1 files changed, 317 insertions, 0 deletions
diff --git a/src/libcryptobox/keypair.h b/src/libcryptobox/keypair.h
new file mode 100644
index 0000000..64461b7
--- /dev/null
+++ b/src/libcryptobox/keypair.h
@@ -0,0 +1,317 @@
+/*-
+ * Copyright 2016 Vsevolod Stakhov
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef SRC_LIBCRYPTOBOX_KEYPAIR_H_
+#define SRC_LIBCRYPTOBOX_KEYPAIR_H_
+
+#include "config.h"
+#include "cryptobox.h"
+#include "ucl.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Keypair type
+ */
+enum rspamd_cryptobox_keypair_type {
+	RSPAMD_KEYPAIR_KEX = 0,
+	RSPAMD_KEYPAIR_SIGN
+};
+
+extern const guchar encrypted_magic[7];
+
+/**
+ * Opaque structure for the full (public + private) keypair
+ */
+struct rspamd_cryptobox_keypair;
+/**
+ * Opaque structure for public only keypair
+ */
+struct rspamd_cryptobox_pubkey;
+
+/**
+ * Creates new full keypair
+ * @param type type of the keypair
+ * @param alg algorithm for the keypair
+ * @return fresh keypair generated
+ */
+struct rspamd_cryptobox_keypair *rspamd_keypair_new(
+	enum rspamd_cryptobox_keypair_type type,
+	enum rspamd_cryptobox_mode alg);
+
+/**
+ * Increase refcount for the specific keypair
+ * @param kp
+ * @return
+ */
+struct rspamd_cryptobox_keypair *rspamd_keypair_ref(
+	struct rspamd_cryptobox_keypair *kp);
+
+/**
+ * Decrease refcount for the specific keypair (or destroy when refcount == 0)
+ * @param kp
+ */
+void rspamd_keypair_unref(struct rspamd_cryptobox_keypair *kp);
+
+/**
+ * Increase refcount for the specific pubkey
+ * @param kp
+ * @return
+ */
+struct rspamd_cryptobox_pubkey *rspamd_pubkey_ref(
+	struct rspamd_cryptobox_pubkey *kp);
+
+/**
+ * Load pubkey from base32 string
+ * @param b32 input string
+ * @param type type of key (signing or kex)
+ * @param alg algorithm of the key (nist or curve25519)
+ * @return new pubkey or NULL in case of error
+ */
+struct rspamd_cryptobox_pubkey *rspamd_pubkey_from_base32(const gchar *b32,
+														  gsize len,
+														  enum rspamd_cryptobox_keypair_type type,
+														  enum rspamd_cryptobox_mode alg);
+
+/**
+ * Load pubkey from hex string
+ * @param hex input string
+ * @param type type of key (signing or kex)
+ * @param alg algorithm of the key (nist or curve25519)
+ * @return new pubkey or NULL in case of error
+ */
+struct rspamd_cryptobox_pubkey *rspamd_pubkey_from_hex(const gchar *hex,
+													   gsize len,
+													   enum rspamd_cryptobox_keypair_type type,
+													   enum rspamd_cryptobox_mode alg);
+
+/**
+ * Load pubkey from raw chunk string
+ * @param hex input data
+ * @param type type of key (signing or kex)
+ * @param alg algorithm of the key (nist or curve25519)
+ * @return new pubkey or NULL in case of error
+ */
+struct rspamd_cryptobox_pubkey *rspamd_pubkey_from_bin(const guchar *raw,
+													   gsize len,
+													   enum rspamd_cryptobox_keypair_type type,
+													   enum rspamd_cryptobox_mode alg);
+
+
+/**
+ * Decrease refcount for the specific pubkey (or destroy when refcount == 0)
+ * @param kp
+ */
+void rspamd_pubkey_unref(struct rspamd_cryptobox_pubkey *kp);
+
+/**
+ * Get type of keypair
+ */
+enum rspamd_cryptobox_keypair_type rspamd_keypair_type(
+	struct rspamd_cryptobox_keypair *kp);
+
+/**
+ * Get type of pubkey
+ */
+enum rspamd_cryptobox_keypair_type rspamd_pubkey_type(
+	struct rspamd_cryptobox_pubkey *p);
+
+/**
+ * Get algorithm of keypair
+ */
+enum rspamd_cryptobox_mode rspamd_keypair_alg(struct rspamd_cryptobox_keypair *kp);
+
+/**
+ * Get algorithm of pubkey
+ */
+enum rspamd_cryptobox_mode rspamd_pubkey_alg(struct rspamd_cryptobox_pubkey *p);
+
+/**
+ * Get cached NM for this specific pubkey
+ * @param p
+ * @return
+ */
+const guchar *rspamd_pubkey_get_nm(struct rspamd_cryptobox_pubkey *p,
+								   struct rspamd_cryptobox_keypair *kp);
+
+/**
+ * Calculate and store nm value for the specified local key (performs ECDH)
+ * @param p
+ * @return
+ */
+const guchar *rspamd_pubkey_calculate_nm(struct rspamd_cryptobox_pubkey *p,
+										 struct rspamd_cryptobox_keypair *kp);
+
+/**
+ * Get raw public key id for a specified keypair (rspamd_cryptobox_HASHBYTES)
+ * @param kp
+ * @return
+ */
+const guchar *rspamd_keypair_get_id(struct rspamd_cryptobox_keypair *kp);
+
+/**
+ * Returns keypair extensions if any
+ * @param kp
+ * @return
+ */
+const ucl_object_t *rspamd_keypair_get_extensions(struct rspamd_cryptobox_keypair *kp);
+
+/**
+ * Get raw public key id for a specified key (rspamd_cryptobox_HASHBYTES)
+ * @param kp
+ * @return
+ */
+const guchar *rspamd_pubkey_get_id(struct rspamd_cryptobox_pubkey *pk);
+
+/**
+ * Get raw public key from pubkey opaque structure
+ * @param pk
+ * @param len
+ * @return
+ */
+const guchar *rspamd_pubkey_get_pk(struct rspamd_cryptobox_pubkey *pk,
+								   guint *len);
+
+/** Short ID characters count */
+#define RSPAMD_KEYPAIR_SHORT_ID_LEN 5
+/** Print pubkey */
+#define RSPAMD_KEYPAIR_PUBKEY 0x1
+/** Print secret key */
+#define RSPAMD_KEYPAIR_PRIVKEY 0x2
+/** Print key id */
+#define RSPAMD_KEYPAIR_ID 0x4
+/** Print short key id */
+#define RSPAMD_KEYPAIR_ID_SHORT 0x8
+/** Encode output with base 32 */
+#define RSPAMD_KEYPAIR_BASE32 0x10
+/** Human readable output */
+#define RSPAMD_KEYPAIR_HUMAN 0x20
+#define RSPAMD_KEYPAIR_HEX 0x40
+
+/**
+ * Print keypair encoding it if needed
+ * @param key key to print
+ * @param how flags that specifies printing behaviour
+ * @return newly allocated string with keypair
+ */
+GString *rspamd_keypair_print(struct rspamd_cryptobox_keypair *kp,
+							  guint how);
+
+/**
+ * Print pubkey encoding it if needed
+ * @param key key to print
+ * @param how flags that specifies printing behaviour
+ * @return newly allocated string with keypair
+ */
+GString *rspamd_pubkey_print(struct rspamd_cryptobox_pubkey *pk,
+							 guint how);
+
+/** Get keypair pubkey ID */
+#define RSPAMD_KEYPAIR_COMPONENT_ID 0
+/** Get keypair public key */
+#define RSPAMD_KEYPAIR_COMPONENT_PK 1
+/** Get keypair private key */
+#define RSPAMD_KEYPAIR_COMPONENT_SK 2
+
+/**
+ * Get specific component of a keypair
+ * @param kp keypair
+ * @param ncomp component number
+ * @param len length of input
+ * @return raw content of the component
+ */
+const guchar *rspamd_keypair_component(struct rspamd_cryptobox_keypair *kp,
+									   guint ncomp, guint *len);
+
+/**
+ * Create a new keypair from ucl object
+ * @param obj object to load
+ * @return new structure or NULL if an object is invalid
+ */
+struct rspamd_cryptobox_keypair *rspamd_keypair_from_ucl(const ucl_object_t *obj);
+
+
+enum rspamd_keypair_dump_flags {
+	RSPAMD_KEYPAIR_DUMP_DEFAULT = 0,
+	RSPAMD_KEYPAIR_DUMP_HEX = 1u << 0u,
+	RSPAMD_KEYPAIR_DUMP_NO_SECRET = 1u << 1u,
+	RSPAMD_KEYPAIR_DUMP_FLATTENED = 1u << 2u,
+};
+
+/**
+ * Converts keypair to ucl object
+ * @param kp
+ * @return
+ */
+ucl_object_t *rspamd_keypair_to_ucl(struct rspamd_cryptobox_keypair *kp,
+									enum rspamd_keypair_dump_flags flags);
+
+
+/**
+ * Decrypts data using keypair and a pubkey stored in in, in must start from
+ * `encrypted_magic` constant
+ * @param kp keypair
+ * @param in raw input
+ * @param inlen input length
+ * @param out output (allocated internally using g_malloc)
+ * @param outlen output size
+ * @return TRUE if decryption is completed, out must be freed in this case
+ */
+gboolean rspamd_keypair_decrypt(struct rspamd_cryptobox_keypair *kp,
+								const guchar *in, gsize inlen,
+								guchar **out, gsize *outlen,
+								GError **err);
+
+/**
+ * Encrypts data usign specific keypair.
+ * This method actually generates ephemeral local keypair, use public key from
+ * the remote keypair and encrypts data
+ * @param kp keypair
+ * @param in raw input
+ * @param inlen input length
+ * @param out output (allocated internally using g_malloc)
+ * @param outlen output size
+ * @param err pointer to error
+ * @return TRUE if encryption has been completed, out must be freed in this case
+ */
+gboolean rspamd_keypair_encrypt(struct rspamd_cryptobox_keypair *kp,
+								const guchar *in, gsize inlen,
+								guchar **out, gsize *outlen,
+								GError **err);
+
+/**
+ * Encrypts data usign specific pubkey (must have KEX type).
+ * This method actually generates ephemeral local keypair, use public key from
+ * the remote keypair and encrypts data
+ * @param kp keypair
+ * @param in raw input
+ * @param inlen input length
+ * @param out output (allocated internally using g_malloc)
+ * @param outlen output size
+ * @param err pointer to error
+ * @return TRUE if encryption has been completed, out must be freed in this case
+ */
+gboolean rspamd_pubkey_encrypt(struct rspamd_cryptobox_pubkey *pk,
+							   const guchar *in, gsize inlen,
+							   guchar **out, gsize *outlen,
+							   GError **err);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SRC_LIBCRYPTOBOX_KEYPAIR_H_ */