mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21175 Commits
28 Branches
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
rspamd/src/libcryptobox/keypair.h

keypair.h 8.8KB
Raw Permalink Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317 
  1. /*-

  2.  * Copyright 2016 Vsevolod Stakhov

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *   http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. #ifndef SRC_LIBCRYPTOBOX_KEYPAIR_H_

  17. #define SRC_LIBCRYPTOBOX_KEYPAIR_H_

  18. 

  19. #include "config.h"

  20. #include "cryptobox.h"

  21. #include "ucl.h"

  22. 

  23. #ifdef __cplusplus

  24. extern "C" {

  25. #endif

  26. 

  27. /**

  28.  * Keypair type

  29.  */

  30. enum rspamd_cryptobox_keypair_type {

  31. 	RSPAMD_KEYPAIR_KEX = 0,

  32. 	RSPAMD_KEYPAIR_SIGN

  33. };

  34. 

  35. extern const unsigned char encrypted_magic[7];

  36. 

  37. /**

  38.  * Opaque structure for the full (public + private) keypair

  39.  */

  40. struct rspamd_cryptobox_keypair;

  41. /**

  42.  * Opaque structure for public only keypair

  43.  */

  44. struct rspamd_cryptobox_pubkey;

  45. 

  46. /**

  47.  * Creates new full keypair

  48.  * @param type type of the keypair

  49.  * @param alg algorithm for the keypair

  50.  * @return fresh keypair generated

  51.  */

  52. struct rspamd_cryptobox_keypair *rspamd_keypair_new(

  53. 	enum rspamd_cryptobox_keypair_type type,

  54. 	enum rspamd_cryptobox_mode alg);

  55. 

  56. /**

  57.  * Increase refcount for the specific keypair

  58.  * @param kp

  59.  * @return

  60.  */

  61. struct rspamd_cryptobox_keypair *rspamd_keypair_ref(

  62. 	struct rspamd_cryptobox_keypair *kp);

  63. 

  64. /**

  65.  * Decrease refcount for the specific keypair (or destroy when refcount == 0)

  66.  * @param kp

  67.  */

  68. void rspamd_keypair_unref(struct rspamd_cryptobox_keypair *kp);

  69. 

  70. /**

  71.  * Increase refcount for the specific pubkey

  72.  * @param kp

  73.  * @return

  74.  */

  75. struct rspamd_cryptobox_pubkey *rspamd_pubkey_ref(

  76. 	struct rspamd_cryptobox_pubkey *kp);

  77. 

  78. /**

  79.  * Load pubkey from base32 string

  80.  * @param b32 input string

  81.  * @param type type of key (signing or kex)

  82.  * @param alg algorithm of the key (nist or curve25519)

  83.  * @return new pubkey or NULL in case of error

  84.  */

  85. struct rspamd_cryptobox_pubkey *rspamd_pubkey_from_base32(const char *b32,

  86. 														  gsize len,

  87. 														  enum rspamd_cryptobox_keypair_type type,

  88. 														  enum rspamd_cryptobox_mode alg);

  89. 

  90. /**

  91.  * Load pubkey from hex string

  92.  * @param hex input string

  93.  * @param type type of key (signing or kex)

  94.  * @param alg algorithm of the key (nist or curve25519)

  95.  * @return new pubkey or NULL in case of error

  96.  */

  97. struct rspamd_cryptobox_pubkey *rspamd_pubkey_from_hex(const char *hex,

  98. 													   gsize len,

  99. 													   enum rspamd_cryptobox_keypair_type type,

  100. 													   enum rspamd_cryptobox_mode alg);

  101. 

  102. /**

  103.  * Load pubkey from raw chunk string

  104.  * @param hex input data

  105.  * @param type type of key (signing or kex)

  106.  * @param alg algorithm of the key (nist or curve25519)

  107.  * @return new pubkey or NULL in case of error

  108.  */

  109. struct rspamd_cryptobox_pubkey *rspamd_pubkey_from_bin(const unsigned char *raw,

  110. 													   gsize len,

  111. 													   enum rspamd_cryptobox_keypair_type type,

  112. 													   enum rspamd_cryptobox_mode alg);

  113. 

  114. 

  115. /**

  116.  * Decrease refcount for the specific pubkey (or destroy when refcount == 0)

  117.  * @param kp

  118.  */

  119. void rspamd_pubkey_unref(struct rspamd_cryptobox_pubkey *kp);

  120. 

  121. /**

  122.  * Get type of keypair

  123.  */

  124. enum rspamd_cryptobox_keypair_type rspamd_keypair_type(

  125. 	struct rspamd_cryptobox_keypair *kp);

  126. 

  127. /**

  128.  * Get type of pubkey

  129.  */

  130. enum rspamd_cryptobox_keypair_type rspamd_pubkey_type(

  131. 	struct rspamd_cryptobox_pubkey *p);

  132. 

  133. /**

  134.  * Get algorithm of keypair

  135.  */

  136. enum rspamd_cryptobox_mode rspamd_keypair_alg(struct rspamd_cryptobox_keypair *kp);

  137. 

  138. /**

  139.  * Get algorithm of pubkey

  140.  */

  141. enum rspamd_cryptobox_mode rspamd_pubkey_alg(struct rspamd_cryptobox_pubkey *p);

  142. 

  143. /**

  144.  * Get cached NM for this specific pubkey

  145.  * @param p

  146.  * @return

  147.  */

  148. const unsigned char *rspamd_pubkey_get_nm(struct rspamd_cryptobox_pubkey *p,

  149. 										  struct rspamd_cryptobox_keypair *kp);

  150. 

  151. /**

  152.  * Calculate and store nm value for the specified local key (performs ECDH)

  153.  * @param p

  154.  * @return

  155.  */

  156. const unsigned char *rspamd_pubkey_calculate_nm(struct rspamd_cryptobox_pubkey *p,

  157. 												struct rspamd_cryptobox_keypair *kp);

  158. 

  159. /**

  160.  * Get raw public key id for a specified keypair (rspamd_cryptobox_HASHBYTES)

  161.  * @param kp

  162.  * @return

  163.  */

  164. const unsigned char *rspamd_keypair_get_id(struct rspamd_cryptobox_keypair *kp);

  165. 

  166. /**

  167.  * Returns keypair extensions if any

  168.  * @param kp

  169.  * @return

  170.  */

  171. const ucl_object_t *rspamd_keypair_get_extensions(struct rspamd_cryptobox_keypair *kp);

  172. 

  173. /**

  174.  * Get raw public key id for a specified key (rspamd_cryptobox_HASHBYTES)

  175.  * @param kp

  176.  * @return

  177.  */

  178. const unsigned char *rspamd_pubkey_get_id(struct rspamd_cryptobox_pubkey *pk);

  179. 

  180. /**

  181.  * Get raw public key from pubkey opaque structure

  182.  * @param pk

  183.  * @param len

  184.  * @return

  185.  */

  186. const unsigned char *rspamd_pubkey_get_pk(struct rspamd_cryptobox_pubkey *pk,

  187. 										  unsigned int *len);

  188. 

  189. /** Short ID characters count */

  190. #define RSPAMD_KEYPAIR_SHORT_ID_LEN 5

  191. /** Print pubkey */

  192. #define RSPAMD_KEYPAIR_PUBKEY 0x1

  193. /** Print secret key */

  194. #define RSPAMD_KEYPAIR_PRIVKEY 0x2

  195. /** Print key id */

  196. #define RSPAMD_KEYPAIR_ID 0x4

  197. /** Print short key id */

  198. #define RSPAMD_KEYPAIR_ID_SHORT 0x8

  199. /** Encode output with base 32 */

  200. #define RSPAMD_KEYPAIR_BASE32 0x10

  201. /** Human readable output */

  202. #define RSPAMD_KEYPAIR_HUMAN 0x20

  203. #define RSPAMD_KEYPAIR_HEX 0x40

  204. 

  205. /**

  206.  * Print keypair encoding it if needed

  207.  * @param key key to print

  208.  * @param how flags that specifies printing behaviour

  209.  * @return newly allocated string with keypair

  210.  */

  211. GString *rspamd_keypair_print(struct rspamd_cryptobox_keypair *kp,

  212. 							  unsigned int how);

  213. 

  214. /**

  215.  * Print pubkey encoding it if needed

  216.  * @param key key to print

  217.  * @param how flags that specifies printing behaviour

  218.  * @return newly allocated string with keypair

  219.  */

  220. GString *rspamd_pubkey_print(struct rspamd_cryptobox_pubkey *pk,

  221. 							 unsigned int how);

  222. 

  223. /** Get keypair pubkey ID */

  224. #define RSPAMD_KEYPAIR_COMPONENT_ID 0

  225. /** Get keypair public key */

  226. #define RSPAMD_KEYPAIR_COMPONENT_PK 1

  227. /** Get keypair private key */

  228. #define RSPAMD_KEYPAIR_COMPONENT_SK 2

  229. 

  230. /**

  231.  * Get specific component of a keypair

  232.  * @param kp keypair

  233.  * @param ncomp component number

  234.  * @param len length of input

  235.  * @return raw content of the component

  236.  */

  237. const unsigned char *rspamd_keypair_component(struct rspamd_cryptobox_keypair *kp,

  238. 											  unsigned int ncomp, unsigned int *len);

  239. 

  240. /**

  241.  * Create a new keypair from ucl object

  242.  * @param obj object to load

  243.  * @return new structure or NULL if an object is invalid

  244.  */

  245. struct rspamd_cryptobox_keypair *rspamd_keypair_from_ucl(const ucl_object_t *obj);

  246. 

  247. 

  248. enum rspamd_keypair_dump_flags {

  249. 	RSPAMD_KEYPAIR_DUMP_DEFAULT = 0,

  250. 	RSPAMD_KEYPAIR_DUMP_HEX = 1u << 0u,

  251. 	RSPAMD_KEYPAIR_DUMP_NO_SECRET = 1u << 1u,

  252. 	RSPAMD_KEYPAIR_DUMP_FLATTENED = 1u << 2u,

  253. };

  254. 

  255. /**

  256.  * Converts keypair to ucl object

  257.  * @param kp

  258.  * @return

  259.  */

  260. ucl_object_t *rspamd_keypair_to_ucl(struct rspamd_cryptobox_keypair *kp,

  261. 									enum rspamd_keypair_dump_flags flags);

  262. 

  263. 

  264. /**

  265.  * Decrypts data using keypair and a pubkey stored in in, in must start from

  266.  * `encrypted_magic` constant

  267.  * @param kp keypair

  268.  * @param in raw input

  269.  * @param inlen input length

  270.  * @param out output (allocated internally using g_malloc)

  271.  * @param outlen output size

  272.  * @return TRUE if decryption is completed, out must be freed in this case

  273.  */

  274. gboolean rspamd_keypair_decrypt(struct rspamd_cryptobox_keypair *kp,

  275. 								const unsigned char *in, gsize inlen,

  276. 								unsigned char **out, gsize *outlen,

  277. 								GError **err);

  278. 

  279. /**

  280.  * Encrypts data usign specific keypair.

  281.  * This method actually generates ephemeral local keypair, use public key from

  282.  * the remote keypair and encrypts data

  283.  * @param kp keypair

  284.  * @param in raw input

  285.  * @param inlen input length

  286.  * @param out output (allocated internally using g_malloc)

  287.  * @param outlen output size

  288.  * @param err pointer to error

  289.  * @return TRUE if encryption has been completed, out must be freed in this case

  290.  */

  291. gboolean rspamd_keypair_encrypt(struct rspamd_cryptobox_keypair *kp,

  292. 								const unsigned char *in, gsize inlen,

  293. 								unsigned char **out, gsize *outlen,

  294. 								GError **err);

  295. 

  296. /**

  297.  * Encrypts data usign specific pubkey (must have KEX type).

  298.  * This method actually generates ephemeral local keypair, use public key from

  299.  * the remote keypair and encrypts data

  300.  * @param kp keypair

  301.  * @param in raw input

  302.  * @param inlen input length

  303.  * @param out output (allocated internally using g_malloc)

  304.  * @param outlen output size

  305.  * @param err pointer to error

  306.  * @return TRUE if encryption has been completed, out must be freed in this case

  307.  */

  308. gboolean rspamd_pubkey_encrypt(struct rspamd_cryptobox_pubkey *pk,

  309. 							   const unsigned char *in, gsize inlen,

  310. 							   unsigned char **out, gsize *outlen,

  311. 							   GError **err);

  312. 

  313. #ifdef __cplusplus

  314. }

  315. #endif

  316. 

  317. #endif /* SRC_LIBCRYPTOBOX_KEYPAIR_H_ */