mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
19574 Commits
28 Branches
Tree: f11071b6a2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f11071b6a2'
${ noResults }
rspamd/src/libcryptobox/keypair.h

keypair.h 9.5KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338 
  1. /*-

  2.  * Copyright 2016 Vsevolod Stakhov

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *   http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. #ifndef SRC_LIBCRYPTOBOX_KEYPAIR_H_

  17. #define SRC_LIBCRYPTOBOX_KEYPAIR_H_

  18. 

  19. #include "config.h"

  20. #include "cryptobox.h"

  21. #include "ucl.h"

  22. 

  23. #ifdef  __cplusplus

  24. extern "C" {

  25. #endif

  26. 

  27. /**

  28.  * Keypair type

  29.  */

  30. enum rspamd_cryptobox_keypair_type {

  31. 	RSPAMD_KEYPAIR_KEX = 0,

  32. 	RSPAMD_KEYPAIR_SIGN

  33. };

  34. 

  35. extern const guchar encrypted_magic[7];

  36. 

  37. /**

  38.  * Opaque structure for the full (public + private) keypair

  39.  */

  40. struct rspamd_cryptobox_keypair;

  41. /**

  42.  * Opaque structure for public only keypair

  43.  */

  44. struct rspamd_cryptobox_pubkey;

  45. 

  46. /**

  47.  * Creates new full keypair

  48.  * @param type type of the keypair

  49.  * @param alg algorithm for the keypair

  50.  * @return fresh keypair generated

  51.  */

  52. struct rspamd_cryptobox_keypair *rspamd_keypair_new (

  53. 		enum rspamd_cryptobox_keypair_type type,

  54. 		enum rspamd_cryptobox_mode alg);

  55. 

  56. /**

  57.  * Increase refcount for the specific keypair

  58.  * @param kp

  59.  * @return

  60.  */

  61. struct rspamd_cryptobox_keypair *rspamd_keypair_ref (

  62. 		struct rspamd_cryptobox_keypair *kp);

  63. 

  64. /**

  65.  * Decrease refcount for the specific keypair (or destroy when refcount == 0)

  66.  * @param kp

  67.  */

  68. void rspamd_keypair_unref (struct rspamd_cryptobox_keypair *kp);

  69. 

  70. /**

  71.  * Increase refcount for the specific pubkey

  72.  * @param kp

  73.  * @return

  74.  */

  75. struct rspamd_cryptobox_pubkey *rspamd_pubkey_ref (

  76. 		struct rspamd_cryptobox_pubkey *kp);

  77. 

  78. /**

  79.  * Load pubkey from base32 string

  80.  * @param b32 input string

  81.  * @param type type of key (signing or kex)

  82.  * @param alg algorithm of the key (nist or curve25519)

  83.  * @return new pubkey or NULL in case of error

  84.  */

  85. struct rspamd_cryptobox_pubkey *rspamd_pubkey_from_base32 (const gchar *b32,

  86. 														   gsize len,

  87. 														   enum rspamd_cryptobox_keypair_type type,

  88. 														   enum rspamd_cryptobox_mode alg);

  89. 

  90. /**

  91.  * Load pubkey from hex string

  92.  * @param hex input string

  93.  * @param type type of key (signing or kex)

  94.  * @param alg algorithm of the key (nist or curve25519)

  95.  * @return new pubkey or NULL in case of error

  96.  */

  97. struct rspamd_cryptobox_pubkey *rspamd_pubkey_from_hex (const gchar *hex,

  98. 														gsize len,

  99. 														enum rspamd_cryptobox_keypair_type type,

  100. 														enum rspamd_cryptobox_mode alg);

  101. 

  102. /**

  103.  * Load pubkey from raw chunk string

  104.  * @param hex input data

  105.  * @param type type of key (signing or kex)

  106.  * @param alg algorithm of the key (nist or curve25519)

  107.  * @return new pubkey or NULL in case of error

  108.  */

  109. struct rspamd_cryptobox_pubkey *rspamd_pubkey_from_bin (const guchar *raw,

  110. 														gsize len,

  111. 														enum rspamd_cryptobox_keypair_type type,

  112. 														enum rspamd_cryptobox_mode alg);

  113. 

  114. 

  115. /**

  116.  * Decrease refcount for the specific pubkey (or destroy when refcount == 0)

  117.  * @param kp

  118.  */

  119. void rspamd_pubkey_unref (struct rspamd_cryptobox_pubkey *kp);

  120. 

  121. /**

  122.  * Get type of keypair

  123.  */

  124. enum rspamd_cryptobox_keypair_type rspamd_keypair_type (

  125. 		struct rspamd_cryptobox_keypair *kp);

  126. 

  127. /**

  128.  * Get type of pubkey

  129.  */

  130. enum rspamd_cryptobox_keypair_type rspamd_pubkey_type (

  131. 		struct rspamd_cryptobox_pubkey *p);

  132. 

  133. /**

  134.  * Get algorithm of keypair

  135.  */

  136. enum rspamd_cryptobox_mode rspamd_keypair_alg (struct rspamd_cryptobox_keypair *kp);

  137. 

  138. /**

  139.  * Get algorithm of pubkey

  140.  */

  141. enum rspamd_cryptobox_mode rspamd_pubkey_alg (struct rspamd_cryptobox_pubkey *p);

  142. 

  143. /**

  144.  * Get cached NM for this specific pubkey

  145.  * @param p

  146.  * @return

  147.  */

  148. const guchar *rspamd_pubkey_get_nm (struct rspamd_cryptobox_pubkey *p,

  149. 									struct rspamd_cryptobox_keypair *kp);

  150. 

  151. /**

  152.  * Calculate and store nm value for the specified local key (performs ECDH)

  153.  * @param p

  154.  * @return

  155.  */

  156. const guchar *rspamd_pubkey_calculate_nm (struct rspamd_cryptobox_pubkey *p,

  157. 										  struct rspamd_cryptobox_keypair *kp);

  158. 

  159. /**

  160.  * Get raw public key id for a specified keypair (rspamd_cryptobox_HASHBYTES)

  161.  * @param kp

  162.  * @return

  163.  */

  164. const guchar *rspamd_keypair_get_id (struct rspamd_cryptobox_keypair *kp);

  165. 

  166. /**

  167.  * Get raw public key id for a specified key (rspamd_cryptobox_HASHBYTES)

  168.  * @param kp

  169.  * @return

  170.  */

  171. const guchar *rspamd_pubkey_get_id (struct rspamd_cryptobox_pubkey *pk);

  172. 

  173. /**

  174.  * Get raw public key from pubkey opaque structure

  175.  * @param pk

  176.  * @param len

  177.  * @return

  178.  */

  179. const guchar *rspamd_pubkey_get_pk (struct rspamd_cryptobox_pubkey *pk,

  180. 									guint *len);

  181. 

  182. /** Short ID characters count */

  183. #define RSPAMD_KEYPAIR_SHORT_ID_LEN 5

  184. /** Print pubkey */

  185. #define RSPAMD_KEYPAIR_PUBKEY 0x1

  186. /** Print secret key */

  187. #define RSPAMD_KEYPAIR_PRIVKEY 0x2

  188. /** Print key id */

  189. #define RSPAMD_KEYPAIR_ID 0x4

  190. /** Print short key id */

  191. #define RSPAMD_KEYPAIR_ID_SHORT 0x8

  192. /** Encode output with base 32 */

  193. #define RSPAMD_KEYPAIR_BASE32 0x10

  194. /** Human readable output */

  195. #define RSPAMD_KEYPAIR_HUMAN 0x20

  196. #define RSPAMD_KEYPAIR_HEX 0x40

  197. 

  198. /**

  199.  * Print keypair encoding it if needed

  200.  * @param key key to print

  201.  * @param how flags that specifies printing behaviour

  202.  * @return newly allocated string with keypair

  203.  */

  204. GString *rspamd_keypair_print (struct rspamd_cryptobox_keypair *kp,

  205. 							   guint how);

  206. 

  207. /**

  208.  * Print pubkey encoding it if needed

  209.  * @param key key to print

  210.  * @param how flags that specifies printing behaviour

  211.  * @return newly allocated string with keypair

  212.  */

  213. GString *rspamd_pubkey_print (struct rspamd_cryptobox_pubkey *pk,

  214. 							  guint how);

  215. 

  216. /** Get keypair pubkey ID */

  217. #define RSPAMD_KEYPAIR_COMPONENT_ID 0

  218. /** Get keypair public key */

  219. #define RSPAMD_KEYPAIR_COMPONENT_PK 1

  220. /** Get keypair private key */

  221. #define RSPAMD_KEYPAIR_COMPONENT_SK 2

  222. 

  223. /**

  224.  * Get specific component of a keypair

  225.  * @param kp keypair

  226.  * @param ncomp component number

  227.  * @param len length of input

  228.  * @return raw content of the component

  229.  */

  230. const guchar *rspamd_keypair_component (struct rspamd_cryptobox_keypair *kp,

  231. 										guint ncomp, guint *len);

  232. 

  233. /**

  234.  * Create a new keypair from ucl object

  235.  * @param obj object to load

  236.  * @return new structure or NULL if an object is invalid

  237.  */

  238. struct rspamd_cryptobox_keypair *rspamd_keypair_from_ucl (const ucl_object_t *obj);

  239. 

  240. /**

  241.  * Converts keypair to ucl object

  242.  * @param kp

  243.  * @return

  244.  */

  245. ucl_object_t *rspamd_keypair_to_ucl (struct rspamd_cryptobox_keypair *kp,

  246. 									 gboolean is_hex);

  247. 

  248. /**

  249.  * Signs memory using the specified keypair

  250.  * @param kp keypair

  251.  * @param data data to sign

  252.  * @param data to sign

  253.  * @param sig output signature (allocated by function, must be freed by a callee)

  254.  * @param outlen length of output data

  255.  * @param err filled if function returns `FALSE`

  256.  * @return TRUE if signature operation succeeded

  257.  */

  258. gboolean rspamd_keypair_sign (struct rspamd_cryptobox_keypair *kp,

  259. 							  const void *data, gsize len, guchar **sig, gsize *outlen,

  260. 							  GError **err);

  261. 

  262. /***

  263.  * Verifies data using public key

  264.  * @param pk public key

  265.  * @param data data to sign

  266.  * @param len data to sign

  267.  * @param sig signature to verify

  268.  * @param siglen length of signature

  269.  * @param err filled if function returns `FALSE`

  270.  * @return TRUE if signature is valid

  271.  */

  272. gboolean rspamd_keypair_verify (struct rspamd_cryptobox_pubkey *pk,

  273. 								const void *data, gsize len, const guchar *sig, gsize siglen,

  274. 								GError **err);

  275. 

  276. /**

  277.  * Compares two public keys

  278.  * @param k1 key to compare

  279.  * @param k2 key to compare

  280.  * @return TRUE if two keys are equal

  281.  */

  282. gboolean rspamd_pubkey_equal (const struct rspamd_cryptobox_pubkey *k1,

  283. 							  const struct rspamd_cryptobox_pubkey *k2);

  284. 

  285. /**

  286.  * Decrypts data using keypair and a pubkey stored in in, in must start from

  287.  * `encrypted_magic` constant

  288.  * @param kp keypair

  289.  * @param in raw input

  290.  * @param inlen input length

  291.  * @param out output (allocated internally using g_malloc)

  292.  * @param outlen output size

  293.  * @return TRUE if decryption is completed, out must be freed in this case

  294.  */

  295. gboolean rspamd_keypair_decrypt (struct rspamd_cryptobox_keypair *kp,

  296. 								 const guchar *in, gsize inlen,

  297. 								 guchar **out, gsize *outlen,

  298. 								 GError **err);

  299. 

  300. /**

  301.  * Encrypts data usign specific keypair.

  302.  * This method actually generates ephemeral local keypair, use public key from

  303.  * the remote keypair and encrypts data

  304.  * @param kp keypair

  305.  * @param in raw input

  306.  * @param inlen input length

  307.  * @param out output (allocated internally using g_malloc)

  308.  * @param outlen output size

  309.  * @param err pointer to error

  310.  * @return TRUE if encryption has been completed, out must be freed in this case

  311.  */

  312. gboolean rspamd_keypair_encrypt (struct rspamd_cryptobox_keypair *kp,

  313. 								 const guchar *in, gsize inlen,

  314. 								 guchar **out, gsize *outlen,

  315. 								 GError **err);

  316. 

  317. /**

  318.  * Encrypts data usign specific pubkey (must have KEX type).

  319.  * This method actually generates ephemeral local keypair, use public key from

  320.  * the remote keypair and encrypts data

  321.  * @param kp keypair

  322.  * @param in raw input

  323.  * @param inlen input length

  324.  * @param out output (allocated internally using g_malloc)

  325.  * @param outlen output size

  326.  * @param err pointer to error

  327.  * @return TRUE if encryption has been completed, out must be freed in this case

  328.  */

  329. gboolean rspamd_pubkey_encrypt (struct rspamd_cryptobox_pubkey *pk,

  330. 								const guchar *in, gsize inlen,

  331. 								guchar **out, gsize *outlen,

  332. 								GError **err);

  333. 

  334. #ifdef  __cplusplus

  335. }

  336. #endif

  337. 

  338. #endif /* SRC_LIBCRYPTOBOX_KEYPAIR_H_ */