Skip to content
Snippets Groups Projects
Commit b698687f authored by Adrien Béraud's avatar Adrien Béraud
Browse files

crypto: add documentation

parent 92962f78
No related branches found
No related tags found
No related merge requests found
...@@ -45,7 +45,7 @@ class CryptoException : public std::runtime_error { ...@@ -45,7 +45,7 @@ class CryptoException : public std::runtime_error {
}; };
/** /**
* Exception thrown when an expected decryption failed. * Exception thrown when a decryption error happened.
*/ */
class DecryptError : public CryptoException { class DecryptError : public CryptoException {
public: public:
...@@ -108,7 +108,12 @@ struct PrivateKey ...@@ -108,7 +108,12 @@ struct PrivateKey
{ {
PrivateKey(); PrivateKey();
//PrivateKey(gnutls_privkey_t k) : key(k) {} //PrivateKey(gnutls_privkey_t k) : key(k) {}
/**
* Takes ownership of an existing gnutls_x509_privkey.
*/
PrivateKey(gnutls_x509_privkey_t k); PrivateKey(gnutls_x509_privkey_t k);
PrivateKey(PrivateKey&& o) noexcept; PrivateKey(PrivateKey&& o) noexcept;
PrivateKey& operator=(PrivateKey&& o) noexcept; PrivateKey& operator=(PrivateKey&& o) noexcept;
......
...@@ -78,7 +78,7 @@ static constexpr std::array<size_t, 3> AES_LENGTHS {{128/8, 192/8, 256/8}}; ...@@ -78,7 +78,7 @@ static constexpr std::array<size_t, 3> AES_LENGTHS {{128/8, 192/8, 256/8}};
size_t aesKeySize(size_t max) size_t aesKeySize(size_t max)
{ {
unsigned aes_key_len = 0; size_t aes_key_len = 0;
for (size_t s = 0; s < AES_LENGTHS.size(); s++) { for (size_t s = 0; s < AES_LENGTHS.size(); s++) {
if (AES_LENGTHS[s] <= max) if (AES_LENGTHS[s] <= max)
aes_key_len = AES_LENGTHS[s]; aes_key_len = AES_LENGTHS[s];
...@@ -393,7 +393,8 @@ PublicKey::msgpack_unpack(msgpack::object o) ...@@ -393,7 +393,8 @@ PublicKey::msgpack_unpack(msgpack::object o)
} }
bool bool
PublicKey::checkSignature(const Blob& data, const Blob& signature) const { PublicKey::checkSignature(const Blob& data, const Blob& signature) const
{
if (!pk) if (!pk)
return false; return false;
const gnutls_datum_t sig {(uint8_t*)signature.data(), (unsigned)signature.size()}; const gnutls_datum_t sig {(uint8_t*)signature.data(), (unsigned)signature.size()};
...@@ -431,12 +432,17 @@ PublicKey::encrypt(const Blob& data) const ...@@ -431,12 +432,17 @@ PublicKey::encrypt(const Blob& data) const
const unsigned max_block_sz = key_len / 8 - 11; const unsigned max_block_sz = key_len / 8 - 11;
const unsigned cypher_block_sz = key_len / 8; const unsigned cypher_block_sz = key_len / 8;
/* Use plain RSA if the data is small enough */
if (data.size() <= max_block_sz) { if (data.size() <= max_block_sz) {
Blob ret(cypher_block_sz); Blob ret(cypher_block_sz);
encryptBloc(data.data(), data.size(), ret.data(), cypher_block_sz); encryptBloc(data.data(), data.size(), ret.data(), cypher_block_sz);
return ret; return ret;
} }
/* Otherwise use RSA+AES-GCM,
using the max. AES key size that can fit
in a single RSA packet () */
unsigned aes_key_sz = aesKeySize(max_block_sz); unsigned aes_key_sz = aesKeySize(max_block_sz);
if (aes_key_sz == 0) if (aes_key_sz == 0)
throw CryptoException("Key is not long enough for AES128"); throw CryptoException("Key is not long enough for AES128");
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment