1 /*-
2  * Copyright (c) 2010 Alistair Crooks <agc@NetBSD.org>
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  */
25 #ifndef LIBPAA_H_
26 #define LIBPAA_H_	20100908
27 
28 #include <sys/types.h>
29 
30 #include <inttypes.h>
31 #include <stdio.h>
32 
33 #define DEFAULT_HASH_ALG "SHA256"
34 
35 enum {
36 	PAA_CHALLENGE_SIZE	= 128
37 };
38 
39 /* constant and secret info for server side */
40 typedef struct paa_server_info_t {
41 	char		 hostaddress[128];		/* host ip address */
42 	char		*secret;			/* raw secret of server */
43 	unsigned	 secretc;			/* # of characters used */
44 	char		 server_signature[512];		/* this is the encoded signature */
45 	int		 server_signaturec;		/* # of chars in encoded sig */
46 } paa_server_info_t;
47 
48 /* used in server to formulate challenge */
49 typedef struct paa_challenge_t {
50 	const char	*realm;				/* this is realm of challenge */
51 	const char	*domain;			/* domain of challenge */
52 	char		 challenge[512];		/* the output challenge */
53 	int		 challengec;			/* # of chars in challenge */
54 	/* sub-parts of challenge */
55 	char		 encoded_challenge[512];	/* encoded challenge part */
56 	int		 encc;				/* # of chars in encoded challenge */
57 } paa_challenge_t;
58 
59 /* used in client to formulate response */
60 typedef struct paa_response_t {
61 	const char	*userid;			/* identity to be used for signature */
62 	const char	*realm;				/* realm that client wants */
63 	char		 challenge[PAA_CHALLENGE_SIZE];	/* input challenge */
64 	int		 challengec;			/* # if chars in input */
65 	char		 response[PAA_CHALLENGE_SIZE * 2];	/* output response */
66 	int		 respc;				/* # of chars in output */
67 } paa_response_t;
68 
69 /* this struct holds the identity information in the paa response */
70 typedef struct paa_identity_t {
71 	char		 userid[32];		/* verified identity */
72 	char		 client[128];		/* client address */
73 	char		 realm[128];		/* client realm */
74 	char		 domain[128];		/* client domain */
75 	int64_t		 timestamp;		/* time of response */
76 } paa_identity_t;
77 
78 /* support functions */
79 int paa_write_file(const char *, char *, unsigned);
80 int paa_read_file(const char *, char *, size_t);
81 
82 /* server initialisations - one time */
83 int paa_server_init(paa_server_info_t *, unsigned);
84 
85 /* body of pubkey access authentication challenge/response/check functionality */
86 int paa_format_challenge(paa_challenge_t *, paa_server_info_t *, char *, size_t);
87 int paa_format_response(paa_response_t *, netpgp_t *, char *, char *, size_t);
88 int paa_check_response(paa_challenge_t *, paa_identity_t *, netpgp_t *, char *);
89 
90 /* who are ya? */
91 int paa_print_identity(FILE *, paa_identity_t *);
92 
93 #endif
94