/
CryptoAuth.h
107 lines (94 loc) · 4.85 KB
/
CryptoAuth.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
#ifndef CRYPTO_AUTH_H
#define CRYPTO_AUTH_H
#include "crypto/Session.h"
#include "interface/Interface.h"
#include "libbenc/benc.h"
#include "log/Log.h"
#include "memory/MemAllocator.h"
#include "util/Endian.h"
#include <stdint.h>
#include <stdbool.h>
#include <event2/event.h>
struct CryptoAuth;
/**
* Associate a password:authtype pair with a user object.
* Calling CryptoAuth_getUser() on any interface which has established a connection with
* the same password:authType pair will return the same user object.
*
* @param password This should be a key derived from the password using a good key derivation
* function, using a plaintext password here is NOT recommended.
* @param authType The method of authenticating the user, only option currently is 1 for sha256
* based authentication.
* @param user The thing to associate with this user, will be returned by CryptoAuth_getUser().
* If this is NULL and requireAuthentication is enabled, authentication will fail.
* @param context The CryptoAuth context.
* @return 0 if all goes well, -1 if the authentication method is not supported and -2 if there is
* not enough space to store the user.
*/
int32_t CryptoAuth_addUser(String* password,
uint8_t authType,
void* user,
struct CryptoAuth* context);
/**
* Get the user object associated with the authenticated session or NULL if there is none.
* Please make sure to only call this on interfaces which were actually returned by
* CryptoAuth_wrapInterface() as strange and interesting bugs will result otherwise.
*
* @param interface an interface as returned by CryptoAuth_wrapInterface().
* @return the user object added by calling CryptoAuth_addUser() or NULL if this session is not
* authenticated.
*/
void* CryptoAuth_getUser(struct Interface* interface);
/**
* Create a new crypto authenticator.
*
* @param config the configuration for this CryptoAuth, configuration options include:
* resetAfterInactivitySeconds -- the number of seconds of inactivity after which to
* reset the connection.
* @param allocator the means of aquiring memory.
* @param privateKey the private key to use for this CryptoAuth or null if one should be generated.
* @param eventBase the libevent context for handling timeouts.
* @param logger the mechanism for logging output from the CryptoAuth.
* if NULL then no logging will be done.
* @return a new CryptoAuth context.
*/
struct CryptoAuth* CryptoAuth_new(Dict* config,
struct MemAllocator* allocator,
const uint8_t* privateKey,
struct event_base* eventBase,
struct Log* logger);
/**
* Wrap an interface with crypto authentication.
*
* @param toWarp the interface to wrap
* @param herPublicKey the public key of the other party or NULL if unknown.
* @param requireAuth if the remote end of this interface begins the connection, require
* them to present valid authentication credentials to connect.
* If this end begins the connection, this parameter has no effect.
* @param authenticatePackets if true, all packets will be protected against forgery and replay
* attacks, this is a seperate system from password and authType.
* @param context the CryptoAuth context.
*/
struct Interface* CryptoAuth_wrapInterface(struct Interface* toWrap,
uint8_t herPublicKey[32],
const bool requireAuth,
bool authenticatePackets,
struct CryptoAuth* context);
/**
* Choose the authentication credentials to use.
* WARNING: Even if the remote end begins the connection, these credentials will be presented which
* will cause the connection initiation to fail if the remote end does not know of them.
*
* @param password the password to use for authenticating, this must match the password given to
* CryptoAuth_addUser() at the other end of the connection.
* @param authType this must match CryptoAuth_addUser() at the other end of the connection.
* @param wrappedInterface this MUST be the output from CryptoAuth_wrapInterface().
*/
void CryptoAuth_setAuth(const String* password,
const uint8_t authType,
struct Interface* wrappedInterface);
void CryptoAuth_getPublicKey(uint8_t output[32], struct CryptoAuth* context);
uint8_t* CryptoAuth_getHerPublicKey(struct Interface* interface);
void CryptoAuth_getSession(struct Session* output, struct Interface* interface);
void CryptoAuth_reset(struct Interface* interface);
#endif