X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=secnet.git;a=blobdiff_plain;f=secnet.h;h=79a3fc448e4a1a3a8ca81333746f0e12ee091e75;hp=96717aea61eadd6ab18a05120bbe45dd1b19e67b;hb=HEAD;hpb=9c44ef13ed639445ee2e8a4037f7b3c5fcc11aa2 diff --git a/secnet.h b/secnet.h index 96717ae..79a3fc4 100644 --- a/secnet.h +++ b/secnet.h @@ -1,4 +1,22 @@ /* Core interface of secnet, to be used by all modules */ +/* + * This file is part of secnet. + * See README for full list of copyright holders. + * + * secnet is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * secnet is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 3 along with secnet; if not, see + * https://www.gnu.org/licenses/gpl.html. + */ #ifndef secnet_h #define secnet_h @@ -9,11 +27,14 @@ #include #include #include +#include +#include #include #include #include #include #include +#include #include #include #include @@ -24,11 +45,22 @@ #include +#include "osdep.h" + #define MAX_PEER_ADDRS 5 /* send at most this many copies; honour at most that many addresses */ +#define MAX_NAK_MSG 80 +#define MAX_SIG_KEYS 4 + +struct hash_if; struct comm_if; struct comm_addr; +struct priomsg; +struct log_if; +struct buffer_if; +struct sigpubkey_if; +struct sigprivkey_if; typedef char *string_t; typedef const char *cstring_t; @@ -45,6 +77,31 @@ union iaddr { #endif }; +#define GRPIDSZ 4 +#define ALGIDSZ 1 +#define KEYIDSZ (GRPIDSZ+ALGIDSZ) + /* Changing these is complex: this is the group id plus algo id */ + /* They are costructed by pubkeys.fl.pl. Also hardcoded in _PR_ */ +struct sigkeyid { uint8_t b[KEYIDSZ]; }; + +#define SIGKEYID_PR_FMT "%02x%02x%02x%02x%02x" +#define SIGKEYID_PR_VAL(id) /* SIGKEYID_PR_VAL(const sigkeyid *id) */ \ + ((id) == (const struct sigkeyid*)0, (id)->b[0]), \ + (id)->b[1],(id)->b[2],(id)->b[3],(id)->b[4] +static inline bool_t sigkeyid_equal(const struct sigkeyid *a, + const struct sigkeyid *b) { + return !memcmp(a->b, b->b, KEYIDSZ); +} + +#define SERIALSZ 4 +typedef uint32_t serialt; +static inline int serial_cmp(serialt a, serialt b) { + if (a==b) return 0; + if (!a) return -1; + if (!b) return +1; + return b-a <= (serialt)0x7fffffffUL ? +1 : -1; +} + #define ASSERT(x) do { if (!(x)) { fatal("assertion failed line %d file " \ __FILE__,__LINE__); } } while(0) @@ -141,7 +198,7 @@ extern item_t *list_elem(list_t *l, int32_t index); extern list_t *new_closure(closure_t *cl); extern void add_closure(dict_t *dict, cstring_t name, apply_fn apply); extern void *find_cl_if(dict_t *dict, cstring_t name, uint32_t type, - bool_t fail_if_invalid, cstring_t desc, + bool_t required, cstring_t desc, struct cloc loc); extern item_t *dict_find_item(dict_t *dict, cstring_t key, bool_t required, cstring_t desc, struct cloc loc); @@ -153,6 +210,8 @@ extern uint32_t dict_read_number(dict_t *dict, cstring_t key, bool_t required, /* return value can safely be assigned to int32_t */ extern bool_t dict_read_bool(dict_t *dict, cstring_t key, bool_t required, cstring_t desc, struct cloc loc, bool_t def); +extern dict_t *dict_read_dict(dict_t *dict, cstring_t key, bool_t required, + cstring_t desc, struct cloc loc); const char **dict_read_string_array(dict_t *dict, cstring_t key, bool_t required, cstring_t desc, struct cloc loc, const char *const *def); @@ -180,6 +239,16 @@ extern void *safe_malloc_ary(size_t size, size_t count, const char *message); extern void *safe_realloc_ary(void *p, size_t size, size_t count, const char *message); +#define NEW(p) \ + ((p)=safe_malloc(sizeof(*(p)), \ + __FILE__ ":" #p)) +#define NEW_ARY(p,count) \ + ((p)=safe_malloc_ary(sizeof(*(p)),(count), \ + __FILE__ ":" #p "[" #count "]")) +#define REALLOC_ARY(p,count) \ + ((p)=safe_realloc_ary((p),sizeof(*(p)),(count), \ + __FILE__ ":" #p "[" #count "]")) + void setcloexec(int fd); /* cannot fail */ void setnonblock(int fd); /* cannot fail */ void pipe_cloexec(int fd[2]); /* pipe(), setcloexec() twice; cannot fail */ @@ -308,6 +377,7 @@ typedef void init_module(dict_t *dict); extern void init_builtin_modules(dict_t *dict); +extern init_module pubkeys_init; extern init_module resolver_module; extern init_module random_module; extern init_module udp_module; @@ -324,16 +394,64 @@ extern init_module slip_module; extern init_module tun_module; extern init_module sha1_module; extern init_module log_module; +extern init_module privcache_module; /***** END of module support *****/ +/***** SIGNATURE SCHEMES *****/ + +struct sigscheme_info; + +typedef bool_t sigscheme_loadpub(const struct sigscheme_info *algo, + struct buffer_if *pubkeydata, + struct sigpubkey_if **sigpub_r, + closure_t **closure_r, + struct log_if *log, struct cloc loc); + /* pubkeydata is (supposedly) for this algorithm. + * loadpub should log an error if it fails. + * pubkeydata may be modified (but not freed). + * both *sigpub_r and *closure_r must always be written and must + * refer to the same object, so on successful return + * (*closure_r)->type==CL_SIGPUBKEY + * and (*closure_r)->interface==*sigpub_r */ + +typedef bool_t sigscheme_loadpriv(const struct sigscheme_info *algo, + struct buffer_if *privkeydata, + struct sigprivkey_if **sigpriv_r, + closure_t **closure_r, + struct log_if *log, struct cloc loc); + /* Ideally, check whether privkeydata contains data for any algorithm. + * That avoids security problems if a key file is misidentified (which + * might happen if the file is simply renamed). + * If there is an error (including that the key data is not for this + * algorithm, return False and log an error at M_ERROR. + * On entry privkeydata->base==start. loadpriv may modify + * privkeydata, including the contents. */ + +struct sigscheme_info { + const char *name; + const uint8_t algid; + sigscheme_loadpub *loadpub; + sigscheme_loadpriv *loadpriv; +}; + +extern const struct sigscheme_info rsa1_sigscheme; +extern const struct sigscheme_info sigschemes[]; /* sentinel has name==0 */ + +const struct sigscheme_info *sigscheme_lookup(const char *name); + +extern sigscheme_loadpriv rsa1_loadpriv; +extern sigscheme_loadpub rsa1_loadpub; + +/***** END of signature schemes *****/ + /***** CLOSURE TYPES and interface definitions *****/ #define CL_PURE 0 #define CL_RESOLVER 1 #define CL_RANDOMSRC 2 -#define CL_RSAPUBKEY 3 -#define CL_RSAPRIVKEY 4 +#define CL_SIGPUBKEY 3 +#define CL_SIGPRIVKEY 4 #define CL_COMM 5 #define CL_IPIF 6 #define CL_LOG 7 @@ -343,9 +461,20 @@ extern init_module log_module; #define CL_HASH 12 #define CL_BUFFER 13 #define CL_NETLINK 14 +#define CL_PRIVCACHE 15 +/* When editing this list, edit closure_type_names[] too */ + +extern const char *const closure_type_names[]; + +const char *closure_type_name(uint32_t ty, char buf[]); struct buffer_if; +struct alg_msg_data { + uint8_t *start; + int32_t len; +}; + /* PURE closure requires no interface */ /* RESOLVER interface */ @@ -371,8 +500,8 @@ struct resolver_if { /* RANDOMSRC interface */ -/* Return some random data. Returns TRUE for success. */ -typedef bool_t random_fn(void *st, int32_t bytes, uint8_t *buff); +/* Return some random data. Cannot fail. */ +typedef void random_fn(void *st, int32_t bytes, uint8_t *buff); struct random_if { void *st; @@ -380,21 +509,45 @@ struct random_if { random_fn *generate; }; -/* RSAPUBKEY interface */ +/* SIGPUBKEY interface */ + +typedef void sig_dispose_fn(void *st); -typedef bool_t rsa_checksig_fn(void *st, uint8_t *data, int32_t datalen, - cstring_t signature); -struct rsapubkey_if { +typedef bool_t sig_unpick_fn(void *sst, struct buffer_if *msg, + struct alg_msg_data *sig); +typedef bool_t sig_checksig_fn(void *st, uint8_t *data, int32_t datalen, + const struct alg_msg_data *sig); +struct sigpubkey_if { void *st; - rsa_checksig_fn *check; + sig_unpick_fn *unpick; + sig_checksig_fn *check; + const struct hash_if *hash; + sig_dispose_fn *dispose; }; -/* RSAPRIVKEY interface */ +/* SIGPRIVKEY interface */ -typedef string_t rsa_makesig_fn(void *st, uint8_t *data, int32_t datalen); -struct rsaprivkey_if { +/* Appends the signature to msg. + * Can fail and returnn False, eg if the buffer is too small. */ +typedef bool_t sig_makesig_fn(void *st, uint8_t *data, int32_t datalen, + struct buffer_if *msg); +struct sigprivkey_if { void *st; - rsa_makesig_fn *sign; + sig_makesig_fn *sign; + const struct hash_if *hash; + sig_dispose_fn *dispose; +}; + +/* PRIVCACHE interface */ + +typedef struct sigprivkey_if *privcache_lookup_fn(void *st, + const struct sigkeyid *id, + struct log_if*); + /* Return is valid only until you return from the current event! */ + +struct privcache_if { + void *st; + privcache_lookup_fn *lookup; }; /* COMM interface */ @@ -407,16 +560,34 @@ struct comm_addr { int ix; /* see comment `Re comm_addr.ix' in udp.c */ }; +struct comm_clientinfo; /* private for comm */ + +typedef struct comm_clientinfo *comm_clientinfo_fn(void *state, dict_t*, + struct cloc cloc); +/* A comm client may call this during configuration, and then pass + * the resulting comm_clientinfo* to some or all sendmsg calls. + * The semantics depend on the dict and defined by the comm, and + * should be documented in README. */ + +enum { + comm_notify_whynot_general, + comm_notify_whynot_unpick, + comm_notify_whynot_name_local, + comm_notify_whynot_name_remote, +}; + /* Return True if the packet was processed, and shouldn't be passed to any other potential receivers. (buf is freed iff True returned.) */ typedef bool_t comm_notify_fn(void *state, struct buffer_if *buf, - const struct comm_addr *source); + const struct comm_addr *source, + struct priomsg *whynot); typedef void comm_request_notify_fn(void *commst, void *nst, comm_notify_fn *fn); typedef void comm_release_notify_fn(void *commst, void *nst, comm_notify_fn *fn); typedef bool_t comm_sendmsg_fn(void *commst, struct buffer_if *buf, - const struct comm_addr *dest); + const struct comm_addr *dest, + struct comm_clientinfo* /* 0 OK */); /* Only returns false if (we know that) the local network * environment is such that this address cannot work; transient * or unknown/unexpected failures return true. */ @@ -425,6 +596,7 @@ typedef const char *comm_addr_to_string_fn(void *commst, /* Returned string is in a static buffer. */ struct comm_if { void *st; + comm_clientinfo_fn *clientinfo; comm_request_notify_fn *request_notify; comm_release_notify_fn *release_notify; comm_sendmsg_fn *sendmsg; @@ -470,15 +642,34 @@ FORMAT(printf,3,4); extern void vslilog_part(struct log_if *lf, int class, const char *message, va_list) FORMAT(printf,3,0); +void cfgfile_log__vmsg(void *sst, int class, const char *message, va_list); +struct cfgfile_log { + struct log_if log; + /* private fields */ + struct cloc loc; + const char *facility; +}; +static inline void cfgfile_log_init(struct cfgfile_log *cfl, + struct cloc loc, const char *facility) +{ + cfl->log.st=cfl; + cfl->log.vlogfn=cfgfile_log__vmsg; + cfl->loc=loc; + cfl->facility=facility; +} + +void log_early_init(void); +void log_early_setlevel(void); + /* SITE interface */ /* Pretty much a placeholder; allows starting and stopping of processing, key expiry, etc. */ -typedef void site_control_fn(void *st, bool_t run); +typedef void site_startup_fn(void *st); typedef uint32_t site_status_fn(void *st); struct site_if { void *st; - site_control_fn *control; + site_startup_fn *startup; site_status_fn *status; }; @@ -501,13 +692,24 @@ typedef bool_t transform_setkey_fn(void *st, uint8_t *key, int32_t keylen, typedef bool_t transform_valid_fn(void *st); /* 0: no key; 1: ok */ typedef void transform_delkey_fn(void *st); typedef void transform_destroyinstance_fn(void *st); -/* Returns: - * 0: all is well - * 1: for any other problem - * 2: message decrypted but sequence number was out of range - */ -typedef uint32_t transform_apply_fn(void *st, struct buffer_if *buf, - const char **errmsg); + +typedef enum { + transform_apply_ok = 0, /* all is well (everyone may assume==0) */ + transform_apply_err = 1, /* any other problem */ + transform_apply_seqrange = 2, + /* message decrypted but sequence number was out of recent range */ + transform_apply_seqdupe = 3, + /* message decrypted but was dupe of recent packet */ +} transform_apply_return; + +static inline bool_t +transform_apply_return_badseq(transform_apply_return problem) { + return problem == transform_apply_seqrange || + problem == transform_apply_seqdupe; +} + +typedef transform_apply_return transform_apply_fn(void *st, + struct buffer_if *buf, const char **errmsg); struct transform_inst_if { void *st; @@ -521,7 +723,7 @@ struct transform_inst_if { struct transform_if { void *st; - int capab_transformnum; + int capab_bit; int32_t keylen; /* <<< INT_MAX */ transform_createinstance_fn *create; }; @@ -575,22 +777,24 @@ struct dh_if { /* HASH interface */ -typedef void *hash_init_fn(void); +typedef void hash_init_fn(void *st /* slen bytes alloc'd by caller */); typedef void hash_update_fn(void *st, const void *buf, int32_t len); -typedef void hash_final_fn(void *st, uint8_t *digest); +typedef void hash_final_fn(void *st, uint8_t *digest /* hlen bytes */); struct hash_if { - int32_t len; /* Hash output length in bytes */ + int32_t slen; /* State length in bytes */ + int32_t hlen; /* Hash output length in bytes */ hash_init_fn *init; hash_update_fn *update; hash_final_fn *final; }; +extern struct hash_if *const sha1_hash_if; /* for where this is hardcoded */ + /* BUFFER interface */ struct buffer_if { bool_t free; cstring_t owner; /* Set to constant string */ - uint32_t flags; /* How paranoid should we be? */ struct cloc loc; /* Where we were defined */ uint8_t *base; uint8_t *start; @@ -637,13 +841,17 @@ extern NORETURN(cfgfatal(struct cloc loc, cstring_t facility, extern void cfgfile_postreadcheck(struct cloc loc, FILE *f); extern NORETURN(vcfgfatal_maybefile(FILE *maybe_f, struct cloc loc, cstring_t facility, const char *message, - va_list)) + va_list, const char *suffix)) FORMAT(printf,4,0); extern NORETURN(cfgfatal_maybefile(FILE *maybe_f, struct cloc loc, cstring_t facility, const char *message, ...)) FORMAT(printf,4,5); +extern NORETURN(cfgfatal_cl_type(struct cloc loc, const char *facility, + closure_t *cl, uint32_t exp_type, + const char *name)); + extern void Message(uint32_t class, const char *message, ...) FORMAT(printf,2,3); extern void log_from_fd(int fd, cstring_t prefix, struct log_if *log); @@ -660,7 +868,7 @@ extern void log_from_fd(int fd, cstring_t prefix, struct log_if *log); * void COPY_OBJ( OBJECT& dst, const OBJECT& src); * void COPY_ARRAY(OBJECT *dst, const OBJECT *src, INTEGER count); * // Typesafe: we check that the type OBJECT is the same in both cases. - * // It is OK to use COPY_OBJ on an array object, provided it's + * // It is OK to use COPY_OBJ on an array object, provided dst is * // _actually_ the whole array object and not decayed into a * // pointer (e.g. a formal parameter). */