Apache2
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
apr_crypto.h
Go to the documentation of this file.
1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2  * contributor license agreements. See the NOTICE file distributed with
3  * this work for additional information regarding copyright ownership.
4  * The ASF licenses this file to You under the Apache License, Version 2.0
5  * (the "License"); you may not use this file except in compliance with
6  * the License. You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef APR_CRYPTO_H
18 #define APR_CRYPTO_H
19 
20 #include "apu.h"
21 #include "apr_pools.h"
22 #include "apr_tables.h"
23 #include "apr_hash.h"
24 #include "apu_errno.h"
25 #include "apr_thread_proc.h"
26 
27 #ifdef __cplusplus
28 extern "C" {
29 #endif
30 
41 #if APU_HAVE_CRYPTO || defined(DOXYGEN)
42 
43 #ifndef APU_CRYPTO_RECOMMENDED_DRIVER
44 #if APU_HAVE_COMMONCRYPTO
45 
46 #define APU_CRYPTO_RECOMMENDED_DRIVER "commoncrypto"
47 #else
48 #if APU_HAVE_OPENSSL
49 
50 #define APU_CRYPTO_RECOMMENDED_DRIVER "openssl"
51 #else
52 #if APU_HAVE_NSS
53 
54 #define APU_CRYPTO_RECOMMENDED_DRIVER "nss"
55 #else
56 #if APU_HAVE_MSCNG
57 
58 #define APU_CRYPTO_RECOMMENDED_DRIVER "mscng"
59 #else
60 #if APU_HAVE_MSCAPI
61 
62 #define APU_CRYPTO_RECOMMENDED_DRIVER "mscapi"
63 #else
64 #endif
65 #endif
66 #endif
67 #endif
68 #endif
69 #endif
70 
115 typedef enum
116 {
123 
127 typedef enum
128 {
134 
138 typedef enum
139 {
148 
160 
167 
173 typedef struct apr_crypto_t apr_crypto_t;
174 
180 
188 
197 
204 
212  int keysize;
216  int ivsize;
218 
226 
236 typedef struct apr_crypto_passphrase_t {
238  const char *pass;
242  const unsigned char * salt;
248 
259 typedef struct apr_crypto_secret_t {
263  const unsigned char *secret;
267 
275 typedef struct apr_crypto_key_hash_t {
279 
287 typedef struct apr_crypto_key_hmac_t {
289  const unsigned char *secret;
295 
303 typedef struct apr_crypto_key_cmac_t {
305  const unsigned char *secret;
311 
318 typedef struct apr_crypto_digest_hash_t {
320  unsigned char *s;
326 
333 typedef struct apr_crypto_digest_sign_t {
335  unsigned char *s;
341 
350  unsigned char *s;
354  const unsigned char *v;
360 
365 typedef enum {
397 
402 typedef enum {
424 
432 typedef struct apr_crypto_key_rec_t {
440  int pad;
442  union {
475  } k;
477 
487 typedef struct apr_crypto_digest_rec_t {
491  union {
495  } d;
497 
505 
506 /* TODO: doxygen */
508  const char **version);
510  const char *params,
511  const apu_err_t **result,
512  apr_pool_t *pool);
513 APR_DECLARE(apr_status_t) apr_crypto_lib_term(const char *name);
514 APR_DECLARE(int) apr_crypto_lib_is_active(const char *name);
515 
524  apr_size_t size);
525 
534 
544 APR_DECLARE(int) apr_crypto_equals(const void *buf1, const void *buf2,
545  apr_size_t size);
546 
566  const apr_crypto_driver_t **driver,
567  const char *name, const char *params, const apu_err_t **result,
568  apr_pool_t *pool);
569 
576 APR_DECLARE(const char *) apr_crypto_driver_name(
577  const apr_crypto_driver_t *driver);
578 
587  const apr_crypto_t *f);
588 
605  const apr_crypto_driver_t *driver, const char *params,
606  apr_pool_t *pool);
607 
618  const apr_crypto_t *f);
619 
630  const apr_crypto_t *f);
631 
642  const apr_crypto_t *f);
643 
652 
661 
683  const apr_crypto_key_rec_t *rec, const apr_crypto_t *f, apr_pool_t *p);
684 
718  apr_size_t *ivSize, const char *pass, apr_size_t passLen,
719  const unsigned char * salt, apr_size_t saltLen,
720  const apr_crypto_block_key_type_e type,
721  const apr_crypto_block_key_mode_e mode, const int doPad,
722  const int iterations, const apr_crypto_t *f, apr_pool_t *p);
723 
742  apr_crypto_block_t **ctx, const unsigned char **iv,
743  const apr_crypto_key_t *key, apr_size_t *blockSize, apr_pool_t *p);
744 
765  apr_size_t *outlen, const unsigned char *in, apr_size_t inlen,
766  apr_crypto_block_t *ctx);
767 
788  apr_size_t *outlen, apr_crypto_block_t *ctx);
789 
805  apr_crypto_block_t **ctx, apr_size_t *blockSize,
806  const unsigned char *iv, const apr_crypto_key_t *key, apr_pool_t *p);
807 
828  apr_size_t *outlen, const unsigned char *in, apr_size_t inlen,
829  apr_crypto_block_t *ctx);
830 
851  apr_size_t *outlen, apr_crypto_block_t *ctx);
852 
860 
896 
908  const unsigned char *in, apr_size_t inlen);
909 
930 
947  apr_crypto_digest_rec_t *rec, const unsigned char *in, apr_size_t inlen,
948  apr_pool_t *p);
949 
957 
965 
973  const apr_crypto_driver_t *driver);
974 
975 #if APU_HAVE_CRYPTO_PRNG
976 
997 #define APR_CRYPTO_PRNG_SEED_SIZE 32
998 
999 #define APR_CRYPTO_PRNG_LOCKED (0x1)
1000 #define APR_CRYPTO_PRNG_PER_THREAD (0x2)
1001 #define APR_CRYPTO_PRNG_MASK (0x3)
1002 
1004 typedef struct apr_crypto_prng_t apr_crypto_prng_t;
1005 
1018 APR_DECLARE(apr_status_t) apr_crypto_prng_init(apr_pool_t *pool,
1019  apr_size_t bufsize,
1020  const unsigned char seed[],
1021  int flags);
1027 APR_DECLARE(apr_status_t) apr_crypto_prng_term(void);
1028 
1037 APR_DECLARE(apr_status_t) apr_crypto_random_bytes(void *buf, apr_size_t len);
1038 
1039 #if APR_HAS_THREADS
1040 
1050 APR_DECLARE(apr_status_t) apr_crypto_random_thread_bytes(void *buf,
1051  apr_size_t len);
1052 #endif
1053 
1072 APR_DECLARE(apr_status_t) apr_crypto_prng_create(apr_crypto_prng_t **pcprng,
1073  apr_size_t bufsize, int flags,
1074  const unsigned char seed[],
1075  apr_pool_t *pool);
1076 
1083 APR_DECLARE(apr_status_t) apr_crypto_prng_destroy(apr_crypto_prng_t *cprng);
1084 
1091 APR_DECLARE(apr_status_t) apr_crypto_prng_rekey(apr_crypto_prng_t *cprng);
1092 
1101 APR_DECLARE(apr_status_t) apr_crypto_prng_reseed(apr_crypto_prng_t *cprng,
1102  const unsigned char seed[]);
1103 
1104 #if APR_HAS_FORK
1105 #define APR_CRYPTO_FORK_INPARENT 0
1106 #define APR_CRYPTO_FORK_INCHILD 1
1107 
1118 APR_DECLARE(apr_status_t) apr_crypto_prng_after_fork(apr_crypto_prng_t *cprng,
1119  int flags);
1120 #endif
1121 
1130 APR_DECLARE(apr_status_t) apr_crypto_prng_bytes(apr_crypto_prng_t *cprng,
1131  void *buf, apr_size_t len);
1132 
1133 #endif /* APU_HAVE_CRYPTO_PRNG */
1134 
1135 #endif /* APU_HAVE_CRYPTO */
1136 
1139 #ifdef __cplusplus
1140 }
1141 #endif
1142 
1143 #endif
int pad
Definition: apr_crypto.h:440
struct apr_crypto_block_key_digest_t apr_crypto_block_key_digest_t
size_t apr_size_t
Definition: apr.h:375
Definition: apr_crypto.h:208
struct apr_crypto_block_key_mode_t apr_crypto_block_key_mode_t
Definition: apr_crypto.h:415
Definition: apr_crypto.h:140
apr_crypto_block_key_digest_e type
Definition: apr_crypto.h:154
apr_crypto_digest_type_e dtype
Definition: apr_crypto.h:489
apr_size_t saltLen
Definition: apr_crypto.h:244
Definition: apr_crypto.h:333
apr_crypto_digest_sign_t sign
Definition: apr_crypto.h:493
const unsigned char * secret
Definition: apr_crypto.h:305
Definition: apr_crypto.h:432
struct apr_crypto_key_t apr_crypto_key_t
Definition: apr_crypto.h:187
apr_crypto_block_key_type_e type
Definition: apr_crypto.h:436
apr_status_t apr_crypto_digest(const apr_crypto_key_t *key, apr_crypto_digest_rec_t *rec, const unsigned char *in, apr_size_t inlen, apr_pool_t *p)
One shot digest on a single memory buffer.
Definition: apr_crypto.h:222
apr_status_t apr_crypto_block_encrypt_init(apr_crypto_block_t **ctx, const unsigned char **iv, const apr_crypto_key_t *key, apr_size_t *blockSize, apr_pool_t *p)
Initialise a context for encrypting arbitrary data using the given key.
apr_status_t apr_crypto_get_block_key_types(apr_hash_t **types, const apr_crypto_t *f)
Get a hash table of key types, keyed by the name of the type against a pointer to apr_crypto_block_ke...
apr_bucket_brigade request_rec apr_pool_t * pool
Definition: mod_dav.h:552
struct apr_crypto_t apr_crypto_t
Definition: apr_crypto.h:173
apr_size_t secretLen
Definition: apr_crypto.h:265
apr_status_t apr_crypto_key(apr_crypto_key_t **key, const apr_crypto_key_rec_t *rec, const apr_crypto_t *f, apr_pool_t *p)
Create a key from the provided secret or passphrase. The key is cleaned up when the context is cleane...
apr_size_t vlen
Definition: apr_crypto.h:356
Definition: apr_crypto.h:318
apr_crypto_block_key_type_e type
Definition: apr_crypto.h:210
Definition: apr_crypto.h:408
Definition: apr_crypto.h:118
APR Hash Tables.
apr_status_t apr_crypto_clear(apr_pool_t *pool, void *buffer, apr_size_t size)
Zero out the buffer provided when the pool is cleaned up.
apr_status_t apr_crypto_block_encrypt(unsigned char **out, apr_size_t *outlen, const unsigned char *in, apr_size_t inlen, apr_crypto_block_t *ctx)
Encrypt data provided by in, write it to out.
struct apr_crypto_digest_t apr_crypto_digest_t
Definition: apr_crypto.h:203
apr_crypto_key_type
Definition: apr_crypto.h:365
Definition: apr_crypto.h:144
apr_crypto_digest_verify_t verify
Definition: apr_crypto.h:494
Definition: apr_crypto.h:395
int blocksize
Definition: apr_crypto.h:214
Definition: apr_crypto.h:152
APR-Util Error Codes.
apr_crypto_block_key_digest_e digest
Definition: apr_crypto.h:324
Definition: apr_crypto.h:130
Definition: apr_crypto.h:259
Definition: apr_crypto.h:131
apr_crypto_block_key_mode_e
Definition: apr_crypto.h:127
Definition: apr_crypto.h:129
union apr_crypto_digest_rec_t::@15 d
dav_buffer apr_size_t size
Definition: mod_dav.h:457
struct apr_crypto_key_rec_t apr_crypto_key_rec_t
apr_status_t apr_crypto_get_driver(const apr_crypto_driver_t **driver, const char *name, const char *params, const apu_err_t **result, apr_pool_t *pool)
Get the driver struct for a name.
apr_size_t slen
Definition: apr_crypto.h:337
Definition: apr_crypto.h:145
Definition: apr_crypto.h:487
int iterations
Definition: apr_crypto.h:246
apr_status_t apr_crypto_block_encrypt_finish(unsigned char *out, apr_size_t *outlen, apr_crypto_block_t *ctx)
Encrypt final data block, write it to out.
APR memory allocation.
Definition: apr_crypto.h:236
Definition: apr_crypto.h:142
struct apr_crypto_driver_t apr_crypto_driver_t
Definition: apr_crypto.h:166
Definition: apr_crypto.h:141
const unsigned char * salt
Definition: apr_crypto.h:242
apr_crypto_key_hash_t hash
Definition: apr_crypto.h:462
apr_size_t secretLen
Definition: apr_crypto.h:291
apr_crypto_secret_t secret
Definition: apr_crypto.h:456
apr_crypto_digest_rec_t * apr_crypto_digest_rec_make(apr_crypto_digest_type_e dtype, apr_pool_t *p)
Create a digest record to be passed to apr_crypto_digest_init().
apr_size_t slen
Definition: apr_crypto.h:322
APR Table library.
apr_status_t apr_crypto_get_block_key_modes(apr_hash_t **modes, const apr_crypto_t *f)
Get a hash table of key modes, keyed by the name of the mode against a pointer to apr_crypto_block_ke...
int apr_crypto_lib_is_active(const char *name)
int digestsize
Definition: apr_crypto.h:156
union apr_crypto_key_rec_t::@14 k
struct apr_crypto_key_cmac_t apr_crypto_key_cmac_t
apr_crypto_digest_type_e
Definition: apr_crypto.h:402
struct apr_crypto_secret_t apr_crypto_secret_t
apr_crypto_key_type ktype
Definition: apr_crypto.h:434
Definition: apr_crypto.h:389
Definition: apr_crypto.h:117
Definition: apr_crypto.h:117
struct apr_crypto_digest_rec_t apr_crypto_digest_rec_t
unsigned char * s
Definition: apr_crypto.h:320
apr_crypto_block_key_type_e
Definition: apr_crypto.h:115
Definition: apr_crypto.h:371
struct apr_crypto_block_t apr_crypto_block_t
Definition: apr_crypto.h:196
apr_size_t secretLen
Definition: apr_crypto.h:307
unsigned char * s
Definition: apr_crypto.h:350
apr_status_t apr_crypto_init(apr_pool_t *pool)
Perform once-only initialisation. Call once only.
apr_crypto_block_key_digest_e digest
Definition: apr_crypto.h:309
struct apr_crypto_block_key_type_t apr_crypto_block_key_type_t
struct apr_hash_t apr_hash_t
Definition: apr_hash.h:52
const unsigned char * v
Definition: apr_crypto.h:354
const char * pass
Definition: apr_crypto.h:238
apr_crypto_digest_hash_t hash
Definition: apr_crypto.h:492
apr_pool_t * p
unsigned char * s
Definition: apr_crypto.h:335
const unsigned char * secret
Definition: apr_crypto.h:289
apr_status_t apr_crypto_memzero(void *buffer, apr_size_t size)
Always zero out the buffer provided, without being optimized out by the compiler. ...
apr_status_t apr_crypto_make(apr_crypto_t **f, const apr_crypto_driver_t *driver, const char *params, apr_pool_t *pool)
Create a context for supporting encryption. Keys, certificates, algorithms and other parameters will ...
APR Thread and Process Library.
struct apr_crypto_key_hash_t apr_crypto_key_hash_t
apr_status_t apr_crypto_cleanup(apr_crypto_t *f)
Clean encryption / decryption context.
Definition: apr_crypto.h:120
apr_size_t passLen
Definition: apr_crypto.h:240
apr_status_t apr_crypto_error(const apu_err_t **result, const apr_crypto_t *f)
Get the result of the last operation on a context. If the result is NULL, the operation was successfu...
apr_status_t apr_crypto_passphrase(apr_crypto_key_t **key, apr_size_t *ivSize, const char *pass, apr_size_t passLen, const unsigned char *salt, apr_size_t saltLen, const apr_crypto_block_key_type_e type, const apr_crypto_block_key_mode_e mode, const int doPad, const int iterations, const apr_crypto_t *f, apr_pool_t *p)
Create a key from the given passphrase. By default, the PBKDF2 algorithm is used to generate the key ...
Definition: apr_crypto.h:422
struct apr_crypto_digest_sign_t apr_crypto_digest_sign_t
apr_crypto_block_key_digest_e digest
Definition: apr_crypto.h:358
apr_status_t apr_crypto_lib_term(const char *name)
Definition: apr_crypto.h:383
apr_crypto_passphrase_t passphrase
Definition: apr_crypto.h:449
Definition: apr_crypto.h:303
#define APR_DECLARE(x)
Definition: macros.h:6
struct apr_crypto_digest_verify_t apr_crypto_digest_verify_t
const char * apr_crypto_driver_name(const apr_crypto_driver_t *driver)
Return the name of the driver.
apr_crypto_block_key_digest_e
Definition: apr_crypto.h:138
apr_status_t apr_crypto_digest_cleanup(apr_crypto_digest_t *ctx)
Clean digest context.
struct apr_crypto_key_hmac_t apr_crypto_key_hmac_t
apr_crypto_block_key_digest_e digest
Definition: apr_crypto.h:293
apr_crypto_block_key_digest_e digest
Definition: apr_crypto.h:339
apr_status_t apr_crypto_digest_final(apr_crypto_digest_t *digest)
Finalise the digest and write the result.
apr_status_t apr_crypto_lib_version(const char *name, const char **version)
const char * name
Definition: mod_dav.h:726
Definition: apu_errno.h:169
apr_status_t apr_crypto_digest_init(apr_crypto_digest_t **d, const apr_crypto_key_t *key, apr_crypto_digest_rec_t *rec, apr_pool_t *p)
Initialise a context for hashing, signing or verifying arbitrary data.
apr_status_t apr_crypto_block_cleanup(apr_crypto_block_t *ctx)
Clean encryption / decryption context.
struct apr_crypto_digest_hash_t apr_crypto_digest_hash_t
int ivsize
Definition: apr_crypto.h:216
apr_crypto_key_cmac_t cmac
Definition: apr_crypto.h:474
struct apr_pool_t apr_pool_t
Definition: apr_pools.h:60
int blocksize
Definition: apr_crypto.h:158
Definition: apr_crypto.h:377
apr_crypto_key_hmac_t hmac
Definition: apr_crypto.h:468
int apr_crypto_equals(const void *buf1, const void *buf2, apr_size_t size)
Timing attacks safe buffers comparison, where the executing time does not depend on the bytes compare...
int apr_status_t
Definition: apr_errno.h:44
apr_status_t apr_crypto_block_decrypt(unsigned char **out, apr_size_t *outlen, const unsigned char *in, apr_size_t inlen, apr_crypto_block_t *ctx)
Decrypt data provided by in, write it to out.
apr_crypto_block_key_digest_e digest
Definition: apr_crypto.h:277
apr_status_t apr_crypto_digest_update(apr_crypto_digest_t *digest, const unsigned char *in, apr_size_t inlen)
Update the digest with data provided by in.
apr_status_t apr_crypto_shutdown(const apr_crypto_driver_t *driver)
Shutdown the crypto library.
Definition: apr_crypto.h:348
apr_crypto_block_key_mode_e mode
Definition: apr_crypto.h:438
struct apr_crypto_config_t apr_crypto_config_t
Definition: apr_crypto.h:179
apr_crypto_key_rec_t * apr_crypto_key_rec_make(apr_crypto_key_type ktype, apr_pool_t *p)
Create a key record to be passed to apr_crypto_key().
Definition: apr_crypto.h:119
apr_crypto_block_key_mode_e mode
Definition: apr_crypto.h:224
apr_status_t apr_crypto_lib_init(const char *name, const char *params, const apu_err_t **result, apr_pool_t *pool)
Definition: apr_crypto.h:275
dav_resource int dav_locktoken dav_response int flags
Definition: mod_dav.h:1346
Definition: apr_crypto.h:287
const unsigned char * secret
Definition: apr_crypto.h:263
Definition: apr_crypto.h:143
Definition: apr_crypto.h:146
apr_size_t slen
Definition: apr_crypto.h:352
apr_status_t apr_crypto_block_decrypt_init(apr_crypto_block_t **ctx, apr_size_t *blockSize, const unsigned char *iv, const apr_crypto_key_t *key, apr_pool_t *p)
Initialise a context for decrypting arbitrary data using the given key.
apr_status_t apr_crypto_block_decrypt_finish(unsigned char *out, apr_size_t *outlen, apr_crypto_block_t *ctx)
Decrypt final data block, write it to out.
int keysize
Definition: apr_crypto.h:212
struct apr_crypto_passphrase_t apr_crypto_passphrase_t
apr_status_t apr_crypto_get_block_key_digests(apr_hash_t **digests, const apr_crypto_t *f)
Get a hash table of key digests, keyed by the name of the digest against a pointer to apr_crypto_bloc...