server/peer.c, etc.: Introduce who-goes-there protocol.

[tripe] / server / chal.c

/* -*-c-*-
 *
 * Cryptographic challenges
 *
 * (c) 2005 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------*
 *
 * This file is part of Trivial IP Encryption (TrIPE).
 *
 * TrIPE is free software: you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free
 * Software Foundation; either version 3 of the License, or (at your
 * option) any later version.
 *
 * TrIPE is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with TrIPE.  If not, see <https://www.gnu.org/licenses/>.
 */

/*----- Header files ------------------------------------------------------*/

#include "tripe.h"

/*----- Static variables --------------------------------------------------*/

static bulkchal *bchal;
static uint32 oseq;
static seqwin iseq;

/*----- Challenges --------------------------------------------------------*/

/* --- @c_genkey@ --- *
 *
 * Arguments:   ---
 *
 * Returns:     ---
 *
 * Use:         Generates a new challenge key.
 */

static void c_genkey(void)
{
  bulkalgs *bulk = master->algs.bulk;

  if (bchal && bchal->ops == bulk->ops && oseq < 0x07ffffff) return;
  if (bchal) bchal->ops->freechal(bchal);
  bchal = bulk->ops->genchal(bulk);
  bchal->ops = bulk->ops;
  oseq = 0;
  seq_reset(&iseq);
}

/* --- @c_new@ --- *
 *
 * Arguments:   @const void *m@ = pointer to associated message, or null
 *              @size_t msz@ = length of associated message
 *              @buf *b@ = where to put the challenge
 *
 * Returns:     Zero if OK, nonzero on error.
 *
 * Use:         Issues a new challenge.
 */

int c_new(const void *m, size_t msz, buf *b)
{
  const octet *p;
  octet *t;
  int rc;

  c_genkey();
  p = BCUR(b);
  if (buf_putu32(b, oseq) || (t = buf_get(b, bchal->tagsz)) == 0)
    { rc = -1; goto done; }
  if (bchal->ops->chaltag(bchal, m, msz, oseq, t)) { rc = -1; goto done; }
  IF_TRACING(T_CHAL, {
    trace(T_CHAL, "chal: issuing challenge %lu", (unsigned long)oseq);
    if (msz) trace_block(T_CRYPTO, "chal: message block", m, msz);
    trace_block(T_CRYPTO, "chal: challenge block", p, BCUR(b) - p);
  })
  rc = 0;
done:
  oseq++;
  return (rc);
}

/* --- @c_check@ --- *
 *
 * Arguments:   @const void *m@ = pointer to associated message, or null
 *              @size_t msz@ = length of associated message
 *              @buf *b@ = where to find the challenge
 *
 * Returns:     Zero if OK, nonzero if it didn't work.
 *
 * Use:         Checks a challenge.  On failure, the buffer is broken.
 */

int c_check(const void *m, size_t msz, buf *b)
{
  const octet *p, *t;
  uint32 seq;

  if (!bchal) {
    a_warn("CHAL", "impossible-challenge", A_END);
    goto fail;
  }
  p = BCUR(b);
  if (buf_getu32(b, &seq) || (t = buf_get(b, bchal->tagsz)) == 0) {
    a_warn("CHAL", "invalid-challenge", A_END);
    goto fail;
  }
  IF_TRACING(T_CHAL, {
    trace(T_CHAL, "chal: checking challenge, seq = %lu", (unsigned long)seq);
    if (msz) trace_block(T_CRYPTO, "chal: message block", m, msz);
    trace_block(T_CRYPTO, "chal: check challenge", p, BCUR(b) - p);
  })
  if (bchal->ops->chalvrf(bchal, m, msz, seq, t)) {
    a_warn("CHAL", "incorrect-tag", A_END);
    goto fail;
  }
  if (seq_check(&iseq, seq, "CHAL")) goto fail;
  T( trace(T_CHAL, "chal: challenge ok"); )
  return (0);

fail:
  buf_break(b);
  return (-1);
}

/*----- That's all, folks -------------------------------------------------*/