/*
- * Copyright (C) 2005-2007 Andre Noll <maan@systemlinux.org>
+ * Copyright (C) 2005-2011 Andre Noll <maan@systemlinux.org>
*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
+ * Licensed under the GPL v2. For licencing details see COPYING.
*/
-/** \file crypt.h prototypes for the RSA crypt functions */
+/** \file crypt.h Prototypes for paraslash crypto functions. */
+
+/** Opaque structure for public and private keys. */
+struct asymmetric_key;
-#include <openssl/pem.h>
-int para_decrypt_challenge(char *key_file, long unsigned *challenge_nr,
- unsigned char *buf, unsigned rsa_inlen);
-int para_encrypt_challenge(RSA* rsa, long unsigned challenge_nr,
- unsigned char *outbuf);
-int para_encrypt_buffer(RSA* rsa, unsigned char *inbuf, unsigned len,
- unsigned char *outbuf);
-int para_decrypt_buffer(char *key_file, unsigned char *outbuf, unsigned char *inbuf,
- unsigned rsa_inlen);
-int get_rsa_key(char *key_file, RSA **rsa, int private);
+int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
+ unsigned len, unsigned char *outbuf);
+int priv_decrypt(const char *key_file, unsigned char *outbuf,
+ unsigned char *inbuf, int inlen);
+int get_asymmetric_key(const char *key_file, int private,
+ struct asymmetric_key **result);
+void free_asymmetric_key(struct asymmetric_key *key);
-void rsa_free(RSA *rsa);
+void get_random_bytes_or_die(unsigned char *buf, int num);
+void init_random_seed_or_die(void);
+
+/** Opaque structure for stream cipher crypto. */
+struct stream_cipher;
+
+/** Number of bytes of the session key. */
+#define SESSION_KEY_LEN 32
+
+/**
+ * Used on the server-side for client-server communication encryption.
+ *
+ * The traffic between (the forked child of) para_server and the remote client
+ * process is crypted by a symmetric session key. This structure contains the
+ * keys for the stream cipher and the file descriptor for which these keys
+ * should be used.
+ */
+struct stream_cipher_context {
+ /** The socket file descriptor. */
+ int fd;
+ /** Key used for receiving data. */
+ struct stream_cipher *recv;
+ /** Key used for sending data. */
+ struct stream_cipher *send;
+};
+
+struct stream_cipher *sc_new(const unsigned char *data, int len);
+void sc_free(struct stream_cipher *sc);
+
+int sc_send_bin_buffer(struct stream_cipher_context *scc, const char *buf,
+ size_t len);
+int sc_send_buffer(struct stream_cipher_context *scc, const char *buf);
+__printf_2_3 int sc_send_va_buffer(struct stream_cipher_context *scc,
+ const char *fmt, ...);
+int sc_recv_bin_buffer(struct stream_cipher_context *scc, char *buf,
+ size_t size);
+int sc_recv_buffer(struct stream_cipher_context *scc, char *buf, size_t size);
/** \cond used to distinguish between loading of private/public key */
#define LOAD_PUBLIC_KEY 0
#define LOAD_PRIVATE_KEY 1
+#define CHALLENGE_SIZE 64
/** \endcond **/
+
+/** Size of the hash value in bytes. */
+#define HASH_SIZE 20
+
+void hash_function(const char *data, unsigned long len, unsigned char *hash);
+
+/**
+ * Compare two hashes.
+ *
+ * \param h1 Pointer to the first hash value.
+ * \param h2 Pointer to the second hash value.
+ *
+ * \return 1, -1, or zero, depending on whether \a h1 is greater than,
+ * less than or equal to h2, respectively.
+ */
+_static_inline_ int hash_compare(unsigned char *h1, unsigned char *h2)
+{
+ int i;
+
+ for (i = 0; i < HASH_SIZE; i++) {
+ if (h1[i] < h2[i])
+ return -1;
+ if (h1[i] > h2[i])
+ return 1;
+ }
+ return 0;
+}
+
+/**
+ * Convert a hash value to ascii format.
+ *
+ * \param hash the hash value.
+ * \param asc Result pointer.
+ *
+ * \a asc must point to an area of at least 2 * \p HASH_SIZE + 1 bytes which
+ * will be filled by the function with the ascii representation of the hash
+ * value given by \a hash, and a terminating \p NULL byte.
+ */
+_static_inline_ void hash_to_asc(unsigned char *hash, char *asc)
+{
+ int i;
+ const char hexchar[] = "0123456789abcdef";
+
+ for (i = 0; i < HASH_SIZE; i++) {
+ asc[2 * i] = hexchar[hash[i] >> 4];
+ asc[2 * i + 1] = hexchar[hash[i] & 0xf];
+ }
+ asc[2 * HASH_SIZE] = '\0';
+}
projects / paraslash.git / blobdiff