src/crypto.h

   1 /*
   2     Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015
   3     Ben Kibbey <bjk@luxsci.net>
   4
   5     This file is part of pwmd.
   6
   7     Pwmd is free software: you can redistribute it and/or modify
   8     it under the terms of the GNU General Public License as published by
   9     the Free Software Foundation, either version 2 of the License, or
  10     (at your option) any later version.
  11
  12     Pwmd is distributed in the hope that it will be useful,
  13     but WITHOUT ANY WARRANTY; without even the implied warranty of
  14     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15     GNU General Public License for more details.
  16
  17     You should have received a copy of the GNU General Public License
  18     along with Pwmd.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20 #ifndef CRYPTO_H
  21 #define CRYPTO_H
  22
  23 #include <assuan.h>
  24 #include <gpg-error.h>
  25 #include <sys/types.h>
  26 #include <sys/stat.h>
  27 #include <gcrypt.h>
  28
  29 #ifdef HAVE_STDINT_H
  30 #include <stdint.h>
  31 #elif defined (HAVE_INTTYPES_H)
  32 #include <inttypes.h>
  33 #endif
  34
  35 #ifdef WITH_AGENT
  36 #include "agent.h"
  37 #endif
  38
  39 #include "cipher.h"
  40
  41 #define DEFAULT_KDFS2K_ITERATIONS 5000000
  42 #define COMPAT_KDFS2K_ITERATIONS 1000
  43
  44 typedef struct
  45 {
  46   uint8_t magic[5];
  47   uint32_t version;
  48   uint64_t s2k_count;
  49   uint64_t flags;
  50   uint8_t iv[16];
  51   uint8_t salt[8];
  52   uint32_t datalen;             /* of the encrypted xml */
  53 } __attribute__ ((packed)) file_header_t;
  54
  55 struct save_s
  56 {
  57   gcry_sexp_t pkey;             /* SAVE --keygrip */
  58   gcry_sexp_t sigpkey;          /* SAVE --sign-keygrip */
  59   uint64_t s2k_count;           /* SAVE|PASSWD --s2k-count */
  60   file_header_t hdr;
  61 };
  62
  63 struct crypto_s
  64 {
  65   assuan_context_t client_ctx;
  66 #ifdef WITH_AGENT
  67   struct agent_s *agent;
  68 #endif
  69   struct save_s save;
  70   gcry_sexp_t pkey_sexp;
  71   unsigned char grip[20];
  72   gcry_sexp_t sigpkey_sexp;
  73   unsigned char sign_grip[20];
  74   gcry_sexp_t ciphertext_sexp;
  75   void *ciphertext;
  76   size_t ciphertext_len;
  77   void *plaintext;
  78   size_t plaintext_len;
  79   file_header_t hdr;
  80   char *filename;               /* the currently opened data file */
  81 };
  82
  83 int use_agent;
  84 #define IS_PKI(crypto) (use_agent && (crypto->hdr.flags & PWMD_FLAG_PKI))
  85
  86 void cleanup_save (struct save_s *save);
  87 gpg_error_t encrypt_xml (assuan_context_t ctx, void *key, size_t keylen, int
  88                          algo, const void *xml, size_t len, void **result,
  89                          size_t * result_len, unsigned char **iv,
  90                          size_t * iv_len);
  91 gpg_error_t decrypt_cache (struct crypto_s *crypto, const void *data,
  92                            size_t len);
  93 gpg_error_t read_data_file (const char *filename, struct crypto_s *crypto);
  94 gpg_error_t read_data_header (const char *filename, file_header_t * fh,
  95                               struct stat *st, int *fd);
  96 gpg_error_t decrypt_data (assuan_context_t ctx, struct crypto_s *crypto,
  97                           unsigned char *salted_key, size_t keylen);
  98 void cleanup_crypto_stage1 (struct crypto_s *cr);
  99 void cleanup_crypto_stage2 (struct crypto_s *cr);
 100 void cleanup_crypto (struct crypto_s **c);
 101 gpg_error_t init_client_crypto (struct crypto_s **crypto);
 102 gpg_error_t write_file (struct crypto_s *crypto, const char *filename,
 103                         void *data, size_t data_len, void *sexp,
 104                         size_t sexp_len, void *pubkey, void *sigpkey);
 105 gpg_error_t export_common (assuan_context_t ctx, int inquire,
 106                            struct crypto_s * crypto, const void *data,
 107                            size_t datalen, const char *outfile,
 108                            const char *keyfile, void **rkey, size_t *rkeylen,
 109                            int use_cache, int force, int no_passphrase);
 110 gpg_error_t decrypt_common (assuan_context_t ctx, int inquire,
 111                             struct crypto_s *crypto, const char *filename,
 112                             void **salted_key, size_t *salted_keysize,
 113                             unsigned char **rkey, size_t *rkeylen);
 114 gpg_error_t getpin_common (assuan_context_t ctx, const char *filename,
 115                            int which, char **rkey, size_t *rkeylen);
 116 gpg_error_t save_common (const char *md5file, struct crypto_s *crypto,
 117                          const unsigned char *data, size_t datalen,
 118                          const unsigned char *key, size_t keylen, int *cached,
 119                          int no_agent);
 120 gpg_error_t change_passwd (assuan_context_t ctx, const char *filename,
 121                            int inquire, struct crypto_s **rcrypto,
 122                            int no_passphrase);
 123 gpg_error_t inquire_passphrase (assuan_context_t ctx, const char *keyword,
 124                                 unsigned char **result, size_t *rlen);
 125 gpg_error_t hash_key (int algo, unsigned char *salt, size_t salt_len,
 126                       const void *key, size_t keylen, void **result,
 127                       size_t *rlen, unsigned long iterations);
 128 gpg_error_t crypto_try_decrypt (assuan_context_t ctx, int inquire, const char *filename,
 129                                 struct crypto_s **rcrypto, unsigned char **key,
 130                                 size_t *rlen);
 131
 132 #endif