DHFMT_VAR /* Variable-width-format, mostly a bad idea */
};
+typedef struct deriveargs {
+ const char *what; /* Operation name (hashed) */
+ unsigned f; /* Flags */
+#define DF_IN 1u /* Make incoming key */
+#define DF_OUT 2u /* Make outgoing key */
+ const gchash *hc; /* Hash class */
+ const octet *k; /* Pointer to contributions */
+ size_t x, y, z; /* Markers in contributions */
+} deriveargs;
+
typedef struct bulkalgs {
const struct bulkops *ops;
} bulkalgs;
size_t tagsz;
} bulkchal;
-struct rawkey;
-
typedef struct dhops {
const char *name;
* after which the keys must no longer be used.
*/
- bulkctx *(*genkeys)(const bulkalgs */*a*/, const struct rawkey */*rk*/);
+ bulkctx *(*genkeys)(const bulkalgs */*a*/, const deriveargs */*a*/);
/* Generate session keys and construct and return an appropriate
- * context for using them, by calling @ks_derive@.
+ * context for using them. The offsets @a->x@, @a->y@ and @a->z@
+ * separate the key material into three parts. Between @a->k@ and
+ * @a->k + a->x@ is `my' contribution to the key material; between
+ * @a->k + a->x@ and @a->k + a->y@ is `your' contribution; and
+ * between @a->k + a->y@ and @a->k + a->z@ is a shared value we made
+ * together. These are used to construct (up to) two collections of
+ * symmetric keys: one for outgoing messages, the other for incoming
+ * messages. If @a->x == 0@ (or @a->y == a->x@) then my (or your)
+ * contribution is omitted.
*/
bulkchal *(*genchal)(const bulkalgs */*a*/);
/* Release a bulk encryption context and the resources it holds. */
int (*chaltag)(bulkchal */*bc*/, const void */*m*/, size_t /*msz*/,
- void */*t*/);
- /* Calculate a tag for the challenge in @m@, @msz@, and write it to
- * @t@. Return @-1@ on error, zero on success.
+ uint32 /*seq*/, void */*t*/);
+ /* Calculate a tag for the challenge in @m@, @msz@, with the sequence
+ * number @seq@, and write it to @t@. Return @-1@ on error, zero on
+ * success.
*/
int (*chalvrf)(bulkchal */*bc*/, const void */*m*/, size_t /*msz*/,
- const void */*t*/);
- /* Check the tag @t@ on @m@, @msz@: return zero if the tag is OK,
- * nonzero if it's bad.
+ uint32 /*seq*/, const void */*t*/);
+ /* Check the tag @t@ on @m@, @msz@ and @seq@: return zero if the tag
+ * is OK, nonzero if it's bad.
*/
void (*freechal)(bulkchal */*bc*/);
extern void kx_newkeys(keyexch */*kx*/);
-/* --- @kx_init@ --- *
+/* --- @kx_setup@ --- *
*
* Arguments: @keyexch *kx@ = pointer to key exchange context
* @peer *p@ = pointer to peer context
* exchange.
*/
-extern int kx_init(keyexch */*kx*/, peer */*p*/,
- keyset **/*ks*/, unsigned /*f*/);
+extern int kx_setup(keyexch */*kx*/, peer */*p*/,
+ keyset **/*ks*/, unsigned /*f*/);
/*----- Keysets and symmetric cryptography --------------------------------*/
extern void ks_drop(keyset */*ks*/);
-/* --- @ks_derivekey@ --- *
- *
- * Arguments: @octet *k@ = pointer to an output buffer of at least
- * @MAXHASHSZ@ bytes
- * @size_t ksz@ = actual size wanted (for tracing)
- * @const struct rawkey *rk@ = a raw key, as passed into
- * @genkeys@
- * @int dir@ = direction for the key (@DIR_IN@ or @DIR_OUT@)
- * @const char *what@ = label for the key (input to derivation)
- *
- * Returns: ---
- *
- * Use: Derives a session key, for use on incoming or outgoing data.
- * This function is part of a private protocol between @ks_gen@
- * and the bulk crypto transform @genkeys@ operation.
- */
-
-extern void ks_derivekey(octet */*k*/, size_t /*ksz*/,
- const struct rawkey */*rk*/,
- int /*dir*/, const char */*what*/);
-
/* --- @ks_gen@ --- *
*
- * Arguments: @const void *k@ = pointer to key material
- * @size_t x, y, z@ = offsets into key material (see below)
+ * Arguments: @deriveargs *a@ = key derivation parameters (modified)
* @peer *p@ = pointer to peer information
*
* Returns: A pointer to the new keyset.
*
- * Use: Derives a new keyset from the given key material. The
- * offsets @x@, @y@ and @z@ separate the key material into three
- * parts. Between the @k@ and @k + x@ is `my' contribution to
- * the key material; between @k + x@ and @k + y@ is `your'
- * contribution; and between @k + y@ and @k + z@ is a shared
- * value we made together. These are used to construct two
- * collections of symmetric keys: one for outgoing messages, the
- * other for incoming messages.
+ * Use: Derives a new keyset from the given key material. This will
+ * set the @what@, @f@, and @hc@ members in @*a@; other members
+ * must be filled in by the caller.
*
* The new key is marked so that it won't be selected for output
* by @ksl_encrypt@. You can still encrypt data with it by
* calling @ks_encrypt@ directly.
*/
-extern keyset *ks_gen(const void */*k*/,
- size_t /*x*/, size_t /*y*/, size_t /*z*/,
- peer */*p*/);
+extern keyset *ks_gen(deriveargs */*a*/, peer */*p*/);
/* --- @ks_activate@ --- *
*
/* --- @c_new@ --- *
*
- * Arguments: @buf *b@ = where to put the challenge
+ * Arguments: @const void *m@ = pointer to associated message, or null
+ * @size_t msz@ = length of associated message
+ * @buf *b@ = where to put the challenge
*
* Returns: Zero if OK, nonzero on error.
*
* Use: Issues a new challenge.
*/
-extern int c_new(buf */*b*/);
+extern int c_new(const void */*m*/, size_t /*msz*/, buf */*b*/);
/* --- @c_check@ --- *
*
- * Arguments: @buf *b@ = where to find the challenge
+ * Arguments: @const void *m@ = pointer to associated message, or null
+ * @size_t msz@ = length of associated message
+ * @buf *b@ = where to find the challenge
*
* Returns: Zero if OK, nonzero if it didn't work.
*
* Use: Checks a challenge. On failure, the buffer is broken.
*/
-extern int c_check(buf */*b*/);
+extern int c_check(const void */*m*/, size_t /*msz*/, buf */*b*/);
/*----- Administration interface ------------------------------------------*/
extern int seq_check(seqwin */*s*/, uint32 /*q*/, const char */*service*/);
+typedef struct ratelim {
+ unsigned n, max, persec;
+ struct timeval when;
+} ratelim;
+
+/* --- @ratelim_init@ --- *
+ *
+ * Arguments: @ratelim *r@ = rate-limiting state to fill in
+ * @unsigned persec@ = credit to accumulate per second
+ * @unsigned max@ = maximum credit to retain
+ *
+ * Returns: ---
+ *
+ * Use: Initialize a rate-limiting state.
+ */
+
+extern void ratelim_init(ratelim */*r*/,
+ unsigned /*persec*/, unsigned /*max*/);
+
+/* --- @ratelim_withdraw@ --- *
+ *
+ * Arguments: @ratelim *r@ = rate-limiting state
+ * @unsigned n@ = credit to withdraw
+ *
+ * Returns: Zero if successful; @-1@ if there is unsufficient credit
+ *
+ * Use: Updates the state with any accumulated credit. Then, if
+ * there there are more than @n@ credits available, withdraw @n@
+ * and return successfully; otherwise, report failure.
+ */
+
+extern int ratelim_withdraw(ratelim */*r*/, unsigned /*n*/);
+
+/* --- @ies_encrypt@ --- *
+ *
+ * Arguments: @kdata *kpub@ = recipient's public key
+ * @unsigned ty@ = message type octet
+ * @buf *b@ = input message buffer
+ * @buf *bb@ = output buffer for the ciphertext
+ *
+ * Returns: On error, returns a @KSERR_...@ code or breaks the buffer;
+ * on success, returns zero and the buffer is good.
+ *
+ * Use: Encrypts a message for a recipient, given their public key.
+ * This does not (by itself) provide forward secrecy or sender
+ * authenticity. The ciphertext is self-delimiting (unlike
+ * @ks_encrypt@).
+ */
+
+extern int ies_encrypt(kdata */*kpub*/, unsigned /*ty*/,
+ buf */*b*/, buf */*bb*/);
+
+/* --- @ies_decrypt@ --- *
+ *
+ * Arguments: @kdata *kpub@ = private key key
+ * @unsigned ty@ = message type octet
+ * @buf *b@ = input ciphertext buffer
+ * @buf *bb@ = output buffer for the message
+ *
+ * Returns: On error, returns a @KSERR_...@ code; on success, returns
+ * zero and the buffer is good.
+ *
+ * Use: Decrypts a message encrypted using @ies_encrypt@, given our
+ * private key.
+ */
+
+extern int ies_decrypt(kdata */*kpriv*/, unsigned /*ty*/,
+ buf */*b*/, buf */*bb*/);
+
/*----- That's all, folks -------------------------------------------------*/
#ifdef __cplusplus
~mdw / tripe / blobdiff