DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
fwknop/lib/fko.h
Michael Rash 08c9cc0938 HMAC function rename for consistency 
Make sure that HMAC function names conform to previously established get_*,
set_* naming convention.
2013-03-29 20:42:44 -04:00

352 lines
12 KiB
C
Raw Blame History

/*
*****************************************************************************
*
* File: fko.h
*
* Author: Damien S. Stuart
*
* Purpose: Header for libfko.
*
* Copyright 2009-2010 Damien Stuart (dstuart@dstuart.org)
*
* License (GNU Public License):
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA
*
*****************************************************************************
*/
#ifndef FKO_H
#define FKO_H 1
#include <time.h>
#ifdef __cplusplus
extern "C" {
#endif
#ifdef WIN32
#ifdef DLL_EXPORTS
#define DLL_API __declspec(dllexport)
#else
#ifdef DLL_IMPORTS
#define DLL_API __declspec(dllimport)
#else
#define DLL_API
#endif
#endif
#else
#define DLL_API
#endif
/* General params
*/
#define FKO_PROTOCOL_VERSION "2.5.0" /* The fwknop protocol version */
/* Supported FKO Message types...
*/
typedef enum {
FKO_COMMAND_MSG = 0,
FKO_ACCESS_MSG,
FKO_NAT_ACCESS_MSG,
FKO_CLIENT_TIMEOUT_ACCESS_MSG,
FKO_CLIENT_TIMEOUT_NAT_ACCESS_MSG,
FKO_LOCAL_NAT_ACCESS_MSG,
FKO_CLIENT_TIMEOUT_LOCAL_NAT_ACCESS_MSG,
FKO_LAST_MSG_TYPE /* Always leave this as the last one */
} fko_message_type_t;
/* Supported digest types...
*/
typedef enum {
FKO_DIGEST_INVALID_DATA = -1,
FKO_DIGEST_UNKNOWN = 0,
FKO_DIGEST_MD5,
FKO_DIGEST_SHA1,
FKO_DIGEST_SHA256,
FKO_DIGEST_SHA384,
FKO_DIGEST_SHA512,
FKO_LAST_DIGEST_TYPE /* Always leave this as the last one */
} fko_digest_type_t;
/* Supported hmac digest types...
*/
typedef enum {
FKO_HMAC_INVALID_DATA = -1,
FKO_HMAC_UNKNOWN = 0,
FKO_HMAC_MD5,
FKO_HMAC_SHA1,
FKO_HMAC_SHA256,
FKO_HMAC_SHA384,
FKO_HMAC_SHA512,
FKO_LAST_HMAC_MODE /* Always leave this as the last one */
} fko_hmac_type_t;
/* Supported encryption types...
*/
typedef enum {
FKO_ENCRYPTION_INVALID_DATA = -1,
FKO_ENCRYPTION_UNKNOWN = 0,
FKO_ENCRYPTION_RIJNDAEL,
FKO_ENCRYPTION_GPG,
FKO_LAST_ENCRYPTION_TYPE /* Always leave this as the last one */
} fko_encryption_type_t;
/* Symmetric encryption modes to correspond to rijndael.h
*/
typedef enum {
FKO_ENC_MODE_UNKNOWN = 0,
FKO_ENC_MODE_ECB,
FKO_ENC_MODE_CBC,
FKO_ENC_MODE_CFB,
FKO_ENC_MODE_PCBC,
FKO_ENC_MODE_OFB,
FKO_ENC_MODE_CTR,
FKO_ENC_MODE_ASYMMETRIC, /* placeholder when GPG is used */
FKO_ENC_MODE_CBC_LEGACY_IV, /* for the old zero-padding strategy */
FKO_LAST_ENC_MODE /* Always leave this as the last one */
} fko_encryption_mode_t;
/* FKO ERROR_CODES
*
* Note: If you change this list in any way, please be sure to make the
* appropriate corresponding change to the error message list in
* fko_error.c.
*/
typedef enum {
FKO_SUCCESS = 0,
FKO_ERROR_CTX_NOT_INITIALIZED,
FKO_ERROR_MEMORY_ALLOCATION,
FKO_ERROR_FILESYSTEM_OPERATION,
FKO_ERROR_INVALID_DATA,
FKO_ERROR_DATA_TOO_LARGE,
FKO_ERROR_INVALID_KEY_LEN,
FKO_ERROR_USERNAME_UNKNOWN,
FKO_ERROR_INCOMPLETE_SPA_DATA,
FKO_ERROR_MISSING_ENCODED_DATA,
FKO_ERROR_INVALID_DIGEST_TYPE,
FKO_ERROR_INVALID_ALLOW_IP,
FKO_ERROR_INVALID_SPA_COMMAND_MSG,
FKO_ERROR_INVALID_SPA_ACCESS_MSG,
FKO_ERROR_INVALID_SPA_NAT_ACCESS_MSG,
FKO_ERROR_INVALID_ENCRYPTION_TYPE,
FKO_ERROR_WRONG_ENCRYPTION_TYPE,
FKO_ERROR_DECRYPTION_SIZE,
FKO_ERROR_DECRYPTION_FAILURE,
FKO_ERROR_DIGEST_VERIFICATION_FAILED,
FKO_ERROR_INVALID_HMAC_KEY_LEN,
FKO_ERROR_UNSUPPORTED_HMAC_MODE,
FKO_ERROR_UNSUPPORTED_FEATURE,
FKO_ERROR_UNKNOWN,
/* Start GPGME-related errors */
GPGME_ERR_START,
FKO_ERROR_MISSING_GPG_KEY_DATA,
FKO_ERROR_GPGME_NO_OPENPGP,
FKO_ERROR_GPGME_CONTEXT,
FKO_ERROR_GPGME_PLAINTEXT_DATA_OBJ,
FKO_ERROR_GPGME_SET_PROTOCOL,
FKO_ERROR_GPGME_CIPHER_DATA_OBJ,
FKO_ERROR_GPGME_BAD_PASSPHRASE,
FKO_ERROR_GPGME_ENCRYPT_SIGN,
FKO_ERROR_GPGME_CONTEXT_SIGNER_KEY,
FKO_ERROR_GPGME_SIGNER_KEYLIST_START,
FKO_ERROR_GPGME_SIGNER_KEY_NOT_FOUND,
FKO_ERROR_GPGME_SIGNER_KEY_AMBIGUOUS,
FKO_ERROR_GPGME_ADD_SIGNER,
FKO_ERROR_GPGME_CONTEXT_RECIPIENT_KEY,
FKO_ERROR_GPGME_RECIPIENT_KEYLIST_START,
FKO_ERROR_GPGME_RECIPIENT_KEY_NOT_FOUND,
FKO_ERROR_GPGME_RECIPIENT_KEY_AMBIGUOUS,
FKO_ERROR_GPGME_DECRYPT_FAILED,
FKO_ERROR_GPGME_DECRYPT_UNSUPPORTED_ALGORITHM,
FKO_ERROR_GPGME_BAD_GPG_EXE,
FKO_ERROR_GPGME_BAD_HOME_DIR,
FKO_ERROR_GPGME_SET_HOME_DIR,
FKO_ERROR_GPGME_NO_SIGNATURE,
FKO_ERROR_GPGME_BAD_SIGNATURE,
FKO_ERROR_GPGME_SIGNATURE_VERIFY_DISABLED,
FKO_LAST_ERROR
} fko_error_codes_t;
/* Macro that returns true if the given error code is a gpg-related error.
*/
#define IS_GPG_ERROR(x) (x > GPGME_ERR_START && x < FKO_LAST_ERROR)
/* General Defaults
*/
#define FKO_DEFAULT_MSG_TYPE FKO_ACCESS_MSG
#define FKO_DEFAULT_DIGEST FKO_DIGEST_SHA256
#define FKO_DEFAULT_ENCRYPTION FKO_ENCRYPTION_RIJNDAEL
#define FKO_DEFAULT_ENC_MODE FKO_ENC_MODE_CBC
#define FKO_DEFAULT_KEY_LEN 0
#define FKO_DEFAULT_HMAC_KEY_LEN 0
#define FKO_DEFAULT_HMAC_MODE FKO_HMAC_SHA256
/* Define the consistent prefixes or salt on some encryption schemes.
*/
#define B64_RIJNDAEL_SALT "U2FsdGVkX1"
#define B64_RIJNDAEL_SALT_STR_LEN 10
#define B64_GPG_PREFIX "hQ"
#define B64_GPG_PREFIX_STR_LEN 2
/* Specify whether libfko is allowed to call exit()
*/
#define EXIT_UPON_ERR 1
#define NO_EXIT_UPON_ERR 0
/* The context holds the global state and config options, as
* well as some intermediate results during processing. This
* is an opaque pointer.
*/
struct fko_context;
typedef struct fko_context *fko_ctx_t;
/* Some gpg-specifc data types and constants.
*/
#if HAVE_LIBGPGME
enum {
FKO_GPG_NO_SIG_VERIFY_SIGS = 0x01,
FKO_GPG_ALLOW_BAD_SIG = 0x02,
FKO_GPG_NO_SIG_INFO = 0x04,
FKO_GPG_ALLOW_EXPIRED_SIG = 0x08,
FKO_GPG_ALLOW_REVOKED_SIG = 0x10
};
#define FKO_GPG_GOOD_SIGSUM 3
#endif /* HAVE_LIBGPGME */
/* Function prototypes */
/* General api calls
*/
DLL_API int fko_new(fko_ctx_t *ctx);
DLL_API int fko_new_with_data(fko_ctx_t *ctx, const char * const enc_msg,
const char * const dec_key, const int dec_key_len, int encryption_mode,
const char * const hmac_key, const int hmac_key_len, const int hmac_type);
DLL_API void fko_destroy(fko_ctx_t ctx);
DLL_API int fko_spa_data_final(fko_ctx_t ctx, const char * const enc_key,
const int enc_key_len, const char * const hmac_key, const int hmac_key_len);
/* Set context data functions
*/
DLL_API int fko_set_rand_value(fko_ctx_t ctx, const char * const val);
DLL_API int fko_set_username(fko_ctx_t ctx, const char * const spoof_user);
DLL_API int fko_set_timestamp(fko_ctx_t ctx, const int offset);
DLL_API int fko_set_spa_message_type(fko_ctx_t ctx, const short msg_type);
DLL_API int fko_set_spa_message(fko_ctx_t ctx, const char * const msg_string);
DLL_API int fko_set_spa_nat_access(fko_ctx_t ctx, const char * const nat_access);
DLL_API int fko_set_spa_server_auth(fko_ctx_t ctx, const char * const server_auth);
DLL_API int fko_set_spa_client_timeout(fko_ctx_t ctx, const int timeout);
DLL_API int fko_set_spa_digest_type(fko_ctx_t ctx, const short digest_type);
DLL_API int fko_set_spa_digest(fko_ctx_t ctx);
DLL_API int fko_set_raw_spa_digest_type(fko_ctx_t ctx, const short raw_digest_type);
DLL_API int fko_set_raw_spa_digest(fko_ctx_t ctx);
DLL_API int fko_set_spa_encryption_type(fko_ctx_t ctx, const short encrypt_type);
DLL_API int fko_set_spa_encryption_mode(fko_ctx_t ctx, const int encrypt_mode);
DLL_API int fko_set_spa_data(fko_ctx_t ctx, const char * const enc_msg);
DLL_API int fko_set_spa_hmac_type(fko_ctx_t ctx, const short hmac_type);
/* Data processing and misc utility functions
*/
DLL_API const char* fko_errstr(const int err_code);
DLL_API int fko_encryption_type(const char * const enc_data);
DLL_API int fko_key_gen(char * const key_base64, const int key_len,
char * const hmac_key_base64, const int hmac_ken_len,
const int hmac_type);
DLL_API int fko_base64_encode(unsigned char * const in, char * const out, int in_len);
DLL_API int fko_base64_decode(const char * const in, unsigned char *out);
DLL_API int fko_encode_spa_data(fko_ctx_t ctx);
DLL_API int fko_decode_spa_data(fko_ctx_t ctx);
DLL_API int fko_encrypt_spa_data(fko_ctx_t ctx, const char * const enc_key,
const int enc_key_len);
DLL_API int fko_decrypt_spa_data(fko_ctx_t ctx, const char * const dec_key,
const int dec_key_len);
DLL_API int fko_verify_hmac(fko_ctx_t ctx, const char * const hmac_key,
const int hmac_key_len);
DLL_API int fko_set_spa_hmac(fko_ctx_t ctx, const char * const hmac_key,
const int hmac_key_len);
DLL_API int fko_get_spa_hmac(fko_ctx_t ctx, char **enc_data);
DLL_API int fko_get_encoded_data(fko_ctx_t ctx, char **enc_data);
/* Get context data functions
*/
DLL_API int fko_get_rand_value(fko_ctx_t ctx, char **rand_val);
DLL_API int fko_get_username(fko_ctx_t ctx, char **username);
DLL_API int fko_get_timestamp(fko_ctx_t ctx, time_t *ts);
DLL_API int fko_get_spa_message_type(fko_ctx_t ctx, short *spa_msg);
DLL_API int fko_get_spa_message(fko_ctx_t ctx, char **spa_message);
DLL_API int fko_get_spa_nat_access(fko_ctx_t ctx, char **nat_access);
DLL_API int fko_get_spa_server_auth(fko_ctx_t ctx, char **server_auth);
DLL_API int fko_get_spa_client_timeout(fko_ctx_t ctx, int *client_timeout);
DLL_API int fko_get_spa_digest_type(fko_ctx_t ctx, short *spa_digest_type);
DLL_API int fko_get_raw_spa_digest_type(fko_ctx_t ctx, short *raw_spa_digest_type);
DLL_API int fko_get_spa_hmac_type(fko_ctx_t ctx, short *spa_hmac_type);
DLL_API int fko_get_spa_digest(fko_ctx_t ctx, char **spa_digest);
DLL_API int fko_get_raw_spa_digest(fko_ctx_t ctx, char **raw_spa_digest);
DLL_API int fko_get_spa_encryption_type(fko_ctx_t ctx, short *spa_enc_type);
DLL_API int fko_get_spa_encryption_mode(fko_ctx_t ctx, int *spa_enc_mode);
DLL_API int fko_get_spa_data(fko_ctx_t ctx, char **spa_data);
DLL_API int fko_get_version(fko_ctx_t ctx, char **version);
/* GPG-related functions */
DLL_API int fko_set_gpg_exe(fko_ctx_t ctx, const char * const gpg_exe);
DLL_API int fko_get_gpg_exe(fko_ctx_t ctx, char **gpg_exe);
DLL_API int fko_set_gpg_recipient(fko_ctx_t ctx, const char * const recip);
DLL_API int fko_get_gpg_recipient(fko_ctx_t ctx, char **recip);
DLL_API int fko_set_gpg_signer(fko_ctx_t ctx, const char * const signer);
DLL_API int fko_get_gpg_signer(fko_ctx_t ctx, char **signer);
DLL_API int fko_set_gpg_home_dir(fko_ctx_t ctx, const char * const gpg_home_dir);
DLL_API int fko_get_gpg_home_dir(fko_ctx_t ctx, char **gpg_home_dir);
DLL_API const char* fko_gpg_errstr(fko_ctx_t ctx);
DLL_API int fko_set_gpg_signature_verify(fko_ctx_t ctx,
const unsigned char val);
DLL_API int fko_get_gpg_signature_verify(fko_ctx_t ctx,
unsigned char * const val);
DLL_API int fko_set_gpg_ignore_verify_error(fko_ctx_t ctx,
const unsigned char val);
DLL_API int fko_get_gpg_ignore_verify_error(fko_ctx_t ctx,
unsigned char * const val);
DLL_API int fko_get_gpg_signature_id(fko_ctx_t ctx, char **sig_id);
DLL_API int fko_get_gpg_signature_fpr(fko_ctx_t ctx, char **sig_fpr);
DLL_API int fko_get_gpg_signature_summary(fko_ctx_t ctx, int *sigsum);
DLL_API int fko_get_gpg_signature_status(fko_ctx_t ctx, int *sigstat);
DLL_API int fko_gpg_signature_id_match(fko_ctx_t ctx, const char * const id,
unsigned char * const result);
DLL_API int fko_gpg_signature_fpr_match(fko_ctx_t ctx, const char * const fpr,
unsigned char * const result);
#ifdef __cplusplus
}
#endif
#endif /* FKO_H */
/***EOF***/
View Git Blame Copy Permalink