X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/52c03a2aa0b5c3461055ca0dcf38e29f2ca88f35..3cdc3f3a27e8c4f4fe692009d868c773d298a68c:/tripe.h?ds=sidebyside

diff --git a/tripe.h b/tripe.h
index 2929200c..320a2ca5 100644
--- a/tripe.h
+++ b/tripe.h
@@ -1,6 +1,6 @@
 /* -*-c-*-
  *
- * $Id: tripe.h,v 1.18 2004/04/03 12:35:13 mdw Exp $
+ * $Id$
  *
  * Main header file for TrIPE
  *
@@ -26,70 +26,6 @@
  * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  */
 
-/*----- Revision history --------------------------------------------------* 
- *
- * $Log: tripe.h,v $
- * Revision 1.18  2004/04/03 12:35:13  mdw
- * Support elliptic curve key exchange.
- *
- * Revision 1.17  2003/10/15 09:30:18  mdw
- * Add support for Ethereal protocol analysis.
- *
- * Revision 1.16  2003/07/13 11:19:49  mdw
- * Incompatible protocol fix!  Include message type code under MAC tag to
- * prevent cut-and-paste from key-exchange messages to general packet
- * transport.
- *
- * Revision 1.15  2003/05/16 12:09:03  mdw
- * Allow binding to a chosen address.
- *
- * Revision 1.14  2003/04/06 10:36:33  mdw
- * Rearrange so as not to include Linux headers unless we need to.
- *
- * Revision 1.13  2003/04/06 10:26:35  mdw
- * Report peer name on decrypt errors.
- *
- * Revision 1.12  2003/04/06 10:25:17  mdw
- * Support Linux TUN/TAP device.  Fix some bugs.
- *
- * Revision 1.11  2002/01/13 14:57:42  mdw
- * Fix crap typo.
- *
- * Revision 1.10  2002/01/13 14:54:58  mdw
- * Provide MGF macros.
- *
- * Revision 1.9  2001/06/22 19:40:36  mdw
- * Support expiry of other peers' public keys.
- *
- * Revision 1.8  2001/06/19 22:10:57  mdw
- * Some more constants for the algorithms.  Document the packet format
- * change for non-malleability.  Moved @buf@ definitions to separate header
- * file.
- *
- * Revision 1.7  2001/03/03 12:07:08  mdw
- * Rename word get and put functions now that there's 16-bit support.
- *
- * Revision 1.6  2001/02/19 19:11:09  mdw
- * Output buffering on admin connections.
- *
- * Revision 1.5  2001/02/16 21:41:43  mdw
- * Major changes.  See source files for details.
- *
- * Revision 1.4  2001/02/05 19:56:37  mdw
- * Sequence number protection, and BSD tunnels.
- *
- * Revision 1.3  2001/02/04 01:17:55  mdw
- * Create a configuration header file to tidy up command lines.
- *
- * Revision 1.2  2001/02/03 22:40:29  mdw
- * Put timer information into the entropy pool when packets are received
- * and on similar events.  Reseed the generator on the interval timer.
- *
- * Revision 1.1  2001/02/03 20:26:37  mdw
- * Initial checkin.
- *
- */
-
 #ifndef TRIPE_H
 #define TRIPE_H
 
@@ -201,29 +137,21 @@
 
 /*----- Cipher selections -------------------------------------------------*/
 
-#include <catacomb/blowfish.h>
-#include <catacomb/blowfish-cbc.h>
-#include <catacomb/blowfish-counter.h>
-#include <catacomb/rmd160.h>
-#include <catacomb/rmd160-hmac.h>
-
-#define CIPHER (&blowfish_cbc)
-#define MAC (&rmd160_hmac)
+typedef struct algswitch {
+  const gccipher *c;			/* Symmetric encryption scheme */
+  const gccipher *mgf;			/* Mask-generation function */
+  const gchash *h;			/* Hash function */
+  const gcmac *m;			/* Message authentication code */
+  size_t hashsz;			/* Hash output size */
+  size_t tagsz;				/* Length to truncate MAC tags */
+  size_t cksz, mksz;			/* Key lengths for @c@ and @m@ */
+} algswitch;
 
-#define HASH_CTX rmd160_ctx
-#define HASH_INIT rmd160_init
-#define HASH rmd160_hash
-#define HASH_STRING(c, s) HASH((c), s, sizeof(s))
-#define HASH_DONE rmd160_done
-#define HASHSZ RMD160_HASHSZ
+extern algswitch algs;
 
-#define MGF_CTX blowfish_counterctx
-#define MGF_INIT blowfish_counterinit
-#define MGF_CRYPT blowfish_counterencrypt
+#define MAXHASHSZ 64			/* Largest possible hash size */
 
-#define SEQSZ 4
-#define IVSZ BLOWFISH_BLKSZ
-#define MACSZ 10
+#define HASH_STRING(h, s) GH_HASH((h), (s), sizeof(s))
 
 /*----- Data structures ---------------------------------------------------*/
 
@@ -259,6 +187,7 @@ typedef struct keyset {
   T( unsigned seq; )			/* Sequence number for tracing */
   unsigned f;				/* Various useful flags */
   gcipher *cin, *cout; 			/* Keyset ciphers for encryption */
+  size_t tagsz;				/* Length to truncate MAC tags */
   gmac *min, *mout;	       		/* Keyset MACs for integrity */
   uint32 oseq;				/* Outbound sequence number */
   uint32 iseq, iwin;			/* Inbound sequence number */
@@ -288,12 +217,12 @@ typedef struct kxchal {
   keyset *ks;				/* Pointer to temporary keyset */
   unsigned f;				/* Various useful flags */
   sel_timer t;				/* Response timer for challenge */
-  octet hc[HASHSZ];			/* Hash of his challenge */
+  octet hc[MAXHASHSZ];			/* Hash of his challenge */
   mp *ck;				/* The check value */
-  octet hswrq_in[HASHSZ];		/* Inbound switch request message */
-  octet hswok_in[HASHSZ];		/* Inbound switch confirmation */
-  octet hswrq_out[HASHSZ];		/* Outbound switch request message */
-  octet hswok_out[HASHSZ];		/* Outbound switch confirmation */
+  octet hswrq_in[MAXHASHSZ];		/* Inbound switch request message */
+  octet hswok_in[MAXHASHSZ];		/* Inbound switch confirmation */
+  octet hswrq_out[MAXHASHSZ];		/* Outbound switch request message */
+  octet hswok_out[MAXHASHSZ];		/* Outbound switch confirmation */
 } kxchal;
 
 typedef struct keyexch {
@@ -309,7 +238,7 @@ typedef struct keyexch {
   ge *rx;				/* The expected response */
   unsigned nr;				/* Number of extant responses */
   time_t t_valid;			/* When this exchange goes bad */
-  octet hc[HASHSZ];			/* Hash of my challenge */
+  octet hc[MAXHASHSZ];			/* Hash of my challenge */
   kxchal *r[KX_NCHAL];			/* Array of challenges */
 } keyexch;
 
@@ -363,7 +292,7 @@ typedef struct stats {
   unsigned long sz_in, sz_out;		/* Size of all data in and out */
   unsigned long sz_kxin, sz_kxout;	/* Size of key exchange messages */
   unsigned long sz_ipin, sz_ipout;	/* Size of encapsulated IP packets */
-  time_t t_start, t_last;		/* Time peer created, last recv */
+  time_t t_start, t_last, t_kx;		/* Time peer created, last pk, kx */
   unsigned long n_reject;		/* Number of rejected packets */
   unsigned long n_in, n_out;		/* Number of packets in and out */
   unsigned long n_kxin, n_kxout;	/* Number of key exchange packets */
@@ -416,6 +345,17 @@ typedef struct admin {
 
 #define AF_DEAD 1u			/* Destroy this admin block */
 #define AF_LOCK 2u			/* Don't destroy it yet */
+#define AF_NOTE 4u			/* Catch notifications */
+#ifndef NTRACE
+  #define AF_TRACE 8u			/* Catch tracing */
+#endif
+#define AF_WARN 16u			/* Catch warning messages */
+
+#ifndef NTRACE
+#  define AF_ALLMSGS (AF_NOTE | AF_TRACE | AF_WARN)
+#else
+#  define AF_ALLMSGS (AF_NOTE | AF_WARN)
+#endif
 
 /*----- Global variables --------------------------------------------------*/
 
@@ -722,16 +662,29 @@ extern int ksl_decrypt(keyset **/*ksroot*/, unsigned /*ty*/,
 
 extern void a_warn(const char */*fmt*/, ...);
 
+/* --- @a_notify@ --- *
+ *
+ * Arguments:	@const char *fmt@ = pointer to format string
+ *		@...@ = other arguments
+ *
+ * Returns:	---
+ *
+ * Use:		Sends a notification to interested admin connections.
+ */
+
+extern void a_notify(const char */*fmt*/, ...);
+
 /* --- @a_create@ --- *
  *
  * Arguments:	@int fd_in, fd_out@ = file descriptors to use
+ *		@unsigned f@ = initial flags to set
  *
  * Returns:	---
  *
  * Use:		Creates a new admin connection.
  */
 
-extern void a_create(int /*fd_in*/, int /*fd_out*/);
+extern void a_create(int /*fd_in*/, int /*fd_out*/, unsigned /*f*/);
 
 /* --- @a_quit@ --- *
  *