crypto.h

   1 /* IPSec VPN client compatible with Cisco equipment.
   2
   3    This program is free software; you can redistribute it and/or modify
   4    it under the terms of the GNU General Public License as published by
   5    the Free Software Foundation; either version 2 of the License, or
   6    (at your option) any later version.
   7
   8    This program is distributed in the hope that it will be useful,
   9    but WITHOUT ANY WARRANTY; without even the implied warranty of
  10    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  11    GNU General Public License for more details.
  12
  13    You should have received a copy of the GNU General Public License
  14    along with this program; if not, write to the Free Software
  15    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  16 */
  17
  18 #ifndef __CRYPTO_H__
  19 #define __CRYPTO_H__
  20
  21 #include <stdarg.h>
  22
  23 typedef struct {
  24         int code;
  25         int err;
  26         char *msg;
  27 } crypto_error;
  28
  29 void crypto_error_set(crypto_error **error, int code, int in_errno, const char *fmt, ...);
  30
  31 void crypto_error_free(crypto_error *error);
  32
  33 void crypto_error_clear(crypto_error **error);
  34
  35 void crypto_call_error(crypto_error *err);
  36
  37 unsigned char *crypto_read_file(const char *path, size_t *out_len, crypto_error **error);
  38
  39 #if CRYPTO_GNUTLS
  40 #include "crypto-gnutls.h"
  41 #elif CRYPTO_OPENSSL
  42 #include "crypto-openssl.h"
  43 #else
  44 #error "no crypto library defined"
  45 #endif
  46
  47 #define CRYPTO_PAD_NONE  0
  48 #define CRYPTO_PAD_PKCS1 1
  49
  50 /**
  51  * crypto_push_cert:
  52  *
  53  * Allocates a crypto context with the resources necessary for the specific
  54  * crypto library being used.
  55  *
  56  * Returns: a valid crypto context, or #NULL on error
  57  **/
  58 crypto_ctx *crypto_ctx_new(crypto_error **error);
  59
  60 /**
  61  * crypto_ctx_free:
  62  * @ctx: a valid crypto context created with crypto_ctx_new()
  63  *
  64  * Frees resources allocated by crypo_ctx_new().
  65  **/
  66 void crypto_ctx_free(crypto_ctx *ctx);
  67
  68 /**
  69  * crypto_read_cert:
  70  * @path: path to certificate file in either PEM or DER format
  71  * @out_len: length of raw certificate data
  72  * @error: return location for an error
  73  *
  74  * Loads a certificate and returns the binary ASN certificate data;
  75  *
  76  * Returns: certificate data on success, NULL on error
  77  **/
  78 unsigned char *crypto_read_cert(const char *path,
  79                                 size_t *out_len,
  80                                 crypto_error **error);
  81
  82 /**
  83  * crypto_push_cert:
  84  * @ctx: a valid crypto context created with crypto_ctx_new()
  85  * @data: buffer containing raw certificate data
  86  * @len: length of raw certificate data
  87  * @error: return location for an error
  88  *
  89  * Pushes the given certificate onto the context's certificate stack.
  90  *
  91  * Returns: 0 on success, 1 on error
  92  **/
  93 int crypto_push_cert(crypto_ctx *ctx,
  94                      const unsigned char *data,
  95                      size_t len,
  96                      crypto_error **error);
  97
  98 /**
  99  * crypto_verify_chain:
 100  * @ctx: a valid crypto context created with crypto_ctx_new()
 101  * @ca_file: path of a CA certificate file to use for verification of the
 102  *           certificate stack.  File may be a PEM-encoded file containing
 103  *           multiple CA certificates.  @ca_file is preferred over @ca_dir
 104  * @ca_dir: directory containing CA certificates to use for verification of the
 105  *          certificate stack
 106  * @error: return location for an error
 107  *
 108  * Verifies the certificate stack previously built with crypto_push_cert() using
 109  * the supplied CA certificates or certificate locations.
 110  *
 111  * Returns: 0 on success, 1 on error
 112  **/
 113 int crypto_verify_chain(crypto_ctx *ctx,
 114                         const char *ca_file,
 115                         const char *ca_dir,
 116                         crypto_error **error);
 117
 118 /**
 119  * crypto_decrypt_signature:
 120  * @ctx: a valid crypto context created with crypto_ctx_new()
 121  * @sig_data: encrypted signature data
 122  * @sig_len: length of encrypted signature data
 123  * @out_len: size of decrypted signature data
 124  * @error: return location for an error
 125  *
 126  * Recovers the message digest stored in @sig_data using the public key of the
 127  * last certificate on the certificate stack
 128  *
 129  * Returns: decrypted message digest, or #NULL on error
 130  **/
 131 unsigned char *crypto_decrypt_signature(crypto_ctx *ctx,
 132                                         const unsigned char *sig_data,
 133                                         size_t sig_len,
 134                                         size_t *out_hash_len,
 135                                         unsigned int padding,
 136                                         crypto_error **error);
 137
 138 #endif  /* __CRYPTO_H__ */
 139