1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
/*
* Copyright (c) 2023-2024 Ian Marco Moffett and the Osmora Team.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of Hyra nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NSTP LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NSTP LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR STPHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef STP_SESSION_H_
#define STP_SESSION_H_
#include <stdint.h>
#include <defs.h>
/*
* The Session Request is sent from the client to the
* server and contains a HOP (hash, options, pubkey)
* payload along with some optional padding. If the 'U'
* bit of options (see Options/flag bits below) is to
* be set, then everything but the 'hash' field must
* be encrypted with the server's AES-128-CBC key and
* the 'hash' field should contain a SHA256 hash of the
* username as well as an FNV-1a hash (used for internal
* lookups in the server) after it. However, if the 'U'
* bit is to be left unset, the session request packet
* can be left unencrypted and 'hash' may be zeroed.
*
* @hash: SHA256 username hash + FNV-1a username hash.
* @options: Flags/options
* @pubkey: Ephemeral public key.
* @pad: Random padding used to obsecure message length
* (can be 8 to 32 bytes, optional)
*
* -- Option/flag bits --
*
* Bit number
* /
* 0 1 2 3 4 5 6
* ~ ~ ~ ~ ~ ~ ~
* U R R R R R R
* \
* Purpose
*
* U: User auth.
* R: Reserved, keep zero.
*/
struct session_request {
uint8_t hash[64];
uint8_t options;
uint8_t pubkey[32];
uint8_t pad[8];
} PACKED;
#endif /* STP_SESSION_H_ */
|
