18d36e1dfSRoy Marples /* SPDX-License-Identifier: BSD-2-Clause */ 27827cba2SAaron LI /* 37827cba2SAaron LI * dhcpcd - DHCP client daemon 4*80aa9461SRoy Marples * Copyright (c) 2006-2023 Roy Marples <roy@marples.name> 57827cba2SAaron LI * All rights reserved 67827cba2SAaron LI 77827cba2SAaron LI * Redistribution and use in source and binary forms, with or without 87827cba2SAaron LI * modification, are permitted provided that the following conditions 97827cba2SAaron LI * are met: 107827cba2SAaron LI * 1. Redistributions of source code must retain the above copyright 117827cba2SAaron LI * notice, this list of conditions and the following disclaimer. 127827cba2SAaron LI * 2. Redistributions in binary form must reproduce the above copyright 137827cba2SAaron LI * notice, this list of conditions and the following disclaimer in the 147827cba2SAaron LI * documentation and/or other materials provided with the distribution. 157827cba2SAaron LI * 167827cba2SAaron LI * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 177827cba2SAaron LI * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 187827cba2SAaron LI * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 197827cba2SAaron LI * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 207827cba2SAaron LI * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 217827cba2SAaron LI * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 227827cba2SAaron LI * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 237827cba2SAaron LI * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 247827cba2SAaron LI * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 257827cba2SAaron LI * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 267827cba2SAaron LI * SUCH DAMAGE. 277827cba2SAaron LI */ 287827cba2SAaron LI 297827cba2SAaron LI #ifndef AUTH_H 307827cba2SAaron LI #define AUTH_H 317827cba2SAaron LI 327827cba2SAaron LI #include "config.h" 337827cba2SAaron LI 347827cba2SAaron LI #ifdef HAVE_SYS_QUEUE_H 357827cba2SAaron LI #include <sys/queue.h> 367827cba2SAaron LI #endif 377827cba2SAaron LI 387827cba2SAaron LI #define DHCPCD_AUTH_SEND (1 << 0) 397827cba2SAaron LI #define DHCPCD_AUTH_REQUIRE (1 << 1) 407827cba2SAaron LI #define DHCPCD_AUTH_RDM_COUNTER (1 << 2) 417827cba2SAaron LI 427827cba2SAaron LI #define DHCPCD_AUTH_SENDREQUIRE (DHCPCD_AUTH_SEND | DHCPCD_AUTH_REQUIRE) 437827cba2SAaron LI 447827cba2SAaron LI #define AUTH_PROTO_TOKEN 0 457827cba2SAaron LI #define AUTH_PROTO_DELAYED 1 467827cba2SAaron LI #define AUTH_PROTO_DELAYEDREALM 2 477827cba2SAaron LI #define AUTH_PROTO_RECONFKEY 3 487827cba2SAaron LI 497827cba2SAaron LI #define AUTH_ALG_NONE 0 507827cba2SAaron LI #define AUTH_ALG_HMAC_MD5 1 517827cba2SAaron LI 527827cba2SAaron LI #define AUTH_RDM_MONOTONIC 0 537827cba2SAaron LI 547827cba2SAaron LI struct token { 557827cba2SAaron LI TAILQ_ENTRY(token) next; 567827cba2SAaron LI uint32_t secretid; 577827cba2SAaron LI size_t realm_len; 587827cba2SAaron LI unsigned char *realm; 597827cba2SAaron LI size_t key_len; 607827cba2SAaron LI unsigned char *key; 617827cba2SAaron LI time_t expire; 627827cba2SAaron LI }; 637827cba2SAaron LI 647827cba2SAaron LI TAILQ_HEAD(token_head, token); 657827cba2SAaron LI 667827cba2SAaron LI struct auth { 677827cba2SAaron LI int options; 687827cba2SAaron LI #ifdef AUTH 697827cba2SAaron LI uint8_t protocol; 707827cba2SAaron LI uint8_t algorithm; 717827cba2SAaron LI uint8_t rdm; 727827cba2SAaron LI uint64_t last_replay; 737827cba2SAaron LI uint8_t last_replay_set; 747827cba2SAaron LI struct token_head tokens; 757827cba2SAaron LI uint32_t token_snd_secretid; 767827cba2SAaron LI uint32_t token_rcv_secretid; 777827cba2SAaron LI #endif 787827cba2SAaron LI }; 797827cba2SAaron LI 807827cba2SAaron LI struct authstate { 817827cba2SAaron LI uint64_t replay; 827827cba2SAaron LI struct token *token; 837827cba2SAaron LI struct token *reconf; 847827cba2SAaron LI }; 857827cba2SAaron LI 867827cba2SAaron LI void dhcp_auth_reset(struct authstate *); 877827cba2SAaron LI 887827cba2SAaron LI const struct token * dhcp_auth_validate(struct authstate *, 897827cba2SAaron LI const struct auth *, 907827cba2SAaron LI const void *, size_t, int, int, 917827cba2SAaron LI const void *, size_t); 927827cba2SAaron LI 93acd7a309SRoy Marples struct dhcpcd_ctx; 94acd7a309SRoy Marples ssize_t dhcp_auth_encode(struct dhcpcd_ctx *, struct auth *, 95acd7a309SRoy Marples const struct token *, 967827cba2SAaron LI void *, size_t, int, int, 977827cba2SAaron LI void *, size_t); 98acd7a309SRoy Marples 99acd7a309SRoy Marples int auth_get_rdm_monotonic(uint64_t *rdm); 1007827cba2SAaron LI #endif 101