5 sptps.h -- Simple Peer-to-Peer Security
6 Copyright (C) 2011-2021 Guus Sliepen <guus@tinc-vpn.org>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #include "chacha-poly1305/chachapoly.h"
29 #define SPTPS_VERSION 1
32 #define SPTPS_HANDSHAKE 128 // Key exchange and authentication
33 #define SPTPS_ALERT 129 // Warning or error messages
34 #define SPTPS_CLOSE 130 // Application closed the connection
36 // Overhead for datagrams
37 static const size_t SPTPS_OVERHEAD = 19;
38 static const size_t SPTPS_HEADER = 3;
39 static const size_t SPTPS_DATAGRAM_OVERHEAD = 21;
40 static const size_t SPTPS_DATAGRAM_HEADER = 5;
42 typedef bool (*send_data_t)(void *handle, uint8_t type, const void *data, size_t len);
43 typedef bool (*receive_record_t)(void *handle, uint8_t type, const void *data, uint16_t len);
45 // Key exchange states
46 typedef enum sptps_state_t {
47 SPTPS_KEX = 1, // Waiting for the first Key EXchange record
48 SPTPS_SECONDARY_KEX = 2, // Ready to receive a secondary Key EXchange record
49 SPTPS_SIG = 3, // Waiting for a SIGnature record
50 SPTPS_ACK = 4, // Waiting for an ACKnowledgement record
53 PACKED(struct sptps_kex_t {
55 uint8_t preferred_suite;
56 uint16_t cipher_suites;
57 uint8_t nonce[ECDH_SIZE];
58 uint8_t pubkey[ECDH_SIZE];
61 typedef struct sptps_kex_t sptps_kex_t;
63 STATIC_ASSERT(sizeof(sptps_kex_t) == 68, "sptps_kex_t has invalid size");
65 // Big enough to handle a 256 bit key + IV
66 #define SPTPS_KEYLEN 64
68 typedef union sptps_key_t {
70 uint8_t key0[SPTPS_KEYLEN];
71 uint8_t key1[SPTPS_KEYLEN];
73 uint8_t both[SPTPS_KEYLEN * 2];
76 STATIC_ASSERT(sizeof(sptps_key_t) == 128, "sptps_key_t has invalid size");
85 SPTPS_CHACHA_POLY1305 = 0,
87 SPTPS_ALL_CIPHER_SUITES = 0x3,
90 typedef struct sptps_params {
94 uint8_t preferred_suite;
95 uint16_t cipher_suites;
100 send_data_t send_data;
101 receive_record_t receive_record;
104 typedef struct sptps {
107 uint8_t preferred_suite;
108 uint16_t cipher_suites;
111 uint8_t cipher_suite;
122 unsigned int replaywin;
123 unsigned int farfuture;
141 send_data_t send_data;
142 receive_record_t receive_record;
145 extern unsigned int sptps_replaywin;
146 extern void sptps_log_quiet(sptps_t *s, int s_errno, const char *format, va_list ap) ATTR_FORMAT(printf, 3, 0);
147 extern void sptps_log_stderr(sptps_t *s, int s_errno, const char *format, va_list ap) ATTR_FORMAT(printf, 3, 0);
148 extern void (*sptps_log)(sptps_t *s, int s_errno, const char *format, va_list ap) ATTR_FORMAT(printf, 3, 0);
149 extern bool sptps_start(sptps_t *s, const struct sptps_params *params);
150 extern bool sptps_stop(sptps_t *s);
151 extern bool sptps_send_record(sptps_t *s, uint8_t type, const void *data, uint16_t len);
152 extern size_t sptps_receive_data(sptps_t *s, const void *data, size_t len);
153 extern bool sptps_force_kex(sptps_t *s);
154 extern bool sptps_verify_datagram(sptps_t *s, const void *data, size_t len);