Ca.h 6.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190
  1. /* vim: set expandtab ts=4 sw=4: */
  2. /*
  3. * You may redistribute this program and/or modify it under the terms of
  4. * the GNU General Public License as published by the Free Software Foundation,
  5. * either version 3 of the License, or (at your option) any later version.
  6. *
  7. * This program is distributed in the hope that it will be useful,
  8. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  9. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  10. * GNU General Public License for more details.
  11. *
  12. * You should have received a copy of the GNU General Public License
  13. * along with this program. If not, see <https://www.gnu.org/licenses/>.
  14. */
  15. #ifndef Ca_H
  16. #define Ca_H
  17. #include "benc/Object.h"
  18. #include "rust/cjdns_sys/RTypes.h"
  19. #include "crypto/random/Random.h"
  20. #include "memory/Allocator.h"
  21. #include "util/log/Log.h"
  22. #include "util/events/EventBase.h"
  23. #ifndef OLD_CA
  24. #include "rust/cjdns_sys/Rffi.h"
  25. typedef RTypes_CryptoAuth2_t Ca_t;
  26. typedef RTypes_CryptoAuth2_Session_t Ca_Session_t;
  27. #define Ca_IMPL(x) Rffi_CryptoAuth2_ ## x
  28. static inline Ca_t* Ca_new(struct Allocator* allocator,
  29. const uint8_t* privateKey,
  30. EventBase_t* eventBase,
  31. struct Log* logger,
  32. struct Random* rand)
  33. {
  34. return Rffi_CryptoAuth2_new(allocator, privateKey, rand);
  35. }
  36. #else
  37. #include "crypto/CryptoAuth.h"
  38. typedef struct CryptoAuth Ca_t;
  39. typedef struct CryptoAuth_Session Ca_Session_t;
  40. #define Ca_IMPL(x) CryptoAuth_ ## x
  41. #define Ca_new CryptoAuth_new
  42. #endif
  43. enum Ca_addUser_Res {
  44. Ca_addUser_DUPLICATE = -3,
  45. };
  46. static inline int Ca_addUser_ipv6(String* password,
  47. String* login,
  48. uint8_t ipv6[16],
  49. Ca_t* ca)
  50. {
  51. return Ca_IMPL(addUser_ipv6)(password, login, ipv6, ca);
  52. }
  53. static inline int Ca_addUser(String* password, String* login, Ca_t* ca)
  54. {
  55. return Ca_addUser_ipv6(password, login, NULL, ca);
  56. }
  57. static inline int Ca_removeUsers(Ca_t* context, String* user)
  58. {
  59. return Ca_IMPL(removeUsers)(context, user);
  60. }
  61. static inline RTypes_StrList_t* Ca_getUsers(const Ca_t* context, struct Allocator* alloc)
  62. {
  63. return Ca_IMPL(getUsers)(context, alloc);
  64. }
  65. static inline Ca_Session_t* Ca_newSession(Ca_t* ca,
  66. struct Allocator* alloc,
  67. const uint8_t herPublicKey[32],
  68. const bool requireAuth,
  69. const char* name,
  70. bool useNoise)
  71. {
  72. return Ca_IMPL(newSession)(ca, alloc, herPublicKey, requireAuth, name, useNoise);
  73. }
  74. static inline void Ca_setAuth(const String* password,
  75. const String* login,
  76. Ca_Session_t* caSession)
  77. {
  78. Ca_IMPL(setAuth)(password, login, caSession);
  79. }
  80. static inline void Ca_resetIfTimeout(Ca_Session_t* session)
  81. {
  82. Ca_IMPL(resetIfTimeout)(session);
  83. }
  84. static inline void Ca_reset(Ca_Session_t* caSession)
  85. {
  86. Ca_IMPL(reset)(caSession);
  87. }
  88. static inline RTypes_CryptoAuth_State_t Ca_getState(Ca_Session_t* session)
  89. {
  90. return Ca_IMPL(getState)(session);
  91. }
  92. static inline void Ca_getHerPubKey(const Ca_Session_t* session, uint8_t *pkOut)
  93. {
  94. Ca_IMPL(getHerPubKey)(session, pkOut);
  95. }
  96. static inline void Ca_getHerIp6(const Ca_Session_t* session, uint8_t *ipOut)
  97. {
  98. Ca_IMPL(getHerIp6)(session, ipOut);
  99. }
  100. static inline void Ca_getPubKey(const Ca_t* ca, uint8_t *pkOut)
  101. {
  102. Ca_IMPL(getPubKey)(ca, pkOut);
  103. }
  104. static inline String_t *Ca_getName(const Ca_Session_t* session, Allocator_t *alloc)
  105. {
  106. return Ca_IMPL(getName)(session, alloc);
  107. }
  108. static inline void Ca_stats(const Ca_Session_t* session, RTypes_CryptoStats_t *statsOut)
  109. {
  110. Ca_IMPL(stats)(session, statsOut);
  111. }
  112. static inline int Ca_getSecret(const Ca_t* ca, const String_t* name, uint8_t secretOut[static 64])
  113. {
  114. return Ca_IMPL(getSecret)(ca, name, secretOut);
  115. }
  116. enum Ca_DecryptErr {
  117. Ca_DecryptErr_NONE = 0,
  118. // Packet too short
  119. Ca_DecryptErr_RUNT = 1,
  120. // Received a run message to an un-setup session
  121. Ca_DecryptErr_NO_SESSION = 2,
  122. Ca_DecryptErr_FINAL_SHAKE_FAIL = 3,
  123. Ca_DecryptErr_FAILED_DECRYPT_RUN_MSG = 4,
  124. Ca_DecryptErr_KEY_PKT_ESTABLISHED_SESSION = 5,
  125. Ca_DecryptErr_WRONG_PERM_PUBKEY = 6,
  126. // Only specific IPv6 can connect to this CA session and the request has the wrong one.
  127. Ca_DecryptErr_IP_RESTRICTED = 7,
  128. // Authentication is required and is missing.
  129. Ca_DecryptErr_AUTH_REQUIRED = 8,
  130. // Basically this means the login name doesn't exist, beware of giving this information up.
  131. Ca_DecryptErr_UNRECOGNIZED_AUTH = 9,
  132. // Key packet and we are not in a state to accept a key packet
  133. Ca_DecryptErr_STRAY_KEY = 10,
  134. Ca_DecryptErr_HANDSHAKE_DECRYPT_FAILED = 11,
  135. // Set zero as the temporary public key
  136. Ca_DecryptErr_WISEGUY = 12,
  137. // Duplicate hello or key packet (same temp key and not a repeat-packet type)
  138. // Or repeat key packet with different key than what is known
  139. // Or a repeat hello packet for which we already know the temp key (meaning it is associated
  140. // with an existing session) when we are not in a state to accept a repeat hello.
  141. Ca_DecryptErr_INVALID_PACKET = 13,
  142. // Replay checker could not validate this packet
  143. Ca_DecryptErr_REPLAY = 14,
  144. // Authenticated decryption failed
  145. Ca_DecryptErr_DECRYPT = 15
  146. };
  147. #define Ca_State_INIT RTypes_CryptoAuth_State_t_Init
  148. #define Ca_State_SENT_HELLO RTypes_CryptoAuth_State_t_SentHello
  149. #define Ca_State_RECEIVED_HELLO RTypes_CryptoAuth_State_t_ReceivedHello
  150. #define Ca_State_SENT_KEY RTypes_CryptoAuth_State_t_SentKey
  151. #define Ca_State_RECEIVED_KEY RTypes_CryptoAuth_State_t_ReceivedKey
  152. #define Ca_State_ESTABLISHED RTypes_CryptoAuth_State_t_Established
  153. static inline char* Ca_stateString(RTypes_CryptoAuth_State_t state)
  154. {
  155. switch (state) {
  156. case Ca_State_INIT: return "INIT";
  157. case Ca_State_SENT_HELLO: return "SENT_HELLO";
  158. case Ca_State_RECEIVED_HELLO: return "RECEIVED_HELLO";
  159. case Ca_State_SENT_KEY: return "SENT_KEY";
  160. case Ca_State_RECEIVED_KEY: return "RECEIVED_KEY";
  161. case Ca_State_ESTABLISHED: return "ESTABLISHED";
  162. default: return "INVALID";
  163. }
  164. }
  165. #endif