| 1 | /* -*-c-*- |
| 2 | * |
| 3 | * $Id: tripe.h,v 1.15 2003/05/16 12:09:03 mdw Exp $ |
| 4 | * |
| 5 | * Main header file for TrIPE |
| 6 | * |
| 7 | * (c) 2001 Straylight/Edgeware |
| 8 | */ |
| 9 | |
| 10 | /*----- Licensing notice --------------------------------------------------* |
| 11 | * |
| 12 | * This file is part of Trivial IP Encryption (TrIPE). |
| 13 | * |
| 14 | * TrIPE is free software; you can redistribute it and/or modify |
| 15 | * it under the terms of the GNU General Public License as published by |
| 16 | * the Free Software Foundation; either version 2 of the License, or |
| 17 | * (at your option) any later version. |
| 18 | * |
| 19 | * TrIPE is distributed in the hope that it will be useful, |
| 20 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 21 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 22 | * GNU General Public License for more details. |
| 23 | * |
| 24 | * You should have received a copy of the GNU General Public License |
| 25 | * along with TrIPE; if not, write to the Free Software Foundation, |
| 26 | * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
| 27 | */ |
| 28 | |
| 29 | /*----- Revision history --------------------------------------------------* |
| 30 | * |
| 31 | * $Log: tripe.h,v $ |
| 32 | * Revision 1.15 2003/05/16 12:09:03 mdw |
| 33 | * Allow binding to a chosen address. |
| 34 | * |
| 35 | * Revision 1.14 2003/04/06 10:36:33 mdw |
| 36 | * Rearrange so as not to include Linux headers unless we need to. |
| 37 | * |
| 38 | * Revision 1.13 2003/04/06 10:26:35 mdw |
| 39 | * Report peer name on decrypt errors. |
| 40 | * |
| 41 | * Revision 1.12 2003/04/06 10:25:17 mdw |
| 42 | * Support Linux TUN/TAP device. Fix some bugs. |
| 43 | * |
| 44 | * Revision 1.11 2002/01/13 14:57:42 mdw |
| 45 | * Fix crap typo. |
| 46 | * |
| 47 | * Revision 1.10 2002/01/13 14:54:58 mdw |
| 48 | * Provide MGF macros. |
| 49 | * |
| 50 | * Revision 1.9 2001/06/22 19:40:36 mdw |
| 51 | * Support expiry of other peers' public keys. |
| 52 | * |
| 53 | * Revision 1.8 2001/06/19 22:10:57 mdw |
| 54 | * Some more constants for the algorithms. Document the packet format |
| 55 | * change for non-malleability. Moved @buf@ definitions to separate header |
| 56 | * file. |
| 57 | * |
| 58 | * Revision 1.7 2001/03/03 12:07:08 mdw |
| 59 | * Rename word get and put functions now that there's 16-bit support. |
| 60 | * |
| 61 | * Revision 1.6 2001/02/19 19:11:09 mdw |
| 62 | * Output buffering on admin connections. |
| 63 | * |
| 64 | * Revision 1.5 2001/02/16 21:41:43 mdw |
| 65 | * Major changes. See source files for details. |
| 66 | * |
| 67 | * Revision 1.4 2001/02/05 19:56:37 mdw |
| 68 | * Sequence number protection, and BSD tunnels. |
| 69 | * |
| 70 | * Revision 1.3 2001/02/04 01:17:55 mdw |
| 71 | * Create a configuration header file to tidy up command lines. |
| 72 | * |
| 73 | * Revision 1.2 2001/02/03 22:40:29 mdw |
| 74 | * Put timer information into the entropy pool when packets are received |
| 75 | * and on similar events. Reseed the generator on the interval timer. |
| 76 | * |
| 77 | * Revision 1.1 2001/02/03 20:26:37 mdw |
| 78 | * Initial checkin. |
| 79 | * |
| 80 | */ |
| 81 | |
| 82 | #ifndef TRIPE_H |
| 83 | #define TRIPE_H |
| 84 | |
| 85 | #ifdef __cplusplus |
| 86 | extern "C" { |
| 87 | #endif |
| 88 | |
| 89 | /*----- Header files ------------------------------------------------------*/ |
| 90 | |
| 91 | #include "config.h" |
| 92 | |
| 93 | #include <assert.h> |
| 94 | #include <ctype.h> |
| 95 | #include <errno.h> |
| 96 | #include <signal.h> |
| 97 | #include <stdarg.h> |
| 98 | #include <stddef.h> |
| 99 | #include <stdio.h> |
| 100 | #include <stdlib.h> |
| 101 | #include <string.h> |
| 102 | #include <time.h> |
| 103 | |
| 104 | #include <sys/types.h> |
| 105 | #include <sys/time.h> |
| 106 | #include <unistd.h> |
| 107 | #include <fcntl.h> |
| 108 | #include <sys/stat.h> |
| 109 | |
| 110 | #include <sys/socket.h> |
| 111 | #include <sys/un.h> |
| 112 | #include <netinet/in.h> |
| 113 | #include <arpa/inet.h> |
| 114 | #include <netdb.h> |
| 115 | |
| 116 | #include <pwd.h> |
| 117 | #include <grp.h> |
| 118 | |
| 119 | #include <mLib/alloc.h> |
| 120 | #include <mLib/arena.h> |
| 121 | #include <mLib/bres.h> |
| 122 | #include <mLib/dstr.h> |
| 123 | #include <mLib/env.h> |
| 124 | #include <mLib/fdflags.h> |
| 125 | #include <mLib/fwatch.h> |
| 126 | #include <mLib/mdwopt.h> |
| 127 | #include <mLib/quis.h> |
| 128 | #include <mLib/report.h> |
| 129 | #include <mLib/sel.h> |
| 130 | #include <mLib/selbuf.h> |
| 131 | #include <mLib/sig.h> |
| 132 | #include <mLib/str.h> |
| 133 | #include <mLib/sub.h> |
| 134 | #include <mLib/trace.h> |
| 135 | |
| 136 | #include <catacomb/gcipher.h> |
| 137 | #include <catacomb/gmac.h> |
| 138 | #include <catacomb/grand.h> |
| 139 | #include <catacomb/key.h> |
| 140 | #include <catacomb/paranoia.h> |
| 141 | |
| 142 | #include <catacomb/noise.h> |
| 143 | #include <catacomb/rand.h> |
| 144 | |
| 145 | #include <catacomb/mp.h> |
| 146 | #include <catacomb/mpmont.h> |
| 147 | #include <catacomb/mprand.h> |
| 148 | #include <catacomb/dh.h> |
| 149 | |
| 150 | #include "buf.h" |
| 151 | #include "util.h" |
| 152 | |
| 153 | #undef sun |
| 154 | |
| 155 | /*----- Magic numbers -----------------------------------------------------*/ |
| 156 | |
| 157 | /* --- Tunnel types --- */ |
| 158 | |
| 159 | #define TUN_NOTDEF 0 |
| 160 | #define TUN_UNET 1 |
| 161 | #define TUN_BSD 2 |
| 162 | #define TUN_LINUX 3 |
| 163 | |
| 164 | /* --- Trace flags --- */ |
| 165 | |
| 166 | #define T_TUNNEL 1u |
| 167 | #define T_PEER 2u |
| 168 | #define T_PACKET 4u |
| 169 | #define T_ADMIN 8u |
| 170 | #define T_CRYPTO 16u |
| 171 | #define T_KEYSET 32u |
| 172 | #define T_KEYEXCH 64u |
| 173 | #define T_KEYMGMT 128u |
| 174 | |
| 175 | #define T_ALL 255u |
| 176 | |
| 177 | /* --- Units --- */ |
| 178 | |
| 179 | #define SEC(n) (n##u) |
| 180 | #define MIN(n) (n##u * 60u) |
| 181 | #define MEG(n) (n##ul * 1024ul * 1024ul) |
| 182 | |
| 183 | /* --- Other things --- */ |
| 184 | |
| 185 | #define PKBUFSZ 65536 |
| 186 | |
| 187 | /*----- TrIPE protocol ----------------------------------------------------*/ |
| 188 | |
| 189 | /* --- TrIPE message format --- * |
| 190 | * |
| 191 | * A packet begins with a single-byte message type. The top four bits are a |
| 192 | * category code used to send the message to the right general place in the |
| 193 | * code; the bottom bits identify the actual message type. |
| 194 | */ |
| 195 | |
| 196 | #define MSG_CATMASK 0xf0 |
| 197 | #define MSG_TYPEMASK 0x0f |
| 198 | |
| 199 | /* --- Encrypted message packets --- * |
| 200 | * |
| 201 | * Messages of category @MSG_PACKET@ contain encrypted network packets. The |
| 202 | * message content is a symmetric-encrypted block (see below). Reception of |
| 203 | * a packet encrypted under a new key implicitly permits that key to be used |
| 204 | * to send further packets. |
| 205 | * |
| 206 | * The only packet type accepted is zero. |
| 207 | * |
| 208 | * Packets may be encrypted under any live keyset, but should use the most |
| 209 | * recent one. |
| 210 | */ |
| 211 | |
| 212 | #define MSG_PACKET 0x00 |
| 213 | |
| 214 | /* --- Key exchange packets --- */ |
| 215 | |
| 216 | #define MSG_KEYEXCH 0x10 |
| 217 | |
| 218 | #define KX_PRECHAL 0u |
| 219 | #define KX_COOKIE 1u |
| 220 | #define KX_CHAL 2u |
| 221 | #define KX_REPLY 3u |
| 222 | #define KX_SWITCH 4u |
| 223 | #define KX_SWITCHOK 5u |
| 224 | #define KX_NMSG 6u |
| 225 | |
| 226 | /* --- Symmetric encryption and keysets --- * |
| 227 | * |
| 228 | * Packets consist of an 80-bit MAC, a 32-bit sequence number, and the |
| 229 | * encrypted payload. |
| 230 | * |
| 231 | * The plaintext is encrypted using Blowfish in CBC mode with ciphertext |
| 232 | * stealing (as described in [Schneier]. The initialization vector is |
| 233 | * selected randomly, and prepended to the actual ciphertext. |
| 234 | * |
| 235 | * The MAC is computed using the HMAC construction with RIPEMD160 over the |
| 236 | * sequence number and the ciphertext (with IV); the first 80 bits of the |
| 237 | * output are used. (This is the minimum allowed by the draft FIPS for HMAC, |
| 238 | * and the recommended truncation.) |
| 239 | * |
| 240 | * A keyset consists of |
| 241 | * |
| 242 | * * an integrity (MAC) key; |
| 243 | * * a confidentiality (encryption) key; and |
| 244 | * * a sequence numbering space |
| 245 | * |
| 246 | * in each direction. The packets sent by a host encrypted under a |
| 247 | * particular keyset are assigned consecutive sequence numbers starting from |
| 248 | * zero. The receiving host must ensure that it only accepts each packet at |
| 249 | * most once. It should maintain a window of sequence numbers: packets with |
| 250 | * numbers beyond the end of the window are accepted and cause the window to |
| 251 | * be advanced; packets with numbers before the start of the window are |
| 252 | * rejected; packets with numbers which appear within the window are accepted |
| 253 | * only if the number has not been seen before. |
| 254 | * |
| 255 | * When a host sends a @KX_SWITCH@ or @KX_SWITCHOK@ message, it installs the |
| 256 | * newly-negotiated keyset in a `listen-only' state: it may not send a packet |
| 257 | * encrypted under the keyset until either it has received a @KX_SWITCH@ or |
| 258 | * @KX_SWITCHOK@ message, or a @MSG_PACKET@ encrypted under the keyset, from |
| 259 | * its peer. |
| 260 | */ |
| 261 | |
| 262 | /*----- Cipher selections -------------------------------------------------*/ |
| 263 | |
| 264 | #include <catacomb/blowfish.h> |
| 265 | #include <catacomb/blowfish-cbc.h> |
| 266 | #include <catacomb/blowfish-counter.h> |
| 267 | #include <catacomb/rmd160.h> |
| 268 | #include <catacomb/rmd160-hmac.h> |
| 269 | |
| 270 | #define CIPHER (&blowfish_cbc) |
| 271 | #define MAC (&rmd160_hmac) |
| 272 | |
| 273 | #define HASH_CTX rmd160_ctx |
| 274 | #define HASH_INIT rmd160_init |
| 275 | #define HASH rmd160_hash |
| 276 | #define HASH_STRING(c, s) HASH((c), s, sizeof(s)) |
| 277 | #define HASH_DONE rmd160_done |
| 278 | #define HASHSZ RMD160_HASHSZ |
| 279 | |
| 280 | #define MGF_CTX blowfish_counterctx |
| 281 | #define MGF_INIT blowfish_counterinit |
| 282 | #define MGF_CRYPT blowfish_counterencrypt |
| 283 | |
| 284 | #define SEQSZ 4 |
| 285 | #define IVSZ BLOWFISH_BLKSZ |
| 286 | #define MACSZ 10 |
| 287 | |
| 288 | /*----- Data structures ---------------------------------------------------*/ |
| 289 | |
| 290 | /* --- Socket addresses --- * |
| 291 | * |
| 292 | * A magic union of supported socket addresses. |
| 293 | */ |
| 294 | |
| 295 | typedef union addr { |
| 296 | struct sockaddr sa; |
| 297 | struct sockaddr_in sin; |
| 298 | } addr; |
| 299 | |
| 300 | /* --- A symmetric keyset --- * |
| 301 | * |
| 302 | * A keyset contains a set of symmetric keys for encrypting and decrypting |
| 303 | * packets. Keysets are stored in a list, sorted in reverse order of |
| 304 | * creation, so that the most recent keyset (the one most likely to be used) |
| 305 | * is first. |
| 306 | * |
| 307 | * Each keyset has a time limit and a data limit. The keyset is destroyed |
| 308 | * when either it has existed for too long, or it has been used to encrypt |
| 309 | * too much data. New key exchanges are triggered when keys are close to |
| 310 | * expiry. |
| 311 | */ |
| 312 | |
| 313 | typedef struct keyset { |
| 314 | struct keyset *next; /* Next active keyset in the list */ |
| 315 | unsigned ref; /* Reference count for keyset */ |
| 316 | struct peer *p; /* Pointer to peer structure */ |
| 317 | time_t t_exp; /* Expiry time for this keyset */ |
| 318 | unsigned long sz_exp; /* Data limit for the keyset */ |
| 319 | T( unsigned seq; ) /* Sequence number for tracing */ |
| 320 | unsigned f; /* Various useful flags */ |
| 321 | gcipher *cin, *cout; /* Keyset ciphers for encryption */ |
| 322 | gmac *min, *mout; /* Keyset MACs for integrity */ |
| 323 | uint32 oseq; /* Outbound sequence number */ |
| 324 | uint32 iseq, iwin; /* Inbound sequence number */ |
| 325 | } keyset; |
| 326 | |
| 327 | #define KS_SEQWINSZ 32 /* Bits in sequence number window */ |
| 328 | |
| 329 | #define KSF_LISTEN 1u /* Don't encrypt packets yet */ |
| 330 | #define KSF_LINK 2u /* Key is in a linked list */ |
| 331 | |
| 332 | /* --- Key exchange --- * |
| 333 | * |
| 334 | * TrIPE uses the Wrestlers Protocol for its key exchange. The Wrestlers |
| 335 | * Protocol has a number of desirable features (e.g., perfect forward |
| 336 | * secrecy, and zero-knowledge authentication) which make it attractive for |
| 337 | * use in TrIPE. The Wrestlers Protocol was designed by Mark Wooding and |
| 338 | * Clive Jones. |
| 339 | */ |
| 340 | |
| 341 | #define KX_NCHAL 16u |
| 342 | #define KX_THRESH 4u |
| 343 | |
| 344 | typedef struct kxchal { |
| 345 | struct keyexch *kx; /* Pointer back to key exchange */ |
| 346 | mp *c; /* Responder's challenge */ |
| 347 | mp *r; /* My reply to the challenge */ |
| 348 | keyset *ks; /* Pointer to temporary keyset */ |
| 349 | unsigned f; /* Various useful flags */ |
| 350 | sel_timer t; /* Response timer for challenge */ |
| 351 | octet hc[HASHSZ]; /* Hash of his challenge */ |
| 352 | mp *ck; /* The check value */ |
| 353 | octet hswrq_in[HASHSZ]; /* Inbound switch request message */ |
| 354 | octet hswok_in[HASHSZ]; /* Inbound switch confirmation */ |
| 355 | octet hswrq_out[HASHSZ]; /* Outbound switch request message */ |
| 356 | octet hswok_out[HASHSZ]; /* Outbound switch confirmation */ |
| 357 | } kxchal; |
| 358 | |
| 359 | typedef struct keyexch { |
| 360 | struct peer *p; /* Pointer back to the peer */ |
| 361 | keyset **ks; /* Peer's list of keysets */ |
| 362 | unsigned f; /* Various useful flags */ |
| 363 | unsigned s; /* Current state in exchange */ |
| 364 | sel_timer t; /* Timer for next exchange */ |
| 365 | dh_pub kpub; /* Peer's public key */ |
| 366 | time_t texp_kpub; /* Expiry time for public key */ |
| 367 | mp *alpha; /* My temporary secret */ |
| 368 | mp *c; /* My challenge */ |
| 369 | mp *rx; /* The expected response */ |
| 370 | unsigned nr; /* Number of extant responses */ |
| 371 | time_t t_valid; /* When this exchange goes bad */ |
| 372 | octet hc[HASHSZ]; /* Hash of my challenge */ |
| 373 | kxchal *r[KX_NCHAL]; /* Array of challenges */ |
| 374 | } keyexch; |
| 375 | |
| 376 | #define KXF_TIMER 1u /* Waiting for a timer to go off */ |
| 377 | #define KXF_DEAD 2u /* The key-exchanger isn't up */ |
| 378 | #define KXF_PUBKEY 4u /* Key exchanger has a public key */ |
| 379 | |
| 380 | enum { |
| 381 | KXS_DEAD, /* Uninitialized state (magical) */ |
| 382 | KXS_CHAL, /* Main answer-challenges state */ |
| 383 | KXS_COMMIT, /* Committed: send switch request */ |
| 384 | KXS_SWITCH /* Switched: send confirmation */ |
| 385 | }; |
| 386 | |
| 387 | /* --- Tunnel structure --- * |
| 388 | * |
| 389 | * Used to maintain system-specific information about the tunnel interface. |
| 390 | */ |
| 391 | |
| 392 | #if TUN_TYPE == TUN_LINUX |
| 393 | # include <linux/if.h> |
| 394 | # include <linux/if_tun.h> |
| 395 | #endif |
| 396 | |
| 397 | typedef struct tunnel { |
| 398 | #if TUN_TYPE == TUN_UNET |
| 399 | sel_file f; /* Selector for Usernet device */ |
| 400 | struct peer *p; /* Pointer to my peer */ |
| 401 | #elif TUN_TYPE == TUN_LINUX |
| 402 | sel_file f; /* Selector for TUN/TAP device */ |
| 403 | struct peer *p; /* Pointer to my peer */ |
| 404 | char ifn[IFNAMSIZ]; /* Interface name buffer */ |
| 405 | #elif TUN_TYPE == TUN_BSD |
| 406 | sel_file f; /* Selector for tunnel device */ |
| 407 | struct peer *p; /* Pointer to my peer */ |
| 408 | unsigned n; /* Number of my tunnel device */ |
| 409 | #else |
| 410 | # error "No support for this tunnel type" |
| 411 | #endif |
| 412 | } tunnel; |
| 413 | |
| 414 | /* --- Peer statistics --- * |
| 415 | * |
| 416 | * Contains various interesting and not-so-interesting statistics about a |
| 417 | * peer. This is updated by various parts of the code. The format of the |
| 418 | * structure isn't considered private, and @p_stats@ returns a pointer to the |
| 419 | * statistics block for a given peer. |
| 420 | */ |
| 421 | |
| 422 | typedef struct stats { |
| 423 | unsigned long sz_in, sz_out; /* Size of all data in and out */ |
| 424 | unsigned long sz_kxin, sz_kxout; /* Size of key exchange messages */ |
| 425 | unsigned long sz_ipin, sz_ipout; /* Size of encapsulated IP packets */ |
| 426 | time_t t_start, t_last; /* Time peer created, last recv */ |
| 427 | unsigned long n_reject; /* Number of rejected packets */ |
| 428 | unsigned long n_in, n_out; /* Number of packets in and out */ |
| 429 | unsigned long n_kxin, n_kxout; /* Number of key exchange packets */ |
| 430 | unsigned long n_ipin, n_ipout; /* Number of encrypted packets */ |
| 431 | } stats; |
| 432 | |
| 433 | /* --- Peer structure --- * |
| 434 | * |
| 435 | * The main structure which glues everything else together. |
| 436 | */ |
| 437 | |
| 438 | typedef struct peer { |
| 439 | struct peer *next, *prev; /* Links to next and previous */ |
| 440 | char *name; /* Name of this peer */ |
| 441 | tunnel t; /* Tunnel for local packets */ |
| 442 | keyset *ks; /* List head for keysets */ |
| 443 | buf b; /* Buffer for sending packets */ |
| 444 | addr peer; /* Peer socket address */ |
| 445 | size_t sasz; /* Socket address size */ |
| 446 | stats st; /* Statistics */ |
| 447 | keyexch kx; /* Key exchange protocol block */ |
| 448 | } peer; |
| 449 | |
| 450 | /* --- Admin structure --- */ |
| 451 | |
| 452 | #define OBUFSZ 16384u |
| 453 | |
| 454 | typedef struct obuf { |
| 455 | struct obuf *next; /* Next buffer in list */ |
| 456 | char *p_in, *p_out; /* Pointers into the buffer */ |
| 457 | char buf[OBUFSZ]; /* The actual buffer */ |
| 458 | } obuf; |
| 459 | |
| 460 | typedef struct admin { |
| 461 | struct admin *next, *prev; /* Links to next and previous */ |
| 462 | unsigned f; /* Various useful flags */ |
| 463 | #ifndef NTRACE |
| 464 | unsigned seq; /* Sequence number for tracing */ |
| 465 | #endif |
| 466 | char *pname; /* Peer name to create */ |
| 467 | char *paddr; /* Address string to resolve */ |
| 468 | obuf *o_head, *o_tail; /* Output buffer list */ |
| 469 | selbuf b; /* Line buffer for commands */ |
| 470 | sel_file w; /* Selector for write buffering */ |
| 471 | bres_client r; /* Background resolver task */ |
| 472 | sel_timer t; /* Timer for resolver */ |
| 473 | addr peer; /* Address to set */ |
| 474 | size_t sasz; /* Size of the address */ |
| 475 | } admin; |
| 476 | |
| 477 | #define AF_DEAD 1u /* Destroy this admin block */ |
| 478 | #define AF_LOCK 2u /* Don't destroy it yet */ |
| 479 | |
| 480 | /*----- Global variables --------------------------------------------------*/ |
| 481 | |
| 482 | extern sel_state sel; /* Global I/O event state */ |
| 483 | extern dh_priv kpriv; /* Our private key */ |
| 484 | extern mpmont mg; /* Montgomery context for DH group */ |
| 485 | extern octet buf_i[PKBUFSZ], buf_o[PKBUFSZ], buf_t[PKBUFSZ]; |
| 486 | |
| 487 | #ifndef NTRACE |
| 488 | extern const trace_opt tr_opts[]; /* Trace options array */ |
| 489 | extern unsigned tr_flags; /* Trace options flags */ |
| 490 | #endif |
| 491 | |
| 492 | /*----- Other macros ------------------------------------------------------*/ |
| 493 | |
| 494 | #define TIMER noise_timer(RAND_GLOBAL) |
| 495 | |
| 496 | /*----- Key management ----------------------------------------------------*/ |
| 497 | |
| 498 | /* --- @km_interval@ --- * |
| 499 | * |
| 500 | * Arguments: --- |
| 501 | * |
| 502 | * Returns: Zero if OK, nonzero to force reloading of keys. |
| 503 | * |
| 504 | * Use: Called on the interval timer to perform various useful jobs. |
| 505 | */ |
| 506 | |
| 507 | extern int km_interval(void); |
| 508 | |
| 509 | /* --- @km_init@ --- * |
| 510 | * |
| 511 | * Arguments: @const char *kr_priv@ = private keyring file |
| 512 | * @const char *kr_pub@ = public keyring file |
| 513 | * @const char *tag@ = tag to load |
| 514 | * |
| 515 | * Returns: --- |
| 516 | * |
| 517 | * Use: Initializes, and loads the private key. |
| 518 | */ |
| 519 | |
| 520 | extern void km_init(const char */*kr_priv*/, const char */*kr_pub*/, |
| 521 | const char */*tag*/); |
| 522 | |
| 523 | /* --- @km_getpubkey@ --- * |
| 524 | * |
| 525 | * Arguments: @const char *tag@ = public key tag to load |
| 526 | * @dh_pub *kpub@ = where to put the public key |
| 527 | * @time_t *t_exp@ = where to put the expiry time |
| 528 | * |
| 529 | * Returns: Zero if OK, nonzero if it failed. |
| 530 | * |
| 531 | * Use: Fetches a public key from the keyring. |
| 532 | */ |
| 533 | |
| 534 | extern int km_getpubkey(const char */*tag*/, dh_pub */*kpub*/, |
| 535 | time_t */*t_exp*/); |
| 536 | |
| 537 | /*----- Key exchange ------------------------------------------------------*/ |
| 538 | |
| 539 | /* --- @kx_start@ --- * |
| 540 | * |
| 541 | * Arguments: @keyexch *kx@ = pointer to key exchange context |
| 542 | * |
| 543 | * Returns: --- |
| 544 | * |
| 545 | * Use: Stimulates a key exchange. If a key exchage is in progress, |
| 546 | * a new challenge is sent (unless the quiet timer forbids |
| 547 | * this); if no exchange is in progress, one is commenced. |
| 548 | */ |
| 549 | |
| 550 | extern void kx_start(keyexch */*kx*/); |
| 551 | |
| 552 | /* --- @kx_message@ --- * |
| 553 | * |
| 554 | * Arguments: @keyexch *kx@ = pointer to key exchange context |
| 555 | * @unsigned msg@ = the message code |
| 556 | * @buf *b@ = pointer to buffer containing the packet |
| 557 | * |
| 558 | * Returns: --- |
| 559 | * |
| 560 | * Use: Reads a packet containing key exchange messages and handles |
| 561 | * it. |
| 562 | */ |
| 563 | |
| 564 | extern void kx_message(keyexch */*kx*/, unsigned /*msg*/, buf */*b*/); |
| 565 | |
| 566 | /* --- @kx_free@ --- * |
| 567 | * |
| 568 | * Arguments: @keyexch *kx@ = pointer to key exchange context |
| 569 | * |
| 570 | * Returns: --- |
| 571 | * |
| 572 | * Use: Frees everything in a key exchange context. |
| 573 | */ |
| 574 | |
| 575 | extern void kx_free(keyexch */*kx*/); |
| 576 | |
| 577 | /* --- @kx_newkeys@ --- * |
| 578 | * |
| 579 | * Arguments: @keyexch *kx@ = pointer to key exchange context |
| 580 | * |
| 581 | * Returns: --- |
| 582 | * |
| 583 | * Use: Informs the key exchange module that its keys may have |
| 584 | * changed. If fetching the new keys fails, the peer will be |
| 585 | * destroyed, we log messages and struggle along with the old |
| 586 | * keys. |
| 587 | */ |
| 588 | |
| 589 | extern void kx_newkeys(keyexch */*kx*/); |
| 590 | |
| 591 | /* --- @kx_init@ --- * |
| 592 | * |
| 593 | * Arguments: @keyexch *kx@ = pointer to key exchange context |
| 594 | * @peer *p@ = pointer to peer context |
| 595 | * @keyset **ks@ = pointer to keyset list |
| 596 | * |
| 597 | * Returns: Zero if OK, nonzero if it failed. |
| 598 | * |
| 599 | * Use: Initializes a key exchange module. The module currently |
| 600 | * contains no keys, and will attempt to initiate a key |
| 601 | * exchange. |
| 602 | */ |
| 603 | |
| 604 | extern int kx_init(keyexch */*kx*/, peer */*p*/, keyset **/*ks*/); |
| 605 | |
| 606 | /*----- Keysets and symmetric cryptography --------------------------------*/ |
| 607 | |
| 608 | /* --- @ks_drop@ --- * |
| 609 | * |
| 610 | * Arguments: @keyset *ks@ = pointer to a keyset |
| 611 | * |
| 612 | * Returns: --- |
| 613 | * |
| 614 | * Use: Decrements a keyset's reference counter. If the counter hits |
| 615 | * zero, the keyset is freed. |
| 616 | */ |
| 617 | |
| 618 | extern void ks_drop(keyset */*ks*/); |
| 619 | |
| 620 | /* --- @ks_gen@ --- * |
| 621 | * |
| 622 | * Arguments: @const void *k@ = pointer to key material |
| 623 | * @size_t x, y, z@ = offsets into key material (see below) |
| 624 | * @peer *p@ = pointer to peer information |
| 625 | * |
| 626 | * Returns: A pointer to the new keyset. |
| 627 | * |
| 628 | * Use: Derives a new keyset from the given key material. The |
| 629 | * offsets @x@, @y@ and @z@ separate the key material into three |
| 630 | * parts. Between the @k@ and @k + x@ is `my' contribution to |
| 631 | * the key material; between @k + x@ and @k + y@ is `your' |
| 632 | * contribution; and between @k + y@ and @k + z@ is a shared |
| 633 | * value we made together. These are used to construct two |
| 634 | * pairs of symmetric keys. Each pair consists of an encryption |
| 635 | * key and a message authentication key. One pair is used for |
| 636 | * outgoing messages, the other for incoming messages. |
| 637 | * |
| 638 | * The new key is marked so that it won't be selected for output |
| 639 | * by @ksl_encrypt@. You can still encrypt data with it by |
| 640 | * calling @ks_encrypt@ directly. |
| 641 | */ |
| 642 | |
| 643 | extern keyset *ks_gen(const void */*k*/, |
| 644 | size_t /*x*/, size_t /*y*/, size_t /*z*/, |
| 645 | peer */*p*/); |
| 646 | |
| 647 | /* --- @ks_tregen@ --- * |
| 648 | * |
| 649 | * Arguments: @keyset *ks@ = pointer to a keyset |
| 650 | * |
| 651 | * Returns: The time at which moves ought to be made to replace this key. |
| 652 | */ |
| 653 | |
| 654 | extern time_t ks_tregen(keyset */*ks*/); |
| 655 | |
| 656 | /* --- @ks_activate@ --- * |
| 657 | * |
| 658 | * Arguments: @keyset *ks@ = pointer to a keyset |
| 659 | * |
| 660 | * Returns: --- |
| 661 | * |
| 662 | * Use: Activates a keyset, so that it can be used for encrypting |
| 663 | * outgoing messages. |
| 664 | */ |
| 665 | |
| 666 | extern void ks_activate(keyset */*ks*/); |
| 667 | |
| 668 | /* --- @ks_encrypt@ --- * |
| 669 | * |
| 670 | * Arguments: @keyset *ks@ = pointer to a keyset |
| 671 | * @buf *b@ = pointer to input buffer |
| 672 | * @buf *bb@ = pointer to output buffer |
| 673 | * |
| 674 | * Returns: Zero if OK, nonzero if the key needs replacing. If the |
| 675 | * encryption failed, the output buffer is broken and zero is |
| 676 | * returned. |
| 677 | * |
| 678 | * Use: Encrypts a block of data using the key. Note that the `key |
| 679 | * ought to be replaced' notification is only ever given once |
| 680 | * for each key. Also note that this call forces a keyset to be |
| 681 | * used even if it's marked as not for data output. |
| 682 | */ |
| 683 | |
| 684 | extern int ks_encrypt(keyset */*ks*/, buf */*b*/, buf */*bb*/); |
| 685 | |
| 686 | /* --- @ks_decrypt@ --- * |
| 687 | * |
| 688 | * Arguments: @keyset *ks@ = pointer to a keyset |
| 689 | * @buf *b@ = pointer to an input buffer |
| 690 | * @buf *bb@ = pointer to an output buffer |
| 691 | * |
| 692 | * Returns: Zero on success, or nonzero if there was some problem. |
| 693 | * |
| 694 | * Use: Attempts to decrypt a message using a given key. Note that |
| 695 | * requesting decryption with a key directly won't clear a |
| 696 | * marking that it's not for encryption. |
| 697 | */ |
| 698 | |
| 699 | extern int ks_decrypt(keyset */*ks*/, buf */*b*/, buf */*bb*/); |
| 700 | |
| 701 | /* --- @ksl_free@ --- * |
| 702 | * |
| 703 | * Arguments: @keyset **ksroot@ = pointer to keyset list head |
| 704 | * |
| 705 | * Returns: --- |
| 706 | * |
| 707 | * Use: Frees (releases references to) all of the keys in a keyset. |
| 708 | */ |
| 709 | |
| 710 | extern void ksl_free(keyset **/*ksroot*/); |
| 711 | |
| 712 | /* --- @ksl_link@ --- * |
| 713 | * |
| 714 | * Arguments: @keyset **ksroot@ = pointer to keyset list head |
| 715 | * @keyset *ks@ = pointer to a keyset |
| 716 | * |
| 717 | * Returns: --- |
| 718 | * |
| 719 | * Use: Links a keyset into a list. A keyset can only be on one list |
| 720 | * at a time. Bad things happen otherwise. |
| 721 | */ |
| 722 | |
| 723 | extern void ksl_link(keyset **/*ksroot*/, keyset */*ks*/); |
| 724 | |
| 725 | /* --- @ksl_prune@ --- * |
| 726 | * |
| 727 | * Arguments: @keyset **ksroot@ = pointer to keyset list head |
| 728 | * |
| 729 | * Returns: --- |
| 730 | * |
| 731 | * Use: Prunes the keyset list by removing keys which mustn't be used |
| 732 | * any more. |
| 733 | */ |
| 734 | |
| 735 | extern void ksl_prune(keyset **/*ksroot*/); |
| 736 | |
| 737 | /* --- @ksl_encrypt@ --- * |
| 738 | * |
| 739 | * Arguments: @keyset **ksroot@ = pointer to keyset list head |
| 740 | * @buf *b@ = pointer to input buffer |
| 741 | * @buf *bb@ = pointer to output buffer |
| 742 | * |
| 743 | * Returns: Nonzero if a new key is needed. |
| 744 | * |
| 745 | * Use: Encrypts a packet. |
| 746 | */ |
| 747 | |
| 748 | extern int ksl_encrypt(keyset **/*ksroot*/, buf */*b*/, buf */*bb*/); |
| 749 | |
| 750 | /* --- @ksl_decrypt@ --- * |
| 751 | * |
| 752 | * Arguments: @keyset **ksroot@ = pointer to keyset list head |
| 753 | * @buf *b@ = pointer to input buffer |
| 754 | * @buf *bb@ = pointer to output buffer |
| 755 | * |
| 756 | * Returns: Nonzero if the packet couldn't be decrypted. |
| 757 | * |
| 758 | * Use: Decrypts a packet. |
| 759 | */ |
| 760 | |
| 761 | extern int ksl_decrypt(keyset **/*ksroot*/, buf */*b*/, buf */*bb*/); |
| 762 | |
| 763 | /*----- Administration interface ------------------------------------------*/ |
| 764 | |
| 765 | /* --- @a_warn@ --- * |
| 766 | * |
| 767 | * Arguments: @const char *fmt@ = pointer to format string |
| 768 | * @...@ = other arguments |
| 769 | * |
| 770 | * Returns: --- |
| 771 | * |
| 772 | * Use: Informs all admin connections of a warning. |
| 773 | */ |
| 774 | |
| 775 | extern void a_warn(const char */*fmt*/, ...); |
| 776 | |
| 777 | /* --- @a_create@ --- * |
| 778 | * |
| 779 | * Arguments: @int fd_in, fd_out@ = file descriptors to use |
| 780 | * |
| 781 | * Returns: --- |
| 782 | * |
| 783 | * Use: Creates a new admin connection. |
| 784 | */ |
| 785 | |
| 786 | extern void a_create(int /*fd_in*/, int /*fd_out*/); |
| 787 | |
| 788 | /* --- @a_quit@ --- * |
| 789 | * |
| 790 | * Arguments: --- |
| 791 | * |
| 792 | * Returns: --- |
| 793 | * |
| 794 | * Use: Shuts things down nicely. |
| 795 | */ |
| 796 | |
| 797 | extern void a_quit(void); |
| 798 | |
| 799 | /* --- @a_daemon@ --- * |
| 800 | * |
| 801 | * Arguments: --- |
| 802 | * |
| 803 | * Returns: --- |
| 804 | * |
| 805 | * Use: Informs the admin module that it's a daemon. |
| 806 | */ |
| 807 | |
| 808 | extern void a_daemon(void); |
| 809 | |
| 810 | /* --- @a_init@ --- * |
| 811 | * |
| 812 | * Arguments: @const char *sock@ = socket name to create |
| 813 | * |
| 814 | * Returns: --- |
| 815 | * |
| 816 | * Use: Creates the admin listening socket. |
| 817 | */ |
| 818 | |
| 819 | extern void a_init(const char */*sock*/); |
| 820 | |
| 821 | /*----- Peer management ---------------------------------------------------*/ |
| 822 | |
| 823 | /* --- @p_txstart@ --- * |
| 824 | * |
| 825 | * Arguments: @peer *p@ = pointer to peer block |
| 826 | * @unsigned msg@ = message type code |
| 827 | * |
| 828 | * Returns: A pointer to a buffer to write to. |
| 829 | * |
| 830 | * Use: Starts sending to a peer. Only one send can happen at a |
| 831 | * time. |
| 832 | */ |
| 833 | |
| 834 | extern buf *p_txstart(peer */*p*/, unsigned /*msg*/); |
| 835 | |
| 836 | /* --- @p_txend@ --- * |
| 837 | * |
| 838 | * Arguments: @peer *p@ = pointer to peer block |
| 839 | * |
| 840 | * Returns: --- |
| 841 | * |
| 842 | * Use: Sends a packet to the peer. |
| 843 | */ |
| 844 | |
| 845 | extern void p_txend(peer */*p*/); |
| 846 | |
| 847 | /* --- @p_tun@ --- * |
| 848 | * |
| 849 | * Arguments: @peer *p@ = pointer to peer block |
| 850 | * @buf *b@ = buffer containing incoming packet |
| 851 | * |
| 852 | * Returns: --- |
| 853 | * |
| 854 | * Use: Handles a packet which needs to be sent to a peer. |
| 855 | */ |
| 856 | |
| 857 | extern void p_tun(peer */*p*/, buf */*b*/); |
| 858 | |
| 859 | /* --- @p_interval@ --- * |
| 860 | * |
| 861 | * Arguments: --- |
| 862 | * |
| 863 | * Returns: --- |
| 864 | * |
| 865 | * Use: Called periodically to do tidying. |
| 866 | */ |
| 867 | |
| 868 | extern void p_interval(void); |
| 869 | |
| 870 | /* --- @p_stats@ --- * |
| 871 | * |
| 872 | * Arguments: @peer *p@ = pointer to a peer block |
| 873 | * |
| 874 | * Returns: A pointer to the peer's statistics. |
| 875 | */ |
| 876 | |
| 877 | extern stats *p_stats(peer */*p*/); |
| 878 | |
| 879 | /* --- @p_ifname@ --- * |
| 880 | * |
| 881 | * Arguments: @peer *p@ = pointer to a peer block |
| 882 | * |
| 883 | * Returns: A pointer to the peer's interface name. |
| 884 | */ |
| 885 | |
| 886 | extern const char *p_ifname(peer */*p*/); |
| 887 | |
| 888 | /* --- @p_addr@ --- * |
| 889 | * |
| 890 | * Arguments: @peer *p@ = pointer to a peer block |
| 891 | * |
| 892 | * Returns: A pointer to the peer's address. |
| 893 | */ |
| 894 | |
| 895 | extern const addr *p_addr(peer */*p*/); |
| 896 | |
| 897 | /* --- @p_init@ --- * |
| 898 | * |
| 899 | * Arguments: @struct in_addr addr@ = address to bind to |
| 900 | * @unsigned port@ = port number to listen to |
| 901 | * |
| 902 | * Returns: --- |
| 903 | * |
| 904 | * Use: Initializes the peer system; creates the socket. |
| 905 | */ |
| 906 | |
| 907 | extern void p_init(struct in_addr /*addr*/, unsigned /*port*/); |
| 908 | |
| 909 | /* --- @p_port@ --- * |
| 910 | * |
| 911 | * Arguments: --- |
| 912 | * |
| 913 | * Returns: Port number used for socket. |
| 914 | */ |
| 915 | |
| 916 | unsigned p_port(void); |
| 917 | |
| 918 | /* --- @p_create@ --- * |
| 919 | * |
| 920 | * Arguments: @const char *name@ = name for this peer |
| 921 | * @struct sockaddr *sa@ = socket address of peer |
| 922 | * @size_t sz@ = size of socket address |
| 923 | * |
| 924 | * Returns: Pointer to the peer block, or null if it failed. |
| 925 | * |
| 926 | * Use: Creates a new named peer block. No peer is actually attached |
| 927 | * by this point. |
| 928 | */ |
| 929 | |
| 930 | extern peer *p_create(const char */*name*/, |
| 931 | struct sockaddr */*sa*/, size_t /*sz*/); |
| 932 | |
| 933 | /* --- @p_name@ --- * |
| 934 | * |
| 935 | * Arguments: @peer *p@ = pointer to a peer block |
| 936 | * |
| 937 | * Returns: A pointer to the peer's name. |
| 938 | */ |
| 939 | |
| 940 | extern const char *p_name(peer */*p*/); |
| 941 | |
| 942 | /* --- @p_find@ --- * |
| 943 | * |
| 944 | * Arguments: @const char *name@ = name to look up |
| 945 | * |
| 946 | * Returns: Pointer to the peer block, or null if not found. |
| 947 | * |
| 948 | * Use: Finds a peer by name. |
| 949 | */ |
| 950 | |
| 951 | extern peer *p_find(const char */*name*/); |
| 952 | |
| 953 | /* --- @p_destroy@ --- * |
| 954 | * |
| 955 | * Arguments: @peer *p@ = pointer to a peer |
| 956 | * |
| 957 | * Returns: --- |
| 958 | * |
| 959 | * Use: Destroys a peer. |
| 960 | */ |
| 961 | |
| 962 | extern void p_destroy(peer */*p*/); |
| 963 | |
| 964 | /* --- @p_first@, @p_next@ --- * |
| 965 | * |
| 966 | * Arguments: @peer *p@ = a peer block |
| 967 | * |
| 968 | * Returns: @peer_first@ returns the first peer in some ordering; |
| 969 | * @peer_next@ returns the peer following a given one in the |
| 970 | * same ordering. Null is returned for the end of the list. |
| 971 | */ |
| 972 | |
| 973 | extern peer *p_first(void); |
| 974 | extern peer *p_next(peer */*p*/); |
| 975 | |
| 976 | /*----- Tunnel interface --------------------------------------------------*/ |
| 977 | |
| 978 | /* --- @tun_init@ --- * |
| 979 | * |
| 980 | * Arguments: --- |
| 981 | * |
| 982 | * Returns: --- |
| 983 | * |
| 984 | * Use: Initializes the tunneling system. Maybe this will require |
| 985 | * opening file descriptors or something. |
| 986 | */ |
| 987 | |
| 988 | extern void tun_init(void); |
| 989 | |
| 990 | /* --- @tun_create@ --- * |
| 991 | * |
| 992 | * Arguments: @tunnel *t@ = pointer to tunnel block |
| 993 | * @peer *p@ = pointer to peer block |
| 994 | * |
| 995 | * Returns: Zero if it worked, nonzero on failure. |
| 996 | * |
| 997 | * Use: Initializes a new tunnel. |
| 998 | */ |
| 999 | |
| 1000 | extern int tun_create(tunnel */*t*/, peer */*p*/); |
| 1001 | |
| 1002 | /* --- @tun_ifname@ --- * |
| 1003 | * |
| 1004 | * Arguments: @tunnel *t@ = pointer to tunnel block |
| 1005 | * |
| 1006 | * Returns: A pointer to the tunnel's interface name. |
| 1007 | */ |
| 1008 | |
| 1009 | extern const char *tun_ifname(tunnel */*t*/); |
| 1010 | |
| 1011 | /* --- @tun_inject@ --- * |
| 1012 | * |
| 1013 | * Arguments: @tunnel *t@ = pointer to tunnel block |
| 1014 | * @buf *b@ = buffer to send |
| 1015 | * |
| 1016 | * Returns: --- |
| 1017 | * |
| 1018 | * Use: Injects a packet into the local network stack. |
| 1019 | */ |
| 1020 | |
| 1021 | extern void tun_inject(tunnel */*t*/, buf */*b*/); |
| 1022 | |
| 1023 | /* --- @tun_destroy@ --- * |
| 1024 | * |
| 1025 | * Arguments: @tunnel *t@ = pointer to tunnel block |
| 1026 | * |
| 1027 | * Returns: --- |
| 1028 | * |
| 1029 | * Use: Destroys a tunnel. |
| 1030 | */ |
| 1031 | |
| 1032 | extern void tun_destroy(tunnel */*t*/); |
| 1033 | |
| 1034 | /*----- Other handy utilities ---------------------------------------------*/ |
| 1035 | |
| 1036 | /* --- @mpstr@ --- * |
| 1037 | * |
| 1038 | * Arguments: @mp *m@ = a multiprecision integer |
| 1039 | * |
| 1040 | * Returns: A pointer to the integer's textual representation. |
| 1041 | * |
| 1042 | * Use: Converts a multiprecision integer to a string. Corrupts |
| 1043 | * @buf_t@. |
| 1044 | */ |
| 1045 | |
| 1046 | extern const char *mpstr(mp */*m*/); |
| 1047 | |
| 1048 | /* --- @timestr@ --- * |
| 1049 | * |
| 1050 | * Arguments: @time_t t@ = a time to convert |
| 1051 | * |
| 1052 | * Returns: A pointer to a textual representation of the time. |
| 1053 | * |
| 1054 | * Use: Converts a time to a textual representation. Corrupts |
| 1055 | * @buf_t@. |
| 1056 | */ |
| 1057 | |
| 1058 | extern const char *timestr(time_t /*t*/); |
| 1059 | |
| 1060 | /*----- That's all, folks -------------------------------------------------*/ |
| 1061 | |
| 1062 | #ifdef __cplusplus |
| 1063 | } |
| 1064 | #endif |
| 1065 | |
| 1066 | #endif |