X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/971e56892e36f3351b123200dc1df5b7845aebd7..4a3882945f605704ede113a9fe98cd19a92363a7:/server/tripe.h

diff --git a/server/tripe.h b/server/tripe.h
index 6946c5f1..10a03f5f 100644
--- a/server/tripe.h
+++ b/server/tripe.h
@@ -188,6 +188,16 @@ enum {
   DHFMT_VAR		       /* Variable-width-format, mostly a bad idea */
 };
 
+typedef struct deriveargs {
+  const char *what;			/* Operation name (hashed) */
+  unsigned f;				/* Flags */
+#define DF_IN 1u			/*   Make incoming key */
+#define DF_OUT 2u			/*   Make outgoing key */
+  const gchash *hc;			/* Hash class */
+  const octet *k;			/* Pointer to contributions */
+  size_t x, y, z;			/* Markers in contributions */
+} deriveargs;
+
 typedef struct bulkalgs {
   const struct bulkops *ops;
 } bulkalgs;
@@ -201,8 +211,6 @@ typedef struct bulkchal {
   size_t tagsz;
 } bulkchal;
 
-struct rawkey;
-
 typedef struct dhops {
   const char *name;
 
@@ -332,9 +340,17 @@ typedef struct bulkops {
 	 * after which the keys must no longer be used.
 	 */
 
-  bulkctx *(*genkeys)(const bulkalgs */*a*/, const struct rawkey */*rk*/);
+  bulkctx *(*genkeys)(const bulkalgs */*a*/, const deriveargs */*a*/);
 	/* Generate session keys and construct and return an appropriate
-	 * context for using them, by calling @ks_derive@.
+	 * context for using them.  The offsets @a->x@, @a->y@ and @a->z@
+	 * separate the key material into three parts.  Between @a->k@ and
+	 * @a->k + a->x@ is `my' contribution to the key material; between
+	 * @a->k + a->x@ and @a->k + a->y@ is `your' contribution; and
+	 * between @a->k + a->y@ and @a->k + a->z@ is a shared value we made
+	 * together.  These are used to construct (up to) two collections of
+	 * symmetric keys: one for outgoing messages, the other for incoming
+	 * messages.  If @a->x == 0@ (or @a->y == a->x@) then my (or your)
+	 * contribution is omitted.
 	 */
 
   bulkchal *(*genchal)(const bulkalgs */*a*/);
@@ -367,15 +383,16 @@ typedef struct bulkops {
 	/* Release a bulk encryption context and the resources it holds. */
 
   int (*chaltag)(bulkchal */*bc*/, const void */*m*/, size_t /*msz*/,
-		 void */*t*/);
-	/* Calculate a tag for the challenge in @m@, @msz@, and write it to
-	 * @t@.  Return @-1@ on error, zero on success.
+		 uint32 /*seq*/, void */*t*/);
+	/* Calculate a tag for the challenge in @m@, @msz@, with the sequence
+	 * number @seq@, and write it to @t@.  Return @-1@ on error, zero on
+	 * success.
 	 */
 
   int (*chalvrf)(bulkchal */*bc*/, const void */*m*/, size_t /*msz*/,
-		 const void */*t*/);
-	/* Check the tag @t@ on @m@, @msz@: return zero if the tag is OK,
-	 * nonzero if it's bad.
+		 uint32 /*seq*/, const void */*t*/);
+	/* Check the tag @t@ on @m@, @msz@ and @seq@: return zero if the tag
+	 * is OK, nonzero if it's bad.
 	 */
 
   void (*freechal)(bulkchal */*bc*/);
@@ -392,6 +409,7 @@ struct algswitch {
 struct kdata {
   unsigned ref;				/* Reference counter */
   struct knode *kn;			/* Pointer to cache entry */
+  uint32 id;				/* The underlying key's id */
   char *tag;				/* Full tag name of the key */
   dhgrp *grp;				/* The group we work in */
   dhsc *k;				/* The private key (or null) */
@@ -420,10 +438,11 @@ extern const bulkops bulktab[];
 /* --- The address-family table --- */
 
 #define ADDRFAM(_)							\
-  _(INET)
+  _(INET,	want_ipv4)						\
+  _(INET6,	want_ipv6)
 
 enum {
-#define ENUM(af) AFIX_##af,
+#define ENUM(af, qf) AFIX_##af,
   ADDRFAM(ENUM)
 #undef ENUM
   NADDRFAM
@@ -432,6 +451,9 @@ enum {
 extern const struct addrfam {
   int af;
   const char *name;
+#ifdef HAVE_LIBADNS
+  adns_queryflags qf;
+#endif
 } aftab[NADDRFAM];
 
 /* --- Socket addresses --- *
@@ -442,6 +464,7 @@ extern const struct addrfam {
 typedef union addr {
   struct sockaddr sa;
   struct sockaddr_in sin;
+  struct sockaddr_in6 sin6;
 } addr;
 
 /* --- Mapping keyed on addresses --- */
@@ -616,12 +639,14 @@ typedef struct peerspec {
   char *name;				/* Peer's name */
   char *privtag;			/* Private key tag */
   char *tag;				/* Public key tag */
+  char *knock;				/* Knock string, or null */
   const tunnel_ops *tops;		/* Tunnel operations */
   unsigned long t_ka;			/* Keep alive interval */
   addr sa;				/* Socket address to speak to */
   unsigned f;				/* Flags for the peer */
 #define PSF_KXMASK 255u			/*   Key-exchange flags to set */
 #define PSF_MOBILE 256u			/*   Address may change rapidly */
+#define PSF_EPHEM 512u			/*   Association is ephemeral */
 } peerspec;
 
 typedef struct peer_byname {
@@ -841,6 +866,19 @@ extern int km_reload(void);
 extern kdata *km_findpub(const char */*tag*/);
 extern kdata *km_findpriv(const char */*tag*/);
 
+/* --- @km_findpubbyid@, @km_findprivbyid@ --- *
+ *
+ * Arguments:	@uint32 id@ = key id to load
+ *
+ * Returns:	Pointer to the kdata object if successful, or null on error.
+ *
+ * Use:		Fetches a public or private key from the keyring given its
+ *		numeric id.
+ */
+
+extern kdata *km_findpubbyid(uint32 /*id*/);
+extern kdata *km_findprivbyid(uint32 /*id*/);
+
 /* --- @km_samealgsp@ --- *
  *
  * Arguments:	@const kdata *kdx, *kdy@ = two key data objects
@@ -903,16 +941,18 @@ extern void kx_start(keyexch */*kx*/, int /*forcep*/);
 /* --- @kx_message@ --- *
  *
  * Arguments:	@keyexch *kx@ = pointer to key exchange context
+ *		@const addr *a@ = sender's IP address and port
  *		@unsigned msg@ = the message code
  *		@buf *b@ = pointer to buffer containing the packet
  *
- * Returns:	---
+ * Returns:	Nonzero if the sender's address was unknown.
  *
  * Use:		Reads a packet containing key exchange messages and handles
  *		it.
  */
 
-extern void kx_message(keyexch */*kx*/, unsigned /*msg*/, buf */*b*/);
+extern int kx_message(keyexch */*kx*/, const addr */*a*/,
+		      unsigned /*msg*/, buf */*b*/);
 
 /* --- @kx_free@ --- *
  *
@@ -939,7 +979,7 @@ extern void kx_free(keyexch */*kx*/);
 
 extern void kx_newkeys(keyexch */*kx*/);
 
-/* --- @kx_init@ --- *
+/* --- @kx_setup@ --- *
  *
  * Arguments:	@keyexch *kx@ = pointer to key exchange context
  *		@peer *p@ = pointer to peer context
@@ -953,69 +993,51 @@ extern void kx_newkeys(keyexch */*kx*/);
  *		exchange.
  */
 
-extern int kx_init(keyexch */*kx*/, peer */*p*/,
-		   keyset **/*ks*/, unsigned /*f*/);
-
-/*----- Keysets and symmetric cryptography --------------------------------*/
+extern int kx_setup(keyexch */*kx*/, peer */*p*/,
+		    keyset **/*ks*/, unsigned /*f*/);
 
-/* --- @ks_drop@ --- *
+/* --- @kx_init@ --- *
  *
- * Arguments:	@keyset *ks@ = pointer to a keyset
+ * Arguments:	---
  *
  * Returns:	---
  *
- * Use:		Decrements a keyset's reference counter.  If the counter hits
- *		zero, the keyset is freed.
+ * Use:		Initializes the key-exchange logic.
  */
 
-extern void ks_drop(keyset */*ks*/);
+extern void kx_init(void);
+
+/*----- Keysets and symmetric cryptography --------------------------------*/
 
-/* --- @ks_derivekey@ --- *
+/* --- @ks_drop@ --- *
  *
- * Arguments:	@octet *k@ = pointer to an output buffer of at least
- *			@MAXHASHSZ@ bytes
- *		@size_t ksz@ = actual size wanted (for tracing)
- *		@const struct rawkey *rk@ = a raw key, as passed into
- *			@genkeys@
- *		@int dir@ = direction for the key (@DIR_IN@ or @DIR_OUT@)
- *		@const char *what@ = label for the key (input to derivation)
+ * Arguments:	@keyset *ks@ = pointer to a keyset
  *
  * Returns:	---
  *
- * Use:		Derives a session key, for use on incoming or outgoing data.
- *		This function is part of a private protocol between @ks_gen@
- *		and the bulk crypto transform @genkeys@ operation.
+ * Use:		Decrements a keyset's reference counter.  If the counter hits
+ *		zero, the keyset is freed.
  */
 
-extern void ks_derivekey(octet */*k*/, size_t /*ksz*/,
-			 const struct rawkey */*rk*/,
-			 int /*dir*/, const char */*what*/);
+extern void ks_drop(keyset */*ks*/);
 
 /* --- @ks_gen@ --- *
  *
- * Arguments:	@const void *k@ = pointer to key material
- *		@size_t x, y, z@ = offsets into key material (see below)
+ * Arguments:	@deriveargs *a@ = key derivation parameters (modified)
  *		@peer *p@ = pointer to peer information
  *
  * Returns:	A pointer to the new keyset.
  *
- * Use:		Derives a new keyset from the given key material.  The
- *		offsets @x@, @y@ and @z@ separate the key material into three
- *		parts.  Between the @k@ and @k + x@ is `my' contribution to
- *		the key material; between @k + x@ and @k + y@ is `your'
- *		contribution; and between @k + y@ and @k + z@ is a shared
- *		value we made together.  These are used to construct two
- *		collections of symmetric keys: one for outgoing messages, the
- *		other for incoming messages.
+ * Use:		Derives a new keyset from the given key material.  This will
+ *		set the @what@, @f@, and @hc@ members in @*a@; other members
+ *		must be filled in by the caller.
  *
  *		The new key is marked so that it won't be selected for output
  *		by @ksl_encrypt@.  You can still encrypt data with it by
  *		calling @ks_encrypt@ directly.
  */
 
-extern keyset *ks_gen(const void */*k*/,
-		      size_t /*x*/, size_t /*y*/, size_t /*z*/,
-		      peer */*p*/);
+extern keyset *ks_gen(deriveargs */*a*/, peer */*p*/);
 
 /* --- @ks_activate@ --- *
  *
@@ -1154,25 +1176,29 @@ extern int ksl_decrypt(keyset **/*ksroot*/, unsigned /*ty*/,
 
 /* --- @c_new@ --- *
  *
- * Arguments:	@buf *b@ = where to put the challenge
+ * Arguments:	@const void *m@ = pointer to associated message, or null
+ *		@size_t msz@ = length of associated message
+ *		@buf *b@ = where to put the challenge
  *
  * Returns:	Zero if OK, nonzero on error.
  *
  * Use:		Issues a new challenge.
  */
 
-extern int c_new(buf */*b*/);
+extern int c_new(const void */*m*/, size_t /*msz*/, buf */*b*/);
 
 /* --- @c_check@ --- *
  *
- * Arguments:	@buf *b@ = where to find the challenge
+ * Arguments:	@const void *m@ = pointer to associated message, or null
+ *		@size_t msz@ = length of associated message
+ *		@buf *b@ = where to find the challenge
  *
  * Returns:	Zero if OK, nonzero if it didn't work.
  *
  * Use:		Checks a challenge.  On failure, the buffer is broken.
  */
 
-extern int c_check(buf */*b*/);
+extern int c_check(const void */*m*/, size_t /*msz*/, buf */*b*/);
 
 /*----- Administration interface ------------------------------------------*/
 
@@ -1466,6 +1492,20 @@ extern int p_updateaddr(peer */*p*/, const addr */*a*/);
 
 extern buf *p_txstart(peer */*p*/, unsigned /*msg*/);
 
+/* --- @p_txaddr@ --- *
+ *
+ * Arguments:	@const addr *a@ = recipient address
+ *		@const void *p@ = pointer to packet to send
+ *		@size_t sz@ = length of packet
+ *
+ * Returns:	Zero if successful, nonzero on error.
+ *
+ * Use:		Sends a packet to an address which (possibly) isn't a current
+ *		peer.
+ */
+
+extern int p_txaddr(const addr */*a*/, const void */*p*/, size_t /*sz*/);
+
 /* --- @p_txend@ --- *
  *
  * Arguments:	@peer *p@ = pointer to peer block
@@ -1689,13 +1729,14 @@ extern peer *p_find(const char */*name*/);
 /* --- @p_destroy@ --- *
  *
  * Arguments:	@peer *p@ = pointer to a peer
+ *		@int bye@ = say goodbye to the peer?
  *
  * Returns:	---
  *
  * Use:		Destroys a peer.
  */
 
-extern void p_destroy(peer */*p*/);
+extern void p_destroy(peer */*p*/, int /*bye*/);
 
 /* --- @FOREACH_PEER@ --- *
  *
@@ -1828,6 +1869,75 @@ extern void seq_reset(seqwin */*s*/);
 
 extern int seq_check(seqwin */*s*/, uint32 /*q*/, const char */*service*/);
 
+typedef struct ratelim {
+  unsigned n, max, persec;
+  struct timeval when;
+} ratelim;
+
+/* --- @ratelim_init@ --- *
+ *
+ * Arguments:	@ratelim *r@ = rate-limiting state to fill in
+ *		@unsigned persec@ = credit to accumulate per second
+ *		@unsigned max@ = maximum credit to retain
+ *
+ * Returns:	---
+ *
+ * Use:		Initialize a rate-limiting state.
+ */
+
+extern void ratelim_init(ratelim */*r*/,
+			 unsigned /*persec*/, unsigned /*max*/);
+
+/* --- @ratelim_withdraw@ --- *
+ *
+ * Arguments:	@ratelim *r@ = rate-limiting state
+ *		@unsigned n@ = credit to withdraw
+ *
+ * Returns:	Zero if successful; @-1@ if there is unsufficient credit
+ *
+ * Use:		Updates the state with any accumulated credit.  Then, if
+ *		there there are more than @n@ credits available, withdraw @n@
+ *		and return successfully; otherwise, report failure.
+ */
+
+extern int ratelim_withdraw(ratelim */*r*/, unsigned /*n*/);
+
+/* --- @ies_encrypt@ --- *
+ *
+ * Arguments:	@kdata *kpub@ = recipient's public key
+ *		@unsigned ty@ = message type octet
+ *		@buf *b@ = input message buffer
+ *		@buf *bb@ = output buffer for the ciphertext
+ *
+ * Returns:	On error, returns a @KSERR_...@ code or breaks the buffer;
+ *		on success, returns zero and the buffer is good.
+ *
+ * Use:		Encrypts a message for a recipient, given their public key.
+ *		This does not (by itself) provide forward secrecy or sender
+ *		authenticity.  The ciphertext is self-delimiting (unlike
+ *		@ks_encrypt@).
+ */
+
+extern int ies_encrypt(kdata */*kpub*/, unsigned /*ty*/,
+		       buf */*b*/, buf */*bb*/);
+
+/* --- @ies_decrypt@ --- *
+ *
+ * Arguments:	@kdata *kpub@ = private key key
+ *		@unsigned ty@ = message type octet
+ *		@buf *b@ = input ciphertext buffer
+ *		@buf *bb@ = output buffer for the message
+ *
+ * Returns:	On error, returns a @KSERR_...@ code; on success, returns
+ *		zero and the buffer is good.
+ *
+ * Use:		Decrypts a message encrypted using @ies_encrypt@, given our
+ *		private key.
+ */
+
+extern int ies_decrypt(kdata */*kpriv*/, unsigned /*ty*/,
+		       buf */*b*/, buf */*bb*/);
+
 /*----- That's all, folks -------------------------------------------------*/
 
 #ifdef __cplusplus