src/crypto.h

   1 /*
   2     Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012
   3     Ben Kibbey <bjk@luxsci.net>
   4
   5     This file is part of pwmd.
   6
   7     Pwmd is free software: you can redistribute it and/or modify
   8     it under the terms of the GNU General Public License as published by
   9     the Free Software Foundation, either version 2 of the License, or
  10     (at your option) any later version.
  11
  12     Pwmd is distributed in the hope that it will be useful,
  13     but WITHOUT ANY WARRANTY; without even the implied warranty of
  14     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15     GNU General Public License for more details.
  16
  17     You should have received a copy of the GNU General Public License
  18     along with Pwmd.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20 #ifndef CRYPTO_H
  21 #define CRYPTO_H
  22
  23 #include <assuan.h>
  24 #include <gpg-error.h>
  25 #include <sys/types.h>
  26 #include <sys/stat.h>
  27 #include <gcrypt.h>
  28
  29 #ifdef HAVE_STDINT_H
  30 #include <stdint.h>
  31 #elif defined (HAVE_INTTYPES_H)
  32 #include <inttypes.h>
  33 #endif
  34
  35 #ifdef WITH_AGENT
  36 #include "agent.h"
  37 #endif
  38
  39 #include "cipher.h"
  40
  41 #define DEFAULT_KDFS2K_ITERATIONS 1000
  42
  43 typedef struct
  44 {
  45   uint8_t magic[5];
  46   uint32_t version;
  47   uint64_t iterations;
  48   uint64_t flags;
  49   uint8_t iv[16];
  50   uint8_t salt[8];
  51   uint32_t datalen;             /* of the encrypted xml */
  52 } __attribute__ ((packed)) file_header_t;
  53
  54 struct save_s
  55 {
  56   gcry_sexp_t pkey;             /* SAVE --keygrip */
  57   gcry_sexp_t sigpkey;          /* SAVE --sign-keygrip */
  58   unsigned long s2k_count;      /* SAVE|PASSWD --s2k-count */
  59   file_header_t hdr;
  60   uint64_t iterations;          /* SAVE --cipher-iterations */
  61 };
  62
  63 struct crypto_s
  64 {
  65   assuan_context_t client_ctx;
  66 #ifdef WITH_AGENT
  67   struct agent_s *agent;
  68 #endif
  69   struct save_s save;
  70   gcry_sexp_t pkey_sexp;
  71   unsigned char grip[20];
  72   gcry_sexp_t sigpkey_sexp;
  73   unsigned char sign_grip[20];
  74   gcry_sexp_t ciphertext_sexp;
  75   void *ciphertext;
  76   size_t ciphertext_len;
  77   void *plaintext;
  78   size_t plaintext_len;
  79   file_header_t hdr;
  80   char *filename;               /* the currently opened data file */
  81 };
  82
  83 int use_agent;
  84 #define IS_PKCS(crypto) (use_agent && (crypto->hdr.flags & PWMD_FLAG_PKCS))
  85
  86 void cleanup_save (struct save_s *save);
  87 gpg_error_t encrypt_xml (assuan_context_t ctx, void *key, size_t keylen, int
  88                          algo, const void *xml, size_t len, void **result,
  89                          size_t * result_len, unsigned char **iv,
  90                          size_t * iv_len, uint64_t iterations);
  91 gpg_error_t decrypt_xml (struct crypto_s *crypto, const void *data,
  92                          size_t len);
  93 void set_header_defaults (file_header_t *);
  94 gpg_error_t read_data_file (const char *filename, struct crypto_s *crypto);
  95 gpg_error_t read_data_header (const char *filename, file_header_t * fh,
  96                               struct stat *st, int *fd);
  97 gpg_error_t decrypt_data (assuan_context_t ctx, struct crypto_s *crypto,
  98                           unsigned char *salted_key, size_t keylen);
  99 void cleanup_crypto_stage1 (struct crypto_s *cr);
 100 void cleanup_crypto_stage2 (struct crypto_s *cr);
 101 void cleanup_crypto (struct crypto_s **c);
 102 gpg_error_t init_client_crypto (struct crypto_s **crypto);
 103 gpg_error_t write_file (struct crypto_s *crypto, const char *filename,
 104                         void *data, size_t data_len, void *sexp,
 105                         size_t sexp_len, void *pubkey, void *sigpkey);
 106 gpg_error_t export_common (assuan_context_t ctx, int inquire,
 107                            struct crypto_s * crypto, const void *data,
 108                            size_t datalen, const char *outfile,
 109                            const char *keyfile, void **rkey, size_t *rkeylen,
 110                            int use_cache, int force);
 111 gpg_error_t decrypt_common (assuan_context_t ctx, int inquire,
 112                             struct crypto_s *crypto, const char *filename,
 113                             char **rkey, size_t *rkeylen);
 114 gpg_error_t getpin_common (assuan_context_t ctx, const char *filename,
 115                            int which, char **rkey, size_t *rkeylen);
 116 gpg_error_t save_common (const char *md5file, struct crypto_s *crypto,
 117                          const unsigned char *data, size_t datalen,
 118                          const unsigned char *key, size_t keylen, int *cached,
 119                          int no_agent);
 120 gpg_error_t change_passwd (assuan_context_t ctx, const char *filename,
 121                            int inquire, struct crypto_s **rcrypto);
 122 gpg_error_t inquire_passphrase (assuan_context_t ctx, const char *keyword,
 123                                 unsigned char **result, size_t *rlen);
 124 gpg_error_t hash_key (int algo, unsigned char *salt, size_t salt_len,
 125                       const void *key, size_t keylen, void **result,
 126                       size_t *rlen);
 127
 128 #endif