1*9f20bfa6SDavid van Moolenbroek /* $NetBSD: auth.h,v 1.9 2015/05/16 23:31:32 roy Exp $ */ 2*9f20bfa6SDavid van Moolenbroek 3*9f20bfa6SDavid van Moolenbroek /* 4*9f20bfa6SDavid van Moolenbroek * dhcpcd - DHCP client daemon 5*9f20bfa6SDavid van Moolenbroek * Copyright (c) 2006-2015 Roy Marples <roy@marples.name> 6*9f20bfa6SDavid van Moolenbroek * All rights reserved 7*9f20bfa6SDavid van Moolenbroek 8*9f20bfa6SDavid van Moolenbroek * Redistribution and use in source and binary forms, with or without 9*9f20bfa6SDavid van Moolenbroek * modification, are permitted provided that the following conditions 10*9f20bfa6SDavid van Moolenbroek * are met: 11*9f20bfa6SDavid van Moolenbroek * 1. Redistributions of source code must retain the above copyright 12*9f20bfa6SDavid van Moolenbroek * notice, this list of conditions and the following disclaimer. 13*9f20bfa6SDavid van Moolenbroek * 2. Redistributions in binary form must reproduce the above copyright 14*9f20bfa6SDavid van Moolenbroek * notice, this list of conditions and the following disclaimer in the 15*9f20bfa6SDavid van Moolenbroek * documentation and/or other materials provided with the distribution. 16*9f20bfa6SDavid van Moolenbroek * 17*9f20bfa6SDavid van Moolenbroek * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18*9f20bfa6SDavid van Moolenbroek * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19*9f20bfa6SDavid van Moolenbroek * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20*9f20bfa6SDavid van Moolenbroek * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21*9f20bfa6SDavid van Moolenbroek * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22*9f20bfa6SDavid van Moolenbroek * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23*9f20bfa6SDavid van Moolenbroek * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24*9f20bfa6SDavid van Moolenbroek * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25*9f20bfa6SDavid van Moolenbroek * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26*9f20bfa6SDavid van Moolenbroek * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27*9f20bfa6SDavid van Moolenbroek * SUCH DAMAGE. 28*9f20bfa6SDavid van Moolenbroek */ 29*9f20bfa6SDavid van Moolenbroek 30*9f20bfa6SDavid van Moolenbroek #ifndef AUTH_H 31*9f20bfa6SDavid van Moolenbroek #define AUTH_H 32*9f20bfa6SDavid van Moolenbroek 33*9f20bfa6SDavid van Moolenbroek #include "config.h" 34*9f20bfa6SDavid van Moolenbroek 35*9f20bfa6SDavid van Moolenbroek #ifdef HAVE_SYS_QUEUE_H 36*9f20bfa6SDavid van Moolenbroek #include <sys/queue.h> 37*9f20bfa6SDavid van Moolenbroek #endif 38*9f20bfa6SDavid van Moolenbroek 39*9f20bfa6SDavid van Moolenbroek #define DHCPCD_AUTH_SEND (1 << 0) 40*9f20bfa6SDavid van Moolenbroek #define DHCPCD_AUTH_REQUIRE (1 << 1) 41*9f20bfa6SDavid van Moolenbroek #define DHCPCD_AUTH_RDM_COUNTER (1 << 2) 42*9f20bfa6SDavid van Moolenbroek 43*9f20bfa6SDavid van Moolenbroek #define DHCPCD_AUTH_SENDREQUIRE (DHCPCD_AUTH_SEND | DHCPCD_AUTH_REQUIRE) 44*9f20bfa6SDavid van Moolenbroek 45*9f20bfa6SDavid van Moolenbroek #define AUTH_PROTO_TOKEN 0 46*9f20bfa6SDavid van Moolenbroek #define AUTH_PROTO_DELAYED 1 47*9f20bfa6SDavid van Moolenbroek #define AUTH_PROTO_DELAYEDREALM 2 48*9f20bfa6SDavid van Moolenbroek #define AUTH_PROTO_RECONFKEY 3 49*9f20bfa6SDavid van Moolenbroek 50*9f20bfa6SDavid van Moolenbroek #define AUTH_ALG_HMAC_MD5 1 51*9f20bfa6SDavid van Moolenbroek 52*9f20bfa6SDavid van Moolenbroek #define AUTH_RDM_MONOTONIC 0 53*9f20bfa6SDavid van Moolenbroek 54*9f20bfa6SDavid van Moolenbroek struct token { 55*9f20bfa6SDavid van Moolenbroek TAILQ_ENTRY(token) next; 56*9f20bfa6SDavid van Moolenbroek uint32_t secretid; 57*9f20bfa6SDavid van Moolenbroek size_t realm_len; 58*9f20bfa6SDavid van Moolenbroek unsigned char *realm; 59*9f20bfa6SDavid van Moolenbroek size_t key_len; 60*9f20bfa6SDavid van Moolenbroek unsigned char *key; 61*9f20bfa6SDavid van Moolenbroek time_t expire; 62*9f20bfa6SDavid van Moolenbroek }; 63*9f20bfa6SDavid van Moolenbroek 64*9f20bfa6SDavid van Moolenbroek TAILQ_HEAD(token_head, token); 65*9f20bfa6SDavid van Moolenbroek 66*9f20bfa6SDavid van Moolenbroek struct auth { 67*9f20bfa6SDavid van Moolenbroek int options; 68*9f20bfa6SDavid van Moolenbroek uint8_t protocol; 69*9f20bfa6SDavid van Moolenbroek uint8_t algorithm; 70*9f20bfa6SDavid van Moolenbroek uint8_t rdm; 71*9f20bfa6SDavid van Moolenbroek uint64_t last_replay; 72*9f20bfa6SDavid van Moolenbroek uint8_t last_replay_set; 73*9f20bfa6SDavid van Moolenbroek struct token_head tokens; 74*9f20bfa6SDavid van Moolenbroek }; 75*9f20bfa6SDavid van Moolenbroek 76*9f20bfa6SDavid van Moolenbroek struct authstate { 77*9f20bfa6SDavid van Moolenbroek uint64_t replay; 78*9f20bfa6SDavid van Moolenbroek struct token *token; 79*9f20bfa6SDavid van Moolenbroek struct token *reconf; 80*9f20bfa6SDavid van Moolenbroek }; 81*9f20bfa6SDavid van Moolenbroek 82*9f20bfa6SDavid van Moolenbroek void dhcp_auth_reset(struct authstate *); 83*9f20bfa6SDavid van Moolenbroek 84*9f20bfa6SDavid van Moolenbroek const struct token * dhcp_auth_validate(struct authstate *, 85*9f20bfa6SDavid van Moolenbroek const struct auth *, 86*9f20bfa6SDavid van Moolenbroek const uint8_t *, size_t, int, int, 87*9f20bfa6SDavid van Moolenbroek const uint8_t *, size_t); 88*9f20bfa6SDavid van Moolenbroek 89*9f20bfa6SDavid van Moolenbroek ssize_t dhcp_auth_encode(struct auth *, const struct token *, 90*9f20bfa6SDavid van Moolenbroek uint8_t *, size_t, int, int, 91*9f20bfa6SDavid van Moolenbroek uint8_t *, size_t); 92*9f20bfa6SDavid van Moolenbroek #endif 93