X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/767b36e286295b8572933487b31ceb301e0a43f9..7631176f5c140b9c77fa865ef3b2287fd574e4d7:/tripe.h diff --git a/tripe.h b/tripe.h index 1f73d6ba..385c45a2 100644 --- a/tripe.h +++ b/tripe.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: tripe.h,v 1.15 2003/05/16 12:09:03 mdw Exp $ + * $Id: tripe.h,v 1.17 2003/10/15 09:30:18 mdw Exp $ * * Main header file for TrIPE * @@ -29,6 +29,14 @@ /*----- Revision history --------------------------------------------------* * * $Log: tripe.h,v $ + * Revision 1.17 2003/10/15 09:30:18 mdw + * Add support for Ethereal protocol analysis. + * + * Revision 1.16 2003/07/13 11:19:49 mdw + * Incompatible protocol fix! Include message type code under MAC tag to + * prevent cut-and-paste from key-exchange messages to general packet + * transport. + * * Revision 1.15 2003/05/16 12:09:03 mdw * Allow binding to a chosen address. * @@ -133,6 +141,8 @@ #include #include +#include + #include #include #include @@ -147,7 +157,7 @@ #include #include -#include "buf.h" +#include "tripe-protocol.h" #include "util.h" #undef sun @@ -184,81 +194,6 @@ #define PKBUFSZ 65536 -/*----- TrIPE protocol ----------------------------------------------------*/ - -/* --- TrIPE message format --- * - * - * A packet begins with a single-byte message type. The top four bits are a - * category code used to send the message to the right general place in the - * code; the bottom bits identify the actual message type. - */ - -#define MSG_CATMASK 0xf0 -#define MSG_TYPEMASK 0x0f - -/* --- Encrypted message packets --- * - * - * Messages of category @MSG_PACKET@ contain encrypted network packets. The - * message content is a symmetric-encrypted block (see below). Reception of - * a packet encrypted under a new key implicitly permits that key to be used - * to send further packets. - * - * The only packet type accepted is zero. - * - * Packets may be encrypted under any live keyset, but should use the most - * recent one. - */ - -#define MSG_PACKET 0x00 - -/* --- Key exchange packets --- */ - -#define MSG_KEYEXCH 0x10 - -#define KX_PRECHAL 0u -#define KX_COOKIE 1u -#define KX_CHAL 2u -#define KX_REPLY 3u -#define KX_SWITCH 4u -#define KX_SWITCHOK 5u -#define KX_NMSG 6u - -/* --- Symmetric encryption and keysets --- * - * - * Packets consist of an 80-bit MAC, a 32-bit sequence number, and the - * encrypted payload. - * - * The plaintext is encrypted using Blowfish in CBC mode with ciphertext - * stealing (as described in [Schneier]. The initialization vector is - * selected randomly, and prepended to the actual ciphertext. - * - * The MAC is computed using the HMAC construction with RIPEMD160 over the - * sequence number and the ciphertext (with IV); the first 80 bits of the - * output are used. (This is the minimum allowed by the draft FIPS for HMAC, - * and the recommended truncation.) - * - * A keyset consists of - * - * * an integrity (MAC) key; - * * a confidentiality (encryption) key; and - * * a sequence numbering space - * - * in each direction. The packets sent by a host encrypted under a - * particular keyset are assigned consecutive sequence numbers starting from - * zero. The receiving host must ensure that it only accepts each packet at - * most once. It should maintain a window of sequence numbers: packets with - * numbers beyond the end of the window are accepted and cause the window to - * be advanced; packets with numbers before the start of the window are - * rejected; packets with numbers which appear within the window are accepted - * only if the number has not been seen before. - * - * When a host sends a @KX_SWITCH@ or @KX_SWITCHOK@ message, it installs the - * newly-negotiated keyset in a `listen-only' state: it may not send a packet - * encrypted under the keyset until either it has received a @KX_SWITCH@ or - * @KX_SWITCHOK@ message, or a @MSG_PACKET@ encrypted under the keyset, from - * its peer. - */ - /*----- Cipher selections -------------------------------------------------*/ #include @@ -668,6 +603,7 @@ extern void ks_activate(keyset */*ks*/); /* --- @ks_encrypt@ --- * * * Arguments: @keyset *ks@ = pointer to a keyset + * @unsigned ty@ = message type * @buf *b@ = pointer to input buffer * @buf *bb@ = pointer to output buffer * @@ -681,11 +617,13 @@ extern void ks_activate(keyset */*ks*/); * used even if it's marked as not for data output. */ -extern int ks_encrypt(keyset */*ks*/, buf */*b*/, buf */*bb*/); +extern int ks_encrypt(keyset */*ks*/, unsigned /*ty*/, + buf */*b*/, buf */*bb*/); /* --- @ks_decrypt@ --- * * * Arguments: @keyset *ks@ = pointer to a keyset + * @unsigned ty@ = expected type code * @buf *b@ = pointer to an input buffer * @buf *bb@ = pointer to an output buffer * @@ -696,7 +634,8 @@ extern int ks_encrypt(keyset */*ks*/, buf */*b*/, buf */*bb*/); * marking that it's not for encryption. */ -extern int ks_decrypt(keyset */*ks*/, buf */*b*/, buf */*bb*/); +extern int ks_decrypt(keyset */*ks*/, unsigned /*ty*/, + buf */*b*/, buf */*bb*/); /* --- @ksl_free@ --- * * @@ -737,6 +676,7 @@ extern void ksl_prune(keyset **/*ksroot*/); /* --- @ksl_encrypt@ --- * * * Arguments: @keyset **ksroot@ = pointer to keyset list head + * @unsigned ty@ = message type * @buf *b@ = pointer to input buffer * @buf *bb@ = pointer to output buffer * @@ -745,11 +685,13 @@ extern void ksl_prune(keyset **/*ksroot*/); * Use: Encrypts a packet. */ -extern int ksl_encrypt(keyset **/*ksroot*/, buf */*b*/, buf */*bb*/); +extern int ksl_encrypt(keyset **/*ksroot*/, unsigned /*ty*/, + buf */*b*/, buf */*bb*/); /* --- @ksl_decrypt@ --- * * * Arguments: @keyset **ksroot@ = pointer to keyset list head + * @unsigned ty@ = expected type code * @buf *b@ = pointer to input buffer * @buf *bb@ = pointer to output buffer * @@ -758,7 +700,8 @@ extern int ksl_encrypt(keyset **/*ksroot*/, buf */*b*/, buf */*bb*/); * Use: Decrypts a packet. */ -extern int ksl_decrypt(keyset **/*ksroot*/, buf */*b*/, buf */*bb*/); +extern int ksl_decrypt(keyset **/*ksroot*/, unsigned /*ty*/, + buf */*b*/, buf */*bb*/); /*----- Administration interface ------------------------------------------*/