fis-gtm-6.3-000a 6.3-000A-1 / usr / lib / x86_64-linux-gnu / fis-gtm / V6.3-000A_x86_64 / plugin / gtmcrypt / gtmcrypt_interface.h

This file is indexed.

/usr/lib/x86_64-linux-gnu/fis-gtm/V6.3-000A_x86_64/plugin/gtmcrypt/gtmcrypt_interface.h is in fis-gtm-6.3-000a 6.3-000A-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
/****************************************************************
 *								*
 * Copyright (c) 2009-2016 Fidelity National Information	*
 * Services, Inc. and/or its subsidiaries. All rights reserved.	*
 *								*
 *	This source code contains the intellectual property	*
 *	of its copyright holder(s), and is made available	*
 *	under a license   If you do not know the terms of	*
 *	the license, please stop and do not read further 	*
 *								*
 ****************************************************************/

/* WARNING: Include gtm_limits.h prior to including this file. */

#ifndef GTMCRYPT_INTERFACE_H
#define GTMCRYPT_INTERFACE_H

/* This module defines the interface for a GT.M encryption plug-in implementation. Refer to the function comments for details. */

/* Environment variable containing the obfuscated password for the key ring with which the symmetric keys are encrypted. */
#define GTM_PASSWD_ENV			"gtm_passwd"

/* Length of the plain and in-hex hash string for a symmetric key. We are currently using SHA-512, so the length is 64 bytes. */
#define GTMCRYPT_HASH_LEN		64
#define GTMCRYPT_HASH_HEX_LEN		GTMCRYPT_HASH_LEN * 2

/* Length of the key name (which for databases is an absolute path to the file). */
#define GTMCRYPT_MAX_KEYNAME_LEN	GTM_PATH_MAX

/* Definitions must match those in gtm_tls_interface.h */
/* Flag to be used whenever password can be obtained interactively. */
#define GTMCRYPT_OP_INTERACTIVE_MODE	0x00000001
/* No environment variable for password - used by gc_update_passwd so must be same in gtmcrypt_interface.h */
#define	GTMCRYPT_OP_NOPWDENVVAR		0x00000800

/* Special value that indicates invalid / uninitialized encryption state object. */
#define GTMCRYPT_INVALID_KEY_HANDLE	NULL

/* Constants to indicate what IV-handling mode is desired for a particular encryption or decryption operation. */
#define	GTMCRYPT_IV_CONTINUE		0
#define GTMCRYPT_IV_SET			1
#define GTMCRYPT_IV_RESET		-1

/* Constants to indicate whether a particular operation is of encryption or decryption type. */
#define GTMCRYPT_OP_ENCRYPT		1
#define GTMCRYPT_OP_DECRYPT		0

typedef	void * gtmcrypt_key_t;

/*
 * Initialize encryption if not yet initialized. Use this function to load necessary libraries and set appropriate configuration
 * options. Upon a successful return this function is never invoked again.
 *
 * Arguments:	flags	Encryption flags to use.
 *
 * Returns:	0 if encryption was initialized successfully; -1 otherwise.
 */
gtm_status_t	gtmcrypt_init(gtm_int_t flags);

/*
 * Return the error string. Use this function to provide the current error status. The function is normally invoked following a
 * non-zero return from one of the other functions defined in the interface, which means that each of them should start by clearing
 * the error buffer.
 *
 * Returns:	The error string constructed so far.
 */
gtm_char_t	*gtmcrypt_strerror(void);

/*
 * Find the key by hash and database path and set up database encryption and decryption state objects, if not created yet. Use this
 * function to locate a particular key by its hash and, if found, initialize the objects for subsequent encryption and decryption
 * operations on any database that will use this key, unless already initialized. If the db_path argument specifies a non-null
 * string, then the key should additionally correspond to that database in the configuration file.
 *
 * The reason that any database relying on the same key may use the same encryption and decryption state objects is this: Every
 * database's encryption and decryption handles are initialized with a null IV, and every block is processed using either a null IV
 * or IV corresponding to the block number. So, for every encryption and decryption operation the IV is always preset to the
 * "correct" value, effectively making it suitable for every database using the same hash.
 *
 * Arguments:	handle		Pointer to the database encryption state object supplied by the caller and filled in by this
 * 				routine.
 * 		key_hash	Hash of the key.
 * 		db_path		Path to the database file that should be associated with the sought key. Can be an empty string.
 * 		iv		Initialization vector to use for encryption or decryption.
 *
 * Returns:	0 if the routine found the key, and either found existing database encryption and decryption state objects or
 * 		initialized them; -1 otherwise.
 */
gtm_status_t	gtmcrypt_init_db_cipher_context_by_hash(gtmcrypt_key_t *handle, gtm_string_t key_hash,
				gtm_string_t db_path, gtm_string_t iv);

/*
 * Find the key by its name and set up device encryption or decryption state object. Use this function to locate a particular key by
 * its name (as specified in the configuration file) and, if found, initialize an object for subsequent encryption or decryption
 * operations (depending on the 'encrypt' parameter) with one device using this key. Note that, unlike databases, different devices
 * relying on the same key require individual encryption and decryption state objects as their states evolve with each encryption or
 * decryption operation.
 *
 * Arguments:	handle		Pointer to the database encryption state object supplied by the caller and filled in by this
 * 				routine.
 * 		key_name	Name of the key.
 * 		iv		Initialization vector to use for encryption or decryption.
 * 		operation	Flag indicating whether encryption or decryption is desired; use GTMCRYPT_OP_ENCRYPT or
 * 				GTMCRYPT_OP_DECRYPT, respectively.
 *
 * Returns:	0 if the routine found the key, and either found existing database encryption and decryption state objects or
 *		initialized them; -1 otherwise.
 */
gtm_status_t	gtmcrypt_init_device_cipher_context_by_keyname(gtmcrypt_key_t *handle, gtm_string_t key_name,
				gtm_string_t iv, gtm_int_t operation);

/*
 * Find the key by the path of the database it corresponds to as well as its own path, and obtain its hash. Use this function to
 * locate a particular key by the path of the database that is associated with the key in the configuration file and calculate (or
 * copy, if precalculated) its hash to the 'hash_dest' address. If the key_path argument specifies a non-null string, then the key
 * should have the corresponding path; otherwise, the *last* of all keys associated with the specified database in the configuration
 * file is used.
 *
 * Arguments:	db_path		Path to the database file that should be associated with the sought key.
 * 		key_path	Path to the key. Can be an empty string.
 * 		hash_dest	Pointer to the location for this routine to copy the key's hash.
 *
 * Returns:	0 if the routine found the key and copied its hash to the specified location; -1 otherwise.
 */
gtm_status_t	gtmcrypt_obtain_db_key_hash_by_keyname(gtm_string_t db_path, gtm_string_t key_path, gtm_string_t *hash_dest);

/*
 * Release the specified encryption or decryption state object, also releasing the decryption state if database encryption state is
 * specified.
 *
 * Arguments:	handle	Pointer to the encryption or decryption state object to release.
 *
 * Returns:	0 if the operation succeeded; -1 otherwise.
 */
gtm_status_t	gtmcrypt_release_cipher_context(gtmcrypt_key_t handle);

/*
 * Perform encryption or decryption of the provided data based on the specified encryption / decryption state. If the target buffer
 * pointer is NULL, the operation is done in-place. It is also possible to set the initialization vector (IV) to a particular value,
 * or reset it to the original value, before attempting the operation. Note that the changes are persistent.
 *
 * Arguments:	handle			Encryption state object.
 * 		unencr_block		Block of unencrypted data.
 * 		unencr_block_len	Length of the unencrypted and encrypted data blocks.
 * 		encr_block		Block of encrypted data.
 * 		operation		Flag indicating whether to perform encryption or decryption; use GTMCRYPT_OP_ENCRYPT or
 * 					GTMCRYPT_OP_DECRYPT, respectively.
 * 		iv_mode			Flag indicating whether to change the initialization vector (IV) prior to the operation; use
 * 					GTMCRYPT_IV_CONTINUE to proceed without changing the IV, GTMCRYPT_IV_SET to set the IV the
 * 					value supplied in the iv argument, and GTMCRYPT_IV_RESET to reset the IV to the value
 * 					specified at initialization.
 * 		iv			Initialization vector for the encryption state to take when iv_mode is GTMCRYPT_IV_SET.
 *
 * Returns:	0 if the operation succeeded; -1 otherwise.
 */
gtm_status_t	gtmcrypt_encrypt_decrypt(gtmcrypt_key_t handle, gtm_char_t *src_block, gtm_int_t src_block_len,
					  gtm_char_t *dest_block, gtm_int_t operation, gtm_int_t iv_mode, gtm_string_t iv);

/*
 * Compare the keys associated with two encryption or decryption state objects.
 *
 * Arguments:	handle1		First encryption or decryption state object.
 * 		handle2		Second encryption or decryption state object.
 *
 * Returns:	1 if both encryption or decryption state objects use the same key; 0 otherwise.
 */
gtm_int_t	gtmcrypt_same_key(gtmcrypt_key_t handle1, gtmcrypt_key_t handle2);

/*
 * Disable encryption and discard any sensitive data in memory.
 *
 * Returns:	0 if the operation succeeded; -1 otherwise.
 */
gtm_status_t	gtmcrypt_close(void);

#endif

APT Browse - Built by Thomas Orozco.