[thirdparty/chrony.git] / ntp_auth.h

/*
  chronyd/chronyc - Programs for keeping computer clocks accurate.

 **********************************************************************
 * Copyright (C) Miroslav Lichvar  2019
 * 
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of version 2 of the GNU General Public License as
 * published by the Free Software Foundation.
 * 
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 * 
 **********************************************************************

  =======================================================================

  Header file for NTP authentication
  */

#ifndef GOT_NTP_AUTH_H
#define GOT_NTP_AUTH_H

#include "addressing.h"
#include "ntp.h"
#include "reports.h"

typedef struct NAU_Instance_Record *NAU_Instance;

/* Create an authenticator instance in a specific mode */
extern NAU_Instance NAU_CreateNoneInstance(void);
extern NAU_Instance NAU_CreateSymmetricInstance(uint32_t key_id);
extern NAU_Instance NAU_CreateNtsInstance(IPSockAddr *nts_address, const char *name,
                                          uint32_t cert_set, uint16_t ntp_port);

/* Destroy an instance */
extern void NAU_DestroyInstance(NAU_Instance instance);

/* Check if an instance is not in the None mode */
extern int NAU_IsAuthEnabled(NAU_Instance instance);

/* Get NTP version recommended for better compatibility */
extern int NAU_GetSuggestedNtpVersion(NAU_Instance instance);

/* Perform operations necessary for NAU_GenerateRequestAuth() */
extern int NAU_PrepareRequestAuth(NAU_Instance instance);

/* Extend a request with data required by the authentication mode */
extern int NAU_GenerateRequestAuth(NAU_Instance instance, NTP_Packet *request,
                                   NTP_PacketInfo *info);

/* Parse a request or response to detect the authentication mode */
extern int NAU_ParsePacket(NTP_Packet *packet, NTP_PacketInfo *info);

/* Verify that a request is authentic.  If it is not authentic and a non-zero
   kod code is returned, a KoD response should be sent back. */
extern int NAU_CheckRequestAuth(NTP_Packet *request, NTP_PacketInfo *info, uint32_t *kod);

/* Extend a response with data required by the authentication mode.  This
   function can be called only if the previous call of NAU_CheckRequestAuth()
   was on the same request. */
extern int NAU_GenerateResponseAuth(NTP_Packet *request, NTP_PacketInfo *request_info,
                                    NTP_Packet *response, NTP_PacketInfo *response_info,
                                    NTP_Remote_Address *remote_addr,
                                    NTP_Local_Address *local_addr,
                                    uint32_t kod);

/* Verify that a response is authentic */
extern int NAU_CheckResponseAuth(NAU_Instance instance, NTP_Packet *response,
                                 NTP_PacketInfo *info);

/* Change an authentication-specific address (e.g. after replacing a source) */
extern void NAU_ChangeAddress(NAU_Instance instance, IPAddr *address);

/* Save authentication-specific data to speed up the next start */
extern void NAU_DumpData(NAU_Instance instance);

/* Provide a report about the current authentication state */
extern void NAU_GetReport(NAU_Instance instance, RPT_AuthReport *report);

#endif
Commit	Line	Data
ca28dbd2 ML	1	/*
	2	chronyd/chronyc - Programs for keeping computer clocks accurate.
	3
	4	**********************************************************************
	5	* Copyright (C) Miroslav Lichvar 2019
	6	*
	7	* This program is free software; you can redistribute it and/or modify
	8	* it under the terms of version 2 of the GNU General Public License as
	9	* published by the Free Software Foundation.
	10	*
	11	* This program is distributed in the hope that it will be useful, but
	12	* WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	14	* General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU General Public License along
	17	* with this program; if not, write to the Free Software Foundation, Inc.,
	18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
	19	*
	20	**********************************************************************
	21
	22	=======================================================================
	23
	24	Header file for NTP authentication
	25	*/
	26
	27	#ifndef GOT_NTP_AUTH_H
	28	#define GOT_NTP_AUTH_H
	29
	30	#include "addressing.h"
	31	#include "ntp.h"
79c7384e	32	#include "reports.h"
ca28dbd2 ML	33
	34	typedef struct NAU_Instance_Record *NAU_Instance;
	35
	36	/* Create an authenticator instance in a specific mode */
	37	extern NAU_Instance NAU_CreateNoneInstance(void);
	38	extern NAU_Instance NAU_CreateSymmetricInstance(uint32_t key_id);
c4150872	39	extern NAU_Instance NAU_CreateNtsInstance(IPSockAddr nts_address, const char name,
6615bb1b	40	uint32_t cert_set, uint16_t ntp_port);
ca28dbd2 ML	41
	42	/* Destroy an instance */
	43	extern void NAU_DestroyInstance(NAU_Instance instance);
	44
	45	/* Check if an instance is not in the None mode */
	46	extern int NAU_IsAuthEnabled(NAU_Instance instance);
	47
	48	/* Get NTP version recommended for better compatibility */
	49	extern int NAU_GetSuggestedNtpVersion(NAU_Instance instance);
	50
	51	/* Perform operations necessary for NAU_GenerateRequestAuth() */
	52	extern int NAU_PrepareRequestAuth(NAU_Instance instance);
	53
ca28dbd2 ML	54	/* Extend a request with data required by the authentication mode */
	55	extern int NAU_GenerateRequestAuth(NAU_Instance instance, NTP_Packet *request,
	56	NTP_PacketInfo *info);
	57
56a102ed ML	58	/* Parse a request or response to detect the authentication mode */
	59	extern int NAU_ParsePacket(NTP_Packet packet, NTP_PacketInfo info);
	60
aca1daf7 ML	61	/* Verify that a request is authentic. If it is not authentic and a non-zero
	62	kod code is returned, a KoD response should be sent back. */
	63	extern int NAU_CheckRequestAuth(NTP_Packet request, NTP_PacketInfo info, uint32_t *kod);
ca28dbd2	64
ca28dbd2 ML	65	/* Extend a response with data required by the authentication mode. This
	66	function can be called only if the previous call of NAU_CheckRequestAuth()
	67	was on the same request. */
	68	extern int NAU_GenerateResponseAuth(NTP_Packet request, NTP_PacketInfo request_info,
	69	NTP_Packet response, NTP_PacketInfo response_info,
	70	NTP_Remote_Address *remote_addr,
aca1daf7 ML	71	NTP_Local_Address *local_addr,
aca1daf7 ML	72	uint32_t kod);
ca28dbd2 ML	73
	74	/* Verify that a response is authentic */
	75	extern int NAU_CheckResponseAuth(NAU_Instance instance, NTP_Packet *response,
	76	NTP_PacketInfo *info);
	77
86d29221 ML	78	/* Change an authentication-specific address (e.g. after replacing a source) */
	79	extern void NAU_ChangeAddress(NAU_Instance instance, IPAddr *address);
	80
d690faeb ML	81	/* Save authentication-specific data to speed up the next start */
	82	extern void NAU_DumpData(NAU_Instance instance);
	83
79c7384e ML	84	/* Provide a report about the current authentication state */
	85	extern void NAU_GetReport(NAU_Instance instance, RPT_AuthReport *report);
	86
ca28dbd2	87	#endif