wickr-crypto-c
|
Data Structures | |
struct | wickr_crypto_engine |
Interface to a set of cryptographic operations used throughout the library. Currently the default implementation of this can be found along with documentation in openssl_suite.h and kdf.h. More... | |
Functions | |
const wickr_crypto_engine_t | wickr_crypto_engine_get_default (void) |
wickr_buffer_t * | wickr_crypto_engine_kdf_cipher (const wickr_crypto_engine_t *engine, wickr_kdf_algo_t algo, wickr_cipher_t cipher, const wickr_buffer_t *value, const wickr_buffer_t *passphrase) |
wickr_buffer_t * | wickr_crypto_engine_kdf_decipher (const wickr_crypto_engine_t *engine, const wickr_buffer_t *input_buffer, const wickr_buffer_t *passphrase) |
wickr_digest_t | wickr_digest_matching_cipher (wickr_cipher_t cipher) |
wickr_digest_t | wickr_digest_matching_curve (wickr_ec_curve_t curve) |
wickr_cipher_t | wickr_exchange_cipher_matching_cipher (wickr_cipher_t cipher) |
const wickr_crypto_engine_t wickr_crypto_engine_get_default | ( | void | ) |
Wickr default crypto engine
wickr_buffer_t* wickr_crypto_engine_kdf_cipher | ( | const wickr_crypto_engine_t * | engine, |
wickr_kdf_algo_t | algo, | ||
wickr_cipher_t | cipher, | ||
const wickr_buffer_t * | value, | ||
const wickr_buffer_t * | passphrase | ||
) |
Encrypt a buffer with a KDF + CIPHER
The KDF + CIPHER functions currently acts as follows:
engine | the engine to use for ciphering / kdf functions |
algo | the kdf algorithm to use for key derivation |
cipher | the cipher to use to encrypt 'value' with the output of the KDF function with 'passphrase' as input |
value | the value to protect with the KDF cipher |
passphrase | the KDF input to use for getting a cipher key |
wickr_buffer_t* wickr_crypto_engine_kdf_decipher | ( | const wickr_crypto_engine_t * | engine, |
const wickr_buffer_t * | input_buffer, | ||
const wickr_buffer_t * | passphrase | ||
) |
engine | the engine to use for deciphering / kdf functions |
input_buffer | the output of a kdf + cipher operation with 'wickr_crypto_engine_kdf_cipher' |
passphrase | the passphrase for the kdf + cipher operation |
wickr_digest_t wickr_digest_matching_cipher | ( | wickr_cipher_t | cipher | ) |
Get the matching digest type for a function based on size
DEPRECATED IN FAVOR OF wickr_exchange_kdf_matching_cipher
NOTE: Currently only 256bit AES ciphers are supported, so this function always returns SHA_256
cipher | the cipher to find the matching digest for |
wickr_digest_t wickr_digest_matching_curve | ( | wickr_ec_curve_t | curve | ) |
Get the matching digest for a curve, this is to be used for signature operations using this curve
curve | a curve to get the matching digest for |
wickr_cipher_t wickr_exchange_cipher_matching_cipher | ( | wickr_cipher_t | cipher | ) |
Get the matching exchange cipher given a message packet cipher
An exchange cipher is used for wrapping / unwrapping packet content decryption key material (see wickr_key_exchange_create_with_packet_key) This function currently always returns CIPHER_ID_AES256_CTR The lack of authentication on this layer is a performance / space optimization, since it is ultimately protecting authenticated mode key material (currently always CIPHER_ID_AES256_GCM) to be used for packet content decryption If bits are flipped in the key exchange itself, the resulting unauthenticated output will not be able to decrypt the GCM mode packet content
cipher | the cipher being used for packet content encryption / decryption |
wickr_buffer_t*(* wickr_crypto_engine::wickr_crypto_engine_cipher_decrypt) (const wickr_cipher_result_t *cipher_result, const wickr_buffer_t *aad, const wickr_cipher_key_t *key, bool only_auth_ciphers) |
Decrypt a cipher_result
cipher_result | a cipher result generated from 'wickr_crypto_engine_cipher_encrypt' |
aad | additional data to authenticate with the ciphertext (only works with authenticated ciphers) |
key | the key to use to attempt to decrypt 'cipher_result' |
only_auth_ciphers | if true, only authenticated ciphers may be used for decryption |
wickr_cipher_result_t*(* wickr_crypto_engine::wickr_crypto_engine_cipher_encrypt) (const wickr_buffer_t *plaintext, const wickr_buffer_t *aad, const wickr_cipher_key_t *key, const wickr_buffer_t *iv) |
Encrypt a buffer
NOTE: IV is randomly chosen using a secure random function if one is not provided
plaintext | the content to encrypt using 'key' |
aad | additional data to authenticate with the ciphertext (only works with authenticated ciphers) |
key | the cipher key to use to encrypt 'plaintext' |
iv | an initialization vector to use with the cipher mode, or NULL if one should be chosen at random |
wickr_cipher_key_t*(* wickr_crypto_engine::wickr_crypto_engine_cipher_key_random) (wickr_cipher_t cipher) |
Generate a secure random cipher key for a particular cipher
cipher | the cipher to generate a random key for |
wickr_buffer_t*(* wickr_crypto_engine::wickr_crypto_engine_crypto_random) (size_t len) |
Generate secure random bytes
len | the number of bytes to generate |
bool(* wickr_crypto_engine::wickr_crypto_engine_decrypt_file) (const wickr_cipher_key_t *key, const char *sourceFilePath, const char *destinationFilePath, bool only_auth_ciphers) |
Decrypt a file
in_file | the encrypted file to decrypt |
key | the key to use for decryption |
out_file | the file to write the decrypted data from 'in_file' |
only_auth_ciphers | if true, only authenticated ciphers may be used for decryption |
wickr_buffer_t*(* wickr_crypto_engine::wickr_crypto_engine_digest) (const wickr_buffer_t *buffer, const wickr_buffer_t *salt, wickr_digest_t digest_mode) |
Calculate a hash of a buffer using an optional salt value
buffer | the buffer to hash |
salt | a salt value mix with buffer before taking the hash Passing NULL will allow for no salt to be used |
mode | the mode of the hash |
wickr_buffer_t*(* wickr_crypto_engine::wickr_crypto_engine_digest_file) (FILE *in_file, const wickr_digest_t mode) |
Calculate the hash of a file
in_file | a file to take the hash of it's contents |
mode | the mode to use for calculating the hash |
wickr_ec_key_t*(* wickr_crypto_engine::wickr_crypto_engine_ec_key_import) (const wickr_buffer_t *buffer, bool is_private) |
Import an Elliptic Curve key from a buffer
buffer | the buffer representing Elliptic Curve key material |
is_private | false if the buffer represents a public key |
wickr_ec_key_t*(* wickr_crypto_engine::wickr_crypto_engine_ec_rand_key) (wickr_ec_curve_t curve) |
Generate a random Elliptic Curve keypair
curve | the curve parameters to use for random key pair generation |
wickr_ecdsa_result_t*(* wickr_crypto_engine::wickr_crypto_engine_ec_sign) (const wickr_ec_key_t *ec_signing_key, const wickr_buffer_t *data_to_sign, const wickr_digest_t digest_mode) |
Sign data using an Elliptic Curve key Data is hashed before signing. This function will calculate ECDSA(SHA2(data_to_sign))
ec_signing_key | private signing key to use for the ECDSA algorithm |
data_to_sign | the data to hash with 'digest_mode', and then sign with 'ec_signing_key' |
digest_mode | the digest mode to use for SHA2 |
bool(* wickr_crypto_engine::wickr_crypto_engine_ec_verify) (const wickr_ecdsa_result_t *signature, const wickr_ec_key_t *ec_public_key, const wickr_buffer_t *data_to_verify) |
Verify ECDSA signatures
signature | a signature produced with 'wickr_crypto_engine_ec_sign' |
ec_public_key | the public signing key to use for verification |
data_to_verify | the original data that should have been signed with 'ec_public_key'. It will be hashed inside this function as part of the verification process |
bool(* wickr_crypto_engine::wickr_crypto_engine_encrypt_file) (const wickr_cipher_key_t *key, const char *sourceFilePath, const char *destinationFilePath) |
Encrypt a file
in_file | the file to encrypt |
key | the key to use for encryption |
out_file | a file that should contain the encrypted data |
wickr_buffer_t*(* wickr_crypto_engine::wickr_crypto_engine_gen_shared_secret) (const wickr_ec_key_t *local, const wickr_ec_key_t *peer) |
Generate a shared secret given Elliptic Curve Diffie-Hellman parameters
local | the local elliptic curve private key |
peer | the remote elliptic curve public key |
wickr_buffer_t*(* wickr_crypto_engine::wickr_crypto_engine_hmac_create) (const wickr_buffer_t *data, const wickr_buffer_t *hmac_key, wickr_digest_t digest_mode) |
Generate an HMAC
data | the data to take the HMAC of |
hmac_key | a key to use for HMAC |
mode | the digest mode to perform HMAC with. This will determine the length of the output |
bool(* wickr_crypto_engine::wickr_crypto_engine_hmac_verify) (const wickr_buffer_t *data, const wickr_buffer_t *hmac_key, const wickr_digest_t mode, const wickr_buffer_t *expected) |
Verify an HMAC against an expected result
data | the data to calculate the expected HMAC with |
hmac_key | the key to use along with 'data' to create the expected HMAC with |
mode | the mode to use for generating the expected HMAC |
expected | the value to compare the generated HMAC with |
wickr_kdf_result_t*(* wickr_crypto_engine::wickr_crypto_kdf_gen) (wickr_kdf_algo_t algo, const wickr_buffer_t *passphrase) |
Execute a KDF function given an input buffer
algo | the algorithm info to use for execution of the KDF |
passphrase | bytes to use as input to the KDF function. There are no restrictions for the content of the buffer |
wickr_kdf_result_t*(* wickr_crypto_engine::wickr_crypto_kdf_meta) (const wickr_kdf_meta_t *existing_meta, const wickr_buffer_t *passphrase) |
Execute a KDF function given an input buffer and specified parameters
existing_meta | the parameters to use for execution, including a specific salt |
passphrase | bytes to use as input to the KDF function. There are no restrictions for the content of the buffer |