* Licensed under the GPL v2. For licencing details see COPYING.
*/
-/** \file crypt.h Prototypes for paraslash crypto functions. */
+/** \file crypt.h Public crypto interface. */
+
+
+/** \cond used to distinguish between loading of private/public key */
+#define LOAD_PUBLIC_KEY 0
+#define LOAD_PRIVATE_KEY 1
+#define CHALLENGE_SIZE 64
+/** \endcond **/
+
+/* asymetric (public key) crypto */
/** Opaque structure for public and private keys. */
struct asymmetric_key;
+/**
+ * Encrypt a buffer using asymmetric keys.
+ *
+ * \param pub: The public key.
+ * \param inbuf The input buffer.
+ * \param len The length of \a inbuf.
+ * \param outbuf The output buffer.
+ *
+ * \return The size of the encrypted data on success, negative on errors.
+ */
int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
unsigned len, unsigned char *outbuf);
+
+/**
+ * Decrypt a buffer using a private key.
+ *
+ * \param key_file Full path of the key.
+ * \param outbuf The output buffer.
+ * \param inbuf The encrypted input buffer.
+ * \param inlen The length of \a inbuf.
+ *
+ * The \a outbuf must be large enough to hold at least 512 bytes.
+ *
+ * \return The size of the recovered plaintext on success, negative on errors.
+ */
int priv_decrypt(const char *key_file, unsigned char *outbuf,
unsigned char *inbuf, int inlen);
+
+/**
+ * Read an asymmetric key from a file.
+ *
+ * \param key_file The file containing the key.
+ * \param private if non-zero, read the private key, otherwise the public key.
+ * \param result The key structure is returned here.
+ *
+ * \return The size of the key on success, negative on errors.
+ */
int get_asymmetric_key(const char *key_file, int private,
struct asymmetric_key **result);
+
+/**
+ * Deallocate an asymmetric key structure.
+ *
+ * \param key Pointer to the key structure to free.
+ *
+ * This must be called for any key obtained by get_asymmetric_key().
+ */
void free_asymmetric_key(struct asymmetric_key *key);
+
+/**
+ * Fill a buffer with random content.
+ *
+ * \param buf The buffer to fill.
+ * \param num The size of \a buf in bytes.
+ *
+ * This function puts \a num cryptographically strong pseudo-random bytes into
+ * buf. If it can not guarantee an unpredictable byte sequence (for example
+ * because the PRNG has not been seeded with enough randomness) the function
+ * logs an error message and calls exit().
+ */
void get_random_bytes_or_die(unsigned char *buf, int num);
+
+/**
+ * Seed pseudo random number generators.
+ *
+ * This function seeds the PRNG used by random() with a random seed obtained
+ * from the crypto implementation. On errors, an error message is logged and
+ * the function calls exit().
+ *
+ * \sa \ref get_random_bytes_or_die(), srandom(3), random(3), \ref
+ * para_random().
+ */
void init_random_seed_or_die(void);
-/** Opaque structure for stream cipher crypto. */
+
+/** Opaque structure for stream ciphers. */
struct stream_cipher;
-/** Number of bytes of the session key. */
+/** Number of bytes of the session key for stream ciphers. */
#define SESSION_KEY_LEN 32
/**
- * Used on the server-side for client-server communication encryption.
+ * Used for client-server communication encryption.
*
* The traffic between (the forked child of) para_server and the remote client
* process is crypted by a symmetric session key. This structure contains the
struct stream_cipher *send;
};
+/**
+ * Allocate and initialize a stream cipher structure.
+ *
+ * \param data The key.
+ * \param len The size of the key.
+ *
+ * \return A new stream cipher structure.
+ */
struct stream_cipher *sc_new(const unsigned char *data, int len);
+
+/**
+ * Deallocate a stream cipher structure.
+ *
+ * \param sc A stream cipher previously obtained by sc_new().
+ */
void sc_free(struct stream_cipher *sc);
-int sc_send_bin_buffer(struct stream_cipher_context *scc, const char *buf,
+/**
+ * Encrypt and send a buffer.
+ *
+ * \param scc The context.
+ * \param buf The buffer to send.
+ * \param len The size of \a buf in bytes.
+ *
+ * \return The return value of the underyling call to write_all().
+ *
+ * \sa \ref write_all(), RC4(3).
+ */
+int sc_send_bin_buffer(struct stream_cipher_context *scc, char *buf,
size_t len);
-int sc_send_buffer(struct stream_cipher_context *scc, const char *buf);
+
+/**
+ * Encrypt and send a \p NULL-terminated buffer.
+ *
+ * \param scc The context.
+ * \param buf The buffer to send.
+ *
+ * \return The return value of the underyling call to sc_send_bin_buffer().
+ */
+int sc_send_buffer(struct stream_cipher_context *scc, char *buf);
+
+/**
+ * Format, encrypt and send a buffer.
+ *
+ * \param scc The context.
+ * \param fmt A format string.
+ *
+ * \return The return value of the underyling call to sc_send_buffer().
+ */
__printf_2_3 int sc_send_va_buffer(struct stream_cipher_context *scc,
const char *fmt, ...);
+
+/**
+ * Receive a buffer and decrypt it.
+ *
+ * \param scc The context.
+ * \param buf The buffer to write the decrypted data to.
+ * \param size The size of \a buf.
+ *
+ * \return The number of bytes received on success, negative on errors, zero if
+ * the peer has performed an orderly shutdown.
+ *
+ * \sa recv(2), RC4(3).
+ */
int sc_recv_bin_buffer(struct stream_cipher_context *scc, char *buf,
size_t size);
+
+/**
+ * Receive a buffer, decrypt it and write terminating NULL byte.
+ *
+ * \param scc The context.
+ * \param buf The buffer to write the decrypted data to.
+ * \param size The size of \a buf.
+ *
+ * Read at most \a size - 1 bytes from file descriptor given by \a scc, decrypt
+ * the received data and write a NULL byte at the end of the decrypted data.
+ *
+ * \return The return value of the underlying call to \ref
+ * sc_recv_bin_buffer().
+ */
int sc_recv_buffer(struct stream_cipher_context *scc, char *buf, size_t size);
-/** \cond used to distinguish between loading of private/public key */
-#define LOAD_PUBLIC_KEY 0
-#define LOAD_PRIVATE_KEY 1
-#define CHALLENGE_SIZE 64
-/** \endcond **/
/** Size of the hash value in bytes. */
#define HASH_SIZE 20
-void hash_function(const char *data, unsigned long len, unsigned char *hash);
/**
- * Compare two hashes.
+ * Compute the hash of the given input data.
*
- * \param h1 Pointer to the first hash value.
- * \param h2 Pointer to the second hash value.
+ * \param data Pointer to the data to compute the hash value from.
+ * \param len The length of \a data in bytes.
+ * \param hash Result pointer.
*
- * \return 1, -1, or zero, depending on whether \a h1 is greater than,
- * less than or equal to h2, respectively.
- */
-_static_inline_ int hash_compare(unsigned char *h1, unsigned char *h2)
-{
- int i;
-
- for (i = 0; i < HASH_SIZE; i++) {
- if (h1[i] < h2[i])
- return -1;
- if (h1[i] > h2[i])
- return 1;
- }
- return 0;
-}
+ * \a hash must point to an area at least \p HASH_SIZE bytes large.
+ *
+ * \sa sha(3), openssl(1).
+ * */
+void hash_function(const char *data, unsigned long len, unsigned char *hash);
/**
* Convert a hash value to ascii format.
* will be filled by the function with the ascii representation of the hash
* value given by \a hash, and a terminating \p NULL byte.
*/
-_static_inline_ void hash_to_asc(unsigned char *hash, char *asc)
-{
- int i;
- const char hexchar[] = "0123456789abcdef";
-
- for (i = 0; i < HASH_SIZE; i++) {
- asc[2 * i] = hexchar[hash[i] >> 4];
- asc[2 * i + 1] = hexchar[hash[i] & 0xf];
- }
- asc[2 * HASH_SIZE] = '\0';
-}
+void hash_to_asc(unsigned char *hash, char *asc);
+
+/**
+ * Compare two hashes.
+ *
+ * \param h1 Pointer to the first hash value.
+ * \param h2 Pointer to the second hash value.
+ *
+ * \return 1, -1, or zero, depending on whether \a h1 is greater than,
+ * less than or equal to h2, respectively.
+ */
+int hash_compare(unsigned char *h1, unsigned char *h2);
projects / paraslash.git / blobdiff