X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=crypt.h;h=c46666950c12a92a1a4d14223f769762281af1fd;hp=8edff4130a1386689108400af496a980b94e2fa7;hb=40885aedeb61f4a84d3e0acc7eeef256a6932aaf;hpb=5000a12ad288893d494ccd04d061752ed022d1d0 diff --git a/crypt.h b/crypt.h index 8edff413..c4666695 100644 --- a/crypt.h +++ b/crypt.h @@ -1,45 +1,242 @@ /* - * Copyright (C) 2005-2009 Andre Noll + * Copyright (C) 2005-2012 Andre Noll * * Licensed under the GPL v2. For licencing details see COPYING. */ -/** \file crypt.h prototypes for the RSA crypt functions */ +/** \file crypt.h Public crypto interface. */ -#include -int para_encrypt_buffer(RSA* rsa, unsigned char *inbuf, unsigned len, - unsigned char *outbuf); -int para_decrypt_buffer(char *key_file, unsigned char *outbuf, unsigned char *inbuf, - unsigned rsa_inlen); -int get_rsa_key(char *key_file, RSA **rsa, int private); -void rsa_free(RSA *rsa); +/* These are used to distinguish between loading of private/public key. */ + +/** The key to load is a public key. */ +#define LOAD_PUBLIC_KEY 0 +/** The key to load is a private key. */ +#define LOAD_PRIVATE_KEY 1 +/** The size of the challenge sent to the client. */ +#define CHALLENGE_SIZE 64 + +/** Opaque structure for public and private keys. */ +struct asymmetric_key; + +/** + * Encrypt a buffer using asymmetric keys. + * + * \param pub: The public key. + * \param inbuf The input buffer. + * \param len The length of \a inbuf. + * \param outbuf The output buffer. + * + * \return The size of the encrypted data on success, negative on errors. + */ +int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf, + unsigned len, unsigned char *outbuf); + +/** + * Decrypt a buffer using a private key. + * + * \param key_file Full path of the key. + * \param outbuf The output buffer. + * \param inbuf The encrypted input buffer. + * \param inlen The length of \a inbuf. + * + * The \a outbuf must be large enough to hold at least 512 bytes. + * + * \return The size of the recovered plaintext on success, negative on errors. + */ +int priv_decrypt(const char *key_file, unsigned char *outbuf, + unsigned char *inbuf, int inlen); + +/** + * Read an asymmetric key from a file. + * + * \param key_file The file containing the key. + * \param private if non-zero, read the private key, otherwise the public key. + * \param result The key structure is returned here. + * + * \return The size of the key on success, negative on errors. + */ +int get_asymmetric_key(const char *key_file, int private, + struct asymmetric_key **result); + +/** + * Deallocate an asymmetric key structure. + * + * \param key Pointer to the key structure to free. + * + * This must be called for any key obtained by get_asymmetric_key(). + */ +void free_asymmetric_key(struct asymmetric_key *key); + + +/** + * Fill a buffer with random content. + * + * \param buf The buffer to fill. + * \param num The size of \a buf in bytes. + * + * This function puts \a num cryptographically strong pseudo-random bytes into + * buf. If it can not guarantee an unpredictable byte sequence (for example + * because the PRNG has not been seeded with enough randomness) the function + * logs an error message and calls exit(). + */ void get_random_bytes_or_die(unsigned char *buf, int num); + +/** + * Seed pseudo random number generators. + * + * This function seeds the PRNG used by random() with a random seed obtained + * from the crypto implementation. On errors, an error message is logged and + * the function calls exit(). + * + * \sa \ref get_random_bytes_or_die(), srandom(3), random(3), \ref + * para_random(). + */ void init_random_seed_or_die(void); + +/** Opaque structure for stream ciphers. */ +struct stream_cipher; + +/** Number of bytes of the session key for stream ciphers. */ +#define SESSION_KEY_LEN 32 + /** - * Used on the server-side for client-server communication encryption. + * Used for client-server communication encryption. * - * The traffic between (the forked child of) para_server and the remote - * client process is crypted by a RC4 session key. This structure contains - * the RC4 keys and the file descriptor for which these keys should be used. + * The traffic between (the forked child of) para_server and the remote client + * process is crypted by a symmetric session key. This structure contains the + * keys for the stream cipher and the file descriptor for which these keys + * should be used. */ -struct rc4_context { +struct stream_cipher_context { /** The socket file descriptor. */ int fd; - /** Key used for sending data. */ - RC4_KEY recv_key; /** Key used for receiving data. */ - RC4_KEY send_key; + struct stream_cipher *recv; + /** Key used for sending data. */ + struct stream_cipher *send; }; -int rc4_send_bin_buffer(struct rc4_context *rc4c, const char *buf, size_t len); -int rc4_send_buffer(struct rc4_context *rc4c, const char *buf); -__printf_2_3 int rc4_send_va_buffer(struct rc4_context *rc4c, const char *fmt, ...); -int rc4_recv_bin_buffer(struct rc4_context *rcc, char *buf, size_t size); -int rc4_recv_buffer(struct rc4_context *rcc, char *buf, size_t size); -/** \cond used to distinguish between loading of private/public key */ -#define LOAD_PUBLIC_KEY 0 -#define LOAD_PRIVATE_KEY 1 -#define CHALLENGE_SIZE 64 -/** \endcond **/ +/** + * Allocate and initialize a stream cipher structure. + * + * \param data The key. + * \param len The size of the key. + * + * \return A new stream cipher structure. + */ +struct stream_cipher *sc_new(const unsigned char *data, int len); + +/** + * Deallocate a stream cipher structure. + * + * \param sc A stream cipher previously obtained by sc_new(). + */ +void sc_free(struct stream_cipher *sc); + +/** + * Encrypt and send a buffer. + * + * \param scc The context. + * \param buf The buffer to send. + * \param len The size of \a buf in bytes. + * + * \return The return value of the underyling call to write_all(). + * + * \sa \ref write_all(), RC4(3). + */ +int sc_send_bin_buffer(struct stream_cipher_context *scc, char *buf, + size_t len); + +/** + * Encrypt and send a \p NULL-terminated buffer. + * + * \param scc The context. + * \param buf The buffer to send. + * + * \return The return value of the underyling call to sc_send_bin_buffer(). + */ +int sc_send_buffer(struct stream_cipher_context *scc, char *buf); + +/** + * Format, encrypt and send a buffer. + * + * \param scc The context. + * \param fmt A format string. + * + * \return The return value of the underyling call to sc_send_buffer(). + */ +__printf_2_3 int sc_send_va_buffer(struct stream_cipher_context *scc, + const char *fmt, ...); + +/** + * Receive a buffer and decrypt it. + * + * \param scc The context. + * \param buf The buffer to write the decrypted data to. + * \param size The size of \a buf. + * + * \return The number of bytes received on success, negative on errors, zero if + * the peer has performed an orderly shutdown. + * + * \sa recv(2), RC4(3). + */ +int sc_recv_bin_buffer(struct stream_cipher_context *scc, char *buf, + size_t size); + +/** + * Receive a buffer, decrypt it and write terminating NULL byte. + * + * \param scc The context. + * \param buf The buffer to write the decrypted data to. + * \param size The size of \a buf. + * + * Read at most \a size - 1 bytes from file descriptor given by \a scc, decrypt + * the received data and write a NULL byte at the end of the decrypted data. + * + * \return The return value of the underlying call to \ref + * sc_recv_bin_buffer(). + */ +int sc_recv_buffer(struct stream_cipher_context *scc, char *buf, size_t size); + + +/** Size of the hash value in bytes. */ +#define HASH_SIZE 20 + + +/** + * Compute the hash of the given input data. + * + * \param data Pointer to the data to compute the hash value from. + * \param len The length of \a data in bytes. + * \param hash Result pointer. + * + * \a hash must point to an area at least \p HASH_SIZE bytes large. + * + * \sa sha(3), openssl(1). + * */ +void hash_function(const char *data, unsigned long len, unsigned char *hash); + +/** + * Convert a hash value to ascii format. + * + * \param hash the hash value. + * \param asc Result pointer. + * + * \a asc must point to an area of at least 2 * \p HASH_SIZE + 1 bytes which + * will be filled by the function with the ascii representation of the hash + * value given by \a hash, and a terminating \p NULL byte. + */ +void hash_to_asc(unsigned char *hash, char *asc); + +/** + * Compare two hashes. + * + * \param h1 Pointer to the first hash value. + * \param h2 Pointer to the second hash value. + * + * \return 1, -1, or zero, depending on whether \a h1 is greater than, + * less than or equal to h2, respectively. + */ +int hash_compare(unsigned char *h1, unsigned char *h2);