aft: Avoid implicit fallthrough in switch statement.
[paraslash.git] / crypt.h
1 /* Copyright (C) 2005 Andre Noll <maan@tuebingen.mpg.de>, see file COPYING. */
2
3 /** \file crypt.h Public crypto interface. */
4
5
6 /* These are used to distinguish between loading of private/public key. */
7
8 /** The key to load is a public key. */
9 #define LOAD_PUBLIC_KEY 0
10 /** The key to load is a private key. */
11 #define LOAD_PRIVATE_KEY 1
12 /** The size of the challenge sent to the client. */
13 #define CHALLENGE_SIZE 64
14
15 /** Opaque structure for public and private keys. */
16 struct asymmetric_key;
17
18 /**
19 * Encrypt a buffer using asymmetric keys.
20 *
21 * \param pub: The public key.
22 * \param inbuf The input buffer.
23 * \param len The length of \a inbuf.
24 * \param outbuf The output buffer.
25 *
26 * \return The size of the encrypted data on success, negative on errors.
27 */
28 int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
29 unsigned len, unsigned char *outbuf);
30
31 /**
32 * Decrypt a buffer using a private key.
33 *
34 * \param key_file Full path of the key.
35 * \param outbuf The output buffer.
36 * \param inbuf The encrypted input buffer.
37 * \param inlen The length of \a inbuf.
38 *
39 * The \a outbuf must be large enough to hold at least 512 bytes.
40 *
41 * \return The size of the recovered plaintext on success, negative on errors.
42 */
43 int priv_decrypt(const char *key_file, unsigned char *outbuf,
44 unsigned char *inbuf, int inlen);
45
46 /**
47 * Read an asymmetric key from a file.
48 *
49 * \param key_file The file containing the key.
50 * \param result The key structure is returned here.
51 *
52 * \return The size of the key on success, negative on errors.
53 */
54 int get_public_key(const char *key_file, struct asymmetric_key **result);
55
56 /**
57 * Deallocate a public key.
58 *
59 * \param key Pointer to the key structure to free.
60 *
61 * This should be called for keys obtained by get_public_key() if the key is no
62 * longer needed.
63 */
64 void free_public_key(struct asymmetric_key *key);
65
66
67 /**
68 * Fill a buffer with random content.
69 *
70 * \param buf The buffer to fill.
71 * \param num The size of \a buf in bytes.
72 *
73 * This function puts \a num cryptographically strong pseudo-random bytes into
74 * buf. If it can not guarantee an unpredictable byte sequence (for example
75 * because the PRNG has not been seeded with enough randomness) the function
76 * logs an error message and calls exit().
77 */
78 void get_random_bytes_or_die(unsigned char *buf, int num);
79
80 /**
81 * Seed pseudo random number generators.
82 *
83 * This function seeds the PRNG used by random() with a random seed obtained
84 * from the crypto implementation. On errors, an error message is logged and
85 * the function calls exit().
86 *
87 * \sa \ref get_random_bytes_or_die(), srandom(3), random(3), \ref
88 * para_random().
89 */
90 void init_random_seed_or_die(void);
91
92
93 /** Opaque structure for stream ciphers. */
94 struct stream_cipher;
95
96 /** Number of bytes of the session key for stream ciphers. */
97 #define SESSION_KEY_LEN 32
98
99 /**
100 * Used for client-server communication encryption.
101 *
102 * The traffic between (the forked child of) para_server and the remote client
103 * process is crypted by a symmetric session key. This structure contains the
104 * keys for the stream cipher and the file descriptor for which these keys
105 * should be used.
106 */
107 struct stream_cipher_context {
108 /** The socket file descriptor. */
109 int fd;
110 /** Key used for receiving data. */
111 struct stream_cipher *recv;
112 /** Key used for sending data. */
113 struct stream_cipher *send;
114 };
115
116 /**
117 * Allocate and initialize an aes_ctr128 stream cipher structure.
118 *
119 * \param data The key.
120 * \param len The size of the key.
121 *
122 * \return A new stream cipher structure.
123 */
124 struct stream_cipher *sc_new(const unsigned char *data, int len);
125
126 /**
127 * Encrypt or decrypt a buffer using a stream cipher.
128 *
129 * \param sc Crypto key.
130 * \param src The source buffer and length.
131 * \param dst The destination buffer and length, filled out by the function.
132 *
133 * It is up to the implementation to decide whether the crypt operation is
134 * performed in place. The caller can tell by looking if the buffers given by
135 * \a src and \a dst coincide after the call. If (and only if) the crypt
136 * operation was not performed in place, the function allocated a new buffer
137 * for the result, so dst->iov_base is different from src->iov_base. In this
138 * case, the destination buffer must be freed by the caller when it is no
139 * longer needed.
140 */
141 void sc_crypt(struct stream_cipher *sc, struct iovec *src, struct iovec *dst);
142
143 /**
144 * Wrapper for \ref sc_crypt() that can be used as a sideband transformation.
145 *
146 * \param src Passed verbatim to \ref sc_crypt().
147 * \param dst Passed verbatim to \ref sc_crypt().
148 * \param trafo_context Must point to an initialized stream cipher.
149 */
150 _static_inline_ void sc_trafo(struct iovec *src, struct iovec *dst,
151 void *trafo_context)
152 {
153 sc_crypt(trafo_context, src, dst);
154 }
155
156 /**
157 * Deallocate a stream cipher structure.
158 *
159 * \param sc A stream cipher previously obtained by sc_new().
160 */
161 void sc_free(struct stream_cipher *sc);
162
163 /** Size of the hash value in bytes. */
164 #define HASH_SIZE 20
165
166 /**
167 * Compute the hash of the given input data.
168 *
169 * \param data Pointer to the data to compute the hash value from.
170 * \param len The length of \a data in bytes.
171 * \param hash Result pointer.
172 *
173 * \a hash must point to an area at least \p HASH_SIZE bytes large.
174 *
175 * \sa sha(3), openssl(1).
176 * */
177 void hash_function(const char *data, unsigned long len, unsigned char *hash);
178
179 /**
180 * Convert a hash value to ascii format.
181 *
182 * \param hash the hash value.
183 * \param asc Result pointer.
184 *
185 * \a asc must point to an area of at least 2 * \p HASH_SIZE + 1 bytes which
186 * will be filled by the function with the ascii representation of the hash
187 * value given by \a hash, and a terminating \p NULL byte.
188 */
189 void hash_to_asc(unsigned char *hash, char *asc);
190
191 /**
192 * Compare two hashes.
193 *
194 * \param h1 Pointer to the first hash value.
195 * \param h2 Pointer to the second hash value.
196 *
197 * \return 1, -1, or zero, depending on whether \a h1 is greater than,
198 * less than or equal to h2, respectively.
199 */
200 int hash_compare(unsigned char *h1, unsigned char *h2);