My Project 3.7.1
C++ Distributed Hash Table
Loading...
Searching...
No Matches
crypto.h
1// Copyright (c) 2014-2026 Savoir-faire Linux Inc.
2// SPDX-License-Identifier: MIT
3#pragma once
4
5#include "infohash.h"
6#include "utils.h"
7#include "rng.h"
8
9extern "C" {
10#include <gnutls/gnutls.h>
11#include <gnutls/abstract.h>
12#include <gnutls/x509.h>
13#include <gnutls/ocsp.h>
14}
15
16#include <vector>
17#include <memory>
18#include <atomic>
19#include <mutex>
20#include <string_view>
21
22#ifdef _WIN32
23#include <iso646.h>
24#endif
25
26namespace dht {
27
31namespace crypto {
32
33class OPENDHT_PUBLIC CryptoException : public std::runtime_error
34{
35public:
36 explicit CryptoException(const std::string& str)
37 : std::runtime_error(str) {};
38 explicit CryptoException(const char* str)
39 : std::runtime_error(str) {};
40 CryptoException(const CryptoException& e) noexcept = default;
41 CryptoException& operator=(const CryptoException&) noexcept = default;
42};
43
47class OPENDHT_PUBLIC DecryptError : public CryptoException
48{
49public:
50 explicit DecryptError(const std::string& str)
51 : CryptoException(str) {};
52 explicit DecryptError(const char* str)
53 : CryptoException(str) {};
54 DecryptError(const DecryptError& e) noexcept = default;
55 DecryptError& operator=(const DecryptError&) noexcept = default;
56};
57
58struct PrivateKey;
59struct Certificate;
60class RevocationList;
61
62using Identity = std::pair<std::shared_ptr<PrivateKey>, std::shared_ptr<Certificate>>;
63
67struct OPENDHT_PUBLIC PublicKey
68{
69 PublicKey();
70
74 PublicKey(gnutls_pubkey_t k)
75 : pk(k)
76 {}
77
79 PublicKey(const uint8_t* dat, size_t dat_size);
80 PublicKey(const Blob& pk)
81 : PublicKey(pk.data(), pk.size())
82 {}
83 PublicKey(std::string_view pk)
84 : PublicKey((const uint8_t*) pk.data(), pk.size())
85 {}
86 PublicKey(PublicKey&& o) noexcept
87 : pk(o.pk)
88 {
89 o.pk = nullptr;
90 }
91
92 ~PublicKey();
93 explicit operator bool() const { return pk; }
94 bool operator==(const PublicKey& o) const { return pk == o.pk || getLongId() == o.getLongId(); }
95 bool operator!=(const PublicKey& o) const { return !(*this == o); }
96
97 PublicKey& operator=(PublicKey&& o) noexcept;
98
102 const InfoHash& getId() const;
103
107 const PkId& getLongId() const;
108
109 bool checkSignature(const uint8_t* data, size_t data_len, const uint8_t* signature, size_t signature_len) const;
110 inline bool checkSignature(const Blob& data, const Blob& signature) const
111 {
112 return checkSignature(data.data(), data.size(), signature.data(), signature.size());
113 }
114
115 Blob encrypt(const uint8_t* data, size_t data_len) const;
116 inline Blob encrypt(const Blob& data) const { return encrypt(data.data(), data.size()); }
117 inline Blob encrypt(std::string_view data) const { return encrypt((const uint8_t*) data.data(), data.size()); }
118 void pack(Blob& b) const;
119 int pack(uint8_t* out, size_t* out_len) const;
120 void unpack(const uint8_t* dat, size_t dat_size);
121
122 std::string toString() const;
123
124 template<typename Packer>
125 void msgpack_pack(Packer& p) const
126 {
127 Blob b;
128 pack(b);
129 p.pack_bin(b.size());
130 p.pack_bin_body((const char*) b.data(), b.size());
131 }
132
133 void msgpack_unpack(const msgpack::object& o);
134
135 gnutls_digest_algorithm_t getPreferredDigest() const;
136
137 gnutls_pubkey_t pk {nullptr};
138
139private:
140 mutable InfoHash cachedId_ {};
141 mutable PkId cachedLongId_ {};
142 mutable std::atomic_bool idCached_ {false};
143 mutable std::atomic_bool longIdCached_ {false};
144
145 PublicKey(const PublicKey&) = delete;
146 PublicKey& operator=(const PublicKey&) = delete;
147 void encryptBloc(const uint8_t* src, size_t src_size, uint8_t* dst, size_t dst_size) const;
148};
149
153struct OPENDHT_PUBLIC PrivateKey
154{
155 PrivateKey();
156 // PrivateKey(gnutls_privkey_t k) : key(k) {}
157
161 PrivateKey(gnutls_x509_privkey_t k);
162
163 PrivateKey(PrivateKey&& o) noexcept;
164 PrivateKey& operator=(PrivateKey&& o) noexcept;
165
166 PrivateKey(const uint8_t* src, size_t src_size, const char* password = nullptr);
167 PrivateKey(const Blob& src, const std::string& password = {})
168 : PrivateKey(src.data(), src.size(), password.c_str())
169 {}
170 PrivateKey(std::string_view src, const std::string& password = {})
171 : PrivateKey((const uint8_t*) src.data(), src.size(), password.c_str())
172 {}
173
174 ~PrivateKey();
175 explicit operator bool() const { return key; }
176
177 const PublicKey& getPublicKey() const;
178 const std::shared_ptr<PublicKey>& getSharedPublicKey() const;
179
180 int serialize(uint8_t* out, size_t* out_len, const std::string& password = {}) const;
181 Blob serialize(const std::string& password = {}) const;
182
187 Blob sign(const uint8_t* data, size_t data_len) const;
188 inline Blob sign(std::string_view dat) const { return sign((const uint8_t*) dat.data(), dat.size()); }
189 inline Blob sign(const Blob& dat) const { return sign(dat.data(), dat.size()); }
190
196 Blob decrypt(const uint8_t* cypher, size_t cypher_len) const;
197 Blob decrypt(const Blob& cypher) const { return decrypt(cypher.data(), cypher.size()); }
198
206 static PrivateKey generate(unsigned key_length = 4096, gnutls_pk_algorithm_t algo = GNUTLS_PK_RSA);
207 static PrivateKey generateEC();
208
209 gnutls_privkey_t key {};
210 gnutls_x509_privkey_t x509_key {};
211
212private:
213 PrivateKey(const PrivateKey&) = delete;
214 PrivateKey& operator=(const PrivateKey&) = delete;
215 Blob decryptBloc(const uint8_t* src, size_t src_size) const;
216
217 mutable std::mutex publicKeyMutex_ {};
218 mutable std::shared_ptr<PublicKey> publicKey_ {};
219};
220
221class OPENDHT_PUBLIC RevocationList
222{
223 using clock = std::chrono::system_clock;
224 using time_point = clock::time_point;
225 using duration = clock::duration;
226
227public:
228 RevocationList();
229 RevocationList(const Blob& b);
230 RevocationList(RevocationList&& o) noexcept
231 : crl(o.crl)
232 {
233 o.crl = nullptr;
234 }
235 ~RevocationList();
236
237 RevocationList& operator=(RevocationList&& o)
238 {
239 crl = o.crl;
240 o.crl = nullptr;
241 return *this;
242 }
243
244 void pack(Blob& b) const;
245 void unpack(const uint8_t* dat, size_t dat_size);
246 Blob getPacked() const
247 {
248 Blob b;
249 pack(b);
250 return b;
251 }
252
253 template<typename Packer>
254 void msgpack_pack(Packer& p) const
255 {
256 Blob b = getPacked();
257 p.pack_bin(b.size());
258 p.pack_bin_body((const char*) b.data(), b.size());
259 }
260
261 void msgpack_unpack(const msgpack::object& o);
262
263 void revoke(const Certificate& crt, time_point t = time_point::min());
264
265 bool isRevoked(const Certificate& crt) const;
266
271 void sign(const PrivateKey&, const Certificate&, duration validity_period = {});
272 void sign(const Identity& id) { sign(*id.first, *id.second); }
273
274 bool isSignedBy(const Certificate& issuer) const;
275
276 std::string toString() const;
277
281 Blob getNumber() const;
282
284 std::string getIssuerName() const;
285
287 std::string getIssuerUID() const;
288
289 time_point getUpdateTime() const;
290 time_point getNextUpdateTime() const;
291
292 gnutls_x509_crl_t get() { return crl; }
293 gnutls_x509_crl_t getCopy() const
294 {
295 if (not crl)
296 return nullptr;
297 auto copy = RevocationList(getPacked());
298 gnutls_x509_crl_t ret = copy.crl;
299 copy.crl = nullptr;
300 return ret;
301 }
302
303private:
304 gnutls_x509_crl_t crl {};
305 RevocationList(const RevocationList&) = delete;
306 RevocationList& operator=(const RevocationList&) = delete;
307};
308
309enum class NameType { UNKNOWN = 0, RFC822, DNS, URI, IP };
310
311class OPENDHT_PUBLIC CertificateRequest
312{
313public:
314 CertificateRequest();
315 CertificateRequest(const uint8_t* data, size_t size);
316 CertificateRequest(std::string_view src)
317 : CertificateRequest((const uint8_t*) src.data(), src.size())
318 {}
319 CertificateRequest(const Blob& data)
320 : CertificateRequest(data.data(), data.size())
321 {}
322
323 CertificateRequest(CertificateRequest&& o) noexcept
324 : request(std::move(o.request))
325 {
326 o.request = nullptr;
327 }
328 CertificateRequest& operator=(CertificateRequest&& o) noexcept;
329
330 ~CertificateRequest();
331
332 void setName(const std::string& name);
333 void setUID(const std::string& name);
334 void setAltName(NameType type, const std::string& name);
335
336 std::string getName() const;
337 std::string getUID() const;
338
339 void sign(const PrivateKey& key, const std::string& password = {});
340
341 bool verify() const;
342
343 Blob pack() const;
344 std::string toString() const;
345
346 gnutls_x509_crq_t get() const { return request; }
347
348private:
349 CertificateRequest(const CertificateRequest& o) = delete;
350 CertificateRequest& operator=(const CertificateRequest& o) = delete;
351 gnutls_x509_crq_t request {nullptr};
352};
353
354class OPENDHT_PUBLIC OcspRequest
355{
356public:
357 OcspRequest(gnutls_ocsp_req_t r)
358 : request(r)
359 {}
360 OcspRequest(const uint8_t* dat_ptr, size_t dat_size);
361 OcspRequest(std::string_view dat)
362 : OcspRequest((const uint8_t*) dat.data(), dat.size())
363 {}
364 ~OcspRequest();
365
366 /*
367 * Get OCSP Request in readable format.
368 */
369 std::string toString(const bool compact = true) const;
370
371 Blob pack() const;
372 Blob getNonce() const;
373
374private:
375 gnutls_ocsp_req_t request;
376};
377
378class OPENDHT_PUBLIC OcspResponse
379{
380public:
381 OcspResponse(const uint8_t* dat_ptr, size_t dat_size);
382 OcspResponse(std::string_view response)
383 : OcspResponse((const uint8_t*) response.data(), response.size())
384 {}
385 ~OcspResponse();
386
387 Blob pack() const;
388 /*
389 * Get OCSP Response in readable format.
390 */
391 std::string toString(const bool compact = true) const;
392
393 /*
394 * Get OCSP response certificate status.
395 * Return certificate status.
396 * http://www.gnu.org/software/gnutls/reference/gnutls-ocsp.html#gnutls-ocsp-cert-status-t
397 */
398 gnutls_ocsp_cert_status_t getCertificateStatus() const;
399
400 /*
401 * Verify OCSP response and return OCSP status.
402 * Throws CryptoException in case of error in the response.
403 * http://www.gnu.org/software/gnutls/reference/gnutls-ocsp.html#gnutls-ocsp-verify-reason-t
404 */
405 gnutls_ocsp_cert_status_t verifyDirect(const Certificate& crt, const Blob& nonce);
406
407private:
408 gnutls_ocsp_resp_t response;
409};
410
411struct OPENDHT_PUBLIC Certificate
412{
413 Certificate() noexcept {}
414
418 Certificate(gnutls_x509_crt_t crt) noexcept
419 : cert(crt)
420 {}
421
422 Certificate(Certificate&& o) noexcept
423 : cert(o.cert)
424 , issuer(std::move(o.issuer))
425 , publicKey_(std::move(o.publicKey_))
426 {
427 o.cert = nullptr;
428 };
429
434 Certificate(const Blob& crt);
435 Certificate(const uint8_t* dat, size_t dat_size)
436 : cert(nullptr)
437 {
438 unpack(dat, dat_size);
439 }
440 Certificate(std::string_view pem)
441 : Certificate((const uint8_t*) pem.data(), pem.size())
442 {}
443
448 template<typename Iterator>
449 Certificate(const Iterator& begin, const Iterator& end)
450 {
451 unpack(begin, end);
452 }
453
458 template<typename Iterator>
459 Certificate(const std::vector<std::pair<Iterator, Iterator>>& certs)
460 {
461 unpack(certs);
462 }
463
464 Certificate& operator=(Certificate&& o) noexcept;
465 ~Certificate();
466
467 void pack(Blob& b) const;
468 void unpack(const uint8_t* dat, size_t dat_size);
469 Blob getPacked() const
470 {
471 Blob b;
472 pack(b);
473 return b;
474 }
475
484 template<typename Iterator>
485 void unpack(const Iterator& begin, const Iterator& end)
486 {
487 std::shared_ptr<Certificate> tmp_subject {};
488 std::shared_ptr<Certificate> first {};
489 for (Iterator icrt = begin; icrt < end; ++icrt) {
490 auto tmp_crt = std::make_shared<Certificate>(*icrt);
491 if (tmp_subject)
492 tmp_subject->issuer = tmp_crt;
493 tmp_subject = std::move(tmp_crt);
494 if (!first)
495 first = tmp_subject;
496 }
497 *this = first ? std::move(*first) : Certificate();
498 }
499
511 template<typename Iterator>
512 void unpack(const std::vector<std::pair<Iterator, Iterator>>& certs)
513 {
514 std::shared_ptr<Certificate> tmp_issuer;
515 // reverse iteration
516 for (auto li = certs.rbegin(); li != certs.rend(); ++li) {
517 Certificate tmp_crt;
518 gnutls_x509_crt_init(&tmp_crt.cert);
519 const gnutls_datum_t crt_dt {(uint8_t*) &(*li->first), (unsigned) (li->second - li->first)};
520 int err = gnutls_x509_crt_import(tmp_crt.cert, &crt_dt, GNUTLS_X509_FMT_PEM);
521 if (err != GNUTLS_E_SUCCESS)
522 err = gnutls_x509_crt_import(tmp_crt.cert, &crt_dt, GNUTLS_X509_FMT_DER);
523 if (err != GNUTLS_E_SUCCESS)
524 throw CryptoException(std::string("Could not read certificate - ") + gnutls_strerror(err));
525 tmp_crt.issuer = tmp_issuer;
526 tmp_issuer = std::make_shared<Certificate>(std::move(tmp_crt));
527 }
528 *this = tmp_issuer ? std::move(*tmp_issuer) : Certificate();
529 }
530
531 template<typename Packer>
532 void msgpack_pack(Packer& p) const
533 {
534 Blob b;
535 pack(b);
536 p.pack_bin(b.size());
537 p.pack_bin_body((const char*) b.data(), b.size());
538 }
539
540 void msgpack_unpack(const msgpack::object& o);
541
542 explicit operator bool() const { return cert; }
543 const PublicKey& getPublicKey() const;
544 const std::shared_ptr<PublicKey>& getSharedPublicKey() const;
545
547 const InfoHash& getId() const;
549 const PkId& getLongId() const;
550
551 Blob getSerialNumber() const;
552
554 std::string getDN() const;
555
557 std::string getName() const;
558
560 std::string getUID() const;
561
563 std::string getIssuerDN() const;
564
566 std::string getIssuerName() const;
567
569 std::string getIssuerUID() const;
570
572 std::vector<std::pair<NameType, std::string>> getAltNames() const;
573
574 std::chrono::system_clock::time_point getActivation() const;
575 std::chrono::system_clock::time_point getExpiration() const;
576
581 bool isCA() const;
582
587 std::string toString(bool chain = true) const;
588
589 std::string print() const;
590
595 void revoke(const PrivateKey&, const Certificate&);
596
600 std::vector<std::shared_ptr<RevocationList>> getRevocationLists() const;
601
605 void addRevocationList(RevocationList&&);
606 void addRevocationList(std::shared_ptr<RevocationList>);
607
608 static Certificate generate(const PrivateKey& key,
609 const std::string& name = "dhtnode",
610 const Identity& ca = {},
611 bool is_ca = false,
612 int64_t validity = 0);
613 static Certificate generate(const CertificateRequest& request, const Identity& ca, int64_t validity = 0);
614
615 gnutls_x509_crt_t getCopy() const
616 {
617 if (not cert)
618 return nullptr;
619 auto copy = Certificate(getPacked());
620 gnutls_x509_crt_t ret = copy.cert;
621 copy.cert = nullptr;
622 return ret;
623 }
624
625 std::vector<gnutls_x509_crt_t> getChain(bool copy = false) const
626 {
627 if (not cert)
628 return {};
629 std::vector<gnutls_x509_crt_t> crts;
630 for (auto c = this; c; c = c->issuer.get())
631 crts.emplace_back(copy ? c->getCopy() : c->cert);
632 return crts;
633 }
634
635 std::pair<std::vector<gnutls_x509_crt_t>, std::vector<gnutls_x509_crl_t>> getChainWithRevocations(
636 bool copy = false) const
637 {
638 if (not cert)
639 return {};
640 std::vector<gnutls_x509_crt_t> crts;
641 std::vector<gnutls_x509_crl_t> crls;
642 for (auto c = this; c; c = c->issuer.get()) {
643 crts.emplace_back(copy ? c->getCopy() : c->cert);
644 crls.reserve(crls.size() + c->revocation_lists.size());
645 for (const auto& crl : c->revocation_lists)
646 crls.emplace_back(copy ? crl->getCopy() : crl->get());
647 }
648 return {crts, crls};
649 }
650
651 gnutls_digest_algorithm_t getPreferredDigest() const;
652
653 /*
654 * Generate OCSP request.
655 * Return GnuTLS error code.
656 * https://www.gnutls.org/manual/html_node/Error-codes.html
657 */
658 std::pair<std::string, Blob> generateOcspRequest(gnutls_x509_crt_t& issuer);
659
663 void setValidity(const Identity& ca, int64_t validity);
664 void setValidity(const PrivateKey& key, int64_t validity);
665
666 gnutls_x509_crt_t cert {nullptr};
667 std::shared_ptr<Certificate> issuer {};
668 std::shared_ptr<OcspResponse> ocspResponse;
669
670private:
671 Certificate(const Certificate&) = delete;
672 Certificate& operator=(const Certificate&) = delete;
673 mutable InfoHash cachedId_ {};
674 mutable PkId cachedLongId_ {};
675 mutable std::atomic_bool idCached_ {false};
676 mutable std::atomic_bool longIdCached_ {false};
677
678 struct crlNumberCmp
679 {
680 bool operator()(const std::shared_ptr<RevocationList>& lhs, const std::shared_ptr<RevocationList>& rhs) const
681 {
682 return lhs->getNumber() < rhs->getNumber();
683 }
684 };
685
686 std::set<std::shared_ptr<RevocationList>, crlNumberCmp> revocation_lists;
687
688 mutable std::mutex publicKeyMutex_ {};
689 mutable std::shared_ptr<PublicKey> publicKey_ {};
690};
691
692struct OPENDHT_PUBLIC TrustList
693{
694 struct VerifyResult
695 {
696 int ret;
697 unsigned result;
698 bool hasError() const { return ret < 0; }
699 bool isValid() const { return !hasError() and !(result & GNUTLS_CERT_INVALID); }
700 explicit operator bool() const { return isValid(); }
701 OPENDHT_PUBLIC std::string toString() const;
702 OPENDHT_PUBLIC friend std::ostream& operator<<(std::ostream& s, const VerifyResult& h);
703 };
704
705 TrustList();
706 TrustList(TrustList&& o) noexcept
707 : trust(std::move(o.trust))
708 {
709 o.trust = nullptr;
710 }
711 TrustList& operator=(TrustList&& o) noexcept;
712 ~TrustList();
713 void add(const Certificate& crt);
714 void add(const RevocationList& crl);
715 void remove(const Certificate& crt, bool parents = true);
716 VerifyResult verify(const Certificate& crt) const;
717
718private:
719 TrustList(const TrustList& o) = delete;
720 TrustList& operator=(const TrustList& o) = delete;
721 gnutls_x509_trust_list_t trust {nullptr};
722};
723
731OPENDHT_PUBLIC Identity generateIdentity(const std::string& name, const Identity& ca, unsigned key_length, bool is_ca);
732OPENDHT_PUBLIC Identity generateIdentity(const std::string& name = "dhtnode",
733 const Identity& ca = {},
734 unsigned key_length = 4096);
735
736OPENDHT_PUBLIC Identity generateEcIdentity(const std::string& name, const Identity& ca, bool is_ca);
737OPENDHT_PUBLIC Identity generateEcIdentity(const std::string& name = "dhtnode", const Identity& ca = {});
738
739OPENDHT_PUBLIC void saveIdentity(const Identity& id, const std::string& path, const std::string& privkey_password = {});
740OPENDHT_PUBLIC Identity loadIdentity(const std::string& path, const std::string& privkey_password = {});
741
750OPENDHT_PUBLIC Blob hash(const Blob& data, size_t hash_length = 512 / 8);
751
752OPENDHT_PUBLIC void hash(const uint8_t* data, size_t data_length, uint8_t* hash, size_t hash_length);
753
761OPENDHT_PUBLIC Blob stretchKey(std::string_view password, Blob& salt, size_t key_length = 512 / 8);
762
766OPENDHT_PUBLIC Blob aesEncrypt(const uint8_t* data, size_t data_length, const Blob& key);
767OPENDHT_PUBLIC inline Blob
768aesEncrypt(const Blob& data, const Blob& key)
769{
770 return aesEncrypt(data.data(), data.size(), key);
771}
782OPENDHT_PUBLIC Blob aesEncrypt(const Blob& data, std::string_view password, const Blob& salt = {});
783
787OPENDHT_PUBLIC Blob aesDecrypt(const uint8_t* data, size_t data_length, const Blob& key);
788OPENDHT_PUBLIC inline Blob
789aesDecrypt(const Blob& data, const Blob& key)
790{
791 return aesDecrypt(data.data(), data.size(), key);
792}
793OPENDHT_PUBLIC inline Blob
794aesDecrypt(std::string_view data, const Blob& key)
795{
796 return aesDecrypt((uint8_t*) data.data(), data.size(), key);
797}
798
799OPENDHT_PUBLIC Blob aesDecrypt(const uint8_t* data, size_t data_length, std::string_view password);
800OPENDHT_PUBLIC inline Blob
801aesDecrypt(const Blob& data, std::string_view password)
802{
803 return aesDecrypt(data.data(), data.size(), password);
804}
805OPENDHT_PUBLIC inline Blob
806aesDecrypt(std::string_view data, std::string_view password)
807{
808 return aesDecrypt((uint8_t*) data.data(), data.size(), password);
809}
810
814OPENDHT_PUBLIC Blob aesGetKey(const uint8_t* data, size_t data_length, std::string_view password);
815OPENDHT_PUBLIC Blob inline aesGetKey(const Blob& data, std::string_view password)
816{
817 return aesGetKey(data.data(), data.size(), password);
818}
820OPENDHT_PUBLIC Blob aesGetSalt(const uint8_t* data, size_t data_length);
821OPENDHT_PUBLIC Blob inline aesGetSalt(const Blob& data)
822{
823 return aesGetSalt(data.data(), data.size());
824}
826OPENDHT_PUBLIC std::string_view aesGetEncrypted(const uint8_t* data, size_t data_length);
827OPENDHT_PUBLIC std::string_view inline aesGetEncrypted(const Blob& data)
828{
829 return aesGetEncrypted(data.data(), data.size());
830}
831
837OPENDHT_PUBLIC Blob aesBuildEncrypted(const uint8_t* encryptedData, size_t data_length, const Blob& salt);
838OPENDHT_PUBLIC Blob inline aesBuildEncrypted(const Blob& encryptedData, const Blob& salt)
839{
840 return aesBuildEncrypted(encryptedData.data(), encryptedData.size(), salt);
841}
842OPENDHT_PUBLIC Blob inline aesBuildEncrypted(std::string_view encryptedData, const Blob& salt)
843{
844 return aesBuildEncrypted((const uint8_t*) encryptedData.data(), encryptedData.size(), salt);
845}
846
856OPENDHT_PUBLIC Blob webPushEncrypt(const Blob& p256dh,
857 const Blob& auth,
858 const uint8_t* payload,
859 size_t payload_length,
860 const PrivateKey& privKey = {},
861 const Blob& salt = {});
862
863} // namespace crypto
864} // namespace dht
dht::crypto::RevocationList::getIssuerUID
std::string getIssuerUID() const
dht::crypto::RevocationList::sign
void sign(const PrivateKey &, const Certificate &, duration validity_period={})
dht::crypto::RevocationList::getIssuerName
std::string getIssuerName() const
dht::crypto::aesEncrypt
OPENDHT_PUBLIC Blob aesEncrypt(const uint8_t *data, size_t data_length, const Blob &key)
dht::crypto::hash
OPENDHT_PUBLIC Blob hash(const Blob &data, size_t hash_length=512/8)
dht::crypto::aesBuildEncrypted
OPENDHT_PUBLIC Blob aesBuildEncrypted(const uint8_t *encryptedData, size_t data_length, const Blob &salt)
dht::crypto::generateIdentity
OPENDHT_PUBLIC Identity generateIdentity(const std::string &name, const Identity &ca, unsigned key_length, bool is_ca)
dht::crypto::stretchKey
OPENDHT_PUBLIC Blob stretchKey(std::string_view password, Blob &salt, size_t key_length=512/8)
dht::crypto::aesGetEncrypted
OPENDHT_PUBLIC std::string_view aesGetEncrypted(const uint8_t *data, size_t data_length)
dht::crypto::webPushEncrypt
OPENDHT_PUBLIC Blob webPushEncrypt(const Blob &p256dh, const Blob &auth, const uint8_t *payload, size_t payload_length, const PrivateKey &privKey={}, const Blob &salt={})
dht::crypto::aesGetKey
OPENDHT_PUBLIC Blob aesGetKey(const uint8_t *data, size_t data_length, std::string_view password)
dht::crypto::aesGetSalt
OPENDHT_PUBLIC Blob aesGetSalt(const uint8_t *data, size_t data_length)
dht::crypto::aesDecrypt
OPENDHT_PUBLIC Blob aesDecrypt(const uint8_t *data, size_t data_length, const Blob &key)
dht::Blob
std::vector< uint8_t > Blob
Definition utils.h:156
dht::crypto::Certificate::getIssuerUID
std::string getIssuerUID() const
dht::crypto::Certificate::Certificate
Certificate(const std::vector< std::pair< Iterator, Iterator > > &certs)
Definition crypto.h:459
dht::crypto::Certificate::unpack
void unpack(const Iterator &begin, const Iterator &end)
Definition crypto.h:485
dht::crypto::Certificate::setValidity
void setValidity(const Identity &ca, int64_t validity)
dht::crypto::Certificate::Certificate
Certificate(const Blob &crt)
dht::crypto::Certificate::revoke
void revoke(const PrivateKey &, const Certificate &)
dht::crypto::Certificate::getLongId
const PkId & getLongId() const
dht::crypto::Certificate::getId
const InfoHash & getId() const
dht::crypto::Certificate::Certificate
Certificate(const Iterator &begin, const Iterator &end)
Definition crypto.h:449
dht::crypto::Certificate::getIssuerDN
std::string getIssuerDN() const
dht::crypto::Certificate::getRevocationLists
std::vector< std::shared_ptr< RevocationList > > getRevocationLists() const
dht::crypto::Certificate::getIssuerName
std::string getIssuerName() const
dht::crypto::Certificate::getUID
std::string getUID() const
dht::crypto::Certificate::unpack
void unpack(const std::vector< std::pair< Iterator, Iterator > > &certs)
Definition crypto.h:512
dht::crypto::Certificate::toString
std::string toString(bool chain=true) const
dht::crypto::Certificate::getDN
std::string getDN() const
dht::crypto::Certificate::addRevocationList
void addRevocationList(RevocationList &&)
dht::crypto::Certificate::getName
std::string getName() const
dht::crypto::Certificate::getAltNames
std::vector< std::pair< NameType, std::string > > getAltNames() const
dht::crypto::Certificate::Certificate
Certificate(gnutls_x509_crt_t crt) noexcept
Definition crypto.h:418
dht::crypto::PrivateKey::sign
Blob sign(const uint8_t *data, size_t data_len) const
dht::crypto::PrivateKey::decrypt
Blob decrypt(const uint8_t *cypher, size_t cypher_len) const
dht::crypto::PrivateKey::PrivateKey
PrivateKey(gnutls_x509_privkey_t k)
dht::crypto::PrivateKey::generate
static PrivateKey generate(unsigned key_length=4096, gnutls_pk_algorithm_t algo=GNUTLS_PK_RSA)
dht::crypto::PublicKey::getId
const InfoHash & getId() const
dht::crypto::PublicKey::PublicKey
PublicKey(const uint8_t *dat, size_t dat_size)
dht::crypto::PublicKey::PublicKey
PublicKey(gnutls_pubkey_t k)
Definition crypto.h:74
dht::crypto::PublicKey::getLongId
const PkId & getLongId() const
Generated on for My Project by doxygen 1.15.0