X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/220ba5e44460cc82db1c8cae5147876ad326c7c2..0c1cede3374c0e3110303fc031698c37d2450469:/server/tripe.h

diff --git a/server/tripe.h b/server/tripe.h
index 4b6c7101..940e3d61 100644
--- a/server/tripe.h
+++ b/server/tripe.h
@@ -181,6 +181,16 @@ enum {
   DHFMT_VAR		       /* Variable-width-format, mostly a bad idea */
 };
 
+typedef struct deriveargs {
+  const char *what;			/* Operation name (hashed) */
+  unsigned f;				/* Flags */
+#define DF_IN 1u			/*   Make incoming key */
+#define DF_OUT 2u			/*   Make outgoing key */
+  const gchash *hc;			/* Hash class */
+  const octet *k;			/* Pointer to contributions */
+  size_t x, y, z;			/* Markers in contributions */
+} deriveargs;
+
 typedef struct bulkalgs {
   const struct bulkops *ops;
 } bulkalgs;
@@ -194,8 +204,6 @@ typedef struct bulkchal {
   size_t tagsz;
 } bulkchal;
 
-struct rawkey;
-
 typedef struct dhops {
   const char *name;
 
@@ -325,9 +333,17 @@ typedef struct bulkops {
 	 * after which the keys must no longer be used.
 	 */
 
-  bulkctx *(*genkeys)(const bulkalgs */*a*/, const struct rawkey */*rk*/);
+  bulkctx *(*genkeys)(const bulkalgs */*a*/, const deriveargs */*a*/);
 	/* Generate session keys and construct and return an appropriate
-	 * context for using them, by calling @ks_derive@.
+	 * context for using them.  The offsets @a->x@, @a->y@ and @a->z@
+	 * separate the key material into three parts.  Between @a->k@ and
+	 * @a->k + a->x@ is `my' contribution to the key material; between
+	 * @a->k + a->x@ and @a->k + a->y@ is `your' contribution; and
+	 * between @a->k + a->y@ and @a->k + a->z@ is a shared value we made
+	 * together.  These are used to construct (up to) two collections of
+	 * symmetric keys: one for outgoing messages, the other for incoming
+	 * messages.  If @a->x == 0@ (or @a->y == a->x@) then my (or your)
+	 * contribution is omitted.
 	 */
 
   bulkchal *(*genchal)(const bulkalgs */*a*/);
@@ -360,15 +376,16 @@ typedef struct bulkops {
 	/* Release a bulk encryption context and the resources it holds. */
 
   int (*chaltag)(bulkchal */*bc*/, const void */*m*/, size_t /*msz*/,
-		 void */*t*/);
-	/* Calculate a tag for the challenge in @m@, @msz@, and write it to
-	 * @t@.  Return @-1@ on error, zero on success.
+		 uint32 /*seq*/, void */*t*/);
+	/* Calculate a tag for the challenge in @m@, @msz@, with the sequence
+	 * number @seq@, and write it to @t@.  Return @-1@ on error, zero on
+	 * success.
 	 */
 
   int (*chalvrf)(bulkchal */*bc*/, const void */*m*/, size_t /*msz*/,
-		 const void */*t*/);
-	/* Check the tag @t@ on @m@, @msz@: return zero if the tag is OK,
-	 * nonzero if it's bad.
+		 uint32 /*seq*/, const void */*t*/);
+	/* Check the tag @t@ on @m@, @msz@ and @seq@: return zero if the tag
+	 * is OK, nonzero if it's bad.
 	 */
 
   void (*freechal)(bulkchal */*bc*/);
@@ -908,7 +925,7 @@ extern void kx_free(keyexch */*kx*/);
 
 extern void kx_newkeys(keyexch */*kx*/);
 
-/* --- @kx_init@ --- *
+/* --- @kx_setup@ --- *
  *
  * Arguments:	@keyexch *kx@ = pointer to key exchange context
  *		@peer *p@ = pointer to peer context
@@ -922,8 +939,8 @@ extern void kx_newkeys(keyexch */*kx*/);
  *		exchange.
  */
 
-extern int kx_init(keyexch */*kx*/, peer */*p*/,
-		   keyset **/*ks*/, unsigned /*f*/);
+extern int kx_setup(keyexch */*kx*/, peer */*p*/,
+		    keyset **/*ks*/, unsigned /*f*/);
 
 /*----- Keysets and symmetric cryptography --------------------------------*/
 
@@ -939,52 +956,23 @@ extern int kx_init(keyexch */*kx*/, peer */*p*/,
 
 extern void ks_drop(keyset */*ks*/);
 
-/* --- @ks_derivekey@ --- *
- *
- * Arguments:	@octet *k@ = pointer to an output buffer of at least
- *			@MAXHASHSZ@ bytes
- *		@size_t ksz@ = actual size wanted (for tracing)
- *		@const struct rawkey *rk@ = a raw key, as passed into
- *			@genkeys@
- *		@int dir@ = direction for the key (@DIR_IN@ or @DIR_OUT@)
- *		@const char *what@ = label for the key (input to derivation)
- *
- * Returns:	---
- *
- * Use:		Derives a session key, for use on incoming or outgoing data.
- *		This function is part of a private protocol between @ks_gen@
- *		and the bulk crypto transform @genkeys@ operation.
- */
-
-extern void ks_derivekey(octet */*k*/, size_t /*ksz*/,
-			 const struct rawkey */*rk*/,
-			 int /*dir*/, const char */*what*/);
-
 /* --- @ks_gen@ --- *
  *
- * Arguments:	@const void *k@ = pointer to key material
- *		@size_t x, y, z@ = offsets into key material (see below)
+ * Arguments:	@deriveargs *a@ = key derivation parameters (modified)
  *		@peer *p@ = pointer to peer information
  *
  * Returns:	A pointer to the new keyset.
  *
- * Use:		Derives a new keyset from the given key material.  The
- *		offsets @x@, @y@ and @z@ separate the key material into three
- *		parts.  Between the @k@ and @k + x@ is `my' contribution to
- *		the key material; between @k + x@ and @k + y@ is `your'
- *		contribution; and between @k + y@ and @k + z@ is a shared
- *		value we made together.  These are used to construct two
- *		collections of symmetric keys: one for outgoing messages, the
- *		other for incoming messages.
+ * Use:		Derives a new keyset from the given key material.  This will
+ *		set the @what@, @f@, and @hc@ members in @*a@; other members
+ *		must be filled in by the caller.
  *
  *		The new key is marked so that it won't be selected for output
  *		by @ksl_encrypt@.  You can still encrypt data with it by
  *		calling @ks_encrypt@ directly.
  */
 
-extern keyset *ks_gen(const void */*k*/,
-		      size_t /*x*/, size_t /*y*/, size_t /*z*/,
-		      peer */*p*/);
+extern keyset *ks_gen(deriveargs */*a*/, peer */*p*/);
 
 /* --- @ks_activate@ --- *
  *
@@ -1123,25 +1111,29 @@ extern int ksl_decrypt(keyset **/*ksroot*/, unsigned /*ty*/,
 
 /* --- @c_new@ --- *
  *
- * Arguments:	@buf *b@ = where to put the challenge
+ * Arguments:	@const void *m@ = pointer to associated message, or null
+ *		@size_t msz@ = length of associated message
+ *		@buf *b@ = where to put the challenge
  *
  * Returns:	Zero if OK, nonzero on error.
  *
  * Use:		Issues a new challenge.
  */
 
-extern int c_new(buf */*b*/);
+extern int c_new(const void */*m*/, size_t /*msz*/, buf */*b*/);
 
 /* --- @c_check@ --- *
  *
- * Arguments:	@buf *b@ = where to find the challenge
+ * Arguments:	@const void *m@ = pointer to associated message, or null
+ *		@size_t msz@ = length of associated message
+ *		@buf *b@ = where to find the challenge
  *
  * Returns:	Zero if OK, nonzero if it didn't work.
  *
  * Use:		Checks a challenge.  On failure, the buffer is broken.
  */
 
-extern int c_check(buf */*b*/);
+extern int c_check(const void */*m*/, size_t /*msz*/, buf */*b*/);
 
 /*----- Administration interface ------------------------------------------*/
 
@@ -1776,6 +1768,75 @@ extern void seq_reset(seqwin */*s*/);
 
 extern int seq_check(seqwin */*s*/, uint32 /*q*/, const char */*service*/);
 
+typedef struct ratelim {
+  unsigned n, max, persec;
+  struct timeval when;
+} ratelim;
+
+/* --- @ratelim_init@ --- *
+ *
+ * Arguments:	@ratelim *r@ = rate-limiting state to fill in
+ *		@unsigned persec@ = credit to accumulate per second
+ *		@unsigned max@ = maximum credit to retain
+ *
+ * Returns:	---
+ *
+ * Use:		Initialize a rate-limiting state.
+ */
+
+extern void ratelim_init(ratelim */*r*/,
+			 unsigned /*persec*/, unsigned /*max*/);
+
+/* --- @ratelim_withdraw@ --- *
+ *
+ * Arguments:	@ratelim *r@ = rate-limiting state
+ *		@unsigned n@ = credit to withdraw
+ *
+ * Returns:	Zero if successful; @-1@ if there is unsufficient credit
+ *
+ * Use:		Updates the state with any accumulated credit.  Then, if
+ *		there there are more than @n@ credits available, withdraw @n@
+ *		and return successfully; otherwise, report failure.
+ */
+
+extern int ratelim_withdraw(ratelim */*r*/, unsigned /*n*/);
+
+/* --- @ies_encrypt@ --- *
+ *
+ * Arguments:	@kdata *kpub@ = recipient's public key
+ *		@unsigned ty@ = message type octet
+ *		@buf *b@ = input message buffer
+ *		@buf *bb@ = output buffer for the ciphertext
+ *
+ * Returns:	On error, returns a @KSERR_...@ code or breaks the buffer;
+ *		on success, returns zero and the buffer is good.
+ *
+ * Use:		Encrypts a message for a recipient, given their public key.
+ *		This does not (by itself) provide forward secrecy or sender
+ *		authenticity.  The ciphertext is self-delimiting (unlike
+ *		@ks_encrypt@).
+ */
+
+extern int ies_encrypt(kdata */*kpub*/, unsigned /*ty*/,
+		       buf */*b*/, buf */*bb*/);
+
+/* --- @ies_decrypt@ --- *
+ *
+ * Arguments:	@kdata *kpub@ = private key key
+ *		@unsigned ty@ = message type octet
+ *		@buf *b@ = input ciphertext buffer
+ *		@buf *bb@ = output buffer for the message
+ *
+ * Returns:	On error, returns a @KSERR_...@ code; on success, returns
+ *		zero and the buffer is good.
+ *
+ * Use:		Decrypts a message encrypted using @ies_encrypt@, given our
+ *		private key.
+ */
+
+extern int ies_decrypt(kdata */*kpriv*/, unsigned /*ty*/,
+		       buf */*b*/, buf */*bb*/);
+
 /*----- That's all, folks -------------------------------------------------*/
 
 #ifdef __cplusplus