/* libgcry.h - rsyslog's guardtime support library * * Copyright 2013 Adiscon GmbH. * * This file is part of rsyslog. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * -or- * see COPYING.ASL20 in the source distribution * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #ifndef INCLUDED_LIBGCRY_H #define INCLUDED_LIBGCRY_H #include #include struct gcryctx_s { uchar *key; size_t keyLen; int algo; int mode; }; typedef struct gcryctx_s *gcryctx; typedef struct gcryfile_s *gcryfile; /* this describes a file, as far as libgcry is concerned */ struct gcryfile_s { gcry_cipher_hd_t chd; /* cypher handle */ size_t blkLength; /* size of low-level crypto block */ uchar *eiName; /* name of .encinfo file */ int fd; /* descriptor of .encinfo file (-1 if not open) */ char openMode; /* 'r': read, 'w': write */ gcryctx ctx; uchar *readBuf; int16_t readBufIdx; int16_t readBufMaxIdx; int8_t bDeleteOnClose; /* for queue support, similar to stream subsys */ ssize_t bytesToBlkEnd; /* number of bytes remaining in current crypto block -1 means -> no end (still being writen to, queue files), 0 means -> end of block, new one must be started. */ }; int gcryGetKeyFromFile(char *fn, char **key, unsigned *keylen); int rsgcryInit(void); void rsgcryExit(void); int rsgcrySetKey(gcryctx ctx, unsigned char *key, uint16_t keyLen); rsRetVal rsgcrySetMode(gcryctx ctx, uchar *algoname); rsRetVal rsgcrySetAlgo(gcryctx ctx, uchar *modename); gcryctx gcryCtxNew(void); void rsgcryCtxDel(gcryctx ctx); int gcryfileDestruct(gcryfile gf, off64_t offsLogfile); rsRetVal rsgcryInitCrypt(gcryctx ctx, gcryfile *pgf, uchar *fname, char openMode); rsRetVal rsgcryEncrypt(gcryfile pF, uchar *buf, size_t *len); rsRetVal rsgcryDecrypt(gcryfile pF, uchar *buf, size_t *len); int gcryGetKeyFromProg(char *cmd, char **key, unsigned *keylen); rsRetVal gcryfileDeleteState(uchar *fn); rsRetVal gcryfileGetBytesLeftInBlock(gcryfile gf, ssize_t *left); /* error states */ #define RSGCRYE_EI_OPEN 1 /* error opening .encinfo file */ #define RSGCRYE_OOM 4 /* ran out of memory */ #define EIF_MAX_RECTYPE_LEN 31 /* max length of record types */ #define EIF_MAX_VALUE_LEN 1023 /* max length of value types */ #define RSGCRY_FILETYPE_NAME "rsyslog-enrcyption-info" #define ENCINFO_SUFFIX ".encinfo" /* Note: gf may validly be NULL, e.g. if file has not yet been opened! */ static inline void gcryfileSetDeleteOnClose(gcryfile gf, int val) { if(gf != NULL) gf->bDeleteOnClose = val; } static inline int rsgcryAlgoname2Algo(char *algoname) { if(!strcmp((char*)algoname, "3DES")) return GCRY_CIPHER_3DES; if(!strcmp((char*)algoname, "CAST5")) return GCRY_CIPHER_CAST5; if(!strcmp((char*)algoname, "BLOWFISH")) return GCRY_CIPHER_BLOWFISH; if(!strcmp((char*)algoname, "AES128")) return GCRY_CIPHER_AES128; if(!strcmp((char*)algoname, "AES192")) return GCRY_CIPHER_AES192; if(!strcmp((char*)algoname, "AES256")) return GCRY_CIPHER_AES256; if(!strcmp((char*)algoname, "TWOFISH")) return GCRY_CIPHER_TWOFISH; if(!strcmp((char*)algoname, "TWOFISH128")) return GCRY_CIPHER_TWOFISH128; if(!strcmp((char*)algoname, "ARCFOUR")) return GCRY_CIPHER_ARCFOUR; if(!strcmp((char*)algoname, "DES")) return GCRY_CIPHER_DES; if(!strcmp((char*)algoname, "SERPENT128")) return GCRY_CIPHER_SERPENT128; if(!strcmp((char*)algoname, "SERPENT192")) return GCRY_CIPHER_SERPENT192; if(!strcmp((char*)algoname, "SERPENT256")) return GCRY_CIPHER_SERPENT256; if(!strcmp((char*)algoname, "RFC2268_40")) return GCRY_CIPHER_RFC2268_40; if(!strcmp((char*)algoname, "SEED")) return GCRY_CIPHER_SEED; if(!strcmp((char*)algoname, "CAMELLIA128")) return GCRY_CIPHER_CAMELLIA128; if(!strcmp((char*)algoname, "CAMELLIA192")) return GCRY_CIPHER_CAMELLIA192; if(!strcmp((char*)algoname, "CAMELLIA256")) return GCRY_CIPHER_CAMELLIA256; return GCRY_CIPHER_NONE; } static inline int rsgcryModename2Mode(char *modename) { if(!strcmp((char*)modename, "ECB")) return GCRY_CIPHER_MODE_ECB; if(!strcmp((char*)modename, "CFB")) return GCRY_CIPHER_MODE_CFB; if(!strcmp((char*)modename, "CBC")) return GCRY_CIPHER_MODE_CBC; if(!strcmp((char*)modename, "STREAM")) return GCRY_CIPHER_MODE_STREAM; if(!strcmp((char*)modename, "OFB")) return GCRY_CIPHER_MODE_OFB; if(!strcmp((char*)modename, "CTR")) return GCRY_CIPHER_MODE_CTR; # ifdef GCRY_CIPHER_MODE_AESWRAP if(!strcmp((char*)modename, "AESWRAP")) return GCRY_CIPHER_MODE_AESWRAP; # endif return GCRY_CIPHER_MODE_NONE; } #endif /* #ifndef INCLUDED_LIBGCRY_H */