libnm-util/crypto.h

   1 /* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
   2
   3 /*
   4  * Dan Williams <dcbw@redhat.com>
   5  *
   6  * This library is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 2 of the License, or (at your option) any later version.
  10  *
  11  * This library is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public
  17  * License along with this library; if not, write to the
  18  * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
  19  * Boston, MA 02110-1301 USA.
  20  *
  21  * Copyright 2007 - 2014 Red Hat, Inc.
  22  */
  23
  24 #ifndef __CRYPTO_H__
  25 #define __CRYPTO_H__
  26
  27 #include "nm-default.h"
  28
  29 #define MD5_HASH_LEN 20
  30 #define CIPHER_DES_EDE3_CBC "DES-EDE3-CBC"
  31 #define CIPHER_DES_CBC "DES-CBC"
  32 #define CIPHER_AES_CBC "AES-128-CBC"
  33
  34 enum {
  35         NM_CRYPTO_ERR_NONE = 0,
  36         NM_CRYPTO_ERR_INIT_FAILED,
  37         NM_CRYPTO_ERR_CANT_READ_FILE,
  38         NM_CRYPTO_ERR_FILE_FORMAT_INVALID,
  39         NM_CRYPTO_ERR_CERT_FORMAT_INVALID,
  40         NM_CRYPTO_ERR_DECODE_FAILED,
  41         NM_CRYPTO_ERR_OUT_OF_MEMORY,
  42         NM_CRYPTO_ERR_UNKNOWN_KEY_TYPE,
  43         NM_CRYPTO_ERR_UNKNOWN_CIPHER,
  44         NM_CRYPTO_ERR_RAW_IV_INVALID,
  45         NM_CRYPTO_ERR_MD5_INIT_FAILED,
  46         NM_CRYPTO_ERR_CIPHER_INIT_FAILED,
  47         NM_CRYPTO_ERR_CIPHER_SET_KEY_FAILED,
  48         NM_CRYPTO_ERR_CIPHER_SET_IV_FAILED,
  49         NM_CRYPTO_ERR_CIPHER_DECRYPT_FAILED,
  50         NM_CRYPTO_ERR_INVALID_PASSWORD,
  51         NM_CRYPTO_ERR_CIPHER_ENCRYPT_FAILED,
  52         NM_CRYPTO_ERR_RANDOMIZE_FAILED
  53 };
  54
  55 typedef enum {
  56         NM_CRYPTO_KEY_TYPE_UNKNOWN = 0,
  57         NM_CRYPTO_KEY_TYPE_RSA,
  58         NM_CRYPTO_KEY_TYPE_DSA
  59 } NMCryptoKeyType;
  60
  61 typedef enum {
  62         NM_CRYPTO_FILE_FORMAT_UNKNOWN = 0,
  63         NM_CRYPTO_FILE_FORMAT_X509,
  64         NM_CRYPTO_FILE_FORMAT_RAW_KEY,
  65         NM_CRYPTO_FILE_FORMAT_PKCS12
  66 } NMCryptoFileFormat;
  67
  68 #define NM_CRYPTO_ERROR _nm_crypto_error_quark ()
  69 GQuark _nm_crypto_error_quark (void);
  70
  71 gboolean crypto_init (GError **error);
  72
  73 GByteArray *crypto_decrypt_private_key_data (const GByteArray *contents,
  74                                              const char *password,
  75                                              NMCryptoKeyType *out_key_type,
  76                                              GError **error);
  77
  78 GByteArray *crypto_decrypt_private_key (const char *file,
  79                                         const char *password,
  80                                         NMCryptoKeyType *out_key_type,
  81                                         GError **error);
  82
  83 GByteArray *crypto_load_and_verify_certificate (const char *file,
  84                                                 NMCryptoFileFormat *out_file_format,
  85                                                 GError **error);
  86
  87 gboolean crypto_is_pkcs12_file (const char *file, GError **error);
  88
  89 gboolean crypto_is_pkcs12_data (const GByteArray *data);
  90
  91 NMCryptoFileFormat crypto_verify_private_key_data (const GByteArray *contents,
  92                                                    const char *password,
  93                                                    GError **error);
  94
  95 NMCryptoFileFormat crypto_verify_private_key (const char *file,
  96                                               const char *password,
  97                                               GError **error);
  98
  99 /* Internal utils API bits for crypto providers */
 100
 101 gboolean crypto_md5_hash (const char *salt,
 102                           const gsize salt_len,
 103                           const char *password,
 104                           gsize password_len,
 105                           char *buffer,
 106                           gsize buflen,
 107                           GError **error);
 108
 109 char * crypto_decrypt (const char *cipher,
 110                        int key_type,
 111                        GByteArray *data,
 112                        const char *iv,
 113                        const gsize iv_len,
 114                        const char *key,
 115                        const gsize key_len,
 116                        gsize *out_len,
 117                        GError **error);
 118
 119 char * crypto_encrypt (const char *cipher,
 120                        const GByteArray *data,
 121                        const char *iv,
 122                        gsize iv_len,
 123                        const char *key,
 124                        gsize key_len,
 125                        gsize *out_len,
 126                        GError **error);
 127
 128 gboolean crypto_randomize (void *buffer, gsize buffer_len, GError **error);
 129
 130 NMCryptoFileFormat crypto_verify_cert (const unsigned char *data,
 131                                        gsize len,
 132                                        GError **error);
 133
 134 gboolean crypto_verify_pkcs12 (const GByteArray *data,
 135                                const char *password,
 136                                GError **error);
 137
 138 gboolean crypto_verify_pkcs8 (const GByteArray *data,
 139                               gboolean is_encrypted,
 140                               const char *password,
 141                               GError **error);
 142
 143 #endif  /* __CRYPTO_H__ */