libnm-core/crypto.h

   1 /* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
   2
   3 /*
   4  * Dan Williams <dcbw@redhat.com>
   5  *
   6  * This library is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 2 of the License, or (at your option) any later version.
  10  *
  11  * This library is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public
  17  * License along with this library; if not, write to the
  18  * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
  19  * Boston, MA 02110-1301 USA.
  20  *
  21  * Copyright 2007 - 2014 Red Hat, Inc.
  22  */
  23
  24 #ifndef __CRYPTO_H__
  25 #define __CRYPTO_H__
  26
  27 #include "nm-default.h"
  28
  29 #define MD5_HASH_LEN 20
  30 #define CIPHER_DES_EDE3_CBC "DES-EDE3-CBC"
  31 #define CIPHER_DES_CBC "DES-CBC"
  32 #define CIPHER_AES_CBC "AES-128-CBC"
  33
  34 typedef enum {
  35         NM_CRYPTO_KEY_TYPE_UNKNOWN = 0,
  36         NM_CRYPTO_KEY_TYPE_RSA,
  37         NM_CRYPTO_KEY_TYPE_DSA
  38 } NMCryptoKeyType;
  39
  40 typedef enum {
  41         NM_CRYPTO_FILE_FORMAT_UNKNOWN = 0,
  42         NM_CRYPTO_FILE_FORMAT_X509,
  43         NM_CRYPTO_FILE_FORMAT_RAW_KEY,
  44         NM_CRYPTO_FILE_FORMAT_PKCS12
  45 } NMCryptoFileFormat;
  46
  47 gboolean crypto_init (GError **error);
  48
  49 GByteArray *crypto_decrypt_openssl_private_key_data (const guint8 *data,
  50                                                      gsize data_len,
  51                                                      const char *password,
  52                                                      NMCryptoKeyType *out_key_type,
  53                                                      GError **error);
  54
  55 GByteArray *crypto_decrypt_openssl_private_key (const char *file,
  56                                                 const char *password,
  57                                                 NMCryptoKeyType *out_key_type,
  58                                                 GError **error);
  59
  60 GByteArray *crypto_load_and_verify_certificate (const char *file,
  61                                                 NMCryptoFileFormat *out_file_format,
  62                                                 GError **error);
  63
  64 gboolean crypto_is_pkcs12_file (const char *file, GError **error);
  65
  66 gboolean crypto_is_pkcs12_data (const guint8 *data, gsize len, GError **error);
  67
  68 NMCryptoFileFormat crypto_verify_private_key_data (const guint8 *data,
  69                                                    gsize data_len,
  70                                                    const char *password,
  71                                                    gboolean *out_is_encrypted,
  72                                                    GError **error);
  73
  74 NMCryptoFileFormat crypto_verify_private_key (const char *file,
  75                                               const char *password,
  76                                               gboolean *out_is_encrypted,
  77                                               GError **error);
  78
  79 /* Internal utils API bits for crypto providers */
  80
  81 void crypto_md5_hash (const char *salt,
  82                       gssize salt_len,
  83                       const char *password,
  84                       gssize password_len,
  85                       char *buffer,
  86                       gsize buflen);
  87
  88 char *crypto_make_des_aes_key (const char *cipher,
  89                                const char *salt,
  90                                const gsize salt_len,
  91                                const char *password,
  92                                gsize *out_len,
  93                                GError **error);
  94
  95 char * crypto_decrypt (const char *cipher,
  96                        int key_type,
  97                        const guint8 *data,
  98                        gsize data_len,
  99                        const char *iv,
 100                        const gsize iv_len,
 101                        const char *key,
 102                        const gsize key_len,
 103                        gsize *out_len,
 104                        GError **error);
 105
 106 char * crypto_encrypt (const char *cipher,
 107                        const guint8 *data,
 108                        gsize data_len,
 109                        const char *iv,
 110                        gsize iv_len,
 111                        const char *key,
 112                        gsize key_len,
 113                        gsize *out_len,
 114                        GError **error);
 115
 116 gboolean crypto_randomize (void *buffer, gsize buffer_len, GError **error);
 117
 118 NMCryptoFileFormat crypto_verify_cert (const guint8 *data,
 119                                        gsize len,
 120                                        GError **error);
 121
 122 gboolean crypto_verify_pkcs12 (const guint8 *data,
 123                                gsize data_len,
 124                                const char *password,
 125                                GError **error);
 126
 127 gboolean crypto_verify_pkcs8 (const guint8 *data,
 128                               gsize data_len,
 129                               gboolean is_encrypted,
 130                               const char *password,
 131                               GError **error);
 132
 133 #endif  /* __CRYPTO_H__ */