22182d6c080fb7a95633b819bf148b70775a6474
[paraslash.git] / crypt.h
1 /* Copyright (C) 2005 Andre Noll <maan@tuebingen.mpg.de>, see file COPYING. */
2
3 /** \file crypt.h Public crypto interface. */
4
5 /** The size of the challenge sent to the client. */
6 #define CHALLENGE_SIZE 64
7
8 /** Opaque structure for public and private keys. */
9 struct asymmetric_key;
10
11 /**
12 * Encrypt a buffer using asymmetric keys.
13 *
14 * \param pub: The public key.
15 * \param inbuf The input buffer.
16 * \param len The length of \a inbuf.
17 * \param outbuf The output buffer.
18 *
19 * \return The size of the encrypted data on success, negative on errors.
20 */
21 int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
22 unsigned len, unsigned char *outbuf);
23
24 /**
25 * Decrypt a buffer using a private key.
26 *
27 * \param key_file Full path of the key.
28 * \param outbuf The output buffer.
29 * \param inbuf The encrypted input buffer.
30 * \param inlen The length of \a inbuf.
31 *
32 * The \a outbuf must be large enough to hold at least 512 bytes.
33 *
34 * \return The size of the recovered plaintext on success, negative on errors.
35 */
36 int priv_decrypt(const char *key_file, unsigned char *outbuf,
37 unsigned char *inbuf, int inlen);
38
39 /**
40 * Read an asymmetric key from a file.
41 *
42 * \param key_file The file containing the key.
43 * \param result The key structure is returned here.
44 *
45 * \return The size of the key on success, negative on errors.
46 */
47 int get_public_key(const char *key_file, struct asymmetric_key **result);
48
49 /**
50 * Deallocate a public key.
51 *
52 * \param key Pointer to the key structure to free.
53 *
54 * This should be called for keys obtained by get_public_key() if the key is no
55 * longer needed.
56 */
57 void free_public_key(struct asymmetric_key *key);
58
59
60 /**
61 * Fill a buffer with random content.
62 *
63 * \param buf The buffer to fill.
64 * \param num The size of \a buf in bytes.
65 *
66 * This function puts \a num cryptographically strong pseudo-random bytes into
67 * buf. If it can not guarantee an unpredictable byte sequence (for example
68 * because the PRNG has not been seeded with enough randomness) the function
69 * logs an error message and calls exit().
70 */
71 void get_random_bytes_or_die(unsigned char *buf, int num);
72
73 /**
74 * Seed pseudo random number generators.
75 *
76 * This function seeds the PRNG used by random() with a random seed obtained
77 * from the crypto implementation. On errors, an error message is logged and
78 * the function calls exit().
79 *
80 * \sa \ref get_random_bytes_or_die(), srandom(3), random(3), \ref
81 * para_random().
82 */
83 void init_random_seed_or_die(void);
84
85
86 /** Opaque structure for stream ciphers. */
87 struct stream_cipher;
88
89 /** Number of bytes of the session key for stream ciphers. */
90 #define SESSION_KEY_LEN 32
91
92 /**
93 * Used for client-server communication encryption.
94 *
95 * The traffic between (the forked child of) para_server and the remote client
96 * process is crypted by a symmetric session key. This structure contains the
97 * keys for the stream cipher and the file descriptor for which these keys
98 * should be used.
99 */
100 struct stream_cipher_context {
101 /** The socket file descriptor. */
102 int fd;
103 /** Key used for receiving data. */
104 struct stream_cipher *recv;
105 /** Key used for sending data. */
106 struct stream_cipher *send;
107 };
108
109 /**
110 * Allocate and initialize an aes_ctr128 stream cipher structure.
111 *
112 * \param data The key.
113 * \param len The size of the key.
114 *
115 * \return A new stream cipher structure.
116 */
117 struct stream_cipher *sc_new(const unsigned char *data, int len);
118
119 /**
120 * Encrypt or decrypt a buffer using a stream cipher.
121 *
122 * \param sc Crypto key.
123 * \param src The source buffer and length.
124 * \param dst The destination buffer and length, filled out by the function.
125 *
126 * It is up to the implementation to decide whether the crypt operation is
127 * performed in place. The caller can tell by looking if the buffers given by
128 * \a src and \a dst coincide after the call. If (and only if) the crypt
129 * operation was not performed in place, the function allocated a new buffer
130 * for the result, so dst->iov_base is different from src->iov_base. In this
131 * case, the destination buffer must be freed by the caller when it is no
132 * longer needed.
133 */
134 void sc_crypt(struct stream_cipher *sc, struct iovec *src, struct iovec *dst);
135
136 /**
137 * Wrapper for \ref sc_crypt() that can be used as a sideband transformation.
138 *
139 * \param src Passed verbatim to \ref sc_crypt().
140 * \param dst Passed verbatim to \ref sc_crypt().
141 * \param trafo_context Must point to an initialized stream cipher.
142 */
143 _static_inline_ void sc_trafo(struct iovec *src, struct iovec *dst,
144 void *trafo_context)
145 {
146 sc_crypt(trafo_context, src, dst);
147 }
148
149 /**
150 * Deallocate a stream cipher structure.
151 *
152 * \param sc A stream cipher previously obtained by sc_new().
153 */
154 void sc_free(struct stream_cipher *sc);
155
156 /** Size of the hash value in bytes. */
157 #define HASH_SIZE 20
158
159 /**
160 * Compute the hash of the given input data.
161 *
162 * \param data Pointer to the data to compute the hash value from.
163 * \param len The length of \a data in bytes.
164 * \param hash Result pointer.
165 *
166 * \a hash must point to an area at least \p HASH_SIZE bytes large.
167 *
168 * \sa sha(3), openssl(1).
169 * */
170 void hash_function(const char *data, unsigned long len, unsigned char *hash);
171
172 /**
173 * Convert a hash value to ascii format.
174 *
175 * \param hash the hash value.
176 * \param asc Result pointer.
177 *
178 * \a asc must point to an area of at least 2 * \p HASH_SIZE + 1 bytes which
179 * will be filled by the function with the ascii representation of the hash
180 * value given by \a hash, and a terminating \p NULL byte.
181 */
182 void hash_to_asc(unsigned char *hash, char *asc);
183
184 /**
185 * Compare two hashes.
186 *
187 * \param h1 Pointer to the first hash value.
188 * \param h2 Pointer to the second hash value.
189 *
190 * \return 1, -1, or zero, depending on whether \a h1 is greater than,
191 * less than or equal to h2, respectively.
192 */
193 int hash_compare(unsigned char *h1, unsigned char *h2);