apr_crypto.h

Go to the documentation of this file.

/* Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#ifndef APR_CRYPTO_H
#define APR_CRYPTO_H

#include "apu.h"
#include "apr_pools.h"
#include "apr_tables.h"
#include "apr_hash.h"
#include "apu_errno.h"
#include "apr_thread_proc.h"

#ifdef __cplusplus
extern "C" {
#endif

#if APU_HAVE_CRYPTO || defined(DOXYGEN)

#ifndef APU_CRYPTO_RECOMMENDED_DRIVER
#if APU_HAVE_COMMONCRYPTO

#define APU_CRYPTO_RECOMMENDED_DRIVER "commoncrypto"
#else
#if APU_HAVE_OPENSSL

#define APU_CRYPTO_RECOMMENDED_DRIVER "openssl"
#else
#if APU_HAVE_NSS

#define APU_CRYPTO_RECOMMENDED_DRIVER "nss"
#else
#if APU_HAVE_MSCNG

#define APU_CRYPTO_RECOMMENDED_DRIVER "mscng"
#else
#if APU_HAVE_MSCAPI

#define APU_CRYPTO_RECOMMENDED_DRIVER "mscapi"
#else
#endif
#endif
#endif
#endif
#endif
#endif

typedef enum
{
    APR_KEY_NONE, APR_KEY_3DES_192, 
    APR_KEY_AES_128, 
    APR_KEY_AES_192, 
    APR_KEY_AES_256
} apr_crypto_block_key_type_e;

typedef enum
{
    APR_MODE_NONE, 
    APR_MODE_ECB, 
    APR_MODE_CBC
} apr_crypto_block_key_mode_e;

typedef enum
{
    APR_CRYPTO_DIGEST_NONE, 
    APR_CRYPTO_DIGEST_MD5, 
    APR_CRYPTO_DIGEST_SHA1, 
    APR_CRYPTO_DIGEST_SHA224, 
    APR_CRYPTO_DIGEST_SHA256, 
    APR_CRYPTO_DIGEST_SHA384, 
    APR_CRYPTO_DIGEST_SHA512, 
} apr_crypto_block_key_digest_e;

typedef struct apr_crypto_block_key_digest_t {
    apr_crypto_block_key_digest_e type;
    int digestsize;
    int blocksize;
} apr_crypto_block_key_digest_t;

typedef enum
{   
    APR_CRYPTO_CIPHER_AUTO, 
    APR_CRYPTO_CIPHER_AES_256_CTR, 
    APR_CRYPTO_CIPHER_CHACHA20_CTR, 
} apr_crypto_cipher_e;

typedef struct apr_crypto_driver_t apr_crypto_driver_t;

typedef struct apr_crypto_t apr_crypto_t;

typedef struct apr_crypto_config_t apr_crypto_config_t;

typedef struct apr_crypto_key_t apr_crypto_key_t;

typedef struct apr_crypto_block_t apr_crypto_block_t;

typedef struct apr_crypto_digest_t apr_crypto_digest_t;

typedef struct apr_crypto_block_key_type_t {
    apr_crypto_block_key_type_e type;
    int keysize;
    int blocksize;
    int ivsize;
} apr_crypto_block_key_type_t;

typedef struct apr_crypto_block_key_mode_t {
    apr_crypto_block_key_mode_e mode;
} apr_crypto_block_key_mode_t;

typedef struct apr_crypto_passphrase_t {
    const char *pass;
    apr_size_t passLen;
    const unsigned char * salt;
    apr_size_t saltLen;
    int iterations;
} apr_crypto_passphrase_t;

typedef struct apr_crypto_secret_t {
    const unsigned char *secret;
    apr_size_t secretLen;
} apr_crypto_secret_t;

typedef struct apr_crypto_key_hash_t {
    apr_crypto_block_key_digest_e digest;
} apr_crypto_key_hash_t;

typedef struct apr_crypto_key_hmac_t {
    const unsigned char *secret;
    apr_size_t secretLen;
    apr_crypto_block_key_digest_e digest;
} apr_crypto_key_hmac_t;

typedef struct apr_crypto_key_cmac_t {
    const unsigned char *secret;
    apr_size_t secretLen;
    apr_crypto_block_key_digest_e digest;
} apr_crypto_key_cmac_t;

typedef struct apr_crypto_digest_hash_t {
    unsigned char *s;
    apr_size_t slen;
    apr_crypto_block_key_digest_e digest;
} apr_crypto_digest_hash_t;

typedef struct apr_crypto_digest_sign_t {
    unsigned char *s;
    apr_size_t slen;
    apr_crypto_block_key_digest_e digest;
} apr_crypto_digest_sign_t;

typedef struct apr_crypto_digest_verify_t {
    unsigned char *s;
    apr_size_t slen;
    const unsigned char *v;
    apr_size_t vlen;
    apr_crypto_block_key_digest_e digest;
} apr_crypto_digest_verify_t;

typedef enum {
    APR_CRYPTO_KTYPE_PASSPHRASE     = 1,
    APR_CRYPTO_KTYPE_SECRET         = 2,
    APR_CRYPTO_KTYPE_HASH           = 3,
    APR_CRYPTO_KTYPE_HMAC           = 4,
    APR_CRYPTO_KTYPE_CMAC           = 5,
} apr_crypto_key_type;

typedef enum {
    APR_CRYPTO_DTYPE_HASH   = 1,
    APR_CRYPTO_DTYPE_SIGN     = 2,
    APR_CRYPTO_DTYPE_VERIFY   = 3,
} apr_crypto_digest_type_e;

typedef struct apr_crypto_key_rec_t {
    apr_crypto_key_type ktype;
    apr_crypto_block_key_type_e type;
    apr_crypto_block_key_mode_e mode;
    int pad;
    union {
        apr_crypto_passphrase_t passphrase;
        apr_crypto_secret_t secret;
        apr_crypto_key_hash_t hash;
        apr_crypto_key_hmac_t hmac;
        apr_crypto_key_cmac_t cmac;
    } k;
} apr_crypto_key_rec_t;

typedef struct apr_crypto_digest_rec_t {
    apr_crypto_digest_type_e dtype;
    union {
        apr_crypto_digest_hash_t hash;
        apr_crypto_digest_sign_t sign;
        apr_crypto_digest_verify_t verify;
    } d;
} apr_crypto_digest_rec_t;

APR_DECLARE(apr_status_t) apr_crypto_init(apr_pool_t *pool);

/* TODO: doxygen */
APR_DECLARE(apr_status_t) apr_crypto_lib_version(const char *name,
                                                 const char **version);
APR_DECLARE(apr_status_t) apr_crypto_lib_init(const char *name,
                                              const char *params,
                                              const apu_err_t **result,
                                              apr_pool_t *pool);
APR_DECLARE(apr_status_t) apr_crypto_lib_term(const char *name);
APR_DECLARE(int) apr_crypto_lib_is_active(const char *name);

APR_DECLARE(apr_status_t) apr_crypto_clear(apr_pool_t *pool, void *buffer,
        apr_size_t size);

APR_DECLARE(apr_status_t) apr_crypto_memzero(void *buffer, apr_size_t size);

APR_DECLARE(int) apr_crypto_equals(const void *buf1, const void *buf2,
                                   apr_size_t size);

APR_DECLARE(apr_status_t) apr_crypto_get_driver(
        const apr_crypto_driver_t **driver,
        const char *name, const char *params, const apu_err_t **result,
        apr_pool_t *pool);

APR_DECLARE(const char *) apr_crypto_driver_name(
        const apr_crypto_driver_t *driver);

APR_DECLARE(apr_status_t) apr_crypto_error(const apu_err_t **result,
        const apr_crypto_t *f);

APR_DECLARE(apr_status_t) apr_crypto_make(apr_crypto_t **f,
        const apr_crypto_driver_t *driver, const char *params,
        apr_pool_t *pool);

APR_DECLARE(apr_status_t) apr_crypto_get_block_key_digests(apr_hash_t **digests,
        const apr_crypto_t *f);

APR_DECLARE(apr_status_t) apr_crypto_get_block_key_types(apr_hash_t **types,
        const apr_crypto_t *f);

APR_DECLARE(apr_status_t) apr_crypto_get_block_key_modes(apr_hash_t **modes,
        const apr_crypto_t *f);

APR_DECLARE(apr_crypto_key_rec_t *) apr_crypto_key_rec_make(
        apr_crypto_key_type ktype, apr_pool_t *p);

APR_DECLARE(apr_crypto_digest_rec_t *) apr_crypto_digest_rec_make(
        apr_crypto_digest_type_e dtype, apr_pool_t *p);

APR_DECLARE(apr_status_t) apr_crypto_key(apr_crypto_key_t **key,
        const apr_crypto_key_rec_t *rec, const apr_crypto_t *f, apr_pool_t *p);

APR_DECLARE(apr_status_t) apr_crypto_passphrase(apr_crypto_key_t **key,
        apr_size_t *ivSize, const char *pass, apr_size_t passLen,
        const unsigned char * salt, apr_size_t saltLen,
        const apr_crypto_block_key_type_e type,
        const apr_crypto_block_key_mode_e mode, const int doPad,
        const int iterations, const apr_crypto_t *f, apr_pool_t *p);

APR_DECLARE(apr_status_t) apr_crypto_block_encrypt_init(
        apr_crypto_block_t **ctx, const unsigned char **iv,
        const apr_crypto_key_t *key, apr_size_t *blockSize, apr_pool_t *p);

APR_DECLARE(apr_status_t) apr_crypto_block_encrypt(unsigned char **out,
        apr_size_t *outlen, const unsigned char *in, apr_size_t inlen,
        apr_crypto_block_t *ctx);

APR_DECLARE(apr_status_t) apr_crypto_block_encrypt_finish(unsigned char *out,
        apr_size_t *outlen, apr_crypto_block_t *ctx);

APR_DECLARE(apr_status_t) apr_crypto_block_decrypt_init(
        apr_crypto_block_t **ctx, apr_size_t *blockSize,
        const unsigned char *iv, const apr_crypto_key_t *key, apr_pool_t *p);

APR_DECLARE(apr_status_t) apr_crypto_block_decrypt(unsigned char **out,
        apr_size_t *outlen, const unsigned char *in, apr_size_t inlen,
        apr_crypto_block_t *ctx);

APR_DECLARE(apr_status_t) apr_crypto_block_decrypt_finish(unsigned char *out,
        apr_size_t *outlen, apr_crypto_block_t *ctx);

APR_DECLARE(apr_status_t) apr_crypto_block_cleanup(apr_crypto_block_t *ctx);

APR_DECLARE(apr_status_t) apr_crypto_digest_init(apr_crypto_digest_t **d,
        const apr_crypto_key_t *key, apr_crypto_digest_rec_t *rec, apr_pool_t *p);

APR_DECLARE(apr_status_t) apr_crypto_digest_update(apr_crypto_digest_t *digest,
        const unsigned char *in, apr_size_t inlen);

APR_DECLARE(apr_status_t) apr_crypto_digest_final(apr_crypto_digest_t *digest);

APR_DECLARE(apr_status_t) apr_crypto_digest(const apr_crypto_key_t *key,
        apr_crypto_digest_rec_t *rec, const unsigned char *in, apr_size_t inlen,
        apr_pool_t *p);

APR_DECLARE(apr_status_t) apr_crypto_digest_cleanup(apr_crypto_digest_t *ctx);

APR_DECLARE(apr_status_t) apr_crypto_cleanup(apr_crypto_t *f);

APR_DECLARE(apr_status_t) apr_crypto_shutdown(
        const apr_crypto_driver_t *driver);

#if APU_HAVE_CRYPTO_PRNG

#define APR_CRYPTO_PRNG_SEED_SIZE 32

#define APR_CRYPTO_PRNG_LOCKED      (0x1)
#define APR_CRYPTO_PRNG_PER_THREAD  (0x2)
#define APR_CRYPTO_PRNG_MASK        (0x3)

typedef struct apr_crypto_prng_t apr_crypto_prng_t;

APR_DECLARE(apr_status_t) apr_crypto_prng_init(apr_pool_t *pool, apr_crypto_t *crypto,
        apr_crypto_cipher_e cipher, apr_size_t bufsize, const unsigned char seed[], int flags);

APR_DECLARE(apr_status_t) apr_crypto_prng_term(void);

APR_DECLARE(apr_status_t) apr_crypto_random_bytes(void *buf, apr_size_t len);

#if APR_HAS_THREADS

APR_DECLARE(apr_status_t) apr_crypto_random_thread_bytes(void *buf,
        apr_size_t len);
#endif

APR_DECLARE(apr_status_t) apr_crypto_prng_create(apr_crypto_prng_t **pcprng,
        apr_crypto_t *crypto, apr_crypto_cipher_e cipher, apr_size_t bufsize,
        int flags, const unsigned char seed[], apr_pool_t *pool);

APR_DECLARE(apr_status_t) apr_crypto_prng_destroy(apr_crypto_prng_t *cprng);

APR_DECLARE(apr_status_t) apr_crypto_prng_rekey(apr_crypto_prng_t *cprng);

APR_DECLARE(apr_status_t) apr_crypto_prng_reseed(apr_crypto_prng_t *cprng,
                                                 const unsigned char seed[]);

#if APR_HAS_FORK
#define APR_CRYPTO_FORK_INPARENT 0
#define APR_CRYPTO_FORK_INCHILD  1

APR_DECLARE(apr_status_t) apr_crypto_prng_after_fork(apr_crypto_prng_t *cprng,
                                                     int flags);
#endif

APR_DECLARE(apr_status_t) apr_crypto_prng_bytes(apr_crypto_prng_t *cprng,
                                                void *buf, apr_size_t len);

#endif /* APU_HAVE_CRYPTO_PRNG */

#endif /* APU_HAVE_CRYPTO */

#ifdef __cplusplus
}
#endif

#endif