Functions for symmetrical or asymmetrical encryption using NaCL. More...
Functions | |
byte * | pcp_box_encrypt (PCPCTX *ptx, pcp_key_t *secret, pcp_pubkey_t *pub, byte *message, size_t messagesize, size_t *csize) |
Asymmetrically encrypt a message. More... | |
byte * | pcp_box_decrypt (PCPCTX *ptx, pcp_key_t *secret, pcp_pubkey_t *pub, byte *cipher, size_t ciphersize, size_t *dsize) |
Asymmetrically decrypt a message. More... | |
size_t | pcp_encrypt_stream (PCPCTX *ptx, Pcpstream *in, Pcpstream *out, pcp_key_t *s, pcp_pubkey_t *p, int signcrypt, int anon) |
Asymmetrically encrypt a file or a buffer stream. More... | |
size_t | pcp_encrypt_stream_sym (PCPCTX *ptx, Pcpstream *in, Pcpstream *out, byte *symkey, int havehead, pcp_rec_t *recsign) |
Symmetrically encrypt a file or a buffer stream. More... | |
size_t | pcp_decrypt_stream (PCPCTX *ptx, Pcpstream *in, Pcpstream *out, pcp_key_t *s, byte *symkey, int verify, int anon) |
Asymmetrically decrypt a file or a buffer stream. More... | |
size_t | pcp_decrypt_stream_sym (PCPCTX *ptx, Pcpstream *in, Pcpstream *out, byte *symkey, pcp_rec_t *recverify) |
Symmetrically decrypt a file or a buffer stream. More... | |
size_t | pcp_sodium_mac (byte **cipher, byte *cleartext, size_t clearsize, byte *nonce, byte *key) |
Symmetrically encrypt a message. More... | |
int | pcp_sodium_verify_mac (byte **cleartext, byte *message, size_t messagesize, byte *nonce, byte *key) |
Decrypt a symmetrically encrypted message. More... | |
Functions for symmetrical or asymmetrical encryption using NaCL.
Encryption is done 32k blockwise using an ephemeral key.
If using asymmetrical encryption the ephemeral key is encrypted asymmetrically using Curve25519 for all recipients and added to the output.
If sign+crypt is requested, a hash of the clear content plus the recipient list will be made and signed. That signature will be encrypted using the ephemeral key as well and appended to the output.
For each encryption cycle (per block) a unique nonce will be used.
Encrypted output will always written as binary files. No armoring supported yet. The encryption process works as this:
Symmetric encryption works the very same with the recipient stuff left out.
Formal format description, asymmetric encrypted files:
+---------------------------------------------------------+ | Field Size Description | +-------------+--------+----------------------------------+ | Type | 1 | Filetype, 5=ASYM, 23=SYM | +-------------|--------|----------------------------------+ | Len R | 4 | Number of recipients (*) | +-------------|--------|----------------------------------+ | Recipients | R*72 | C(recipient)|C(recipient)... (*) | +-------------|--------|----------------------------------+ | Encrypted | ~ | The actual encrypted data | +-------------|--------|----------------------------------+
The following will be Left out when doing symetric encryption.
Recipient field format:
+---------------------------------------------------------+ | Field Size Description | +-------------+--------+----------------------------------+ | Nonce | 24 | Random Nonce, one per R | +-------------|--------|----------------------------------+ | Cipher | 48 | S encrypted with PK or R | +-------------|--------|----------------------------------+
R is calculated using public key encryption using the senders secret key, the recipients public key and a random nonce.
Pseudocode:
where P is the public key of a recipient, SK is the senders secret key, R is the recipient list, L is the number of recipients, T is the filetype header, I is a block of input with a size of 32k, N is a nonce (new per block) and S the symmetric key.
byte* pcp_box_decrypt | ( | PCPCTX * | ptx, |
pcp_key_t * | secret, | ||
pcp_pubkey_t * | pub, | ||
byte * | cipher, | ||
size_t | ciphersize, | ||
size_t * | dsize | ||
) |
Asymmetrically decrypt a message.
This function is used internally and normally a user doesn't need to use it. However, from time to time there maybe the requirement to work with raw NaCL crypto_box() output. This function adds the neccessary padding and it uses PCP key structures.
[in] | ptx | pcp context. |
[in] | secret | The secret key structure from the sender. |
[in] | pub | The public key structure from the recipient. |
[in] | cipher | The encrypted message. |
[in] | ciphersize | The size in bytes of the encrypted message. |
[out] | dsize | A pointer which will be set to the size of the decrypted result if successful. |
byte* pcp_box_encrypt | ( | PCPCTX * | ptx, |
pcp_key_t * | secret, | ||
pcp_pubkey_t * | pub, | ||
byte * | message, | ||
size_t | messagesize, | ||
size_t * | csize | ||
) |
Asymmetrically encrypt a message.
This function is used internally and normally a user doesn't need to use it. However, from time to time there maybe the requirement to work with raw NaCL crypto_box() output. This function adds the neccessary padding and it uses PCP key structures.
[in] | ptx | pcp context. |
[in] | secret | The secret key structure from the sender. |
[in] | pub | The public key structure from the recipient. |
[in] | message | The clear unencrypted message. |
[in] | messagesize | The size in bytes of the message. |
[out] | csize | A pointer which will be set to the size of the encrypted result if successful. |
size_t pcp_decrypt_stream | ( | PCPCTX * | ptx, |
Pcpstream * | in, | ||
Pcpstream * | out, | ||
pcp_key_t * | s, | ||
byte * | symkey, | ||
int | verify, | ||
int | anon | ||
) |
Asymmetrically decrypt a file or a buffer stream.
This function decrypts a stream 32k+16-blockwise for a number of recipients.
Calls pcp_decrypt_stream_sym() after assembling the encrypted recipient list.
FIXME: should return the pcp_rec_t structure upon successfull verification somehow.
[in] | ptx | pcp context. |
[in] | in | Stream to read the data to decrypt from. |
[out] | out | Stream to write decrypted result to. |
[in] | s | Secret key structure of the recipient. |
[in] | symkey | Ephemeral key for symmetric decryption. Set to NULL if you call this function directly. |
verify | Flag to indicate sign+crypt. If 1 it tries to verify a signature, otherwise not. | |
[in] | anon | Flag to indicate if using anonymous sender key. 0 retains std behaviour, not anon. |
size_t pcp_decrypt_stream_sym | ( | PCPCTX * | ptx, |
Pcpstream * | in, | ||
Pcpstream * | out, | ||
byte * | symkey, | ||
pcp_rec_t * | recverify | ||
) |
Symmetrically decrypt a file or a buffer stream.
This function decrypts a stream 32k+16-blockwise using a given ephemeral key. Usually compute this key using the pcp_scrypt() function. If not called directly, the key have been extracted from the recipient list.
Uses crypto_secret_box_open() for each 32k+16-block with a random nonce for each.
[in] | ptx | pcp context. |
[in] | in | Stream to read the data to decrypt from. |
[out] | out | Stream to write decrypted result to. |
[in] | symkey | Ephemeral key to use for decryption. |
recverify | Flag to indicate sign+crypt. If 1 it tries to verify a signature, otherwise not. |
size_t pcp_encrypt_stream | ( | PCPCTX * | ptx, |
Pcpstream * | in, | ||
Pcpstream * | out, | ||
pcp_key_t * | s, | ||
pcp_pubkey_t * | p, | ||
int | signcrypt, | ||
int | anon | ||
) |
Asymmetrically encrypt a file or a buffer stream.
This function encrypts a stream 32k-blockwise for a number of recipients.
Calls pcp_encrypt_stream_sym() after assembling the encrypted recipient list.
[in] | ptx | pcp context. |
[in] | in | Stream to read the data to encrypt from. |
[out] | out | Stream to write encrypted result to. |
[in] | s | Secret key structure of the sender. |
[in] | p | Public key hash containing a list of the recipients. |
[in] | signcrypt | Flag to indicate sign+crypt. If 1 it adds a signature, otherwise not. |
[in] | anon | Flag to indicate if using anonymous sender key. 0 retains std behaviour, not anon. |
size_t pcp_encrypt_stream_sym | ( | PCPCTX * | ptx, |
Pcpstream * | in, | ||
Pcpstream * | out, | ||
byte * | symkey, | ||
int | havehead, | ||
pcp_rec_t * | recsign | ||
) |
Symmetrically encrypt a file or a buffer stream.
This function encrypts a stream 32k-blockwise using a given ephemeral key. Usually compute this key using the pcp_scrypt() function.
Uses crypto_secret_box() for each 32k-block with a random nonce for each.
[in] | ptx | pcp context. |
[in] | in | Stream to read the data to encrypt from. |
[out] | out | Stream to write encrypted result to. |
[in] | symkey | Ephemeral key to use for encryption. |
[in] | havehead | Flag to indicate if the file header has already been written. Set to 0 if you call this function directly in order to do symmetrical encryption. |
recsign | Recipient list, set this to NULL if you call this function directly. |
size_t pcp_sodium_mac | ( | byte ** | cipher, |
byte * | cleartext, | ||
size_t | clearsize, | ||
byte * | nonce, | ||
byte * | key | ||
) |
Symmetrically encrypt a message.
This function encrypts a message symmetrically using crypto_secretbox() using the given Curve25519 raw secret key and the nonce.
It allocates apropriate memory for the result, which will be stored in cipher.
[out] | cipher | Encrypted result. |
[in] | cleartext | Clear message. |
[in] | clearsize | Size of message. |
[in] | nonce | A random nonce (24 Bytes). |
[in] | key | A Curve25519 key (32 Bytes). |
int pcp_sodium_verify_mac | ( | byte ** | cleartext, |
byte * | message, | ||
size_t | messagesize, | ||
byte * | nonce, | ||
byte * | key | ||
) |
Decrypt a symmetrically encrypted message.
This function decrypts a symmetrically encrypted message using crypto_secretbox_open() using the given Curve25519 raw secret key and the nonce.
It allocates apropriate memory for the result, which will be stored in cleartext.
[out] | cleartext | The decrypted result. |
[in] | message | The encrypted message. |
[in] | messagesize | Size of message. |
[in] | nonce | A random nonce (24 Bytes). |
[in] | key | A Curve25519 key (32 Bytes). |