summaryrefslogtreecommitdiff
path: root/runtime/libgcry.h
blob: ae5a673585317722224ca8344e3365b26301e260 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
/* libgcry.h - rsyslog's guardtime support library
 *
 * Copyright 2013 Adiscon GmbH.
 *
 * This file is part of rsyslog.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *       http://www.apache.org/licenses/LICENSE-2.0
 *       -or-
 *       see COPYING.ASL20 in the source distribution
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
#ifndef INCLUDED_LIBGCRY_H
#define INCLUDED_LIBGCRY_H
#include <stdint.h>
#include <gcrypt.h>

struct gcryctx_s {
	uchar *key;
	size_t keyLen;
	int algo;
	int mode;
};
typedef struct gcryctx_s *gcryctx;
typedef struct gcryfile_s *gcryfile;

/* this describes a file, as far as libgcry is concerned */
struct gcryfile_s {
	gcry_cipher_hd_t chd; /* cypher handle */
	size_t blkLength; /* size of low-level crypto block */
	uchar *eiName; /* name of .encinfo file */
	int fd; /* descriptor of .encinfo file (-1 if not open) */
	char openMode; /* 'r': read, 'w': write */
	gcryctx ctx;
	uchar *readBuf;
	int16_t readBufIdx;
	int16_t readBufMaxIdx;
	int8_t bDeleteOnClose; /* for queue support, similar to stream subsys */
	ssize_t bytesToBlkEnd; /* number of bytes remaining in current crypto block
				-1 means -> no end (still being writen to, queue files),
				0 means -> end of block, new one must be started. */
};

int gcryGetKeyFromFile(char *fn, char **key, unsigned *keylen);
int rsgcryInit(void);
void rsgcryExit(void);
int rsgcrySetKey(gcryctx ctx, unsigned char *key, uint16_t keyLen);
rsRetVal rsgcrySetMode(gcryctx ctx, uchar *algoname);
rsRetVal rsgcrySetAlgo(gcryctx ctx, uchar *modename);
gcryctx gcryCtxNew(void);
void rsgcryCtxDel(gcryctx ctx);
int gcryfileDestruct(gcryfile gf, off64_t offsLogfile);
rsRetVal rsgcryInitCrypt(gcryctx ctx, gcryfile *pgf, uchar *fname, char openMode);
rsRetVal rsgcryEncrypt(gcryfile pF, uchar *buf, size_t *len);
rsRetVal rsgcryDecrypt(gcryfile pF, uchar *buf, size_t *len);
int gcryGetKeyFromProg(char *cmd, char **key, unsigned *keylen);
rsRetVal gcryfileDeleteState(uchar *fn);
rsRetVal gcryfileGetBytesLeftInBlock(gcryfile gf, ssize_t *left);

/* error states */
#define RSGCRYE_EI_OPEN 1 	/* error opening .encinfo file */
#define RSGCRYE_OOM 4	/* ran out of memory */

#define EIF_MAX_RECTYPE_LEN 31 /* max length of record types */
#define EIF_MAX_VALUE_LEN 1023 /* max length of value types */
#define RSGCRY_FILETYPE_NAME "rsyslog-enrcyption-info"
#define ENCINFO_SUFFIX ".encinfo"

/* Note: gf may validly be NULL, e.g. if file has not yet been opened! */
static inline void
gcryfileSetDeleteOnClose(gcryfile gf, int val)
{
	if(gf != NULL)
		gf->bDeleteOnClose = val;
}

static inline int
rsgcryAlgoname2Algo(char *algoname) {
	if(!strcmp((char*)algoname, "3DES")) return GCRY_CIPHER_3DES;
	if(!strcmp((char*)algoname, "CAST5")) return GCRY_CIPHER_CAST5;
	if(!strcmp((char*)algoname, "BLOWFISH")) return GCRY_CIPHER_BLOWFISH;
	if(!strcmp((char*)algoname, "AES128")) return GCRY_CIPHER_AES128;
	if(!strcmp((char*)algoname, "AES192")) return GCRY_CIPHER_AES192;
	if(!strcmp((char*)algoname, "AES256")) return GCRY_CIPHER_AES256;
	if(!strcmp((char*)algoname, "TWOFISH")) return GCRY_CIPHER_TWOFISH;
	if(!strcmp((char*)algoname, "TWOFISH128")) return GCRY_CIPHER_TWOFISH128;
	if(!strcmp((char*)algoname, "ARCFOUR")) return GCRY_CIPHER_ARCFOUR;
	if(!strcmp((char*)algoname, "DES")) return GCRY_CIPHER_DES;
	if(!strcmp((char*)algoname, "SERPENT128")) return GCRY_CIPHER_SERPENT128;
	if(!strcmp((char*)algoname, "SERPENT192")) return GCRY_CIPHER_SERPENT192;
	if(!strcmp((char*)algoname, "SERPENT256")) return GCRY_CIPHER_SERPENT256;
	if(!strcmp((char*)algoname, "RFC2268_40")) return GCRY_CIPHER_RFC2268_40;
	if(!strcmp((char*)algoname, "SEED")) return GCRY_CIPHER_SEED;
	if(!strcmp((char*)algoname, "CAMELLIA128")) return GCRY_CIPHER_CAMELLIA128;
	if(!strcmp((char*)algoname, "CAMELLIA192")) return GCRY_CIPHER_CAMELLIA192;
	if(!strcmp((char*)algoname, "CAMELLIA256")) return GCRY_CIPHER_CAMELLIA256;
	return GCRY_CIPHER_NONE;
}

static inline int
rsgcryModename2Mode(char *modename) {
	if(!strcmp((char*)modename, "ECB")) return GCRY_CIPHER_MODE_ECB;
	if(!strcmp((char*)modename, "CFB")) return GCRY_CIPHER_MODE_CFB;
	if(!strcmp((char*)modename, "CBC")) return GCRY_CIPHER_MODE_CBC;
	if(!strcmp((char*)modename, "STREAM")) return GCRY_CIPHER_MODE_STREAM;
	if(!strcmp((char*)modename, "OFB")) return GCRY_CIPHER_MODE_OFB;
	if(!strcmp((char*)modename, "CTR")) return GCRY_CIPHER_MODE_CTR;
#	ifdef GCRY_CIPHER_MODE_AESWRAP
	if(!strcmp((char*)modename, "AESWRAP")) return GCRY_CIPHER_MODE_AESWRAP;
#	endif
	return GCRY_CIPHER_MODE_NONE;
}
#endif  /* #ifndef INCLUDED_LIBGCRY_H */