X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/blobdiff_plain/52c03a2aa0b5c3461055ca0dcf38e29f2ca88f35..c55f55afc693f452bcfa2ddd2af50d3216a9c951:/tripe.h

diff --git a/tripe.h b/tripe.h
index 2929200c..7de033d3 100644
--- a/tripe.h
+++ b/tripe.h
@@ -1,6 +1,6 @@
 /* -*-c-*-
  *
- * $Id: tripe.h,v 1.18 2004/04/03 12:35:13 mdw Exp $
+ * $Id: tripe.h,v 1.20 2004/04/18 18:08:11 mdw Exp $
  *
  * Main header file for TrIPE
  *
@@ -26,70 +26,6 @@
  * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  */
 
-/*----- Revision history --------------------------------------------------* 
- *
- * $Log: tripe.h,v $
- * Revision 1.18  2004/04/03 12:35:13  mdw
- * Support elliptic curve key exchange.
- *
- * Revision 1.17  2003/10/15 09:30:18  mdw
- * Add support for Ethereal protocol analysis.
- *
- * Revision 1.16  2003/07/13 11:19:49  mdw
- * Incompatible protocol fix!  Include message type code under MAC tag to
- * prevent cut-and-paste from key-exchange messages to general packet
- * transport.
- *
- * Revision 1.15  2003/05/16 12:09:03  mdw
- * Allow binding to a chosen address.
- *
- * Revision 1.14  2003/04/06 10:36:33  mdw
- * Rearrange so as not to include Linux headers unless we need to.
- *
- * Revision 1.13  2003/04/06 10:26:35  mdw
- * Report peer name on decrypt errors.
- *
- * Revision 1.12  2003/04/06 10:25:17  mdw
- * Support Linux TUN/TAP device.  Fix some bugs.
- *
- * Revision 1.11  2002/01/13 14:57:42  mdw
- * Fix crap typo.
- *
- * Revision 1.10  2002/01/13 14:54:58  mdw
- * Provide MGF macros.
- *
- * Revision 1.9  2001/06/22 19:40:36  mdw
- * Support expiry of other peers' public keys.
- *
- * Revision 1.8  2001/06/19 22:10:57  mdw
- * Some more constants for the algorithms.  Document the packet format
- * change for non-malleability.  Moved @buf@ definitions to separate header
- * file.
- *
- * Revision 1.7  2001/03/03 12:07:08  mdw
- * Rename word get and put functions now that there's 16-bit support.
- *
- * Revision 1.6  2001/02/19 19:11:09  mdw
- * Output buffering on admin connections.
- *
- * Revision 1.5  2001/02/16 21:41:43  mdw
- * Major changes.  See source files for details.
- *
- * Revision 1.4  2001/02/05 19:56:37  mdw
- * Sequence number protection, and BSD tunnels.
- *
- * Revision 1.3  2001/02/04 01:17:55  mdw
- * Create a configuration header file to tidy up command lines.
- *
- * Revision 1.2  2001/02/03 22:40:29  mdw
- * Put timer information into the entropy pool when packets are received
- * and on similar events.  Reseed the generator on the interval timer.
- *
- * Revision 1.1  2001/02/03 20:26:37  mdw
- * Initial checkin.
- *
- */
-
 #ifndef TRIPE_H
 #define TRIPE_H
 
@@ -201,29 +137,21 @@
 
 /*----- Cipher selections -------------------------------------------------*/
 
-#include <catacomb/blowfish.h>
-#include <catacomb/blowfish-cbc.h>
-#include <catacomb/blowfish-counter.h>
-#include <catacomb/rmd160.h>
-#include <catacomb/rmd160-hmac.h>
-
-#define CIPHER (&blowfish_cbc)
-#define MAC (&rmd160_hmac)
+typedef struct algswitch {
+  const gccipher *c;			/* Symmetric encryption scheme */
+  const gccipher *mgf;			/* Mask-generation function */
+  const gchash *h;			/* Hash function */
+  const gcmac *m;			/* Message authentication code */
+  size_t hashsz;			/* Hash output size */
+  size_t tagsz;				/* Length to truncate MAC tags */
+  size_t cksz, mksz;			/* Key lengths for @c@ and @m@ */
+} algswitch;
 
-#define HASH_CTX rmd160_ctx
-#define HASH_INIT rmd160_init
-#define HASH rmd160_hash
-#define HASH_STRING(c, s) HASH((c), s, sizeof(s))
-#define HASH_DONE rmd160_done
-#define HASHSZ RMD160_HASHSZ
+extern algswitch algs;
 
-#define MGF_CTX blowfish_counterctx
-#define MGF_INIT blowfish_counterinit
-#define MGF_CRYPT blowfish_counterencrypt
+#define MAXHASHSZ 64			/* Largest possible hash size */
 
-#define SEQSZ 4
-#define IVSZ BLOWFISH_BLKSZ
-#define MACSZ 10
+#define HASH_STRING(h, s) GH_HASH((h), (s), sizeof(s))
 
 /*----- Data structures ---------------------------------------------------*/
 
@@ -259,6 +187,7 @@ typedef struct keyset {
   T( unsigned seq; )			/* Sequence number for tracing */
   unsigned f;				/* Various useful flags */
   gcipher *cin, *cout; 			/* Keyset ciphers for encryption */
+  size_t tagsz;				/* Length to truncate MAC tags */
   gmac *min, *mout;	       		/* Keyset MACs for integrity */
   uint32 oseq;				/* Outbound sequence number */
   uint32 iseq, iwin;			/* Inbound sequence number */
@@ -288,12 +217,12 @@ typedef struct kxchal {
   keyset *ks;				/* Pointer to temporary keyset */
   unsigned f;				/* Various useful flags */
   sel_timer t;				/* Response timer for challenge */
-  octet hc[HASHSZ];			/* Hash of his challenge */
+  octet hc[MAXHASHSZ];			/* Hash of his challenge */
   mp *ck;				/* The check value */
-  octet hswrq_in[HASHSZ];		/* Inbound switch request message */
-  octet hswok_in[HASHSZ];		/* Inbound switch confirmation */
-  octet hswrq_out[HASHSZ];		/* Outbound switch request message */
-  octet hswok_out[HASHSZ];		/* Outbound switch confirmation */
+  octet hswrq_in[MAXHASHSZ];		/* Inbound switch request message */
+  octet hswok_in[MAXHASHSZ];		/* Inbound switch confirmation */
+  octet hswrq_out[MAXHASHSZ];		/* Outbound switch request message */
+  octet hswok_out[MAXHASHSZ];		/* Outbound switch confirmation */
 } kxchal;
 
 typedef struct keyexch {
@@ -309,7 +238,7 @@ typedef struct keyexch {
   ge *rx;				/* The expected response */
   unsigned nr;				/* Number of extant responses */
   time_t t_valid;			/* When this exchange goes bad */
-  octet hc[HASHSZ];			/* Hash of my challenge */
+  octet hc[MAXHASHSZ];			/* Hash of my challenge */
   kxchal *r[KX_NCHAL];			/* Array of challenges */
 } keyexch;