|
wickr-crypto-c
|
Data Structures | |
| struct | wickr_crypto_engine |
| Interface to a set of cryptographic operations used throughout the library. Currently the default implementation of this can be found along with documentation in openssl_suite.h and kdf.h. More... | |
Functions | |
| const wickr_crypto_engine_t | wickr_crypto_engine_get_default (void) |
| wickr_buffer_t * | wickr_crypto_engine_kdf_cipher (const wickr_crypto_engine_t *engine, wickr_kdf_algo_t algo, wickr_cipher_t cipher, const wickr_buffer_t *value, const wickr_buffer_t *passphrase) |
| wickr_buffer_t * | wickr_crypto_engine_kdf_decipher (const wickr_crypto_engine_t *engine, const wickr_buffer_t *input_buffer, const wickr_buffer_t *passphrase) |
| wickr_digest_t | wickr_digest_matching_cipher (wickr_cipher_t cipher) |
| wickr_digest_t | wickr_digest_matching_curve (wickr_ec_curve_t curve) |
| wickr_cipher_t | wickr_exchange_cipher_matching_cipher (wickr_cipher_t cipher) |
| const wickr_crypto_engine_t wickr_crypto_engine_get_default | ( | void | ) |
Wickr default crypto engine
| wickr_buffer_t* wickr_crypto_engine_kdf_cipher | ( | const wickr_crypto_engine_t * | engine, |
| wickr_kdf_algo_t | algo, | ||
| wickr_cipher_t | cipher, | ||
| const wickr_buffer_t * | value, | ||
| const wickr_buffer_t * | passphrase | ||
| ) |
Encrypt a buffer with a KDF + CIPHER
The KDF + CIPHER functions currently acts as follows:
| engine | the engine to use for ciphering / kdf functions |
| algo | the kdf algorithm to use for key derivation |
| cipher | the cipher to use to encrypt 'value' with the output of the KDF function with 'passphrase' as input |
| value | the value to protect with the KDF cipher |
| passphrase | the KDF input to use for getting a cipher key |
| wickr_buffer_t* wickr_crypto_engine_kdf_decipher | ( | const wickr_crypto_engine_t * | engine, |
| const wickr_buffer_t * | input_buffer, | ||
| const wickr_buffer_t * | passphrase | ||
| ) |
| engine | the engine to use for deciphering / kdf functions |
| input_buffer | the output of a kdf + cipher operation with 'wickr_crypto_engine_kdf_cipher' |
| passphrase | the passphrase for the kdf + cipher operation |
| wickr_digest_t wickr_digest_matching_cipher | ( | wickr_cipher_t | cipher | ) |
Get the matching digest type for a function based on size
DEPRECATED IN FAVOR OF wickr_exchange_kdf_matching_cipher
NOTE: Currently only 256bit AES ciphers are supported, so this function always returns SHA_256
| cipher | the cipher to find the matching digest for |
| wickr_digest_t wickr_digest_matching_curve | ( | wickr_ec_curve_t | curve | ) |
Get the matching digest for a curve, this is to be used for signature operations using this curve
| curve | a curve to get the matching digest for |
| wickr_cipher_t wickr_exchange_cipher_matching_cipher | ( | wickr_cipher_t | cipher | ) |
Get the matching exchange cipher given a message packet cipher
An exchange cipher is used for wrapping / unwrapping packet content decryption key material (see wickr_key_exchange_create_with_packet_key) This function currently always returns CIPHER_ID_AES256_CTR The lack of authentication on this layer is a performance / space optimization, since it is ultimately protecting authenticated mode key material (currently always CIPHER_ID_AES256_GCM) to be used for packet content decryption If bits are flipped in the key exchange itself, the resulting unauthenticated output will not be able to decrypt the GCM mode packet content
| cipher | the cipher being used for packet content encryption / decryption |
| wickr_buffer_t*(* wickr_crypto_engine::wickr_crypto_engine_cipher_decrypt) (const wickr_cipher_result_t *cipher_result, const wickr_buffer_t *aad, const wickr_cipher_key_t *key, bool only_auth_ciphers) |
Decrypt a cipher_result
| cipher_result | a cipher result generated from 'wickr_crypto_engine_cipher_encrypt' |
| aad | additional data to authenticate with the ciphertext (only works with authenticated ciphers) |
| key | the key to use to attempt to decrypt 'cipher_result' |
| only_auth_ciphers | if true, only authenticated ciphers may be used for decryption |
| wickr_cipher_result_t*(* wickr_crypto_engine::wickr_crypto_engine_cipher_encrypt) (const wickr_buffer_t *plaintext, const wickr_buffer_t *aad, const wickr_cipher_key_t *key, const wickr_buffer_t *iv) |
Encrypt a buffer
NOTE: IV is randomly chosen using a secure random function if one is not provided
| plaintext | the content to encrypt using 'key' |
| aad | additional data to authenticate with the ciphertext (only works with authenticated ciphers) |
| key | the cipher key to use to encrypt 'plaintext' |
| iv | an initialization vector to use with the cipher mode, or NULL if one should be chosen at random |
| wickr_cipher_key_t*(* wickr_crypto_engine::wickr_crypto_engine_cipher_key_random) (wickr_cipher_t cipher) |
Generate a secure random cipher key for a particular cipher
| cipher | the cipher to generate a random key for |
| wickr_buffer_t*(* wickr_crypto_engine::wickr_crypto_engine_crypto_random) (size_t len) |
Generate secure random bytes
| len | the number of bytes to generate |
| bool(* wickr_crypto_engine::wickr_crypto_engine_decrypt_file) (const wickr_cipher_key_t *key, const char *sourceFilePath, const char *destinationFilePath, bool only_auth_ciphers) |
Decrypt a file
| in_file | the encrypted file to decrypt |
| key | the key to use for decryption |
| out_file | the file to write the decrypted data from 'in_file' |
| only_auth_ciphers | if true, only authenticated ciphers may be used for decryption |
| bool(* wickr_crypto_engine::wickr_crypto_engine_decrypt_ofile) (FILE *fin, const wickr_cipher_key_t *key, FILE *fout, bool only_auth_ciphers) |
Decrypt an open file
| fin | read encrypted data from this FILE pointer |
| key | the key to use for decryption |
| fout | write decrypted data to this FILE pointer |
| only_auth_ciphers | if true, only authenticated ciphers may be used for decryption |
| wickr_buffer_t*(* wickr_crypto_engine::wickr_crypto_engine_digest) (const wickr_buffer_t *buffer, const wickr_buffer_t *salt, wickr_digest_t digest_mode) |
Calculate a hash of a buffer using an optional salt value
| buffer | the buffer to hash |
| salt | a salt value mix with buffer before taking the hash Passing NULL will allow for no salt to be used |
| mode | the mode of the hash |
| wickr_buffer_t*(* wickr_crypto_engine::wickr_crypto_engine_digest_file) (FILE *in_file, const wickr_digest_t mode) |
Calculate the hash of a file
| in_file | a file to take the hash of it's contents |
| mode | the mode to use for calculating the hash |
| wickr_ec_key_t*(* wickr_crypto_engine::wickr_crypto_engine_ec_key_import) (const wickr_buffer_t *buffer, bool is_private) |
Import an Elliptic Curve key from a buffer
| buffer | the buffer representing Elliptic Curve key material |
| is_private | false if the buffer represents a public key |
| wickr_ec_key_t*(* wickr_crypto_engine::wickr_crypto_engine_ec_rand_key) (wickr_ec_curve_t curve) |
Generate a random Elliptic Curve keypair
| curve | the curve parameters to use for random key pair generation |
| wickr_ecdsa_result_t*(* wickr_crypto_engine::wickr_crypto_engine_ec_sign) (const wickr_ec_key_t *ec_signing_key, const wickr_buffer_t *data_to_sign, const wickr_digest_t digest_mode) |
Sign data using an Elliptic Curve key Data is hashed before signing. This function will calculate ECDSA(SHA2(data_to_sign))
| ec_signing_key | private signing key to use for the ECDSA algorithm |
| data_to_sign | the data to hash with 'digest_mode', and then sign with 'ec_signing_key' |
| digest_mode | the digest mode to use for SHA2 |
| bool(* wickr_crypto_engine::wickr_crypto_engine_ec_verify) (const wickr_ecdsa_result_t *signature, const wickr_ec_key_t *ec_public_key, const wickr_buffer_t *data_to_verify) |
Verify ECDSA signatures
| signature | a signature produced with 'wickr_crypto_engine_ec_sign' |
| ec_public_key | the public signing key to use for verification |
| data_to_verify | the original data that should have been signed with 'ec_public_key'. It will be hashed inside this function as part of the verification process |
| bool(* wickr_crypto_engine::wickr_crypto_engine_encrypt_file) (const wickr_cipher_key_t *key, const char *sourceFilePath, const char *destinationFilePath) |
Encrypt a file
| in_file | the file to encrypt |
| key | the key to use for encryption |
| out_file | a file that should contain the encrypted data |
| bool(* wickr_crypto_engine::wickr_crypto_engine_encrypt_ofile) (FILE *fin, const wickr_cipher_key_t *key, FILE *fout) |
Encrypt an open file
| fin | read data to be encrypted from this FILE pointer |
| key | the key to use for decryption |
| fout | write encrypted data to this FILE pointer |
| only_auth_ciphers | if true, only authenticated ciphers may be used for decryption |
| wickr_buffer_t*(* wickr_crypto_engine::wickr_crypto_engine_gen_shared_secret) (const wickr_ec_key_t *local, const wickr_ec_key_t *peer) |
Generate a shared secret given Elliptic Curve Diffie-Hellman parameters
| local | the local elliptic curve private key |
| peer | the remote elliptic curve public key |
| wickr_buffer_t*(* wickr_crypto_engine::wickr_crypto_engine_hmac_create) (const wickr_buffer_t *data, const wickr_buffer_t *hmac_key, wickr_digest_t digest_mode) |
Generate an HMAC
| data | the data to take the HMAC of |
| hmac_key | a key to use for HMAC |
| mode | the digest mode to perform HMAC with. This will determine the length of the output |
| bool(* wickr_crypto_engine::wickr_crypto_engine_hmac_verify) (const wickr_buffer_t *data, const wickr_buffer_t *hmac_key, const wickr_digest_t mode, const wickr_buffer_t *expected) |
Verify an HMAC against an expected result
| data | the data to calculate the expected HMAC with |
| hmac_key | the key to use along with 'data' to create the expected HMAC with |
| mode | the mode to use for generating the expected HMAC |
| expected | the value to compare the generated HMAC with |
| wickr_kdf_result_t*(* wickr_crypto_engine::wickr_crypto_kdf_gen) (wickr_kdf_algo_t algo, const wickr_buffer_t *passphrase) |
Execute a KDF function given an input buffer
| algo | the algorithm info to use for execution of the KDF |
| passphrase | bytes to use as input to the KDF function. There are no restrictions for the content of the buffer |
| wickr_kdf_result_t*(* wickr_crypto_engine::wickr_crypto_kdf_meta) (const wickr_kdf_meta_t *existing_meta, const wickr_buffer_t *passphrase) |
Execute a KDF function given an input buffer and specified parameters
| existing_meta | the parameters to use for execution, including a specific salt |
| passphrase | bytes to use as input to the KDF function. There are no restrictions for the content of the buffer |
1.9.0