fis-gtm/sr_unix/gtmcrypt_pk_ref.h

116 lines
4.1 KiB
C
Raw Normal View History

/****************************************************************
* *
* Copyright 2009, 2010 Fidelity Information Services, Inc *
* *
* This source code contains the intellectual property *
* of its copyright holder(s), and is made available *
* under a license. If you do not know the terms of *
* the license, please stop and do not read further. *
* *
****************************************************************/
#ifndef GTMCRYPT_PK_REF_H
#define GTMCRYPT_PK_REF_H
int gc_pk_mask_unmask_passwd(char *in, char *out, int len);
int gc_pk_mask_unmask_passwd_interlude(int nparm, gtm_string_t *in, gtm_string_t *out, int len);
void gc_pk_scrub_passwd();
void gc_pk_crypt_load_gtmci_env();
xc_status_t gc_pk_crypt_prompt_passwd_if_needed(int prompt_passwd);
int gc_pk_crypt_passphrase_callback(void *opaque,
const char *uid_hint,
const char *passphrase_info,
int last_was_bad,
int fd);
int gc_pk_crypt_retrieve_plain_text(gpgme_data_t plain_data, char *plain_text);
gpgme_error_t gc_pk_get_decrypted_key(const char *cipher_file, char *plain_text, int *plain_text_length);
int gc_pk_mask_unmask_passwd(char *in, char *out, int len);
void gc_pk_scrub_passwd(void);
void gc_pk_crypt_load_gtmci_env(void);
int gc_pk_scrub_plaintext_keys_from_c_stack(void);
int gc_pk_gpghome_has_permissions(void);
/* Public key cryptography related macros */
#define GC_PK_INIT \
{ \
gpgme_error_t err; \
\
gpgme_check_version(NULL); /* This initializes the gpgme engine. */ \
err = gpgme_new(&pk_crypt_ctx); \
if (!err) \
{ \
err = gpgme_set_protocol(pk_crypt_ctx, GPGME_PROTOCOL_OpenPGP); \
if (!err) \
{ \
gpgme_set_passphrase_cb(pk_crypt_ctx, \
(gpgme_passphrase_cb_t) gc_pk_crypt_passphrase_callback, \
NULL); \
memset(err_string, 0, ERR_STRLEN); \
} \
} \
if (err) \
{ \
pk_crypt_ctx = NULL; \
snprintf(err_string, \
ERR_STRLEN, \
"Error initializing GpgME: %s/%s", \
gpgme_strsource(err), \
gpgme_strerror(err)); \
return GC_FAILURE; \
} \
}
#define GC_PK_PROMPT_PASSWD(prompt_passwd) \
{ \
if (0 != gc_pk_crypt_prompt_passwd_if_needed(prompt_passwd)) \
return GC_FAILURE; \
}
#define GC_PK_GET_DECRYPTED_KEY(key_string, status) \
{ \
int plain_text_length; \
char decrypted_key[GTM_KEY_MAX]; \
\
memset(decrypted_key, 0, GTM_KEY_MAX); \
status = gc_pk_get_decrypted_key(cur->key_filename.address, decrypted_key, &plain_text_length); \
\
if (0 == status) \
{ \
memcpy(key_string.address, decrypted_key, plain_text_length); \
key_string.length = plain_text_length; \
memset(decrypted_key, 0, GTM_KEY_MAX); \
} \
}
#define GC_PK_APPEND_UNIQ_STRING(in_buff, key_string) \
{ \
memcpy(in_buff, (key_string).address, (key_string).length); \
memcpy(in_buff + (key_string).length, UNIQ_ENC_PARAM_STRING, UNIQ_ENC_PARAM_LEN); \
}
#ifdef USE_OPENSSL
#define GC_PK_COMPUTE_HASH(hash, key_string) \
{ \
char in_buff[HASH_INPUT_BUFF_LEN]; \
\
GC_PK_APPEND_UNIQ_STRING(in_buff, key_string); \
EVP_Digest(in_buff, HASH_INPUT_BUFF_LEN, (unsigned char *)((hash).address), NULL, \
EVP_sha512(), NULL); \
(hash).length = GTMCRYPT_HASH_LEN; \
memset(in_buff, 0, HASH_INPUT_BUFF_LEN); \
}
#else
#define GC_PK_COMPUTE_HASH(hash, key_string) \
{ \
char in_buff[HASH_INPUT_BUFF_LEN]; \
\
GC_PK_APPEND_UNIQ_STRING(in_buff, key_string); \
GC_SYM_INIT; \
gcry_md_hash_buffer(GCRY_MD_SHA512, (hash).address, in_buff, HASH_INPUT_BUFF_LEN); \
(hash).length = GTMCRYPT_HASH_LEN; \
memset(in_buff, 0, HASH_INPUT_BUFF_LEN); \
}
#endif
#endif /* GTMCRYPT_PK_REF_H */