wickr-crypto-c
|
wickr_buffer_t* openssl_aes256_decrypt | ( | const wickr_cipher_result_t * | cipher_result, |
const wickr_buffer_t * | aad, | ||
const wickr_cipher_key_t * | key, | ||
bool | only_auth_ciphers | ||
) |
Decrypt a cipher_result using AES256 Currently supports AES256-GCM and AES256-CTR cipher modes
cipher_result | a cipher result generated from 'openssl_aes256_encrypt' |
aad | additional data to authenticate with the ciphertext (only works with authenticated ciphers) |
key | the key to use to attempt to decrypt 'cipher_result' |
only_auth_ciphers | if true, only authenticated ciphers may be used for decryption |
wickr_cipher_result_t* openssl_aes256_encrypt | ( | const wickr_buffer_t * | plaintext, |
const wickr_buffer_t * | aad, | ||
const wickr_cipher_key_t * | key, | ||
const wickr_buffer_t * | iv | ||
) |
Encrypt a buffer using AES256 Currently supports AES256-GCM and AES256-CTR cipher modes
NOTE: IV is randomly chosen using 'openssl_crypto_random' if one is not provided
plaintext | the content to encrypt using 'key' |
aad | additional data to authenticate with the ciphertext (only works with authenticated ciphers) |
key | the cipher key to use to encrypt 'plaintext' |
iv | an initialization vector to use with the cipher mode, or NULL if one should be chosen at random |
wickr_cipher_key_t* openssl_cipher_key_random | ( | wickr_cipher_t | cipher | ) |
Generate a secure random cipher key for a particular cipher Currently supports AES256-GCM and AES256-CTR cipher modes
cipher | the cipher to generate a random key for |
wickr_buffer_t* openssl_crypto_random | ( | size_t | len | ) |
Generate secure random bytes using the rand_bytes function from OpenSSL
len | the number of bytes to generate |
bool openssl_decrypt_file | ( | FILE * | in_file, |
const wickr_cipher_key_t * | key, | ||
FILE * | out_file, | ||
bool | only_auth_ciphers | ||
) |
Decrypt a file with AES256
Note: Unauthenticated modes will always succeed and the contents of 'out_file' may be incorrect For this reason it is useful to use an authenticated mode such as AES256 GCM when encrypting files
in_file | the encrypted file to decrypt |
key | the key to use for decryption |
out_file | the file to write the decrypted data from 'in_file' |
only_auth_ciphers | if true, only authenticated ciphers may be used for decryption |
wickr_ec_key_t* openssl_ec_key_import | ( | const wickr_buffer_t * | buffer, |
bool | is_private | ||
) |
Import an Elliptic Curve key from a buffer
buffer | the buffer representing Elliptic Curve key material |
is_private | false if the buffer represents a public key |
wickr_ec_key_t* openssl_ec_rand_key | ( | wickr_ec_curve_t | curve | ) |
Generate a random Elliptic Curve keypair Supported curve is currently limited to NIST P521
curve | the curve parameters to use for random key pair generation |
wickr_ecdsa_result_t* openssl_ec_sign | ( | const wickr_ec_key_t * | ec_signing_key, |
const wickr_buffer_t * | data_to_sign, | ||
wickr_digest_t | digest_mode | ||
) |
Sign data using an Elliptic Curve key Data is hashed before signing. This function will calculate ECDSA(SHA2(data_to_sign))
ec_signing_key | private signing key to use for the ECDSA algorithm |
data_to_sign | the data to hash with 'digest_mode', and then sign with 'ec_signing_key' |
digest_mode | the digest mode to use for SHA2 |
bool openssl_ec_verify | ( | const wickr_ecdsa_result_t * | signature, |
const wickr_ec_key_t * | ec_public_key, | ||
const wickr_buffer_t * | data_to_verify | ||
) |
Verify ECDSA signatures
signature | a signature produced with 'openssl_ec_sign' |
ec_public_key | the public signing key to use for verification |
data_to_verify | the original data that should have been signed with 'ec_public_key'. It will be hashed inside this function as part of the verification process |
bool openssl_enable_fips_mode | ( | void | ) |
Enable FIPS mode
bool openssl_encrypt_file | ( | FILE * | in_file, |
const wickr_cipher_key_t * | key, | ||
FILE * | out_file | ||
) |
Encrypt a file with AES256
in_file | the file to encrypt |
key | the key to use for AES256 |
out_file | a file that should contain the encrypted data |
wickr_buffer_t* openssl_gen_shared_secret | ( | const wickr_ec_key_t * | local, |
const wickr_ec_key_t * | peer | ||
) |
Generate a shared secret given Elliptic Curve Diffie-Hellman parameters
local | the local elliptic curve private key |
peer | the remote elliptic curve public key |
wickr_buffer_t* openssl_hkdf | ( | const wickr_buffer_t * | input_key_material, |
const wickr_buffer_t * | salt, | ||
const wickr_buffer_t * | info, | ||
wickr_digest_t | hash_mode | ||
) |
Derive a key with HMAC Key Derivation Function
input_key_material | the original key to extract and expand using HKDF |
salt | a salt value to provide to HKDF, this should be randomly generated or NULL if no salt should be used |
info | contextual information to pass to HKDF, this can be NULL if no contextual information should be used |
hash_mode | the hash mode to use for the HKDF output, this will determine the length of the final output |
wickr_buffer_t* openssl_hmac_create | ( | const wickr_buffer_t * | data, |
const wickr_buffer_t * | hmac_key, | ||
wickr_digest_t | mode | ||
) |
Generate an HMAC
data | the data to take the HMAC of |
hmac_key | a key to use for HMAC |
mode | the digest mode to perform HMAC with. This will determine the length of the output |
bool openssl_hmac_verify | ( | const wickr_buffer_t * | data, |
const wickr_buffer_t * | hmac_key, | ||
wickr_digest_t | mode, | ||
const wickr_buffer_t * | expected | ||
) |
Verify an HMAC against an expected result
data | the data to calculate the expected HMAC with |
hmac_key | the key to use along with 'data' to create the expected HMAC with |
mode | the mode to use for generating the expected HMAC |
expected | the value to compare the generated HMAC with |
bool openssl_is_fips_supported | ( | ) |
Determine if FIPS mode is available
wickr_buffer_t* openssl_sha2 | ( | const wickr_buffer_t * | buffer, |
const wickr_buffer_t * | salt, | ||
wickr_digest_t | mode | ||
) |
Calculate a SHA2 hash of a buffer using an optional salt value Supported modes of SHA2 are SHA256, SHA384 and SHA512
buffer | the buffer to hash |
salt | a salt value to concatenate to buffer before taking the hash. The input to the SHA2 function will be SHA2(buffer || salt) Passing NULL will allow for no salt to be used |
mode | the mode of SHA2 to use for hashing |
wickr_buffer_t* openssl_sha2_file | ( | FILE * | in_file, |
wickr_digest_t | mode | ||
) |
Calculate the SHA2 hash of a file
in_file | a file to take the hash of it's contents |
mode | the mode to use for calculating the hash |