316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * dovecot key format:
5d744144fef5057c210b994c5ca522edb8181714Martti Rannanjärvi * version version-specific data
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * v1: version tab nid tab raw ec private key (in hex)
5d744144fef5057c210b994c5ca522edb8181714Martti Rannanjärvi * v2: version colon algorithm oid colon private-or-public-key-only (in hex)
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi DCRYPT_KEY_VERSION_NA /* not applicable, PEM key */
a62dad9ec88bb112079dd95be456d258c6c86369Timo Sirainen /* OpenSSL engine to use */
3f6149c3fd34f54ab33415bf7141e33fc9822e23Aki Tuomi /* Look for backends in this directory */
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * load and initialize dcrypt backend, use either openssl or gnutls
a62dad9ec88bb112079dd95be456d258c6c86369Timo Sirainenbool dcrypt_initialize(const char *backend, const struct dcrypt_settings *set, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * deinitialize dcrypt
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * create symmetric context
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_ctx_sym_create(const char *algorithm, enum dcrypt_sym_mode mode, struct dcrypt_context_symmetric **ctx_r, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * destroy symmetric context and free memory
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomivoid dcrypt_ctx_sym_destroy(struct dcrypt_context_symmetric **ctx);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * key and IV manipulation functions
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomivoid dcrypt_ctx_sym_set_key(struct dcrypt_context_symmetric *ctx, const unsigned char *key, size_t key_len);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomivoid dcrypt_ctx_sym_set_iv(struct dcrypt_context_symmetric *ctx, const unsigned char *iv, size_t iv_len);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomivoid dcrypt_ctx_sym_set_key_iv_random(struct dcrypt_context_symmetric *ctx);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_ctx_sym_get_key(struct dcrypt_context_symmetric *ctx, buffer_t *key);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_ctx_sym_get_iv(struct dcrypt_context_symmetric *ctx, buffer_t *iv);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * turn padding on/off (default: on)
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomivoid dcrypt_ctx_sym_set_padding(struct dcrypt_context_symmetric *ctx, bool padding);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * authentication data manipulation (use with GCM only)
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomivoid dcrypt_ctx_sym_set_aad(struct dcrypt_context_symmetric *ctx, const unsigned char *aad, size_t aad_len);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_ctx_sym_get_aad(struct dcrypt_context_symmetric *ctx, buffer_t *aad);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * result tag from aead (use with GCM only)
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomivoid dcrypt_ctx_sym_set_tag(struct dcrypt_context_symmetric *ctx, const unsigned char *tag, size_t tag_len);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_ctx_sym_get_tag(struct dcrypt_context_symmetric *ctx, buffer_t *tag);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi/* get various lengths */
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomiunsigned int dcrypt_ctx_sym_get_key_length(struct dcrypt_context_symmetric *ctx);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomiunsigned int dcrypt_ctx_sym_get_iv_length(struct dcrypt_context_symmetric *ctx);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomiunsigned int dcrypt_ctx_sym_get_block_size(struct dcrypt_context_symmetric *ctx);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * initialize crypto
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_ctx_sym_init(struct dcrypt_context_symmetric *ctx, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * update with data
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_ctx_sym_update(struct dcrypt_context_symmetric *ctx, const unsigned char *data, size_t data_len, buffer_t *result, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * perform final step (may or may not emit data)
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_ctx_sym_final(struct dcrypt_context_symmetric *ctx, buffer_t *result, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * create HMAC context, algorithm is digest algorithm
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_ctx_hmac_create(const char *algorithm, struct dcrypt_context_hmac **ctx_r, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * destroy HMAC context and free memory
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomivoid dcrypt_ctx_hmac_destroy(struct dcrypt_context_hmac **ctx);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * hmac key manipulation
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomivoid dcrypt_ctx_hmac_set_key(struct dcrypt_context_hmac *ctx, const unsigned char *key, size_t key_len);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_ctx_hmac_get_key(struct dcrypt_context_hmac *ctx, buffer_t *key);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomivoid dcrypt_ctx_hmac_set_key_random(struct dcrypt_context_hmac *ctx);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * get digest length for HMAC
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomiunsigned int dcrypt_ctx_hmac_get_digest_length(struct dcrypt_context_hmac *ctx);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * initialize hmac
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_ctx_hmac_init(struct dcrypt_context_hmac *ctx, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * update hmac context with data
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_ctx_hmac_update(struct dcrypt_context_hmac *ctx, const unsigned char *data, size_t data_len, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * perform final rounds and retrieve result
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_ctx_hmac_final(struct dcrypt_context_hmac *ctx, buffer_t *result, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * Elliptic Curve based Diffie-Heffman shared secret derivation */
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_ecdh_derive_secret_local(struct dcrypt_private_key *local_key, buffer_t *R, buffer_t *S, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_ecdh_derive_secret_peer(struct dcrypt_public_key *peer_key, buffer_t *R, buffer_t *S, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * generate cryptographic data from password and salt. Use 1000-10000 for rounds.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_pbkdf2(const unsigned char *password, size_t password_len, const unsigned char *salt, size_t salt_len,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi const char *hash, unsigned int rounds, buffer_t *result, unsigned int result_len, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_keypair_generate(struct dcrypt_keypair *pair_r, enum dcrypt_key_type kind, unsigned int bits, const char *curve, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * load loads key structure from external format.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * store stores key structure into external format.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * you can provide either PASSWORD or ENC_KEY, not both.
401160c5ca4c3c8f122f437d00f5e4498243d7bfMartti Rannanjärvibool dcrypt_key_load_private(struct dcrypt_private_key **key_r, const char *data,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi const char *password, struct dcrypt_private_key *dec_key, const char **error_r);
fadd4c92940c10a01556e1ebcb2f17890b35d7bcMartti Rannanjärvibool dcrypt_key_load_public(struct dcrypt_public_key **key_r, const char *data,
c42c9ff351eadcc0bcfb73cb272b112198bbf756Martti Rannanjärvi * When encrypting with public key, the cipher parameter here must begin with
c42c9ff351eadcc0bcfb73cb272b112198bbf756Martti Rannanjärvi * ecdh-, for example ecdh-aes-256-ctr. An example of a valid cipher for
c42c9ff351eadcc0bcfb73cb272b112198bbf756Martti Rannanjärvi * encrypting with password would be aes-256-ctr.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_key_store_private(struct dcrypt_private_key *key, enum dcrypt_key_format format, const char *cipher,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi buffer_t *destination, const char *password, struct dcrypt_public_key *enc_key, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_key_store_public(struct dcrypt_public_key *key, enum dcrypt_key_format format, buffer_t *destination, const char **error_r);
955c276b9de538cfbfe4cff19f2a610f57e8d5c7Timo Sirainenvoid dcrypt_key_convert_private_to_public(struct dcrypt_private_key *priv_key, struct dcrypt_public_key **pub_key_r);
a53b81d08bf21d802705f6ff2df70cdf0e39e61dAki Tuomivoid dcrypt_keypair_unref(struct dcrypt_keypair *keypair);
a53b81d08bf21d802705f6ff2df70cdf0e39e61dAki Tuomivoid dcrypt_key_ref_public(struct dcrypt_public_key *key);
a53b81d08bf21d802705f6ff2df70cdf0e39e61dAki Tuomivoid dcrypt_key_ref_private(struct dcrypt_private_key *key);
a53b81d08bf21d802705f6ff2df70cdf0e39e61dAki Tuomivoid dcrypt_key_unref_public(struct dcrypt_public_key **key);
a53b81d08bf21d802705f6ff2df70cdf0e39e61dAki Tuomivoid dcrypt_key_unref_private(struct dcrypt_private_key **key);
394391e78f26cba1d7fca19d4b8617453a7041b8Timo Sirainenenum dcrypt_key_type dcrypt_key_type_private(struct dcrypt_private_key *key);
394391e78f26cba1d7fca19d4b8617453a7041b8Timo Sirainenenum dcrypt_key_type dcrypt_key_type_public(struct dcrypt_public_key *key);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_key_id_public(struct dcrypt_public_key *key, const char *algorithm, buffer_t *result, const char **error_r); /* return digest of key */
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_key_id_public_old(struct dcrypt_public_key *key, buffer_t *result, const char **error_r); /* return SHA1 sum of key */
7e1a69e513739a7c12e3c5ec53dff1eb01b90524Aki Tuomibool dcrypt_key_id_private(struct dcrypt_private_key *key, const char *algorithm, buffer_t *result, const char **error_r); /* return digest of key */
7e1a69e513739a7c12e3c5ec53dff1eb01b90524Aki Tuomibool dcrypt_key_id_private_old(struct dcrypt_private_key *key, buffer_t *result, const char **error_r); /* return SHA1 sum of key */
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_key_string_get_info(const char *key_data, enum dcrypt_key_format *format_r, enum dcrypt_key_version *version_r,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi enum dcrypt_key_kind *kind_r, enum dcrypt_key_encryption_type *encryption_type_r, const char **encryption_key_hash_r,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi/* RSA stuff */
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_rsa_encrypt(struct dcrypt_public_key *key, const unsigned char *data, size_t data_len, buffer_t *result, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_rsa_decrypt(struct dcrypt_private_key *key, const unsigned char *data, size_t data_len, buffer_t *result, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi/* OID stuff */
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomiconst char *dcrypt_oid2name(const unsigned char *oid, size_t oid_len, const char **error_r);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool dcrypt_name2oid(const char *name, buffer_t *oid, const char **error_r);