2024-03-22 03:24:01 +04:00
|
|
|
#ifndef _CRYPT_H_
|
|
|
|
#define _CRYPT_H_
|
2024-03-21 17:50:55 +04:00
|
|
|
|
2024-03-22 04:16:43 +04:00
|
|
|
#include <stdio.h>
|
2024-03-21 17:50:55 +04:00
|
|
|
#include <stdbool.h>
|
|
|
|
|
|
|
|
#include <sodium.h>
|
|
|
|
|
2024-03-23 04:21:41 +04:00
|
|
|
#define CRYPT_KX_PKEY_LEN crypto_kx_PUBLICKEYBYTES
|
|
|
|
#define CRYPT_KX_SKEY_LEN crypto_kx_SECRETKEYBYTES
|
2024-03-23 05:52:03 +04:00
|
|
|
|
2024-03-23 04:21:41 +04:00
|
|
|
#define CRYPT_SIGN_PKEY_LEN crypto_sign_PUBLICKEYBYTES
|
|
|
|
#define CRYPT_SIGN_SKEY_LEN crypto_sign_SECRETKEYBYTES
|
2024-03-23 05:52:03 +04:00
|
|
|
#define CRYPT_SIGN_LEN crypto_sign_BYTES
|
|
|
|
|
2024-03-23 04:21:41 +04:00
|
|
|
#define CRYPT_SESS_KEY_LEN crypto_kx_SESSIONKEYBYTES
|
2024-03-21 17:50:55 +04:00
|
|
|
|
2024-03-24 02:18:27 +04:00
|
|
|
#define CRYPT_NONCE_LEN crypto_aead_aegis256_NPUBBYTES
|
|
|
|
#define CRYPT_NONCEHALF_LEN (CRYPT_NONCE_LEN/2)
|
2024-03-23 05:52:03 +04:00
|
|
|
|
2024-03-24 02:18:27 +04:00
|
|
|
#define CRYPT_HELLO_LEN (CRYPT_PKEY_HEXLEN + CRYPT_SIGN_LEN + (CRYPT_NONCEHALF_LEN))
|
|
|
|
|
|
|
|
#define CRYPT_PKEY_HEXLEN ((CRYPT_KX_PKEY_LEN + CRYPT_SIGN_PKEY_LEN) * 2)
|
|
|
|
#define CRYPT_SKEY_HEXLEN ((CRYPT_SIGN_PKEY_LEN + CRYPT_SIGN_SKEY_LEN) * 2)
|
2024-03-23 04:21:41 +04:00
|
|
|
|
|
|
|
// Stores the public and secret keys used in a key exchange and for signing.
|
2024-03-21 17:50:55 +04:00
|
|
|
typedef struct crypt_key_t {
|
2024-03-22 03:32:40 +04:00
|
|
|
unsigned char kx_pub[crypto_kx_PUBLICKEYBYTES];
|
|
|
|
unsigned char kx_sec[crypto_kx_SECRETKEYBYTES];
|
|
|
|
unsigned char sign_pub[crypto_sign_PUBLICKEYBYTES];
|
|
|
|
unsigned char sign_sec[crypto_sign_SECRETKEYBYTES];
|
2024-03-21 17:50:55 +04:00
|
|
|
bool hasSecKey;
|
|
|
|
} crypt_key_t;
|
|
|
|
|
2024-03-23 04:21:41 +04:00
|
|
|
// Generates the new pairs of a key exchange and sign keys.
|
|
|
|
int crypt_key_gen(crypt_key_t *const k);
|
|
|
|
// Initialise a crypt_key_t with a provided hex representaions of public and secret keys.
|
2024-03-23 05:52:03 +04:00
|
|
|
int crypt_key_from_hex(crypt_key_t *const k, const char phex[CRYPT_PKEY_HEXLEN], const char shex[CRYPT_SKEY_HEXLEN]);
|
2024-03-23 04:21:41 +04:00
|
|
|
// Initialise a crypt_key_t with a provided hex representaion of just a public key. Used for remote keys.
|
2024-03-23 05:52:03 +04:00
|
|
|
int crypt_key_from_hex_public(crypt_key_t *const k, const char phex[CRYPT_PKEY_HEXLEN]);
|
2024-03-23 04:21:41 +04:00
|
|
|
|
|
|
|
// Securely erase the fields of a crypt_key_t struct.
|
|
|
|
void crypt_key_destroy(crypt_key_t *const k);
|
|
|
|
|
|
|
|
// Export a public sign and key exchange keys as a hex string.
|
|
|
|
int crypt_key_export_public(const crypt_key_t *const k, char hex[CRYPT_PKEY_HEXLEN]);
|
|
|
|
// Export a secret sign and key exchange keys as a hex string.
|
|
|
|
int crypt_key_export_secret(const crypt_key_t *const k, char hex[CRYPT_SKEY_HEXLEN]);
|
2024-03-21 17:50:55 +04:00
|
|
|
|
2024-03-23 04:21:41 +04:00
|
|
|
// Load the sign and key exchange keys in a hex representaion from files
|
|
|
|
// and initialise a crypt_key_t.
|
|
|
|
int crypt_load_key(crypt_key_t *const k, FILE *const pub, FILE *const sec);
|
|
|
|
// Store a hex representaion of the sign and key exchange keys into files
|
|
|
|
// that are corresponding to a public and a secret parts.
|
|
|
|
int crypt_store_key(const crypt_key_t *const k, FILE *const pub, FILE *const sec);
|
2024-03-21 17:50:55 +04:00
|
|
|
|
2024-03-23 04:21:41 +04:00
|
|
|
// Returns a hello packet consisting of a public key and its sign.
|
2024-03-24 02:18:27 +04:00
|
|
|
// The packet is of CRYPT_SIGN_LEN long.
|
2024-03-23 05:52:03 +04:00
|
|
|
unsigned char *crypt_hello(const crypt_key_t *const own);
|
|
|
|
// Verify a hello message. It only shows that a remote public key's sign is ok.
|
|
|
|
int crypt_hello_verify(const unsigned char *const hello, crypt_key_t *const remote);
|
2024-03-24 02:18:27 +04:00
|
|
|
// Combines own and remote halves of a nonce depending in a connection direction and returns it.
|
|
|
|
// It will be of CRYPT_NONCE_LEN length.
|
|
|
|
const unsigned char *crypt_hello_get_nonce(const unsigned char *const own_hello, const unsigned char *const remote_hello, const bool is_client);
|
2024-03-22 04:16:43 +04:00
|
|
|
|
2024-03-23 04:21:41 +04:00
|
|
|
// Stores symmetric keys used for a data encryption in both directions
|
|
|
|
// and a remote public key.
|
2024-03-21 17:50:55 +04:00
|
|
|
typedef struct crypt_session_t {
|
2024-03-23 04:21:41 +04:00
|
|
|
unsigned char rx[CRYPT_SESS_KEY_LEN];
|
|
|
|
unsigned char tx[CRYPT_SESS_KEY_LEN];
|
2024-03-22 03:32:40 +04:00
|
|
|
crypt_key_t *remote_key;
|
2024-03-21 17:50:55 +04:00
|
|
|
} crypt_session_t;
|
|
|
|
|
2024-03-23 04:21:41 +04:00
|
|
|
// Derives the symmetric keys for a data encryption using own public and secret and remote's public keys.
|
|
|
|
//
|
|
|
|
// is_client should be set to true if you are the one establishing the connection.
|
|
|
|
int crypt_session_init(crypt_session_t *const s, const crypt_key_t *const own, crypt_key_t *const remote, const bool is_client);
|
|
|
|
// Securely erase the fields of a crypt_session_t struct.
|
|
|
|
void crypt_session_destroy(crypt_session_t *const s);
|
2024-03-21 17:50:55 +04:00
|
|
|
|
2024-03-22 03:24:01 +04:00
|
|
|
#endif /* _CRYPT_H_ */
|