diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-02-06 11:37:55 +0000 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-02-06 11:37:55 +0000 |
| commit | 60228b266bd9a130e810589abacc2acae9480644 (patch) | |
| tree | 6d4fa8520f8f598ffbe34282efcce44b8eeb6fc9 /src/libcryptobox/cryptobox.h | |
| parent | 1e08514471896e3b3069cdc25f457036d257cc68 (diff) | |
| download | rspamd-60228b266bd9a130e810589abacc2acae9480644.tar.gz rspamd-60228b266bd9a130e810589abacc2acae9480644.zip | |
Start cryptobox library.
Diffstat (limited to 'src/libcryptobox/cryptobox.h')
| -rw-r--r-- | src/libcryptobox/cryptobox.h | 119 |
1 files changed, 119 insertions, 0 deletions
diff --git a/src/libcryptobox/cryptobox.h b/src/libcryptobox/cryptobox.h new file mode 100644 index 000000000..af857197a --- /dev/null +++ b/src/libcryptobox/cryptobox.h @@ -0,0 +1,119 @@ +/* Copyright (c) 2015, Vsevolod Stakhov + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ''AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef CRYPTOBOX_H_ +#define CRYPTOBOX_H_ + +#include "config.h" + +#define rspamd_cryptobox_NONCEBYTES 24 +#define rspamd_cryptobox_PKBYTES 32 +#define rspamd_cryptobox_SKBYTES 32 +#define rspamd_cryptobox_MACBYTES 16 +#define rspamd_cryptobox_NMBYTES 32 + +typedef guchar rspamd_pk_t[rspamd_cryptobox_PKBYTES]; +typedef guchar rspamd_sk_t[rspamd_cryptobox_SKBYTES]; +typedef guchar rspamd_sig_t[rspamd_cryptobox_MACBYTES]; +typedef guchar rspamd_nm_t[rspamd_cryptobox_NMBYTES]; + +struct rspamd_encrypt_segment { + guchar *buf; + gsize len; +}; + +/** + * Init cryptobox library + */ +void rspamd_cryptobox_init (void); + +/** + * Generate new keypair + * @param pk public key buffer + * @param sk secret key buffer + */ +void rspamd_cryptobox_keypair (rspamd_pk_t pk, rspamd_sk_t sk); + +/** + * Encrypt segments of data inplace adding signature to sig afterwards + * @param segments segments of data + * @param cnt count of segments + * @param pk remote pubkey + * @param sk local secret key + * @param sig output signature + */ +void rspamd_cryptobox_encrypt_inplace (struct rspamd_encrypt_segment *segments, + gsize cnt, const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_sig_t sig); + + +/** + * Decrypt and verify data chunk inplace + * @param data data to decrypt + * @param len lenght of data + * @param pk remote pubkey + * @param sk local privkey + * @param sig signature input + * @return TRUE if input has been verified successfully + */ +gboolean rspamd_cryptobox_decrypt_inplace (guchar *data, gsize len, + const rspamd_pk_t pk, const rspamd_sk_t sk, const rspamd_sig_t sig); + +/** + * Encrypt segments of data inplace adding signature to sig afterwards + * @param segments segments of data + * @param cnt count of segments + * @param pk remote pubkey + * @param sk local secret key + * @param sig output signature + */ +void rspamd_cryptobox_encrypt_nm_inplace (struct rspamd_encrypt_segment *segments, + gsize cnt, const rspamd_nm_t nm, rspamd_sig_t sig); + + +/** + * Decrypt and verify data chunk inplace + * @param data data to decrypt + * @param len lenght of data + * @param pk remote pubkey + * @param sk local privkey + * @param sig signature input + * @return TRUE if input has been verified successfully + */ +gboolean rspamd_cryptobox_decrypt_nm_inplace (guchar *data, gsize len, + const rspamd_nm_t nm, const rspamd_sig_t sig); + +/** + * Generate shared secret from local sk and remote pk + * @param nm shared secret + * @param pk remote pubkey + * @param sk local privkey + */ +void rspamd_cryptobox_nm (rspamd_nm_t nm, rspamd_pk_t pk, rspamd_sk_t sk); + +/** + * Securely clear the buffer specified + * @param buf buffer to zero + * @param buflen length of buffer + */ +void rspamd_explicit_memzero (void * const buf, gsize buflen); + +#endif /* CRYPTOBOX_H_ */ |