crypt: Move documentation to crypt.h.
[paraslash.git] / crypt.h
1 /*
2 * Copyright (C) 2005-2011 Andre Noll <maan@systemlinux.org>
3 *
4 * Licensed under the GPL v2. For licencing details see COPYING.
5 */
6
7 /** \file crypt.h Public crypto interface. */
8
9
10 /** \cond used to distinguish between loading of private/public key */
11 #define LOAD_PUBLIC_KEY 0
12 #define LOAD_PRIVATE_KEY 1
13 #define CHALLENGE_SIZE 64
14 /** \endcond **/
15
16 /* asymetric (public key) crypto */
17
18 /** Opaque structure for public and private keys. */
19 struct asymmetric_key;
20
21 /**
22 * Encrypt a buffer using asymmetric keys.
23 *
24 * \param pub: The public key.
25 * \param inbuf The input buffer.
26 * \param len The length of \a inbuf.
27 * \param outbuf The output buffer.
28 *
29 * \return The size of the encrypted data on success, negative on errors.
30 */
31 int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
32 unsigned len, unsigned char *outbuf);
33
34 /**
35 * Decrypt a buffer using a private key.
36 *
37 * \param key_file Full path of the key.
38 * \param outbuf The output buffer.
39 * \param inbuf The encrypted input buffer.
40 * \param inlen The length of \a inbuf.
41 *
42 * The \a outbuf must be large enough to hold at least 512 bytes.
43 *
44 * \return The size of the recovered plaintext on success, negative on errors.
45 */
46 int priv_decrypt(const char *key_file, unsigned char *outbuf,
47 unsigned char *inbuf, int inlen);
48
49 /**
50 * Read an asymmetric key from a file.
51 *
52 * \param key_file The file containing the key.
53 * \param private if non-zero, read the private key, otherwise the public key.
54 * \param result The key structure is returned here.
55 *
56 * \return The size of the key on success, negative on errors.
57 */
58 int get_asymmetric_key(const char *key_file, int private,
59 struct asymmetric_key **result);
60
61 /**
62 * Deallocate an asymmetric key structure.
63 *
64 * \param key Pointer to the key structure to free.
65 *
66 * This must be called for any key obtained by get_asymmetric_key().
67 */
68 void free_asymmetric_key(struct asymmetric_key *key);
69
70
71 /**
72 * Fill a buffer with random content.
73 *
74 * \param buf The buffer to fill.
75 * \param num The size of \a buf in bytes.
76 *
77 * This function puts \a num cryptographically strong pseudo-random bytes into
78 * buf. If it can not guarantee an unpredictable byte sequence (for example
79 * because the PRNG has not been seeded with enough randomness) the function
80 * logs an error message and calls exit().
81 */
82 void get_random_bytes_or_die(unsigned char *buf, int num);
83
84 /**
85 * Seed pseudo random number generators.
86 *
87 * This function seeds the PRNG used by random() with a random seed obtained
88 * from the crypto implementation. On errors, an error message is logged and
89 * the function calls exit().
90 *
91 * \sa \ref get_random_bytes_or_die(), srandom(3), random(3), \ref
92 * para_random().
93 */
94 void init_random_seed_or_die(void);
95
96
97 /** Opaque structure for stream ciphers. */
98 struct stream_cipher;
99
100 /** Number of bytes of the session key for stream ciphers. */
101 #define SESSION_KEY_LEN 32
102
103 /**
104 * Used for client-server communication encryption.
105 *
106 * The traffic between (the forked child of) para_server and the remote client
107 * process is crypted by a symmetric session key. This structure contains the
108 * keys for the stream cipher and the file descriptor for which these keys
109 * should be used.
110 */
111 struct stream_cipher_context {
112 /** The socket file descriptor. */
113 int fd;
114 /** Key used for receiving data. */
115 struct stream_cipher *recv;
116 /** Key used for sending data. */
117 struct stream_cipher *send;
118 };
119
120 /**
121 * Allocate and initialize a stream cipher structure.
122 *
123 * \param data The key.
124 * \param len The size of the key.
125 *
126 * \return A new stream cipher structure.
127 */
128 struct stream_cipher *sc_new(const unsigned char *data, int len);
129
130 /**
131 * Deallocate a stream cipher structure.
132 *
133 * \param sc A stream cipher previously obtained by sc_new().
134 */
135 void sc_free(struct stream_cipher *sc);
136
137 /**
138 * Encrypt and send a buffer.
139 *
140 * \param scc The context.
141 * \param buf The buffer to send.
142 * \param len The size of \a buf in bytes.
143 *
144 * \return The return value of the underyling call to write_all().
145 *
146 * \sa \ref write_all(), RC4(3).
147 */
148 int sc_send_bin_buffer(struct stream_cipher_context *scc, char *buf,
149 size_t len);
150
151 /**
152 * Encrypt and send a \p NULL-terminated buffer.
153 *
154 * \param scc The context.
155 * \param buf The buffer to send.
156 *
157 * \return The return value of the underyling call to sc_send_bin_buffer().
158 */
159 int sc_send_buffer(struct stream_cipher_context *scc, char *buf);
160
161 /**
162 * Format, encrypt and send a buffer.
163 *
164 * \param scc The context.
165 * \param fmt A format string.
166 *
167 * \return The return value of the underyling call to sc_send_buffer().
168 */
169 __printf_2_3 int sc_send_va_buffer(struct stream_cipher_context *scc,
170 const char *fmt, ...);
171
172 /**
173 * Receive a buffer and decrypt it.
174 *
175 * \param scc The context.
176 * \param buf The buffer to write the decrypted data to.
177 * \param size The size of \a buf.
178 *
179 * \return The number of bytes received on success, negative on errors, zero if
180 * the peer has performed an orderly shutdown.
181 *
182 * \sa recv(2), RC4(3).
183 */
184 int sc_recv_bin_buffer(struct stream_cipher_context *scc, char *buf,
185 size_t size);
186
187 /**
188 * Receive a buffer, decrypt it and write terminating NULL byte.
189 *
190 * \param scc The context.
191 * \param buf The buffer to write the decrypted data to.
192 * \param size The size of \a buf.
193 *
194 * Read at most \a size - 1 bytes from file descriptor given by \a scc, decrypt
195 * the received data and write a NULL byte at the end of the decrypted data.
196 *
197 * \return The return value of the underlying call to \ref
198 * sc_recv_bin_buffer().
199 */
200 int sc_recv_buffer(struct stream_cipher_context *scc, char *buf, size_t size);
201
202
203 /** Size of the hash value in bytes. */
204 #define HASH_SIZE 20
205
206
207 /**
208 * Compute the hash of the given input data.
209 *
210 * \param data Pointer to the data to compute the hash value from.
211 * \param len The length of \a data in bytes.
212 * \param hash Result pointer.
213 *
214 * \a hash must point to an area at least \p HASH_SIZE bytes large.
215 *
216 * \sa sha(3), openssl(1).
217 * */
218 void hash_function(const char *data, unsigned long len, unsigned char *hash);
219
220 /**
221 * Convert a hash value to ascii format.
222 *
223 * \param hash the hash value.
224 * \param asc Result pointer.
225 *
226 * \a asc must point to an area of at least 2 * \p HASH_SIZE + 1 bytes which
227 * will be filled by the function with the ascii representation of the hash
228 * value given by \a hash, and a terminating \p NULL byte.
229 */
230 void hash_to_asc(unsigned char *hash, char *asc);
231
232 /**
233 * Compare two hashes.
234 *
235 * \param h1 Pointer to the first hash value.
236 * \param h2 Pointer to the second hash value.
237 *
238 * \return 1, -1, or zero, depending on whether \a h1 is greater than,
239 * less than or equal to h2, respectively.
240 */
241 int hash_compare(unsigned char *h1, unsigned char *h2);