3 * $Id: tripe.h,v 1.5 2001/02/16 21:41:43 mdw Exp $
5 * Main header file for TrIPE
7 * (c) 2001 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Trivial IP Encryption (TrIPE).
14 * TrIPE is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
19 * TrIPE is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with TrIPE; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 /*----- Revision history --------------------------------------------------*
32 * Revision 1.5 2001/02/16 21:41:43 mdw
33 * Major changes. See source files for details.
35 * Revision 1.4 2001/02/05 19:56:37 mdw
36 * Sequence number protection, and BSD tunnels.
38 * Revision 1.3 2001/02/04 01:17:55 mdw
39 * Create a configuration header file to tidy up command lines.
41 * Revision 1.2 2001/02/03 22:40:29 mdw
42 * Put timer information into the entropy pool when packets are received
43 * and on similar events. Reseed the generator on the interval timer.
45 * Revision 1.1 2001/02/03 20:26:37 mdw
57 /*----- Header files ------------------------------------------------------*/
72 #include <sys/types.h>
78 #include <sys/socket.h>
80 #include <netinet/in.h>
81 #include <arpa/inet.h>
87 #include <mLib/alloc.h>
88 #include <mLib/arena.h>
89 #include <mLib/bres.h>
90 #include <mLib/dstr.h>
92 #include <mLib/fdflags.h>
93 #include <mLib/fwatch.h>
94 #include <mLib/mdwopt.h>
95 #include <mLib/quis.h>
96 #include <mLib/report.h>
98 #include <mLib/selbuf.h>
100 #include <mLib/str.h>
101 #include <mLib/sub.h>
102 #include <mLib/trace.h>
104 #include <catacomb/gcipher.h>
105 #include <catacomb/gmac.h>
106 #include <catacomb/grand.h>
107 #include <catacomb/key.h>
108 #include <catacomb/paranoia.h>
110 #include <catacomb/noise.h>
111 #include <catacomb/rand.h>
113 #include <catacomb/mp.h>
114 #include <catacomb/mpmont.h>
115 #include <catacomb/mprand.h>
116 #include <catacomb/dh.h>
122 /*----- Magic numbers -----------------------------------------------------*/
124 /* --- Tunnel types --- */
130 /* --- Trace flags --- */
138 #define T_KEYEXCH 64u
139 #define T_KEYMGMT 128u
145 #define SEC(n) (n##u)
146 #define MIN(n) (n##u * 60u)
147 #define MEG(n) (n##ul * 1024ul * 1024ul)
149 /* --- Other things --- */
151 #define PKBUFSZ 65536
153 /*----- TrIPE protocol ----------------------------------------------------*/
155 /* --- TrIPE message format --- *
157 * A packet begins with a single-byte message type. The top four bits are a
158 * category code used to send the message to the right general place in the
159 * code; the bottom bits identify the actual message type.
162 #define MSG_CATMASK 0xf0
163 #define MSG_TYPEMASK 0x0f
165 /* --- Encrypted message packets --- *
167 * Messages of category @MSG_PACKET@ contain encrypted network packets. The
168 * message content is a symmetric-encrypted block (see below). Reception of
169 * a packet encrypted under a new key implicitly permits that key to be used
170 * to send further packets.
172 * The only packet type accepted is zero.
174 * Packets may be encrypted under any live keyset, but should use the most
178 #define MSG_PACKET 0x00
180 /* --- Key exchange packets --- */
182 #define MSG_KEYEXCH 0x10
184 #define KX_PRECHAL 0u
189 #define KX_SWITCHOK 5u
192 /* --- Symmetric encryption and keysets --- *
194 * Packets consist of a 64-bit MAC, a 32-bit sequence number, and the
197 * The MAC is computed using the HMAC construction with RIPEMD160 over the
198 * sequence number and the original packet plaintext; the first 64 bits of
199 * the output are used.
201 * The plaintext is encrypted using Blowfish in CBC mode with ciphertext
202 * stealing (as described in [Schneier]. The initialization vector is
203 * precisely the 64-bit MAC computed previously.
205 * A keyset consists of
207 * * an integrity (MAC) key;
208 * * a confidentiality (encryption) key; and
209 * * a sequence numbering space
211 * in each direction. The packets sent by a host encrypted under a
212 * particular keyset are assigned consecutive sequence numbers starting from
213 * zero. The receiving host must ensure that it only accepts each packet at
214 * most once. It should maintain a window of sequence numbers: packets with
215 * numbers beyond the end of the window are accepted and cause the window to
216 * be advanced; packets with numbers before the start of the window are
217 * rejected; packets with numbers which appear within the window are accepted
218 * only if the number has not been seen before.
220 * When a host sends a @KX_SWITCH@ or @KX_SWITCHOK@ message, it installs the
221 * newly-negotiated keyset in a `listen-only' state: it may not send a packet
222 * encrypted under the keyset until either it has received a @KX_SWITCH@ or
223 * @KX_SWITCHOK@ message, or a @MSG_PACKET@ encrypted under the keyset, from
227 /*----- Cipher selections -------------------------------------------------*/
229 #include <catacomb/blowfish.h>
230 #include <catacomb/blowfish-cbc.h>
231 #include <catacomb/rmd160.h>
232 #include <catacomb/rmd160-hmac.h>
234 #define CIPHER (&blowfish_cbc)
235 #define MAC (&rmd160_hmac)
237 #define HASH_CTX rmd160_ctx
238 #define HASH_INIT rmd160_init
239 #define HASH rmd160_hash
240 #define HASH_STRING(c, s) HASH((c), s, sizeof(s))
241 #define HASH_DONE rmd160_done
242 #define HASHSZ RMD160_HASHSZ
244 /*----- Data structures ---------------------------------------------------*/
248 * Buffers provide a simple stream-like interface for building and parsing
253 octet
*base
, *p
, *limit
; /* Pointers to the buffer */
254 unsigned f
; /* Various flags */
257 #define BF_BROKEN 1u /* Buffer is broken */
259 /* --- Socket addresses --- *
261 * A magic union of supported socket addresses.
266 struct sockaddr_in sin
;
269 /* --- A symmetric keyset --- *
271 * A keyset contains a set of symmetric keys for encrypting and decrypting
272 * packets. Keysets are stored in a list, sorted in reverse order of
273 * creation, so that the most recent keyset (the one most likely to be used)
276 * Each keyset has a time limit and a data limit. The keyset is destroyed
277 * when either it has existed for too long, or it has been used to encrypt
278 * too much data. New key exchanges are triggered when keys are close to
282 typedef struct keyset
{
283 struct keyset
*next
; /* Next active keyset in the list */
284 unsigned ref
; /* Reference count for keyset */
285 time_t t_exp
; /* Expiry time for this keyset */
286 unsigned long sz_exp
; /* Data limit for the keyset */
287 T( unsigned seq
; ) /* Sequence number for tracing */
288 unsigned f
; /* Various useful flags */
289 gcipher
*cin
, *cout
; /* Keyset ciphers for encryption */
290 gmac
*min
, *mout
; /* Keyset MACs for integrity */
291 uint32 oseq
; /* Outbound sequence number */
292 uint32 iseq
, iwin
; /* Inbound sequence number */
295 #define KS_SEQWINSZ 32 /* Bits in sequence number window */
297 #define KSF_LISTEN 1u /* Don't encrypt packets yet */
298 #define KSF_LINK 2u /* Key is in a linked list */
300 /* --- Key exchange --- *
302 * TrIPE uses the Wrestlers Protocol for its key exchange. The Wrestlers
303 * Protocol has a number of desirable features (e.g., perfect forward
304 * secrecy, and zero-knowledge authentication) which make it attractive for
305 * use in TrIPE. The Wrestlers Protocol was designed by Mark Wooding and
312 typedef struct kxchal
{
313 struct keyexch
*kx
; /* Pointer back to key exchange */
314 mp
*c
; /* Responder's challenge */
315 mp
*r
; /* My reply to the challenge */
316 keyset
*ks
; /* Pointer to temporary keyset */
317 unsigned f
; /* Various useful flags */
318 sel_timer t
; /* Response timer for challenge */
319 octet hc
[HASHSZ
]; /* Hash of his challenge */
320 octet hrx
[HASHSZ
]; /* My expected reply hash */
321 octet hswrq_in
[HASHSZ
]; /* Inbound switch request message */
322 octet hswok_in
[HASHSZ
]; /* Inbound switch confirmation */
323 octet hswrq_out
[HASHSZ
]; /* Outbound switch request message */
324 octet hswok_out
[HASHSZ
]; /* Outbound switch confirmation */
327 typedef struct keyexch
{
328 struct peer
*p
; /* Pointer back to the peer */
329 keyset
**ks
; /* Peer's list of keysets */
330 unsigned f
; /* Various useful flags */
331 unsigned s
; /* Current state in exchange */
332 sel_timer t
; /* Timer for next exchange */
333 dh_pub kpub
; /* Peer's public key */
334 mp
*alpha
; /* My temporary secret */
335 mp
*c
; /* My challenge */
336 mp
*rx
; /* The expected response */
337 unsigned nr
; /* Number of extant responses */
338 time_t t_valid
; /* When this exchange goes bad */
339 octet hc
[HASHSZ
]; /* Hash of my challenge */
340 kxchal
*r
[KX_NCHAL
]; /* Array of challenges */
343 #define KXF_TIMER 1u /* Waiting for a timer to go off */
346 KXS_DEAD
, /* Uninitialized state (magical) */
347 KXS_CHAL
, /* Main answer-challenges state */
348 KXS_COMMIT
, /* Committed: send switch request */
349 KXS_SWITCH
/* Switched: send confirmation */
352 /* --- Tunnel structure --- *
354 * Used to maintain system-specific information about the tunnel interface.
357 typedef struct tunnel
{
358 #if TUN_TYPE == TUN_UNET
359 sel_file f
; /* Selector for Usernet device */
360 struct peer
*p
; /* Pointer to my peer */
361 #elif TUN_TYPE == TUN_BSD
362 sel_file f
; /* Selector for tunnel device */
363 struct peer
*p
; /* Pointer to my peer */
364 unsigned n
; /* Number of my tunnel device */
366 # error "No support for this tunnel type"
370 /* --- Peer statistics --- *
372 * Contains various interesting and not-so-interesting statistics about a
373 * peer. This is updated by various parts of the code. The format of the
374 * structure isn't considered private, and @p_stats@ returns a pointer to the
375 * statistics block for a given peer.
378 typedef struct stats
{
379 unsigned long sz_in
, sz_out
; /* Size of all data in and out */
380 unsigned long sz_kxin
, sz_kxout
; /* Size of key exchange messages */
381 unsigned long sz_ipin
, sz_ipout
; /* Size of encapsulated IP packets */
382 time_t t_start
, t_last
; /* Time peer created, last recv */
383 unsigned long n_reject
; /* Number of rejected packets */
384 unsigned long n_in
, n_out
; /* Number of packets in and out */
385 unsigned long n_kxin
, n_kxout
; /* Number of key exchange packets */
386 unsigned long n_ipin
, n_ipout
; /* Number of encrypted packets */
389 /* --- Peer structure --- *
391 * The main structure which glues everything else together.
394 typedef struct peer
{
395 struct peer
*next
, *prev
; /* Links to next and previous */
396 char *name
; /* Name of this peer */
397 tunnel t
; /* Tunnel for local packets */
398 keyset
*ks
; /* List head for keysets */
399 buf b
; /* Buffer for sending packets */
400 addr peer
; /* Peer socket address */
401 size_t sasz
; /* Socket address size */
402 stats st
; /* Statistics */
403 keyexch kx
; /* Key exchange protocol block */
406 /* --- Admin structure --- */
408 typedef struct admin
{
409 struct admin
*next
, *prev
; /* Links to next and previous */
410 selbuf b
; /* Line buffer for commands */
411 int fd
; /* File descriptor for output */
413 unsigned seq
; /* Sequence number for tracing */
415 char *pname
; /* Peer name to create */
416 char *paddr
; /* Address string to resolve */
417 bres_client r
; /* Background resolver task */
418 sel_timer t
; /* Timer for resolver */
419 addr peer
; /* Address to set */
420 size_t sasz
; /* Size of the address */
423 /*----- Global variables --------------------------------------------------*/
425 extern sel_state sel
; /* Global I/O event state */
426 extern dh_priv kpriv
; /* Our private key */
427 extern mpmont mg
; /* Montgomery context for DH group */
428 extern octet buf_i
[PKBUFSZ
], buf_o
[PKBUFSZ
], buf_t
[PKBUFSZ
];
431 extern const trace_opt tr_opts
[]; /* Trace options array */
432 extern unsigned tr_flags
; /* Trace options flags */
435 /*----- Other macros ------------------------------------------------------*/
437 #define TIMER noise_timer(RAND_GLOBAL)
439 /*----- Key management ----------------------------------------------------*/
441 /* --- @km_interval@ --- *
445 * Returns: Zero if OK, nonzero to force reloading of keys.
447 * Use: Called on the interval timer to perform various useful jobs.
450 extern int km_interval(void);
452 /* --- @km_init@ --- *
454 * Arguments: @const char *kr_priv@ = private keyring file
455 * @const char *kr_pub@ = public keyring file
456 * @const char *tag@ = tag to load
460 * Use: Initializes, and loads the private key.
463 extern void km_init(const char */
*kr_priv*/
, const char */
*kr_pub*/
,
464 const char */
*tag*/
);
466 /* --- @km_getpubkey@ --- *
468 * Arguments: @const char *tag@ = public key tag to load
469 * @dh_pub *kpub@ = where to put the public key
471 * Returns: Zero if OK, nonzero if it failed.
473 * Use: Fetches a public key from the keyring.
476 extern int km_getpubkey(const char */
*tag*/
, dh_pub */
*kpub*/
);
478 /*----- Key exchange ------------------------------------------------------*/
480 /* --- @kx_start@ --- *
482 * Arguments: @keyexch *kx@ = pointer to key exchange context
486 * Use: Stimulates a key exchange. If a key exchage is in progress,
487 * a new challenge is sent (unless the quiet timer forbids
488 * this); if no exchange is in progress, one is commenced.
491 extern void kx_start(keyexch */
*kx*/
);
493 /* --- @kx_message@ --- *
495 * Arguments: @keyexch *kx@ = pointer to key exchange context
496 * @unsigned msg@ = the message code
497 * @buf *b@ = pointer to buffer containing the packet
501 * Use: Reads a packet containing key exchange messages and handles
505 extern void kx_message(keyexch */
*kx*/
, unsigned /*msg*/, buf */
*b*/
);
507 /* --- @kx_free@ --- *
509 * Arguments: @keyexch *kx@ = pointer to key exchange context
513 * Use: Frees everything in a key exchange context.
516 extern void kx_free(keyexch */
*kx*/
);
518 /* --- @kx_newkeys@ --- *
520 * Arguments: @keyexch *kx@ = pointer to key exchange context
524 * Use: Informs the key exchange module that its keys may have
525 * changed. If fetching the new keys fails, the peer will be
526 * destroyed, we log messages and struggle along with the old
530 extern void kx_newkeys(keyexch */
*kx*/
);
532 /* --- @kx_init@ --- *
534 * Arguments: @keyexch *kx@ = pointer to key exchange context
535 * @peer *p@ = pointer to peer context
536 * @keyset **ks@ = pointer to keyset list
538 * Returns: Zero if OK, nonzero if it failed.
540 * Use: Initializes a key exchange module. The module currently
541 * contains no keys, and will attempt to initiate a key
545 extern int kx_init(keyexch */
*kx*/
, peer */
*p*/
, keyset
**/
*ks*/
);
547 /*----- Keysets and symmetric cryptography --------------------------------*/
549 /* --- @ks_drop@ --- *
551 * Arguments: @keyset *ks@ = pointer to a keyset
555 * Use: Decrements a keyset's reference counter. If the counter hits
556 * zero, the keyset is freed.
559 extern void ks_drop(keyset */
*ks*/
);
561 /* --- @ks_gen@ --- *
563 * Arguments: @const void *k@ = pointer to key material
564 * @size_t x, y, z@ = offsets into key material (see below)
566 * Returns: A pointer to the new keyset.
568 * Use: Derives a new keyset from the given key material. The
569 * offsets @x@, @y@ and @z@ separate the key material into three
570 * parts. Between the @k@ and @k + x@ is `my' contribution to
571 * the key material; between @k + x@ and @k + y@ is `your'
572 * contribution; and between @k + y@ and @k + z@ is a shared
573 * value we made together. These are used to construct two
574 * pairs of symmetric keys. Each pair consists of an encryption
575 * key and a message authentication key. One pair is used for
576 * outgoing messages, the other for incoming messages.
578 * The new key is marked so that it won't be selected for output
579 * by @ksl_encrypt@. You can still encrypt data with it by
580 * calling @ks_encrypt@ directly.
583 extern keyset
*ks_gen(const void */
*k*/
,
584 size_t /*x*/, size_t /*y*/, size_t /*z*/);
586 /* --- @ks_tregen@ --- *
588 * Arguments: @keyset *ks@ = pointer to a keyset
590 * Returns: The time at which moves ought to be made to replace this key.
593 extern time_t ks_tregen(keyset */
*ks*/
);
595 /* --- @ks_activate@ --- *
597 * Arguments: @keyset *ks@ = pointer to a keyset
601 * Use: Activates a keyset, so that it can be used for encrypting
605 extern void ks_activate(keyset */
*ks*/
);
607 /* --- @ks_encrypt@ --- *
609 * Arguments: @keyset *ks@ = pointer to a keyset
610 * @buf *b@ = pointer to input buffer
611 * @buf *bb@ = pointer to output buffer
613 * Returns: Zero if OK, nonzero if the key needs replacing. If the
614 * encryption failed, the output buffer is broken and zero is
617 * Use: Encrypts a block of data using the key. Note that the `key
618 * ought to be replaced' notification is only ever given once
619 * for each key. Also note that this call forces a keyset to be
620 * used even if it's marked as not for data output.
623 extern int ks_encrypt(keyset */
*ks*/
, buf */
*b*/
, buf */
*bb*/
);
625 /* --- @ks_decrypt@ --- *
627 * Arguments: @keyset *ks@ = pointer to a keyset
628 * @buf *b@ = pointer to an input buffer
629 * @buf *bb@ = pointer to an output buffer
631 * Returns: Zero on success, or nonzero if there was some problem.
633 * Use: Attempts to decrypt a message using a given key. Note that
634 * requesting decryption with a key directly won't clear a
635 * marking that it's not for encryption.
638 extern int ks_decrypt(keyset */
*ks*/
, buf */
*b*/
, buf */
*bb*/
);
640 /* --- @ksl_free@ --- *
642 * Arguments: @keyset **ksroot@ = pointer to keyset list head
646 * Use: Frees (releases references to) all of the keys in a keyset.
649 extern void ksl_free(keyset
**/
*ksroot*/
);
651 /* --- @ksl_link@ --- *
653 * Arguments: @keyset **ksroot@ = pointer to keyset list head
654 * @keyset *ks@ = pointer to a keyset
658 * Use: Links a keyset into a list. A keyset can only be on one list
659 * at a time. Bad things happen otherwise.
662 extern void ksl_link(keyset
**/
*ksroot*/
, keyset */
*ks*/
);
664 /* --- @ksl_prune@ --- *
666 * Arguments: @keyset **ksroot@ = pointer to keyset list head
670 * Use: Prunes the keyset list by removing keys which mustn't be used
674 extern void ksl_prune(keyset
**/
*ksroot*/
);
676 /* --- @ksl_encrypt@ --- *
678 * Arguments: @keyset **ksroot@ = pointer to keyset list head
679 * @buf *b@ = pointer to input buffer
680 * @buf *bb@ = pointer to output buffer
682 * Returns: Nonzero if a new key is needed.
684 * Use: Encrypts a packet.
687 extern int ksl_encrypt(keyset
**/
*ksroot*/
, buf */
*b*/
, buf */
*bb*/
);
689 /* --- @ksl_decrypt@ --- *
691 * Arguments: @keyset **ksroot@ = pointer to keyset list head
692 * @buf *b@ = pointer to input buffer
693 * @buf *bb@ = pointer to output buffer
695 * Returns: Nonzero if the packet couldn't be decrypted.
697 * Use: Decrypts a packet.
700 extern int ksl_decrypt(keyset
**/
*ksroot*/
, buf */
*b*/
, buf */
*bb*/
);
702 /*----- Administration interface ------------------------------------------*/
704 /* --- @a_warn@ --- *
706 * Arguments: @const char *fmt@ = pointer to format string
707 * @...@ = other arguments
711 * Use: Informs all admin connections of a warning.
714 extern void a_warn(const char */
*fmt*/
, ...);
716 /* --- @a_create@ --- *
718 * Arguments: @int fd_in, fd_out@ = file descriptors to use
722 * Use: Creates a new admin connection.
725 extern void a_create(int /*fd_in*/, int /*fd_out*/);
727 /* --- @a_quit@ --- *
733 * Use: Shuts things down nicely.
736 extern void a_quit(void);
738 /* --- @a_daemon@ --- *
744 * Use: Informs the admin module that it's a daemon.
747 extern void a_daemon(void);
749 /* --- @a_init@ --- *
751 * Arguments: @const char *sock@ = socket name to create
755 * Use: Creates the admin listening socket.
758 extern void a_init(const char */
*sock*/
);
760 /*----- Peer management ---------------------------------------------------*/
762 /* --- @p_txstart@ --- *
764 * Arguments: @peer *p@ = pointer to peer block
765 * @unsigned msg@ = message type code
767 * Returns: A pointer to a buffer to write to.
769 * Use: Starts sending to a peer. Only one send can happen at a
773 extern buf
*p_txstart(peer */
*p*/
, unsigned /*msg*/);
775 /* --- @p_txend@ --- *
777 * Arguments: @peer *p@ = pointer to peer block
781 * Use: Sends a packet to the peer.
784 extern void p_txend(peer */
*p*/
);
788 * Arguments: @peer *p@ = pointer to peer block
789 * @buf *b@ = buffer containing incoming packet
793 * Use: Handles a packet which needs to be sent to a peer.
796 extern void p_tun(peer */
*p*/
, buf */
*b*/
);
798 /* --- @p_interval@ --- *
804 * Use: Called periodically to do tidying.
807 extern void p_interval(void);
809 /* --- @p_stats@ --- *
811 * Arguments: @peer *p@ = pointer to a peer block
813 * Returns: A pointer to the peer's statistics.
816 extern stats
*p_stats(peer */
*p*/
);
818 /* --- @p_ifname@ --- *
820 * Arguments: @peer *p@ = pointer to a peer block
822 * Returns: A pointer to the peer's interface name.
825 extern const char *p_ifname(peer */
*p*/
);
827 /* --- @p_addr@ --- *
829 * Arguments: @peer *p@ = pointer to a peer block
831 * Returns: A pointer to the peer's address.
834 extern const addr
*p_addr(peer */
*p*/
);
836 /* --- @p_init@ --- *
838 * Arguments: @unsigned port@ = port number to listen to
842 * Use: Initializes the peer system; creates the socket.
845 extern void p_init(unsigned /*port*/);
847 /* --- @p_port@ --- *
851 * Returns: Port number used for socket.
854 unsigned p_port(void);
856 /* --- @p_create@ --- *
858 * Arguments: @const char *name@ = name for this peer
859 * @struct sockaddr *sa@ = socket address of peer
860 * @size_t sz@ = size of socket address
862 * Returns: Pointer to the peer block, or null if it failed.
864 * Use: Creates a new named peer block. No peer is actually attached
868 extern peer
*p_create(const char */
*name*/
,
869 struct sockaddr */
*sa*/
, size_t /*sz*/);
871 /* --- @p_name@ --- *
873 * Arguments: @peer *p@ = pointer to a peer block
875 * Returns: A pointer to the peer's name.
878 extern const char *p_name(peer */
*p*/
);
880 /* --- @p_find@ --- *
882 * Arguments: @const char *name@ = name to look up
884 * Returns: Pointer to the peer block, or null if not found.
886 * Use: Finds a peer by name.
889 extern peer
*p_find(const char */
*name*/
);
891 /* --- @p_destroy@ --- *
893 * Arguments: @peer *p@ = pointer to a peer
897 * Use: Destroys a peer.
900 extern void p_destroy(peer */
*p*/
);
902 /* --- @p_first@, @p_next@ --- *
904 * Arguments: @peer *p@ = a peer block
906 * Returns: @peer_first@ returns the first peer in some ordering;
907 * @peer_next@ returns the peer following a given one in the
908 * same ordering. Null is returned for the end of the list.
911 extern peer
*p_first(void);
912 extern peer
*p_next(peer */
*p*/
);
914 /*----- Tunnel interface --------------------------------------------------*/
916 /* --- @tun_init@ --- *
922 * Use: Initializes the tunneling system. Maybe this will require
923 * opening file descriptors or something.
926 extern void tun_init(void);
928 /* --- @tun_create@ --- *
930 * Arguments: @tunnel *t@ = pointer to tunnel block
931 * @peer *p@ = pointer to peer block
933 * Returns: Zero if it worked, nonzero on failure.
935 * Use: Initializes a new tunnel.
938 extern int tun_create(tunnel */
*t*/
, peer */
*p*/
);
940 /* --- @tun_ifname@ --- *
942 * Arguments: @tunnel *t@ = pointer to tunnel block
944 * Returns: A pointer to the tunnel's interface name.
947 extern const char *tun_ifname(tunnel */
*t*/
);
949 /* --- @tun_inject@ --- *
951 * Arguments: @tunnel *t@ = pointer to tunnel block
952 * @buf *b@ = buffer to send
956 * Use: Injects a packet into the local network stack.
959 extern void tun_inject(tunnel */
*t*/
, buf */
*b*/
);
961 /* --- @tun_destroy@ --- *
963 * Arguments: @tunnel *t@ = pointer to tunnel block
967 * Use: Destroys a tunnel.
970 extern void tun_destroy(tunnel */
*t*/
);
972 /*----- Buffer handling ---------------------------------------------------*/
974 /* --- Useful macros --- */
976 #define BBASE(b) ((b)->base)
977 #define BLIM(b) ((b)->limit)
978 #define BCUR(b) ((b)->p)
979 #define BSZ(b) ((b)->limit - (b)->base)
980 #define BLEN(b) ((b)->p - (b)->base)
981 #define BLEFT(b) ((b)->limit - (b)->p)
982 #define BSTEP(b, sz) ((b)->p += (sz))
983 #define BBAD(b) ((b)->f & BF_BROKEN)
984 #define BOK(b) (!BBAD(b))
986 #define BENSURE(b, sz) \
987 (BBAD(b) ? -1 : (sz) > BLEFT(b) ? (b)->f |= BF_BROKEN, -1 : 0)
989 /* --- @buf_init@ --- *
991 * Arguments: @buf *b@ = pointer to a buffer block
992 * @void *p@ = pointer to a buffer
993 * @size_t sz@ = size of the buffer
997 * Use: Initializes the buffer block appropriately.
1000 extern void buf_init(buf */
*b*/
, void */
*p*/
, size_t /*sz*/);
1002 /* --- @buf_break@ --- *
1004 * Arguments: @buf *b@ = pointer to a buffer block
1006 * Returns: Some negative value.
1008 * Use: Marks a buffer as broken.
1011 extern int buf_break(buf */
*b*/
);
1013 /* --- @buf_flip@ --- *
1015 * Arguments: @buf *b@ = pointer to a buffer block
1019 * Use: Flips a buffer so that if you've just been writing to it,
1020 * you can now read from the bit you've written.
1023 extern void buf_flip(buf */
*b*/
);
1025 /* --- @buf_ensure@ --- *
1027 * Arguments: @buf *b@ = pointer to a buffer block
1028 * @size_t sz@ = size of data wanted
1030 * Returns: Zero if it worked, nonzero if there wasn't enough space.
1032 * Use: Ensures that there are @sz@ bytes still in the buffer.
1035 extern int buf_ensure(buf */
*b*/
, size_t /*sz*/);
1037 /* --- @buf_get@ --- *
1039 * Arguments: @buf *b@ = pointer to a buffer block
1040 * @size_t sz@ = size of the buffer
1042 * Returns: Pointer to the place in the buffer.
1044 * Use: Reserves a space in the buffer of the requested size, and
1045 * returns its start address.
1048 extern void *buf_get(buf */
*b*/
, size_t /*sz*/);
1050 /* --- @buf_put@ --- *
1052 * Arguments: @buf *b@ = pointer to a buffer block
1053 * @const void *p@ = pointer to a buffer
1054 * @size_t sz@ = size of the buffer
1056 * Returns: Zero if it worked, nonzero if there wasn't enough space.
1058 * Use: Fetches data from some place and puts it in the buffer
1061 extern int buf_put(buf */
*b*/
, const void */
*p*/
, size_t /*sz*/);
1063 /* --- @buf_getbyte@ --- *
1065 * Arguments: @buf *b@ = pointer to a buffer block
1067 * Returns: A byte, or less than zero if there wasn't a byte there.
1069 * Use: Gets a single byte from a buffer.
1072 extern int buf_getbyte(buf */
*b*/
);
1074 /* --- @buf_putbyte@ --- *
1076 * Arguments: @buf *b@ = pointer to a buffer block
1077 * @int ch@ = byte to write
1079 * Returns: Zero if OK, nonzero if there wasn't enough space.
1081 * Use: Puts a single byte in a buffer.
1084 extern int buf_putbyte(buf */
*b*/
, int /*ch*/);
1086 /* --- @buf_getword@ --- *
1088 * Arguments: @buf *b@ = pointer to a buffer block
1089 * @uint32 *w@ = where to put the word
1091 * Returns: Zero if OK, or nonzero if there wasn't a word there.
1093 * Use: Gets a 32-bit word from a buffer.
1096 extern int buf_getword(buf */
*b*/
, uint32 */
*w*/
);
1098 /* --- @buf_putword@ --- *
1100 * Arguments: @buf *b@ = pointer to a buffer block
1101 * @uint32 w@ = word to write
1103 * Returns: Zero if OK, nonzero if there wasn't enough space.
1105 * Use: Puts a 32-but word in a buffer.
1108 extern int buf_putword(buf */
*b*/
, uint32
/*w*/);
1110 /* --- @buf_getmp@ --- *
1112 * Arguments: @buf *b@ = pointer to a buffer block
1114 * Returns: A multiprecision integer, or null if there wasn't one there.
1116 * Use: Gets a multiprecision integer from a buffer.
1119 extern mp
*buf_getmp(buf */
*b*/
);
1121 /* --- @buf_putmp@ --- *
1123 * Arguments: @buf *b@ = pointer to a buffer block
1124 * @mp *m@ = a multiprecision integer
1126 * Returns: Zero if it worked, nonzero if there wasn't enough space.
1128 * Use: Puts a multiprecision integer to a buffer.
1131 extern int buf_putmp(buf */
*b*/
, mp */
*m*/
);
1133 /*----- Other handy utilities ---------------------------------------------*/
1135 /* --- @mpstr@ --- *
1137 * Arguments: @mp *m@ = a multiprecision integer
1139 * Returns: A pointer to the integer's textual representation.
1141 * Use: Converts a multiprecision integer to a string. Corrupts
1145 extern const char *mpstr(mp */
*m*/
);
1147 /* --- @timestr@ --- *
1149 * Arguments: @time_t t@ = a time to convert
1151 * Returns: A pointer to a textual representation of the time.
1153 * Use: Converts a time to a textual representation. Corrupts
1157 extern const char *timestr(time_t /*t*/);
1159 /*----- That's all, folks -------------------------------------------------*/