1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
|
/*
* Ouroboros - Copyright (C) 2016 - 2024
*
* OpenSSL based cryptographic operations
* Elliptic curve Diffie-Hellman key exchange
* AES encryption
# Authentication
*
* Dimitri Staessens <dimitri@ouroboros.rocks>
* Sander Vrijders <sander@ouroboros.rocks>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
* version 2.1 as published by the Free Software Foundation.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., http://www.fsf.org/about/contact/.
*/
#ifndef OUROBOROS_LIB_CRYPT_OPENSSL_H
#define OUROBOROS_LIB_CRYPT_OPENSSL_H
struct ossl_crypt_ctx;
ssize_t openssl_pkp_create(const char * algo,
EVP_PKEY ** pkp,
uint8_t * pk);
void openssl_pkp_destroy(EVP_PKEY * pkp);
int openssl_dhe_derive(EVP_PKEY * pkp,
buffer_t pk,
int kdf_nid,
uint8_t * s);
ssize_t openssl_kem_encap(buffer_t pk,
uint8_t * ct,
int kdf_nid,
uint8_t * s);
/* no X509 DER support yet for DHKEM public keys */
ssize_t openssl_kem_encap_raw(buffer_t pk,
uint8_t * ct,
int kdf_nid,
uint8_t * s);
int openssl_kem_decap(EVP_PKEY * priv,
buffer_t ct,
int kdf_nid,
uint8_t * s);
int openssl_get_algo_from_pk_der(buffer_t pk,
char * algo);
int openssl_get_algo_from_pk_raw(buffer_t pk,
char * algo);
int openssl_encrypt(struct ossl_crypt_ctx * ctx,
buffer_t in,
buffer_t * out);
int openssl_decrypt(struct ossl_crypt_ctx * ctx,
buffer_t in,
buffer_t * out);
struct ossl_crypt_ctx * openssl_crypt_create_ctx(struct crypt_sk * sk);
void openssl_crypt_destroy_ctx(struct ossl_crypt_ctx * ctx);
/* AUTHENTICATION */
int openssl_load_crt_file(const char * path,
void ** crt);
int openssl_load_crt_str(const char * str,
void ** crt);
int openssl_load_crt_der(buffer_t buf,
void ** crt);
int openssl_get_pubkey_crt(void * crt,
void ** pk);
void openssl_free_crt(void * crt);
int openssl_load_privkey_file(const char * path,
void ** key);
int openssl_load_privkey_str(const char * str,
void ** key);
int openssl_load_pubkey_file(const char * path,
void ** key);
int openssl_load_pubkey_str(const char * str,
void ** key);
int openssl_load_pubkey_file_to_der(const char * path,
buffer_t * buf);
int openssl_load_pubkey_raw_file(const char * path,
buffer_t * buf);
int openssl_load_privkey_raw_file(const char * path,
void ** key);
int openssl_cmp_key(const EVP_PKEY * key1,
const EVP_PKEY * key2);
void openssl_free_key(EVP_PKEY * key);
int openssl_check_crt_name(void * crt,
const char * name);
int openssl_get_crt_name(void * crt,
char * name);
int openssl_crt_str(const void * crt,
char * str);
int openssl_crt_der(const void * crt,
buffer_t * buf);
void * openssl_auth_create_store(void);
void openssl_auth_destroy_store(void * store);
int openssl_auth_add_crt_to_store(void * store,
void * crt);
int openssl_verify_crt(void * store,
void * crt);
int openssl_sign(EVP_PKEY * pkp,
int md_nid,
buffer_t msg,
buffer_t * sig);
int openssl_verify_sig(EVP_PKEY * pk,
int md_nid,
buffer_t msg,
buffer_t sig);
ssize_t openssl_md_digest(int md_nid,
buffer_t in,
uint8_t * out);
ssize_t openssl_md_len(int md_nid);
/* Secure memory allocation */
int openssl_secure_malloc_init(size_t max,
size_t guard);
void openssl_secure_malloc_fini(void);
void * openssl_secure_malloc(size_t size);
void openssl_secure_free(void * ptr,
size_t size);
#endif /* OUROBOROS_LIB_CRYPT_OPENSSL_H */
|
