/* -*-c-*-
- *
- * $Id$
*
* Main header file for TrIPE
*
* (c) 2001 Straylight/Edgeware
*/
-/*----- Licensing notice --------------------------------------------------*
+/*----- Licensing notice --------------------------------------------------*
*
* This file is part of Trivial IP Encryption (TrIPE).
*
- * TrIPE is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * TrIPE is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
+ * TrIPE is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at your
+ * option) any later version.
+ *
+ * TrIPE is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
* You should have received a copy of the GNU General Public License
- * along with TrIPE; if not, write to the Free Software Foundation,
- * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ * along with TrIPE. If not, see <https://www.gnu.org/licenses/>.
*/
#ifndef TRIPE_H
#include <unistd.h>
#include <fcntl.h>
#include <sys/stat.h>
+#include <sys/wait.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <mLib/arena.h>
#include <mLib/base64.h>
#include <mLib/bres.h>
+#include <mLib/codec.h>
#include <mLib/daemonize.h>
#include <mLib/dstr.h>
#include <mLib/env.h>
#include <mLib/fdflags.h>
+#include <mLib/fdpass.h>
#include <mLib/fwatch.h>
+#include <mLib/hash.h>
+#include <mLib/macros.h>
+#include <mLib/mdup.h>
#include <mLib/mdwopt.h>
#include <mLib/quis.h>
#include <mLib/report.h>
#include <mLib/versioncmp.h>
#include <catacomb/buf.h>
+#include <catacomb/ct.h>
+#include <catacomb/chacha.h>
#include <catacomb/gcipher.h>
#include <catacomb/gmac.h>
#include <catacomb/grand.h>
#include <catacomb/key.h>
#include <catacomb/paranoia.h>
+#include <catacomb/poly1305.h>
+#include <catacomb/salsa20.h>
#include <catacomb/noise.h>
#include <catacomb/rand.h>
#include <catacomb/mp.h>
+#include <catacomb/mpmont.h>
#include <catacomb/mprand.h>
#include <catacomb/dh.h>
#include <catacomb/ec.h>
+#include <catacomb/ec-raw.h>
#include <catacomb/ec-keys.h>
-#include <catacomb/group.h>
+#include <catacomb/x25519.h>
+#include <catacomb/x448.h>
+#include "priv.h"
#include "protocol.h"
+#include "slip.h"
#include "util.h"
#undef sun
#define T_KEYEXCH 64u
#define T_KEYMGMT 128u
#define T_CHAL 256u
+/* T_PRIVSEP in priv.h */
-#define T_ALL 511u
+#define T_ALL 1023u
/* --- Units --- */
#define SEC(n) (n##u)
#define MIN(n) (n##u * 60u)
+#define F_2P32 (65536.0*65536.0)
#define MEG(n) (n##ul * 1024ul * 1024ul)
+/* --- Timing parameters --- */
+
+#define T_EXP MIN(60) /* Expiry time for a key */
+#define T_REGEN MIN(40) /* Regeneration time for a key */
+
+#define T_VALID SEC(20) /* Challenge validity period */
+#define T_RETRYMIN SEC(2) /* Minimum retry interval */
+#define T_RETRYMAX MIN(5) /* Maximum retry interval */
+#define T_RETRYGROW (5.0/4.0) /* Retry interval growth factor */
+
+#define T_WOBBLE (1.0/3.0) /* Relative timer randomness */
+
/* --- Other things --- */
#define PKBUFSZ 65536
/*----- Cipher selections -------------------------------------------------*/
-typedef struct algswitch {
- const gccipher *c; /* Symmetric encryption scheme */
+typedef struct keyset keyset;
+typedef struct algswitch algswitch;
+typedef struct kdata kdata;
+typedef struct admin admin;
+
+typedef struct dhgrp {
+ const struct dhops *ops;
+ size_t scsz;
+} dhgrp;
+
+typedef struct dhsc dhsc;
+typedef struct dhge dhge;
+
+enum {
+ DHFMT_STD, /* Fixed-width format, suitable for encryption */
+ DHFMT_HASH, /* Deterministic format, suitable for hashing */
+ DHFMT_VAR /* Variable-width-format, mostly a bad idea */
+};
+
+typedef struct bulkalgs {
+ const struct bulkops *ops;
+} bulkalgs;
+
+typedef struct bulkctx {
+ const struct bulkops *ops;
+} bulkctx;
+
+typedef struct bulkchal {
+ const struct bulkops *ops;
+ size_t tagsz;
+} bulkchal;
+
+struct rawkey;
+
+typedef struct dhops {
+ const char *name;
+
+ int (*ldpriv)(key_file */*kf*/, key */*k*/, key_data */*d*/,
+ kdata */*kd*/, dstr */*t*/, dstr */*e*/);
+ /* Load a private key from @d@, storing the data in @kd@. The key's
+ * file and key object are in @kf@ and @k@, mostly in case its
+ * attributes are interesting; the key tag is in @t@; errors are
+ * reported by writing tokens to @e@ and returning nonzero.
+ */
+
+ int (*ldpub)(key_file */*kf*/, key */*k*/, key_data */*d*/,
+ kdata */*kd*/, dstr */*t*/, dstr */*e*/);
+ /* Load a public key from @d@, storing the data in @kd@. The key's
+ * file and key object are in @kf@ and @k@, mostly in case its
+ * attributes are interesting; the key tag is in @t@; errors are
+ * reported by writing tokens to @e@ and returning nonzero.
+ */
+
+ const char *(*checkgrp)(const dhgrp */*g*/);
+ /* Check that the group is valid; return null on success, or an error
+ * string.
+ */
+
+ void (*grpinfo)(const dhgrp */*g*/, admin */*a*/);
+ /* Report on the group to an admin client. */
+
+ T( void (*tracegrp)(const dhgrp */*g*/); )
+ /* Trace a description of the group. */
+
+ int (*samegrpp)(const dhgrp */*g*/, const dhgrp */*gg*/);
+ /* Return nonzero if the two group objects represent the same
+ * group.
+ */
+
+ void (*freegrp)(dhgrp */*g*/);
+ /* Free a group and the resources it holds. */
+
+ dhsc *(*ldsc)(const dhgrp */*g*/, const void */*p*/, size_t /*sz*/);
+ /* Load a scalar from @p@, @sz@ and return it. Return null on
+ * error.
+ */
+
+ int (*stsc)(const dhgrp */*g*/,
+ void */*p*/, size_t /*sz*/, const dhsc */*x*/);
+ /* Store a scalar at @p@, @sz@. Return nonzero on error. */
+
+ dhsc *(*randsc)(const dhgrp */*g*/);
+ /* Return a random scalar. */
+
+ T( const char *(*scstr)(const dhgrp */*g*/, const dhsc */*x*/); )
+ /* Return a human-readable representation of @x@; @buf_t@ may be used
+ * to hold it.
+ */
+
+ void (*freesc)(const dhgrp */*g*/, dhsc */*x*/);
+ /* Free a scalar and the resources it holds. */
+
+ dhge *(*ldge)(const dhgrp */*g*/, buf */*b*/, int /*fmt*/);
+ /* Load a group element from @b@, encoded using format @fmt@. Return
+ * null on error.
+ */
+
+ int (*stge)(const dhgrp */*g*/, buf */*b*/,
+ const dhge */*Y*/, int /*fmt*/);
+ /* Store a group element in @b@, encoded using format @fmt@. Return
+ * nonzero on error.
+ */
+
+ int (*checkge)(const dhgrp */*h*/, const dhge */*Y*/);
+ /* Check a group element for validity. Return zero if everything
+ * checks out; nonzero on failure.
+ */
+
+ int (*eq)(const dhgrp */*g*/, const dhge */*Y*/, const dhge */*Z*/);
+ /* Return nonzero if @Y@ and @Z@ are equal. */
+
+ dhge *(*mul)(const dhgrp */*g*/, const dhsc */*x*/, const dhge */*Y*/);
+ /* Multiply a group element by a scalar, resulting in a shared-secret
+ * group element. If @y@ is null, then multiply the well-known
+ * generator.
+ */
+
+ T( const char *(*gestr)(const dhgrp */*g*/, const dhge */*Y*/); )
+ /* Return a human-readable representation of @Y@; @buf_t@ may be used
+ * to hold it.
+ */
+
+ void (*freege)(const dhgrp */*g*/, dhge */*Y*/);
+ /* Free a group element and the resources it holds. */
+
+} dhops;
+
+typedef struct bulkops {
+ const char *name;
+
+ bulkalgs *(*getalgs)(const algswitch */*asw*/, dstr */*e*/,
+ key_file */*kf*/, key */*k*/);
+ /* Determine algorithms to use and return a @bulkalgs@ object
+ * representing the decision. On error, write tokens to @e@ and
+ * return null.
+ */
+
+ T( void (*tracealgs)(const bulkalgs */*a*/); )
+ /* Write trace information about the algorithm selection. */
+
+ int (*checkalgs)(bulkalgs */*a*/, const algswitch */*asw*/, dstr */*e*/);
+ /* Check that the algorithms in @a@ and @asw@ are acceptable. On
+ * error, write tokens to @e@ and return @-1@; otherwise return zero.
+ */
+
+ int (*samealgsp)(const bulkalgs */*a*/, const bulkalgs */*aa*/);
+ /* If @a@ and @aa@ represent the same algorithm selection, return
+ * nonzero; if not, return zero.
+ */
+
+ void (*alginfo)(const bulkalgs */*a*/, admin */*adm*/);
+ /* Report on the algorithm selection to an admin client: call
+ * @a_info@ with appropriate key-value pairs.
+ */
+
+ size_t (*overhead)(const bulkalgs */*a*/);
+ /* Return the per-packet overhead of the bulk transform, in bytes. */
+
+ size_t (*expsz)(const bulkalgs */*a*/);
+ /* Return the total size limit for the bulk transform, in bytes,
+ * after which the keys must no longer be used.
+ */
+
+ bulkctx *(*genkeys)(const bulkalgs */*a*/, const struct rawkey */*rk*/);
+ /* Generate session keys and construct and return an appropriate
+ * context for using them, by calling @ks_derive@.
+ */
+
+ bulkchal *(*genchal)(const bulkalgs */*a*/);
+ /* Construct and return a challenge issuing and verification
+ * context with a fresh random key.
+ */
+
+ void (*freealgs)(bulkalgs */*a*/);
+ /* Release an algorithm selection object. (Associated bulk
+ * encryption contexts and challenge contexts may still exist and
+ * must remain valid.)
+ */
+
+ int (*encrypt)(bulkctx */*bc*/, unsigned /*ty*/,
+ buf */*b*/, buf */*bb*/, uint32 /*seq*/);
+ /* Encrypt the packet in @b@, with type @ty@ (which doesn't need
+ * encoding separately) and sequence number @seq@ (which must be
+ * recoverable by @decrypt@), and write the result to @bb@. On
+ * error, return a @KSERR_...@ code and/or break the output buffer.
+ */
+
+ int (*decrypt)(bulkctx */*bc*/, unsigned /*ty*/,
+ buf */*b*/, buf */*bb*/, uint32 */*seq*/);
+ /* Decrypt the packet in @b@, with type @ty@, writing the result to
+ * @bb@ and storing the incoming (claimed) sequence number in @seq@.
+ * On error, return a @KSERR_...@ code.
+ */
+
+ void (*freectx)(bulkctx */*a*/);
+ /* Release a bulk encryption context and the resources it holds. */
+
+ int (*chaltag)(bulkchal */*bc*/, const void */*m*/, size_t /*msz*/,
+ void */*t*/);
+ /* Calculate a tag for the challenge in @m@, @msz@, and write it to
+ * @t@. Return @-1@ on error, zero on success.
+ */
+
+ int (*chalvrf)(bulkchal */*bc*/, const void */*m*/, size_t /*msz*/,
+ const void */*t*/);
+ /* Check the tag @t@ on @m@, @msz@: return zero if the tag is OK,
+ * nonzero if it's bad.
+ */
+
+ void (*freechal)(bulkchal */*bc*/);
+ /* Release a challenge context and the resources it holds. */
+
+} bulkops;
+
+struct algswitch {
+ const gchash *h; size_t hashsz; /* Hash function */
const gccipher *mgf; /* Mask-generation function */
- const gchash *h; /* Hash function */
- const gcmac *m; /* Message authentication code */
- size_t hashsz; /* Hash output size */
- size_t tagsz; /* Length to truncate MAC tags */
- size_t cksz, mksz; /* Key lengths for @c@ and @m@ */
-} algswitch;
+ bulkalgs *bulk; /* Bulk crypto algorithms */
+};
+
+struct kdata {
+ unsigned ref; /* Reference counter */
+ struct knode *kn; /* Pointer to cache entry */
+ char *tag; /* Full tag name of the key */
+ dhgrp *grp; /* The group we work in */
+ dhsc *k; /* The private key (or null) */
+ dhge *K; /* The public key */
+ time_t t_exp; /* Expiry time of the key */
+ algswitch algs; /* Collection of algorithms */
+};
-extern algswitch algs;
+typedef struct knode {
+ sym_base _b; /* Symbol table intrusion */
+ unsigned f; /* Various flags */
+#define KNF_BROKEN 1u /* Don't use this key any more */
+ struct keyhalf *kh; /* Pointer to the home keyhalf */
+ kdata *kd; /* Pointer to the key data */
+} knode;
#define MAXHASHSZ 64 /* Largest possible hash size */
#define HASH_STRING(h, s) GH_HASH((h), (s), sizeof(s))
+extern const dhops dhtab[];
+extern const bulkops bulktab[];
+
/*----- Data structures ---------------------------------------------------*/
+/* --- The address-family table --- */
+
+#define ADDRFAM(_) \
+ _(INET)
+
+enum {
+#define ENUM(af) AFIX_##af,
+ ADDRFAM(ENUM)
+#undef ENUM
+ NADDRFAM
+};
+
+extern const struct addrfam {
+ int af;
+ const char *name;
+} aftab[NADDRFAM];
+
/* --- Socket addresses --- *
*
* A magic union of supported socket addresses.
struct sockaddr_in sin;
} addr;
+/* --- Mapping keyed on addresses --- */
+
+typedef struct addrmap {
+ hash_table t;
+ size_t load;
+} addrmap;
+
+typedef struct addrmap_base {
+ hash_base b;
+ addr a;
+} addrmap_base;
+
/* --- Sequence number checking --- */
typedef struct seqwin {
* expiry.
*/
-typedef struct keyset {
+enum { DIR_IN, DIR_OUT, NDIR };
+
+struct keyset {
struct keyset *next; /* Next active keyset in the list */
unsigned ref; /* Reference count for keyset */
struct peer *p; /* Pointer to peer structure */
time_t t_exp; /* Expiry time for this keyset */
- unsigned long sz_exp; /* Data limit for the keyset */
+ unsigned long sz_exp, sz_regen; /* Data limits for the keyset */
T( unsigned seq; ) /* Sequence number for tracing */
unsigned f; /* Various useful flags */
- gcipher *cin, *cout; /* Keyset ciphers for encryption */
- size_t tagsz; /* Length to truncate MAC tags */
- gmac *min, *mout; /* Keyset MACs for integrity */
+ bulkctx *bulk; /* Bulk crypto transform */
uint32 oseq; /* Outbound sequence number */
seqwin iseq; /* Inbound sequence number */
-} keyset;
+};
#define KSF_LISTEN 1u /* Don't encrypt packets yet */
#define KSF_LINK 2u /* Key is in a linked list */
+#define KSERR_REGEN -1 /* Regenerate keys */
+#define KSERR_NOKEYS -2 /* No keys left */
+#define KSERR_DECRYPT -3 /* Unable to decrypt message */
+#define KSERR_SEQ -4 /* Incorrect sequence number */
+#define KSERR_MALFORMED -5 /* Input ciphertext is broken */
+
/* --- Key exchange --- *
*
* TrIPE uses the Wrestlers Protocol for its key exchange. The Wrestlers
* Clive Jones.
*/
+typedef struct retry {
+ double t; /* Current retry time */
+} retry;
+
#define KX_NCHAL 16u
typedef struct kxchal {
struct keyexch *kx; /* Pointer back to key exchange */
- ge *c; /* Responder's challenge */
- ge *r; /* My reply to the challenge */
+ dhge *C; /* Responder's challenge */
+ dhge *R; /* My reply to the challenge */
keyset *ks; /* Pointer to temporary keyset */
unsigned f; /* Various useful flags */
sel_timer t; /* Response timer for challenge */
+ retry rs; /* Retry state */
octet hc[MAXHASHSZ]; /* Hash of his challenge */
octet ck[MAXHASHSZ]; /* His magical check value */
octet hswrq_in[MAXHASHSZ]; /* Inbound switch request message */
typedef struct keyexch {
struct peer *p; /* Pointer back to the peer */
+ kdata *kpriv; /* Private key and related info */
+ kdata *kpub; /* Peer's public key */
keyset **ks; /* Peer's list of keysets */
unsigned f; /* Various useful flags */
unsigned s; /* Current state in exchange */
sel_timer t; /* Timer for next exchange */
- ge *kpub; /* Peer's public key */
- time_t texp_kpub; /* Expiry time for public key */
- mp *alpha; /* My temporary secret */
- ge *c; /* My challenge */
- ge *rx; /* The expected response */
+ retry rs; /* Retry state */
+ dhsc *a; /* My temporary secret */
+ dhge *C; /* My challenge */
+ dhge *RX; /* The expected response */
unsigned nr; /* Number of extant responses */
time_t t_valid; /* When this exchange goes bad */
octet hc[MAXHASHSZ]; /* Hash of my challenge */
#define KXF_TIMER 1u /* Waiting for a timer to go off */
#define KXF_DEAD 2u /* The key-exchanger isn't up */
#define KXF_PUBKEY 4u /* Key exchanger has a public key */
+#define KXF_CORK 8u /* Don't send anything yet */
enum {
KXS_DEAD, /* Uninitialized state (magical) */
typedef struct tunnel_ops {
const char *name; /* Name of this tunnel driver */
+ unsigned flags; /* Various interesting flags */
+#define TUNF_PRIVOPEN 1u /* Need helper to open file */
void (*init)(void); /* Initializes the system */
- tunnel *(*create)(struct peer */*p*/, char **/*ifn*/);
+ tunnel *(*create)(struct peer */*p*/, int /*fd*/, char **/*ifn*/);
/* Initializes a new tunnel */
void (*setifname)(tunnel */*t*/, const char */*ifn*/);
/* Notifies ifname change */
typedef struct peerspec {
char *name; /* Peer's name */
+ char *privtag; /* Private key tag */
+ char *tag; /* Public key tag */
const tunnel_ops *tops; /* Tunnel operations */
unsigned long t_ka; /* Keep alive interval */
addr sa; /* Socket address to speak to */
- size_t sasz; /* Socket address size */
+ unsigned f; /* Flags for the peer */
+#define PSF_KXMASK 255u /* Key-exchange flags to set */
+#define PSF_MOBILE 256u /* Address may change rapidly */
} peerspec;
+typedef struct peer_byname {
+ sym_base _b;
+ struct peer *p;
+} peer_byname;
+
+typedef struct peer_byaddr {
+ addrmap_base _b;
+ struct peer *p;
+} peer_byaddr;
+
typedef struct peer {
- struct peer *next, *prev; /* Links to next and previous */
+ peer_byname *byname; /* Lookup-by-name block */
+ peer_byaddr *byaddr; /* Lookup-by-address block */
struct ping *pings; /* Pings we're waiting for */
peerspec spec; /* Specifications for this peer */
+ int afix; /* Index of address family */
tunnel *t; /* Tunnel for local packets */
char *ifname; /* Interface name for tunnel */
keyset *ks; /* List head for keysets */
sel_timer tka; /* Timer for keepalives */
} peer;
+typedef struct peer_iter { sym_iter i; } peer_iter;
+
typedef struct ping {
struct ping *next, *prev; /* Links to next and previous */
peer *p; /* Peer so we can free it */
bres_client r; /* Background resolver task */
sel_timer t; /* Timer for resolver */
addr sa; /* Socket address */
+ unsigned port; /* Port number chosen */
size_t sasz; /* Socket address size */
void (*func)(struct admin_resop *, int); /* Handler */
} admin_resop;
peerspec peer; /* Peer pending creation */
} admin_addop;
-typedef struct admin_greetop {
- admin_resop r; /* Name resolution header */
- void *c; /* Challenge block */
- size_t sz; /* Length of challenge */
-} admin_greetop;
-
typedef struct admin_pingop {
admin_bgop bg; /* Background operation header */
ping ping; /* Ping pending response */
typedef struct admin_svcop {
admin_bgop bg; /* Background operation header */
struct admin *prov; /* Client servicing this job */
- unsigned short index; /* This job's index */
+ unsigned index; /* This job's index */
struct admin_svcop *next, *prev; /* Links for provider's jobs */
} admin_svcop;
admin_jobentry *v; /* And the big array of entries */
} admin_jobtable;
-typedef struct admin {
+struct admin {
struct admin *next, *prev; /* Links to next and previous */
unsigned f; /* Various useful flags */
unsigned ref; /* Reference counter */
admin_jobtable j; /* Table of outstanding jobs */
selbuf b; /* Line buffer for commands */
sel_file w; /* Selector for write buffering */
-} admin;
+};
#define AF_DEAD 1u /* Destroy this admin block */
#define AF_CLOSE 2u /* Client closed connection */
#define AF_NOTE 4u /* Catch notifications */
#define AF_WARN 8u /* Catch warning messages */
#ifndef NTRACE
- #define AF_TRACE 16u /* Catch tracing */
+# define AF_TRACE 16u /* Catch tracing */
#endif
+#define AF_FOREGROUND 32u /* Quit server when client closes */
#ifndef NTRACE
# define AF_ALLMSGS (AF_NOTE | AF_TRACE | AF_WARN)
/*----- Global variables --------------------------------------------------*/
extern sel_state sel; /* Global I/O event state */
-extern group *gg; /* The group we work in */
-extern size_t indexsz; /* Size of exponent for the group */
-extern mp *kpriv; /* Our private key */
-extern ge *kpub; /* Our public key */
-extern octet buf_i[PKBUFSZ], buf_o[PKBUFSZ], buf_t[PKBUFSZ];
+extern octet buf_i[PKBUFSZ], buf_o[PKBUFSZ], buf_t[PKBUFSZ], buf_u[PKBUFSZ];
extern const tunnel_ops *tunnels[]; /* Table of tunnels (0-term) */
extern const tunnel_ops *tun_default; /* Default tunnel to use */
+extern sel_file udpsock[NADDRFAM]; /* The master UDP sockets */
+extern kdata *master; /* Default private key */
+extern const char *tag_priv; /* Default private key tag */
#ifndef NTRACE
extern const trace_opt tr_opts[]; /* Trace options array */
/*----- Other macros ------------------------------------------------------*/
-#define TIMER noise_timer(RAND_GLOBAL)
+#define QUICKRAND \
+ do { rand_quick(RAND_GLOBAL); noise_timer(RAND_GLOBAL); } while (0)
/*----- Key management ----------------------------------------------------*/
+/* --- @km_init@ --- *
+ *
+ * Arguments: @const char *privkr@ = private keyring file
+ * @const char *pubkr@ = public keyring file
+ * @const char *ptag@ = default private-key tag
+ *
+ * Returns: ---
+ *
+ * Use: Initializes the key-management machinery, loading the
+ * keyrings and so on.
+ */
+
+extern void km_init(const char */*privkr*/, const char */*pubkr*/,
+ const char */*ptag*/);
+
/* --- @km_reload@ --- *
*
* Arguments: ---
extern int km_reload(void);
-/* --- @km_init@ --- *
+/* --- @km_findpub@, @km_findpriv@ --- *
+ *
+ * Arguments: @const char *tag@ = key tag to load
+ *
+ * Returns: Pointer to the kdata object if successful, or null on error.
+ *
+ * Use: Fetches a public or private key from the keyring.
+ */
+
+extern kdata *km_findpub(const char */*tag*/);
+extern kdata *km_findpriv(const char */*tag*/);
+
+/* --- @km_samealgsp@ --- *
*
- * Arguments: @const char *kr_priv@ = private keyring file
- * @const char *kr_pub@ = public keyring file
- * @const char *tag@ = tag to load
+ * Arguments: @const kdata *kdx, *kdy@ = two key data objects
+ *
+ * Returns: Nonzero if their two algorithm selections are the same.
+ *
+ * Use: Checks sameness of algorithm selections: used to ensure that
+ * peers are using sensible algorithms.
+ */
+
+extern int km_samealgsp(const kdata */*kdx*/, const kdata */*kdy*/);
+
+/* --- @km_ref@ --- *
+ *
+ * Arguments: @kdata *kd@ = pointer to the kdata object
*
* Returns: ---
*
- * Use: Initializes, and loads the private key.
+ * Use: Claim a new reference to a kdata object.
*/
-extern void km_init(const char */*kr_priv*/, const char */*kr_pub*/,
- const char */*tag*/);
+extern void km_ref(kdata */*kd*/);
-/* --- @km_getpubkey@ --- *
+/* --- @km_unref@ --- *
*
- * Arguments: @const char *tag@ = public key tag to load
- * @ge *kpub@ = where to put the public key
- * @time_t *t_exp@ = where to put the expiry time
+ * Arguments: @kdata *kd@ = pointer to the kdata object
*
- * Returns: Zero if OK, nonzero if it failed.
+ * Returns: ---
+ *
+ * Use: Releases a reference to a kdata object.
+ */
+
+extern void km_unref(kdata */*kd*/);
+
+/* --- @km_tag@ --- *
+ *
+ * Arguments: @kdata *kd@ - pointer to the kdata object
*
- * Use: Fetches a public key from the keyring.
+ * Returns: A pointer to the short tag by which the kdata was loaded.
*/
-extern int km_getpubkey(const char */*tag*/, ge */*kpub*/,
- time_t */*t_exp*/);
+extern const char *km_tag(kdata */*kd*/);
/*----- Key exchange ------------------------------------------------------*/
* Arguments: @keyexch *kx@ = pointer to key exchange context
* @peer *p@ = pointer to peer context
* @keyset **ks@ = pointer to keyset list
+ * @unsigned f@ = various useful flags
*
* Returns: Zero if OK, nonzero if it failed.
*
* exchange.
*/
-extern int kx_init(keyexch */*kx*/, peer */*p*/, keyset **/*ks*/);
+extern int kx_init(keyexch */*kx*/, peer */*p*/,
+ keyset **/*ks*/, unsigned /*f*/);
/*----- Keysets and symmetric cryptography --------------------------------*/
extern void ks_drop(keyset */*ks*/);
+/* --- @ks_derivekey@ --- *
+ *
+ * Arguments: @octet *k@ = pointer to an output buffer of at least
+ * @MAXHASHSZ@ bytes
+ * @size_t ksz@ = actual size wanted (for tracing)
+ * @const struct rawkey *rk@ = a raw key, as passed into
+ * @genkeys@
+ * @int dir@ = direction for the key (@DIR_IN@ or @DIR_OUT@)
+ * @const char *what@ = label for the key (input to derivation)
+ *
+ * Returns: ---
+ *
+ * Use: Derives a session key, for use on incoming or outgoing data.
+ * This function is part of a private protocol between @ks_gen@
+ * and the bulk crypto transform @genkeys@ operation.
+ */
+
+extern void ks_derivekey(octet */*k*/, size_t /*ksz*/,
+ const struct rawkey */*rk*/,
+ int /*dir*/, const char */*what*/);
+
/* --- @ks_gen@ --- *
*
* Arguments: @const void *k@ = pointer to key material
* the key material; between @k + x@ and @k + y@ is `your'
* contribution; and between @k + y@ and @k + z@ is a shared
* value we made together. These are used to construct two
- * pairs of symmetric keys. Each pair consists of an encryption
- * key and a message authentication key. One pair is used for
- * outgoing messages, the other for incoming messages.
+ * collections of symmetric keys: one for outgoing messages, the
+ * other for incoming messages.
*
* The new key is marked so that it won't be selected for output
* by @ksl_encrypt@. You can still encrypt data with it by
size_t /*x*/, size_t /*y*/, size_t /*z*/,
peer */*p*/);
-/* --- @ks_tregen@ --- *
- *
- * Arguments: @keyset *ks@ = pointer to a keyset
- *
- * Returns: The time at which moves ought to be made to replace this key.
- */
-
-extern time_t ks_tregen(keyset */*ks*/);
-
/* --- @ks_activate@ --- *
*
* Arguments: @keyset *ks@ = pointer to a keyset
* @buf *b@ = pointer to input buffer
* @buf *bb@ = pointer to output buffer
*
- * Returns: Zero if OK, nonzero if the key needs replacing. If the
- * encryption failed, the output buffer is broken and zero is
- * returned.
+ * Returns: Zero if successful; @KSERR_REGEN@ if we should negotiate a
+ * new key; @KSERR_NOKEYS@ if the key is not usable. Also
+ * returns zero if there was insufficient buffer (but the output
+ * buffer is broken in this case).
*
* Use: Encrypts a block of data using the key. Note that the `key
* ought to be replaced' notification is only ever given once
* for each key. Also note that this call forces a keyset to be
* used even if it's marked as not for data output.
+ *
+ * The encryption transform is permitted to corrupt @buf_u@ for
+ * its own purposes. Neither the source nor destination should
+ * be within @buf_u@; and callers mustn't expect anything stored
+ * in @buf_u@ to still
*/
extern int ks_encrypt(keyset */*ks*/, unsigned /*ty*/,
* @buf *b@ = pointer to an input buffer
* @buf *bb@ = pointer to an output buffer
*
- * Returns: Zero on success, or nonzero if there was some problem.
+ * Returns: Zero on success; @KSERR_DECRYPT@ on failure. Also returns
+ * zero if there was insufficient buffer (but the output buffer
+ * is broken in this case).
*
* Use: Attempts to decrypt a message using a given key. Note that
* requesting decryption with a key directly won't clear a
* marking that it's not for encryption.
+ *
+ * The decryption transform is permitted to corrupt @buf_u@ for
+ * its own purposes. Neither the source nor destination should
+ * be within @buf_u@; and callers mustn't expect anything stored
+ * in @buf_u@ to still
*/
extern int ks_decrypt(keyset */*ks*/, unsigned /*ty*/,
* @buf *b@ = pointer to input buffer
* @buf *bb@ = pointer to output buffer
*
- * Returns: Nonzero if a new key is needed.
+ * Returns: Zero if successful; @KSERR_REGEN@ if it's time to negotiate a
+ * new key; @KSERR_NOKEYS@ if there are no suitable keys
+ * available. Also returns zero if there was insufficient
+ * buffer space (but the output buffer is broken in this case).
*
* Use: Encrypts a packet.
*/
* @buf *b@ = pointer to input buffer
* @buf *bb@ = pointer to output buffer
*
- * Returns: Nonzero if the packet couldn't be decrypted.
+ * Returns: Zero on success; @KSERR_DECRYPT@ on failure. Also returns
+ * zero if there was insufficient buffer (but the output buffer
+ * is broken in this case).
*
* Use: Decrypts a packet.
*/
#define A_END ((char *)0)
+/* --- @a_vformat@ --- *
+ *
+ * Arguments: @dstr *d@ = where to leave the formatted message
+ * @const char *fmt@ = pointer to format string
+ * @va_list *ap@ = arguments in list
+ *
+ * Returns: ---
+ *
+ * Use: Main message token formatting driver. The arguments are
+ * interleaved formatting tokens and their parameters, finally
+ * terminated by an entry @A_END@.
+ *
+ * Tokens recognized:
+ *
+ * * "*..." ... -- pretokenized @dstr_putf@-like string
+ *
+ * * "?ADDR" SOCKADDR -- a socket address, to be converted
+ *
+ * * "?B64" BUFFER SIZE -- binary data to be base64-encoded
+ *
+ * * "?TOKENS" VECTOR -- null-terminated vector of tokens
+ *
+ * * "?PEER" PEER -- peer's name
+ *
+ * * "?ERRNO" ERRNO -- system error code
+ *
+ * * "[!]..." ... -- @dstr_putf@-like string as single token
+ */
+
+extern void a_vformat(dstr */*d*/, const char */*fmt*/, va_list */*ap*/);
+
+/* --- @a_format@ --- *
+ *
+ * Arguments: @dstr *d@ = where to leave the formatted message
+ * @const char *fmt@ = pointer to format string
+ *
+ * Returns: ---
+ *
+ * Use: Writes a tokenized message into a string, for later
+ * presentation.
+ */
+
+extern void EXECL_LIKE(0) a_format(dstr */*d*/, const char */*fmt*/, ...);
+
+/* --- @a_info@ --- *
+ *
+ * Arguments: @admin *a@ = connection
+ * @const char *fmt@ = format string
+ * @...@ = other arguments
+ *
+ * Returns: ---
+ *
+ * Use: Report information to an admin client.
+ */
+
+extern void EXECL_LIKE(0) a_info(admin */*a*/, const char */*fmt*/, ...);
+
/* --- @a_warn@ --- *
*
* Arguments: @const char *fmt@ = pointer to format string
* Use: Informs all admin connections of a warning.
*/
-extern void a_warn(const char */*fmt*/, ...);
+extern void EXECL_LIKE(0) a_warn(const char */*fmt*/, ...);
/* --- @a_notify@ --- *
*
* Use: Sends a notification to interested admin connections.
*/
-extern void a_notify(const char */*fmt*/, ...);
+extern void EXECL_LIKE(0) a_notify(const char */*fmt*/, ...);
/* --- @a_create@ --- *
*
/* --- @a_init@ --- *
*
* Arguments: @const char *sock@ = socket name to create
+ * @uid_t u@ = user to own the socket
+ * @gid_t g@ = group to own the socket
+ * @mode_t m@ = permissions to set on the socket
*
* Returns: ---
*
* Use: Creates the admin listening socket.
*/
-extern void a_init(const char */*sock*/);
+extern void a_init(const char */*sock*/,
+ uid_t /*u*/, gid_t /*g*/, mode_t /*m*/);
+
+/*----- Mapping with addresses as keys ------------------------------------*/
+
+/* --- @am_create@ --- *
+ *
+ * Arguments: @addrmap *m@ = pointer to map
+ *
+ * Returns: ---
+ *
+ * Use: Create an address map, properly set up.
+ */
+
+extern void am_create(addrmap */*m*/);
+
+/* --- @am_destroy@ --- *
+ *
+ * Arguments: @addrmap *m@ = pointer to map
+ *
+ * Returns: ---
+ *
+ * Use: Destroy an address map, throwing away all the entries.
+ */
+
+extern void am_destroy(addrmap */*m*/);
+
+/* --- @am_find@ --- *
+ *
+ * Arguments: @addrmap *m@ = pointer to map
+ * @const addr *a@ = address to look up
+ * @size_t sz@ = size of block to allocate
+ * @unsigned *f@ = where to store flags
+ *
+ * Returns: Pointer to found item, or null.
+ *
+ * Use: Finds a record with the given IP address, set @*f@ nonzero
+ * and returns it. If @sz@ is zero, and no match was found,
+ * return null; otherwise allocate a new block of @sz@ bytes,
+ * clear @*f@ to zero and return the block pointer.
+ */
+
+extern void *am_find(addrmap */*m*/, const addr */*a*/,
+ size_t /*sz*/, unsigned */*f*/);
+
+/* --- @am_remove@ --- *
+ *
+ * Arguments: @addrmap *m@ = pointer to map
+ * @void *i@ = pointer to the item
+ *
+ * Returns: ---
+ *
+ * Use: Removes an item from the map.
+ */
+
+extern void am_remove(addrmap */*m*/, void */*i*/);
+
+/*----- Privilege separation ----------------------------------------------*/
+
+/* --- @ps_trace@ --- *
+ *
+ * Arguments: @unsigned mask@ = trace mask to check
+ * @const char *fmt@ = message format
+ * @...@ = values for placeholders
+ *
+ * Returns: ---
+ *
+ * Use: Writes a trace message.
+ */
+
+T( extern void PRINTF_LIKE(2, 3)
+ ps_trace(unsigned /*mask*/, const char */*fmt*/, ...); )
+
+/* --- @ps_warn@ --- *
+ *
+ * Arguments: @const char *fmt@ = message format
+ * @...@ = values for placeholders
+ *
+ * Returns: ---
+ *
+ * Use: Writes a warning message.
+ */
+
+extern void PRINTF_LIKE(1, 2) ps_warn(const char */*fmt*/, ...);
+
+/* --- @ps_tunfd@ --- *
+ *
+ * Arguments: @const tunnel_ops *tops@ = pointer to tunnel operations
+ * @char **ifn@ = where to put the interface name
+ *
+ * Returns: The file descriptor, or @-1@ on error.
+ *
+ * Use: Fetches a file descriptor for a tunnel driver.
+ */
+
+extern int ps_tunfd(const tunnel_ops */*tops*/, char **/*ifn*/);
+
+/* --- @ps_split@ --- *
+ *
+ * Arguments: @int detachp@ = whether to detach the child from its terminal
+ *
+ * Returns: ---
+ *
+ * Use: Separates off the privileged tunnel-opening service from the
+ * rest of the server.
+ */
+
+extern void ps_split(int /*detachp*/);
+
+/* --- @ps_quit@ --- *
+ *
+ * Arguments: ---
+ *
+ * Returns: ---
+ *
+ * Use: Detaches from the helper process.
+ */
+
+extern void ps_quit(void);
/*----- Peer management ---------------------------------------------------*/
+/* --- @p_updateaddr@ --- *
+ *
+ * Arguments: @peer *p@ = pointer to peer block
+ * @const addr *a@ = address to associate with this peer
+ *
+ * Returns: Zero if the address was changed; @+1@ if it was already
+ * right.
+ *
+ * Use: Updates our idea of @p@'s address.
+ */
+
+extern int p_updateaddr(peer */*p*/, const addr */*a*/);
+
/* --- @p_txstart@ --- *
*
* Arguments: @peer *p@ = pointer to peer block
/* --- @p_init@ --- *
*
- * Arguments: @struct in_addr addr@ = address to bind to
- * @unsigned port@ = port number to listen to
+ * Arguments: @struct addrinfo *ailist@ = addresses to bind to
*
* Returns: ---
*
* Use: Initializes the peer system; creates the socket.
*/
-extern void p_init(struct in_addr /*addr*/, unsigned /*port*/);
+extern void p_init(struct addrinfo */*ailist*/);
/* --- @p_port@ --- *
*
- * Arguments: ---
+ * Arguments: @int i@ = address family index to retrieve
*
* Returns: Port number used for socket.
*/
-unsigned p_port(void);
+extern unsigned p_port(int /*i*/);
/* --- @p_create@ --- *
*
extern const char *p_name(peer */*p*/);
+/* --- @p_tag@ --- *
+ *
+ * Arguments: @peer *p@ = pointer to a peer block
+ *
+ * Returns: A pointer to the peer's public key tag.
+ */
+
+extern const char *p_tag(peer */*p*/);
+
+/* --- @p_privtag@ --- *
+ *
+ * Arguments: @peer *p@ = pointer to a peer block
+ *
+ * Returns: A pointer to the peer's private key tag.
+ */
+
+extern const char *p_privtag(peer */*p*/);
+
/* --- @p_spec@ --- *
*
* Arguments: @peer *p@ = pointer to a peer block
extern const peerspec *p_spec(peer */*p*/);
+/* --- @p_findbyaddr@ --- *
+ *
+ * Arguments: @const addr *a@ = address to look up
+ *
+ * Returns: Pointer to the peer block, or null if not found.
+ *
+ * Use: Finds a peer by address.
+ */
+
+extern peer *p_findbyaddr(const addr */*a*/);
+
/* --- @p_find@ --- *
*
* Arguments: @const char *name@ = name to look up
extern void p_destroy(peer */*p*/);
-/* --- @p_first@, @p_next@ --- *
+/* --- @FOREACH_PEER@ --- *
+ *
+ * Arguments: @p@ = name to bind to each peer
+ * @stuff@ = thing to do for each item
+ *
+ * Use: Does something for each current peer.
+ */
+
+#define FOREACH_PEER(p, stuff) do { \
+ peer_iter i_; \
+ peer *p; \
+ for (p_mkiter(&i_); (p = p_next(&i_)) != 0; ) stuff \
+} while (0)
+
+/* --- @p_mkiter@ --- *
+ *
+ * Arguments: @peer_iter *i@ = pointer to an iterator
+ *
+ * Returns: ---
+ *
+ * Use: Initializes the iterator.
+ */
+
+extern void p_mkiter(peer_iter */*i*/);
+
+/* --- @p_next@ --- *
*
- * Arguments: @peer *p@ = a peer block
+ * Arguments: @peer_iter *i@ = pointer to an iterator
*
- * Returns: @peer_first@ returns the first peer in some ordering;
- * @peer_next@ returns the peer following a given one in the
- * same ordering. Null is returned for the end of the list.
+ * Returns: Next peer, or null if at the end.
+ *
+ * Use: Returns the next peer.
*/
-extern peer *p_first(void);
-extern peer *p_next(peer */*p*/);
+extern peer *p_next(peer_iter */*i*/);
/*----- Tunnel drivers ----------------------------------------------------*/
/*----- Other handy utilities ---------------------------------------------*/
-/* --- @mpstr@ --- *
+/* --- @timestr@ --- *
*
- * Arguments: @mp *m@ = a multiprecision integer
+ * Arguments: @time_t t@ = a time to convert
*
- * Returns: A pointer to the integer's textual representation.
+ * Returns: A pointer to a textual representation of the time.
*
- * Use: Converts a multiprecision integer to a string. Corrupts
- * @buf_t@.
+ * Use: Converts a time to a textual representation. Corrupts
+ * @buf_u@.
*/
-extern const char *mpstr(mp */*m*/);
+extern const char *timestr(time_t /*t*/);
-/* --- @gestr@ --- *
- *
- * Arguments: @group *g@ = a group
- * @ge *x@ = a group element
+/* --- @mystrieq@ --- *
*
- * Returns: A pointer to the element's textual representation.
+ * Arguments: @const char *x, *y@ = two strings
*
- * Use: Converts a group element to a string. Corrupts
- * @buf_t@.
+ * Returns: True if @x@ and @y are equal, up to case.
*/
-extern const char *gestr(group */*g*/, ge */*x*/);
+extern int mystrieq(const char */*x*/, const char */*y*/);
-/* --- @timestr@ --- *
+/* --- @afix@ --- *
*
- * Arguments: @time_t t@ = a time to convert
+ * Arguments: @int af@ = an address family code
*
- * Returns: A pointer to a textual representation of the time.
+ * Returns: The index of the address family's record in @aftab@, or @-1@.
+ */
+
+extern int afix(int af);
+
+/* --- @addrsz@ --- *
*
- * Use: Converts a time to a textual representation. Corrupts
- * @buf_t@.
+ * Arguments: @const addr *a@ = a network address
+ *
+ * Returns: The size of the address, for passing into the sockets API.
*/
-extern const char *timestr(time_t /*t*/);
+extern socklen_t addrsz(const addr */*a*/);
-/* --- @mystrieq@ --- *
+/* --- @getport@, @setport@ --- *
*
- * Arguments: @const char *x, *y@ = two strings
+ * Arguments: @addr *a@ = a network address
+ * @unsigned port@ = port number to set
*
- * Returns: True if @x@ and @y are equal, up to case.
+ * Returns: ---
+ *
+ * Use: Retrieves or sets the port number in an address structure.
*/
-extern int mystrieq(const char */*x*/, const char */*y*/);
+extern unsigned getport(addr */*a*/);
+extern void setport(addr */*a*/, unsigned /*port*/);
/* --- @seq_reset@ --- *
*