[secnet] / magic.h

/* Magic numbers used within secnet */
/*
 * This file is part of secnet.
 * See README for full list of copyright holders.
 *
 * secnet is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 * 
 * secnet is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * version 3 along with secnet; if not, see
 * https://www.gnu.org/licenses/gpl.html.
 */

#ifndef magic_h
#define magic_h

/* Encode a pair of 16 bit major and minor codes as a single 32-bit label.
 * The encoding is strange for historical reasons.  Suppose that the nibbles
 * of the major number are (from high to low) a, b, c, d, and the minor
 * number has nibbles w, x, y, z.  (Here, a, b, c, d are variables, not hex
 * digits.)  We scramble them to form a message label as follows.
 *
 *	0 d 0 d 0 d 0 d
 *	0 0 0 a b c 0 0
 *	z 0 0 0 0 0 z 0
 *	w x y 0 0 0 0 0
 *	---------------
 *	f g h i j k l m
 *
 * and calculate the nibbles f, g, ..., m of the message label (higher
 * significance on the left) by XORing the columns.  It can be shown that
 * this is invertible using linear algebra in GF(16), but but it's easier to
 * notice that d = m, z = l, c = k XOR d, b = j, a = i XOR d, y = h,
 * x = g XOR d, and w = f XOR z.
 *
 * Encoding in the forward direction, from a major/minor pair to a label, is
 * (almost?) always done on constants, so its performance is fairly
 * unimportant.  There is a compatibility constraint on the patterns produced
 * with a = b = c = w = x = y = 0.  Subject to that, I wanted to find an
 * invertible GF(16)-linear transformation which would let me recover the
 * major and minor numbers with relatively little calculation.
 */

#define MSGCODE(major, minor)						\
	((((uint32_t)(major)&0x0000000fu) <<  0) ^			\
	 (((uint32_t)(major)&0x0000000fu) <<  8) ^			\
	 (((uint32_t)(major)&0x0000000fu) << 16) ^			\
	 (((uint32_t)(major)&0x0000000fu) << 24) ^			\
	 (((uint32_t)(major)&0x0000fff0u) <<  4) ^			\
	 (((uint32_t)(minor)&0x0000000fu) <<  4) ^			\
	 (((uint32_t)(minor)&0x0000000fu) << 28) ^			\
	 (((uint32_t)(minor)&0x0000fff0u) << 16))

/* Extract major and minor codes from a 32-bit message label. */
#define MSGMAJOR(label)							\
	((((uint32_t)(label)&0x0000000fu) <<  0) ^			\
	 (((uint32_t)(label)&0x0000000fu) <<  4) ^			\
	 (((uint32_t)(label)&0x0000000fu) << 12) ^			\
	 (((uint32_t)(label)&0x000fff00u) >>  4))
#define MSGMINOR(label)							\
	((((uint32_t)(label)&0x000000ffu) <<  8) ^			\
	 (((uint32_t)(label)&0x000000f0u) >>  4) ^			\
	 (((uint32_t)(label)&0xfff00000u) >> 16))

#define LABEL_NAK	MSGCODE(     0, 0)
#define LABEL_MSG0	MSGCODE(0x2020, 0) /* ! */
#define LABEL_MSG1	MSGCODE(     1, 0)
#define LABEL_MSG2	MSGCODE(     2, 0)
#define LABEL_MSG3	MSGCODE(     3, 0)
#define LABEL_MSG3BIS	MSGCODE(     3, 1)
#define LABEL_MSG3TER	MSGCODE(     3, 2)
#define LABEL_MSG4	MSGCODE(     4, 0)
#define LABEL_MSG5	MSGCODE(     5, 0)
#define LABEL_MSG6	MSGCODE(     6, 0)
#define LABEL_MSG7	MSGCODE(     7, 0)
#define LABEL_MSG8	MSGCODE(     8, 0)
#define LABEL_MSG9	MSGCODE(     9, 0)
#define LABEL_PROD	MSGCODE(    10, 0)

/*
 * The capability mask is a set of bits, one for each optional feature
 * supported.  The capability numbers for transforms are set in the
 * configuration (and should correspond between the two sites), although
 * there are sensible defaults.
 *
 * Advertising a nonzero capability mask promises that the receiver
 * understands LABEL_MSG3BIS messages, which contain an additional byte
 * specifying the transform capability number actually chosen by the MSG3
 * sender.
 *
 * Aside from that, an empty bitmask is treated the same as
 *  1u<<CAPAB_BIT_ANCIENTTRANSFORM
 */

/* uses of the 32-bit capability bitmap */
#define CAPAB_INEXPLICIT_TRANSFORM_MASK  0x0000ffff /* DH group implicit */
#define CAPAB_EXPLICIT_TRANSFORM_DH 0x00008000 /* Explicit xform and DH */
#define CAPAB_PRIORITY_MOBILE 0x80000000 /* mobile site has MSG1 priority */
/* remaining bits are unused */

/* bit indices, 0 is ls bit */
#define CAPAB_BIT_USER_MIN              0
#define CAPAB_BIT_USER_MAX              7
#define CAPAB_BIT_SERPENT256CBC         8
#define CAPAB_BIT_EAXSERPENT            9
#define CAPAB_BIT_TRADZP	       10
#define CAPAB_BIT_EXPLICIT_TRANSFORM_DH 15
#define CAPAB_BIT_MAX                  31

#define CAPAB_BIT_ANCIENTTRANSFORM CAPAB_BIT_SERPENT256CBC

#endif /* magic_h */
Commit	Line	Data
ff05a229	1	/* Magic numbers used within secnet */
c215a4bc IJ	2	/*
	3	* This file is part of secnet.
	4	* See README for full list of copyright holders.
	5	*
	6	* secnet is free software; you can redistribute it and/or modify it
	7	* under the terms of the GNU General Public License as published by
9c6a8729	8	* the Free Software Foundation; either version 3 of the License, or
c215a4bc IJ	9	* (at your option) any later version.
	10	*
	11	* secnet is distributed in the hope that it will be useful, but
	12	* WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	14	* General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU General Public License
	17	* version 3 along with secnet; if not, see
	18	* https://www.gnu.org/licenses/gpl.html.
	19	*/
ff05a229 SE	20
	21	#ifndef magic_h
	22	#define magic_h
	23
7b2ef224 MW	24	/* Encode a pair of 16 bit major and minor codes as a single 32-bit label.
	25	* The encoding is strange for historical reasons. Suppose that the nibbles
	26	* of the major number are (from high to low) a, b, c, d, and the minor
	27	* number has nibbles w, x, y, z. (Here, a, b, c, d are variables, not hex
	28	* digits.) We scramble them to form a message label as follows.
	29	*
	30	* 0 d 0 d 0 d 0 d
	31	* 0 0 0 a b c 0 0
	32	* z 0 0 0 0 0 z 0
	33	* w x y 0 0 0 0 0
	34	* ---------------
	35	* f g h i j k l m
	36	*
	37	* and calculate the nibbles f, g, ..., m of the message label (higher
	38	* significance on the left) by XORing the columns. It can be shown that
	39	* this is invertible using linear algebra in GF(16), but but it's easier to
	40	* notice that d = m, z = l, c = k XOR d, b = j, a = i XOR d, y = h,
	41	* x = g XOR d, and w = f XOR z.
	42	*
	43	* Encoding in the forward direction, from a major/minor pair to a label, is
	44	* (almost?) always done on constants, so its performance is fairly
	45	* unimportant. There is a compatibility constraint on the patterns produced
	46	* with a = b = c = w = x = y = 0. Subject to that, I wanted to find an
	47	* invertible GF(16)-linear transformation which would let me recover the
	48	* major and minor numbers with relatively little calculation.
	49	*/
	50
	51	#define MSGCODE(major, minor) \
	52	((((uint32_t)(major)&0x0000000fu) << 0) ^ \
	53	(((uint32_t)(major)&0x0000000fu) << 8) ^ \
	54	(((uint32_t)(major)&0x0000000fu) << 16) ^ \
	55	(((uint32_t)(major)&0x0000000fu) << 24) ^ \
	56	(((uint32_t)(major)&0x0000fff0u) << 4) ^ \
	57	(((uint32_t)(minor)&0x0000000fu) << 4) ^ \
	58	(((uint32_t)(minor)&0x0000000fu) << 28) ^ \
	59	(((uint32_t)(minor)&0x0000fff0u) << 16))
	60
	61	/* Extract major and minor codes from a 32-bit message label. */
	62	#define MSGMAJOR(label) \
	63	((((uint32_t)(label)&0x0000000fu) << 0) ^ \
	64	(((uint32_t)(label)&0x0000000fu) << 4) ^ \
	65	(((uint32_t)(label)&0x0000000fu) << 12) ^ \
	66	(((uint32_t)(label)&0x000fff00u) >> 4))
	67	#define MSGMINOR(label) \
	68	((((uint32_t)(label)&0x000000ffu) << 8) ^ \
	69	(((uint32_t)(label)&0x000000f0u) >> 4) ^ \
	70	(((uint32_t)(label)&0xfff00000u) >> 16))
	71
	72	#define LABEL_NAK MSGCODE( 0, 0)
	73	#define LABEL_MSG0 MSGCODE(0x2020, 0) /* ! */
	74	#define LABEL_MSG1 MSGCODE( 1, 0)
	75	#define LABEL_MSG2 MSGCODE( 2, 0)
	76	#define LABEL_MSG3 MSGCODE( 3, 0)
	77	#define LABEL_MSG3BIS MSGCODE( 3, 1)
9c6af4ec	78	#define LABEL_MSG3TER MSGCODE( 3, 2)
7b2ef224 MW	79	#define LABEL_MSG4 MSGCODE( 4, 0)
	80	#define LABEL_MSG5 MSGCODE( 5, 0)
	81	#define LABEL_MSG6 MSGCODE( 6, 0)
	82	#define LABEL_MSG7 MSGCODE( 7, 0)
	83	#define LABEL_MSG8 MSGCODE( 8, 0)
	84	#define LABEL_MSG9 MSGCODE( 9, 0)
	85	#define LABEL_PROD MSGCODE( 10, 0)
ff05a229	86
5b5f297f	87	/*
3dc839ce MW	88	* The capability mask is a set of bits, one for each optional feature
	89	* supported. The capability numbers for transforms are set in the
	90	* configuration (and should correspond between the two sites), although
	91	* there are sensible defaults.
5b5f297f	92	*
3dc839ce MW	93	* Advertising a nonzero capability mask promises that the receiver
	94	* understands LABEL_MSG3BIS messages, which contain an additional byte
	95	* specifying the transform capability number actually chosen by the MSG3
	96	* sender.
5b5f297f IJ	97	*
5b5f297f IJ	98	* Aside from that, an empty bitmask is treated the same as
92cc0bca	99	* 1u<<CAPAB_BIT_ANCIENTTRANSFORM
5b5f297f IJ	100	*/
5b5f297f IJ	101
ceacd890	102	/* uses of the 32-bit capability bitmap */
9c6af4ec MW	103	#define CAPAB_INEXPLICIT_TRANSFORM_MASK 0x0000ffff /* DH group implicit */
9c6af4ec MW	104	#define CAPAB_EXPLICIT_TRANSFORM_DH 0x00008000 /* Explicit xform and DH */
ceacd890 MW	105	#define CAPAB_PRIORITY_MOBILE 0x80000000 /* mobile site has MSG1 priority */
	106	/* remaining bits are unused */
	107
5b5f297f	108	/* bit indices, 0 is ls bit */
92cc0bca MW	109	#define CAPAB_BIT_USER_MIN 0
	110	#define CAPAB_BIT_USER_MAX 7
	111	#define CAPAB_BIT_SERPENT256CBC 8
	112	#define CAPAB_BIT_EAXSERPENT 9
9c6af4ec MW	113	#define CAPAB_BIT_TRADZP 10
	114	#define CAPAB_BIT_EXPLICIT_TRANSFORM_DH 15
	115	#define CAPAB_BIT_MAX 31
5b5f297f	116
92cc0bca	117	#define CAPAB_BIT_ANCIENTTRANSFORM CAPAB_BIT_SERPENT256CBC
09a385fb	118
ff05a229	119	#endif /* magic_h */