typedef struct keyset keyset;
typedef struct algswitch algswitch;
+typedef struct admin admin;
-typedef struct bulkcrypto {
+typedef struct bulkalgs {
+ const struct bulkops *ops;
+} bulkalgs;
+
+typedef struct bulkctx {
+ const struct bulkops *ops;
+} bulkctx;
+
+typedef struct bulkchal {
+ const struct bulkops *ops;
+ size_t tagsz;
+} bulkchal;
+
+struct rawkey;
+
+typedef struct bulkops {
const char *name;
- unsigned prim;
- int (*check)(const algswitch */*a*/, dstr */*e*/);
- size_t (*overhead)(const algswitch */*a*/);
- int (*encrypt)(keyset */*ks*/, unsigned /*ty*/, buf */*b*/, buf */*bb*/);
- int (*decrypt)(keyset */*ks*/, unsigned /*ty*/,
+
+ bulkalgs *(*getalgs)(const algswitch */*asw*/, dstr */*e*/,
+ key_file */*kf*/, key */*k*/);
+ /* Determine algorithms to use and return a @bulkalgs@ object
+ * representing the decision. On error, write tokens to @e@ and
+ * return null.
+ */
+
+ T( void (*tracealgs)(const bulkalgs */*a*/); )
+ /* Write trace information about the algorithm selection. */
+
+ int (*checkalgs)(bulkalgs */*a*/, const algswitch */*asw*/, dstr */*e*/);
+ /* Check that the algorithms in @a@ and @asw@ are acceptable. On
+ * error, write tokens to @e@ and return @-1@; otherwise return zero.
+ */
+
+ int (*samealgsp)(const bulkalgs */*a*/, const bulkalgs */*aa*/);
+ /* If @a@ and @aa@ represent the same algorithm selection, return
+ * nonzero; if not, return zero.
+ */
+
+ void (*alginfo)(const bulkalgs */*a*/, admin */*adm*/);
+ /* Report on the algorithm selection to an admin client: call
+ * @a_info@ with appropriate key-value pairs.
+ */
+
+ size_t (*overhead)(const bulkalgs */*a*/);
+ /* Return the per-packet overhead of the bulk transform, in bytes. */
+
+ size_t (*expsz)(const bulkalgs */*a*/);
+ /* Return the total size limit for the bulk transform, in bytes,
+ * after which the keys must no longer be used.
+ */
+
+ bulkctx *(*genkeys)(const bulkalgs */*a*/, const struct rawkey */*rk*/);
+ /* Generate session keys and construct and return an appropriate
+ * context for using them, by calling @ks_derive@.
+ */
+
+ bulkchal *(*genchal)(const bulkalgs */*a*/);
+ /* Construct and return a challenge issuing and verification
+ * context with a fresh random key.
+ */
+
+ void (*freealgs)(bulkalgs */*a*/);
+ /* Release an algorithm selection object. (Associated bulk
+ * encryption contexts and challenge contexts may still exist and
+ * must remain valid.)
+ */
+
+ int (*encrypt)(bulkctx */*bc*/, unsigned /*ty*/,
+ buf */*b*/, buf */*bb*/, uint32 /*seq*/);
+ /* Encrypt the packet in @b@, with type @ty@ (which doesn't need
+ * encoding separately) and sequence number @seq@ (which must be
+ * recoverable by @decrypt@), and write the result to @bb@. On
+ * error, return a @KSERR_...@ code and/or break the output buffer.
+ */
+
+ int (*decrypt)(bulkctx */*bc*/, unsigned /*ty*/,
buf */*b*/, buf */*bb*/, uint32 */*seq*/);
-} bulkcrypto;
+ /* Decrypt the packet in @b@, with type @ty@, writing the result to
+ * @bb@ and storing the incoming (claimed) sequence number in @seq@.
+ * On error, return a @KSERR_...@ code.
+ */
+
+ void (*freectx)(bulkctx */*a*/);
+ /* Release a bulk encryption context and the resources it holds. */
+
+ int (*chaltag)(bulkchal */*bc*/, const void */*m*/, size_t /*msz*/,
+ void */*t*/);
+ /* Calculate a tag for the challenge in @m@, @msz@, and write it to
+ * @t@. Return @-1@ on error, zero on success.
+ */
-#define BCP_CIPHER 1
-#define BCP_MAC 2
+ int (*chalvrf)(bulkchal */*bc*/, const void */*m*/, size_t /*msz*/,
+ const void */*t*/);
+ /* Check the tag @t@ on @m@, @msz@: return zero if the tag is OK,
+ * nonzero if it's bad.
+ */
+
+ void (*freechal)(bulkchal */*bc*/);
+ /* Release a challenge context and the resources it holds. */
+
+} bulkops;
struct algswitch {
- const gchash *h; /* Hash function */
+ const gchash *h; size_t hashsz; /* Hash function */
const gccipher *mgf; /* Mask-generation function */
- const struct bulkcrypto *bulk; /* Bulk crypto transformation */
- const gccipher *c; /* Symmetric encryption scheme */
- const gcmac *m; /* Message authentication code */
- size_t hashsz; /* Hash output size */
- size_t tagsz; /* Length to truncate MAC tags */
- size_t expsz; /* Size of data to process */
- size_t cksz, mksz; /* Key lengths for @c@ and @m@ */
+ bulkalgs *bulk; /* Bulk crypto algorithms */
};
typedef struct kdata {
#define HASH_STRING(h, s) GH_HASH((h), (s), sizeof(s))
-extern const struct bulkcrypto bulktab[];
+extern const bulkops bulktab[];
/*----- Data structures ---------------------------------------------------*/
* expiry.
*/
+enum { DIR_IN, DIR_OUT, NDIR };
+
struct keyset {
struct keyset *next; /* Next active keyset in the list */
unsigned ref; /* Reference count for keyset */
unsigned long sz_exp, sz_regen; /* Data limits for the keyset */
T( unsigned seq; ) /* Sequence number for tracing */
unsigned f; /* Various useful flags */
- const bulkcrypto *bulk; /* Bulk crypto transform */
- size_t tagsz; /* Length to truncate MAC tags */
- struct ksdir {
- gcipher *c; /* Keyset cipher for encryption */
- gmac *m; /* Keyset MAC for integrity */
- } in, out;
+ bulkctx *bulk; /* Bulk crypto transform */
uint32 oseq; /* Outbound sequence number */
seqwin iseq; /* Inbound sequence number */
};
admin_jobentry *v; /* And the big array of entries */
} admin_jobtable;
-typedef struct admin {
+struct admin {
struct admin *next, *prev; /* Links to next and previous */
unsigned f; /* Various useful flags */
unsigned ref; /* Reference counter */
admin_jobtable j; /* Table of outstanding jobs */
selbuf b; /* Line buffer for commands */
sel_file w; /* Selector for write buffering */
-} admin;
+};
#define AF_DEAD 1u /* Destroy this admin block */
#define AF_CLOSE 2u /* Client closed connection */
/*----- Other macros ------------------------------------------------------*/
-#define TIMER noise_timer(RAND_GLOBAL)
+#define QUICKRAND \
+ do { rand_quick(RAND_GLOBAL); noise_timer(RAND_GLOBAL); } while (0)
/*----- Key management ----------------------------------------------------*/
extern void ks_drop(keyset */*ks*/);
+/* --- @ks_derivekey@ --- *
+ *
+ * Arguments: @octet *k@ = pointer to an output buffer of at least
+ * @MAXHASHSZ@ bytes
+ * @size_t ksz@ = actual size wanted (for tracing)
+ * @const struct rawkey *rk@ = a raw key, as passed into
+ * @genkeys@
+ * @int dir@ = direction for the key (@DIR_IN@ or @DIR_OUT@)
+ * @const char *what@ = label for the key (input to derivation)
+ *
+ * Returns: ---
+ *
+ * Use: Derives a session key, for use on incoming or outgoing data.
+ * This function is part of a private protocol between @ks_gen@
+ * and the bulk crypto transform @genkeys@ operation.
+ */
+
+extern void ks_derivekey(octet */*k*/, size_t /*ksz*/,
+ const struct rawkey */*rk*/,
+ int /*dir*/, const char */*what*/);
+
/* --- @ks_gen@ --- *
*
* Arguments: @const void *k@ = pointer to key material
*
* Arguments: @dstr *d@ = where to leave the formatted message
* @const char *fmt@ = pointer to format string
- * @va_list ap@ = arguments in list
+ * @va_list *ap@ = arguments in list
*
* Returns: ---
*
* * "[!]..." ... -- @dstr_putf@-like string as single token
*/
-extern void a_vformat(dstr */*d*/, const char */*fmt*/, va_list /*ap*/);
+extern void a_vformat(dstr */*d*/, const char */*fmt*/, va_list */*ap*/);
/* --- @a_format@ --- *
*
extern void EXECL_LIKE(0) a_format(dstr */*d*/, const char */*fmt*/, ...);
+/* --- @a_info@ --- *
+ *
+ * Arguments: @admin *a@ = connection
+ * @const char *fmt@ = format string
+ * @...@ = other arguments
+ *
+ * Returns: ---
+ *
+ * Use: Report information to an admin client.
+ */
+
+extern void EXECL_LIKE(0) a_info(admin */*a*/, const char */*fmt*/, ...);
+
/* --- @a_warn@ --- *
*
* Arguments: @const char *fmt@ = pointer to format string