diff options
| author | Simo Sorce <simo@redhat.com> | 2016-05-09 17:34:49 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-06-29 21:46:52 +0200 |
| commit | 625bb2ddf15e8f305a53afa44e87f2146fa930af (patch) | |
| tree | e80c6bdcb073d4c597af6c8ef8202726145286ad /src/util/crypto/sss_crypto.h | |
| parent | 1dd679584241a0f9b29072c7eed1c5c5e4a577e4 (diff) | |
| download | sssd-625bb2ddf15e8f305a53afa44e87f2146fa930af.tar.gz sssd-625bb2ddf15e8f305a53afa44e87f2146fa930af.tar.xz sssd-625bb2ddf15e8f305a53afa44e87f2146fa930af.zip | |
Secrets: Add encryption at rest
Generates a master key file if it doesn't exist and encrypts secrets
using the master key contained in the file.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/util/crypto/sss_crypto.h')
| -rw-r--r-- | src/util/crypto/sss_crypto.h | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/src/util/crypto/sss_crypto.h b/src/util/crypto/sss_crypto.h index 5b40ecfc4..8c7a88317 100644 --- a/src/util/crypto/sss_crypto.h +++ b/src/util/crypto/sss_crypto.h @@ -1,3 +1,24 @@ +/* + Copyright (C) 2009-2016 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _SSS_CRYPTO_H_ +#define _SSS_CRYPTO_H_ + +int generate_csprng_buffer(uint8_t *buf, size_t size); int s3crypt_sha512(TALLOC_CTX *mmectx, const char *key, const char *salt, char **_hash); @@ -32,3 +53,19 @@ int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen, int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded, char **password); + +enum encmethod { + AES256CBC_HMAC_SHA256, + NUM_ENCMETHODS +}; + +int sss_encrypt(TALLOC_CTX *mem_ctx, enum encmethod enctype, + uint8_t *key, size_t keylen, + const uint8_t *plaintext, size_t plainlen, + uint8_t **ciphertext, size_t *cipherlen); +int sss_decrypt(TALLOC_CTX *mem_ctx, enum encmethod enctype, + uint8_t *key, size_t keylen, + const uint8_t *ciphertext, size_t cipherlen, + uint8_t **plaintext, size_t *plainlen); + +#endif /* _SSS_CRYPTO_H_ */ |