Fix ACL crash for non-existing user.
[pwmd.git] / src / crypto.h
blob1ad19e95b9d9ab565d1a0a06d734e72d8b049879
1 /*
2 Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015
3 Ben Kibbey <bjk@luxsci.net>
5 This file is part of pwmd.
7 Pwmd is free software: you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation, either version 2 of the License, or
10 (at your option) any later version.
12 Pwmd is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with Pwmd. If not, see <http://www.gnu.org/licenses/>.
20 #ifndef CRYPTO_H
21 #define CRYPTO_H
23 #include <assuan.h>
24 #include <gpg-error.h>
25 #include <sys/types.h>
26 #include <sys/stat.h>
27 #include <gcrypt.h>
29 #ifdef HAVE_STDINT_H
30 #include <stdint.h>
31 #elif defined (HAVE_INTTYPES_H)
32 #include <inttypes.h>
33 #endif
35 #ifdef WITH_AGENT
36 #include "agent.h"
37 #endif
39 #include "cipher.h"
41 #define DEFAULT_KDFS2K_ITERATIONS 1000
43 typedef struct
45 uint8_t magic[5];
46 uint32_t version;
47 uint64_t iterations;
48 uint64_t flags;
49 uint8_t iv[16];
50 uint8_t salt[8];
51 uint32_t datalen; /* of the encrypted xml */
52 } __attribute__ ((packed)) file_header_t;
54 struct save_s
56 gcry_sexp_t pkey; /* SAVE --keygrip */
57 gcry_sexp_t sigpkey; /* SAVE --sign-keygrip */
58 unsigned long s2k_count; /* SAVE|PASSWD --s2k-count */
59 file_header_t hdr;
60 uint64_t iterations; /* SAVE --cipher-iterations */
63 struct crypto_s
65 assuan_context_t client_ctx;
66 #ifdef WITH_AGENT
67 struct agent_s *agent;
68 #endif
69 struct save_s save;
70 gcry_sexp_t pkey_sexp;
71 unsigned char grip[20];
72 gcry_sexp_t sigpkey_sexp;
73 unsigned char sign_grip[20];
74 gcry_sexp_t ciphertext_sexp;
75 void *ciphertext;
76 size_t ciphertext_len;
77 void *plaintext;
78 size_t plaintext_len;
79 file_header_t hdr;
80 char *filename; /* the currently opened data file */
83 int use_agent;
84 #define IS_PKI(crypto) (use_agent && (crypto->hdr.flags & PWMD_FLAG_PKI))
86 void cleanup_save (struct save_s *save);
87 gpg_error_t encrypt_xml (assuan_context_t ctx, void *key, size_t keylen, int
88 algo, const void *xml, size_t len, void **result,
89 size_t * result_len, unsigned char **iv,
90 size_t * iv_len, uint64_t iterations);
91 gpg_error_t decrypt_cache (struct crypto_s *crypto, const void *data,
92 size_t len);
93 void set_header_defaults (file_header_t *);
94 gpg_error_t read_data_file (const char *filename, struct crypto_s *crypto);
95 gpg_error_t read_data_header (const char *filename, file_header_t * fh,
96 struct stat *st, int *fd);
97 gpg_error_t decrypt_data (assuan_context_t ctx, struct crypto_s *crypto,
98 unsigned char *salted_key, size_t keylen);
99 void cleanup_crypto_stage1 (struct crypto_s *cr);
100 void cleanup_crypto_stage2 (struct crypto_s *cr);
101 void cleanup_crypto (struct crypto_s **c);
102 gpg_error_t init_client_crypto (struct crypto_s **crypto);
103 gpg_error_t write_file (struct crypto_s *crypto, const char *filename,
104 void *data, size_t data_len, void *sexp,
105 size_t sexp_len, void *pubkey, void *sigpkey);
106 gpg_error_t export_common (assuan_context_t ctx, int inquire,
107 struct crypto_s * crypto, const void *data,
108 size_t datalen, const char *outfile,
109 const char *keyfile, void **rkey, size_t *rkeylen,
110 int use_cache, int force, int no_passphrase);
111 gpg_error_t decrypt_common (assuan_context_t ctx, int inquire,
112 struct crypto_s *crypto, const char *filename,
113 char **rkey, size_t *rkeylen);
114 gpg_error_t getpin_common (assuan_context_t ctx, const char *filename,
115 int which, char **rkey, size_t *rkeylen);
116 gpg_error_t save_common (const char *md5file, struct crypto_s *crypto,
117 const unsigned char *data, size_t datalen,
118 const unsigned char *key, size_t keylen, int *cached,
119 int no_agent);
120 gpg_error_t change_passwd (assuan_context_t ctx, const char *filename,
121 int inquire, struct crypto_s **rcrypto,
122 int no_passphrase);
123 gpg_error_t inquire_passphrase (assuan_context_t ctx, const char *keyword,
124 unsigned char **result, size_t *rlen);
125 gpg_error_t hash_key (int algo, unsigned char *salt, size_t salt_len,
126 const void *key, size_t keylen, void **result,
127 size_t *rlen);
129 #endif