crypto.h 4.96 KB
Newer Older
1 2 3
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */

/*
4 5
 * Dan Williams <dcbw@redhat.com>
 *
6 7 8 9
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2 of the License, or (at your option) any later version.
10
 *
11
 * This library is distributed in the hope that it will be useful,
12
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 14
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
15
 *
16 17 18 19
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the
 * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 * Boston, MA 02110-1301 USA.
20
 *
21
 * Copyright 2007 - 2014 Red Hat, Inc.
22 23
 */

24 25 26
#ifndef __CRYPTO_H__
#define __CRYPTO_H__

27 28 29
#define MD5_HASH_LEN 20
#define CIPHER_DES_EDE3_CBC "DES-EDE3-CBC"
#define CIPHER_DES_CBC "DES-CBC"
30
#define CIPHER_AES_CBC "AES-128-CBC"
31 32 33

enum {
	NM_CRYPTO_ERR_NONE = 0,
34
	NM_CRYPTO_ERR_INIT_FAILED,
35
	NM_CRYPTO_ERR_CANT_READ_FILE,
36
	NM_CRYPTO_ERR_FILE_FORMAT_INVALID,
37 38 39 40 41 42 43 44 45 46 47
	NM_CRYPTO_ERR_CERT_FORMAT_INVALID,
	NM_CRYPTO_ERR_DECODE_FAILED,
	NM_CRYPTO_ERR_OUT_OF_MEMORY,
	NM_CRYPTO_ERR_UNKNOWN_KEY_TYPE,
	NM_CRYPTO_ERR_UNKNOWN_CIPHER,
	NM_CRYPTO_ERR_RAW_IV_INVALID,
	NM_CRYPTO_ERR_MD5_INIT_FAILED,
	NM_CRYPTO_ERR_CIPHER_INIT_FAILED,
	NM_CRYPTO_ERR_CIPHER_SET_KEY_FAILED,
	NM_CRYPTO_ERR_CIPHER_SET_IV_FAILED,
	NM_CRYPTO_ERR_CIPHER_DECRYPT_FAILED,
48
	NM_CRYPTO_ERR_INVALID_PASSWORD,
49 50
	NM_CRYPTO_ERR_CIPHER_ENCRYPT_FAILED,
	NM_CRYPTO_ERR_RANDOMIZE_FAILED
51 52
};

53
typedef enum {
54 55
	NM_CRYPTO_KEY_TYPE_UNKNOWN = 0,
	NM_CRYPTO_KEY_TYPE_RSA,
56
	NM_CRYPTO_KEY_TYPE_DSA
57
} NMCryptoKeyType;
58

59 60 61 62 63 64
typedef enum {
	NM_CRYPTO_FILE_FORMAT_UNKNOWN = 0,
	NM_CRYPTO_FILE_FORMAT_X509,
	NM_CRYPTO_FILE_FORMAT_RAW_KEY,
	NM_CRYPTO_FILE_FORMAT_PKCS12
} NMCryptoFileFormat;
65

66 67
#define NM_CRYPTO_ERROR _nm_crypto_error_quark ()
GQuark _nm_crypto_error_quark (void);
68 69 70

gboolean crypto_init (GError **error);

71 72 73 74
GByteArray *crypto_decrypt_private_key_data (const GByteArray *contents,
                                             const char *password,
                                             NMCryptoKeyType *out_key_type,
                                             GError **error);
75

76 77 78 79
GByteArray *crypto_decrypt_private_key (const char *file,
                                        const char *password,
                                        NMCryptoKeyType *out_key_type,
                                        GError **error);
80

81 82 83
GByteArray *crypto_load_and_verify_certificate (const char *file,
                                                NMCryptoFileFormat *out_file_format,
                                                GError **error);
84

85
gboolean crypto_is_pkcs12_file (const char *file, GError **error);
86 87 88

gboolean crypto_is_pkcs12_data (const GByteArray *data);

89 90 91 92 93 94 95
NMCryptoFileFormat crypto_verify_private_key_data (const GByteArray *contents,
                                                   const char *password,
                                                   GError **error);

NMCryptoFileFormat crypto_verify_private_key (const char *file,
                                              const char *password,
                                              GError **error);
96

97 98 99 100 101 102 103 104 105 106 107 108
/* Internal utils API bits for crypto providers */

gboolean crypto_md5_hash (const char *salt,
                          const gsize salt_len,
                          const char *password,
                          gsize password_len,
                          char *buffer,
                          gsize buflen,
                          GError **error);

char * crypto_decrypt (const char *cipher,
                       int key_type,
109
                       GByteArray *data,
110 111 112 113 114 115 116
                       const char *iv,
                       const gsize iv_len,
                       const char *key,
                       const gsize key_len,
                       gsize *out_len,
                       GError **error);

117 118 119 120 121 122 123 124 125 126 127
char * crypto_encrypt (const char *cipher,
                       const GByteArray *data,
                       const char *iv,
                       gsize iv_len,
                       const char *key,
                       gsize key_len,
                       gsize *out_len,
                       GError **error);

gboolean crypto_randomize (void *buffer, gsize buffer_len, GError **error);

128 129 130
NMCryptoFileFormat crypto_verify_cert (const unsigned char *data,
                                       gsize len,
                                       GError **error);
131

132 133 134
gboolean crypto_verify_pkcs12 (const GByteArray *data,
                               const char *password,
                               GError **error);
135

136 137 138 139 140
gboolean crypto_verify_pkcs8 (const GByteArray *data,
                              gboolean is_encrypted,
                              const char *password,
                              GError **error);

141
#endif  /* __CRYPTO_H__ */