const gcmac *m; /* Message authentication code */
size_t hashsz; /* Hash output size */
size_t tagsz; /* Length to truncate MAC tags */
+ size_t expsz; /* Size of data to process */
size_t cksz, mksz; /* Key lengths for @c@ and @m@ */
} algswitch;
unsigned ref; /* Reference count for keyset */
struct peer *p; /* Pointer to peer structure */
time_t t_exp; /* Expiry time for this keyset */
- unsigned long sz_exp; /* Data limit for the keyset */
+ unsigned long sz_exp, sz_regen; /* Data limits for the keyset */
T( unsigned seq; ) /* Sequence number for tracing */
unsigned f; /* Various useful flags */
gcipher *cin, *cout; /* Keyset ciphers for encryption */
#define KSF_LISTEN 1u /* Don't encrypt packets yet */
#define KSF_LINK 2u /* Key is in a linked list */
+#define KSERR_REGEN -1 /* Regenerate keys */
+#define KSERR_NOKEYS -2 /* No keys left */
+#define KSERR_DECRYPT -3 /* Unable to decrypt message */
+
/* --- Key exchange --- *
*
* TrIPE uses the Wrestlers Protocol for its key exchange. The Wrestlers
typedef struct tunnel_ops {
const char *name; /* Name of this tunnel driver */
void (*init)(void); /* Initializes the system */
- tunnel *(*create)(struct peer */*p*/, char **/*ifn*/);
+ int (*open)(char **/*ifn*/); /* Open tunnel and report ifname */
+ tunnel *(*create)(struct peer */*p*/, int /*fd*/, char **/*ifn*/);
/* Initializes a new tunnel */
void (*setifname)(tunnel */*t*/, const char */*ifn*/);
/* Notifies ifname change */
* @buf *b@ = pointer to input buffer
* @buf *bb@ = pointer to output buffer
*
- * Returns: Zero if OK, nonzero if the key needs replacing. If the
- * encryption failed, the output buffer is broken and zero is
- * returned.
+ * Returns: Zero if successful; @KSERR_REGEN@ if we should negotiate a
+ * new key; @KSERR_NOKEYS@ if the key is not usable. Also
+ * returns zero if there was insufficient buffer (but the output
+ * buffer is broken in this case).
*
* Use: Encrypts a block of data using the key. Note that the `key
* ought to be replaced' notification is only ever given once
* @buf *b@ = pointer to an input buffer
* @buf *bb@ = pointer to an output buffer
*
- * Returns: Zero on success, or nonzero if there was some problem.
+ * Returns: Zero on success; @KSERR_DECRYPT@ on failure. Also returns
+ * zero if there was insufficient buffer (but the output buffer
+ * is broken in this case).
*
* Use: Attempts to decrypt a message using a given key. Note that
* requesting decryption with a key directly won't clear a
* @buf *b@ = pointer to input buffer
* @buf *bb@ = pointer to output buffer
*
- * Returns: Nonzero if a new key is needed.
+ * Returns: Zero if successful; @KSERR_REGEN@ if it's time to negotiate a
+ * new key; @KSERR_NOKEYS@ if there are no suitable keys
+ * available. Also returns zero if there was insufficient
+ * buffer space (but the output buffer is broken in this case).
*
* Use: Encrypts a packet.
*/
* @buf *b@ = pointer to input buffer
* @buf *bb@ = pointer to output buffer
*
- * Returns: Nonzero if the packet couldn't be decrypted.
+ * Returns: Zero on success; @KSERR_DECRYPT@ on failure. Also returns
+ * zero if there was insufficient buffer (but the output buffer
+ * is broken in this case).
*
* Use: Decrypts a packet.
*/
#define A_END ((char *)0)
+/* --- @a_vformat@ --- *
+ *
+ * Arguments: @dstr *d@ = where to leave the formatted message
+ * @const char *fmt@ = pointer to format string
+ * @va_list ap@ = arguments in list
+ *
+ * Returns: ---
+ *
+ * Use: Main message token formatting driver. The arguments are
+ * interleaved formatting tokens and their parameters, finally
+ * terminated by an entry @A_END@.
+ *
+ * Tokens recognized:
+ *
+ * * "*..." ... -- pretokenized @dstr_putf@-like string
+ *
+ * * "?ADDR" SOCKADDR -- a socket address, to be converted
+ *
+ * * "?B64" BUFFER SIZE -- binary data to be base64-encoded
+ *
+ * * "?TOKENS" VECTOR -- null-terminated vector of tokens
+ *
+ * * "?PEER" PEER -- peer's name
+ *
+ * * "?ERRNO" ERRNO -- system error code
+ *
+ * * "[!]..." ... -- @dstr_putf@-like string as single token
+ */
+
+extern void a_vformat(dstr */*d*/, const char */*fmt*/, va_list /*ap*/);
+
/* --- @a_warn@ --- *
*
* Arguments: @const char *fmt@ = pointer to format string
/* --- @a_init@ --- *
*
* Arguments: @const char *sock@ = socket name to create
+ * @uid_t u@ = user to own the socket
+ * @gid_t g@ = group to own the socket
*
* Returns: ---
*
* Use: Creates the admin listening socket.
*/
-extern void a_init(const char */*sock*/);
+extern void a_init(const char */*sock*/, uid_t /*u*/, gid_t /*g*/);
/*----- Mapping with addresses as keys ------------------------------------*/
~mdw / tripe / blobdiff