X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/blobdiff_plain/35c8b547dde529693875087d67fa60bf88319d2b..c70a7c5cedab62209640b76f03d97c1876e38dc6:/server/tripe.h diff --git a/server/tripe.h b/server/tripe.h index b22dccce..24cec434 100644 --- a/server/tripe.h +++ b/server/tripe.h @@ -89,6 +89,7 @@ #include #include +#include #include #include @@ -134,24 +135,138 @@ #define SEC(n) (n##u) #define MIN(n) (n##u * 60u) +#define F_2P32 (65536.0*65536.0) #define MEG(n) (n##ul * 1024ul * 1024ul) +/* --- Timing parameters --- */ + +#define T_EXP MIN(60) /* Expiry time for a key */ +#define T_REGEN MIN(40) /* Regeneration time for a key */ + +#define T_VALID SEC(20) /* Challenge validity period */ +#define T_RETRYMIN SEC(2) /* Minimum retry interval */ +#define T_RETRYMAX MIN(5) /* Maximum retry interval */ +#define T_RETRYGROW (5.0/4.0) /* Retry interval growth factor */ + +#define T_WOBBLE (1.0/3.0) /* Relative timer randomness */ + /* --- Other things --- */ #define PKBUFSZ 65536 /*----- Cipher selections -------------------------------------------------*/ -typedef struct algswitch { - const gccipher *c; /* Symmetric encryption scheme */ +typedef struct keyset keyset; +typedef struct algswitch algswitch; +typedef struct admin admin; + +typedef struct bulkalgs { + const struct bulkops *ops; +} bulkalgs; + +typedef struct bulkctx { + const struct bulkops *ops; +} bulkctx; + +typedef struct bulkchal { + const struct bulkops *ops; + size_t tagsz; +} bulkchal; + +struct rawkey; + +typedef struct bulkops { + const char *name; + + bulkalgs *(*getalgs)(const algswitch */*asw*/, dstr */*e*/, + key_file */*kf*/, key */*k*/); + /* Determine algorithms to use and return a @bulkalgs@ object + * representing the decision. On error, write tokens to @e@ and + * return null. + */ + + T( void (*tracealgs)(const bulkalgs */*a*/); ) + /* Write trace information about the algorithm selection. */ + + int (*checkalgs)(bulkalgs */*a*/, const algswitch */*asw*/, dstr */*e*/); + /* Check that the algorithms in @a@ and @asw@ are acceptable. On + * error, write tokens to @e@ and return @-1@; otherwise return zero. + */ + + int (*samealgsp)(const bulkalgs */*a*/, const bulkalgs */*aa*/); + /* If @a@ and @aa@ represent the same algorithm selection, return + * nonzero; if not, return zero. + */ + + void (*alginfo)(const bulkalgs */*a*/, admin */*adm*/); + /* Report on the algorithm selection to an admin client: call + * @a_info@ with appropriate key-value pairs. + */ + + size_t (*overhead)(const bulkalgs */*a*/); + /* Return the per-packet overhead of the bulk transform, in bytes. */ + + size_t (*expsz)(const bulkalgs */*a*/); + /* Return the total size limit for the bulk transform, in bytes, + * after which the keys must no longer be used. + */ + + bulkctx *(*genkeys)(const bulkalgs */*a*/, const struct rawkey */*rk*/); + /* Generate session keys and construct and return an appropriate + * context for using them, by calling @ks_derive@. + */ + + bulkchal *(*genchal)(const bulkalgs */*a*/); + /* Construct and return a challenge issuing and verification + * context with a fresh random key. + */ + + void (*freealgs)(bulkalgs */*a*/); + /* Release an algorithm selection object. (Associated bulk + * encryption contexts and challenge contexts may still exist and + * must remain valid.) + */ + + int (*encrypt)(bulkctx */*bc*/, unsigned /*ty*/, + buf */*b*/, buf */*bb*/, uint32 /*seq*/); + /* Encrypt the packet in @b@, with type @ty@ (which doesn't need + * encoding separately) and sequence number @seq@ (which must be + * recoverable by @decrypt@), and write the result to @bb@. On + * error, return a @KSERR_...@ code and/or break the output buffer. + */ + + int (*decrypt)(bulkctx */*bc*/, unsigned /*ty*/, + buf */*b*/, buf */*bb*/, uint32 */*seq*/); + /* Decrypt the packet in @b@, with type @ty@, writing the result to + * @bb@ and storing the incoming (claimed) sequence number in @seq@. + * On error, return a @KSERR_...@ code. + */ + + void (*freectx)(bulkctx */*a*/); + /* Release a bulk encryption context and the resources it holds. */ + + int (*chaltag)(bulkchal */*bc*/, const void */*m*/, size_t /*msz*/, + void */*t*/); + /* Calculate a tag for the challenge in @m@, @msz@, and write it to + * @t@. Return @-1@ on error, zero on success. + */ + + int (*chalvrf)(bulkchal */*bc*/, const void */*m*/, size_t /*msz*/, + const void */*t*/); + /* Check the tag @t@ on @m@, @msz@: return zero if the tag is OK, + * nonzero if it's bad. + */ + + void (*freechal)(bulkchal */*bc*/); + /* Release a challenge context and the resources it holds. */ + +} bulkops; + +struct algswitch { + const gchash *h; size_t hashsz; /* Hash function */ const gccipher *mgf; /* Mask-generation function */ - const gchash *h; /* Hash function */ - const gcmac *m; /* Message authentication code */ - size_t hashsz; /* Hash output size */ - size_t tagsz; /* Length to truncate MAC tags */ - size_t expsz; /* Size of data to process */ - size_t cksz, mksz; /* Key lengths for @c@ and @m@ */ -} algswitch; + bulkalgs *bulk; /* Bulk crypto algorithms */ +}; typedef struct kdata { unsigned ref; /* Reference counter */ @@ -177,6 +292,8 @@ typedef struct knode { #define HASH_STRING(h, s) GH_HASH((h), (s), sizeof(s)) +extern const bulkops bulktab[]; + /*----- Data structures ---------------------------------------------------*/ /* --- Socket addresses --- * @@ -223,7 +340,9 @@ typedef struct seqwin { * expiry. */ -typedef struct keyset { +enum { DIR_IN, DIR_OUT, NDIR }; + +struct keyset { struct keyset *next; /* Next active keyset in the list */ unsigned ref; /* Reference count for keyset */ struct peer *p; /* Pointer to peer structure */ @@ -231,12 +350,10 @@ typedef struct keyset { unsigned long sz_exp, sz_regen; /* Data limits for the keyset */ T( unsigned seq; ) /* Sequence number for tracing */ unsigned f; /* Various useful flags */ - gcipher *cin, *cout; /* Keyset ciphers for encryption */ - size_t tagsz; /* Length to truncate MAC tags */ - gmac *min, *mout; /* Keyset MACs for integrity */ + bulkctx *bulk; /* Bulk crypto transform */ uint32 oseq; /* Outbound sequence number */ seqwin iseq; /* Inbound sequence number */ -} keyset; +}; #define KSF_LISTEN 1u /* Don't encrypt packets yet */ #define KSF_LINK 2u /* Key is in a linked list */ @@ -256,6 +373,10 @@ typedef struct keyset { * Clive Jones. */ +typedef struct retry { + double t; /* Current retry time */ +} retry; + #define KX_NCHAL 16u typedef struct kxchal { @@ -265,6 +386,7 @@ typedef struct kxchal { keyset *ks; /* Pointer to temporary keyset */ unsigned f; /* Various useful flags */ sel_timer t; /* Response timer for challenge */ + retry rs; /* Retry state */ octet hc[MAXHASHSZ]; /* Hash of his challenge */ octet ck[MAXHASHSZ]; /* His magical check value */ octet hswrq_in[MAXHASHSZ]; /* Inbound switch request message */ @@ -281,6 +403,7 @@ typedef struct keyexch { unsigned f; /* Various useful flags */ unsigned s; /* Current state in exchange */ sel_timer t; /* Timer for next exchange */ + retry rs; /* Retry state */ mp *alpha; /* My temporary secret */ ge *c; /* My challenge */ ge *rx; /* The expected response */ @@ -353,6 +476,7 @@ typedef struct stats { typedef struct peerspec { char *name; /* Peer's name */ + char *privtag; /* Private key tag */ char *tag; /* Public key tag */ const tunnel_ops *tops; /* Tunnel operations */ unsigned long t_ka; /* Keep alive interval */ @@ -483,7 +607,7 @@ typedef struct admin_jobtable { admin_jobentry *v; /* And the big array of entries */ } admin_jobtable; -typedef struct admin { +struct admin { struct admin *next, *prev; /* Links to next and previous */ unsigned f; /* Various useful flags */ unsigned ref; /* Reference counter */ @@ -497,7 +621,7 @@ typedef struct admin { admin_jobtable j; /* Table of outstanding jobs */ selbuf b; /* Line buffer for commands */ sel_file w; /* Selector for write buffering */ -} admin; +}; #define AF_DEAD 1u /* Destroy this admin block */ #define AF_CLOSE 2u /* Client closed connection */ @@ -530,7 +654,8 @@ extern unsigned tr_flags; /* Trace options flags */ /*----- Other macros ------------------------------------------------------*/ -#define TIMER noise_timer(RAND_GLOBAL) +#define QUICKRAND \ + do { rand_quick(RAND_GLOBAL); noise_timer(RAND_GLOBAL); } while (0) /*----- Key management ----------------------------------------------------*/ @@ -701,6 +826,27 @@ extern int kx_init(keyexch */*kx*/, peer */*p*/, extern void ks_drop(keyset */*ks*/); +/* --- @ks_derivekey@ --- * + * + * Arguments: @octet *k@ = pointer to an output buffer of at least + * @MAXHASHSZ@ bytes + * @size_t ksz@ = actual size wanted (for tracing) + * @const struct rawkey *rk@ = a raw key, as passed into + * @genkeys@ + * @int dir@ = direction for the key (@DIR_IN@ or @DIR_OUT@) + * @const char *what@ = label for the key (input to derivation) + * + * Returns: --- + * + * Use: Derives a session key, for use on incoming or outgoing data. + * This function is part of a private protocol between @ks_gen@ + * and the bulk crypto transform @genkeys@ operation. + */ + +extern void ks_derivekey(octet */*k*/, size_t /*ksz*/, + const struct rawkey */*rk*/, + int /*dir*/, const char */*what*/); + /* --- @ks_gen@ --- * * * Arguments: @const void *k@ = pointer to key material @@ -728,15 +874,6 @@ extern keyset *ks_gen(const void */*k*/, size_t /*x*/, size_t /*y*/, size_t /*z*/, peer */*p*/); -/* --- @ks_tregen@ --- * - * - * Arguments: @keyset *ks@ = pointer to a keyset - * - * Returns: The time at which moves ought to be made to replace this key. - */ - -extern time_t ks_tregen(keyset */*ks*/); - /* --- @ks_activate@ --- * * * Arguments: @keyset *ks@ = pointer to a keyset @@ -765,6 +902,11 @@ extern void ks_activate(keyset */*ks*/); * ought to be replaced' notification is only ever given once * for each key. Also note that this call forces a keyset to be * used even if it's marked as not for data output. + * + * The encryption transform is permitted to corrupt @buf_u@ for + * its own purposes. Neither the source nor destination should + * be within @buf_u@; and callers mustn't expect anything stored + * in @buf_u@ to still */ extern int ks_encrypt(keyset */*ks*/, unsigned /*ty*/, @@ -784,6 +926,11 @@ extern int ks_encrypt(keyset */*ks*/, unsigned /*ty*/, * Use: Attempts to decrypt a message using a given key. Note that * requesting decryption with a key directly won't clear a * marking that it's not for encryption. + * + * The decryption transform is permitted to corrupt @buf_u@ for + * its own purposes. Neither the source nor destination should + * be within @buf_u@; and callers mustn't expect anything stored + * in @buf_u@ to still */ extern int ks_decrypt(keyset */*ks*/, unsigned /*ty*/, @@ -892,7 +1039,7 @@ extern int c_check(buf */*b*/); * * Arguments: @dstr *d@ = where to leave the formatted message * @const char *fmt@ = pointer to format string - * @va_list ap@ = arguments in list + * @va_list *ap@ = arguments in list * * Returns: --- * @@ -917,7 +1064,7 @@ extern int c_check(buf */*b*/); * * "[!]..." ... -- @dstr_putf@-like string as single token */ -extern void a_vformat(dstr */*d*/, const char */*fmt*/, va_list /*ap*/); +extern void a_vformat(dstr */*d*/, const char */*fmt*/, va_list */*ap*/); /* --- @a_format@ --- * * @@ -930,7 +1077,20 @@ extern void a_vformat(dstr */*d*/, const char */*fmt*/, va_list /*ap*/); * presentation. */ -extern void a_format(dstr */*d*/, const char */*fmt*/, ...); +extern void EXECL_LIKE(0) a_format(dstr */*d*/, const char */*fmt*/, ...); + +/* --- @a_info@ --- * + * + * Arguments: @admin *a@ = connection + * @const char *fmt@ = format string + * @...@ = other arguments + * + * Returns: --- + * + * Use: Report information to an admin client. + */ + +extern void EXECL_LIKE(0) a_info(admin */*a*/, const char */*fmt*/, ...); /* --- @a_warn@ --- * * @@ -942,7 +1102,7 @@ extern void a_format(dstr */*d*/, const char */*fmt*/, ...); * Use: Informs all admin connections of a warning. */ -extern void a_warn(const char */*fmt*/, ...); +extern void EXECL_LIKE(0) a_warn(const char */*fmt*/, ...); /* --- @a_notify@ --- * * @@ -954,7 +1114,7 @@ extern void a_warn(const char */*fmt*/, ...); * Use: Sends a notification to interested admin connections. */ -extern void a_notify(const char */*fmt*/, ...); +extern void EXECL_LIKE(0) a_notify(const char */*fmt*/, ...); /* --- @a_create@ --- * * @@ -1085,7 +1245,8 @@ extern void am_remove(addrmap */*m*/, void */*i*/); * Use: Writes a trace message. */ -T( extern void ps_trace(unsigned /*mask*/, const char */*fmt*/, ...); ) +T( extern void PRINTF_LIKE(2, 3) + ps_trace(unsigned /*mask*/, const char */*fmt*/, ...); ) /* --- @ps_warn@ --- * * @@ -1097,7 +1258,7 @@ T( extern void ps_trace(unsigned /*mask*/, const char */*fmt*/, ...); ) * Use: Writes a warning message. */ -extern void ps_warn(const char */*fmt*/, ...); +extern void PRINTF_LIKE(1, 2) ps_warn(const char */*fmt*/, ...); /* --- @ps_tunfd@ --- * * @@ -1330,6 +1491,15 @@ extern const char *p_name(peer */*p*/); extern const char *p_tag(peer */*p*/); +/* --- @p_privtag@ --- * + * + * Arguments: @peer *p@ = pointer to a peer block + * + * Returns: A pointer to the peer's private key tag. + */ + +extern const char *p_privtag(peer */*p*/); + /* --- @p_spec@ --- * * * Arguments: @peer *p@ = pointer to a peer block