llarp/crypto/crypto.hpp
Namespaces
| Name |
|---|
| llarp [crypto.hpp] |
Classes
| Name | |
|---|---|
| struct | llarp::Crypto library crypto configuration |
| struct | llarp::CryptoManager |
| struct | llarp::CSRNG rng type that uses llarp::randint(), which is cryptographically secure |
Source code
#pragma once
#include "constants.hpp"
#include "types.hpp"
#include <llarp/util/buffer.hpp>
#include <functional>
#include <optional>
#include <cstdint>
namespace llarp
{
struct Crypto
{
virtual ~Crypto() = 0;
virtual std::optional<AlignedBuffer<32>>
maybe_decrypt_name(std::string_view ciphertext, SymmNonce nounce, std::string_view name) = 0;
virtual bool
xchacha20(const llarp_buffer_t&, const SharedSecret&, const TunnelNonce&) = 0;
virtual bool
xchacha20_alt(
const llarp_buffer_t&, const llarp_buffer_t&, const SharedSecret&, const byte_t*) = 0;
virtual bool
dh_client(SharedSecret&, const PubKey&, const SecretKey&, const TunnelNonce&) = 0;
virtual bool
dh_server(SharedSecret&, const PubKey&, const SecretKey&, const TunnelNonce&) = 0;
virtual bool
transport_dh_client(SharedSecret&, const PubKey&, const SecretKey&, const TunnelNonce&) = 0;
virtual bool
transport_dh_server(SharedSecret&, const PubKey&, const SecretKey&, const TunnelNonce&) = 0;
virtual bool
shorthash(ShortHash&, const llarp_buffer_t&) = 0;
virtual bool
hmac(byte_t*, const llarp_buffer_t&, const SharedSecret&) = 0;
virtual bool
sign(Signature&, const SecretKey&, const llarp_buffer_t&) = 0;
virtual bool
sign(Signature&, const PrivateKey&, const llarp_buffer_t&) = 0;
virtual bool
verify(const PubKey&, const llarp_buffer_t&, const Signature&) = 0;
virtual bool
derive_subkey(PubKey&, const PubKey&, uint64_t, const AlignedBuffer<32>* = nullptr) = 0;
virtual bool
derive_subkey_private(
PrivateKey&, const SecretKey&, uint64_t, const AlignedBuffer<32>* = nullptr) = 0;
virtual bool
seed_to_secretkey(llarp::SecretKey&, const llarp::IdentitySecret&) = 0;
virtual void
randomize(const llarp_buffer_t&) = 0;
virtual void
randbytes(byte_t*, size_t) = 0;
virtual void
identity_keygen(SecretKey&) = 0;
virtual void
encryption_keygen(SecretKey&) = 0;
virtual void
pqe_keygen(PQKeyPair&) = 0;
virtual bool
pqe_decrypt(const PQCipherBlock&, SharedSecret&, const byte_t*) = 0;
virtual bool
pqe_encrypt(PQCipherBlock&, SharedSecret&, const PQPubKey&) = 0;
virtual bool
check_identity_privkey(const SecretKey&) = 0;
virtual bool
check_passwd_hash(std::string pwhash, std::string challenge) = 0;
};
inline Crypto::~Crypto() = default;
uint64_t
randint();
const byte_t*
seckey_topublic(const SecretKey& secret);
const byte_t*
pq_keypair_to_public(const PQKeyPair& keypair);
const byte_t*
pq_keypair_to_secret(const PQKeyPair& keypair);
struct CryptoManager
{
private:
static Crypto* m_crypto;
Crypto* m_prevCrypto;
public:
explicit CryptoManager(Crypto* crypto) : m_prevCrypto(m_crypto)
{
m_crypto = crypto;
}
~CryptoManager()
{
m_crypto = m_prevCrypto;
}
static Crypto*
instance()
{
#ifdef NDEBUG
return m_crypto;
#else
if (m_crypto)
return m_crypto;
assert(false && "Cryptomanager::instance() was undefined");
abort();
#endif
}
};
struct CSRNG
{
using result_type = uint64_t;
static constexpr uint64_t
min()
{
return std::numeric_limits<uint64_t>::min();
};
static constexpr uint64_t
max()
{
return std::numeric_limits<uint64_t>::max();
};
uint64_t
operator()()
{
return llarp::randint();
};
};
} // namespace llarp
Updated on 2026-01-10 at 22:49:45 +0000