/* -*-c-*-
*
- * $Id$
- *
* Main header file for TrIPE
*
* (c) 2001 Straylight/Edgeware
*/
-/*----- Licensing notice --------------------------------------------------*
+/*----- Licensing notice --------------------------------------------------*
*
* This file is part of Trivial IP Encryption (TrIPE).
*
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
- *
+ *
* TrIPE is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with TrIPE; if not, write to the Free Software Foundation,
* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#include <unistd.h>
#include <fcntl.h>
#include <sys/stat.h>
+#include <sys/wait.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <mLib/arena.h>
#include <mLib/base64.h>
#include <mLib/bres.h>
+#include <mLib/daemonize.h>
#include <mLib/dstr.h>
#include <mLib/env.h>
#include <mLib/fdflags.h>
+#include <mLib/fdpass.h>
#include <mLib/fwatch.h>
+#include <mLib/hash.h>
+#include <mLib/macros.h>
+#include <mLib/mdup.h>
#include <mLib/mdwopt.h>
#include <mLib/quis.h>
#include <mLib/report.h>
#include <mLib/sub.h>
#include <mLib/trace.h>
#include <mLib/tv.h>
+#include <mLib/versioncmp.h>
#include <catacomb/buf.h>
#include <catacomb/ec-keys.h>
#include <catacomb/group.h>
+#include "priv.h"
#include "protocol.h"
+#include "slip.h"
#include "util.h"
#undef sun
#define T_KEYEXCH 64u
#define T_KEYMGMT 128u
#define T_CHAL 256u
+/* T_PRIVSEP in priv.h */
-#define T_ALL 511u
+#define T_ALL 1023u
/* --- Units --- */
const gcmac *m; /* Message authentication code */
size_t hashsz; /* Hash output size */
size_t tagsz; /* Length to truncate MAC tags */
+ size_t expsz; /* Size of data to process */
size_t cksz, mksz; /* Key lengths for @c@ and @m@ */
} algswitch;
struct sockaddr_in sin;
} addr;
+/* --- Mapping keyed on addresses --- */
+
+typedef struct addrmap {
+ hash_table t;
+ size_t load;
+} addrmap;
+
+typedef struct addrmap_base {
+ hash_base b;
+ addr a;
+} addrmap_base;
+
/* --- Sequence number checking --- */
typedef struct seqwin {
unsigned ref; /* Reference count for keyset */
struct peer *p; /* Pointer to peer structure */
time_t t_exp; /* Expiry time for this keyset */
- unsigned long sz_exp; /* Data limit for the keyset */
+ unsigned long sz_exp, sz_regen; /* Data limits for the keyset */
T( unsigned seq; ) /* Sequence number for tracing */
unsigned f; /* Various useful flags */
- gcipher *cin, *cout; /* Keyset ciphers for encryption */
+ gcipher *cin, *cout; /* Keyset ciphers for encryption */
size_t tagsz; /* Length to truncate MAC tags */
- gmac *min, *mout; /* Keyset MACs for integrity */
+ gmac *min, *mout; /* Keyset MACs for integrity */
uint32 oseq; /* Outbound sequence number */
seqwin iseq; /* Inbound sequence number */
} keyset;
#define KSF_LISTEN 1u /* Don't encrypt packets yet */
#define KSF_LINK 2u /* Key is in a linked list */
+#define KSERR_REGEN -1 /* Regenerate keys */
+#define KSERR_NOKEYS -2 /* No keys left */
+#define KSERR_DECRYPT -3 /* Unable to decrypt message */
+
/* --- Key exchange --- *
*
* TrIPE uses the Wrestlers Protocol for its key exchange. The Wrestlers
#define KXF_TIMER 1u /* Waiting for a timer to go off */
#define KXF_DEAD 2u /* The key-exchanger isn't up */
#define KXF_PUBKEY 4u /* Key exchanger has a public key */
+#define KXF_CORK 8u /* Don't send anything yet */
enum {
KXS_DEAD, /* Uninitialized state (magical) */
typedef struct tunnel_ops {
const char *name; /* Name of this tunnel driver */
+ unsigned flags; /* Various interesting flags */
+#define TUNF_PRIVOPEN 1u /* Need helper to open file */
void (*init)(void); /* Initializes the system */
- tunnel *(*create)(struct peer */*p*/); /* Initializes a new tunnel */
- const char *(*ifname)(tunnel */*t*/); /* Returns tunnel's interface name */
+ tunnel *(*create)(struct peer */*p*/, int /*fd*/, char **/*ifn*/);
+ /* Initializes a new tunnel */
+ void (*setifname)(tunnel */*t*/, const char */*ifn*/);
+ /* Notifies ifname change */
void (*inject)(tunnel */*t*/, buf */*b*/); /* Sends packet through if */
void (*destroy)(tunnel */*t*/); /* Destroys a tunnel */
} tunnel_ops;
typedef struct peerspec {
char *name; /* Peer's name */
+ char *tag; /* Public key tag */
const tunnel_ops *tops; /* Tunnel operations */
unsigned long t_ka; /* Keep alive interval */
addr sa; /* Socket address to speak to */
size_t sasz; /* Socket address size */
+ unsigned kxf; /* Key exchange flags to set */
} peerspec;
+typedef struct peer_byname {
+ sym_base _b;
+ struct peer *p;
+} peer_byname;
+
+typedef struct peer_byaddr {
+ addrmap_base _b;
+ struct peer *p;
+} peer_byaddr;
+
typedef struct peer {
- struct peer *next, *prev; /* Links to next and previous */
+ peer_byname *byname; /* Lookup-by-name block */
+ peer_byaddr *byaddr; /* Lookup-by-address block */
struct ping *pings; /* Pings we're waiting for */
peerspec spec; /* Specifications for this peer */
tunnel *t; /* Tunnel for local packets */
sel_timer tka; /* Timer for keepalives */
} peer;
+typedef struct peer_iter { sym_iter i; } peer_iter;
+
typedef struct ping {
struct ping *next, *prev; /* Links to next and previous */
peer *p; /* Peer so we can free it */
peerspec peer; /* Peer pending creation */
} admin_addop;
-typedef struct admin_greetop {
- admin_resop r; /* Name resolution header */
- void *c; /* Challenge block */
- size_t sz; /* Length of challenge */
-} admin_greetop;
-
typedef struct admin_pingop {
admin_bgop bg; /* Background operation header */
ping ping; /* Ping pending response */
struct timeval pingtime; /* Time last ping was sent */
-} admin_pingop;
+} admin_pingop;
+
+typedef struct admin_service {
+ sym_base _b; /* Hash table base structure */
+ char *version; /* The provided version */
+ struct admin *prov; /* Which client provides me */
+ struct admin_service *next, *prev; /* Client's list of services */
+} admin_service;
+
+typedef struct admin_svcop {
+ admin_bgop bg; /* Background operation header */
+ struct admin *prov; /* Client servicing this job */
+ unsigned index; /* This job's index */
+ struct admin_svcop *next, *prev; /* Links for provider's jobs */
+} admin_svcop;
+
+typedef struct admin_jobentry {
+ unsigned short seq; /* Zero if unused */
+ union {
+ admin_svcop *op; /* Operation, if slot in use, ... */
+ uint32 next; /* ... or index of next free slot */
+ } u;
+} admin_jobentry;
+
+typedef struct admin_jobtable {
+ uint32 n, sz; /* Used slots and table size */
+ admin_svcop *active; /* List of active jobs */
+ uint32 free; /* Index of first free slot */
+ admin_jobentry *v; /* And the big array of entries */
+} admin_jobtable;
typedef struct admin {
struct admin *next, *prev; /* Links to next and previous */
oqueue out; /* Output buffer list */
oqueue delay; /* Delayed output buffer list */
admin_bgop *bg; /* Backgrounded operations */
+ admin_service *svcs; /* Which services I provide */
+ admin_jobtable j; /* Table of outstanding jobs */
selbuf b; /* Line buffer for commands */
sel_file w; /* Selector for write buffering */
} admin;
#ifndef NTRACE
#define AF_TRACE 16u /* Catch tracing */
#endif
+#define AF_FOREGROUND 32u /* Quit server when client closes */
#ifndef NTRACE
# define AF_ALLMSGS (AF_NOTE | AF_TRACE | AF_WARN)
extern size_t indexsz; /* Size of exponent for the group */
extern mp *kpriv; /* Our private key */
extern ge *kpub; /* Our public key */
-extern octet buf_i[PKBUFSZ], buf_o[PKBUFSZ], buf_t[PKBUFSZ];
+extern octet buf_i[PKBUFSZ], buf_o[PKBUFSZ], buf_t[PKBUFSZ], buf_u[PKBUFSZ];
extern const tunnel_ops *tunnels[]; /* Table of tunnels (0-term) */
extern const tunnel_ops *tun_default; /* Default tunnel to use */
* Arguments: @keyexch *kx@ = pointer to key exchange context
* @peer *p@ = pointer to peer context
* @keyset **ks@ = pointer to keyset list
+ * @unsigned f@ = various useful flags
*
* Returns: Zero if OK, nonzero if it failed.
*
* exchange.
*/
-extern int kx_init(keyexch */*kx*/, peer */*p*/, keyset **/*ks*/);
+extern int kx_init(keyexch */*kx*/, peer */*p*/,
+ keyset **/*ks*/, unsigned /*f*/);
/*----- Keysets and symmetric cryptography --------------------------------*/
* @buf *b@ = pointer to input buffer
* @buf *bb@ = pointer to output buffer
*
- * Returns: Zero if OK, nonzero if the key needs replacing. If the
- * encryption failed, the output buffer is broken and zero is
- * returned.
+ * Returns: Zero if successful; @KSERR_REGEN@ if we should negotiate a
+ * new key; @KSERR_NOKEYS@ if the key is not usable. Also
+ * returns zero if there was insufficient buffer (but the output
+ * buffer is broken in this case).
*
* Use: Encrypts a block of data using the key. Note that the `key
* ought to be replaced' notification is only ever given once
* @buf *b@ = pointer to an input buffer
* @buf *bb@ = pointer to an output buffer
*
- * Returns: Zero on success, or nonzero if there was some problem.
+ * Returns: Zero on success; @KSERR_DECRYPT@ on failure. Also returns
+ * zero if there was insufficient buffer (but the output buffer
+ * is broken in this case).
*
* Use: Attempts to decrypt a message using a given key. Note that
* requesting decryption with a key directly won't clear a
* @buf *b@ = pointer to input buffer
* @buf *bb@ = pointer to output buffer
*
- * Returns: Nonzero if a new key is needed.
+ * Returns: Zero if successful; @KSERR_REGEN@ if it's time to negotiate a
+ * new key; @KSERR_NOKEYS@ if there are no suitable keys
+ * available. Also returns zero if there was insufficient
+ * buffer space (but the output buffer is broken in this case).
*
* Use: Encrypts a packet.
*/
* @buf *b@ = pointer to input buffer
* @buf *bb@ = pointer to output buffer
*
- * Returns: Nonzero if the packet couldn't be decrypted.
+ * Returns: Zero on success; @KSERR_DECRYPT@ on failure. Also returns
+ * zero if there was insufficient buffer (but the output buffer
+ * is broken in this case).
*
* Use: Decrypts a packet.
*/
#define A_END ((char *)0)
+/* --- @a_vformat@ --- *
+ *
+ * Arguments: @dstr *d@ = where to leave the formatted message
+ * @const char *fmt@ = pointer to format string
+ * @va_list ap@ = arguments in list
+ *
+ * Returns: ---
+ *
+ * Use: Main message token formatting driver. The arguments are
+ * interleaved formatting tokens and their parameters, finally
+ * terminated by an entry @A_END@.
+ *
+ * Tokens recognized:
+ *
+ * * "*..." ... -- pretokenized @dstr_putf@-like string
+ *
+ * * "?ADDR" SOCKADDR -- a socket address, to be converted
+ *
+ * * "?B64" BUFFER SIZE -- binary data to be base64-encoded
+ *
+ * * "?TOKENS" VECTOR -- null-terminated vector of tokens
+ *
+ * * "?PEER" PEER -- peer's name
+ *
+ * * "?ERRNO" ERRNO -- system error code
+ *
+ * * "[!]..." ... -- @dstr_putf@-like string as single token
+ */
+
+extern void a_vformat(dstr */*d*/, const char */*fmt*/, va_list /*ap*/);
+
/* --- @a_warn@ --- *
*
* Arguments: @const char *fmt@ = pointer to format string
/* --- @a_init@ --- *
*
* Arguments: @const char *sock@ = socket name to create
+ * @uid_t u@ = user to own the socket
+ * @gid_t g@ = group to own the socket
+ * @mode_t m@ = permissions to set on the socket
*
* Returns: ---
*
* Use: Creates the admin listening socket.
*/
-extern void a_init(const char */*sock*/);
+extern void a_init(const char */*sock*/,
+ uid_t /*u*/, gid_t /*g*/, mode_t /*m*/);
+
+/*----- Mapping with addresses as keys ------------------------------------*/
+
+/* --- @am_create@ --- *
+ *
+ * Arguments: @addrmap *m@ = pointer to map
+ *
+ * Returns: ---
+ *
+ * Use: Create an address map, properly set up.
+ */
+
+extern void am_create(addrmap */*m*/);
+
+/* --- @am_destroy@ --- *
+ *
+ * Arguments: @addrmap *m@ = pointer to map
+ *
+ * Returns: ---
+ *
+ * Use: Destroy an address map, throwing away all the entries.
+ */
+
+extern void am_destroy(addrmap */*m*/);
+
+/* --- @am_find@ --- *
+ *
+ * Arguments: @addrmap *m@ = pointer to map
+ * @const addr *a@ = address to look up
+ * @size_t sz@ = size of block to allocate
+ * @unsigned *f@ = where to store flags
+ *
+ * Returns: Pointer to found item, or null.
+ *
+ * Use: Finds a record with the given IP address, set @*f@ nonzero
+ * and returns it. If @sz@ is zero, and no match was found,
+ * return null; otherwise allocate a new block of @sz@ bytes,
+ * clear @*f@ to zero and return the block pointer.
+ */
+
+extern void *am_find(addrmap */*m*/, const addr */*a*/,
+ size_t /*sz*/, unsigned */*f*/);
+
+/* --- @am_remove@ --- *
+ *
+ * Arguments: @addrmap *m@ = pointer to map
+ * @void *i@ = pointer to the item
+ *
+ * Returns: ---
+ *
+ * Use: Removes an item from the map.
+ */
+
+extern void am_remove(addrmap */*m*/, void */*i*/);
+
+/*----- Privilege separation ----------------------------------------------*/
+
+/* --- @ps_trace@ --- *
+ *
+ * Arguments: @unsigned mask@ = trace mask to check
+ * @const char *fmt@ = message format
+ * @...@ = values for placeholders
+ *
+ * Returns: ---
+ *
+ * Use: Writes a trace message.
+ */
+
+T( extern void ps_trace(unsigned /*mask*/, const char */*fmt*/, ...); )
+
+/* --- @ps_warn@ --- *
+ *
+ * Arguments: @const char *fmt@ = message format
+ * @...@ = values for placeholders
+ *
+ * Returns: ---
+ *
+ * Use: Writes a warning message.
+ */
+
+extern void ps_warn(const char */*fmt*/, ...);
+
+/* --- @ps_tunfd@ --- *
+ *
+ * Arguments: @const tunnel_ops *tops@ = pointer to tunnel operations
+ * @char **ifn@ = where to put the interface name
+ *
+ * Returns: The file descriptor, or @-1@ on error.
+ *
+ * Use: Fetches a file descriptor for a tunnel driver.
+ */
+
+extern int ps_tunfd(const tunnel_ops */*tops*/, char **/*ifn*/);
+
+/* --- @ps_split@ --- *
+ *
+ * Arguments: @int detachp@ = whether to detach the child from its terminal
+ *
+ * Returns: ---
+ *
+ * Use: Separates off the privileged tunnel-opening service from the
+ * rest of the server.
+ */
+
+extern void ps_split(int /*detachp*/);
+
+/* --- @ps_quit@ --- *
+ *
+ * Arguments: ---
+ *
+ * Returns: ---
+ *
+ * Use: Detaches from the helper process.
+ */
+
+extern void ps_quit(void);
/*----- Peer management ---------------------------------------------------*/
extern const char *p_name(peer */*p*/);
+/* --- @p_tag@ --- *
+ *
+ * Arguments: @peer *p@ = pointer to a peer block
+ *
+ * Returns: A pointer to the peer's public key tag.
+ */
+
+extern const char *p_tag(peer */*p*/);
+
/* --- @p_spec@ --- *
*
* Arguments: @peer *p@ = pointer to a peer block
extern const peerspec *p_spec(peer */*p*/);
+/* --- @p_findbyaddr@ --- *
+ *
+ * Arguments: @const addr *a@ = address to look up
+ *
+ * Returns: Pointer to the peer block, or null if not found.
+ *
+ * Use: Finds a peer by address.
+ */
+
+extern peer *p_findbyaddr(const addr */*a*/);
+
/* --- @p_find@ --- *
*
* Arguments: @const char *name@ = name to look up
extern void p_destroy(peer */*p*/);
-/* --- @p_first@, @p_next@ --- *
+/* --- @FOREACH_PEER@ --- *
+ *
+ * Arguments: @p@ = name to bind to each peer
+ * @stuff@ = thing to do for each item
+ *
+ * Use: Does something for each current peer.
+ */
+
+#define FOREACH_PEER(p, stuff) do { \
+ peer_iter i_; \
+ peer *p; \
+ for (p_mkiter(&i_); (p = p_next(&i_)) != 0; ) do stuff while (0); \
+} while (0)
+
+/* --- @p_mkiter@ --- *
+ *
+ * Arguments: @peer_iter *i@ = pointer to an iterator
+ *
+ * Returns: ---
+ *
+ * Use: Initializes the iterator.
+ */
+
+extern void p_mkiter(peer_iter */*i*/);
+
+/* --- @p_next@ --- *
+ *
+ * Arguments: @peer_iter *i@ = pointer to an iterator
*
- * Arguments: @peer *p@ = a peer block
+ * Returns: Next peer, or null if at the end.
*
- * Returns: @peer_first@ returns the first peer in some ordering;
- * @peer_next@ returns the peer following a given one in the
- * same ordering. Null is returned for the end of the list.
+ * Use: Returns the next peer.
*/
-extern peer *p_first(void);
-extern peer *p_next(peer */*p*/);
+extern peer *p_next(peer_iter */*i*/);
/*----- Tunnel drivers ----------------------------------------------------*/
* Returns: A pointer to the integer's textual representation.
*
* Use: Converts a multiprecision integer to a string. Corrupts
- * @buf_t@.
+ * @buf_u@.
*/
extern const char *mpstr(mp */*m*/);
* Returns: A pointer to the element's textual representation.
*
* Use: Converts a group element to a string. Corrupts
- * @buf_t@.
+ * @buf_u@.
*/
extern const char *gestr(group */*g*/, ge */*x*/);
* Returns: A pointer to a textual representation of the time.
*
* Use: Converts a time to a textual representation. Corrupts
- * @buf_t@.
+ * @buf_u@.
*/
extern const char *timestr(time_t /*t*/);
extern int seq_check(seqwin */*s*/, uint32 /*q*/, const char */*service*/);
-/* --- @versioncmp@ --- *
- *
- * Arguments: @const char *va, *vb@ = two version strings
- *
- * Returns: Less than, equal to, or greater than zero, according to
- * whether @va@ is less than, equal to, or greater than @vb@.
- *
- * Use: Compares version number strings.
- *
- * The algorithm is an extension of the Debian version
- * comparison algorithm. A version number consists of three
- * components:
- *
- * [EPOCH :] MAIN [- SUB]
- *
- * The MAIN part may contain colons or hyphens if there is an
- * EPOCH or SUB, respectively. Version strings are compared
- * componentwise: first epochs, then main parts, and finally
- * subparts.
- *
- * The component comparison is done as follows. First, the
- * initial subsequence of nondigit characters is extracted from
- * each string, and these are compared lexicographically, using
- * ASCII ordering, except that letters precede non-letters. If
- * both are the same, an initial sequence of digits is extracted
- * from the remaining parts of the version strings, and these
- * are compared numerically (an empty sequence being considered
- * to have the value zero). This process is repeated until we
- * have a winner or until both strings are exhausted.
- */
-
-extern int versioncmp(const char */*va*/, const char */*vb*/);
-
/*----- That's all, folks -------------------------------------------------*/
#ifdef __cplusplus