- octet your_h[RMD160_HASHSZ]; /* Your challenge hash */
+ time_t texp_kpub; /* Expiry time for public key */
+ mp *alpha; /* My temporary secret */
+ mp *c; /* My challenge */
+ mp *rx; /* The expected response */
+ unsigned nr; /* Number of extant responses */
time_t t_valid; /* When this exchange goes bad */
- time_t t_qchal, t_qresp; /* Quiet timers for packet types */
- time_t t_newchal; /* When to accept a new challenge */
+ octet hc[HASHSZ]; /* Hash of my challenge */
+ kxchal *r[KX_NCHAL]; /* Array of challenges */
} keyexch;
#define KXF_TIMER 1u /* Waiting for a timer to go off */
-#define KXF_INIT 2u /* Big numbers are initialized */
-#define KXF_MYH 4u /* My hash has been computed */
-#define KXF_YOURH 8u /* Your hash has been received */
-#define KXF_REPLY 16u /* Received your response OK */
-#define KXF_DONE 32u /* Key exchange completed */
+#define KXF_DEAD 2u /* The key-exchanger isn't up */
+#define KXF_PUBKEY 4u /* Key exchanger has a public key */
+
+enum {
+ KXS_DEAD, /* Uninitialized state (magical) */
+ KXS_CHAL, /* Main answer-challenges state */
+ KXS_COMMIT, /* Committed: send switch request */
+ KXS_SWITCH /* Switched: send confirmation */
+};
/* --- Tunnel structure --- *
*
* Used to maintain system-specific information about the tunnel interface.
*/
+#if TUN_TYPE == TUN_LINUX
+# include <linux/if.h>
+# include <linux/if_tun.h>
+#endif
+
typedef struct tunnel {
-#if TUN_TYPE == TUN_UNET
+#if TUN_TYPE == TUN_UNET
sel_file f; /* Selector for Usernet device */
struct peer *p; /* Pointer to my peer */
+#elif TUN_TYPE == TUN_LINUX
+ sel_file f; /* Selector for TUN/TAP device */
+ struct peer *p; /* Pointer to my peer */
+ char ifn[IFNAMSIZ]; /* Interface name buffer */
#elif TUN_TYPE == TUN_BSD
sel_file f; /* Selector for tunnel device */
struct peer *p; /* Pointer to my peer */
#endif
} tunnel;
+/* --- Peer statistics --- *
+ *
+ * Contains various interesting and not-so-interesting statistics about a
+ * peer. This is updated by various parts of the code. The format of the
+ * structure isn't considered private, and @p_stats@ returns a pointer to the
+ * statistics block for a given peer.
+ */
+
+typedef struct stats {
+ unsigned long sz_in, sz_out; /* Size of all data in and out */
+ unsigned long sz_kxin, sz_kxout; /* Size of key exchange messages */
+ unsigned long sz_ipin, sz_ipout; /* Size of encapsulated IP packets */
+ time_t t_start, t_last; /* Time peer created, last recv */
+ unsigned long n_reject; /* Number of rejected packets */
+ unsigned long n_in, n_out; /* Number of packets in and out */
+ unsigned long n_kxin, n_kxout; /* Number of key exchange packets */
+ unsigned long n_ipin, n_ipout; /* Number of encrypted packets */
+} stats;
+
/* --- Peer structure --- *
*
* The main structure which glues everything else together.
char *name; /* Name of this peer */
tunnel t; /* Tunnel for local packets */
keyset *ks; /* List head for keysets */
- keyexch kx; /* Key exchange protocol block */
buf b; /* Buffer for sending packets */
addr peer; /* Peer socket address */
size_t sasz; /* Socket address size */
+ stats st; /* Statistics */
+ keyexch kx; /* Key exchange protocol block */
} peer;
/* --- Admin structure --- */
+#define OBUFSZ 16384u
+
+typedef struct obuf {
+ struct obuf *next; /* Next buffer in list */
+ char *p_in, *p_out; /* Pointers into the buffer */
+ char buf[OBUFSZ]; /* The actual buffer */
+} obuf;
+
typedef struct admin {
struct admin *next, *prev; /* Links to next and previous */
- selbuf b; /* Line buffer for commands */
- int fd; /* File descriptor for output */
+ unsigned f; /* Various useful flags */
#ifndef NTRACE
unsigned seq; /* Sequence number for tracing */
#endif
char *pname; /* Peer name to create */
char *paddr; /* Address string to resolve */
+ obuf *o_head, *o_tail; /* Output buffer list */
+ selbuf b; /* Line buffer for commands */
+ sel_file w; /* Selector for write buffering */
bres_client r; /* Background resolver task */
sel_timer t; /* Timer for resolver */
addr peer; /* Address to set */
size_t sasz; /* Size of the address */
} admin;
+#define AF_DEAD 1u /* Destroy this admin block */
+#define AF_LOCK 2u /* Don't destroy it yet */
+
/*----- Global variables --------------------------------------------------*/
extern sel_state sel; /* Global I/O event state */
extern dh_priv kpriv; /* Our private key */
extern mpmont mg; /* Montgomery context for DH group */
-extern octet buf_i[PKBUFSZ], buf_o[PKBUFSZ]; /* Big packet buffers */
+extern octet buf_i[PKBUFSZ], buf_o[PKBUFSZ], buf_t[PKBUFSZ];
#ifndef NTRACE
extern const trace_opt tr_opts[]; /* Trace options array */
*
* Arguments: @const char *tag@ = public key tag to load
* @dh_pub *kpub@ = where to put the public key
+ * @time_t *t_exp@ = where to put the expiry time
*
* Returns: Zero if OK, nonzero if it failed.
*
* Use: Fetches a public key from the keyring.
*/
-extern int km_getpubkey(const char */*tag*/, dh_pub */*kpub*/);
+extern int km_getpubkey(const char */*tag*/, dh_pub */*kpub*/,
+ time_t */*t_exp*/);
/*----- Key exchange ------------------------------------------------------*/
extern void kx_start(keyexch */*kx*/);
-/* --- @kx_prechallenge@ --- *
- *
- * Arguments: @keyexch *kx@ = pointer to key exhange context
- * @buf *b@ = pointer to buffer containing the packet
- *
- * Returns: ---
- *
- * Use: Reads a prechallenge packet from the buffer and handles it.
- */
-
-extern void kx_prechallenge(keyexch */*kx*/, buf */*b*/);
-
-/* --- @kx_challenge@ --- *
- *
- * Arguments: @keyexch *kx@ = pointer to key exchange context
- * @buf *b@ = a buffer containing the packet to read
- *
- * Returns: ---
- *
- * Use: Reads a challenge from the buffer and handles it.
- */
-
-extern void kx_challenge(keyexch */*kx*/, buf */*b*/);
-
-/* --- @kx_response@ --- *
+/* --- @kx_message@ --- *
*
* Arguments: @keyexch *kx@ = pointer to key exchange context
- * @buf *b@ = a buffer containing the packet to read
+ * @unsigned msg@ = the message code
+ * @buf *b@ = pointer to buffer containing the packet
*
* Returns: ---
*
- * Use: Reads a response from the buffer and handles it.
+ * Use: Reads a packet containing key exchange messages and handles
+ * it.
*/
-extern void kx_response(keyexch */*kx*/, buf */*b*/);
+extern void kx_message(keyexch */*kx*/, unsigned /*msg*/, buf */*b*/);
/* --- @kx_free@ --- *
*
/*----- Keysets and symmetric cryptography --------------------------------*/
-/* --- @ks_free@ --- *
+/* --- @ks_drop@ --- *
+ *
+ * Arguments: @keyset *ks@ = pointer to a keyset
+ *
+ * Returns: ---
+ *
+ * Use: Decrements a keyset's reference counter. If the counter hits
+ * zero, the keyset is freed.
+ */
+
+extern void ks_drop(keyset */*ks*/);
+
+/* --- @ks_gen@ --- *
+ *
+ * Arguments: @const void *k@ = pointer to key material
+ * @size_t x, y, z@ = offsets into key material (see below)
+ * @peer *p@ = pointer to peer information
+ *
+ * Returns: A pointer to the new keyset.
+ *
+ * Use: Derives a new keyset from the given key material. The
+ * offsets @x@, @y@ and @z@ separate the key material into three
+ * parts. Between the @k@ and @k + x@ is `my' contribution to
+ * the key material; between @k + x@ and @k + y@ is `your'
+ * contribution; and between @k + y@ and @k + z@ is a shared
+ * value we made together. These are used to construct two
+ * pairs of symmetric keys. Each pair consists of an encryption
+ * key and a message authentication key. One pair is used for
+ * outgoing messages, the other for incoming messages.
+ *
+ * The new key is marked so that it won't be selected for output
+ * by @ksl_encrypt@. You can still encrypt data with it by
+ * calling @ks_encrypt@ directly.
+ */
+
+extern keyset *ks_gen(const void */*k*/,
+ size_t /*x*/, size_t /*y*/, size_t /*z*/,
+ peer */*p*/);
+
+/* --- @ks_tregen@ --- *
+ *
+ * Arguments: @keyset *ks@ = pointer to a keyset
+ *
+ * Returns: The time at which moves ought to be made to replace this key.
+ */
+
+extern time_t ks_tregen(keyset */*ks*/);
+
+/* --- @ks_activate@ --- *
+ *
+ * Arguments: @keyset *ks@ = pointer to a keyset
+ *
+ * Returns: ---
+ *
+ * Use: Activates a keyset, so that it can be used for encrypting
+ * outgoing messages.
+ */
+
+extern void ks_activate(keyset */*ks*/);
+
+/* --- @ks_encrypt@ --- *
+ *
+ * Arguments: @keyset *ks@ = pointer to a keyset
+ * @buf *b@ = pointer to input buffer
+ * @buf *bb@ = pointer to output buffer
+ *
+ * Returns: Zero if OK, nonzero if the key needs replacing. If the
+ * encryption failed, the output buffer is broken and zero is
+ * returned.
+ *
+ * Use: Encrypts a block of data using the key. Note that the `key
+ * ought to be replaced' notification is only ever given once
+ * for each key. Also note that this call forces a keyset to be
+ * used even if it's marked as not for data output.
+ */
+
+extern int ks_encrypt(keyset */*ks*/, buf */*b*/, buf */*bb*/);
+
+/* --- @ks_decrypt@ --- *
+ *
+ * Arguments: @keyset *ks@ = pointer to a keyset
+ * @buf *b@ = pointer to an input buffer
+ * @buf *bb@ = pointer to an output buffer
+ *
+ * Returns: Zero on success, or nonzero if there was some problem.
+ *
+ * Use: Attempts to decrypt a message using a given key. Note that
+ * requesting decryption with a key directly won't clear a
+ * marking that it's not for encryption.
+ */
+
+extern int ks_decrypt(keyset */*ks*/, buf */*b*/, buf */*bb*/);
+
+/* --- @ksl_free@ --- *
*
* Arguments: @keyset **ksroot@ = pointer to keyset list head
*
* Returns: ---
*
- * Use: Frees all of the keys in a keyset.
+ * Use: Frees (releases references to) all of the keys in a keyset.
*/
-extern void ks_free(keyset **/*ksroot*/);
+extern void ksl_free(keyset **/*ksroot*/);
-/* --- @ks_prune@ --- *
+/* --- @ksl_link@ --- *
*
* Arguments: @keyset **ksroot@ = pointer to keyset list head
+ * @keyset *ks@ = pointer to a keyset
*
* Returns: ---
*
- * Use: Prunes the keyset list by removing keys which mustn't be used
- * any more.
+ * Use: Links a keyset into a list. A keyset can only be on one list
+ * at a time. Bad things happen otherwise.
*/
-extern void ks_prune(keyset **/*ksroot*/);
+extern void ksl_link(keyset **/*ksroot*/, keyset */*ks*/);
-/* --- @ks_gen@ --- *
+/* --- @ksl_prune@ --- *
*
* Arguments: @keyset **ksroot@ = pointer to keyset list head
- * @const void *k@ = pointer to key material
- * @size_t sz@ = size of the key material
*
- * Returns: The regeneration time for the new key.
+ * Returns: ---
*
- * Use: Derives a keyset from the given key material and adds it to
- * the list.
+ * Use: Prunes the keyset list by removing keys which mustn't be used
+ * any more.
*/
-extern time_t ks_gen(keyset **/*ksroot*/, const void */*k*/, size_t /*sz*/);
+extern void ksl_prune(keyset **/*ksroot*/);
-/* --- @ks_encrypt@ --- *
+/* --- @ksl_encrypt@ --- *
*
* Arguments: @keyset **ksroot@ = pointer to keyset list head
* @buf *b@ = pointer to input buffer
* Use: Encrypts a packet.
*/
-extern int ks_encrypt(keyset **/*ksroot*/, buf */*b*/, buf */*bb*/);
+extern int ksl_encrypt(keyset **/*ksroot*/, buf */*b*/, buf */*bb*/);
-/* --- @ks_decrypt@ --- *
+/* --- @ksl_decrypt@ --- *
*
* Arguments: @keyset **ksroot@ = pointer to keyset list head
* @buf *b@ = pointer to input buffer
* Use: Decrypts a packet.
*/
-extern int ks_decrypt(keyset **/*ksroot*/, buf */*b*/, buf */*bb*/);
+extern int ksl_decrypt(keyset **/*ksroot*/, buf */*b*/, buf */*bb*/);
/*----- Administration interface ------------------------------------------*/
extern void p_interval(void);
+/* --- @p_stats@ --- *
+ *
+ * Arguments: @peer *p@ = pointer to a peer block
+ *
+ * Returns: A pointer to the peer's statistics.
+ */
+
+extern stats *p_stats(peer */*p*/);
+
/* --- @p_ifname@ --- *
*
* Arguments: @peer *p@ = pointer to a peer block
/* --- @p_init@ --- *
*
- * Arguments: @unsigned port@ = port number to listen to
+ * Arguments: @struct in_addr addr@ = address to bind to
+ * @unsigned port@ = port number to listen to
*
* Returns: ---
*
* Use: Initializes the peer system; creates the socket.
*/
-extern void p_init(unsigned /*port*/);
+extern void p_init(struct in_addr /*addr*/, unsigned /*port*/);
/* --- @p_port@ --- *
*
extern void tun_destroy(tunnel */*t*/);
-/*----- Buffer handling ---------------------------------------------------*/
-
-/* --- Useful macros --- */
-
-#define BBASE(b) ((b)->base)
-#define BLIM(b) ((b)->limit)
-#define BCUR(b) ((b)->p)
-#define BSZ(b) ((b)->limit - (b)->base)
-#define BLEN(b) ((b)->p - (b)->base)
-#define BLEFT(b) ((b)->limit - (b)->p)
-#define BSTEP(b, sz) ((b)->p += (sz))
-#define BBAD(b) ((b)->f & BF_BROKEN)
-#define BOK(b) (!BBAD(b))
-
-#define BENSURE(b, sz) \
- (BBAD(b) ? -1 : (sz) > BLEFT(b) ? (b)->f |= BF_BROKEN, -1 : 0)
-
-/* --- @buf_init@ --- *
- *
- * Arguments: @buf *b@ = pointer to a buffer block
- * @void *p@ = pointer to a buffer
- * @size_t sz@ = size of the buffer
- *
- * Returns: ---
- *
- * Use: Initializes the buffer block appropriately.
- */
-
-extern void buf_init(buf */*b*/, void */*p*/, size_t /*sz*/);
-
-/* --- @buf_break@ --- *
- *
- * Arguments: @buf *b@ = pointer to a buffer block
- *
- * Returns: Some negative value.
- *
- * Use: Marks a buffer as broken.
- */
-
-extern int buf_break(buf */*b*/);
-
-/* --- @buf_ensure@ --- *
- *
- * Arguments: @buf *b@ = pointer to a buffer block
- * @size_t sz@ = size of data wanted
- *
- * Returns: Zero if it worked, nonzero if there wasn't enough space.
- *
- * Use: Ensures that there are @sz@ bytes still in the buffer.
- */
-
-extern int buf_ensure(buf */*b*/, size_t /*sz*/);
-
-/* --- @buf_get@ --- *
- *
- * Arguments: @buf *b@ = pointer to a buffer block
- * @void *p@ = pointer to a buffer
- * @size_t sz@ = size of the buffer
- *
- * Returns: Zero if it worked, nonzero if there wasn't enough data.
- *
- * Use: Fetches data from the buffer into some other place.
- */
-
-extern int buf_get(buf */*b*/, void */*p*/, size_t /*sz*/);
-
-/* --- @buf_put@ --- *
- *
- * Arguments: @buf *b@ = pointer to a buffer block
- * @const void *p@ = pointer to a buffer
- * @size_t sz@ = size of the buffer
- *
- * Returns: Zero if it worked, nonzero if there wasn't enough space.
- *
- * Use: Fetches data from some place and puts it in the buffer
- */
-
-extern int buf_put(buf */*b*/, const void */*p*/, size_t /*sz*/);
-
-/* --- @buf_getbyte@ --- *
- *
- * Arguments: @buf *b@ = pointer to a buffer block
- *
- * Returns: A byte, or less than zero if there wasn't a byte there.
- *
- * Use: Gets a single byte from a buffer.
- */
-
-extern int buf_getbyte(buf */*b*/);
-
-/* --- @buf_putbyte@ --- *
- *
- * Arguments: @buf *b@ = pointer to a buffer block
- * @int ch@ = byte to write
- *
- * Returns: Zero if OK, nonzero if there wasn't enough space.
- *
- * Use: Puts a single byte in a buffer.
- */
-
-extern int buf_putbyte(buf */*b*/, int /*ch*/);
-
-/* --- @buf_getword@ --- *
- *
- * Arguments: @buf *b@ = pointer to a buffer block
- * @uint32 *w@ = where to put the word
- *
- * Returns: Zero if OK, or nonzero if there wasn't a word there.
- *
- * Use: Gets a 32-bit word from a buffer.
- */
-
-extern int buf_getword(buf */*b*/, uint32 */*w*/);
-
-/* --- @buf_putword@ --- *
- *
- * Arguments: @buf *b@ = pointer to a buffer block
- * @uint32 w@ = word to write
- *
- * Returns: Zero if OK, nonzero if there wasn't enough space.
- *
- * Use: Puts a 32-but word in a buffer.
- */
-
-extern int buf_putword(buf */*b*/, uint32 /*w*/);
-
-/* --- @buf_getmp@ --- *
- *
- * Arguments: @buf *b@ = pointer to a buffer block
- *
- * Returns: A multiprecision integer, or null if there wasn't one there.
- *
- * Use: Gets a multiprecision integer from a buffer.
- */
-
-extern mp *buf_getmp(buf */*b*/, mp */*d*/);
-
-/* --- @buf_putmp@ --- *
- *
- * Arguments: @buf *b@ = pointer to a buffer block
- * @mp *m@ = a multiprecision integer
- *
- * Returns: Zero if it worked, nonzero if there wasn't enough space.
- *
- * Use: Puts a multiprecision integer to a buffer.
- */
-
-extern int buf_putmp(buf */*b*/, mp */*m*/);
-
/*----- Other handy utilities ---------------------------------------------*/
/* --- @mpstr@ --- *
* Returns: A pointer to the integer's textual representation.
*
* Use: Converts a multiprecision integer to a string. Corrupts
- * @buf_o@.
+ * @buf_t@.
*/
extern const char *mpstr(mp */*m*/);
+/* --- @timestr@ --- *
+ *
+ * Arguments: @time_t t@ = a time to convert
+ *
+ * Returns: A pointer to a textual representation of the time.
+ *
+ * Use: Converts a time to a textual representation. Corrupts
+ * @buf_t@.
+ */
+
+extern const char *timestr(time_t /*t*/);
+
/*----- That's all, folks -------------------------------------------------*/
#ifdef __cplusplus