X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/blobdiff_plain/c70a7c5cedab62209640b76f03d97c1876e38dc6..f492fa0b0f1081ddf8c9aa92aad24f803ed02d86:/server/tripe.h

diff --git a/server/tripe.h b/server/tripe.h
index 24cec434..d07823b8 100644
--- a/server/tripe.h
+++ b/server/tripe.h
@@ -9,19 +9,18 @@
  *
  * This file is part of Trivial IP Encryption (TrIPE).
  *
- * TrIPE is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
+ * TrIPE is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at your
+ * option) any later version.
  *
- * TrIPE is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
+ * TrIPE is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
  *
  * You should have received a copy of the GNU General Public License
- * along with TrIPE; if not, write to the Free Software Foundation,
- * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ * along with TrIPE.  If not, see <https://www.gnu.org/licenses/>.
  */
 
 #ifndef TRIPE_H
@@ -67,6 +66,7 @@
 #include <mLib/arena.h>
 #include <mLib/base64.h>
 #include <mLib/bres.h>
+#include <mLib/codec.h>
 #include <mLib/daemonize.h>
 #include <mLib/dstr.h>
 #include <mLib/env.h>
@@ -91,21 +91,27 @@
 #include <catacomb/buf.h>
 #include <catacomb/ct.h>
 
+#include <catacomb/chacha.h>
 #include <catacomb/gcipher.h>
 #include <catacomb/gmac.h>
 #include <catacomb/grand.h>
 #include <catacomb/key.h>
 #include <catacomb/paranoia.h>
+#include <catacomb/poly1305.h>
+#include <catacomb/salsa20.h>
 
 #include <catacomb/noise.h>
 #include <catacomb/rand.h>
 
 #include <catacomb/mp.h>
+#include <catacomb/mpmont.h>
 #include <catacomb/mprand.h>
 #include <catacomb/dh.h>
 #include <catacomb/ec.h>
+#include <catacomb/ec-raw.h>
 #include <catacomb/ec-keys.h>
-#include <catacomb/group.h>
+#include <catacomb/x25519.h>
+#include <catacomb/x448.h>
 
 #include "priv.h"
 #include "protocol.h"
@@ -158,8 +164,23 @@
 
 typedef struct keyset keyset;
 typedef struct algswitch algswitch;
+typedef struct kdata kdata;
 typedef struct admin admin;
 
+typedef struct dhgrp {
+  const struct dhops *ops;
+  size_t scsz;
+} dhgrp;
+
+typedef struct dhsc dhsc;
+typedef struct dhge dhge;
+
+enum {
+  DHFMT_STD,		    /* Fixed-width format, suitable for encryption */
+  DHFMT_HASH,		     /* Deterministic format, suitable for hashing */
+  DHFMT_VAR		       /* Variable-width-format, mostly a bad idea */
+};
+
 typedef struct bulkalgs {
   const struct bulkops *ops;
 } bulkalgs;
@@ -175,6 +196,99 @@ typedef struct bulkchal {
 
 struct rawkey;
 
+typedef struct dhops {
+  const char *name;
+
+  int (*ldpriv)(key_file */*kf*/, key */*k*/, key_data */*d*/,
+		kdata */*kd*/, dstr */*t*/, dstr */*e*/);
+	/* Load a private key from @d@, storing the data in @kd@.  The key's
+	 * file and key object are in @kf@ and @k, mostly in case its
+	 * attributes are interesting; the key tag is in @t@; errors are
+	 * reported by writing tokens to @e@ and returning nonzero.
+	 */
+
+  int (*ldpub)(key_file */*kf*/, key */*k*/, key_data */*d*/,
+	       kdata */*kd*/, dstr */*t*/, dstr */*e*/);
+	/* Load a public key from @d@, storing the data in @kd@.  The key's
+	 * file and key object are in @kf@ and @k, mostly in case its
+	 * attributes are interesting; the key tag is in @t@; errors are
+	 * reported by writing tokens to @e@ and returning nonzero.
+	 */
+
+  const char *(*checkgrp)(const dhgrp */*g*/);
+	/* Check that the group is valid; return null on success, or an error
+	 * string.
+	 */
+
+  void (*grpinfo)(const dhgrp */*g*/, admin */*a*/);
+	/* Report on the group to an admin client. */
+
+  T( void (*tracegrp)(const dhgrp */*g*/); )
+	/* Trace a description of the group. */
+
+  int (*samegrpp)(const dhgrp */*g*/, const dhgrp */*gg*/);
+	/* Return nonzero if the two group objects represent the same
+	 * group.
+	 */
+
+  void (*freegrp)(dhgrp */*g*/);
+	/* Free a group and the resources it holds. */
+
+  dhsc *(*ldsc)(const dhgrp */*g*/, const void */*p*/, size_t /*sz*/);
+	/* Load a scalar from @p@, @sz@ and return it.  Return null on
+	 * error.
+	 */
+
+  int (*stsc)(const dhgrp */*g*/,
+	       void */*p*/, size_t /*sz*/, const dhsc */*x*/);
+	/* Store a scalar at @p@, @sz@.  Return nonzero on error. */
+
+  dhsc *(*randsc)(const dhgrp */*g*/);
+	/* Return a random scalar. */
+
+  T( const char *(*scstr)(const dhgrp */*g*/, const dhsc */*x*/); )
+	/* Return a human-readable representation of @x@; @buf_t@ may be used
+	 * to hold it.
+	 */
+
+  void (*freesc)(const dhgrp */*g*/, dhsc */*x*/);
+	/* Free a scalar and the resources it holds. */
+
+  dhge *(*ldge)(const dhgrp */*g*/, buf */*b*/, int /*fmt*/);
+	/* Load a group element from @b@, encoded using format @fmt@.  Return
+	 * null on error.
+	 */
+
+  int (*stge)(const dhgrp */*g*/, buf */*b*/,
+	      const dhge */*Y*/, int /*fmt*/);
+	/* Store a group element in @b@, encoded using format @fmt@.  Return
+	 * nonzero on error.
+	 */
+
+  int (*checkge)(const dhgrp */*h*/, const dhge */*Y*/);
+	/* Check a group element for validity.  Return zero if everything
+	 * checks out; nonzero on failure.
+	 */
+
+  int (*eq)(const dhgrp */*g*/, const dhge */*Y*/, const dhge */*Z*/);
+	/* Return nonzero if @Y@ and @Z@ are equal. */
+
+  dhge *(*mul)(const dhgrp */*g*/, const dhsc */*x*/, const dhge */*Y*/);
+	/* Multiply a group element by a scalar, resulting in a shared-secret
+	 * group element.  If @y@ is null, then multiply the well-known
+	 * generator.
+	 */
+
+  T( const char *(*gestr)(const dhgrp */*g*/, const dhge */*Y*/); )
+	/* Return a human-readable representation of @Y@; @buf_t@ may be used
+	 * to hold it.
+	 */
+
+  void (*freege)(const dhgrp */*g*/, dhge */*Y*/);
+	/* Free a group element and the resources it holds. */
+
+} dhops;
+
 typedef struct bulkops {
   const char *name;
 
@@ -268,17 +382,16 @@ struct algswitch {
   bulkalgs *bulk;			/* Bulk crypto algorithms */
 };
 
-typedef struct kdata {
+struct kdata {
   unsigned ref;				/* Reference counter */
   struct knode *kn;			/* Pointer to cache entry */
   char *tag;				/* Full tag name of the key */
-  group *g;				/* The group we work in */
-  size_t indexsz;			/* Size of exponent for the group */
-  mp *kpriv;				/* The private key (or null) */
-  ge *kpub;				/* The public key */
+  dhgrp *grp;				/* The group we work in */
+  dhsc *k;				/* The private key (or null) */
+  dhge *K;				/* The public key */
   time_t t_exp;				/* Expiry time of the key */
   algswitch algs;			/* Collection of algorithms */
-} kdata;
+};
 
 typedef struct knode {
   sym_base _b;				/* Symbol table intrusion */
@@ -292,6 +405,7 @@ typedef struct knode {
 
 #define HASH_STRING(h, s) GH_HASH((h), (s), sizeof(s))
 
+extern const dhops dhtab[];
 extern const bulkops bulktab[];
 
 /*----- Data structures ---------------------------------------------------*/
@@ -381,8 +495,8 @@ typedef struct retry {
 
 typedef struct kxchal {
   struct keyexch *kx;			/* Pointer back to key exchange */
-  ge *c;				/* Responder's challenge */
-  ge *r;				/* My reply to the challenge */
+  dhge *C;				/* Responder's challenge */
+  dhge *R;				/* My reply to the challenge */
   keyset *ks;				/* Pointer to temporary keyset */
   unsigned f;				/* Various useful flags */
   sel_timer t;				/* Response timer for challenge */
@@ -404,9 +518,9 @@ typedef struct keyexch {
   unsigned s;				/* Current state in exchange */
   sel_timer t;				/* Timer for next exchange */
   retry rs;				/* Retry state */
-  mp *alpha;				/* My temporary secret */
-  ge *c;				/* My challenge */
-  ge *rx;				/* The expected response */
+  dhsc *a;				/* My temporary secret */
+  dhge *C;				/* My challenge */
+  dhge *RX;				/* The expected response */
   unsigned nr;				/* Number of extant responses */
   time_t t_valid;			/* When this exchange goes bad */
   octet hc[MAXHASHSZ];			/* Hash of my challenge */
@@ -861,9 +975,8 @@ extern void ks_derivekey(octet */*k*/, size_t /*ksz*/,
  *		the key material; between @k + x@ and @k + y@ is `your'
  *		contribution; and between @k + y@ and @k + z@ is a shared
  *		value we made together.  These are used to construct two
- *		pairs of symmetric keys.  Each pair consists of an encryption
- *		key and a message authentication key.  One pair is used for
- *		outgoing messages, the other for incoming messages.
+ *		collections of symmetric keys: one for outgoing messages, the
+ *		other for incoming messages.
  *
  *		The new key is marked so that it won't be selected for output
  *		by @ksl_encrypt@.  You can still encrypt data with it by
@@ -1596,31 +1709,6 @@ extern const tunnel_ops tun_slip;
 
 /*----- Other handy utilities ---------------------------------------------*/
 
-/* --- @mpstr@ --- *
- *
- * Arguments:	@mp *m@ = a multiprecision integer
- *
- * Returns:	A pointer to the integer's textual representation.
- *
- * Use:		Converts a multiprecision integer to a string.  Corrupts
- *		@buf_u@.
- */
-
-extern const char *mpstr(mp */*m*/);
-
-/* --- @gestr@ --- *
- *
- * Arguments:	@group *g@ = a group
- *		@ge *x@ = a group element
- *
- * Returns:	A pointer to the element's textual representation.
- *
- * Use:		Converts a group element to a string.  Corrupts
- *		@buf_u@.
- */
-
-extern const char *gestr(group */*g*/, ge */*x*/);
-
 /* --- @timestr@ --- *
  *
  * Arguments:	@time_t t@ = a time to convert