1 /*- 2 * Copyright (c) 2009 The NetBSD Foundation, Inc. 3 * All rights reserved. 4 * 5 * This code is derived from software contributed to The NetBSD Foundation 6 * by Alistair Crooks (agc@NetBSD.org) 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 19 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 20 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 21 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 */ 29 /* 30 * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) 31 * All rights reserved. 32 * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted 33 * their moral rights under the UK Copyright Design and Patents Act 1988 to 34 * be recorded as the authors of this copyright work. 35 * 36 * Licensed under the Apache License, Version 2.0 (the "License"); you may not 37 * use this file except in compliance with the License. 38 * 39 * You may obtain a copy of the License at 40 * http://www.apache.org/licenses/LICENSE-2.0 41 * 42 * Unless required by applicable law or agreed to in writing, software 43 * distributed under the License is distributed on an "AS IS" BASIS, 44 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 45 * 46 * See the License for the specific language governing permissions and 47 * limitations under the License. 48 */ 49 50 /** \file 51 */ 52 53 #ifndef OPS_CRYPTO_H 54 #define OPS_CRYPTO_H 55 56 #include "keyring.h" 57 #include "packet.h" 58 #include "packet-parse.h" 59 60 #include <openssl/dsa.h> 61 62 #define OPS_MIN_HASH_SIZE 16 63 64 typedef void __ops_hash_init_t(__ops_hash_t *); 65 typedef void __ops_hash_add_t(__ops_hash_t *, const unsigned char *, unsigned); 66 typedef unsigned __ops_hash_finish_t(__ops_hash_t *, unsigned char *); 67 68 /** _ops_hash_t */ 69 struct _ops_hash_t { 70 __ops_hash_alg_t alg; 71 size_t size; 72 const char *name; 73 __ops_hash_init_t *init; 74 __ops_hash_add_t *add; 75 __ops_hash_finish_t *finish; 76 void *data; 77 }; 78 79 typedef void __ops_crypt_set_iv_t(__ops_crypt_t *, const unsigned char *); 80 typedef void __ops_crypt_set_key_t(__ops_crypt_t *, const unsigned char *); 81 typedef void __ops_crypt_init_t(__ops_crypt_t *); 82 typedef void __ops_crypt_resync_t(__ops_crypt_t *); 83 typedef void __ops_blkenc_t(__ops_crypt_t *, void *, const void *); 84 typedef void __ops_blkdec_t(__ops_crypt_t *, void *, const void *); 85 typedef void __ops_crypt_cfb_encrypt_t(__ops_crypt_t *, void *, const void *, size_t); 86 typedef void __ops_crypt_cfb_decrypt_t(__ops_crypt_t *, void *, const void *, size_t); 87 typedef void __ops_crypt_finish_t(__ops_crypt_t *); 88 89 /** _ops_crypt_t */ 90 struct _ops_crypt_t { 91 __ops_symm_alg_t alg; 92 size_t blocksize; 93 size_t keysize; 94 __ops_crypt_set_iv_t *set_iv; /* Call this before decrypt init! */ 95 __ops_crypt_set_key_t *set_key; /* Call this before init! */ 96 __ops_crypt_init_t *base_init; 97 __ops_crypt_resync_t *decrypt_resync; 98 /* encrypt/decrypt one block */ 99 __ops_blkenc_t *block_encrypt; 100 __ops_blkdec_t *block_decrypt; 101 102 /* Standard CFB encrypt/decrypt (as used by Sym Enc Int Prot packets) */ 103 __ops_crypt_cfb_encrypt_t *cfb_encrypt; 104 __ops_crypt_cfb_decrypt_t *cfb_decrypt; 105 106 __ops_crypt_finish_t *decrypt_finish; 107 unsigned char iv[OPS_MAX_BLOCK_SIZE]; 108 unsigned char civ[OPS_MAX_BLOCK_SIZE]; 109 unsigned char siv[OPS_MAX_BLOCK_SIZE]; /* Needed for weird v3 110 * resync */ 111 unsigned char key[OPS_MAX_KEY_SIZE]; 112 int num; /* Offset - see openssl _encrypt doco */ 113 void *encrypt_key; 114 void *decrypt_key; 115 }; 116 117 void __ops_crypto_init(void); 118 void __ops_crypto_finish(void); 119 void __ops_hash_md5(__ops_hash_t *); 120 void __ops_hash_sha1(__ops_hash_t *); 121 void __ops_hash_sha256(__ops_hash_t *); 122 void __ops_hash_sha512(__ops_hash_t *); 123 void __ops_hash_sha384(__ops_hash_t *); 124 void __ops_hash_sha224(__ops_hash_t *); 125 void __ops_hash_any(__ops_hash_t *, __ops_hash_alg_t); 126 __ops_hash_alg_t __ops_str_to_hash_alg(const char *); 127 const char *__ops_text_from_hash(__ops_hash_t *); 128 unsigned __ops_hash_size(__ops_hash_alg_t); 129 unsigned __ops_hash(unsigned char *, __ops_hash_alg_t, const void *, size_t); 130 131 void __ops_hash_add_int(__ops_hash_t *, unsigned, unsigned); 132 133 bool __ops_dsa_verify(const unsigned char *, size_t, const __ops_dsa_sig_t *, const __ops_dsa_pubkey_t *); 134 135 int __ops_rsa_public_decrypt(unsigned char *, const unsigned char *, size_t, const __ops_rsa_pubkey_t *); 136 int __ops_rsa_public_encrypt(unsigned char *, const unsigned char *, size_t, const __ops_rsa_pubkey_t *); 137 138 int __ops_rsa_private_encrypt(unsigned char *, const unsigned char *, size_t, const __ops_rsa_seckey_t *, const __ops_rsa_pubkey_t *); 139 int __ops_rsa_private_decrypt(unsigned char *, const unsigned char *, size_t, const __ops_rsa_seckey_t *, const __ops_rsa_pubkey_t *); 140 141 unsigned __ops_block_size(__ops_symm_alg_t); 142 unsigned __ops_key_size(__ops_symm_alg_t); 143 144 int __ops_decrypt_data(__ops_content_tag_t, __ops_region_t *, __ops_parseinfo_t *); 145 146 int __ops_crypt_any(__ops_crypt_t *, __ops_symm_alg_t); 147 void __ops_decrypt_init(__ops_crypt_t *); 148 void __ops_encrypt_init(__ops_crypt_t *); 149 size_t __ops_decrypt_se(__ops_crypt_t *, void *, const void *, size_t); 150 size_t __ops_encrypt_se(__ops_crypt_t *, void *, const void *, size_t); 151 size_t __ops_decrypt_se_ip(__ops_crypt_t *, void *, const void *, size_t); 152 size_t __ops_encrypt_se_ip(__ops_crypt_t *, void *, const void *, size_t); 153 bool __ops_is_sa_supported(__ops_symm_alg_t); 154 155 void __ops_reader_push_decrypt(__ops_parseinfo_t *, __ops_crypt_t *, __ops_region_t *); 156 void __ops_reader_pop_decrypt(__ops_parseinfo_t *); 157 158 /* Hash everything that's read */ 159 void __ops_reader_push_hash(__ops_parseinfo_t *, __ops_hash_t *); 160 void __ops_reader_pop_hash(__ops_parseinfo_t *); 161 162 int __ops_decrypt_and_unencode_mpi(unsigned char *, unsigned, const BIGNUM *, const __ops_seckey_t *); 163 bool __ops_rsa_encrypt_mpi(const unsigned char *, const size_t, const __ops_pubkey_t *, __ops_pk_sesskey_parameters_t *); 164 165 /* Encrypt everything that's written */ 166 struct __ops_key_data; 167 void __ops_writer_push_encrypt(__ops_createinfo_t *, const struct __ops_key_data *); 168 169 bool __ops_encrypt_file(const char *, const char *, const __ops_keydata_t *, const bool, const bool); 170 bool __ops_decrypt_file(const char *, const char *, __ops_keyring_t *, const bool, const bool, __ops_parse_cb_t *); 171 172 /* Keys */ 173 bool __ops_rsa_generate_keypair(const int, const unsigned long, __ops_keydata_t *); 174 __ops_keydata_t *__ops_rsa_create_selfsigned_keypair(const int, const unsigned long, __ops_user_id_t *); 175 176 int __ops_dsa_size(const __ops_dsa_pubkey_t *); 177 DSA_SIG *__ops_dsa_sign(unsigned char *, unsigned, const __ops_dsa_seckey_t *, const __ops_dsa_pubkey_t *); 178 179 #endif 180