#ifndef _PRIV_CRYPTO_H_4aa002c2_ #define _PRIV_CRYPTO_H_4aa002c2_ /* This file is in the public domain. */ /* * Support routines for the crypto applied to the private portions of * public-key crypto keys. This is the code that encrypts and * decrypts private keys based on passphrases. */ /* * Wrap a private key. This takes the unencrypted public-key private * data blob and encrypts it with the given passphrase, returning an * encrypted data blob. (A zero-length passphrase produces no * encryption; this is suitable for, eg, host keys. "No passphrase * available, please prompt" is indicated by a nil pointer for the * passphrase.) Arguments: * * const void *in_ptr * int in_len * void **out_ptr * int *out_len * const char *passphrase */ extern void priv_wrap(const void *, int, void **, int *, const char *); /* * Unwrap a private key. This takes the encrypted public-key private * data blob and decrypts it with the given passphrase, returning an * unencrypted data blob. If the private data blob is not encrypted, * the passphrase argument is ignored; otherwise, it must decrypt the * data blob correctly (there is a signature in encrypted data blobs * to make it extremely unlikely that an incorrect decryption will go * undetected). Arguments: * * const void *in_ptr * int in_len * const char *comment * void **out_ptr * int *out_len * const char *passphrase * * comment is the key comment, used to provide meaningful passphrase * prompts if prompting is done. A nil passphrase pointer means that * no passphrase is available, and prompting should be done; * NO_PASSPHRASE also means that no passphrase is available, but * indicates that if the data blob is encrypted, an error return * should be produced. */ extern int priv_unwrap(const void *, int, const char *, void **, int *, const char *); extern const char priv_unwrap__no_pp; #define NO_PASSPHRASE (&priv_unwrap__no_pp) /* * Tests whether a data blob has no passphrase set on it, returning * true if it does, false if not. */ extern int priv_no_pp(const void *, int); #endif