1251881Speter/*
2251881Speter * crypto.h :  cryptographic routines
3251881Speter *
4251881Speter * ====================================================================
5251881Speter *    Licensed to the Apache Software Foundation (ASF) under one
6251881Speter *    or more contributor license agreements.  See the NOTICE file
7251881Speter *    distributed with this work for additional information
8251881Speter *    regarding copyright ownership.  The ASF licenses this file
9251881Speter *    to you under the Apache License, Version 2.0 (the
10251881Speter *    "License"); you may not use this file except in compliance
11251881Speter *    with the License.  You may obtain a copy of the License at
12251881Speter *
13251881Speter *      http://www.apache.org/licenses/LICENSE-2.0
14251881Speter *
15251881Speter *    Unless required by applicable law or agreed to in writing,
16251881Speter *    software distributed under the License is distributed on an
17251881Speter *    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18251881Speter *    KIND, either express or implied.  See the License for the
19251881Speter *    specific language governing permissions and limitations
20251881Speter *    under the License.
21251881Speter * ====================================================================
22251881Speter */
23251881Speter
24251881Speter#ifndef SVN_LIBSVN_SUBR_CRYPTO_H
25251881Speter#define SVN_LIBSVN_SUBR_CRYPTO_H
26251881Speter
27251881Speter/* Test for APR crypto and RNG support */
28251881Speter#undef SVN_HAVE_CRYPTO
29251881Speter#include <apr.h>
30251881Speter#include <apu.h>
31251881Speter#if APR_HAS_RANDOM
32251881Speter#if defined(APU_HAVE_CRYPTO) && APU_HAVE_CRYPTO
33251881Speter#define SVN_HAVE_CRYPTO
34251881Speter#endif
35251881Speter#endif
36251881Speter
37251881Speter#include "svn_types.h"
38251881Speter#include "svn_string.h"
39251881Speter
40251881Speter#ifdef __cplusplus
41251881Speterextern "C" {
42251881Speter#endif /* __cplusplus */
43251881Speter
44251881Speter
45251881Speter/* Opaque context for cryptographic operations.  */
46251881Spetertypedef struct svn_crypto__ctx_t svn_crypto__ctx_t;
47251881Speter
48251881Speter
49251881Speter/* Return TRUE iff Subversion's cryptographic support is available. */
50251881Spetersvn_boolean_t svn_crypto__is_available(void);
51251881Speter
52251881Speter
53251881Speter/* Set *CTX to new Subversion cryptographic context, based on an
54251881Speter   APR-managed OpenSSL cryptography context object allocated
55251881Speter   within RESULT_POOL.  */
56251881Speter/* ### TODO: Should this be something done once with the resulting
57251881Speter   ### svn_crypto__ctx_t object stored in svn_client_ctx_t?  */
58251881Spetersvn_error_t *
59251881Spetersvn_crypto__context_create(svn_crypto__ctx_t **ctx,
60251881Speter                           apr_pool_t *result_pool);
61251881Speter
62251881Speter
63251881Speter/* Using a PBKDF2 derivative key based on MASTER, encrypt PLAINTEXT.
64251881Speter   The salt used for PBKDF2 is returned in SALT, and the IV used for
65251881Speter   the (AES-256/CBC) encryption is returned in IV. The resulting
66251881Speter   encrypted data is returned in CIPHERTEXT.
67251881Speter
68251881Speter   Note that MASTER may be the plaintext obtained from the user or
69251881Speter   some other OS-provided cryptographic store, or it can be a derivation
70251881Speter   such as SHA1(plaintext). As long as the same octets are passed to
71251881Speter   the decryption function, everything works just fine. (the SHA1
72251881Speter   approach is suggested, to avoid keeping the plaintext master in
73251881Speter   the process' memory space)  */
74251881Spetersvn_error_t *
75251881Spetersvn_crypto__encrypt_password(const svn_string_t **ciphertext,
76251881Speter                             const svn_string_t **iv,
77251881Speter                             const svn_string_t **salt,
78251881Speter                             svn_crypto__ctx_t *ctx,
79251881Speter                             const char *plaintext,
80251881Speter                             const svn_string_t *master,
81251881Speter                             apr_pool_t *result_pool,
82251881Speter                             apr_pool_t *scratch_pool);
83251881Speter
84251881Speter
85251881Speter/* Given the CIPHERTEXT which was encrypted using (AES-256/CBC) with
86251881Speter   initialization vector given by IV, and a key derived using PBKDF2
87251881Speter   with SALT and MASTER... return the decrypted password in PLAINTEXT.  */
88251881Spetersvn_error_t *
89251881Spetersvn_crypto__decrypt_password(const char **plaintext,
90251881Speter                             svn_crypto__ctx_t *ctx,
91251881Speter                             const svn_string_t *ciphertext,
92251881Speter                             const svn_string_t *iv,
93251881Speter                             const svn_string_t *salt,
94251881Speter                             const svn_string_t *master,
95251881Speter                             apr_pool_t *result_pool,
96251881Speter                             apr_pool_t *scratch_pool);
97251881Speter
98251881Speter/* Generate the stuff Subversion needs to store in order to validate a
99251881Speter   user-provided MASTER password:
100251881Speter
101251881Speter   Set *CIPHERTEXT to a block of encrypted data.
102251881Speter
103251881Speter   Set *IV and *SALT to the initialization vector and salt used for
104251881Speter   encryption.
105251881Speter
106251881Speter   Set *CHECKTEXT to the check text used for validation.
107251881Speter
108251881Speter   CTX is a Subversion cryptographic context.  MASTER is the
109251881Speter   encryption secret.
110251881Speter*/
111251881Spetersvn_error_t *
112251881Spetersvn_crypto__generate_secret_checktext(const svn_string_t **ciphertext,
113251881Speter                                      const svn_string_t **iv,
114251881Speter                                      const svn_string_t **salt,
115251881Speter                                      const char **checktext,
116251881Speter                                      svn_crypto__ctx_t *ctx,
117251881Speter                                      const svn_string_t *master,
118251881Speter                                      apr_pool_t *result_pool,
119251881Speter                                      apr_pool_t *scratch_pool);
120251881Speter
121251881Speter/* Set *IS_VALID to TRUE iff the encryption secret MASTER successfully
122251881Speter   validates using Subversion cryptographic context CTX against
123251881Speter   CIPHERTEXT, IV, SALT, and CHECKTEXT (which where probably generated
124251881Speter   via previous call to svn_crypto__generate_secret_checktext()).
125251881Speter
126251881Speter   Use SCRATCH_POOL for necessary allocations. */
127251881Spetersvn_error_t *
128251881Spetersvn_crypto__verify_secret(svn_boolean_t *is_valid,
129251881Speter                          svn_crypto__ctx_t *ctx,
130251881Speter                          const svn_string_t *master,
131251881Speter                          const svn_string_t *ciphertext,
132251881Speter                          const svn_string_t *iv,
133251881Speter                          const svn_string_t *salt,
134251881Speter                          const char *checktext,
135251881Speter                          apr_pool_t *scratch_pool);
136251881Speter
137251881Speter#ifdef __cplusplus
138251881Speter}
139251881Speter#endif /* __cplusplus */
140251881Speter
141251881Speter#endif  /* SVN_LIBSVN_SUBR_CRYPTO_H */
142