X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/c8e02c8a4947afa4f9ac20e78a3c8808b3945804..12475f48a222535b290dd68d4f606b62bd8152f3:/server/tripe.h diff --git a/server/tripe.h b/server/tripe.h index bf599774..71c6023e 100644 --- a/server/tripe.h +++ b/server/tripe.h @@ -104,6 +104,7 @@ #include #include "protocol.h" +#include "slip.h" #include "util.h" #undef sun @@ -143,6 +144,7 @@ typedef struct algswitch { const gcmac *m; /* Message authentication code */ size_t hashsz; /* Hash output size */ size_t tagsz; /* Length to truncate MAC tags */ + size_t expsz; /* Size of data to process */ size_t cksz, mksz; /* Key lengths for @c@ and @m@ */ } algswitch; @@ -203,7 +205,7 @@ typedef struct keyset { unsigned ref; /* Reference count for keyset */ struct peer *p; /* Pointer to peer structure */ time_t t_exp; /* Expiry time for this keyset */ - unsigned long sz_exp; /* Data limit for the keyset */ + unsigned long sz_exp, sz_regen; /* Data limits for the keyset */ T( unsigned seq; ) /* Sequence number for tracing */ unsigned f; /* Various useful flags */ gcipher *cin, *cout; /* Keyset ciphers for encryption */ @@ -216,6 +218,10 @@ typedef struct keyset { #define KSF_LISTEN 1u /* Don't encrypt packets yet */ #define KSF_LINK 2u /* Key is in a linked list */ +#define KSERR_REGEN -1 /* Regenerate keys */ +#define KSERR_NOKEYS -2 /* No keys left */ +#define KSERR_DECRYPT -3 /* Unable to decrypt message */ + /* --- Key exchange --- * * * TrIPE uses the Wrestlers Protocol for its key exchange. The Wrestlers @@ -434,7 +440,7 @@ typedef struct admin_service { typedef struct admin_svcop { admin_bgop bg; /* Background operation header */ struct admin *prov; /* Client servicing this job */ - unsigned short index; /* This job's index */ + unsigned index; /* This job's index */ struct admin_svcop *next, *prev; /* Links for provider's jobs */ } admin_svcop; @@ -476,6 +482,7 @@ typedef struct admin { #ifndef NTRACE #define AF_TRACE 16u /* Catch tracing */ #endif +#define AF_FOREGROUND 32u /* Quit server when client closes */ #ifndef NTRACE # define AF_ALLMSGS (AF_NOTE | AF_TRACE | AF_WARN) @@ -490,7 +497,7 @@ extern group *gg; /* The group we work in */ extern size_t indexsz; /* Size of exponent for the group */ extern mp *kpriv; /* Our private key */ extern ge *kpub; /* Our public key */ -extern octet buf_i[PKBUFSZ], buf_o[PKBUFSZ], buf_t[PKBUFSZ]; +extern octet buf_i[PKBUFSZ], buf_o[PKBUFSZ], buf_t[PKBUFSZ], buf_u[PKBUFSZ]; extern const tunnel_ops *tunnels[]; /* Table of tunnels (0-term) */ extern const tunnel_ops *tun_default; /* Default tunnel to use */ @@ -685,9 +692,10 @@ extern void ks_activate(keyset */*ks*/); * @buf *b@ = pointer to input buffer * @buf *bb@ = pointer to output buffer * - * Returns: Zero if OK, nonzero if the key needs replacing. If the - * encryption failed, the output buffer is broken and zero is - * returned. + * Returns: Zero if successful; @KSERR_REGEN@ if we should negotiate a + * new key; @KSERR_NOKEYS@ if the key is not usable. Also + * returns zero if there was insufficient buffer (but the output + * buffer is broken in this case). * * Use: Encrypts a block of data using the key. Note that the `key * ought to be replaced' notification is only ever given once @@ -705,7 +713,9 @@ extern int ks_encrypt(keyset */*ks*/, unsigned /*ty*/, * @buf *b@ = pointer to an input buffer * @buf *bb@ = pointer to an output buffer * - * Returns: Zero on success, or nonzero if there was some problem. + * Returns: Zero on success; @KSERR_DECRYPT@ on failure. Also returns + * zero if there was insufficient buffer (but the output buffer + * is broken in this case). * * Use: Attempts to decrypt a message using a given key. Note that * requesting decryption with a key directly won't clear a @@ -758,7 +768,10 @@ extern void ksl_prune(keyset **/*ksroot*/); * @buf *b@ = pointer to input buffer * @buf *bb@ = pointer to output buffer * - * Returns: Nonzero if a new key is needed. + * Returns: Zero if successful; @KSERR_REGEN@ if it's time to negotiate a + * new key; @KSERR_NOKEYS@ if there are no suitable keys + * available. Also returns zero if there was insufficient + * buffer space (but the output buffer is broken in this case). * * Use: Encrypts a packet. */ @@ -773,7 +786,9 @@ extern int ksl_encrypt(keyset **/*ksroot*/, unsigned /*ty*/, * @buf *b@ = pointer to input buffer * @buf *bb@ = pointer to output buffer * - * Returns: Nonzero if the packet couldn't be decrypted. + * Returns: Zero on success; @KSERR_DECRYPT@ on failure. Also returns + * zero if there was insufficient buffer (but the output buffer + * is broken in this case). * * Use: Decrypts a packet. */ @@ -1235,7 +1250,7 @@ extern const tunnel_ops tun_slip; * Returns: A pointer to the integer's textual representation. * * Use: Converts a multiprecision integer to a string. Corrupts - * @buf_t@. + * @buf_u@. */ extern const char *mpstr(mp */*m*/); @@ -1248,7 +1263,7 @@ extern const char *mpstr(mp */*m*/); * Returns: A pointer to the element's textual representation. * * Use: Converts a group element to a string. Corrupts - * @buf_t@. + * @buf_u@. */ extern const char *gestr(group */*g*/, ge */*x*/); @@ -1260,7 +1275,7 @@ extern const char *gestr(group */*g*/, ge */*x*/); * Returns: A pointer to a textual representation of the time. * * Use: Converts a time to a textual representation. Corrupts - * @buf_t@. + * @buf_u@. */ extern const char *timestr(time_t /*t*/);