/*
- * Copyright (C) 2005-2009 Andre Noll <maan@systemlinux.org>
+ * Copyright (C) 2005-2011 Andre Noll <maan@systemlinux.org>
*
* Licensed under the GPL v2. For licencing details see COPYING.
*/
-/** \file crypt.h prototypes for the RSA crypt functions */
+/** \file crypt.h Public crypto interface. */
-#include <openssl/pem.h>
-int para_encrypt_buffer(RSA* rsa, unsigned char *inbuf, unsigned len,
- unsigned char *outbuf);
-int para_decrypt_buffer(char *key_file, unsigned char *outbuf, unsigned char *inbuf,
- unsigned rsa_inlen);
-int get_rsa_key(char *key_file, RSA **rsa, int private);
-void rsa_free(RSA *rsa);
+/** \cond used to distinguish between loading of private/public key */
+#define LOAD_PUBLIC_KEY 0
+#define LOAD_PRIVATE_KEY 1
+#define CHALLENGE_SIZE 64
+/** \endcond **/
+
+/* asymetric (public key) crypto */
+
+/** Opaque structure for public and private keys. */
+struct asymmetric_key;
+
+int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
+ unsigned len, unsigned char *outbuf);
+int priv_decrypt(const char *key_file, unsigned char *outbuf,
+ unsigned char *inbuf, int inlen);
+int get_asymmetric_key(const char *key_file, int private,
+ struct asymmetric_key **result);
+void free_asymmetric_key(struct asymmetric_key *key);
+
+/* random numbers */
void get_random_bytes_or_die(unsigned char *buf, int num);
void init_random_seed_or_die(void);
+/* stream cipher declarations and prototypes */
+
+/** Opaque structure for stream ciphers. */
+struct stream_cipher;
+/** Number of bytes of the session key for stream ciphers. */
+#define SESSION_KEY_LEN 32
/**
- * Used on the server-side for client-server communication encryption.
+ * Used for client-server communication encryption.
*
- * The traffic between (the forked child of) para_server and the remote
- * client process is crypted by a RC4 session key. This structure contains
- * the RC4 keys and the file descriptor for which these keys should be used.
+ * The traffic between (the forked child of) para_server and the remote client
+ * process is crypted by a symmetric session key. This structure contains the
+ * keys for the stream cipher and the file descriptor for which these keys
+ * should be used.
*/
-struct rc4_context {
+struct stream_cipher_context {
/** The socket file descriptor. */
int fd;
- /** Key used for sending data. */
- RC4_KEY recv_key;
/** Key used for receiving data. */
- RC4_KEY send_key;
+ struct stream_cipher *recv;
+ /** Key used for sending data. */
+ struct stream_cipher *send;
};
-int rc4_send_bin_buffer(struct rc4_context *rc4c, const char *buf, size_t len);
-int rc4_send_buffer(struct rc4_context *rc4c, const char *buf);
-__printf_2_3 int rc4_send_va_buffer(struct rc4_context *rc4c, const char *fmt, ...);
-int rc4_recv_bin_buffer(struct rc4_context *rcc, char *buf, size_t size);
-int rc4_recv_buffer(struct rc4_context *rcc, char *buf, size_t size);
+struct stream_cipher *sc_new(const unsigned char *data, int len);
+void sc_free(struct stream_cipher *sc);
+int sc_send_bin_buffer(struct stream_cipher_context *scc, const char *buf,
+ size_t len);
+int sc_send_buffer(struct stream_cipher_context *scc, const char *buf);
+__printf_2_3 int sc_send_va_buffer(struct stream_cipher_context *scc,
+ const char *fmt, ...);
+int sc_recv_bin_buffer(struct stream_cipher_context *scc, char *buf,
+ size_t size);
+int sc_recv_buffer(struct stream_cipher_context *scc, char *buf, size_t size);
-/** \cond used to distinguish between loading of private/public key */
-#define LOAD_PUBLIC_KEY 0
-#define LOAD_PRIVATE_KEY 1
-#define CHALLENGE_SIZE 64
-/** \endcond **/
+/* hashing */
+
+/** Size of the hash value in bytes. */
+#define HASH_SIZE 20
+
+void hash_function(const char *data, unsigned long len, unsigned char *hash);
+void hash_to_asc(unsigned char *hash, char *asc);
+int hash_compare(unsigned char *h1, unsigned char *h2);