crypto.h (7372B)
1 #ifndef LIBQAEDA_CRYPTO_H_ 2 #define LIBQAEDA_CRYPTO_H_ 3 4 #include <stddef.h> 5 6 #ifndef LQ_DIGEST_LEN 7 #define LQ_DIGEST_LEN 64 8 #endif 9 10 #ifndef LQ_DIGEST_SIG_LEN 11 #define LQ_DIGEST_SIG_LEN 64 12 #endif 13 14 #ifndef LQ_PUBKEY_LEN 15 #define LQ_PUBKEY_LEN 32 16 #endif 17 18 #ifndef LQ_PRIVKEY_LEN 19 #define LQ_PRIVKEY_LEN 32 20 #endif 21 22 #ifndef LQ_SIGN_LEN 23 #define LQ_SIGN_LEN 64 24 #endif 25 26 #ifndef LQ_FP_LEN 27 #define LQ_FP_LEN 20 28 #endif 29 30 #ifndef LQ_SALT_LEN 31 #define LQ_SALT_LEN 32 32 #endif 33 34 #ifndef LQ_CRYPTO_BUFLEN 35 #define LQ_CRYPTO_BUFLEN 524288 36 #endif 37 38 #ifndef LQ_CRYPTO_BLOCKSIZE 39 #define LQ_CRYPTO_BLOCKSIZE 4096 40 #endif 41 42 #ifndef LQ_POINT_LEN 43 #define LQ_POINT_LEN 32 44 #endif 45 46 47 enum lq_keystate_e { 48 LQ_KEY_INIT = 1, 49 LQ_KEY_LOCK = 2, 50 }; 51 52 /** 53 * \struct LQPrivKey 54 * 55 * \brief Represents an unencrypted private key for message signing. 56 * 57 * \see lq_privatekey_t 58 */ 59 struct lq_privatekey_t { 60 short key_typ; ///< Key type identifier. Unused for now. 61 char key_state; ///< Key state flags. 62 void *impl; ///< Private key implementation object 63 }; 64 typedef struct lq_privatekey_t LQPrivKey; 65 66 /** 67 * \struct LQPubKey 68 * 69 * \brief Represents a public key embedded in private keys, certificates and signatures data. 70 * 71 * \see lq_publickey_t 72 * \todo add serialization 73 */ 74 struct lq_publickey_t { 75 short key_typ; ///< Key type identifier. Unused for now. 76 LQPrivKey *pk; ///< Corresponding private key. Optional, and set to NULL if not available. 77 void *impl; ///< Public key implementation object 78 }; 79 typedef struct lq_publickey_t LQPubKey; 80 81 /** 82 * \struct LQSig 83 * 84 * \brief Represents a cryptographic signature over a message digest. 85 * 86 * \see lq_signature_t 87 * \todo add serialization 88 */ 89 struct lq_signature_t { 90 LQPubKey *pubkey; ///< Public key corresponding to the signature, used for verification. Optional (if public key can be recovered from signature) 91 void *impl; ///< Signature implementation object 92 }; 93 typedef struct lq_signature_t LQSig; 94 95 /** 96 * \brief Perform necessary initializations of crypto component. 97 * 98 * \return ERR_OK on success. 99 */ 100 int lq_crypto_init(const char *base); 101 102 /** 103 * \brief Perform necessary resource release of crypto component. 104 */ 105 void lq_crypto_free(); 106 107 /** 108 * \brief Create a new private key 109 * 110 * If passphrase is not null the passphrase will be encrypted using that passphrase by default. 111 * 112 * \param[in] Passphrase to encrypt key with. If NULL, key will be encrypted with a single 0-byte as passphrase. 113 * \param[in] Passphrase length. Ignored if passphrase is NULL. 114 * \return Pointer to new private key. Freeing the object is the caller's responsibility. 115 * \see lq_privatekey_free 116 */ 117 LQPrivKey* lq_privatekey_new(const char *passphrase, size_t passphrase_len); 118 119 /** 120 * \brief Load a private key from store. 121 * 122 * If passphrase is not null the passphrase will be encrypted using that passphrase by default. 123 * 124 * \param[in] Passphrase to encrypt key with. If NULL, key will be encrypted with a single 0-byte as passphrase. 125 * \param[in] Passphrase length. Ignored if passphrase is NULL. 126 * \return Pointer to new private key. Freeing the object is the caller's responsibility. 127 * 128 * \see lq_privatekey_free 129 */ 130 LQPrivKey* lq_privatekey_load(const char *passphrase, size_t passphrase_len, const char *fingerprint); 131 132 /** 133 * \brief Get raw private key bytes 134 * 135 * \param[in] Private key object. 136 * \param[out] Pointer to start of data. 137 * \return Length of key. If 0, no key could be found. 138 */ 139 size_t lq_privatekey_bytes(LQPrivKey *pk, char **out); 140 141 /** 142 * \brief Create a new public key object. 143 * 144 * \param[in] Uncompressed public key data. 145 * \return Pointer to new public key. Freeing the object is the caller's responsibility. 146 * \see lq_publickey_free 147 */ 148 LQPubKey* lq_publickey_new(const char *full); 149 150 /** 151 * \brief Create a new public key object from a private key. 152 * 153 * \param[in] Private key to generate public key from. 154 * \return Pointer to new public key. Freeing the object is the caller's responsibility. 155 * \see lq_publickey_free 156 */ 157 LQPubKey* lq_publickey_from_privatekey(LQPrivKey *pk); 158 159 /** 160 * \brief Get raw public key bytes. 161 * 162 * \param[in] Public key object. 163 * \param[out] Pointer to start of data. 164 * \return Length of key. If 0, no key could be found. 165 */ 166 size_t lq_publickey_bytes(LQPubKey *pubk, char **out); 167 168 /** 169 * \brief Get the public key fingerprint bytes. 170 * 171 * \param[in] Public key object 172 * \param[out] Pointer to start of data. 173 * \return Length of fingerprint data. If 0, no fingerprint could be found. 174 */ 175 size_t lq_publickey_fingerprint(LQPubKey *pubk, char **out); 176 177 /** 178 * \brief Encrypt private key in place. 179 * 180 * Must clear sensistive memory. 181 * 182 * \param[in] Private Key object 183 * \return ERR_OK if encrypted, ERR_NOOP if already encrypted, or ERR_INIT if encryption fails. 184 */ 185 int lq_privatekey_lock(LQPrivKey *pk, const char *passphrase, size_t passphrase_len); 186 187 /** 188 * \brief Decrypt private key in place. 189 * 190 * \param[in] Private Key object 191 * \return ERR_OK if decrypted, ERR_NOOP if not encrypted, or ERR_INIT if decryption fails. 192 */ 193 int lq_privatekey_unlock(LQPrivKey *pk, const char *passphrase, size_t passphrase_len); 194 195 /** 196 * \brief Sign digest data using a private key. 197 * 198 * \param[in] Decrypted private key to use for the signature. 199 * \param[in] Message digest to sign. 200 * \param[in] Length of message to sign. 201 * \param[in] Salt data to use for the signature. Set to NULL if salt is not to be used. If not null, must be LQ_SALT_LEN long. 202 * \return Signature object if signing was successful. Returns NULL if signature failed. It is the caller's responsiblity to free the signature. 203 * \see lq_signature_free 204 */ 205 LQSig* lq_privatekey_sign(LQPrivKey *pk, const char *msg, size_t msg_len, const char *salt); 206 207 /** 208 * \brief Create a signature object from byte data. 209 * 210 * \param[in] Signature byte data. 211 * \param[in] Length of data. 212 * \param[in] Public key used in signature. Can be NULL for recoverable signatures. 213 * \return Signature object if parse was successful. Returns NULL if parsing failed. It is the caller's responsiblity to free the signature. 214 */ 215 LQSig* lq_signature_from_bytes(const char *sig_data, size_t sig_len, LQPubKey *pubkey); 216 217 /** 218 * \brief Get raw signature bytes 219 * 220 * \param[in] Signature object. 221 * \param[out] Pointer to start of data. 222 * \return Length of signature. If 0, no signature data could be found. 223 */ 224 size_t lq_signature_bytes(LQSig *sig, char **out); 225 226 /** 227 * \brief Verify a signature against a private key and message. 228 * 229 * \param[in] Message digest to sign. 230 * \param[in] Length of message to sign. 231 * \return ERR_OK if signature is verified. 232 */ 233 int lq_signature_verify(LQSig *sig, const char *msg, size_t msg_len); 234 235 /** 236 * \brief Free an allocated public key. 237 * \param[in] Public key to free. 238 */ 239 void lq_publickey_free(LQPubKey *pubk); 240 241 /** 242 * \brief Free an allocated private key. 243 * \param[in] Private key to free. 244 */ 245 void lq_privatekey_free(LQPrivKey *pk); 246 247 /** 248 * \brief Free an allocated signature object. 249 * \param[in] Private key to free. 250 */ 251 void lq_signature_free(LQSig *sig); 252 253 /** 254 * \brief Calculate digest over arbitrary data using the default algorithm. 255 * 256 * \param[in] Data to calculate digest over. 257 * \param[in] Length of data. 258 * \param[out] Output buffer. Must be allocated to at least LQ_DIGEST_LENGTH 259 * \return ERR_OK on success. 260 */ 261 int lq_digest(const char *in, size_t in_len, char *out); 262 263 #endif // LIBQAEDA_CRYPTO_H_