316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#ifndef DCRYPT_PRIVATE_H
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define DCRYPT_PRIVATE_H
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define DCRYPT_DOVECOT_KEY_ENCRYPT_HASH "sha256"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define DCRYPT_DOVECOT_KEY_ENCRYPT_ROUNDS 2048
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define DCRYPT_DOVECOT_KEY_ENCRYPT_NONE 0
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define DCRYPT_DOVECOT_KEY_ENCRYPT_PK 1
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define DCRYPT_DOVECOT_KEY_ENCRYPT_PASSWORD 2
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomistruct dcrypt_vfs {
a62dad9ec88bb112079dd95be456d258c6c86369Timo Sirainen bool (*initialize)(const struct dcrypt_settings *set, const char **error_r);
a62dad9ec88bb112079dd95be456d258c6c86369Timo Sirainen
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*ctx_sym_create)(const char *algorithm,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi enum dcrypt_sym_mode mode,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct dcrypt_context_symmetric **ctx_r, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi void (*ctx_sym_destroy)(struct dcrypt_context_symmetric **ctx);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi void (*ctx_sym_set_key)(struct dcrypt_context_symmetric *ctx, const unsigned char *key, size_t key_len);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi void (*ctx_sym_set_iv)(struct dcrypt_context_symmetric *ctx, const unsigned char *iv, size_t iv_len);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi void (*ctx_sym_set_key_iv_random)(struct dcrypt_context_symmetric *ctx);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi void (*ctx_sym_set_padding)(struct dcrypt_context_symmetric *ctx, bool padding);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*ctx_sym_get_key)(struct dcrypt_context_symmetric *ctx, buffer_t *key);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*ctx_sym_get_iv)(struct dcrypt_context_symmetric *ctx, buffer_t *iv);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi void (*ctx_sym_set_aad)(struct dcrypt_context_symmetric *ctx, const unsigned char *aad, size_t aad_len);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*ctx_sym_get_aad)(struct dcrypt_context_symmetric *ctx, buffer_t *aad);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi void (*ctx_sym_set_tag)(struct dcrypt_context_symmetric *ctx, const unsigned char *tag, size_t tag_len);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*ctx_sym_get_tag)(struct dcrypt_context_symmetric *ctx, buffer_t *tag);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi unsigned int (*ctx_sym_get_key_length)(struct dcrypt_context_symmetric *ctx);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi unsigned int (*ctx_sym_get_iv_length)(struct dcrypt_context_symmetric *ctx);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi unsigned int (*ctx_sym_get_block_size)(struct dcrypt_context_symmetric *ctx);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*ctx_sym_init)(struct dcrypt_context_symmetric *ctx, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*ctx_sym_update)(struct dcrypt_context_symmetric *ctx, const unsigned char *data, size_t data_len,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi buffer_t *result, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*ctx_sym_final)(struct dcrypt_context_symmetric *ctx, buffer_t *result, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*ctx_hmac_create)(const char *algorithm, struct dcrypt_context_hmac **ctx_r, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi void (*ctx_hmac_destroy)(struct dcrypt_context_hmac **ctx);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi void (*ctx_hmac_set_key)(struct dcrypt_context_hmac *ctx, const unsigned char *key, size_t key_len);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*ctx_hmac_get_key)(struct dcrypt_context_hmac *ctx, buffer_t *key);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi unsigned int (*ctx_hmac_get_digest_length)(struct dcrypt_context_hmac *ctx);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi void (*ctx_hmac_set_key_random)(struct dcrypt_context_hmac *ctx);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*ctx_hmac_init)(struct dcrypt_context_hmac *ctx, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*ctx_hmac_update)(struct dcrypt_context_hmac *ctx, const unsigned char *data, size_t data_len, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*ctx_hmac_final)(struct dcrypt_context_hmac *ctx, buffer_t *result, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*ecdh_derive_secret_local)(struct dcrypt_private_key *local_key,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi buffer_t *R, buffer_t *S, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*ecdh_derive_secret_peer)(struct dcrypt_public_key *peer_key,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi buffer_t *R, buffer_t *S, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*pbkdf2)(const unsigned char *password, size_t password_len,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi const unsigned char *salt, size_t salt_len, const char *hash,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi unsigned int rounds, buffer_t *result, unsigned int result_len,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*generate_keypair)(struct dcrypt_keypair *pair_r, enum dcrypt_key_type kind,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi unsigned int bits, const char *curve, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
401160c5ca4c3c8f122f437d00f5e4498243d7bfMartti Rannanjärvi bool (*load_private_key)(struct dcrypt_private_key **key_r, const char *data,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi const char *password, struct dcrypt_private_key *dec_key, const char **error_r);
fadd4c92940c10a01556e1ebcb2f17890b35d7bcMartti Rannanjärvi bool (*load_public_key)(struct dcrypt_public_key **key_r,
fadd4c92940c10a01556e1ebcb2f17890b35d7bcMartti Rannanjärvi const char *data, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*store_private_key)(struct dcrypt_private_key *key, enum dcrypt_key_format format, const char *cipher, buffer_t *destination,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi const char *password, struct dcrypt_public_key *enc_key, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*store_public_key)(struct dcrypt_public_key *key, enum dcrypt_key_format format, buffer_t *destination, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
955c276b9de538cfbfe4cff19f2a610f57e8d5c7Timo Sirainen void (*private_to_public_key)(struct dcrypt_private_key *priv_key, struct dcrypt_public_key **pub_key_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*key_string_get_info)(const char *key_data, enum dcrypt_key_format *format_r, enum dcrypt_key_version *version_r,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi enum dcrypt_key_kind *kind_r, enum dcrypt_key_encryption_type *encryption_type_r, const char **encryption_key_hash_r,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi const char **key_hash_r, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
a53b81d08bf21d802705f6ff2df70cdf0e39e61dAki Tuomi void (*unref_keypair)(struct dcrypt_keypair *keypair);
a53b81d08bf21d802705f6ff2df70cdf0e39e61dAki Tuomi void (*unref_public_key)(struct dcrypt_public_key **key);
a53b81d08bf21d802705f6ff2df70cdf0e39e61dAki Tuomi void (*unref_private_key)(struct dcrypt_private_key **key);
a53b81d08bf21d802705f6ff2df70cdf0e39e61dAki Tuomi void (*ref_public_key)(struct dcrypt_public_key *key);
a53b81d08bf21d802705f6ff2df70cdf0e39e61dAki Tuomi void (*ref_private_key)(struct dcrypt_private_key *key);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*rsa_encrypt)(struct dcrypt_public_key *key, const unsigned char *data, size_t data_len,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi buffer_t *result, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*rsa_decrypt)(struct dcrypt_private_key *key, const unsigned char *data, size_t data_len,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi buffer_t *result, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi const char *(*oid2name)(const unsigned char *oid, size_t oid_len, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*name2oid)(const char *name, buffer_t *oid, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
394391e78f26cba1d7fca19d4b8617453a7041b8Timo Sirainen enum dcrypt_key_type (*private_key_type)(struct dcrypt_private_key *key);
394391e78f26cba1d7fca19d4b8617453a7041b8Timo Sirainen enum dcrypt_key_type (*public_key_type)(struct dcrypt_public_key *key);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*public_key_id)(struct dcrypt_public_key *key, const char *algorithm, buffer_t *result, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool (*public_key_id_old)(struct dcrypt_public_key *key, buffer_t *result, const char **error_r);
7e1a69e513739a7c12e3c5ec53dff1eb01b90524Aki Tuomi bool (*private_key_id)(struct dcrypt_private_key *key, const char *algorithm, buffer_t *result, const char **error_r);
7e1a69e513739a7c12e3c5ec53dff1eb01b90524Aki Tuomi bool (*private_key_id_old)(struct dcrypt_private_key *key, buffer_t *result, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi};
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomivoid dcrypt_set_vfs(struct dcrypt_vfs *vfs);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomivoid dcrypt_openssl_init(struct module *module ATTR_UNUSED);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomivoid dcrypt_gnutls_init(struct module *module ATTR_UNUSED);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomivoid dcrypt_openssl_deinit(void);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomivoid dcrypt_gnutls_deinit(void);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#endif