00001 /* Licensed to the Apache Software Foundation (ASF) under one or more 00002 * contributor license agreements. See the NOTICE file distributed with 00003 * this work for additional information regarding copyright ownership. 00004 * The ASF licenses this file to You under the Apache License, Version 2.0 00005 * (the "License"); you may not use this file except in compliance with 00006 * the License. You may obtain a copy of the License at 00007 * 00008 * http://www.apache.org/licenses/LICENSE-2.0 00009 * 00010 * Unless required by applicable law or agreed to in writing, software 00011 * distributed under the License is distributed on an "AS IS" BASIS, 00012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00013 * See the License for the specific language governing permissions and 00014 * limitations under the License. 00015 */ 00016 00017 #ifndef APR_CRYPTO_INTERNAL_H 00018 #define APR_CRYPTO_INTERNAL_H 00019 00020 #include <stdarg.h> 00021 00022 #include "apr_crypto.h" 00023 00024 #ifdef __cplusplus 00025 extern "C" { 00026 #endif 00027 00028 #if APU_HAVE_CRYPTO 00029 00030 struct apr_crypto_driver_t { 00031 00032 /** name */ 00033 const char *name; 00034 00035 /** 00036 * @brief: allow driver to perform once-only initialisation. 00037 * Called once only. 00038 * @param pool The pool to register the cleanup in. 00039 * @param params An array of optional init parameters. 00040 */ 00041 apr_status_t (*init)(apr_pool_t *pool, const apr_array_header_t *params, int *rc); 00042 00043 /** 00044 * @brief Create a context for supporting encryption. Keys, certificates, 00045 * algorithms and other parameters will be set per context. More than 00046 * one context can be created at one time. A cleanup will be automatically 00047 * registered with the given pool to guarantee a graceful shutdown. 00048 * @param driver - driver to use 00049 * @param pool - process pool 00050 * @param params - array of key parameters 00051 * @param f - context pointer will be written here 00052 * @return APR_ENOENGINE when the engine specified does not exist. APR_EINITENGINE 00053 * if the engine cannot be initialised. 00054 */ 00055 apr_status_t (*factory)(apr_pool_t *pool, const apr_array_header_t *params, 00056 apr_crypto_t **f); 00057 00058 /** 00059 * @brief Create a key from the given passphrase. By default, the PBKDF2 00060 * algorithm is used to generate the key from the passphrase. It is expected 00061 * that the same pass phrase will generate the same key, regardless of the 00062 * backend crypto platform used. The key is cleaned up when the context 00063 * is cleaned, and may be reused with multiple encryption or decryption 00064 * operations. 00065 * @note If *key is NULL, a apr_crypto_key_t will be created from a pool. If 00066 * *key is not NULL, *key must point at a previously created structure. 00067 * @param driver - driver to use 00068 * @param p The pool to use. 00069 * @param f The context to use. 00070 * @param pass The passphrase to use. 00071 * @param passLen The passphrase length in bytes 00072 * @param salt The salt to use. 00073 * @param saltLen The salt length in bytes 00074 * @param type 3DES_192, AES_128, AES_192, AES_256. 00075 * @param mode Electronic Code Book / Cipher Block Chaining. 00076 * @param doPad Pad if necessary. 00077 * @param key The key returned, see note. 00078 * @param ivSize The size of the initialisation vector will be returned, based 00079 * on whether an IV is relevant for this type of crypto. 00080 * @return Returns APR_ENOKEY if the pass phrase is missing or empty, or if a backend 00081 * error occurred while generating the key. APR_ENOCIPHER if the type or mode 00082 * is not supported by the particular backend. APR_EKEYTYPE if the key type is 00083 * not known. APR_EPADDING if padding was requested but is not supported. 00084 * APR_ENOTIMPL if not implemented. 00085 */ 00086 apr_status_t (*passphrase)(apr_pool_t *p, const apr_crypto_t *f, 00087 const char *pass, apr_size_t passLen, const unsigned char * salt, 00088 apr_size_t saltLen, const apr_crypto_block_key_type_e type, 00089 const apr_crypto_block_key_mode_e mode, const int doPad, 00090 const int iterations, apr_crypto_key_t **key, apr_size_t *ivSize); 00091 00092 /** 00093 * @brief Initialise a context for encrypting arbitrary data using the given key. 00094 * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If 00095 * *ctx is not NULL, *ctx must point at a previously created structure. 00096 * @param p The pool to use. 00097 * @param f The block factory to use. 00098 * @param key The key structure. 00099 * @param iv Optional initialisation vector. If the buffer pointed to is NULL, 00100 * an IV will be created at random, in space allocated from the pool. 00101 * If the buffer pointed to is not NULL, the IV in the buffer will be 00102 * used. 00103 * @param ctx The block context returned, see note. 00104 * @param ivSize The size of the initialisation vector will be returned, based 00105 * on whether an IV is relevant for this type of crypto. 00106 * @param blockSize The block size of the cipher. 00107 * @return Returns APR_ENOIV if an initialisation vector is required but not specified. 00108 * Returns APR_EINIT if the backend failed to initialise the context. Returns 00109 * APR_ENOTIMPL if not implemented. 00110 */ 00111 apr_status_t (*block_encrypt_init)(apr_pool_t *p, const apr_crypto_t *f, 00112 const apr_crypto_key_t *key, const unsigned char **iv, 00113 apr_crypto_block_t **ctx, apr_size_t *blockSize); 00114 00115 /** 00116 * @brief Encrypt data provided by in, write it to out. 00117 * @note The number of bytes written will be written to outlen. If 00118 * out is NULL, outlen will contain the maximum size of the 00119 * buffer needed to hold the data, including any data 00120 * generated by apr_crypto_block_encrypt_finish below. If *out points 00121 * to NULL, a buffer sufficiently large will be created from 00122 * the pool provided. If *out points to a not-NULL value, this 00123 * value will be used as a buffer instead. 00124 * @param ctx The block context to use. 00125 * @param out Address of a buffer to which data will be written, 00126 * see note. 00127 * @param outlen Length of the output will be written here. 00128 * @param in Address of the buffer to read. 00129 * @param inlen Length of the buffer to read. 00130 * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if 00131 * not implemented. 00132 */ 00133 apr_status_t (*block_encrypt)(apr_crypto_block_t *ctx, unsigned char **out, 00134 apr_size_t *outlen, const unsigned char *in, apr_size_t inlen); 00135 00136 /** 00137 * @brief Encrypt final data block, write it to out. 00138 * @note If necessary the final block will be written out after being 00139 * padded. Typically the final block will be written to the 00140 * same buffer used by apr_crypto_block_encrypt, offset by the 00141 * number of bytes returned as actually written by the 00142 * apr_crypto_block_encrypt() call. After this call, the context 00143 * is cleaned and can be reused by apr_crypto_block_encrypt_init(). 00144 * @param ctx The block context to use. 00145 * @param out Address of a buffer to which data will be written. This 00146 * buffer must already exist, and is usually the same 00147 * buffer used by apr_evp_crypt(). See note. 00148 * @param outlen Length of the output will be written here. 00149 * @return APR_ECRYPT if an error occurred. 00150 * @return APR_EPADDING if padding was enabled and the block was incorrectly 00151 * formatted. 00152 * @return APR_ENOTIMPL if not implemented. 00153 */ 00154 apr_status_t (*block_encrypt_finish)(apr_crypto_block_t *ctx, 00155 unsigned char *out, apr_size_t *outlen); 00156 00157 /** 00158 * @brief Initialise a context for decrypting arbitrary data using the given key. 00159 * @note If *ctx is NULL, a apr_crypto_block_t will be created from a pool. If 00160 * *ctx is not NULL, *ctx must point at a previously created structure. 00161 * @param p The pool to use. 00162 * @param f The block factory to use. 00163 * @param key The key structure. 00164 * @param iv Optional initialisation vector. If the buffer pointed to is NULL, 00165 * an IV will be created at random, in space allocated from the pool. 00166 * If the buffer is not NULL, the IV in the buffer will be used. 00167 * @param ctx The block context returned, see note. 00168 * @param blockSize The block size of the cipher. 00169 * @return Returns APR_ENOIV if an initialisation vector is required but not specified. 00170 * Returns APR_EINIT if the backend failed to initialise the context. Returns 00171 * APR_ENOTIMPL if not implemented. 00172 */ 00173 apr_status_t (*block_decrypt_init)(apr_pool_t *p, const apr_crypto_t *f, 00174 const apr_crypto_key_t *key, const unsigned char *iv, 00175 apr_crypto_block_t **ctx, apr_size_t *blockSize); 00176 00177 /** 00178 * @brief Decrypt data provided by in, write it to out. 00179 * @note The number of bytes written will be written to outlen. If 00180 * out is NULL, outlen will contain the maximum size of the 00181 * buffer needed to hold the data, including any data 00182 * generated by apr_crypto_block_decrypt_finish below. If *out points 00183 * to NULL, a buffer sufficiently large will be created from 00184 * the pool provided. If *out points to a not-NULL value, this 00185 * value will be used as a buffer instead. 00186 * @param ctx The block context to use. 00187 * @param out Address of a buffer to which data will be written, 00188 * see note. 00189 * @param outlen Length of the output will be written here. 00190 * @param in Address of the buffer to read. 00191 * @param inlen Length of the buffer to read. 00192 * @return APR_ECRYPT if an error occurred. Returns APR_ENOTIMPL if 00193 * not implemented. 00194 */ 00195 apr_status_t (*block_decrypt)(apr_crypto_block_t *ctx, unsigned char **out, 00196 apr_size_t *outlen, const unsigned char *in, apr_size_t inlen); 00197 00198 /** 00199 * @brief Decrypt final data block, write it to out. 00200 * @note If necessary the final block will be written out after being 00201 * padded. Typically the final block will be written to the 00202 * same buffer used by apr_crypto_block_decrypt, offset by the 00203 * number of bytes returned as actually written by the 00204 * apr_crypto_block_decrypt() call. After this call, the context 00205 * is cleaned and can be reused by apr_crypto_block_decrypt_init(). 00206 * @param ctx The block context to use. 00207 * @param out Address of a buffer to which data will be written. This 00208 * buffer must already exist, and is usually the same 00209 * buffer used by apr_evp_crypt(). See note. 00210 * @param outlen Length of the output will be written here. 00211 * @return APR_ECRYPT if an error occurred. 00212 * @return APR_EPADDING if padding was enabled and the block was incorrectly 00213 * formatted. 00214 * @return APR_ENOTIMPL if not implemented. 00215 */ 00216 apr_status_t (*block_decrypt_finish)(apr_crypto_block_t *ctx, 00217 unsigned char *out, apr_size_t *outlen); 00218 00219 /** 00220 * @brief Clean encryption / decryption context. 00221 * @note After cleanup, a context is free to be reused if necessary. 00222 * @param driver - driver to use 00223 * @param ctx The block context to use. 00224 * @return Returns APR_ENOTIMPL if not supported. 00225 */ 00226 apr_status_t (*block_cleanup)(apr_crypto_block_t *ctx); 00227 00228 /** 00229 * @brief Clean encryption / decryption factory. 00230 * @note After cleanup, a factory is free to be reused if necessary. 00231 * @param driver - driver to use 00232 * @param f The factory to use. 00233 * @return Returns APR_ENOTIMPL if not supported. 00234 */ 00235 apr_status_t (*cleanup)(apr_crypto_t *f); 00236 00237 /** 00238 * @brief Clean encryption / decryption factory. 00239 * @note After cleanup, a factory is free to be reused if necessary. 00240 * @param pool The pool to use. 00241 * @return Returns APR_ENOTIMPL if not supported. 00242 */ 00243 apr_status_t (*shutdown)(apr_pool_t *p); 00244 00245 }; 00246 00247 #endif 00248 00249 #ifdef __cplusplus 00250 } 00251 #endif 00252 00253 #endif
1.5.8