mdw@git.distorted.org.uk Git - tripe/blob - common/protocol.h

   1 /* -*-c-*-
   2  *
   3  * Protocol definition for TrIPE
   4  *
   5  * (c) 2003 Straylight/Edgeware
   6  */
   7
   8 /*----- Licensing notice --------------------------------------------------*
   9  *
  10  * This file is part of Trivial IP Encryption (TrIPE).
  11  *
  12  * TrIPE is free software; you can redistribute it and/or modify
  13  * it under the terms of the GNU General Public License as published by
  14  * the Free Software Foundation; either version 2 of the License, or
  15  * (at your option) any later version.
  16  *
  17  * TrIPE is distributed in the hope that it will be useful,
  18  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  20  * GNU General Public License for more details.
  21  *
  22  * You should have received a copy of the GNU General Public License
  23  * along with TrIPE; if not, write to the Free Software Foundation,
  24  * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  25  */
  26
  27 #ifndef TRIPE_PROTOCOL_H
  28 #define TRIPE_PROTOCOL_H
  29
  30 /*----- TrIPE protocol ----------------------------------------------------*/
  31
  32 #define TRIPE_PORT 4070                 /* Assigned by IANA */
  33
  34 /* --- TrIPE message format --- *
  35  *
  36  * A packet begins with a single-byte message type.  The top four bits are a
  37  * category code used to send the message to the right general place in the
  38  * code; the bottom bits identify the actual message type.
  39  */
  40
  41 #define MSG_CATMASK 0xf0
  42 #define MSG_TYPEMASK 0x0f
  43
  44 /* --- Encrypted message packets --- *
  45  *
  46  * Messages of category @MSG_PACKET@ contain encrypted network packets.  The
  47  * message content is a symmetric-encrypted block (see below).  Reception of
  48  * a packet encrypted under a new key implicitly permits that key to be used
  49  * to send further packets.
  50  *
  51  * The only packet type accepted is zero.
  52  *
  53  * Packets may be encrypted under any live keyset, but should use the most
  54  * recent one.
  55  */
  56
  57 #define MSG_PACKET 0x00
  58
  59 /* --- Key exchange packets --- */
  60
  61 #define MSG_KEYEXCH 0x10
  62
  63 #define KX_PRECHAL 0u
  64 #define KX_CHAL 1u
  65 #define KX_REPLY 2u
  66 #define KX_SWITCH 3u
  67 #define KX_SWITCHOK 4u
  68 #define KX_NMSG 5u
  69
  70 /* --- Miscellaneous packets --- */
  71
  72 #define MSG_MISC 0x20
  73
  74 #define MISC_NOP 0u                     /* Do nothing; ignore me */
  75 #define MISC_PING 1u                    /* Transport-level ping */
  76 #define MISC_PONG 2u                    /* Transport-level ping response */
  77 #define MISC_EPING 3u                   /* Encrypted ping */
  78 #define MISC_EPONG 4u                   /* Encrypted ping response */
  79 #define MISC_GREET 5u                   /* A greeting from a NATed peer */
  80
  81 /* --- Symmetric encryption and keysets --- *
  82  *
  83  * Packets consist of an 80-bit MAC, a 32-bit sequence number, and the
  84  * encrypted payload.
  85  *
  86  * The plaintext is encrypted using Blowfish in CBC mode with ciphertext
  87  * stealing (as described in [Schneier]).  The initialization vector is
  88  * selected randomly, and prepended to the actual ciphertext.
  89  *
  90  * The MAC is computed using the HMAC construction with RIPEMD160 over the
  91  * sequence number and the ciphertext (with IV); the first 80 bits of the
  92  * output are used.  (This is the minimum allowed by the draft FIPS for HMAC,
  93  * and the recommended truncation.)
  94  *
  95  * A keyset consists of
  96  *
  97  *   * an integrity (MAC) key;
  98  *   * a confidentiality (encryption) key; and
  99  *   * a sequence numbering space
 100  *
 101  * in each direction.  The packets sent by a host encrypted under a
 102  * particular keyset are assigned consecutive sequence numbers starting from
 103  * zero.  The receiving host must ensure that it only accepts each packet at
 104  * most once.  It should maintain a window of sequence numbers: packets with
 105  * numbers beyond the end of the window are accepted and cause the window to
 106  * be advanced; packets with numbers before the start of the window are
 107  * rejected; packets with numbers which appear within the window are accepted
 108  * only if the number has not been seen before.
 109  *
 110  * When a host sends a @KX_SWITCH@ or @KX_SWITCHOK@ message, it installs the
 111  * newly-negotiated keyset in a `listen-only' state: it may not send a packet
 112  * encrypted under the keyset until either it has received a @KX_SWITCH@ or
 113  * @KX_SWITCHOK@ message, or a @MSG_PACKET@ encrypted under the keyset, from
 114  * its peer.
 115  */
 116
 117 /*----- That's all, folks -------------------------------------------------*/
 118
 119 #endif