2
* crypto.h : cryptographic routines
4
* ====================================================================
5
* Licensed to the Apache Software Foundation (ASF) under one
6
* or more contributor license agreements. See the NOTICE file
7
* distributed with this work for additional information
8
* regarding copyright ownership. The ASF licenses this file
9
* to you under the Apache License, Version 2.0 (the
10
* "License"); you may not use this file except in compliance
11
* with the License. You may obtain a copy of the License at
13
* http://www.apache.org/licenses/LICENSE-2.0
15
* Unless required by applicable law or agreed to in writing,
16
* software distributed under the License is distributed on an
17
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18
* KIND, either express or implied. See the License for the
19
* specific language governing permissions and limitations
21
* ====================================================================
24
#ifndef SVN_LIBSVN_SUBR_CRYPTO_H
25
#define SVN_LIBSVN_SUBR_CRYPTO_H
27
/* Test for APR crypto and RNG support */
28
#undef SVN_HAVE_CRYPTO
32
#if defined(APU_HAVE_CRYPTO) && APU_HAVE_CRYPTO
33
#define SVN_HAVE_CRYPTO
37
#include "svn_types.h"
38
#include "svn_string.h"
42
#endif /* __cplusplus */
45
/* Opaque context for cryptographic operations. */
46
typedef struct svn_crypto__ctx_t svn_crypto__ctx_t;
49
/* Return TRUE iff Subversion's cryptographic support is available. */
50
svn_boolean_t svn_crypto__is_available(void);
53
/* Set *CTX to new Subversion cryptographic context, based on an
54
APR-managed OpenSSL cryptography context object allocated
55
within RESULT_POOL. */
56
/* ### TODO: Should this be something done once with the resulting
57
### svn_crypto__ctx_t object stored in svn_client_ctx_t? */
59
svn_crypto__context_create(svn_crypto__ctx_t **ctx,
60
apr_pool_t *result_pool);
63
/* Using a PBKDF2 derivative key based on MASTER, encrypt PLAINTEXT.
64
The salt used for PBKDF2 is returned in SALT, and the IV used for
65
the (AES-256/CBC) encryption is returned in IV. The resulting
66
encrypted data is returned in CIPHERTEXT.
68
Note that MASTER may be the plaintext obtained from the user or
69
some other OS-provided cryptographic store, or it can be a derivation
70
such as SHA1(plaintext). As long as the same octets are passed to
71
the decryption function, everything works just fine. (the SHA1
72
approach is suggested, to avoid keeping the plaintext master in
73
the process' memory space) */
75
svn_crypto__encrypt_password(const svn_string_t **ciphertext,
76
const svn_string_t **iv,
77
const svn_string_t **salt,
78
svn_crypto__ctx_t *ctx,
79
const char *plaintext,
80
const svn_string_t *master,
81
apr_pool_t *result_pool,
82
apr_pool_t *scratch_pool);
85
/* Given the CIPHERTEXT which was encrypted using (AES-256/CBC) with
86
initialization vector given by IV, and a key derived using PBKDF2
87
with SALT and MASTER... return the decrypted password in PLAINTEXT. */
89
svn_crypto__decrypt_password(const char **plaintext,
90
svn_crypto__ctx_t *ctx,
91
const svn_string_t *ciphertext,
92
const svn_string_t *iv,
93
const svn_string_t *salt,
94
const svn_string_t *master,
95
apr_pool_t *result_pool,
96
apr_pool_t *scratch_pool);
98
/* Generate the stuff Subversion needs to store in order to validate a
99
user-provided MASTER password:
101
Set *CIPHERTEXT to a block of encrypted data.
103
Set *IV and *SALT to the initialization vector and salt used for
106
Set *CHECKTEXT to the check text used for validation.
108
CTX is a Subversion cryptographic context. MASTER is the
112
svn_crypto__generate_secret_checktext(const svn_string_t **ciphertext,
113
const svn_string_t **iv,
114
const svn_string_t **salt,
115
const char **checktext,
116
svn_crypto__ctx_t *ctx,
117
const svn_string_t *master,
118
apr_pool_t *result_pool,
119
apr_pool_t *scratch_pool);
121
/* Set *IS_VALID to TRUE iff the encryption secret MASTER successfully
122
validates using Subversion cryptographic context CTX against
123
CIPHERTEXT, IV, SALT, and CHECKTEXT (which where probably generated
124
via previous call to svn_crypto__generate_secret_checktext()).
126
Use SCRATCH_POOL for necessary allocations. */
128
svn_crypto__verify_secret(svn_boolean_t *is_valid,
129
svn_crypto__ctx_t *ctx,
130
const svn_string_t *master,
131
const svn_string_t *ciphertext,
132
const svn_string_t *iv,
133
const svn_string_t *salt,
134
const char *checktext,
135
apr_pool_t *scratch_pool);
139
#endif /* __cplusplus */
141
#endif /* SVN_LIBSVN_SUBR_CRYPTO_H */