1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * dhcpcd - DHCP client daemon 4 * Copyright (c) 2006-2023 Roy Marples <roy@marples.name> 5 * All rights reserved 6 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #ifndef AUTH_H 30 #define AUTH_H 31 32 #include "config.h" 33 34 #ifdef HAVE_SYS_QUEUE_H 35 #include <sys/queue.h> 36 #endif 37 38 #define DHCPCD_AUTH_SEND (1 << 0) 39 #define DHCPCD_AUTH_REQUIRE (1 << 1) 40 #define DHCPCD_AUTH_RDM_COUNTER (1 << 2) 41 42 #define DHCPCD_AUTH_SENDREQUIRE (DHCPCD_AUTH_SEND | DHCPCD_AUTH_REQUIRE) 43 44 #define AUTH_PROTO_TOKEN 0 45 #define AUTH_PROTO_DELAYED 1 46 #define AUTH_PROTO_DELAYEDREALM 2 47 #define AUTH_PROTO_RECONFKEY 3 48 49 #define AUTH_ALG_NONE 0 50 #define AUTH_ALG_HMAC_MD5 1 51 52 #define AUTH_RDM_MONOTONIC 0 53 54 struct token { 55 TAILQ_ENTRY(token) next; 56 uint32_t secretid; 57 size_t realm_len; 58 unsigned char *realm; 59 size_t key_len; 60 unsigned char *key; 61 time_t expire; 62 }; 63 64 TAILQ_HEAD(token_head, token); 65 66 struct auth { 67 int options; 68 #ifdef AUTH 69 uint8_t protocol; 70 uint8_t algorithm; 71 uint8_t rdm; 72 uint64_t last_replay; 73 uint8_t last_replay_set; 74 struct token_head tokens; 75 uint32_t token_snd_secretid; 76 uint32_t token_rcv_secretid; 77 #endif 78 }; 79 80 struct authstate { 81 uint64_t replay; 82 struct token *token; 83 struct token *reconf; 84 }; 85 86 void dhcp_auth_reset(struct authstate *); 87 88 const struct token * dhcp_auth_validate(struct authstate *, 89 const struct auth *, 90 const void *, size_t, int, int, 91 const void *, size_t); 92 93 struct dhcpcd_ctx; 94 ssize_t dhcp_auth_encode(struct dhcpcd_ctx *, struct auth *, 95 const struct token *, 96 void *, size_t, int, int, 97 void *, size_t); 98 99 int auth_get_rdm_monotonic(uint64_t *rdm); 100 #endif 101