1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
/* libgcry.h - rsyslog's guardtime support library
*
* Copyright 2013 Adiscon GmbH.
*
* This file is part of rsyslog.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
* -or-
* see COPYING.ASL20 in the source distribution
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef INCLUDED_LIBGCRY_H
#define INCLUDED_LIBGCRY_H
#include <stdint.h>
#include <gcrypt.h>
struct gcryctx_s {
uchar *key;
size_t keyLen;
int algo;
int mode;
};
typedef struct gcryctx_s *gcryctx;
typedef struct gcryfile_s *gcryfile;
/* this describes a file, as far as libgcry is concerned */
struct gcryfile_s {
gcry_cipher_hd_t chd; /* cypher handle */
size_t blkLength; /* size of low-level crypto block */
uchar *eiName; /* name of .encinfo file */
int fd; /* descriptor of .encinfo file (-1 if not open) */
char openMode; /* 'r': read, 'w': write */
gcryctx ctx;
uchar *readBuf;
int16_t readBufIdx;
int16_t readBufMaxIdx;
int8_t bDeleteOnClose; /* for queue support, similar to stream subsys */
ssize_t bytesToBlkEnd; /* number of bytes remaining in current crypto block
-1 means -> no end (still being writen to, queue files),
0 means -> end of block, new one must be started. */
};
int gcryGetKeyFromFile(char *fn, char **key, unsigned *keylen);
int rsgcryInit(void);
void rsgcryExit(void);
int rsgcrySetKey(gcryctx ctx, unsigned char *key, uint16_t keyLen);
rsRetVal rsgcrySetMode(gcryctx ctx, uchar *algoname);
rsRetVal rsgcrySetAlgo(gcryctx ctx, uchar *modename);
gcryctx gcryCtxNew(void);
void rsgcryCtxDel(gcryctx ctx);
int gcryfileDestruct(gcryfile gf, off64_t offsLogfile);
rsRetVal rsgcryInitCrypt(gcryctx ctx, gcryfile *pgf, uchar *fname, char openMode);
rsRetVal rsgcryEncrypt(gcryfile pF, uchar *buf, size_t *len);
rsRetVal rsgcryDecrypt(gcryfile pF, uchar *buf, size_t *len);
int gcryGetKeyFromProg(char *cmd, char **key, unsigned *keylen);
rsRetVal gcryfileDeleteState(uchar *fn);
rsRetVal gcryfileGetBytesLeftInBlock(gcryfile gf, ssize_t *left);
/* error states */
#define RSGCRYE_EI_OPEN 1 /* error opening .encinfo file */
#define RSGCRYE_OOM 4 /* ran out of memory */
#define EIF_MAX_RECTYPE_LEN 31 /* max length of record types */
#define EIF_MAX_VALUE_LEN 1023 /* max length of value types */
#define RSGCRY_FILETYPE_NAME "rsyslog-enrcyption-info"
#define ENCINFO_SUFFIX ".encinfo"
/* Note: gf may validly be NULL, e.g. if file has not yet been opened! */
static inline void
gcryfileSetDeleteOnClose(gcryfile gf, int val)
{
if(gf != NULL)
gf->bDeleteOnClose = val;
}
static inline int
rsgcryAlgoname2Algo(char *algoname) {
if(!strcmp((char*)algoname, "3DES")) return GCRY_CIPHER_3DES;
if(!strcmp((char*)algoname, "CAST5")) return GCRY_CIPHER_CAST5;
if(!strcmp((char*)algoname, "BLOWFISH")) return GCRY_CIPHER_BLOWFISH;
if(!strcmp((char*)algoname, "AES128")) return GCRY_CIPHER_AES128;
if(!strcmp((char*)algoname, "AES192")) return GCRY_CIPHER_AES192;
if(!strcmp((char*)algoname, "AES256")) return GCRY_CIPHER_AES256;
if(!strcmp((char*)algoname, "TWOFISH")) return GCRY_CIPHER_TWOFISH;
if(!strcmp((char*)algoname, "TWOFISH128")) return GCRY_CIPHER_TWOFISH128;
if(!strcmp((char*)algoname, "ARCFOUR")) return GCRY_CIPHER_ARCFOUR;
if(!strcmp((char*)algoname, "DES")) return GCRY_CIPHER_DES;
if(!strcmp((char*)algoname, "SERPENT128")) return GCRY_CIPHER_SERPENT128;
if(!strcmp((char*)algoname, "SERPENT192")) return GCRY_CIPHER_SERPENT192;
if(!strcmp((char*)algoname, "SERPENT256")) return GCRY_CIPHER_SERPENT256;
if(!strcmp((char*)algoname, "RFC2268_40")) return GCRY_CIPHER_RFC2268_40;
if(!strcmp((char*)algoname, "SEED")) return GCRY_CIPHER_SEED;
if(!strcmp((char*)algoname, "CAMELLIA128")) return GCRY_CIPHER_CAMELLIA128;
if(!strcmp((char*)algoname, "CAMELLIA192")) return GCRY_CIPHER_CAMELLIA192;
if(!strcmp((char*)algoname, "CAMELLIA256")) return GCRY_CIPHER_CAMELLIA256;
return GCRY_CIPHER_NONE;
}
static inline int
rsgcryModename2Mode(char *modename) {
if(!strcmp((char*)modename, "ECB")) return GCRY_CIPHER_MODE_ECB;
if(!strcmp((char*)modename, "CFB")) return GCRY_CIPHER_MODE_CFB;
if(!strcmp((char*)modename, "CBC")) return GCRY_CIPHER_MODE_CBC;
if(!strcmp((char*)modename, "STREAM")) return GCRY_CIPHER_MODE_STREAM;
if(!strcmp((char*)modename, "OFB")) return GCRY_CIPHER_MODE_OFB;
if(!strcmp((char*)modename, "CTR")) return GCRY_CIPHER_MODE_CTR;
# ifdef GCRY_CIPHER_MODE_AESWRAP
if(!strcmp((char*)modename, "AESWRAP")) return GCRY_CIPHER_MODE_AESWRAP;
# endif
return GCRY_CIPHER_MODE_NONE;
}
#endif /* #ifndef INCLUDED_LIBGCRY_H */
|
