diff options
author | Graham Leggett <minfrin@apache.org> | 2019-06-10 21:05:45 +0000 |
---|---|---|
committer | Graham Leggett <minfrin@apache.org> | 2019-06-10 21:05:45 +0000 |
commit | ce175a3b1dedc6fc104b4e1cef4db8cedc6fbfa6 (patch) | |
tree | cd2f1659675ea30456a507fda6589f9d37e4aaa8 /include | |
parent | 01efe754afc08798211e5dccbc07966a3d9a04fd (diff) | |
download | apr-ce175a3b1dedc6fc104b4e1cef4db8cedc6fbfa6.tar.gz |
apr_crypto_prng: Move openssl specific code into apr_crypto_openssl.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1860984 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'include')
-rw-r--r-- | include/apr_crypto.h | 31 | ||||
-rw-r--r-- | include/private/apr_crypto_internal.h | 37 |
2 files changed, 60 insertions, 8 deletions
diff --git a/include/apr_crypto.h b/include/apr_crypto.h index 7261d0372..af6acd24d 100644 --- a/include/apr_crypto.h +++ b/include/apr_crypto.h @@ -159,6 +159,16 @@ typedef struct apr_crypto_block_key_digest_t { } apr_crypto_block_key_digest_t; /** + * Types of ciphers supported by the apr_ + */ +typedef enum +{ + APR_CRYPTO_CIPHER_AUTO, /** Choose the recommended cipher / autodetect the cipher */ + APR_CRYPTO_CIPHER_AES_256_CTR, /** AES 256 - CTR mode */ + APR_CRYPTO_CIPHER_CHACHA20_CTR, /** ChaCha20 - CTR mode */ +} apr_crypto_cipher_e; + +/** * Structure representing a backend crypto driver. * * This structure is created with apr_crypto_get_driver(). @@ -1007,6 +1017,9 @@ typedef struct apr_crypto_prng_t apr_crypto_prng_t; * @brief Perform global initialisation. Call once only. * * @param pool Used to allocate memory and register cleanups + * @param crypto The crypto context to use. If NULL, one will be created from + * the recommended crypto implementation. + * @param cipher The cipher to use. * @param bufsize The size of the buffer used to cache upcoming random bytes. * @param seed A custom seed of \ref APR_CRYPTO_PRNG_SEED_SIZE bytes, * or NULL for the seed to be gathered from system entropy. @@ -1015,10 +1028,9 @@ typedef struct apr_crypto_prng_t apr_crypto_prng_t; * @return APR_EREINIT if called more than once, * any system error (APR_ENOMEM, ...). */ -APR_DECLARE(apr_status_t) apr_crypto_prng_init(apr_pool_t *pool, - apr_size_t bufsize, - const unsigned char seed[], - int flags); +APR_DECLARE(apr_status_t) apr_crypto_prng_init(apr_pool_t *pool, apr_crypto_t *crypto, + apr_crypto_cipher_e cipher, apr_size_t bufsize, const unsigned char seed[], int flags); + /** * @brief Terminate global initialisation if needed, before automatic cleanups. * @@ -1048,13 +1060,16 @@ APR_DECLARE(apr_status_t) apr_crypto_random_bytes(void *buf, apr_size_t len); * any system error (APR_ENOMEM, ...). */ APR_DECLARE(apr_status_t) apr_crypto_random_thread_bytes(void *buf, - apr_size_t len); + apr_size_t len); #endif /** * @brief Create a standalone CPRNG. * * @param pcprng The CPRNG created. + * @param crypto The crypto context to use. If NULL, one will be created from + * the recommended crypto implementation. + * @param cipher The cipher to use. * @param bufsize The size of the buffer used to cache upcoming random bytes. * @param flags \ref APR_CRYPTO_PRNG_LOCKED to control concurrent accesses, * or zero. @@ -1067,12 +1082,12 @@ APR_DECLARE(apr_status_t) apr_crypto_random_thread_bytes(void *buf, * \ref apr_crypto_prng_destroy() or some memory would leak. * @return APR_EINVAL if \ref bufsize is too large or flags are unknown, * APR_ENOTIMPL if \ref APR_CRYPTO_PRNG_LOCKED with !APR_HAS_THREADS, + * APR_ENOCIPHER if neither Chacha20 nor AES-256-CTR are available, * any system error (APR_ENOMEM, ...). */ APR_DECLARE(apr_status_t) apr_crypto_prng_create(apr_crypto_prng_t **pcprng, - apr_size_t bufsize, int flags, - const unsigned char seed[], - apr_pool_t *pool); + apr_crypto_t *crypto, apr_crypto_cipher_e cipher, apr_size_t bufsize, + int flags, const unsigned char seed[], apr_pool_t *pool); /** * @brief Destroy a standalone CPRNG. diff --git a/include/private/apr_crypto_internal.h b/include/private/apr_crypto_internal.h index b73477a3e..f300caae5 100644 --- a/include/private/apr_crypto_internal.h +++ b/include/private/apr_crypto_internal.h @@ -27,6 +27,16 @@ extern "C" { #if APU_HAVE_CRYPTO +/** + * Structure representing the streaming context for the CPRNG. + */ +typedef struct cprng_stream_ctx_t cprng_stream_ctx_t; + +/** + * Key size for the CPRNG. + */ +#define CPRNG_KEY_SIZE 32 + struct apr_crypto_driver_t { /** name */ @@ -363,6 +373,33 @@ struct apr_crypto_driver_t { apr_status_t (*key)(apr_crypto_key_t **key, const apr_crypto_key_rec_t *rec, const apr_crypto_t *f, apr_pool_t *p); + /** + * @brief Create the context for encrypting the CPRNG stream. + * @param pctx The pointer where the context will be returned. + * @param f The crypto context to use. + * @param cipher The cipher to use. + * @param pool The pool to use. + */ + apr_status_t (*cprng_stream_ctx_make)(cprng_stream_ctx_t **pctx, apr_crypto_t *f, + apr_crypto_cipher_e cipher, apr_pool_t *pool); + + /** + * @brief Free the context for encrypting the CPRNG stream. + * @param ctx The context to free. + */ + void (*cprng_stream_ctx_free)(cprng_stream_ctx_t *ctx); + + /** + * @brief Return further encrypted bytes, rekeying as necessary. + * @param pctx The context. + * @param key The key to use while rekeying. + * @param to Encrypted bytes are written here. + * @param n Length of encrypted bytes. + * @param z The IV to use. + */ + apr_status_t (*cprng_stream_ctx_bytes)(cprng_stream_ctx_t **pctx, unsigned char *key, + unsigned char *to, apr_size_t n, const unsigned char *z); + }; #if APU_HAVE_OPENSSL |