diff options
author | Simo Sorce <simo@redhat.com> | 2016-05-09 17:34:49 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-06-29 21:46:52 +0200 |
commit | 625bb2ddf15e8f305a53afa44e87f2146fa930af (patch) | |
tree | e80c6bdcb073d4c597af6c8ef8202726145286ad /src/util/crypto/nss/nss_crypto.h | |
parent | 1dd679584241a0f9b29072c7eed1c5c5e4a577e4 (diff) | |
download | sssd-625bb2ddf15e8f305a53afa44e87f2146fa930af.tar.gz sssd-625bb2ddf15e8f305a53afa44e87f2146fa930af.tar.xz sssd-625bb2ddf15e8f305a53afa44e87f2146fa930af.zip |
Secrets: Add encryption at rest
Generates a master key file if it doesn't exist and encrypts secrets
using the master key contained in the file.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/util/crypto/nss/nss_crypto.h')
-rw-r--r-- | src/util/crypto/nss/nss_crypto.h | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/src/util/crypto/nss/nss_crypto.h b/src/util/crypto/nss/nss_crypto.h new file mode 100644 index 000000000..5ecb5449d --- /dev/null +++ b/src/util/crypto/nss/nss_crypto.h @@ -0,0 +1,66 @@ +/* + SSSD + + NSS crypto wrappers + + Authors: + Jakub Hrozek <jhrozek@redhat.com> + + Copyright (C) Red Hat, Inc 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include <nss.h> +#include <prerror.h> +#include <pk11func.h> +#include <base64.h> +#include <talloc.h> + +#define MAKE_SECITEM(sdata, slen, sitem) do { \ + (sitem)->type = (siBuffer); \ + (sitem)->data = (sdata); \ + (sitem)->len = (slen); \ +} while(0) + +struct sss_nss_crypto_ctx { + PK11SlotInfo *slot; + PK11Context *ectx; + PK11SymKey *keyobj; + SECItem *sparam; + + SECItem *iv; + SECItem *key; +}; + +struct crypto_mech_data { + CK_MECHANISM_TYPE cipher; + uint16_t keylen; + uint16_t bsize; +}; + +enum crypto_mech_op { + op_encrypt, + op_decrypt, + op_sign +}; + +int nss_ctx_init(TALLOC_CTX *mem_ctx, + struct crypto_mech_data *mech_props, + uint8_t *key, int keylen, + uint8_t *iv, int ivlen, + struct sss_nss_crypto_ctx **_cctx); +int nss_crypto_init(struct crypto_mech_data *mech_props, + enum crypto_mech_op crypto_op, + struct sss_nss_crypto_ctx *cctx); |