From 6435040881937ab10c9e3532fb024600f25730c3 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Wed, 29 Aug 2018 20:46:17 +0200 Subject: [PATCH] libnm/crypto: add header "nm-crypto-impl.h" for crypto implementation There are two aspects: the public crypto API that is provided by "nm-crypto.h" header, and the internal header which crypto backends need to implement. Split them. --- Makefile.am | 1 + docs/libnm/Makefile.am | 1 + docs/libnm/meson.build | 1 + libnm-core/nm-crypto-gnutls.c | 2 +- libnm-core/nm-crypto-impl.h | 61 ++++++++++++++++++++++++++++++++++ libnm-core/nm-crypto-nss.c | 2 +- libnm-core/nm-crypto.c | 1 + libnm-core/nm-crypto.h | 31 +---------------- libnm-core/tests/test-crypto.c | 2 +- 9 files changed, 69 insertions(+), 33 deletions(-) create mode 100644 libnm-core/nm-crypto-impl.h diff --git a/Makefile.am b/Makefile.am index 8fa1c19738..f61b4e5cb8 100644 --- a/Makefile.am +++ b/Makefile.am @@ -509,6 +509,7 @@ libnm_core_lib_h_priv = \ shared/nm-ethtool-utils.h \ shared/nm-meta-setting.h \ libnm-core/nm-crypto.h \ + libnm-core/nm-crypto-impl.h \ libnm-core/nm-connection-private.h \ libnm-core/nm-core-internal.h \ libnm-core/nm-core-types-internal.h \ diff --git a/docs/libnm/Makefile.am b/docs/libnm/Makefile.am index 7c3b54b484..c5f2b836ba 100644 --- a/docs/libnm/Makefile.am +++ b/docs/libnm/Makefile.am @@ -33,6 +33,7 @@ CFILE_GLOB=$(top_srcdir)/libnm-core/*.c $(top_srcdir)/libnm/*.c IGNORE_HFILES= \ common.h \ nm-crypto.h \ + nm-crypto-impl.h \ nm-dbus-helpers.h \ nm-core-internal.h \ nm-core-types-internal.h \ diff --git a/docs/libnm/meson.build b/docs/libnm/meson.build index 35aae523be..77f7ed0f94 100644 --- a/docs/libnm/meson.build +++ b/docs/libnm/meson.build @@ -3,6 +3,7 @@ doc_module = libnm_name private_headers = [ 'common.h', 'nm-crypto.h', + 'nm-crypto-impl.h', 'nm-dbus-helpers.h', 'nm-core-internal.h', 'nm-core-types-internal.h', diff --git a/libnm-core/nm-crypto-gnutls.c b/libnm-core/nm-crypto-gnutls.c index 2cdb259af3..72cc0a28c0 100644 --- a/libnm-core/nm-crypto-gnutls.c +++ b/libnm-core/nm-crypto-gnutls.c @@ -23,7 +23,7 @@ #include "nm-default.h" -#include "nm-crypto.h" +#include "nm-crypto-impl.h" #include #include diff --git a/libnm-core/nm-crypto-impl.h b/libnm-core/nm-crypto-impl.h new file mode 100644 index 0000000000..63ffb17097 --- /dev/null +++ b/libnm-core/nm-crypto-impl.h @@ -0,0 +1,61 @@ +/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */ + +/* + * Dan Williams + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the + * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301 USA. + * + * Copyright 2007 - 2018 Red Hat, Inc. + */ + +#ifndef __NM_CRYPTO_IMPL_H__ +#define __NM_CRYPTO_IMPL_H__ + +#if !((NETWORKMANAGER_COMPILATION) & NM_NETWORKMANAGER_COMPILATION_WITH_LIBNM_CORE_PRIVATE) +#error Cannot use this header. +#endif + +#include "nm-crypto.h" + +gboolean crypto_init (GError **error); + +char * crypto_decrypt (const char *cipher, + int key_type, + const guint8 *data, + gsize data_len, + const char *iv, + const gsize iv_len, + const char *key, + const gsize key_len, + gsize *out_len, + GError **error); + +NMCryptoFileFormat crypto_verify_cert (const guint8 *data, + gsize len, + GError **error); + +gboolean crypto_verify_pkcs12 (const guint8 *data, + gsize data_len, + const char *password, + GError **error); + +gboolean crypto_verify_pkcs8 (const guint8 *data, + gsize data_len, + gboolean is_encrypted, + const char *password, + GError **error); + +#endif /* __NM_CRYPTO_IMPL_H__ */ diff --git a/libnm-core/nm-crypto-nss.c b/libnm-core/nm-crypto-nss.c index eec61e0f87..634022b00a 100644 --- a/libnm-core/nm-crypto-nss.c +++ b/libnm-core/nm-crypto-nss.c @@ -23,7 +23,7 @@ #include "nm-default.h" -#include "nm-crypto.h" +#include "nm-crypto-impl.h" #include #include diff --git a/libnm-core/nm-crypto.c b/libnm-core/nm-crypto.c index 72e66a133c..c4740f31f4 100644 --- a/libnm-core/nm-crypto.c +++ b/libnm-core/nm-crypto.c @@ -32,6 +32,7 @@ #include "nm-utils/nm-secret-utils.h" +#include "nm-crypto-impl.h" #include "nm-errors.h" #define PEM_RSA_KEY_BEGIN "-----BEGIN RSA PRIVATE KEY-----" diff --git a/libnm-core/nm-crypto.h b/libnm-core/nm-crypto.h index cb74a8c953..4e66454b81 100644 --- a/libnm-core/nm-crypto.h +++ b/libnm-core/nm-crypto.h @@ -29,6 +29,7 @@ #endif #define MD5_HASH_LEN 20 + #define CIPHER_DES_EDE3_CBC "DES-EDE3-CBC" #define CIPHER_DES_CBC "DES-CBC" #define CIPHER_AES_128_CBC "AES-128-CBC" @@ -48,8 +49,6 @@ typedef enum { NM_CRYPTO_FILE_FORMAT_PKCS12 } NMCryptoFileFormat; -gboolean crypto_init (GError **error); - GByteArray *nmtst_crypto_decrypt_openssl_private_key_data (const guint8 *data, gsize data_len, const char *password, @@ -80,8 +79,6 @@ NMCryptoFileFormat crypto_verify_private_key (const char *file, gboolean *out_is_encrypted, GError **error); -/* Internal utils API bits for crypto providers */ - void crypto_md5_hash (const guint8 *salt, gsize salt_len, const guint8 *password, @@ -96,17 +93,6 @@ char *crypto_make_des_aes_key (const char *cipher, gsize *out_len, GError **error); -char * crypto_decrypt (const char *cipher, - int key_type, - const guint8 *data, - gsize data_len, - const char *iv, - const gsize iv_len, - const char *key, - const gsize key_len, - gsize *out_len, - GError **error); - char * crypto_encrypt (const char *cipher, const guint8 *data, gsize data_len, @@ -119,19 +105,4 @@ char * crypto_encrypt (const char *cipher, gboolean crypto_randomize (void *buffer, gsize buffer_len, GError **error); -NMCryptoFileFormat crypto_verify_cert (const guint8 *data, - gsize len, - GError **error); - -gboolean crypto_verify_pkcs12 (const guint8 *data, - gsize data_len, - const char *password, - GError **error); - -gboolean crypto_verify_pkcs8 (const guint8 *data, - gsize data_len, - gboolean is_encrypted, - const char *password, - GError **error); - #endif /* __NM_CRYPTO_H__ */ diff --git a/libnm-core/tests/test-crypto.c b/libnm-core/tests/test-crypto.c index 8b447d2685..c180b987f3 100644 --- a/libnm-core/tests/test-crypto.c +++ b/libnm-core/tests/test-crypto.c @@ -28,7 +28,7 @@ #include #include -#include "nm-crypto.h" +#include "nm-crypto-impl.h" #include "nm-utils.h" #include "nm-errors.h" #include "nm-core-internal.h"