Project

General

Profile

Statistics
| Branch: | Tag: | Revision:

gdp / ep / ep_crypto.h @ master

History | View | Annotate | Download (9.44 KB)

1 f80ae9c0 Eric Allman
/* vim: set ai sw=8 sts=8 ts=8 :*/
2
3
/***********************************************************************
4 055d3009 Eric Allman
**  ----- BEGIN LICENSE BLOCK -----
5
**        LIBEP: Enhanced Portability Library (Reduced Edition)
6
**
7 c87dd166 Eric Allman
**        Copyright (c) 2008-2019, Eric P. Allman.  All rights reserved.
8
**        Copyright (c) 2015-2019, Regents of the University of California.
9 6bd5476b Eric Allman
**        All rights reserved.
10 055d3009 Eric Allman
**
11 6bd5476b Eric Allman
**        Permission is hereby granted, without written agreement and without
12
**        license or royalty fees, to use, copy, modify, and distribute this
13
**        software and its documentation for any purpose, provided that the above
14
**        copyright notice and the following two paragraphs appear in all copies
15
**        of this software.
16 055d3009 Eric Allman
**
17 6bd5476b Eric Allman
**        IN NO EVENT SHALL REGENTS BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT,
18
**        SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST
19
**        PROFITS, ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION,
20
**        EVEN IF REGENTS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
21 055d3009 Eric Allman
**
22 6bd5476b Eric Allman
**        REGENTS SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, BUT NOT
23 055d3009 Eric Allman
**        LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 6bd5476b Eric Allman
**        FOR A PARTICULAR PURPOSE. THE SOFTWARE AND ACCOMPANYING DOCUMENTATION,
25
**        IF ANY, PROVIDED HEREUNDER IS PROVIDED "AS IS". REGENTS HAS NO
26
**        OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS,
27
**        OR MODIFICATIONS.
28 055d3009 Eric Allman
**  ----- END LICENSE BLOCK -----
29 f80ae9c0 Eric Allman
***********************************************************************/
30
31
#ifndef _EP_CRYPTO_H_
32
#define _EP_CRYPTO_H_
33
34
# include <ep/ep.h>
35
# include <ep/ep_statcodes.h>
36
37 f7307b63 Eric Allman
38
/*
39
**  At the moment this wraps openssl, but we could conceivably
40
**  in the future switch to another package, e.g., NaCl.
41
*/
42
43 e844af35 Eric Allman
__BEGIN_DECLS
44
45 f80ae9c0 Eric Allman
# include <openssl/evp.h>
46 e24c9b55 Eric Allman
# include <openssl/sha.h>
47 8ac0e880 Eric Allman
# include <openssl/opensslv.h>
48 f80ae9c0 Eric Allman
49 9a47c6c7 Eric Allman
50
/*
51
**  Configuration
52
*/
53
54 f7307b63 Eric Allman
# ifndef _EP_CRYPTO_INCLUDE_RSA
55
#  define _EP_CRYPTO_INCLUDE_RSA        1
56 9a47c6c7 Eric Allman
# endif
57 f7307b63 Eric Allman
# ifndef _EP_CRYPTO_INCLUDE_DSA
58 e57b2ceb Eric Allman
#  define _EP_CRYPTO_INCLUDE_DSA        1
59 9a47c6c7 Eric Allman
# endif
60 f7307b63 Eric Allman
# ifndef _EP_CRYPTO_INCLUDE_EC
61 b0136566 Eric Allman
#  define _EP_CRYPTO_INCLUDE_EC                1
62 9a47c6c7 Eric Allman
# endif
63 f7307b63 Eric Allman
# ifndef _EP_CRYPTO_INCLUDE_DH
64
#  define _EP_CRYPTO_INCLUDE_DH                0
65 9a47c6c7 Eric Allman
# endif
66 f7307b63 Eric Allman
# ifndef _EP_CRYPTO_INCLUDE_DER
67
#  define _EP_CRYPTO_INCLUDE_DER        1        // ASN.1
68 9a47c6c7 Eric Allman
# endif
69
70 f80ae9c0 Eric Allman
/*
71
**  General defines
72
*/
73
74
# define EP_CRYPTO_MAX_PUB_KEY        (1024 * 8)
75
# define EP_CRYPTO_MAX_SEC_KEY        (1024 * 8)
76
# define EP_CRYPTO_MAX_DIGEST        (512 / 8)
77 f7307b63 Eric Allman
# define EP_CRYPTO_MAX_DER        (1024 * 8)        //XXX should add a slop factor
78 9a47c6c7 Eric Allman
79 f7307b63 Eric Allman
80 3effd9ba Eric Allman
void                        ep_crypto_init(uint32_t flags);
81
82
void                        ep_crypto_random_buf(        // return random data
83
                                void *buf,                // into buf
84
                                size_t n);                // this many bytes
85 f7307b63 Eric Allman
86
87
/*
88 9a47c6c7 Eric Allman
**  Key Management
89
*/
90
91 d18b013a Eric Allman
# define EP_CRYPTO_KEY                EVP_PKEY
92
93 9a47c6c7 Eric Allman
// on-disk key formats
94 f7307b63 Eric Allman
# define EP_CRYPTO_KEYFORM_UNKNOWN        0        // error
95
# define EP_CRYPTO_KEYFORM_PEM                1        // PEM (text)
96
# define EP_CRYPTO_KEYFORM_DER                2        // DER (binary ASN.1)
97 9a47c6c7 Eric Allman
98 8712047f Eric Allman
// asymmetric key types
99 7cf6cc1c Eric Allman
# define EP_CRYPTO_KEYTYPE_UNKNOWN        -1        // error
100
# define EP_CRYPTO_KEYTYPE_NULL                0        // NULL (no encryption)
101 f7307b63 Eric Allman
# define EP_CRYPTO_KEYTYPE_RSA                1        // RSA
102
# define EP_CRYPTO_KEYTYPE_DSA                2        // DSA
103
# define EP_CRYPTO_KEYTYPE_EC                3        // Elliptic curve
104
# define EP_CRYPTO_KEYTYPE_DH                4        // Diffie-Hellman
105 9a47c6c7 Eric Allman
106 8712047f Eric Allman
// symmetric key type (used to encrypt secret asymmetric keys)
107
# define EP_CRYPTO_SYMKEY_NONE                0        // error/unencrypted, MBZ
108
# define EP_CRYPTO_SYMKEY_AES128        1        // Advanced Encr Std 128
109
# define EP_CRYPTO_SYMKEY_AES192        2        // Advanced Encr Std 192
110
# define EP_CRYPTO_SYMKEY_AES256        3        // Advanced Encr Std 256
111
# define EP_CRYPTO_SYMKEY_CAMELLIA128        4        // Camellia 128
112
# define EP_CRYPTO_SYMKEY_CAMELLIA192        5        // Camellia 192
113
# define EP_CRYPTO_SYMKEY_CAMELLIA256        6        // Camellia 256
114
# define EP_CRYPTO_SYMKEY_DES                7        // single Data Encr Std
115
# define EP_CRYPTO_SYMKEY_3DES                8        // triple Data Encr Std
116
# define EP_CRYPTO_SYMKEY_IDEA                9        // Int'l Data Encr Alg
117
118
# define EP_CRYPTO_SYMKEY_MASK                0xff
119 d18b013a Eric Allman
120 9a47c6c7 Eric Allman
// flag bits
121 f7307b63 Eric Allman
# define EP_CRYPTO_F_PUBLIC                0x0000        // public key (no flags set)
122
# define EP_CRYPTO_F_SECRET                0x0001        // secret key
123 9a47c6c7 Eric Allman
124
// limits
125
# define EP_CRYPTO_KEY_MINLEN_RSA        1024
126
127 b0136566 Eric Allman
void                        ep_crypto_key_print(
128
                                EP_CRYPTO_KEY *key,
129
                                FILE *fp,
130
                                uint32_t flags);
131
132 9a47c6c7 Eric Allman
EP_CRYPTO_KEY                *ep_crypto_key_create(
133 f7307b63 Eric Allman
                                int keytype,
134
                                int keylen,
135
                                int keyexp,
136
                                const char *curve);
137 b0136566 Eric Allman
void                        ep_crypto_key_free(
138
                                EP_CRYPTO_KEY *key);
139
140 9a47c6c7 Eric Allman
EP_CRYPTO_KEY                *ep_crypto_key_read_file(
141
                                const char *filename,
142
                                int keyform,
143
                                uint32_t flags);
144
EP_CRYPTO_KEY                *ep_crypto_key_read_fp(
145
                                FILE *fp,
146
                                const char *filename,
147
                                int keyform,
148
                                uint32_t flags);
149 f7307b63 Eric Allman
EP_CRYPTO_KEY                *ep_crypto_key_read_mem(
150 400217d7 Eric Allman
                                const void *buf,
151 f7307b63 Eric Allman
                                size_t buflen,
152
                                int keyform,
153
                                uint32_t flags);
154 b0136566 Eric Allman
155 f7307b63 Eric Allman
EP_STAT                        ep_crypto_key_write_file(
156
                                EP_CRYPTO_KEY *key,
157
                                const char *filename,
158
                                int keyform,
159 d18b013a Eric Allman
                                int keyenc,
160
                                const char *passwd,
161 f7307b63 Eric Allman
                                uint32_t flags);
162
EP_STAT                        ep_crypto_key_write_fp(
163
                                EP_CRYPTO_KEY *key,
164
                                FILE *fp,
165
                                int keyform,
166 d18b013a Eric Allman
                                int keyenc,
167
                                const char *passwd,
168 f7307b63 Eric Allman
                                uint32_t flags);
169
EP_STAT                        ep_crypto_key_write_mem(
170
                                EP_CRYPTO_KEY *key,
171
                                void *buf,
172
                                size_t bufsize,
173
                                int keyform,
174 d18b013a Eric Allman
                                int keyenc,
175
                                const char *passwd,
176 f7307b63 Eric Allman
                                uint32_t flags);
177 b0136566 Eric Allman
178 d18b013a Eric Allman
int                        ep_crypto_keyenc_byname(
179
                                const char *enc_alg_str);
180
const char                *ep_crypto_keyenc_name(
181
                                int enc_alg);
182
183 400217d7 Eric Allman
EP_STAT                        ep_crypto_key_compat(
184
                                const EP_CRYPTO_KEY *pubkey,
185
                                const EP_CRYPTO_KEY *seckey);
186 f7307b63 Eric Allman
int                        ep_crypto_keyform_byname(
187 9a47c6c7 Eric Allman
                                const char *fmt);
188 42d9d20e Eric Allman
int                        ep_crypto_keytype_fromkey(
189 f7307b63 Eric Allman
                                EP_CRYPTO_KEY *key);
190 42d9d20e Eric Allman
int                        ep_crypto_keytype_byname(
191 f7307b63 Eric Allman
                                const char *alg_name);
192 b0136566 Eric Allman
const char                *ep_crypto_keytype_name(
193
                                int keytype);
194 9a47c6c7 Eric Allman
195 f80ae9c0 Eric Allman
196
/*
197
**  Message Digests
198 03834a8b Eric Allman
**
199
**        Note that the cryptographic context (EP_CRYPTO_MD) is
200
**        also used for signing and verification.
201 f80ae9c0 Eric Allman
*/
202
203
# define EP_CRYPTO_MD                EVP_MD_CTX
204 03834a8b Eric Allman
# define EP_CRYPTO_MD_MAXSIZE        EVP_MAX_MD_SIZE
205 f80ae9c0 Eric Allman
206 f7307b63 Eric Allman
// digest algorithms (no more than 4 bits)
207 f80ae9c0 Eric Allman
# define EP_CRYPTO_MD_NULL        0
208
# define EP_CRYPTO_MD_SHA1        1
209
# define EP_CRYPTO_MD_SHA224        2
210
# define EP_CRYPTO_MD_SHA256        3
211
# define EP_CRYPTO_MD_SHA384        4
212
# define EP_CRYPTO_MD_SHA512        5
213 cea1adbd Eric Allman
# define EP_CRYPTO_MD_RIPEMD160        6
214 f80ae9c0 Eric Allman
215 1042a70f Eric Allman
EP_STAT                        ep_crypto_md_new(
216
                                int md_alg_id,
217
                                EP_CRYPTO_MD **pmd);
218 f80ae9c0 Eric Allman
EP_CRYPTO_MD                *ep_crypto_md_clone(
219
                                EP_CRYPTO_MD *base_md);
220
void                        ep_crypto_md_free(
221
                                EP_CRYPTO_MD *md);
222 b0136566 Eric Allman
223 f80ae9c0 Eric Allman
EP_STAT                        ep_crypto_md_update(
224
                                EP_CRYPTO_MD *md,
225 8cfe4117 Eric Allman
                                const void *data,
226 f80ae9c0 Eric Allman
                                size_t dsize);
227
EP_STAT                        ep_crypto_md_final(
228
                                EP_CRYPTO_MD *md,
229
                                void *dbuf,
230
                                size_t *dbufsize);
231 b0136566 Eric Allman
232 f80ae9c0 Eric Allman
int                        ep_crypto_md_type(
233
                                EP_CRYPTO_MD *md);
234 b0136566 Eric Allman
int                        ep_crypto_md_alg_byname(
235
                                const char *algname);
236
const char                *ep_crypto_md_alg_name(
237
                                int md_alg);
238 cea1adbd Eric Allman
int                        ep_crypto_md_len(
239
                                int md_alg_id);
240 f80ae9c0 Eric Allman
241 e24c9b55 Eric Allman
void                        ep_crypto_md_sha256(
242
                                const void *data,
243
                                size_t glen,
244
                                uint8_t *out);
245
246 f7307b63 Eric Allman
// private
247
const EVP_MD                *_ep_crypto_md_getalg_byid(
248
                                int md_alg_id);
249
250 f80ae9c0 Eric Allman
/*
251
**  Signing and Verification
252 03834a8b Eric Allman
**
253
**        Note that these operate on EP_CRYPTO_MD structures.
254 f80ae9c0 Eric Allman
*/
255
256 a66f3ca5 Eric Allman
# define EP_CRYPTO_MAX_SIG        (16384 / 8)        // in bytes
257 f80ae9c0 Eric Allman
258 1042a70f Eric Allman
EP_STAT                        ep_crypto_sign_new(
259 f7307b63 Eric Allman
                                EP_CRYPTO_KEY *skey,
260 1042a70f Eric Allman
                                int md_alg_id,
261
                                EP_CRYPTO_MD **pmd);
262 f80ae9c0 Eric Allman
void                        ep_crypto_sign_free(
263
                                EP_CRYPTO_MD *md);
264
EP_STAT                        ep_crypto_sign_update(
265
                                EP_CRYPTO_MD *md,
266
                                void *dbuf,
267
                                size_t dbufsize);
268
EP_STAT                        ep_crypto_sign_final(
269
                                EP_CRYPTO_MD *md,
270
                                void *sbuf,
271
                                size_t *sbufsize);
272 03834a8b Eric Allman
void                        ep_crypto_sign_free(
273
                                EP_CRYPTO_MD *md);
274 f80ae9c0 Eric Allman
275 1042a70f Eric Allman
EP_STAT                        ep_crypto_vrfy_new(
276 f80ae9c0 Eric Allman
                                EP_CRYPTO_KEY *pkey,
277 1042a70f Eric Allman
                                int md_alg_id,
278
                                EP_CRYPTO_MD **pmd);
279 f80ae9c0 Eric Allman
void                        ep_crypto_vrfy_free(
280
                                EP_CRYPTO_MD *md);
281
EP_STAT                        ep_crypto_vrfy_update(
282
                                EP_CRYPTO_MD *md,
283
                                void *dbuf,
284
                                size_t dbufsize);
285
EP_STAT                        ep_crypto_vrfy_final(
286
                                EP_CRYPTO_MD *md,
287
                                void *obuf,
288
                                size_t obufsize);
289 03834a8b Eric Allman
void                        ep_crypto_vrfy_free(
290
                                EP_CRYPTO_MD *md);
291 f80ae9c0 Eric Allman
292
293
/*
294 8712047f Eric Allman
**  Symmetric Ciphers
295
**        Algorithm definitions are above
296
*/
297
298
typedef struct ep_crypto_cipher_ctx        EP_CRYPTO_CIPHER_CTX;
299
300
#define EP_CRYPTO_MODE_CBC        0x100                // Cipher Block Chaining
301
#define EP_CRYPTO_MODE_CFB        0x200                // Cipher Feedback
302
#define EP_CRYPTO_MODE_OFB        0x300                // Output Feedback
303
304
#define EP_CRYPTO_MODE_MASK        0xf00                // mask for cipher mode
305
306 ac90b0f6 Eric Allman
/*
307
**        The cipher is set to encrypt or decrypt when the context
308
**        is created.
309
**
310
**        ep_crypto_cipher_crypt is just shorthand for a single
311 7023c91a Eric Allman
**        call to ep_crypto_cipher_update followed by a single
312
**        call to ep_crypto_cipher_final.  Final pads out any
313 ac90b0f6 Eric Allman
**        remaining block and returns that data.
314
*/
315
316 8712047f Eric Allman
EP_CRYPTO_CIPHER_CTX        *ep_crypto_cipher_new(
317 ac90b0f6 Eric Allman
                                uint32_t ciphertype,        // mode + keytype & len
318
                                uint8_t *key,                // the key
319
                                uint8_t *iv,                // initialization vector
320
                                bool enc);                // true => encrypt
321 8712047f Eric Allman
void                        ep_crypto_cipher_free(
322
                                EP_CRYPTO_CIPHER_CTX *cipher);
323
324
EP_STAT                        ep_crypto_cipher_crypt(
325
                                EP_CRYPTO_CIPHER_CTX *cipher,
326 ac90b0f6 Eric Allman
                                void *in,                // input data
327
                                size_t inlen,                // input length
328
                                void *out,                // output buffer
329
                                size_t outlen);                // output buf size
330 7023c91a Eric Allman
EP_STAT                        ep_crypto_cipher_update(
331 8712047f Eric Allman
                                EP_CRYPTO_CIPHER_CTX *cipher,
332 ac90b0f6 Eric Allman
                                void *in,                // input data
333
                                size_t inlen,                // input length
334
                                void *out,                // output buffer
335
                                size_t outlen);                // output buf size
336 7023c91a Eric Allman
EP_STAT                        ep_crypto_cipher_final(
337 8712047f Eric Allman
                                EP_CRYPTO_CIPHER_CTX *cipher,
338 ac90b0f6 Eric Allman
                                void *out,                // output buffer
339
                                size_t outlen);                // output buf size
340 8712047f Eric Allman
341
342
/*
343 42d9d20e Eric Allman
**  Error Handling (private)
344 f80ae9c0 Eric Allman
*/
345
346 970aa77d Eric Allman
EP_STAT                        _ep_crypto_error(
347
                                EP_STAT estat_default,
348
                                const char *msg, ...);
349 f80ae9c0 Eric Allman
350 8ac0e880 Eric Allman
351
/*
352
**  Back compatilibity with old versions of OpenSSL
353 2f1080ba Eric Allman
**        "EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were renamed to
354
**         EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1."
355
**
356
**        LibreSSL uses the old names, and OpenSSL has compatibility macros,
357
**        so stick with old names.
358 8ac0e880 Eric Allman
*/
359
360 2f1080ba Eric Allman
//#if OPENSSL_VERSION_NUMBER < 0x010100000
361
//# define EVP_MD_CTX_new                EVP_MD_CTX_create
362
//# define EVP_MD_CTX_free        EVP_MD_CTX_destroy
363
//#endif
364 8ac0e880 Eric Allman
365 e844af35 Eric Allman
__END_DECLS
366
367 f80ae9c0 Eric Allman
#endif // _EP_CRYPTO_H_