#include <mLib/versioncmp.h>
#include <catacomb/buf.h>
+#include <catacomb/ct.h>
#include <catacomb/gcipher.h>
#include <catacomb/gmac.h>
#define SEC(n) (n##u)
#define MIN(n) (n##u * 60u)
+#define F_2P32 (65536.0*65536.0)
#define MEG(n) (n##ul * 1024ul * 1024ul)
+/* --- Timing parameters --- */
+
+#define T_EXP MIN(60) /* Expiry time for a key */
+#define T_REGEN MIN(40) /* Regeneration time for a key */
+
+#define T_VALID SEC(20) /* Challenge validity period */
+#define T_RETRYMIN SEC(2) /* Minimum retry interval */
+#define T_RETRYMAX MIN(5) /* Maximum retry interval */
+#define T_RETRYGROW (5.0/4.0) /* Retry interval growth factor */
+
+#define T_WOBBLE (1.0/3.0) /* Relative timer randomness */
+
/* --- Other things --- */
#define PKBUFSZ 65536
/*----- Cipher selections -------------------------------------------------*/
-typedef struct algswitch {
- const gccipher *c; /* Symmetric encryption scheme */
- const gccipher *mgf; /* Mask-generation function */
+typedef struct keyset keyset;
+typedef struct algswitch algswitch;
+
+typedef struct bulkcrypto {
+ const char *name;
+ unsigned prim;
+ int (*check)(const algswitch */*a*/, dstr */*e*/);
+ size_t (*overhead)(const algswitch */*a*/);
+ int (*encrypt)(keyset */*ks*/, unsigned /*ty*/, buf */*b*/, buf */*bb*/);
+ int (*decrypt)(keyset */*ks*/, unsigned /*ty*/,
+ buf */*b*/, buf */*bb*/, uint32 */*seq*/);
+} bulkcrypto;
+
+#define BCP_CIPHER 1
+#define BCP_MAC 2
+#define BCP_BLKC 4
+
+struct algswitch {
const gchash *h; /* Hash function */
+ const gccipher *mgf; /* Mask-generation function */
+ const struct bulkcrypto *bulk; /* Bulk crypto transformation */
+ const gccipher *c; /* Symmetric encryption scheme */
const gcmac *m; /* Message authentication code */
+ const gccipher *b; /* Block cipher */
size_t hashsz; /* Hash output size */
size_t tagsz; /* Length to truncate MAC tags */
size_t expsz; /* Size of data to process */
- size_t cksz, mksz; /* Key lengths for @c@ and @m@ */
-} algswitch;
+ size_t cksz, mksz, bksz; /* Key lengths for things */
+};
-extern algswitch algs;
+typedef struct kdata {
+ unsigned ref; /* Reference counter */
+ struct knode *kn; /* Pointer to cache entry */
+ char *tag; /* Full tag name of the key */
+ group *g; /* The group we work in */
+ size_t indexsz; /* Size of exponent for the group */
+ mp *kpriv; /* The private key (or null) */
+ ge *kpub; /* The public key */
+ time_t t_exp; /* Expiry time of the key */
+ algswitch algs; /* Collection of algorithms */
+} kdata;
+
+typedef struct knode {
+ sym_base _b; /* Symbol table intrusion */
+ unsigned f; /* Various flags */
+#define KNF_BROKEN 1u /* Don't use this key any more */
+ struct keyhalf *kh; /* Pointer to the home keyhalf */
+ kdata *kd; /* Pointer to the key data */
+} knode;
#define MAXHASHSZ 64 /* Largest possible hash size */
#define HASH_STRING(h, s) GH_HASH((h), (s), sizeof(s))
+extern const struct bulkcrypto bulktab[];
+
/*----- Data structures ---------------------------------------------------*/
/* --- Socket addresses --- *
* expiry.
*/
-typedef struct keyset {
+struct keyset {
struct keyset *next; /* Next active keyset in the list */
unsigned ref; /* Reference count for keyset */
struct peer *p; /* Pointer to peer structure */
unsigned long sz_exp, sz_regen; /* Data limits for the keyset */
T( unsigned seq; ) /* Sequence number for tracing */
unsigned f; /* Various useful flags */
- gcipher *cin, *cout; /* Keyset ciphers for encryption */
+ const bulkcrypto *bulk; /* Bulk crypto transform */
size_t tagsz; /* Length to truncate MAC tags */
- gmac *min, *mout; /* Keyset MACs for integrity */
+ struct ksdir {
+ gcipher *c; /* Keyset cipher for encryption */
+ gmac *m; /* Keyset MAC for integrity */
+ gcipher *b; /* Block cipher, just in case */
+ } in, out;
uint32 oseq; /* Outbound sequence number */
seqwin iseq; /* Inbound sequence number */
-} keyset;
+};
#define KSF_LISTEN 1u /* Don't encrypt packets yet */
#define KSF_LINK 2u /* Key is in a linked list */
#define KSERR_REGEN -1 /* Regenerate keys */
#define KSERR_NOKEYS -2 /* No keys left */
#define KSERR_DECRYPT -3 /* Unable to decrypt message */
+#define KSERR_SEQ -4 /* Incorrect sequence number */
+#define KSERR_MALFORMED -5 /* Input ciphertext is broken */
/* --- Key exchange --- *
*
* Clive Jones.
*/
+typedef struct retry {
+ double t; /* Current retry time */
+} retry;
+
#define KX_NCHAL 16u
typedef struct kxchal {
keyset *ks; /* Pointer to temporary keyset */
unsigned f; /* Various useful flags */
sel_timer t; /* Response timer for challenge */
+ retry rs; /* Retry state */
octet hc[MAXHASHSZ]; /* Hash of his challenge */
octet ck[MAXHASHSZ]; /* His magical check value */
octet hswrq_in[MAXHASHSZ]; /* Inbound switch request message */
typedef struct keyexch {
struct peer *p; /* Pointer back to the peer */
+ kdata *kpriv; /* Private key and related info */
+ kdata *kpub; /* Peer's public key */
keyset **ks; /* Peer's list of keysets */
unsigned f; /* Various useful flags */
unsigned s; /* Current state in exchange */
sel_timer t; /* Timer for next exchange */
- ge *kpub; /* Peer's public key */
- time_t texp_kpub; /* Expiry time for public key */
+ retry rs; /* Retry state */
mp *alpha; /* My temporary secret */
ge *c; /* My challenge */
ge *rx; /* The expected response */
typedef struct peerspec {
char *name; /* Peer's name */
+ char *privtag; /* Private key tag */
+ char *tag; /* Public key tag */
const tunnel_ops *tops; /* Tunnel operations */
unsigned long t_ka; /* Keep alive interval */
addr sa; /* Socket address to speak to */
size_t sasz; /* Socket address size */
- unsigned kxf; /* Key exchange flags to set */
+ unsigned f; /* Flags for the peer */
+#define PSF_KXMASK 255u /* Key-exchange flags to set */
+#define PSF_MOBILE 256u /* Address may change rapidly */
} peerspec;
typedef struct peer_byname {
peerspec peer; /* Peer pending creation */
} admin_addop;
-typedef struct admin_greetop {
- admin_resop r; /* Name resolution header */
- void *c; /* Challenge block */
- size_t sz; /* Length of challenge */
-} admin_greetop;
-
typedef struct admin_pingop {
admin_bgop bg; /* Background operation header */
ping ping; /* Ping pending response */
/*----- Global variables --------------------------------------------------*/
extern sel_state sel; /* Global I/O event state */
-extern group *gg; /* The group we work in */
-extern size_t indexsz; /* Size of exponent for the group */
-extern mp *kpriv; /* Our private key */
-extern ge *kpub; /* Our public key */
extern octet buf_i[PKBUFSZ], buf_o[PKBUFSZ], buf_t[PKBUFSZ], buf_u[PKBUFSZ];
extern const tunnel_ops *tunnels[]; /* Table of tunnels (0-term) */
extern const tunnel_ops *tun_default; /* Default tunnel to use */
+extern kdata *master; /* Default private key */
+extern const char *tag_priv; /* Default private key tag */
#ifndef NTRACE
extern const trace_opt tr_opts[]; /* Trace options array */
/*----- Key management ----------------------------------------------------*/
+/* --- @km_init@ --- *
+ *
+ * Arguments: @const char *privkr@ = private keyring file
+ * @const char *pubkr@ = public keyring file
+ * @const char *ptag@ = default private-key tag
+ *
+ * Returns: ---
+ *
+ * Use: Initializes the key-management machinery, loading the
+ * keyrings and so on.
+ */
+
+extern void km_init(const char */*privkr*/, const char */*pubkr*/,
+ const char */*ptag*/);
+
/* --- @km_reload@ --- *
*
* Arguments: ---
extern int km_reload(void);
-/* --- @km_init@ --- *
+/* --- @km_findpub@, @km_findpriv@ --- *
+ *
+ * Arguments: @const char *tag@ = key tag to load
+ *
+ * Returns: Pointer to the kdata object if successful, or null on error.
*
- * Arguments: @const char *kr_priv@ = private keyring file
- * @const char *kr_pub@ = public keyring file
- * @const char *tag@ = tag to load
+ * Use: Fetches a public or private key from the keyring.
+ */
+
+extern kdata *km_findpub(const char */*tag*/);
+extern kdata *km_findpriv(const char */*tag*/);
+
+/* --- @km_samealgsp@ --- *
+ *
+ * Arguments: @const kdata *kdx, *kdy@ = two key data objects
+ *
+ * Returns: Nonzero if their two algorithm selections are the same.
+ *
+ * Use: Checks sameness of algorithm selections: used to ensure that
+ * peers are using sensible algorithms.
+ */
+
+extern int km_samealgsp(const kdata */*kdx*/, const kdata */*kdy*/);
+
+/* --- @km_ref@ --- *
+ *
+ * Arguments: @kdata *kd@ = pointer to the kdata object
*
* Returns: ---
*
- * Use: Initializes, and loads the private key.
+ * Use: Claim a new reference to a kdata object.
*/
-extern void km_init(const char */*kr_priv*/, const char */*kr_pub*/,
- const char */*tag*/);
+extern void km_ref(kdata */*kd*/);
-/* --- @km_getpubkey@ --- *
+/* --- @km_unref@ --- *
*
- * Arguments: @const char *tag@ = public key tag to load
- * @ge *kpub@ = where to put the public key
- * @time_t *t_exp@ = where to put the expiry time
+ * Arguments: @kdata *kd@ = pointer to the kdata object
*
- * Returns: Zero if OK, nonzero if it failed.
+ * Returns: ---
+ *
+ * Use: Releases a reference to a kdata object.
+ */
+
+extern void km_unref(kdata */*kd*/);
+
+/* --- @km_tag@ --- *
+ *
+ * Arguments: @kdata *kd@ - pointer to the kdata object
*
- * Use: Fetches a public key from the keyring.
+ * Returns: A pointer to the short tag by which the kdata was loaded.
*/
-extern int km_getpubkey(const char */*tag*/, ge */*kpub*/,
- time_t */*t_exp*/);
+extern const char *km_tag(kdata */*kd*/);
/*----- Key exchange ------------------------------------------------------*/
size_t /*x*/, size_t /*y*/, size_t /*z*/,
peer */*p*/);
-/* --- @ks_tregen@ --- *
- *
- * Arguments: @keyset *ks@ = pointer to a keyset
- *
- * Returns: The time at which moves ought to be made to replace this key.
- */
-
-extern time_t ks_tregen(keyset */*ks*/);
-
/* --- @ks_activate@ --- *
*
* Arguments: @keyset *ks@ = pointer to a keyset
* ought to be replaced' notification is only ever given once
* for each key. Also note that this call forces a keyset to be
* used even if it's marked as not for data output.
+ *
+ * The encryption transform is permitted to corrupt @buf_u@ for
+ * its own purposes. Neither the source nor destination should
+ * be within @buf_u@; and callers mustn't expect anything stored
+ * in @buf_u@ to still
*/
extern int ks_encrypt(keyset */*ks*/, unsigned /*ty*/,
* Use: Attempts to decrypt a message using a given key. Note that
* requesting decryption with a key directly won't clear a
* marking that it's not for encryption.
+ *
+ * The decryption transform is permitted to corrupt @buf_u@ for
+ * its own purposes. Neither the source nor destination should
+ * be within @buf_u@; and callers mustn't expect anything stored
+ * in @buf_u@ to still
*/
extern int ks_decrypt(keyset */*ks*/, unsigned /*ty*/,
extern void a_vformat(dstr */*d*/, const char */*fmt*/, va_list /*ap*/);
+/* --- @a_format@ --- *
+ *
+ * Arguments: @dstr *d@ = where to leave the formatted message
+ * @const char *fmt@ = pointer to format string
+ *
+ * Returns: ---
+ *
+ * Use: Writes a tokenized message into a string, for later
+ * presentation.
+ */
+
+extern void EXECL_LIKE(0) a_format(dstr */*d*/, const char */*fmt*/, ...);
+
/* --- @a_warn@ --- *
*
* Arguments: @const char *fmt@ = pointer to format string
* Use: Informs all admin connections of a warning.
*/
-extern void a_warn(const char */*fmt*/, ...);
+extern void EXECL_LIKE(0) a_warn(const char */*fmt*/, ...);
/* --- @a_notify@ --- *
*
* Use: Sends a notification to interested admin connections.
*/
-extern void a_notify(const char */*fmt*/, ...);
+extern void EXECL_LIKE(0) a_notify(const char */*fmt*/, ...);
/* --- @a_create@ --- *
*
* Arguments: @const char *sock@ = socket name to create
* @uid_t u@ = user to own the socket
* @gid_t g@ = group to own the socket
+ * @mode_t m@ = permissions to set on the socket
*
* Returns: ---
*
* Use: Creates the admin listening socket.
*/
-extern void a_init(const char */*sock*/, uid_t /*u*/, gid_t /*g*/);
+extern void a_init(const char */*sock*/,
+ uid_t /*u*/, gid_t /*g*/, mode_t /*m*/);
/*----- Mapping with addresses as keys ------------------------------------*/
* Use: Writes a trace message.
*/
-T( extern void ps_trace(unsigned /*mask*/, const char */*fmt*/, ...); )
+T( extern void PRINTF_LIKE(2, 3)
+ ps_trace(unsigned /*mask*/, const char */*fmt*/, ...); )
/* --- @ps_warn@ --- *
*
* Use: Writes a warning message.
*/
-extern void ps_warn(const char */*fmt*/, ...);
+extern void PRINTF_LIKE(1, 2) ps_warn(const char */*fmt*/, ...);
/* --- @ps_tunfd@ --- *
*
extern const char *p_name(peer */*p*/);
+/* --- @p_tag@ --- *
+ *
+ * Arguments: @peer *p@ = pointer to a peer block
+ *
+ * Returns: A pointer to the peer's public key tag.
+ */
+
+extern const char *p_tag(peer */*p*/);
+
+/* --- @p_privtag@ --- *
+ *
+ * Arguments: @peer *p@ = pointer to a peer block
+ *
+ * Returns: A pointer to the peer's private key tag.
+ */
+
+extern const char *p_privtag(peer */*p*/);
+
/* --- @p_spec@ --- *
*
* Arguments: @peer *p@ = pointer to a peer block
#define FOREACH_PEER(p, stuff) do { \
peer_iter i_; \
peer *p; \
- for (p_mkiter(&i_); (p = p_next(&i_)) != 0; ) do stuff while (0); \
+ for (p_mkiter(&i_); (p = p_next(&i_)) != 0; ) stuff \
} while (0)
/* --- @p_mkiter@ --- *
~mdw / tripe / blobdiff