247 lines
7.7 KiB
C
247 lines
7.7 KiB
C
/* $Id$
|
|
*****************************************************************************
|
|
*
|
|
* File: fko.h
|
|
*
|
|
* Author: Damien S. Stuart
|
|
*
|
|
* Purpose: Header for the fwknop source files
|
|
*
|
|
* Copyright (C) 2008 Damien Stuart (dstuart@dstuart.org)
|
|
*
|
|
* License (GNU Public License):
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
|
* USA
|
|
*
|
|
*****************************************************************************
|
|
*/
|
|
#ifndef FKO_H
|
|
#define FKO_H 1
|
|
|
|
/* General params
|
|
*/
|
|
#define FKO_PROTOCOL_VERSION "1.9.10" /* The fwknop protocol version */
|
|
|
|
/* Supported FKO Message types...
|
|
*/
|
|
enum {
|
|
FKO_COMMAND_MSG = 0,
|
|
FKO_ACCESS_MSG,
|
|
FKO_NAT_ACCESS_MSG,
|
|
FKO_CLIENT_TIMEOUT_ACCESS_MSG,
|
|
FKO_CLIENT_TIMEOUT_NAT_ACCESS_MSG,
|
|
FKO_LOCAL_NAT_ACCESS_MSG,
|
|
FKO_CLIENT_TIMEOUT_LOCAL_NAT_ACCESS_MSG,
|
|
FKO_LAST_MSG_TYPE /* Always leave this as the last one */
|
|
};
|
|
|
|
/* Supported digest types...
|
|
*/
|
|
enum {
|
|
FKO_DIGEST_MD5 = 0,
|
|
FKO_DIGEST_SHA1,
|
|
FKO_DIGEST_SHA256,
|
|
FKO_LAST_DIGEST_TYPE /* Always leave this as the last one */
|
|
};
|
|
|
|
/* Supported encryption types...
|
|
*/
|
|
enum {
|
|
FKO_ENCRYPTION_RIJNDAEL = 0,
|
|
FKO_ENCRYPTION_GPG,
|
|
FKO_LAST_ENCRYPTION_TYPE /* Always leave this as the last one */
|
|
};
|
|
|
|
/* General state flag bit values.
|
|
*/
|
|
enum {
|
|
FKO_CTX_SET = 1, /* Set when ctx is initialized */
|
|
FKO_RAND_VAL_MODIFIED = 1 << 1,
|
|
FKO_USERNAME_MODIFIED = 1 << 2,
|
|
FKO_TIMESTAMP_MODIFIED = 1 << 3,
|
|
FKO_VERSION_MODIFIED = 1 << 4,
|
|
FKO_SPA_MSG_TYPE_MODIFIED = 1 << 6,
|
|
FKO_CTX_SET_2 = 1 << 7, /* Set when ctx is initialized */
|
|
FKO_SPA_MSG_MODIFIED = 1 << 8,
|
|
FKO_NAT_ACCESS_MODIFIED = 1 << 9,
|
|
FKO_SERVER_AUTH_MODIFIED = 1 << 10,
|
|
FKO_CLIENT_TIMEOUT_MODIFIED = 1 << 11,
|
|
FKO_DIGEST_TYPE_MODIFIED = 1 << 12,
|
|
FKO_ENCRYPT_TYPE_MODIFIED = 1 << 13,
|
|
FKO_GPG_SUPPORTED = 1 << 14,
|
|
FKO_BACKWARD_COMPATIBLE = 1 << 15
|
|
};
|
|
|
|
/* This is used in conjunction with the ctx->initial value as a means to
|
|
* determine if the ctx has been properly initialized. However, this
|
|
* may not work 100% of the time as it is possible (though not likely)
|
|
* an ctx may have values that match both the flags and the ctx->initial
|
|
* value.
|
|
*/
|
|
#define FKO_CTX_INITIALIZED (FKO_CTX_SET|FKO_CTX_SET_2)
|
|
|
|
#define FKO_SET_CTX_INITIALIZED(ctx) \
|
|
(ctx->state |= (FKO_CTX_INITIALIZED))
|
|
|
|
#define FKO_CLEAR_CTX_INITIALIZED(ctx) \
|
|
(ctx->state &= (0xffff & ~FKO_CTX_INITIALIZED))
|
|
|
|
/* Consolidate all SPA data modified flags.
|
|
*/
|
|
#define FKO_ANY_SPA_DATA_MODIFIED ( \
|
|
FKO_RAND_VAL_MODIFIED | FKO_USERNAME_MODIFIED | FKO_TIMESTAMP_MODIFIED \
|
|
| FKO_VERSION_MODIFIED | FKO_SPA_MSG_TYPE_MODIFIED | FKO_SPA_MSG_MODIFIED \
|
|
| FKO_NAT_ACCESS_MODIFIED | FKO_SERVER_AUTH_MODIFIED \
|
|
| FKO_CLIENT_TIMEOUT_MODIFIED | FKO_DIGEST_TYPE_MODIFIED \
|
|
| FKO_ENCRYPT_TYPE_MODIFIED )
|
|
|
|
/* This should return true if any SPA data field has been modifed since the
|
|
* last encode/encrypt.
|
|
*/
|
|
#define FKO_SPA_DATA_MODIFIED(ctx) (ctx->state & FKO_ANY_SPA_DATA_MODIFIED)
|
|
|
|
/* Clear all SPA data modified flags. This is normally called after a
|
|
* succesful encode/digest/encryption cycle.
|
|
*/
|
|
#define FKO_CLEAR_SPA_DATA_MODIFIED(ctx) \
|
|
(ctx->state &= (0xffff & ~FKO_ANY_SPA_DATA_MODIFIED))
|
|
|
|
/* Macros used for determining ctx initialization state.
|
|
*/
|
|
#define CTX_INITIALIZED(ctx) (ctx->initval == FKO_CTX_INITIALIZED)
|
|
|
|
/* FKO ERROR_CODES
|
|
*
|
|
* Note: If you change this list in any way, please be syre to make the
|
|
* appropriate corresponding change to the error message list in
|
|
* fko_error.c.
|
|
*/
|
|
enum {
|
|
FKO_SUCCESS = 0,
|
|
FKO_ERROR_CTX_NOT_INITIALIZED,
|
|
FKO_ERROR_MEMORY_ALLOCATION,
|
|
FKO_ERROR_INVALID_DATA,
|
|
FKO_ERROR_DATA_TOO_LARGE,
|
|
FKO_ERROR_USERNAME_UNKNOWN,
|
|
FKO_ERROR_INCOMPLETE_SPA_DATA,
|
|
FKO_ERROR_MISSING_ENCODED_DATA,
|
|
FKO_ERROR_INVALID_DIGEST_TYPE,
|
|
FKO_ERROR_INVALID_ALLOW_IP,
|
|
FKO_ERROR_INVALID_SPA_COMMAND_MSG,
|
|
FKO_ERROR_INVALID_SPA_ACCESS_MSG,
|
|
FKO_ERROR_INVALID_SPA_NAT_ACCESS_MSG,
|
|
FKO_ERROR_INVALID_ENCRYPTION_TYPE,
|
|
FKO_ERROR_DECRYPTION_SIZE_ERROR,
|
|
/* Add more errors above this line */
|
|
FKO_ERROR_UNSUPPORTED_FEATURE,
|
|
FKO_ERROR_UNKNOWN
|
|
};
|
|
|
|
/* General Defaults
|
|
*/
|
|
#define FKO_DEFAULT_MSG_TYPE FKO_ACCESS_MSG
|
|
#define FKO_DEFAULT_DIGEST FKO_DIGEST_SHA256
|
|
#define FKO_DEFAULT_ENCRYPTION FKO_ENCRYPTION_RIJNDAEL
|
|
|
|
/* How much space we allow for the fko context error message buffer.
|
|
*/
|
|
#define MAX_FKO_ERR_MSG_SIZE 128
|
|
|
|
/* Define some limits (--DSS XXX: These sizes need to be reviewed)
|
|
*/
|
|
#define MAX_SPA_USERNAME_SIZE 64
|
|
#define MAX_SPA_MESSAGE_SIZE 256
|
|
#define MAX_SPA_NAT_ACCESS_SIZE 128
|
|
#define MAX_SPA_SERVER_AUTH_SIZE 64
|
|
|
|
#define MIN_SPA_ENCODED_MSG_SIZE 36 /* Somewhat arbitrary */
|
|
#define MIN_GNUPG_MSG_SIZE 400
|
|
|
|
/* Misc.
|
|
*/
|
|
#define FKO_RAND_VAL_SIZE 16
|
|
#define FKO_ENCODE_TMP_BUF_SIZE 1024
|
|
|
|
/* The pieces we need to make an FKO SPA data packet.
|
|
*/
|
|
typedef struct _fko_ctx {
|
|
/* FKO SPA message data (raw and un-encoded) */
|
|
char rand_val[FKO_RAND_VAL_SIZE+1];
|
|
char *username;
|
|
unsigned int timestamp;
|
|
char *version;
|
|
short message_type;
|
|
char *message;
|
|
char *nat_access;
|
|
char *server_auth;
|
|
unsigned int client_timeout;
|
|
char *digest;
|
|
|
|
/* FKO SPA message encoding types */
|
|
short digest_type;
|
|
short encryption_type;
|
|
|
|
/* Complete processed data (encodings, etc.) */
|
|
char *encoded_msg;
|
|
|
|
char *encrypted_msg;
|
|
unsigned int encrypted_msg_size;
|
|
|
|
/* State info */
|
|
unsigned short state;
|
|
unsigned char initval;
|
|
|
|
} fko_ctx_t;
|
|
|
|
/* Function prototypes
|
|
*/
|
|
int fko_new(fko_ctx_t *ctx);
|
|
int fko_new_with_data(fko_ctx_t *ctx, char *enc_data);
|
|
void fko_destroy(fko_ctx_t *ctx);
|
|
|
|
char* fko_version(fko_ctx_t *ctx);
|
|
const char* fko_errstr(int err_code);
|
|
|
|
int fko_set_rand_value(fko_ctx_t *ctx, const char *val);
|
|
int fko_set_username(fko_ctx_t *ctx, const char *spoof_user);
|
|
int fko_set_timestamp(fko_ctx_t *ctx, int offset);
|
|
int fko_set_spa_message_type(fko_ctx_t *ctx, short msg_type);
|
|
int fko_set_spa_message(fko_ctx_t *ctx, const char *msg_string);
|
|
int fko_set_spa_nat_access(fko_ctx_t *ctx, const char *nat_access);
|
|
int fko_set_spa_server_auth(fko_ctx_t *ctx, const char *server_auth);
|
|
int fko_set_spa_client_timeout(fko_ctx_t *ctx, int timeout);
|
|
int fko_set_spa_digest_type(fko_ctx_t *ctx, short digest_type);
|
|
int fko_set_spa_digest(fko_ctx_t *ctx);
|
|
int fko_set_spa_encryption_type(fko_ctx_t *ctx, short encrypt_type);
|
|
|
|
char* fko_get_rand_value(fko_ctx_t *ctx);
|
|
char* fko_get_username(fko_ctx_t *ctx);
|
|
unsigned int fko_get_timestamp(fko_ctx_t *ctx);
|
|
short fko_get_spa_message_type(fko_ctx_t *ctx);
|
|
char* fko_get_spa_message(fko_ctx_t *ctx);
|
|
char* fko_get_spa_nat_access(fko_ctx_t *ctx);
|
|
char* fko_get_spa_server_auth(fko_ctx_t *ctx);
|
|
int fko_get_spa_client_timeout(fko_ctx_t *ctx);
|
|
short fko_get_spa_digest_type(fko_ctx_t *ctx);
|
|
char* fko_get_spa_digest(fko_ctx_t *ctx);
|
|
short fko_get_spa_encryption_type(fko_ctx_t *ctx);
|
|
|
|
int fko_encode_spa_data(fko_ctx_t *ctx);
|
|
int fko_decode_spa_data(fko_ctx_t *ctx);
|
|
|
|
int fko_encrypt_spa_data(fko_ctx_t *ctx, const char *enc_key);
|
|
int fko_decrypt_spa_data(fko_ctx_t *ctx, const char *dec_key);
|
|
|
|
|
|
#endif /* FKO_H */
|
|
|
|
/***EOF***/
|