1 /* 2 BAREOS® - Backup Archiving REcovery Open Sourced 3 4 Copyright (C) 2005-2007 Free Software Foundation Europe e.V. 5 Copyright (C) 2016-2016 Bareos GmbH & Co. KG 6 7 This program is Free Software; you can redistribute it and/or 8 modify it under the terms of version three of the GNU Affero General Public 9 License as published by the Free Software Foundation and included 10 in the file LICENSE. 11 12 This program is distributed in the hope that it will be useful, but 13 WITHOUT ANY WARRANTY; without even the implied warranty of 14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 Affero General Public License for more details. 16 17 You should have received a copy of the GNU Affero General Public License 18 along with this program; if not, write to the Free Software 19 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 20 02110-1301, USA. 21 */ 22 /* 23 * Author: Landon Fuller <landonf@opendarwin.org> 24 */ 25 /** 26 * @file 27 * crypto.h Encryption support functions 28 */ 29 30 #ifndef BAREOS_LIB_CRYPTO_H_ 31 #define BAREOS_LIB_CRYPTO_H_ 32 33 class alist; 34 35 /* Opaque X509 Public/Private Key Pair Structure */ 36 typedef struct X509_Keypair X509_KEYPAIR; 37 38 /* Opaque Message Digest Structure */ 39 /* Digest is defined (twice) in crypto.c */ 40 typedef struct Digest DIGEST; 41 42 /* Opaque Message Signature Structure */ 43 typedef struct Signature SIGNATURE; 44 45 /* Opaque PKI Symmetric Key Data Structure */ 46 typedef struct Crypto_Session CRYPTO_SESSION; 47 48 /* Opaque Encryption/Decryption Context Structure */ 49 typedef struct Cipher_Context CIPHER_CONTEXT; 50 51 /* PEM Decryption Passphrase Callback */ 52 typedef int(CRYPTO_PEM_PASSWD_CB)(char* buf, int size, const void* userdata); 53 54 /** Server TLS-PSK callback */ 55 typedef int(CRYPTO_TLS_PSK_SERVER_CB)(const char* identity, 56 unsigned char* psk, 57 unsigned int max_psk_len); 58 59 /** Client TLS-PSK callback */ 60 typedef int(CRYPTO_TLS_PSK_CLIENT_CB)(char* identity, 61 unsigned int max_identity_len, 62 unsigned char* psk, 63 unsigned int max_psk_len); 64 65 /* Digest Types */ 66 typedef enum 67 { 68 /* These are stored on disk and MUST NOT change */ 69 CRYPTO_DIGEST_NONE = 0, 70 CRYPTO_DIGEST_MD5 = 1, 71 CRYPTO_DIGEST_SHA1 = 2, 72 CRYPTO_DIGEST_SHA256 = 3, 73 CRYPTO_DIGEST_SHA512 = 4 74 } crypto_digest_t; 75 76 /* Cipher Types */ 77 typedef enum 78 { 79 /* These are not stored on disk */ 80 CRYPTO_CIPHER_NONE = 0, 81 CRYPTO_CIPHER_BLOWFISH_CBC = 1, 82 CRYPTO_CIPHER_3DES_CBC = 2, 83 CRYPTO_CIPHER_AES_128_CBC = 3, 84 CRYPTO_CIPHER_AES_192_CBC = 4, 85 CRYPTO_CIPHER_AES_256_CBC = 5, 86 CRYPTO_CIPHER_CAMELLIA_128_CBC = 6, 87 CRYPTO_CIPHER_CAMELLIA_192_CBC = 7, 88 CRYPTO_CIPHER_CAMELLIA_256_CBC = 8, 89 CRYPTO_CIPHER_AES_128_CBC_HMAC_SHA1 = 9, 90 CRYPTO_CIPHER_AES_256_CBC_HMAC_SHA1 = 10 91 } crypto_cipher_t; 92 93 /* Crypto API Errors */ 94 typedef enum 95 { 96 CRYPTO_ERROR_NONE = 0, /* No error */ 97 CRYPTO_ERROR_NOSIGNER = 1, /* Signer not found */ 98 CRYPTO_ERROR_NORECIPIENT = 2, /* Recipient not found */ 99 CRYPTO_ERROR_INVALID_DIGEST = 3, /* Unsupported digest algorithm */ 100 CRYPTO_ERROR_INVALID_CRYPTO = 4, /* Unsupported encryption algorithm */ 101 CRYPTO_ERROR_BAD_SIGNATURE = 5, /* Signature is invalid */ 102 CRYPTO_ERROR_DECRYPTION = 6, /* Decryption error */ 103 CRYPTO_ERROR_INTERNAL = 7 /* Internal Error */ 104 } crypto_error_t; 105 106 /* Message Digest Sizes */ 107 #define CRYPTO_DIGEST_MD5_SIZE 16 /* 128 bits */ 108 #define CRYPTO_DIGEST_SHA1_SIZE 20 /* 160 bits */ 109 #define CRYPTO_DIGEST_SHA256_SIZE 32 /* 256 bits */ 110 #define CRYPTO_DIGEST_SHA512_SIZE 64 /* 512 bits */ 111 112 /* Maximum Message Digest Size */ 113 #ifdef HAVE_OPENSSL 114 115 #define CRYPTO_DIGEST_MAX_SIZE 64 116 #define CRYPTO_CIPHER_MAX_BLOCK_SIZE 32 117 118 #else /* HAVE_OPENSSL */ 119 120 /** 121 * This must be kept in sync with the available message digest algorithms. 122 * Just in case someone forgets, I've added assertions 123 * to CryptoDigestFinalize(). 124 * MD5: 128 bits 125 * SHA-1: 160 bits 126 */ 127 #ifndef HAVE_SHA2 128 #define CRYPTO_DIGEST_MAX_SIZE CRYPTO_DIGEST_SHA1_SIZE 129 #else 130 #define CRYPTO_DIGEST_MAX_SIZE CRYPTO_DIGEST_SHA512_SIZE 131 #endif 132 133 /* Dummy Value */ 134 #define CRYPTO_CIPHER_MAX_BLOCK_SIZE 0 135 136 #endif /* HAVE_OPENSSL */ 137 138 int InitCrypto(void); 139 int CleanupCrypto(void); 140 DIGEST* crypto_digest_new(JobControlRecord* jcr, crypto_digest_t type); 141 bool CryptoDigestUpdate(DIGEST* digest, const uint8_t* data, uint32_t length); 142 bool CryptoDigestFinalize(DIGEST* digest, uint8_t* dest, uint32_t* length); 143 void CryptoDigestFree(DIGEST* digest); 144 SIGNATURE* crypto_sign_new(JobControlRecord* jcr); 145 crypto_error_t CryptoSignGetDigest(SIGNATURE* sig, 146 X509_KEYPAIR* keypair, 147 crypto_digest_t& algorithm, 148 DIGEST** digest); 149 crypto_error_t CryptoSignVerify(SIGNATURE* sig, 150 X509_KEYPAIR* keypair, 151 DIGEST* digest); 152 int CryptoSignAddSigner(SIGNATURE* sig, DIGEST* digest, X509_KEYPAIR* keypair); 153 int CryptoSignEncode(SIGNATURE* sig, uint8_t* dest, uint32_t* length); 154 SIGNATURE* crypto_sign_decode(JobControlRecord* jcr, 155 const uint8_t* sigData, 156 uint32_t length); 157 void CryptoSignFree(SIGNATURE* sig); 158 CRYPTO_SESSION* crypto_session_new(crypto_cipher_t cipher, alist* pubkeys); 159 void CryptoSessionFree(CRYPTO_SESSION* cs); 160 bool CryptoSessionEncode(CRYPTO_SESSION* cs, uint8_t* dest, uint32_t* length); 161 crypto_error_t CryptoSessionDecode(const uint8_t* data, 162 uint32_t length, 163 alist* keypairs, 164 CRYPTO_SESSION** session); 165 CRYPTO_SESSION* CryptoSessionDecode(const uint8_t* data, uint32_t length); 166 CIPHER_CONTEXT* crypto_cipher_new(CRYPTO_SESSION* cs, 167 bool encrypt, 168 uint32_t* blocksize); 169 bool CryptoCipherUpdate(CIPHER_CONTEXT* cipher_ctx, 170 const uint8_t* data, 171 uint32_t length, 172 const uint8_t* dest, 173 uint32_t* written); 174 bool CryptoCipherFinalize(CIPHER_CONTEXT* cipher_ctx, 175 uint8_t* dest, 176 uint32_t* written); 177 void CryptoCipherFree(CIPHER_CONTEXT* cipher_ctx); 178 X509_KEYPAIR* crypto_keypair_new(void); 179 X509_KEYPAIR* crypto_keypair_dup(X509_KEYPAIR* keypair); 180 int CryptoKeypairLoadCert(X509_KEYPAIR* keypair, const char* file); 181 bool CryptoKeypairHasKey(const char* file); 182 int CryptoKeypairLoadKey(X509_KEYPAIR* keypair, 183 const char* file, 184 CRYPTO_PEM_PASSWD_CB* pem_callback, 185 const void* pem_userdata); 186 void CryptoKeypairFree(X509_KEYPAIR* keypair); 187 int CryptoDefaultPemCallback(char* buf, int size, const void* userdata); 188 const char* crypto_digest_name(crypto_digest_t type); 189 const char* crypto_digest_name(DIGEST* digest); 190 crypto_digest_t CryptoDigestStreamType(int stream); 191 const char* crypto_strerror(crypto_error_t error); 192 193 #endif /* BAREOS_LIB_CRYPTO_H_ */ 194