C API for pgcrypto ================== UN*X crypt() ============ #include <px-crypt.h> char * px_crypt(const char *psw, const char *salt, char *buf, unsigned buflen); returns buf or NULL for error. unsigned px_gen_salt(const char *salt_type, char *dst, int rounds); returns salt size. dst should be PX_MAX_SALT_LEN bytes. 'rounds' is algorithm specific. 0 means default for that algorithm. Random ====== int px_get_random_bytes(uint8 *dst, int num) Crypto "objects" ================ PX_MD - Message digest PX_HMAC - HMAC (Hash MAC) PX_Cipher - cipher+mode: provided by libs PX_Combo - higher-level encryption -> padding, [MD] Objects are activated with following functions: int px_find_digest(const char *name, PX_MD **res); int px_find_hmac(const char *name, PX_HMAC **res); int px_find_cipher(const char *name, PX_Cipher **res); int px_find_combo(const char *name, PX_Combo **res); returns 0 on success, < 0 on error. If successful, *res contains pointer to new object. Message Digest ============== uint px_md_result_size(PX_MD *md) returns final result size in bytes void px_md_reset(PX_MD *md) resets md to clean state uint px_md_block_size(PX_MD *md) return algorithm block size in bytes void px_md_update(PX_MD *md, const uint8 *data, uint dlen) updates hash state with new data void px_md_finish(PX_MD *md, uint8 *buf) puts final hash state into buf. buf should have room for px_md_result_size() bytes. void px_md_free(PX_MD *md) frees resources. HMAC (Hash Message Authentication Code) ======================================= int px_hmac_init(PX_HMAC *hmac, const uint8 *key, uint klen) initalized hmac state with key. uint px_hmac_result_size(PX_HMAC *md) returns final result size in bytes void px_hmac_reset(PX_HMAC *md) resets md to state after _init() uint px_hmac_block_size(PX_HMAC *md) return algorithm block size in bytes void px_hmac_update(PX_HMAC *md, const uint8 *data, uint dlen) updates hash state with new data void px_hmac_finish(PX_HMAC *md, uint8 *buf) puts final hash state into buf. buf should have room for px_hmac_result_size() bytes. void px_hmac_free(PX_HMAC *md) frees resources. Cipher ====== uint px_cipher_key_size(PX_Cipher *c) returns max key size in bytes uint px_cipher_block_size(PX_Cipher *c) returns cipher+mode block size in bytes. So blowfish in CFB mode should return 1. uint px_cipher_iv_size(PX_Cipher *c) returns IV size in bytes. int px_cipher_init(PX_Cipher *c, uint8 *key, uint klen, uint8 *iv) initializes cipher with supplied key and iv. int px_cipher_encrypt(PX_Cipher *c, uint8 *data, uint dlen, uint8 *res) encrypts data. res must have room for dlen bytes. data must be multiple of px_cipher_block_size(). int px_cipher_decrypt(PX_Cipher *c, uint8 *data, uint dlen, uint8 *res) decrypts data. res must have room for dlen bytes. void px_cipher_free(PX_Cipher *c) frees resources assiocated. PX_Combo ======== uint px_combo_encrypt_len(PX_Combo *c, uint dlen) calculates max result length for dlen of data. uint px_combo_decrypt_len(PX_Combo *c, uint dlen) calculates result length for dlen of data. int px_combo_init(PX_Combo *c, uint8 *key, uint klen, uint8 *iv, uint ivlen) initializes c with key and iv. If cipher uses fixed length keys, key will be padded with zeroes to needed length. int px_combo_encrypt(PX_Combo *c, uint8 *data, uint dlen, uint8 *res, uint rlen) int px_combo_decrypt(PX_Combo *c, uint8 *data, uint dlen, uint8 *res, uint rlen) void px_combo_free(PX_Combo *c) frees resources assiocated.