Initial revision

[become] / src / crypt.h

/* -*-c-*-
 *
 * $Id: crypt.h,v 1.1 1997/07/21 13:47:51 mdw Exp $
 *
 * Cryptographic transfer of `become' requests
 *
 * (c) 1997 EBI
 */

/*----- Licencing notice --------------------------------------------------*
 *
 * This file is part of `become'
 *
 * `Become' is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * `Become' is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with `become'; if not, write to the Free Software
 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */

/*----- Revision history --------------------------------------------------*
 *
 * $Log: crypt.h,v $
 * Revision 1.1  1997/07/21 13:47:51  mdw
 * Initial revision
 *
 */

#ifndef CRYPT_H
#define CRYPT_H

#ifdef __cplusplus
  extern "C" {
#endif

/*----- Required headers --------------------------------------------------*/

#include <string.h>

#ifndef BECOME_H
#  include "become.h"
#endif

#ifndef CONFIG_H
#  include "config.h"
#endif

/*----- Type definitions and data structures ------------------------------*/

/* --- Encryption formats --- */

enum {
  cryptType_idea,                       /* Symmetric IDEA encryption */
  cryptType_rsa                         /* Public key RSA (later project) */
};

/* --- Encrypted buffer format --- *
 *
 * C structures are no good here.  Time for some explicit offsets.
 */

enum {
  crq_cryptType = 0,                    /* Encryption type (1 byte) */
  crq_iv = crq_cryptType + 1,           /* Plaintext IV (8 bytes) */
  crq_session = crq_iv + 8,             /* IDEA session key (16 bytes) */
  crq_cipher = crq_session + 16,        /* Where to start encrypting */
  crq_time = crq_cipher,                /* Time stamp (4 bytes) */
  crq_pid = crq_time + 4,               /* Process ID (4 bytes) */
  crq_from = crq_pid + 4,               /* From user id (4 bytes) */
  crq_to = crq_from + 4,                /* To user id (4 bytes) */
  crq_cmd = crq_to + 4,                 /* Command string (lots of bytes) */
  crq_check = crq_cmd + CMDLEN_MAX,     /* Checksum for request (4 bytes) */
  crq_size = crq_check + 4              /* Size of encrypted request */
};

/* --- Encrypted result format --- */

enum {
  crp_iv = 0,                           /* Plaintext IV (8 bytes) */
  crp_cipher = crp_iv + 8,              /* Where to start encrypting */
  crp_time = crp_cipher,                /* Time of request (4 bytes) */
  crp_pid = crp_time + 4,               /* Process ID of client (4 bytes) */
  crp_answer = crp_pid + 4,             /* Answer (1 or 0) (1 byte) */
  crp_check = crp_answer + 1,           /* Checksum for reply (4 bytes) */
  crp_size = crp_check + 4              /* Size of encrypted reply */
};

/*----- Macros ------------------------------------------------------------*/

/* --- @burn@ --- *
 *
 * Arguments:   @obj@ = some object
 *
 * Use:         Writes zero bytes over the object.
 */

#define burn(obj) ((void)memset(&obj, 0, sizeof(obj)))

/*----- Functions provided ------------------------------------------------*/

/* --- @crypt_packRequest@ --- *
 *
 * Arguments:   @request *rq@ = pointer to request block
 *              @unsigned char *buff@ = pointer to a buffer
 *              @time_t t@ = the current time
 *              @pid_t pid@ = my process ID
 *              @unsigned char *k@ = pointer to 128-bit key
 *              @unsigned char *sk@ = where to put the session key
 *
 * Returns:     The number of bytes written.
 *
 * Use:         Packs a request block into a buffer.  The buffer should have
 *              space for at least @crq_size@ bytes.  The buffer comes back
 *              encrypted and ready to send.
 */

extern void crypt_packRequest(request */*rq*/, unsigned char */*buff*/,
                              time_t /*t*/, pid_t /*pid*/,
                              unsigned char */*k*/, unsigned char */*sk*/);

/* --- @crypt_unpackRequest@ --- *
 *
 * Arguments:   @reqest *rq@ = pointer to destination request block
 *              @unsigned char *buff@ = pointer to source buffer
 *              @unsigned char *k@ = pointer to encryption key
 *              @unsigned char *sk@ = pointer to where to store session key
 *              @unsigned char *rpl@ = where to start building reply
 *
 * Returns:     ---
 *
 * Use:         Decrypts and unpacks a request buffer.
 */

extern int crypt_unpackRequest(request */*rq*/, unsigned char */*buff*/,
                               unsigned char */*k*/, unsigned char */*sk*/,
                               unsigned char */*rpl*/);

/* --- @crypt_packReply@ --- *
 *
 * Arguments:   @unsigned char *buff@ = pointer to reply block
 *              @unsigned char *sk@ = pointer to session key
 *              @int answer@ = yes or no
 *
 * Returns:     ---
 *
 * Use:         Packs and encrypts a reply block.
 */

extern void crypt_packReply(unsigned char */*buff*/, unsigned char */*sk*/,
                            int /*answer*/);

/* --- @crypt_unpackReply@ --- *
 *
 * Arguments:   @unsigned char *buff@ = pointer to reply buffer
 *              @unsigned char *sk@ = pointer to session key
 *              @time_t t@ = time at which request was sent
 *              @pid_t pid@ = my process ID
 *
 * Returns:     >0 if request granted, zero if denied, <0 if reply rejected
 *
 * Use:         Unpacks a reply block, and informs the caller of the outcome.
 */

extern int crypt_unpackReply(unsigned char */*buff*/, unsigned char */*sk*/,
                             time_t /*t*/, pid_t /*pid*/);

/*----- That's all, folks -------------------------------------------------*/

#ifdef __cplusplus
  }
#endif

#endif