struct kdata {
unsigned ref; /* Reference counter */
struct knode *kn; /* Pointer to cache entry */
+ uint32 id; /* The underlying key's id */
char *tag; /* Full tag name of the key */
dhgrp *grp; /* The group we work in */
dhsc *k; /* The private key (or null) */
extern kdata *km_findpub(const char */*tag*/);
extern kdata *km_findpriv(const char */*tag*/);
+/* --- @km_findpubbyid@, @km_findprivbyid@ --- *
+ *
+ * Arguments: @uint32 id@ = key id to load
+ *
+ * Returns: Pointer to the kdata object if successful, or null on error.
+ *
+ * Use: Fetches a public or private key from the keyring given its
+ * numeric id.
+ */
+
+extern kdata *km_findpubbyid(uint32 /*id*/);
+extern kdata *km_findprivbyid(uint32 /*id*/);
+
/* --- @km_samealgsp@ --- *
*
* Arguments: @const kdata *kdx, *kdy@ = two key data objects
extern void kx_newkeys(keyexch */*kx*/);
-/* --- @kx_init@ --- *
+/* --- @kx_setup@ --- *
*
* Arguments: @keyexch *kx@ = pointer to key exchange context
* @peer *p@ = pointer to peer context
* exchange.
*/
-extern int kx_init(keyexch */*kx*/, peer */*p*/,
- keyset **/*ks*/, unsigned /*f*/);
+extern int kx_setup(keyexch */*kx*/, peer */*p*/,
+ keyset **/*ks*/, unsigned /*f*/);
/*----- Keysets and symmetric cryptography --------------------------------*/
extern int seq_check(seqwin */*s*/, uint32 /*q*/, const char */*service*/);
+typedef struct ratelim {
+ unsigned n, max, persec;
+ struct timeval when;
+} ratelim;
+
+/* --- @ratelim_init@ --- *
+ *
+ * Arguments: @ratelim *r@ = rate-limiting state to fill in
+ * @unsigned persec@ = credit to accumulate per second
+ * @unsigned max@ = maximum credit to retain
+ *
+ * Returns: ---
+ *
+ * Use: Initialize a rate-limiting state.
+ */
+
+extern void ratelim_init(ratelim */*r*/,
+ unsigned /*persec*/, unsigned /*max*/);
+
+/* --- @ratelim_withdraw@ --- *
+ *
+ * Arguments: @ratelim *r@ = rate-limiting state
+ * @unsigned n@ = credit to withdraw
+ *
+ * Returns: Zero if successful; @-1@ if there is unsufficient credit
+ *
+ * Use: Updates the state with any accumulated credit. Then, if
+ * there there are more than @n@ credits available, withdraw @n@
+ * and return successfully; otherwise, report failure.
+ */
+
+extern int ratelim_withdraw(ratelim */*r*/, unsigned /*n*/);
+
+/* --- @ies_encrypt@ --- *
+ *
+ * Arguments: @kdata *kpub@ = recipient's public key
+ * @unsigned ty@ = message type octet
+ * @buf *b@ = input message buffer
+ * @buf *bb@ = output buffer for the ciphertext
+ *
+ * Returns: On error, returns a @KSERR_...@ code or breaks the buffer;
+ * on success, returns zero and the buffer is good.
+ *
+ * Use: Encrypts a message for a recipient, given their public key.
+ * This does not (by itself) provide forward secrecy or sender
+ * authenticity. The ciphertext is self-delimiting (unlike
+ * @ks_encrypt@).
+ */
+
+extern int ies_encrypt(kdata */*kpub*/, unsigned /*ty*/,
+ buf */*b*/, buf */*bb*/);
+
+/* --- @ies_decrypt@ --- *
+ *
+ * Arguments: @kdata *kpub@ = private key key
+ * @unsigned ty@ = message type octet
+ * @buf *b@ = input ciphertext buffer
+ * @buf *bb@ = output buffer for the message
+ *
+ * Returns: On error, returns a @KSERR_...@ code; on success, returns
+ * zero and the buffer is good.
+ *
+ * Use: Decrypts a message encrypted using @ies_encrypt@, given our
+ * private key.
+ */
+
+extern int ies_decrypt(kdata */*kpriv*/, unsigned /*ty*/,
+ buf */*b*/, buf */*bb*/);
+
/*----- That's all, folks -------------------------------------------------*/
#ifdef __cplusplus
~mdw / tripe / blobdiff