00001 /*- 00002 * See the file LICENSE for redistribution information. 00003 * 00004 * Copyright (c) 1996-2005 00005 * Sleepycat Software. All rights reserved. 00006 * 00007 * $Id: crypto.h,v 12.2 2005/07/20 16:51:03 bostic Exp $ 00008 */ 00009 00010 #ifndef _DB_CRYPTO_H_ 00011 #define _DB_CRYPTO_H_ 00012 00013 /* 00014 * !!! 00015 * These are the internal representations of the algorithm flags. 00016 * They are used in both the DB_CIPHER structure and the CIPHER 00017 * structure so we can tell if users specified both passwd and alg 00018 * correctly. 00019 * 00020 * CIPHER_ANY is used when an app joins an existing env but doesn't 00021 * know the algorithm originally used. This is only valid in the 00022 * DB_CIPHER structure until we open and can set the alg. 00023 */ 00024 /* 00025 * We store the algorithm in an 8-bit field on the meta-page. So we 00026 * use a numeric value, not bit fields. 00027 * now we are limited to 8 algorithms before we cannot use bits and 00028 * need numeric values. That should be plenty. It is okay for the 00029 * CIPHER_ANY flag to go beyond that since that is never stored on disk. 00030 */ 00031 00032 /* 00033 * This structure is per-process, not in shared memory. 00034 */ 00035 struct __db_cipher { 00036 u_int (*adj_size) __P((size_t)); 00037 int (*close) __P((DB_ENV *, void *)); 00038 int (*decrypt) __P((DB_ENV *, void *, void *, u_int8_t *, size_t)); 00039 int (*encrypt) __P((DB_ENV *, void *, void *, u_int8_t *, size_t)); 00040 int (*init) __P((DB_ENV *, DB_CIPHER *)); 00041 00042 u_int8_t mac_key[DB_MAC_KEY]; /* MAC key. */ 00043 void *data; /* Algorithm-specific information */ 00044 00045 #define CIPHER_AES 1 /* AES algorithm */ 00046 u_int8_t alg; /* Algorithm used - See above */ 00047 u_int8_t spare[3]; /* Spares */ 00048 00049 #define CIPHER_ANY 0x00000001 /* Only for DB_CIPHER */ 00050 u_int32_t flags; /* Other flags */ 00051 }; 00052 00053 #ifdef HAVE_CRYPTO 00054 00055 #include "crypto/rijndael/rijndael-api-fst.h" 00056 00057 /* 00058 * Shared ciphering structure 00059 * No mutex needed because all information is read-only after creation. 00060 */ 00061 typedef struct __cipher { 00062 roff_t passwd; /* Offset to shared passwd */ 00063 size_t passwd_len; /* Length of passwd */ 00064 u_int32_t flags; /* Algorithm used - see above */ 00065 } CIPHER; 00066 00067 #define DB_AES_KEYLEN 128 /* AES key length */ 00068 #define DB_AES_CHUNK 16 /* AES byte unit size */ 00069 00070 typedef struct __aes_cipher { 00071 keyInstance decrypt_ki; /* Decryption key instance */ 00072 keyInstance encrypt_ki; /* Encryption key instance */ 00073 u_int32_t flags; /* AES-specific flags */ 00074 } AES_CIPHER; 00075 00076 #include "dbinc_auto/crypto_ext.h" 00077 #endif /* HAVE_CRYPTO */ 00078 #endif /* !_DB_CRYPTO_H_ */
1.4.2