~mdw / tripe / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
server/keyexch.c: Randomized exponential retransmit backoff.
[tripe] / server / tripe.h
1 /* -*-c-*-
2 *
3 * Main header file for TrIPE
4 *
5 * (c) 2001 Straylight/Edgeware
6 */
7
8 /*----- Licensing notice --------------------------------------------------*
9 *
10 * This file is part of Trivial IP Encryption (TrIPE).
11 *
12 * TrIPE is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
16 *
17 * TrIPE is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License
23 * along with TrIPE; if not, write to the Free Software Foundation,
24 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
25 */
26
27 #ifndef TRIPE_H
28 #define TRIPE_H
29
30 #ifdef __cplusplus
31 extern "C" {
32 #endif
33
34 /*----- Header files ------------------------------------------------------*/
35
36 #include "config.h"
37
38 #include <assert.h>
39 #include <ctype.h>
40 #include <errno.h>
41 #include <limits.h>
42 #include <signal.h>
43 #include <stdarg.h>
44 #include <stddef.h>
45 #include <stdio.h>
46 #include <stdlib.h>
47 #include <string.h>
48 #include <time.h>
49
50 #include <sys/types.h>
51 #include <sys/time.h>
52 #include <unistd.h>
53 #include <fcntl.h>
54 #include <sys/stat.h>
55 #include <sys/wait.h>
56
57 #include <sys/socket.h>
58 #include <sys/un.h>
59 #include <netinet/in.h>
60 #include <arpa/inet.h>
61 #include <netdb.h>
62
63 #include <pwd.h>
64 #include <grp.h>
65
66 #include <mLib/alloc.h>
67 #include <mLib/arena.h>
68 #include <mLib/base64.h>
69 #include <mLib/bres.h>
70 #include <mLib/daemonize.h>
71 #include <mLib/dstr.h>
72 #include <mLib/env.h>
73 #include <mLib/fdflags.h>
74 #include <mLib/fdpass.h>
75 #include <mLib/fwatch.h>
76 #include <mLib/hash.h>
77 #include <mLib/macros.h>
78 #include <mLib/mdup.h>
79 #include <mLib/mdwopt.h>
80 #include <mLib/quis.h>
81 #include <mLib/report.h>
82 #include <mLib/sel.h>
83 #include <mLib/selbuf.h>
84 #include <mLib/sig.h>
85 #include <mLib/str.h>
86 #include <mLib/sub.h>
87 #include <mLib/trace.h>
88 #include <mLib/tv.h>
89 #include <mLib/versioncmp.h>
90
91 #include <catacomb/buf.h>
92
93 #include <catacomb/gcipher.h>
94 #include <catacomb/gmac.h>
95 #include <catacomb/grand.h>
96 #include <catacomb/key.h>
97 #include <catacomb/paranoia.h>
98
99 #include <catacomb/noise.h>
100 #include <catacomb/rand.h>
101
102 #include <catacomb/mp.h>
103 #include <catacomb/mprand.h>
104 #include <catacomb/dh.h>
105 #include <catacomb/ec.h>
106 #include <catacomb/ec-keys.h>
107 #include <catacomb/group.h>
108
109 #include "priv.h"
110 #include "protocol.h"
111 #include "slip.h"
112 #include "util.h"
113
114 #undef sun
115
116 /*----- Magic numbers -----------------------------------------------------*/
117
118 /* --- Trace flags --- */
119
120 #define T_TUNNEL 1u
121 #define T_PEER 2u
122 #define T_PACKET 4u
123 #define T_ADMIN 8u
124 #define T_CRYPTO 16u
125 #define T_KEYSET 32u
126 #define T_KEYEXCH 64u
127 #define T_KEYMGMT 128u
128 #define T_CHAL 256u
129 /* T_PRIVSEP in priv.h */
130
131 #define T_ALL 1023u
132
133 /* --- Units --- */
134
135 #define SEC(n) (n##u)
136 #define MIN(n) (n##u * 60u)
137 #define F_2P32 (65536.0*65536.0)
138 #define MEG(n) (n##ul * 1024ul * 1024ul)
139
140 /* --- Timing parameters --- */
141
142 #define T_EXP MIN(60) /* Expiry time for a key */
143 #define T_REGEN MIN(40) /* Regeneration time for a key */
144
145 #define T_VALID SEC(20) /* Challenge validity period */
146 #define T_RETRYMIN SEC(2) /* Minimum retry interval */
147 #define T_RETRYMAX MIN(5) /* Maximum retry interval */
148 #define T_RETRYGROW (5.0/4.0) /* Retry interval growth factor */
149
150 #define T_WOBBLE (1.0/3.0) /* Relative timer randomness */
151
152 /* --- Other things --- */
153
154 #define PKBUFSZ 65536
155
156 /*----- Cipher selections -------------------------------------------------*/
157
158 typedef struct algswitch {
159 const gccipher *c; /* Symmetric encryption scheme */
160 const gccipher *mgf; /* Mask-generation function */
161 const gchash *h; /* Hash function */
162 const gcmac *m; /* Message authentication code */
163 size_t hashsz; /* Hash output size */
164 size_t tagsz; /* Length to truncate MAC tags */
165 size_t expsz; /* Size of data to process */
166 size_t cksz, mksz; /* Key lengths for @c@ and @m@ */
167 } algswitch;
168
169 extern algswitch algs;
170
171 #define MAXHASHSZ 64 /* Largest possible hash size */
172
173 #define HASH_STRING(h, s) GH_HASH((h), (s), sizeof(s))
174
175 /*----- Data structures ---------------------------------------------------*/
176
177 /* --- Socket addresses --- *
178 *
179 * A magic union of supported socket addresses.
180 */
181
182 typedef union addr {
183 struct sockaddr sa;
184 struct sockaddr_in sin;
185 } addr;
186
187 /* --- Mapping keyed on addresses --- */
188
189 typedef struct addrmap {
190 hash_table t;
191 size_t load;
192 } addrmap;
193
194 typedef struct addrmap_base {
195 hash_base b;
196 addr a;
197 } addrmap_base;
198
199 /* --- Sequence number checking --- */
200
201 typedef struct seqwin {
202 uint32 seq; /* First acceptable input sequence */
203 uint32 win; /* Window of acceptable numbers */
204 } seqwin;
205
206 #define SEQ_WINSZ 32 /* Bits in sequence number window */
207
208 /* --- A symmetric keyset --- *
209 *
210 * A keyset contains a set of symmetric keys for encrypting and decrypting
211 * packets. Keysets are stored in a list, sorted in reverse order of
212 * creation, so that the most recent keyset (the one most likely to be used)
213 * is first.
214 *
215 * Each keyset has a time limit and a data limit. The keyset is destroyed
216 * when either it has existed for too long, or it has been used to encrypt
217 * too much data. New key exchanges are triggered when keys are close to
218 * expiry.
219 */
220
221 typedef struct keyset {
222 struct keyset *next; /* Next active keyset in the list */
223 unsigned ref; /* Reference count for keyset */
224 struct peer *p; /* Pointer to peer structure */
225 time_t t_exp; /* Expiry time for this keyset */
226 unsigned long sz_exp, sz_regen; /* Data limits for the keyset */
227 T( unsigned seq; ) /* Sequence number for tracing */
228 unsigned f; /* Various useful flags */
229 gcipher *cin, *cout; /* Keyset ciphers for encryption */
230 size_t tagsz; /* Length to truncate MAC tags */
231 gmac *min, *mout; /* Keyset MACs for integrity */
232 uint32 oseq; /* Outbound sequence number */
233 seqwin iseq; /* Inbound sequence number */
234 } keyset;
235
236 #define KSF_LISTEN 1u /* Don't encrypt packets yet */
237 #define KSF_LINK 2u /* Key is in a linked list */
238
239 #define KSERR_REGEN -1 /* Regenerate keys */
240 #define KSERR_NOKEYS -2 /* No keys left */
241 #define KSERR_DECRYPT -3 /* Unable to decrypt message */
242 #define KSERR_SEQ -4 /* Incorrect sequence number */
243 #define KSERR_MALFORMED -5 /* Input ciphertext is broken */
244
245 /* --- Key exchange --- *
246 *
247 * TrIPE uses the Wrestlers Protocol for its key exchange. The Wrestlers
248 * Protocol has a number of desirable features (e.g., perfect forward
249 * secrecy, and zero-knowledge authentication) which make it attractive for
250 * use in TrIPE. The Wrestlers Protocol was designed by Mark Wooding and
251 * Clive Jones.
252 */
253
254 typedef struct retry {
255 double t; /* Current retry time */
256 } retry;
257
258 #define KX_NCHAL 16u
259
260 typedef struct kxchal {
261 struct keyexch *kx; /* Pointer back to key exchange */
262 ge *c; /* Responder's challenge */
263 ge *r; /* My reply to the challenge */
264 keyset *ks; /* Pointer to temporary keyset */
265 unsigned f; /* Various useful flags */
266 sel_timer t; /* Response timer for challenge */
267 retry rs; /* Retry state */
268 octet hc[MAXHASHSZ]; /* Hash of his challenge */
269 octet ck[MAXHASHSZ]; /* His magical check value */
270 octet hswrq_in[MAXHASHSZ]; /* Inbound switch request message */
271 octet hswok_in[MAXHASHSZ]; /* Inbound switch confirmation */
272 octet hswrq_out[MAXHASHSZ]; /* Outbound switch request message */
273 octet hswok_out[MAXHASHSZ]; /* Outbound switch confirmation */
274 } kxchal;
275
276 typedef struct keyexch {
277 struct peer *p; /* Pointer back to the peer */
278 keyset **ks; /* Peer's list of keysets */
279 unsigned f; /* Various useful flags */
280 unsigned s; /* Current state in exchange */
281 sel_timer t; /* Timer for next exchange */
282 retry rs; /* Retry state */
283 ge *kpub; /* Peer's public key */
284 time_t texp_kpub; /* Expiry time for public key */
285 mp *alpha; /* My temporary secret */
286 ge *c; /* My challenge */
287 ge *rx; /* The expected response */
288 unsigned nr; /* Number of extant responses */
289 time_t t_valid; /* When this exchange goes bad */
290 octet hc[MAXHASHSZ]; /* Hash of my challenge */
291 kxchal *r[KX_NCHAL]; /* Array of challenges */
292 } keyexch;
293
294 #define KXF_TIMER 1u /* Waiting for a timer to go off */
295 #define KXF_DEAD 2u /* The key-exchanger isn't up */
296 #define KXF_PUBKEY 4u /* Key exchanger has a public key */
297 #define KXF_CORK 8u /* Don't send anything yet */
298
299 enum {
300 KXS_DEAD, /* Uninitialized state (magical) */
301 KXS_CHAL, /* Main answer-challenges state */
302 KXS_COMMIT, /* Committed: send switch request */
303 KXS_SWITCH /* Switched: send confirmation */
304 };
305
306 /* --- Tunnel structure --- *
307 *
308 * Used to maintain system-specific information about the tunnel interface.
309 */
310
311 typedef struct tunnel tunnel;
312 struct peer;
313
314 typedef struct tunnel_ops {
315 const char *name; /* Name of this tunnel driver */
316 unsigned flags; /* Various interesting flags */
317 #define TUNF_PRIVOPEN 1u /* Need helper to open file */
318 void (*init)(void); /* Initializes the system */
319 tunnel *(*create)(struct peer */*p*/, int /*fd*/, char **/*ifn*/);
320 /* Initializes a new tunnel */
321 void (*setifname)(tunnel */*t*/, const char */*ifn*/);
322 /* Notifies ifname change */
323 void (*inject)(tunnel */*t*/, buf */*b*/); /* Sends packet through if */
324 void (*destroy)(tunnel */*t*/); /* Destroys a tunnel */
325 } tunnel_ops;
326
327 #ifndef TUN_INTERNALS
328 struct tunnel { const tunnel_ops *ops; };
329 #endif
330
331 /* --- Peer statistics --- *
332 *
333 * Contains various interesting and not-so-interesting statistics about a
334 * peer. This is updated by various parts of the code. The format of the
335 * structure isn't considered private, and @p_stats@ returns a pointer to the
336 * statistics block for a given peer.
337 */
338
339 typedef struct stats {
340 unsigned long sz_in, sz_out; /* Size of all data in and out */
341 unsigned long sz_kxin, sz_kxout; /* Size of key exchange messages */
342 unsigned long sz_ipin, sz_ipout; /* Size of encapsulated IP packets */
343 time_t t_start, t_last, t_kx; /* Time peer created, last pk, kx */
344 unsigned long n_reject; /* Number of rejected packets */
345 unsigned long n_in, n_out; /* Number of packets in and out */
346 unsigned long n_kxin, n_kxout; /* Number of key exchange packets */
347 unsigned long n_ipin, n_ipout; /* Number of encrypted packets */
348 } stats;
349
350 /* --- Peer structure --- *
351 *
352 * The main structure which glues everything else together.
353 */
354
355 typedef struct peerspec {
356 char *name; /* Peer's name */
357 char *tag; /* Public key tag */
358 const tunnel_ops *tops; /* Tunnel operations */
359 unsigned long t_ka; /* Keep alive interval */
360 addr sa; /* Socket address to speak to */
361 size_t sasz; /* Socket address size */
362 unsigned f; /* Flags for the peer */
363 #define PSF_KXMASK 255u /* Key-exchange flags to set */
364 #define PSF_MOBILE 256u /* Address may change rapidly */
365 } peerspec;
366
367 typedef struct peer_byname {
368 sym_base _b;
369 struct peer *p;
370 } peer_byname;
371
372 typedef struct peer_byaddr {
373 addrmap_base _b;
374 struct peer *p;
375 } peer_byaddr;
376
377 typedef struct peer {
378 peer_byname *byname; /* Lookup-by-name block */
379 peer_byaddr *byaddr; /* Lookup-by-address block */
380 struct ping *pings; /* Pings we're waiting for */
381 peerspec spec; /* Specifications for this peer */
382 tunnel *t; /* Tunnel for local packets */
383 char *ifname; /* Interface name for tunnel */
384 keyset *ks; /* List head for keysets */
385 buf b; /* Buffer for sending packets */
386 stats st; /* Statistics */
387 keyexch kx; /* Key exchange protocol block */
388 sel_timer tka; /* Timer for keepalives */
389 } peer;
390
391 typedef struct peer_iter { sym_iter i; } peer_iter;
392
393 typedef struct ping {
394 struct ping *next, *prev; /* Links to next and previous */
395 peer *p; /* Peer so we can free it */
396 unsigned msg; /* Kind of response expected */
397 uint32 id; /* Id so we can recognize response */
398 octet magic[32]; /* Some random data */
399 sel_timer t; /* Timeout for ping */
400 void (*func)(int /*rc*/, void */*arg*/); /* Function to call when done */
401 void *arg; /* Argument for callback */
402 } ping;
403
404 enum {
405 PING_NONOTIFY = -1,
406 PING_OK = 0,
407 PING_TIMEOUT,
408 PING_PEERDIED,
409 PING_MAX
410 };
411
412 /* --- Admin structure --- */
413
414 #define OBUFSZ 16384u
415
416 typedef struct obuf {
417 struct obuf *next; /* Next buffer in list */
418 char *p_in, *p_out; /* Pointers into the buffer */
419 char buf[OBUFSZ]; /* The actual buffer */
420 } obuf;
421
422 typedef struct oqueue {
423 obuf *hd, *tl; /* Head and tail pointers */
424 } oqueue;
425
426 struct admin;
427
428 typedef struct admin_bgop {
429 struct admin_bgop *next, *prev; /* Links to next and previous */
430 struct admin *a; /* Owner job */
431 char *tag; /* Tag string for messages */
432 void (*cancel)(struct admin_bgop *); /* Destructor function */
433 } admin_bgop;
434
435 typedef struct admin_resop {
436 admin_bgop bg; /* Background operation header */
437 char *addr; /* Hostname to be resolved */
438 bres_client r; /* Background resolver task */
439 sel_timer t; /* Timer for resolver */
440 addr sa; /* Socket address */
441 size_t sasz; /* Socket address size */
442 void (*func)(struct admin_resop *, int); /* Handler */
443 } admin_resop;
444
445 enum { ARES_OK, ARES_FAIL };
446
447 typedef struct admin_addop {
448 admin_resop r; /* Name resolution header */
449 peerspec peer; /* Peer pending creation */
450 } admin_addop;
451
452 typedef struct admin_pingop {
453 admin_bgop bg; /* Background operation header */
454 ping ping; /* Ping pending response */
455 struct timeval pingtime; /* Time last ping was sent */
456 } admin_pingop;
457
458 typedef struct admin_service {
459 sym_base _b; /* Hash table base structure */
460 char *version; /* The provided version */
461 struct admin *prov; /* Which client provides me */
462 struct admin_service *next, *prev; /* Client's list of services */
463 } admin_service;
464
465 typedef struct admin_svcop {
466 admin_bgop bg; /* Background operation header */
467 struct admin *prov; /* Client servicing this job */
468 unsigned index; /* This job's index */
469 struct admin_svcop *next, *prev; /* Links for provider's jobs */
470 } admin_svcop;
471
472 typedef struct admin_jobentry {
473 unsigned short seq; /* Zero if unused */
474 union {
475 admin_svcop *op; /* Operation, if slot in use, ... */
476 uint32 next; /* ... or index of next free slot */
477 } u;
478 } admin_jobentry;
479
480 typedef struct admin_jobtable {
481 uint32 n, sz; /* Used slots and table size */
482 admin_svcop *active; /* List of active jobs */
483 uint32 free; /* Index of first free slot */
484 admin_jobentry *v; /* And the big array of entries */
485 } admin_jobtable;
486
487 typedef struct admin {
488 struct admin *next, *prev; /* Links to next and previous */
489 unsigned f; /* Various useful flags */
490 unsigned ref; /* Reference counter */
491 #ifndef NTRACE
492 unsigned seq; /* Sequence number for tracing */
493 #endif
494 oqueue out; /* Output buffer list */
495 oqueue delay; /* Delayed output buffer list */
496 admin_bgop *bg; /* Backgrounded operations */
497 admin_service *svcs; /* Which services I provide */
498 admin_jobtable j; /* Table of outstanding jobs */
499 selbuf b; /* Line buffer for commands */
500 sel_file w; /* Selector for write buffering */
501 } admin;
502
503 #define AF_DEAD 1u /* Destroy this admin block */
504 #define AF_CLOSE 2u /* Client closed connection */
505 #define AF_NOTE 4u /* Catch notifications */
506 #define AF_WARN 8u /* Catch warning messages */
507 #ifndef NTRACE
508 #define AF_TRACE 16u /* Catch tracing */
509 #endif
510 #define AF_FOREGROUND 32u /* Quit server when client closes */
511
512 #ifndef NTRACE
513 # define AF_ALLMSGS (AF_NOTE | AF_TRACE | AF_WARN)
514 #else
515 # define AF_ALLMSGS (AF_NOTE | AF_WARN)
516 #endif
517
518 /*----- Global variables --------------------------------------------------*/
519
520 extern sel_state sel; /* Global I/O event state */
521 extern group *gg; /* The group we work in */
522 extern size_t indexsz; /* Size of exponent for the group */
523 extern mp *kpriv; /* Our private key */
524 extern ge *kpub; /* Our public key */
525 extern octet buf_i[PKBUFSZ], buf_o[PKBUFSZ], buf_t[PKBUFSZ], buf_u[PKBUFSZ];
526 extern const tunnel_ops *tunnels[]; /* Table of tunnels (0-term) */
527 extern const tunnel_ops *tun_default; /* Default tunnel to use */
528
529 #ifndef NTRACE
530 extern const trace_opt tr_opts[]; /* Trace options array */
531 extern unsigned tr_flags; /* Trace options flags */
532 #endif
533
534 /*----- Other macros ------------------------------------------------------*/
535
536 #define TIMER noise_timer(RAND_GLOBAL)
537
538 /*----- Key management ----------------------------------------------------*/
539
540 /* --- @km_reload@ --- *
541 *
542 * Arguments: ---
543 *
544 * Returns: Zero if OK, nonzero to force reloading of keys.
545 *
546 * Use: Checks the keyrings to see if they need reloading.
547 */
548
549 extern int km_reload(void);
550
551 /* --- @km_init@ --- *
552 *
553 * Arguments: @const char *kr_priv@ = private keyring file
554 * @const char *kr_pub@ = public keyring file
555 * @const char *tag@ = tag to load
556 *
557 * Returns: ---
558 *
559 * Use: Initializes, and loads the private key.
560 */
561
562 extern void km_init(const char */*kr_priv*/, const char */*kr_pub*/,
563 const char */*tag*/);
564
565 /* --- @km_getpubkey@ --- *
566 *
567 * Arguments: @const char *tag@ = public key tag to load
568 * @ge *kpub@ = where to put the public key
569 * @time_t *t_exp@ = where to put the expiry time
570 *
571 * Returns: Zero if OK, nonzero if it failed.
572 *
573 * Use: Fetches a public key from the keyring.
574 */
575
576 extern int km_getpubkey(const char */*tag*/, ge */*kpub*/,
577 time_t */*t_exp*/);
578
579 /*----- Key exchange ------------------------------------------------------*/
580
581 /* --- @kx_start@ --- *
582 *
583 * Arguments: @keyexch *kx@ = pointer to key exchange context
584 * @int forcep@ = nonzero to ignore the quiet timer
585 *
586 * Returns: ---
587 *
588 * Use: Stimulates a key exchange. If a key exchage is in progress,
589 * a new challenge is sent (unless the quiet timer forbids
590 * this); if no exchange is in progress, one is commenced.
591 */
592
593 extern void kx_start(keyexch */*kx*/, int /*forcep*/);
594
595 /* --- @kx_message@ --- *
596 *
597 * Arguments: @keyexch *kx@ = pointer to key exchange context
598 * @unsigned msg@ = the message code
599 * @buf *b@ = pointer to buffer containing the packet
600 *
601 * Returns: ---
602 *
603 * Use: Reads a packet containing key exchange messages and handles
604 * it.
605 */
606
607 extern void kx_message(keyexch */*kx*/, unsigned /*msg*/, buf */*b*/);
608
609 /* --- @kx_free@ --- *
610 *
611 * Arguments: @keyexch *kx@ = pointer to key exchange context
612 *
613 * Returns: ---
614 *
615 * Use: Frees everything in a key exchange context.
616 */
617
618 extern void kx_free(keyexch */*kx*/);
619
620 /* --- @kx_newkeys@ --- *
621 *
622 * Arguments: @keyexch *kx@ = pointer to key exchange context
623 *
624 * Returns: ---
625 *
626 * Use: Informs the key exchange module that its keys may have
627 * changed. If fetching the new keys fails, the peer will be
628 * destroyed, we log messages and struggle along with the old
629 * keys.
630 */
631
632 extern void kx_newkeys(keyexch */*kx*/);
633
634 /* --- @kx_init@ --- *
635 *
636 * Arguments: @keyexch *kx@ = pointer to key exchange context
637 * @peer *p@ = pointer to peer context
638 * @keyset **ks@ = pointer to keyset list
639 * @unsigned f@ = various useful flags
640 *
641 * Returns: Zero if OK, nonzero if it failed.
642 *
643 * Use: Initializes a key exchange module. The module currently
644 * contains no keys, and will attempt to initiate a key
645 * exchange.
646 */
647
648 extern int kx_init(keyexch */*kx*/, peer */*p*/,
649 keyset **/*ks*/, unsigned /*f*/);
650
651 /*----- Keysets and symmetric cryptography --------------------------------*/
652
653 /* --- @ks_drop@ --- *
654 *
655 * Arguments: @keyset *ks@ = pointer to a keyset
656 *
657 * Returns: ---
658 *
659 * Use: Decrements a keyset's reference counter. If the counter hits
660 * zero, the keyset is freed.
661 */
662
663 extern void ks_drop(keyset */*ks*/);
664
665 /* --- @ks_gen@ --- *
666 *
667 * Arguments: @const void *k@ = pointer to key material
668 * @size_t x, y, z@ = offsets into key material (see below)
669 * @peer *p@ = pointer to peer information
670 *
671 * Returns: A pointer to the new keyset.
672 *
673 * Use: Derives a new keyset from the given key material. The
674 * offsets @x@, @y@ and @z@ separate the key material into three
675 * parts. Between the @k@ and @k + x@ is `my' contribution to
676 * the key material; between @k + x@ and @k + y@ is `your'
677 * contribution; and between @k + y@ and @k + z@ is a shared
678 * value we made together. These are used to construct two
679 * pairs of symmetric keys. Each pair consists of an encryption
680 * key and a message authentication key. One pair is used for
681 * outgoing messages, the other for incoming messages.
682 *
683 * The new key is marked so that it won't be selected for output
684 * by @ksl_encrypt@. You can still encrypt data with it by
685 * calling @ks_encrypt@ directly.
686 */
687
688 extern keyset *ks_gen(const void */*k*/,
689 size_t /*x*/, size_t /*y*/, size_t /*z*/,
690 peer */*p*/);
691
692 /* --- @ks_activate@ --- *
693 *
694 * Arguments: @keyset *ks@ = pointer to a keyset
695 *
696 * Returns: ---
697 *
698 * Use: Activates a keyset, so that it can be used for encrypting
699 * outgoing messages.
700 */
701
702 extern void ks_activate(keyset */*ks*/);
703
704 /* --- @ks_encrypt@ --- *
705 *
706 * Arguments: @keyset *ks@ = pointer to a keyset
707 * @unsigned ty@ = message type
708 * @buf *b@ = pointer to input buffer
709 * @buf *bb@ = pointer to output buffer
710 *
711 * Returns: Zero if successful; @KSERR_REGEN@ if we should negotiate a
712 * new key; @KSERR_NOKEYS@ if the key is not usable. Also
713 * returns zero if there was insufficient buffer (but the output
714 * buffer is broken in this case).
715 *
716 * Use: Encrypts a block of data using the key. Note that the `key
717 * ought to be replaced' notification is only ever given once
718 * for each key. Also note that this call forces a keyset to be
719 * used even if it's marked as not for data output.
720 */
721
722 extern int ks_encrypt(keyset */*ks*/, unsigned /*ty*/,
723 buf */*b*/, buf */*bb*/);
724
725 /* --- @ks_decrypt@ --- *
726 *
727 * Arguments: @keyset *ks@ = pointer to a keyset
728 * @unsigned ty@ = expected type code
729 * @buf *b@ = pointer to an input buffer
730 * @buf *bb@ = pointer to an output buffer
731 *
732 * Returns: Zero on success; @KSERR_DECRYPT@ on failure. Also returns
733 * zero if there was insufficient buffer (but the output buffer
734 * is broken in this case).
735 *
736 * Use: Attempts to decrypt a message using a given key. Note that
737 * requesting decryption with a key directly won't clear a
738 * marking that it's not for encryption.
739 */
740
741 extern int ks_decrypt(keyset */*ks*/, unsigned /*ty*/,
742 buf */*b*/, buf */*bb*/);
743
744 /* --- @ksl_free@ --- *
745 *
746 * Arguments: @keyset **ksroot@ = pointer to keyset list head
747 *
748 * Returns: ---
749 *
750 * Use: Frees (releases references to) all of the keys in a keyset.
751 */
752
753 extern void ksl_free(keyset **/*ksroot*/);
754
755 /* --- @ksl_link@ --- *
756 *
757 * Arguments: @keyset **ksroot@ = pointer to keyset list head
758 * @keyset *ks@ = pointer to a keyset
759 *
760 * Returns: ---
761 *
762 * Use: Links a keyset into a list. A keyset can only be on one list
763 * at a time. Bad things happen otherwise.
764 */
765
766 extern void ksl_link(keyset **/*ksroot*/, keyset */*ks*/);
767
768 /* --- @ksl_prune@ --- *
769 *
770 * Arguments: @keyset **ksroot@ = pointer to keyset list head
771 *
772 * Returns: ---
773 *
774 * Use: Prunes the keyset list by removing keys which mustn't be used
775 * any more.
776 */
777
778 extern void ksl_prune(keyset **/*ksroot*/);
779
780 /* --- @ksl_encrypt@ --- *
781 *
782 * Arguments: @keyset **ksroot@ = pointer to keyset list head
783 * @unsigned ty@ = message type
784 * @buf *b@ = pointer to input buffer
785 * @buf *bb@ = pointer to output buffer
786 *
787 * Returns: Zero if successful; @KSERR_REGEN@ if it's time to negotiate a
788 * new key; @KSERR_NOKEYS@ if there are no suitable keys
789 * available. Also returns zero if there was insufficient
790 * buffer space (but the output buffer is broken in this case).
791 *
792 * Use: Encrypts a packet.
793 */
794
795 extern int ksl_encrypt(keyset **/*ksroot*/, unsigned /*ty*/,
796 buf */*b*/, buf */*bb*/);
797
798 /* --- @ksl_decrypt@ --- *
799 *
800 * Arguments: @keyset **ksroot@ = pointer to keyset list head
801 * @unsigned ty@ = expected type code
802 * @buf *b@ = pointer to input buffer
803 * @buf *bb@ = pointer to output buffer
804 *
805 * Returns: Zero on success; @KSERR_DECRYPT@ on failure. Also returns
806 * zero if there was insufficient buffer (but the output buffer
807 * is broken in this case).
808 *
809 * Use: Decrypts a packet.
810 */
811
812 extern int ksl_decrypt(keyset **/*ksroot*/, unsigned /*ty*/,
813 buf */*b*/, buf */*bb*/);
814
815 /*----- Challenges --------------------------------------------------------*/
816
817 /* --- @c_new@ --- *
818 *
819 * Arguments: @buf *b@ = where to put the challenge
820 *
821 * Returns: Zero if OK, nonzero on error.
822 *
823 * Use: Issues a new challenge.
824 */
825
826 extern int c_new(buf */*b*/);
827
828 /* --- @c_check@ --- *
829 *
830 * Arguments: @buf *b@ = where to find the challenge
831 *
832 * Returns: Zero if OK, nonzero if it didn't work.
833 *
834 * Use: Checks a challenge. On failure, the buffer is broken.
835 */
836
837 extern int c_check(buf */*b*/);
838
839 /*----- Administration interface ------------------------------------------*/
840
841 #define A_END ((char *)0)
842
843 /* --- @a_vformat@ --- *
844 *
845 * Arguments: @dstr *d@ = where to leave the formatted message
846 * @const char *fmt@ = pointer to format string
847 * @va_list ap@ = arguments in list
848 *
849 * Returns: ---
850 *
851 * Use: Main message token formatting driver. The arguments are
852 * interleaved formatting tokens and their parameters, finally
853 * terminated by an entry @A_END@.
854 *
855 * Tokens recognized:
856 *
857 * * "*..." ... -- pretokenized @dstr_putf@-like string
858 *
859 * * "?ADDR" SOCKADDR -- a socket address, to be converted
860 *
861 * * "?B64" BUFFER SIZE -- binary data to be base64-encoded
862 *
863 * * "?TOKENS" VECTOR -- null-terminated vector of tokens
864 *
865 * * "?PEER" PEER -- peer's name
866 *
867 * * "?ERRNO" ERRNO -- system error code
868 *
869 * * "[!]..." ... -- @dstr_putf@-like string as single token
870 */
871
872 extern void a_vformat(dstr */*d*/, const char */*fmt*/, va_list /*ap*/);
873
874 /* --- @a_warn@ --- *
875 *
876 * Arguments: @const char *fmt@ = pointer to format string
877 * @...@ = other arguments
878 *
879 * Returns: ---
880 *
881 * Use: Informs all admin connections of a warning.
882 */
883
884 extern void a_warn(const char */*fmt*/, ...);
885
886 /* --- @a_notify@ --- *
887 *
888 * Arguments: @const char *fmt@ = pointer to format string
889 * @...@ = other arguments
890 *
891 * Returns: ---
892 *
893 * Use: Sends a notification to interested admin connections.
894 */
895
896 extern void a_notify(const char */*fmt*/, ...);
897
898 /* --- @a_create@ --- *
899 *
900 * Arguments: @int fd_in, fd_out@ = file descriptors to use
901 * @unsigned f@ = initial flags to set
902 *
903 * Returns: ---
904 *
905 * Use: Creates a new admin connection.
906 */
907
908 extern void a_create(int /*fd_in*/, int /*fd_out*/, unsigned /*f*/);
909
910 /* --- @a_quit@ --- *
911 *
912 * Arguments: ---
913 *
914 * Returns: ---
915 *
916 * Use: Shuts things down nicely.
917 */
918
919 extern void a_quit(void);
920
921 /* --- @a_preselect@ --- *
922 *
923 * Arguments: ---
924 *
925 * Returns: ---
926 *
927 * Use: Informs the admin module that we're about to select again,
928 * and that it should do cleanup things it has delayed until a
929 * `safe' time.
930 */
931
932 extern void a_preselect(void);
933
934 /* --- @a_daemon@ --- *
935 *
936 * Arguments: ---
937 *
938 * Returns: ---
939 *
940 * Use: Informs the admin module that it's a daemon.
941 */
942
943 extern void a_daemon(void);
944
945 /* --- @a_init@ --- *
946 *
947 * Arguments: @const char *sock@ = socket name to create
948 * @uid_t u@ = user to own the socket
949 * @gid_t g@ = group to own the socket
950 * @mode_t m@ = permissions to set on the socket
951 *
952 * Returns: ---
953 *
954 * Use: Creates the admin listening socket.
955 */
956
957 extern void a_init(const char */*sock*/,
958 uid_t /*u*/, gid_t /*g*/, mode_t /*m*/);
959
960 /*----- Mapping with addresses as keys ------------------------------------*/
961
962 /* --- @am_create@ --- *
963 *
964 * Arguments: @addrmap *m@ = pointer to map
965 *
966 * Returns: ---
967 *
968 * Use: Create an address map, properly set up.
969 */
970
971 extern void am_create(addrmap */*m*/);
972
973 /* --- @am_destroy@ --- *
974 *
975 * Arguments: @addrmap *m@ = pointer to map
976 *
977 * Returns: ---
978 *
979 * Use: Destroy an address map, throwing away all the entries.
980 */
981
982 extern void am_destroy(addrmap */*m*/);
983
984 /* --- @am_find@ --- *
985 *
986 * Arguments: @addrmap *m@ = pointer to map
987 * @const addr *a@ = address to look up
988 * @size_t sz@ = size of block to allocate
989 * @unsigned *f@ = where to store flags
990 *
991 * Returns: Pointer to found item, or null.
992 *
993 * Use: Finds a record with the given IP address, set @*f@ nonzero
994 * and returns it. If @sz@ is zero, and no match was found,
995 * return null; otherwise allocate a new block of @sz@ bytes,
996 * clear @*f@ to zero and return the block pointer.
997 */
998
999 extern void *am_find(addrmap */*m*/, const addr */*a*/,
1000 size_t /*sz*/, unsigned */*f*/);
1001
1002 /* --- @am_remove@ --- *
1003 *
1004 * Arguments: @addrmap *m@ = pointer to map
1005 * @void *i@ = pointer to the item
1006 *
1007 * Returns: ---
1008 *
1009 * Use: Removes an item from the map.
1010 */
1011
1012 extern void am_remove(addrmap */*m*/, void */*i*/);
1013
1014 /*----- Privilege separation ----------------------------------------------*/
1015
1016 /* --- @ps_trace@ --- *
1017 *
1018 * Arguments: @unsigned mask@ = trace mask to check
1019 * @const char *fmt@ = message format
1020 * @...@ = values for placeholders
1021 *
1022 * Returns: ---
1023 *
1024 * Use: Writes a trace message.
1025 */
1026
1027 T( extern void ps_trace(unsigned /*mask*/, const char */*fmt*/, ...); )
1028
1029 /* --- @ps_warn@ --- *
1030 *
1031 * Arguments: @const char *fmt@ = message format
1032 * @...@ = values for placeholders
1033 *
1034 * Returns: ---
1035 *
1036 * Use: Writes a warning message.
1037 */
1038
1039 extern void ps_warn(const char */*fmt*/, ...);
1040
1041 /* --- @ps_tunfd@ --- *
1042 *
1043 * Arguments: @const tunnel_ops *tops@ = pointer to tunnel operations
1044 * @char **ifn@ = where to put the interface name
1045 *
1046 * Returns: The file descriptor, or @-1@ on error.
1047 *
1048 * Use: Fetches a file descriptor for a tunnel driver.
1049 */
1050
1051 extern int ps_tunfd(const tunnel_ops */*tops*/, char **/*ifn*/);
1052
1053 /* --- @ps_split@ --- *
1054 *
1055 * Arguments: @int detachp@ = whether to detach the child from its terminal
1056 *
1057 * Returns: ---
1058 *
1059 * Use: Separates off the privileged tunnel-opening service from the
1060 * rest of the server.
1061 */
1062
1063 extern void ps_split(int /*detachp*/);
1064
1065 /* --- @ps_quit@ --- *
1066 *
1067 * Arguments: ---
1068 *
1069 * Returns: ---
1070 *
1071 * Use: Detaches from the helper process.
1072 */
1073
1074 extern void ps_quit(void);
1075
1076 /*----- Peer management ---------------------------------------------------*/
1077
1078 /* --- @p_txstart@ --- *
1079 *
1080 * Arguments: @peer *p@ = pointer to peer block
1081 * @unsigned msg@ = message type code
1082 *
1083 * Returns: A pointer to a buffer to write to.
1084 *
1085 * Use: Starts sending to a peer. Only one send can happen at a
1086 * time.
1087 */
1088
1089 extern buf *p_txstart(peer */*p*/, unsigned /*msg*/);
1090
1091 /* --- @p_txend@ --- *
1092 *
1093 * Arguments: @peer *p@ = pointer to peer block
1094 *
1095 * Returns: ---
1096 *
1097 * Use: Sends a packet to the peer.
1098 */
1099
1100 extern void p_txend(peer */*p*/);
1101
1102 /* --- @p_pingsend@ --- *
1103 *
1104 * Arguments: @peer *p@ = destination peer
1105 * @ping *pg@ = structure to fill in
1106 * @unsigned type@ = message type
1107 * @unsigned long timeout@ = how long to wait before giving up
1108 * @void (*func)(int, void *)@ = callback function
1109 * @void *arg@ = argument for callback
1110 *
1111 * Returns: Zero if successful, nonzero if it failed.
1112 *
1113 * Use: Sends a ping to a peer. Call @func@ with a nonzero argument
1114 * if we get an answer within the timeout, or zero if no answer.
1115 */
1116
1117 extern int p_pingsend(peer */*p*/, ping */*pg*/, unsigned /*type*/,
1118 unsigned long /*timeout*/,
1119 void (*/*func*/)(int, void *), void */*arg*/);
1120
1121 /* --- @p_pingdone@ --- *
1122 *
1123 * Arguments: @ping *p@ = ping structure
1124 * @int rc@ = return code to pass on
1125 *
1126 * Returns: ---
1127 *
1128 * Use: Disposes of a ping structure, maybe sending a notification.
1129 */
1130
1131 extern void p_pingdone(ping */*p*/, int /*rc*/);
1132
1133 /* --- @p_greet@ --- *
1134 *
1135 * Arguments: @peer *p@ = peer to send to
1136 * @const void *c@ = pointer to challenge
1137 * @size_t sz@ = size of challenge
1138 *
1139 * Returns: ---
1140 *
1141 * Use: Sends a greeting packet.
1142 */
1143
1144 extern void p_greet(peer */*p*/, const void */*c*/, size_t /*sz*/);
1145
1146 /* --- @p_tun@ --- *
1147 *
1148 * Arguments: @peer *p@ = pointer to peer block
1149 * @buf *b@ = buffer containing incoming packet
1150 *
1151 * Returns: ---
1152 *
1153 * Use: Handles a packet which needs to be sent to a peer.
1154 */
1155
1156 extern void p_tun(peer */*p*/, buf */*b*/);
1157
1158 /* --- @p_keyreload@ --- *
1159 *
1160 * Arguments: ---
1161 *
1162 * Returns: ---
1163 *
1164 * Use: Forces a check of the daemon's keyring files.
1165 */
1166
1167 extern void p_keyreload(void);
1168
1169 /* --- @p_interval@ --- *
1170 *
1171 * Arguments: ---
1172 *
1173 * Returns: ---
1174 *
1175 * Use: Called periodically to do tidying.
1176 */
1177
1178 extern void p_interval(void);
1179
1180 /* --- @p_stats@ --- *
1181 *
1182 * Arguments: @peer *p@ = pointer to a peer block
1183 *
1184 * Returns: A pointer to the peer's statistics.
1185 */
1186
1187 extern stats *p_stats(peer */*p*/);
1188
1189 /* --- @p_ifname@ --- *
1190 *
1191 * Arguments: @peer *p@ = pointer to a peer block
1192 *
1193 * Returns: A pointer to the peer's interface name.
1194 */
1195
1196 extern const char *p_ifname(peer */*p*/);
1197
1198 /* --- @p_setifname@ --- *
1199 *
1200 * Arguments: @peer *p@ = pointer to a peer block
1201 * @const char *name@ = pointer to the new name
1202 *
1203 * Returns: ---
1204 *
1205 * Use: Changes the name held for a peer's interface.
1206 */
1207
1208 extern void p_setifname(peer */*p*/, const char */*name*/);
1209
1210 /* --- @p_addr@ --- *
1211 *
1212 * Arguments: @peer *p@ = pointer to a peer block
1213 *
1214 * Returns: A pointer to the peer's address.
1215 */
1216
1217 extern const addr *p_addr(peer */*p*/);
1218
1219 /* --- @p_init@ --- *
1220 *
1221 * Arguments: @struct in_addr addr@ = address to bind to
1222 * @unsigned port@ = port number to listen to
1223 *
1224 * Returns: ---
1225 *
1226 * Use: Initializes the peer system; creates the socket.
1227 */
1228
1229 extern void p_init(struct in_addr /*addr*/, unsigned /*port*/);
1230
1231 /* --- @p_port@ --- *
1232 *
1233 * Arguments: ---
1234 *
1235 * Returns: Port number used for socket.
1236 */
1237
1238 unsigned p_port(void);
1239
1240 /* --- @p_create@ --- *
1241 *
1242 * Arguments: @peerspec *spec@ = information about this peer
1243 *
1244 * Returns: Pointer to the peer block, or null if it failed.
1245 *
1246 * Use: Creates a new named peer block. No peer is actually attached
1247 * by this point.
1248 */
1249
1250 extern peer *p_create(peerspec */*spec*/);
1251
1252 /* --- @p_name@ --- *
1253 *
1254 * Arguments: @peer *p@ = pointer to a peer block
1255 *
1256 * Returns: A pointer to the peer's name.
1257 *
1258 * Use: Equivalent to @p_spec(p)->name@.
1259 */
1260
1261 extern const char *p_name(peer */*p*/);
1262
1263 /* --- @p_tag@ --- *
1264 *
1265 * Arguments: @peer *p@ = pointer to a peer block
1266 *
1267 * Returns: A pointer to the peer's public key tag.
1268 */
1269
1270 extern const char *p_tag(peer */*p*/);
1271
1272 /* --- @p_spec@ --- *
1273 *
1274 * Arguments: @peer *p@ = pointer to a peer block
1275 *
1276 * Returns: Pointer to the peer's specification
1277 */
1278
1279 extern const peerspec *p_spec(peer */*p*/);
1280
1281 /* --- @p_findbyaddr@ --- *
1282 *
1283 * Arguments: @const addr *a@ = address to look up
1284 *
1285 * Returns: Pointer to the peer block, or null if not found.
1286 *
1287 * Use: Finds a peer by address.
1288 */
1289
1290 extern peer *p_findbyaddr(const addr */*a*/);
1291
1292 /* --- @p_find@ --- *
1293 *
1294 * Arguments: @const char *name@ = name to look up
1295 *
1296 * Returns: Pointer to the peer block, or null if not found.
1297 *
1298 * Use: Finds a peer by name.
1299 */
1300
1301 extern peer *p_find(const char */*name*/);
1302
1303 /* --- @p_destroy@ --- *
1304 *
1305 * Arguments: @peer *p@ = pointer to a peer
1306 *
1307 * Returns: ---
1308 *
1309 * Use: Destroys a peer.
1310 */
1311
1312 extern void p_destroy(peer */*p*/);
1313
1314 /* --- @FOREACH_PEER@ --- *
1315 *
1316 * Arguments: @p@ = name to bind to each peer
1317 * @stuff@ = thing to do for each item
1318 *
1319 * Use: Does something for each current peer.
1320 */
1321
1322 #define FOREACH_PEER(p, stuff) do { \
1323 peer_iter i_; \
1324 peer *p; \
1325 for (p_mkiter(&i_); (p = p_next(&i_)) != 0; ) stuff \
1326 } while (0)
1327
1328 /* --- @p_mkiter@ --- *
1329 *
1330 * Arguments: @peer_iter *i@ = pointer to an iterator
1331 *
1332 * Returns: ---
1333 *
1334 * Use: Initializes the iterator.
1335 */
1336
1337 extern void p_mkiter(peer_iter */*i*/);
1338
1339 /* --- @p_next@ --- *
1340 *
1341 * Arguments: @peer_iter *i@ = pointer to an iterator
1342 *
1343 * Returns: Next peer, or null if at the end.
1344 *
1345 * Use: Returns the next peer.
1346 */
1347
1348 extern peer *p_next(peer_iter */*i*/);
1349
1350 /*----- Tunnel drivers ----------------------------------------------------*/
1351
1352 #ifdef TUN_LINUX
1353 extern const tunnel_ops tun_linux;
1354 #endif
1355
1356 #ifdef TUN_UNET
1357 extern const tunnel_ops tun_unet;
1358 #endif
1359
1360 #ifdef TUN_BSD
1361 extern const tunnel_ops tun_bsd;
1362 #endif
1363
1364 extern const tunnel_ops tun_slip;
1365
1366 /*----- Other handy utilities ---------------------------------------------*/
1367
1368 /* --- @mpstr@ --- *
1369 *
1370 * Arguments: @mp *m@ = a multiprecision integer
1371 *
1372 * Returns: A pointer to the integer's textual representation.
1373 *
1374 * Use: Converts a multiprecision integer to a string. Corrupts
1375 * @buf_u@.
1376 */
1377
1378 extern const char *mpstr(mp */*m*/);
1379
1380 /* --- @gestr@ --- *
1381 *
1382 * Arguments: @group *g@ = a group
1383 * @ge *x@ = a group element
1384 *
1385 * Returns: A pointer to the element's textual representation.
1386 *
1387 * Use: Converts a group element to a string. Corrupts
1388 * @buf_u@.
1389 */
1390
1391 extern const char *gestr(group */*g*/, ge */*x*/);
1392
1393 /* --- @timestr@ --- *
1394 *
1395 * Arguments: @time_t t@ = a time to convert
1396 *
1397 * Returns: A pointer to a textual representation of the time.
1398 *
1399 * Use: Converts a time to a textual representation. Corrupts
1400 * @buf_u@.
1401 */
1402
1403 extern const char *timestr(time_t /*t*/);
1404
1405 /* --- @mystrieq@ --- *
1406 *
1407 * Arguments: @const char *x, *y@ = two strings
1408 *
1409 * Returns: True if @x@ and @y are equal, up to case.
1410 */
1411
1412 extern int mystrieq(const char */*x*/, const char */*y*/);
1413
1414 /* --- @seq_reset@ --- *
1415 *
1416 * Arguments: @seqwin *s@ = sequence-checking window
1417 *
1418 * Returns: ---
1419 *
1420 * Use: Resets a sequence number window.
1421 */
1422
1423 extern void seq_reset(seqwin */*s*/);
1424
1425 /* --- @seq_check@ --- *
1426 *
1427 * Arguments: @seqwin *s@ = sequence-checking window
1428 * @uint32 q@ = sequence number to check
1429 * @const char *service@ = service to report message from
1430 *
1431 * Returns: A @SEQ_@ code.
1432 *
1433 * Use: Checks a sequence number against the window, updating things
1434 * as necessary.
1435 */
1436
1437 extern int seq_check(seqwin */*s*/, uint32 /*q*/, const char */*service*/);
1438
1439 /*----- That's all, folks -------------------------------------------------*/
1440
1441 #ifdef __cplusplus
1442 }
1443 #endif
1444
1445 #endif
Trivial IP Encryption: a simple VPN