src/crypto.h

   1 /*
   2     Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015
   3     Ben Kibbey <bjk@luxsci.net>
   4
   5     This file is part of pwmd.
   6
   7     Pwmd is free software: you can redistribute it and/or modify
   8     it under the terms of the GNU General Public License as published by
   9     the Free Software Foundation, either version 2 of the License, or
  10     (at your option) any later version.
  11
  12     Pwmd is distributed in the hope that it will be useful,
  13     but WITHOUT ANY WARRANTY; without even the implied warranty of
  14     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15     GNU General Public License for more details.
  16
  17     You should have received a copy of the GNU General Public License
  18     along with Pwmd.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20 #ifndef CRYPTO_H
  21 #define CRYPTO_H
  22
  23 #include <assuan.h>
  24 #include <gpg-error.h>
  25 #include <sys/types.h>
  26 #include <sys/stat.h>
  27 #include <gcrypt.h>
  28
  29 #ifdef HAVE_STDINT_H
  30 #include <stdint.h>
  31 #elif defined (HAVE_INTTYPES_H)
  32 #include <inttypes.h>
  33 #endif
  34
  35 #ifdef WITH_AGENT
  36 #include "agent.h"
  37 #endif
  38
  39 #include "cipher.h"
  40
  41 #define DEFAULT_KDFS2K_ITERATIONS 5000000
  42 #define COMPAT_KDFS2K_ITERATIONS 1000
  43
  44 typedef struct
  45 {
  46   uint8_t magic[5];
  47   uint32_t version;
  48   uint64_t s2k_count;
  49   uint64_t flags;
  50   uint8_t iv[16];
  51   uint8_t salt[8];
  52   uint32_t datalen;             /* of the encrypted xml */
  53 } __attribute__ ((packed)) file_header_t;
  54
  55 struct save_s
  56 {
  57   gcry_sexp_t pkey;             /* SAVE --keygrip */
  58   gcry_sexp_t sigpkey;          /* SAVE --sign-keygrip */
  59   file_header_t hdr;
  60 };
  61
  62 struct crypto_s
  63 {
  64   assuan_context_t client_ctx;
  65 #ifdef WITH_AGENT
  66   struct agent_s *agent;
  67 #endif
  68   struct save_s save;
  69   gcry_sexp_t pkey_sexp;
  70   unsigned char grip[20];
  71   gcry_sexp_t sigpkey_sexp;
  72   unsigned char sign_grip[20];
  73   gcry_sexp_t ciphertext_sexp;
  74   void *ciphertext;
  75   size_t ciphertext_len;
  76   void *plaintext;
  77   size_t plaintext_len;
  78   file_header_t hdr;
  79   char *filename;               /* the currently opened data file */
  80 };
  81
  82 int use_agent;
  83 #define IS_PKI(crypto) (use_agent && (crypto->hdr.flags & PWMD_FLAG_PKI))
  84
  85 void cleanup_save (struct save_s *save);
  86 gpg_error_t encrypt_xml (assuan_context_t ctx, void *key, size_t keylen, int
  87                          algo, const void *xml, size_t len, void **result,
  88                          size_t * result_len, unsigned char **iv,
  89                          size_t * iv_len);
  90 gpg_error_t decrypt_cache (struct crypto_s *crypto, const void *data,
  91                            size_t len);
  92 gpg_error_t read_data_file (const char *filename, struct crypto_s *crypto);
  93 gpg_error_t read_data_header (const char *filename, file_header_t * fh,
  94                               struct stat *st, int *fd);
  95 gpg_error_t decrypt_data (assuan_context_t ctx, struct crypto_s *crypto,
  96                           unsigned char *salted_key, size_t keylen);
  97 void cleanup_crypto_stage1 (struct crypto_s *cr);
  98 void cleanup_crypto_stage2 (struct crypto_s *cr);
  99 void cleanup_crypto (struct crypto_s **c);
 100 gpg_error_t init_client_crypto (struct crypto_s **crypto);
 101 gpg_error_t write_file (struct crypto_s *crypto, const char *filename,
 102                         void *data, size_t data_len, void *sexp,
 103                         size_t sexp_len, void *pubkey, void *sigpkey);
 104 gpg_error_t export_common (assuan_context_t ctx, int inquire,
 105                            struct crypto_s * crypto, const void *data,
 106                            size_t datalen, const char *outfile,
 107                            const char *keyfile, void **rkey, size_t *rkeylen,
 108                            int use_cache, int force, int no_passphrase);
 109 gpg_error_t decrypt_common (assuan_context_t ctx, int inquire,
 110                             struct crypto_s *crypto, const char *filename,
 111                             void **salted_key, size_t *salted_keysize,
 112                             unsigned char **rkey, size_t *rkeylen);
 113 gpg_error_t getpin_common (assuan_context_t ctx, const char *filename,
 114                            int which, char **rkey, size_t *rkeylen);
 115 gpg_error_t save_common (const char *md5file, struct crypto_s *crypto,
 116                          const unsigned char *data, size_t datalen,
 117                          const unsigned char *key, size_t keylen, int *cached,
 118                          int no_agent);
 119 gpg_error_t change_passwd (assuan_context_t ctx, const char *filename,
 120                            int inquire, struct crypto_s **rcrypto,
 121                            int no_passphrase);
 122 gpg_error_t inquire_passphrase (assuan_context_t ctx, const char *keyword,
 123                                 unsigned char **result, size_t *rlen);
 124 gpg_error_t hash_key (int algo, unsigned char *salt, size_t salt_len,
 125                       const void *key, size_t keylen, void **result,
 126                       size_t *rlen, uint64_t iterations);
 127 gpg_error_t crypto_try_decrypt (assuan_context_t ctx, int inquire, const char *filename,
 128                                 struct crypto_s **rcrypto, unsigned char **key,
 129                                 size_t *rlen);
 130
 131 #endif