libVES.c: Encryption At-rest With Browser-managed PIN-based Cryptographic-grade Key: Simple, Safe, Secure

libVES.c
Overview
VESvault: Simple, Safe and Secure Encryption At-rest
Simple
- Browser-based PIN entry unlocks the User's cryptographic keychain.
- The User can easily sync the encryption keys among multiple personal devices and browsers/apps.
Safe
- The user can add redundant key locations for safety from key loss.
- VESrecovery™ for recovering the key chain via friends' assistance without compromising the User's privacy.
Secure
- Brute force protection with VESlocker hardware-grade PIN security.
- End-to-end encryption using industry standard algorithms with cryptographic grade keys.
libVES.c is a software interface library to VESvault REST API. Any app or service can integrate libVES to maintain secure storage of encrypted data, while having a safe and reliable way of recovering the data in case if the user loses the encryption key.
The structure of VESvault end-to-end encrypted repository is described in the VESvault Repository Documentation.
libVES.c is focused on App Vault operations. Unlike libVES.js, the current version does not impletemt VESrecovery operations that pertain to Primary Vaults. Instead, libVES.c implements full scale stream encryption.
The latest source code of libVES.c and VES utility can be found in the GitHub repository.
The annotated header files are provided below.

/***************************************************************************
 *          ___       ___
 *         /   \     /   \    VESvault
 *         \__ /     \ __/    Encrypt Everything without fear of losing the Key
 *            \\     //                   https://vesvault.com https://ves.host
 *             \\   //
 *     ___      \\_//
 *    /   \     /   \         libVES:                      VESvault API library
 *    \__ /     \ __/
 *       \\     //            VES Utility:   A command line interface to libVES
 *        \\   //
 *         \\_//              - Key Management and Exchange
 *         /   \              - Item Encryption and Sharing
 *         \___/              - Stream Encryption
 *
 *
 * (c) 2018 VESvault Corp
 * Jim Zubov <jz@vesvault.com>
 *
 * GNU General Public License v3
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 * libVES.h                   libVES: Main header
 *
 ***************************************************************************/
#define LIBVES_VERSION_NUMBER	0x01000600L
#define LIBVES_VERSION_CODE	"1.06"
#define LIBVES_VERSION_STR	"libVES.c " LIBVES_VERSION_CODE " (c) 2018 - 2022 VESvault Corp"
#define LIBVES_VERSION_SHORT	"libVES/" LIBVES_VERSION_CODE

struct libVES_Ref;
struct libVES_User;
struct jVar;
typedef struct libVES {
    char *apiUrl;
    const char *appName;
    struct libVES_Ref *external;
    char *sessionToken;
    struct libVES_VaultKey *vaultKey;
    struct libVES_User *me;
    struct libVES_VaultKey *(*genVaultKeyFn)(struct libVES *ves, int type, struct libVES_Ref *ref, struct libVES_User *user);
    void (*attnFn)(struct libVES *ves, struct jVar *attn);
    struct CURL *curl;
    void (*httpInitFn)(struct libVES *ves);
    const char *errorMsg;
    char *errorBuf;
    const struct libVES_CiAlgo *cipherAlgo;
    const struct libVES_KeyAlgo *keyAlgo;
    struct libVES_List *unlockedKeys;
    short int veskeyLen;
    short int error;
    char debug;
    unsigned short int sessionTimeout;
    long long sessionExpire;
} libVES;


#define LIBVES_E_OK		0
#define LIBVES_E_PARAM		1
#define LIBVES_E_CONN		2
#define LIBVES_E_PARSE		3
#define LIBVES_E_CRYPTO		4
#define LIBVES_E_UNLOCK		5
#define LIBVES_E_DENIED		6
#define LIBVES_E_NOTFOUND	7
#define LIBVES_E_SERVER		8
#define LIBVES_E_UNSUPPORTED	9
#define LIBVES_E_INCORRECT	10
#define LIBVES_E_ASSERT		11
#define LIBVES_E_INTERNAL	31

#define LIBVES_O_FILE		0x01
#define LIBVES_O_VKEY		0x02
#define LIBVES_O_VITEM		0x04

#define LIBVES_O_NEW		0x10
#define LIBVES_O_GET		0x20

#ifndef LIBVES_API_URL
#define LIBVES_API_URL		"https://api.ves.host/v1/"
#endif

#ifndef LIBVES_VESKEY_LEN
#define LIBVES_VESKEY_LEN	32
#endif

#ifndef LIBVES_SESS_TMOUT
#define LIBVES_SESS_TMOUT	28800
#endif

/***************************************************************************
 * Global initialization. Optionally, call libVES_init() before creating any
 * instances of libVES to set the app name.
 * appName = "App_Name/version" (User-Agent format),
 * defaults to "(unspecified app)"
 ***************************************************************************/
void libVES_init(const char *appName);

/***************************************************************************
 * A new instance of libVES. vaultURI is an App Vault ves://domain/externalID/
 * or NULL
 ***************************************************************************/
libVES *libVES_new(const char *vaultURI);

libVES *libVES_fromRef(struct libVES_Ref *ref);

/***************************************************************************
 * Return the code of the last error, LIBVES_E_*.
 * The code is reset to LIBVES_E_OK after the call.
 ***************************************************************************/
int libVES_getError(libVES *ves);

/***************************************************************************
 * If the error code matches err - reset the code to LIBVES_E_OK
 * and return true. Otherwise return false without altering the error code.
 ***************************************************************************/
int libVES_checkError(libVES *ves, int err);

/***************************************************************************
 * Error description string for error code err.
 ***************************************************************************/
const char *libVES_errorStr(int err);

/***************************************************************************
 * Populate the error description str for the last error code on ves, and
 * an error detailds message msg.
 * The error code on ves is reset to LIBVES_E_OK after the call.
 ***************************************************************************/
int libVES_getErrorInfo(libVES *ves, const char **str, const char **msg);

/***************************************************************************
 * Convert a VES URI into an object, libVES_VaultKey or libVES_VaultItem.
 * flags are a combination of LIBVES_O_*
 * Returns the object, sets *type to LIBVES_O_* if type != NULL
 ***************************************************************************/
void *libVES_objectFromURI(const char **uri, struct libVES *ves, int flags, int *type);

struct libVES_VaultKey *libVES_defaultGenVaultKey(libVES *ves, int type, struct libVES_Ref *ref, struct libVES_User *user);
void libVES_defaultAttn(libVES *ves, struct jVar *attn);
char *libVES_fetchVerifyToken(const char *objuri, long long int objid, struct libVES *ves);

/***************************************************************************
 * The App Vault Key associated with the instance of libVES, do not deallocate
 ***************************************************************************/
struct libVES_VaultKey *libVES_getVaultKey(libVES *ves);

/***************************************************************************
 * Create a new Vault Key for the App Vault associated with the instance
 * of libVES. API restrictions apply.
 ***************************************************************************/
struct libVES_VaultKey *libVES_createVaultKey(libVES *ves);

/***************************************************************************
 * Unlock the App Vault, returns the Vault Key, or NULL on error.
 ***************************************************************************/
struct libVES_VaultKey *libVES_unlock(libVES *ves, size_t keylen, const char *veskey);

/***************************************************************************
 * Lock all Vault Keys previously unlocked on ves.
 ***************************************************************************/
void libVES_lock(libVES *ves);

/***************************************************************************
 * Refresh the Session Token for the unlocked Vault Key,
 * returns 1 on success, 0 on error.
 ***************************************************************************/
int libVES_refreshSession(libVES *ves);

/***************************************************************************
 * Refresh the Session Token for the unlocked Vault Key if the session is
 * timing out, returns 1 on success, 0 on error.
 ***************************************************************************/
int libVES_checkSession(libVES *ves);

/***************************************************************************
 * API session authorization token, an ascii string. Do not deallocate.
 * Created by libVES_unlock() or libVES_primary().
 ***************************************************************************/
#define libVES_getSessionToken(ves)	((ves) ? (ves)->sessionToken : NULL)

/***************************************************************************
 * Set the API session authorization token, from another API session
 ***************************************************************************/
void libVES_setSessionToken(libVES *ves, const char *token);

/***************************************************************************
 * Authorize the Primary Vault session using VESvault password.
 * Returns the current primary Vault Key, that can be further unlocked
 * using libVES_VaultKey_unlock()
 ***************************************************************************/
struct libVES_VaultKey *libVES_primary(libVES *ves, const char *email, const char *passwd);

/***************************************************************************
 * The owner of the Vault associated with ves. Do not deallocate.
 ***************************************************************************/
struct libVES_User *libVES_me(libVES *ves);

/***************************************************************************
 * Get raw string content of the Vault Item identified by uri.
 * If buf == NULL - allocate a new buffer of proper length, the returned buffer
 * is to be deallocated with free().
 * If buf != NULL && len != NULL - fail if *len is less that required length.
 * If len != NULL - populate the actual length *len on success.
 * If len == NULL - terminate the buffer with "\0".
 ***************************************************************************/
char *libVES_getValue(libVES *ves, const char *uri, size_t *len, char *buf);

/***************************************************************************
 * Put a raw string value into an existing or new Vault Item,
 * share with listed Vault URIs if shareURI != NULL
 ***************************************************************************/
int libVES_putValue(libVES *ves, const char *uri, size_t len, const char *value, size_t sharelen, const char **shareURI);

/***************************************************************************
 * Return 1 if the Vault Item identified by uri exists, 0 if doesn't exist,
 * -1 on error. This function does not need any kind of authentication,
 * can be run on newly instantiated ves.
 ***************************************************************************/
int libVES_fileExists(libVES *ves, const char *uri);

/***************************************************************************
 * Share an existing Vault Item identified by uri, with shareURI
 ***************************************************************************/
int libVES_shareFile(libVES *ves, const char *uri, size_t sharelen, const char **shareURI);

/***************************************************************************
 * Flag the Vault Item identified by uri as deleted.
 ***************************************************************************/
int libVES_deleteFile(libVES *ves, const char *uri);

/***************************************************************************
 * Perform pending internal tasks, such as temp key propagation.
 * Can be called periodically to sync the temp keys for the newly created
 * recipients of the User's vault items who are in process of setting up
 * their VES accounts.
 ***************************************************************************/
void libVES_attn(struct libVES *ves);

/***************************************************************************
 * Deallocate libVES, wipe all private content from memory
 ***************************************************************************/
void libVES_free(libVES *ves);

/***************************************************************************
 * Recursively erase any sensitive data from a jVar structure
 ***************************************************************************/
void libVES_cleanseJVar(struct jVar *jvar);



/***************************************************************************
 *          ___       ___
 *         /   \     /   \    VESvault
 *         \__ /     \ __/    Encrypt Everything without fear of losing the Key
 *            \\     //                   https://vesvault.com https://ves.host
 *             \\   //
 *     ___      \\_//
 *    /   \     /   \         libVES:                      VESvault API library
 *    \__ /     \ __/
 *       \\     //            VES Utility:   A command line interface to libVES
 *        \\   //
 *         \\_//              - Key Management and Exchange
 *         /   \              - Item Encryption and Sharing
 *         \___/              - Stream Encryption
 *
 *
 * (c) 2018 VESvault Corp
 * Jim Zubov <jz@vesvault.com>
 *
 * GNU General Public License v3
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 * libVES/VaultKey.h          libVES: Vault Key object header
 *
 ***************************************************************************/

typedef struct libVES_VaultKey {
    long long int id;
    const struct libVES_KeyAlgo *algo;
    int type;
    struct libVES *ves;
    struct libVES_User *user;
    char *publicKey;
    void *pPub;
    char *privateKey;
    void *pPriv;
    struct libVES_Ref *external;
    struct libVES_VaultItem *vitem;
    struct jVar *entries;
    char *appUrl;
} libVES_VaultKey;

typedef struct libVES_veskey {
    size_t keylen;
    char veskey[];
} libVES_veskey;

struct jVar;

#define LIBVES_VK_CURRENT	0
#define LIBVES_VK_SHADOW	1
#define LIBVES_VK_TEMP		2
#define LIBVES_VK_LOST		3
#define LIBVES_VK_SECONDARY	4
#define LIBVES_VK_RECOVERY	5
#define LIBVES_VK_PENDING	6
#define LIBVES_VK_DELETED	7

typedef struct libVES_KeyAlgo {
    char *str;
    char *name;
    libVES_VaultKey *(*newfn)(const struct libVES_KeyAlgo *algo, void *pkey, struct libVES_veskey *veskey, struct libVES *ves);
    char *(*pub2strfn)(libVES_VaultKey *vkey, void *pkey);
    void *(*str2pubfn)(libVES_VaultKey *vkey, const char *str);
    char *(*priv2strfn)(libVES_VaultKey *vkey, void *pkey, struct libVES_veskey *veskey);
    void *(*str2privfn)(libVES_VaultKey *vkey, const char *str, struct libVES_veskey *veskey);
    void *(*priv2pubfn)(libVES_VaultKey *vkey, void *pkey);
    int (*encfn)(libVES_VaultKey *vkey, const char *plaintext, size_t *ptlen, char *ciphertext, char *key, size_t *keylen);
    int (*decfn)(libVES_VaultKey *vkey, const char *ciphertext, size_t *ctlen, char *plaintext, char *key, size_t *keylen);
    int (*signfn)(libVES_VaultKey *vkey, const char *plaintext, size_t ptlen, char *signature);
    int (*verifyfn)(libVES_VaultKey *vkey, const char *plaintext, size_t ptlen, const char *signature, size_t sglen);
    void (*lockfn)(libVES_VaultKey *vkey);
    int (*dumpfn)(libVES_VaultKey *vkey, int fd, int flags);
    void (*freefn)(libVES_VaultKey *vkey);
} libVES_KeyAlgo;

#define libVES_KeyAlgo_pseudo(newfn_ptr)		(*((libVES_KeyAlgo *) (((char *) &newfn_ptr) - offsetof(libVES_KeyAlgo, newfn))))

extern const char *libVES_VaultKey_types[];
extern struct libVES_List libVES_VaultKey_algos;

/***************************************************************************
 * Create a Vault Key from private key structure pkey,
 * generate a new private key if pkey == NULL
 ***************************************************************************/
libVES_VaultKey *libVES_VaultKey_new(int type, const struct libVES_KeyAlgo *algo, void *pkey, struct libVES_veskey *veskey, struct libVES *ves);

#define libVES_VaultKey_isNew(vkey)		(vkey && !vkey->id)
libVES_VaultKey *libVES_VaultKey_fromJVar(struct jVar *j_vkey, struct libVES *ves);

/***************************************************************************
 * Parse a Vault Key from VES URI,
 * ves://domain/externalId/[userRef] | ves:///internalId/ | ves:////userRef
 ***************************************************************************/
#define libVES_VaultKey_fromURI(uri, ves)	((libVES_VaultKey *) libVES_objectFromURI(uri, ves, LIBVES_O_VKEY | LIBVES_O_GET | LIBVES_O_NEW, NULL))

/***************************************************************************
 * Push Vault Key(s) parsed from the URI into lst,
 * if lst == NULL a new list will be created
 * return lst, or NULL on error
 * One Vault Key will be matched for an App Vault or internalId,
 * up to 2 (current + shadow) for a Primary Vault (ves:////userRef)
 ***************************************************************************/
struct libVES_List *libVES_VaultKey_listFromURI(const char **path, struct libVES *ves, struct libVES_List *lst);

struct jVar *libVES_VaultKey_toJVar(libVES_VaultKey *vkey);

/***************************************************************************
 * Get VES URI - ves://domain/externalId/, use free() to deallocate
 ***************************************************************************/
char *libVES_VaultKey_toURI(libVES_VaultKey *vkey);

/***************************************************************************
 * Get internalId URI - ves:///internalId/, use free() to deallocate
 ***************************************************************************/
char *libVES_VaultKey_toURIi(libVES_VaultKey *vkey);

/***************************************************************************
 * Retrieve or create a Vault Key from ref and optional user
 * ref and user may or may not be consumed by the resulting libVES_VaultKey,
 * use libVES_VaultKey_free_ref_user() to free if not consumed
 ***************************************************************************/
#define libVES_VaultKey_get(ref, ves, user)	libVES_VaultKey_get2(ref, ves, user, NULL, LIBVES_O_GET | LIBVES_O_NEW)

/***************************************************************************
 * Call after libVES_VaultKey_get() or livBES_VaultKey_get2()
 * to safely free ref and user if they were not consumed by vkey
 ***************************************************************************/
libVES_VaultKey *libVES_VaultKey_free_ref_user(libVES_VaultKey *vkey, struct libVES_Ref *ref, struct libVES_User *user);

libVES_VaultKey *libVES_VaultKey_get2(struct libVES_Ref *ref, struct libVES *ves, struct libVES_User *user, char **sesstkn, int flags);
libVES_VaultKey *libVES_VaultKey_create(struct libVES_Ref *ref, struct libVES *ves, struct libVES_User *user);
libVES_VaultKey *libVES_VaultKey_createFrom(libVES_VaultKey *vkey);
struct libVES_VaultItem *libVES_VaultKey_propagate(libVES_VaultKey *vkey);

/***************************************************************************
 * Unlock the Vault Key using the veskey.
 * If veskey == NULL - attempt to unlock indirectly
 * using libVES_VaultKey_getVESkey()
 * a VESkey stored
 * in an associated Vault Item.
 ***************************************************************************/
void *libVES_VaultKey_unlock(libVES_VaultKey *vkey, struct libVES_veskey *veskey);

/***************************************************************************
 * Lock the Vault Key, wipe all private data from memory.
 ***************************************************************************/
void libVES_VaultKey_lock(libVES_VaultKey *vkey);

/***************************************************************************
 * Retrieve a VESkey from an associated Vault Item.
 ***************************************************************************/
struct libVES_veskey *libVES_VaultKey_getVESkey(libVES_VaultKey *vkey);

/***************************************************************************
 * Decrypt the Vault Item content. Return decrypted length, or -1 on error.
 ***************************************************************************/
int libVES_VaultKey_decrypt(libVES_VaultKey *vkey, const char *ciphertext, char **plaintext);

/***************************************************************************
 * Encrypt the Vault Item content, return base64 encoded encrypted string
 * or NULL on error.
 ***************************************************************************/
char *libVES_VaultKey_encrypt(libVES_VaultKey *vkey, const char *plaintext, size_t ptlen);

/***************************************************************************
 * Re-encrypt the entries for all Vault Items from fromVkey to vkey
 ***************************************************************************/
struct jVar *libVES_VaultKey_rekeyFrom(libVES_VaultKey *vkey, libVES_VaultKey *fromVkey, int flags);

/***************************************************************************
 * Find an active Vault Key for a Vault associated with vkey.
 * If exists and is different from vkey - re-encrypt the entries for all
 * Vault Items from vkey to active key. Return true if successful.
 ***************************************************************************/
int libVES_VaultKey_rekey(libVES_VaultKey *vkey);

/***************************************************************************
 * Try to apply the unlocked vkey to the associated libVES instance,
 * either by rekeying it, or by setting as the vaultKey on libVES.
 * Intended for unlocked temp keys.
 * If true - applied successfully, do NOT alter or deallocate vkey.
 * Otherwise - vkey cannot be applied, deallocate as usual.
 ***************************************************************************/
int libVES_VaultKey_apply(libVES_VaultKey *vkey);

int libVES_VaultKey_post(libVES_VaultKey *vkey);
int libVES_VaultKey_typeFromStr(const char *str);
const char *libVES_VaultKey_typeStr(int type);
const libVES_KeyAlgo *libVES_VaultKey_algoFromStr(const char *str);
#define libVES_VaultKey_algoStr(algo)		((algo) ? (algo)->str : NULL)
#define libVES_VaultKey_getId(vkey)		((vkey) ? (vkey)->id : 0)
#define libVES_VaultKey_getType(vkey)		((vkey) ? (vkey)->type : -1)
#define libVES_VaultKey_getAlgo(vkey)		((vkey) ? (vkey)->algo : NULL)
#define libVES_VaultKey_getPublicKey(vkey)	((vkey) ? (vkey)->publicKey : NULL)

/***************************************************************************
 * Encrypted private key (PEM), load from the API if not loaded yet.
 * Do not deallocate.
 ***************************************************************************/
char *libVES_VaultKey_getPrivateKey(libVES_VaultKey *vkey);

/***************************************************************************
 * The private key (PEM), decrypted if the Vault Key is unlocked,
 * encrypted otherwise. Use free() to deallocate.
 ***************************************************************************/
char *libVES_VaultKey_getPrivateKey1(libVES_VaultKey *vkey);

#define libVES_VaultKey_getExternal(vkey)	((vkey) ? (vkey)->external : NULL)
struct libVES_User *libVES_VaultKey_getUser(libVES_VaultKey *vkey);

/***************************************************************************
 * Output the algorithm specific human readable key info to fd.
 ***************************************************************************/
int libVES_VaultKey_dump(libVES_VaultKey *vkey, int fd, int flags);

/***************************************************************************
 * App URL for a new temp key, to be sent in the notification email
 ***************************************************************************/
int libVES_VaultKey_setAppUrl(libVES_VaultKey *vkey, const char *url);

void libVES_VaultKey_free(libVES_VaultKey *vkey);

/***************************************************************************
 * Unlike stream ciphers, Vault Key algorithms should be treated
 * conservatively to minimize cross-platform issues.
 ***************************************************************************/
void libVES_VaultKey_registerAlgo(const struct libVES_KeyAlgo *algo);

extern const struct libVES_ListCtl libVES_VaultKey_ListCtl;
extern const struct libVES_ListCtl libVES_VaultKey_ListCtlU;

/***************************************************************************
 * VESkey, a binary with length
 * Generate a random one if veskey == NULL, see libVES_veskey_generate()
 ***************************************************************************/
libVES_veskey *libVES_veskey_new(size_t keylen, const char *veskey);

/***************************************************************************
 * Generate a random ascii VESkey
 * The character frequency is biased to improve human readability,
 * the entropy is ~ 203 bit for keylen == 32 (vs 256 bit for a random binary)
 * Character frequency graph:
 * https://i.imgur.com/o2oTDLz.png (credits: https://reddit.com/u/skeeto)
 ***************************************************************************/
#define libVES_veskey_generate(keylen)		libVES_veskey_new(keylen, NULL)

void libVES_veskey_free(libVES_veskey *veskey);



/***************************************************************************
 *          ___       ___
 *         /   \     /   \    VESvault
 *         \__ /     \ __/    Encrypt Everything without fear of losing the Key
 *            \\     //                   https://vesvault.com https://ves.host
 *             \\   //
 *     ___      \\_//
 *    /   \     /   \         libVES:                      VESvault API library
 *    \__ /     \ __/
 *       \\     //            VES Utility:   A command line interface to libVES
 *        \\   //
 *         \\_//              - Key Management and Exchange
 *         /   \              - Item Encryption and Sharing
 *         \___/              - Stream Encryption
 *
 *
 * (c) 2018 VESvault Corp
 * Jim Zubov <jz@vesvault.com>
 *
 * GNU General Public License v3
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 * libVES/VaultItem.h         libVES: Vault Item object header
 *
 ***************************************************************************/

typedef struct libVES_VaultItem {
    long long int id;
    short int type;
    short int objectType;
    int flags;
    size_t len;
    char *value;
    union {
	void *object;
	struct libVES_File *file;
	struct libVES_VaultKey *vaultKey;
    };
    struct jVar *meta;
    struct jVar *entries;
    size_t sharelen;
    struct libVES_VaultKey *share[];
} libVES_VaultItem;

struct libVES_Ref;

#define LIBVES_VI_STRING	0
#define LIBVES_VI_FILE		1
#define LIBVES_VI_PASSWORD	2
#define LIBVES_VI_SECRET	3

#define LIBVES_SH_CLN		0x01
#define LIBVES_SH_PRI		0x02
#define LIBVES_SH_ADD		0x10
#define LIBVES_SH_UPD		0x20
#define LIBVES_SH_IGN		0x4000
#define LIBVES_SH_DEL		0x8000
#define LIBVES_SH_SET		(LIBVES_SH_ADD | LIBVES_SH_CLN)

#define LIBVES_SH_META		0x0100

extern const struct libVES_ListCtl libVES_VaultItem_ListCtl;
extern const char *libVES_VaultItem_types[];

libVES_VaultItem *libVES_VaultItem_new();
#define libVES_VaultItem_isNew(vitem)	(vitem && (vitem->flags & LIBVES_SH_ADD))
struct jVar *libVES_VaultItem_Ref_toJVar(struct libVES_Ref *ref);
struct jVar *libVES_VaultItem_toJVar(libVES_VaultItem *vitem);
libVES_VaultItem *libVES_VaultItem_fromJVar(struct jVar *data, struct libVES *ves);

/***************************************************************************
 * Load and/or create a Vault Item from ves URI
 * (ves://domain/externalId or ves:///internalId)
 ***************************************************************************/
#define libVES_VaultItem_fromURI(uri, ves)		((libVES_VaultItem *) libVES_objectFromURI(uri, ves, LIBVES_O_VITEM | LIBVES_O_GET | LIBVES_O_NEW, NULL))
#define libVES_VaultItem_loadFromURI(uri, ves)		((libVES_VaultItem *) libVES_objectFromURI(uri, ves, LIBVES_O_VITEM | LIBVES_O_GET, NULL))
#define libVES_VaultItem_createFromURI(uti, ves)	((libVES_VaultItem *) libVES_objectFromURI(uri, ves, LIBVES_O_VITEM | LIBVES_O_NEW, NULL))

/***************************************************************************
 * Get VES URI - ves://domain/externalId, use free() to deallocate
 ***************************************************************************/
char *libVES_VaultItem_toURI(libVES_VaultItem *vitem);

/***************************************************************************
 * Get internalId URI - ves:///internalId, use free() to deallocate
 ***************************************************************************/
char *libVES_VaultItem_toURIi(libVES_VaultItem *vitem);

libVES_VaultItem *libVES_VaultItem_create(struct libVES_Ref *ref);
char *libVES_VaultItem_toStringl(libVES_VaultItem *vitem, size_t *len, char *buf);

/***************************************************************************
 * Set the raw content and type
 ***************************************************************************/
int libVES_VaultItem_setValue(libVES_VaultItem *vitem, size_t len, const char *value, int type);

/***************************************************************************
 * A stream cipher object stored in the Vault Item
 ***************************************************************************/
struct libVES_Cipher *libVES_VaultItem_getCipher(libVES_VaultItem *vitem, struct libVES *ves);
int libVES_VaultItem_setCipher(libVES_VaultItem *vitem, struct libVES_Cipher *ci);

/***************************************************************************
 * Treat the Vault Item content as JSON string
 ***************************************************************************/
struct jVar *libVES_VaultItem_getObject(libVES_VaultItem *vitem);
int libVES_VaultItem_setObject(libVES_VaultItem *vitem, struct jVar *obj);

/***************************************************************************
 * Prepare entries to share/unshare the Vault Item with the list of Vault Keys,
 * call libVES_VaultItem_post() to commit
 ***************************************************************************/
struct jVar *libVES_VaultItem_entries(libVES_VaultItem *vitem, struct libVES_List *share, int flags);

libVES_VaultItem *libVES_VaultItem_get(struct libVES_Ref *ref, struct libVES *ves);

int libVES_VaultItem_post(libVES_VaultItem *vitem, struct libVES *ves);

int libVES_VaultItem_delete(libVES_VaultItem *vitem, struct libVES *ves);

/***************************************************************************
 * List all Vault Items shared with vkey
 ***************************************************************************/
struct libVES_List *libVES_VaultItem_list(struct libVES_VaultKey *vkey);

/***************************************************************************
 * Get a Verify Token that can be used instead of libVES Session Token to
 * allow retrieving vaultEntries/vaultKey/file on the vitem
 * without granting any other permissions.
 * free() the token when done.
 * If the access needs to be restricted to creator and external only -
 * use libVES_File_fetchVerifyToken(libVES_VaultItem_getFile(vitem), ves)
 ***************************************************************************/
#define libVES_VaultItem_fetchVerifyToken(vitem, ves)	((vitem) ? libVES_fetchVerifyToken("vaultItems", (vitem)->id, ves) : NULL)

/***************************************************************************
 * Send a GET request to the external url with VES authorization
 * X-VES-Authorization: vaultItem.{vitem->id}.{verifyToken}
 * Return jVar response on success, NULL on error, use libVES_getError(ves)
 * assign the http status code to *pcode if not NULL
 ***************************************************************************/
struct jVar *libVES_VaultItem_VESauthGET(struct libVES_VaultItem *vitem, struct libVES *ves, const char *url, long *pcode);

struct jVar *libVES_VaultItem_getMeta(libVES_VaultItem *vitem);
int libVES_VaultItem_setMeta(libVES_VaultItem *vitem, struct jVar *meta);
const char *libVES_VaultItem_typeStr(int type);
int libVES_VaultItem_typeFromStr(const char *str);
#define libVES_VaultItem_isDeleted(vitem)	((vitem) ? (vitem)->flags & LIBVES_SH_DEL : 0)
#define libVES_VaultItem_force(vitem)		((vitem) ? (vitem)->flags |= LIBVES_SH_UPD : 0)
#define libVES_VaultItem_getId(vkey)		((vitem) ? (vitem)->id : 0)
#define libVES_VaultItem_getType(vitem)		((vitem) ? (vitem)->type : -1)
#define libVES_VaultItem_getFile(vitem)		((vitem && (vitem)->objectType == LIBVES_O_FILE) ? (vitem)->file : NULL)
#define libVES_VaultItem_getVaultKey(vitem)	((vitem && (vitem)->objectType == LIBVES_O_VKEY) ? (vitem)->vaultKey : NULL)
void libVES_VaultItem_free(libVES_VaultItem *vitem);




/***************************************************************************
 *          ___       ___
 *         /   \     /   \    VESvault
 *         \__ /     \ __/    Encrypt Everything without fear of losing the Key
 *            \\     //                   https://vesvault.com https://ves.host
 *             \\   //
 *     ___      \\_//
 *    /   \     /   \         libVES:                      VESvault API library
 *    \__ /     \ __/
 *       \\     //            VES Utility:   A command line interface to libVES
 *        \\   //
 *         \\_//              - Key Management and Exchange
 *         /   \              - Item Encryption and Sharing
 *         \___/              - Stream Encryption
 *
 *
 * (c) 2018 VESvault Corp
 * Jim Zubov <jz@vesvault.com>
 *
 * GNU General Public License v3
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 * libVES/Cipher.h            libVES: Stream cipher header
 *
 ***************************************************************************/
typedef struct libVES_Cipher {
    const struct libVES_CiAlgo *algo;
    struct libVES *ves;
    void *ctx;
    struct jVar *meta;
    int flags;
    union {
	char key[0];
	struct {
	    unsigned char key[32];
	    unsigned char seed[12];
	    unsigned char iv[12];
	    size_t offs;
	    union {
		char *pbuf;
		struct {
		    void *mdctx;
		    char gbuf[16];
		};
	    };
	    char end[0];
	} gcm;
	struct {
	    unsigned char key[32];
	    unsigned char seed[32];
	    unsigned char iv[32];
	    char end[0];
	} cfb;
    };
} libVES_Cipher;

typedef struct libVES_CiAlgo {
    const char *str;
    const char *name;
    struct libVES_Cipher *(*newfn)(const struct libVES_CiAlgo *algo, struct libVES *ves, size_t, const char *);
    int (*keylenfn)(struct libVES_Cipher *ci);
    int (*decfn)(struct libVES_Cipher *, int, const char *, size_t, char *);
    int (*encfn)(struct libVES_Cipher *, int, const char *, size_t, char *);
    struct libVES_Seek *(*seekfn)(struct libVES_Cipher *, struct libVES_Seek *);
    void (*resetfn)(struct libVES_Cipher *);
    void (*freefn)(struct libVES_Cipher *);
} libVES_CiAlgo;

#define LIBVES_CF_ENC	0x01
#define LIBVES_CF_DEC	0x02

typedef struct libVES_Seek {
    off_t plainPos;
    off_t cipherPos;
    off_t cipherFbPos;
    size_t cipherFbLen;
    void *cipherFb;
    int flags;
} libVES_Seek;

#define LIBVES_SK_ENC	0x01
#define LIBVES_SK_DEC	0x02
#define LIBVES_SK_RDY	0x0100
#define LIBVES_SK_FBK	0x0200
#define LIBVES_SK_ERR	0x8000
#define LIBVES_SK_NEW	0

#define libVES_Cipher_KEYLENforVEntry	(sizeof(((libVES_Cipher *)0)->gcm.key) + sizeof(((libVES_Cipher *)0)->gcm.seed))
#define libVES_Cipher_PADLENforVEntry	48

extern struct libVES_List libVES_Cipher_algos;

/***************************************************************************
 * New cipher object. If key == NULL - generate a random key.
 ***************************************************************************/
libVES_Cipher *libVES_Cipher_new(const struct libVES_CiAlgo *algo, struct libVES *ves, size_t keylen, const char *key);

/***************************************************************************
 * New cipher, default algorithm, randomly generated key.
 ***************************************************************************/
#define libVES_Cipher_generate(ves)	libVES_Cipher_new(ves->cipherAlgo, ves, 0, NULL)

libVES_Cipher *libVES_Cipher_forVEntry(size_t keylen, const char *key, struct libVES *ves);
int libVES_Cipher_proceed(libVES_Cipher *ci, int final, const char *srctext, size_t srclen, char **dsttext, int func(libVES_Cipher *ci, int final, const char *src, size_t srclen, char *dst));

/***************************************************************************
 * Decrypt stream. Returns the decrypted length, -1 on error,
 * or max expected length if plaintext == NULL.
 ***************************************************************************/
int libVES_Cipher_decrypt(libVES_Cipher *ci, int final, const char *ciphertext, size_t ctlen, char **plaintext);

/***************************************************************************
 * Encrypt stream. Returns the encrypted length, -1 on error,
 * or max expected length if ciphertext == NULL.
 ***************************************************************************/
int libVES_Cipher_encrypt(libVES_Cipher *ci, int final, const char *plaintext, size_t ptlen, char **ciphertext);

/***************************************************************************
 * Seek to a specific position in plaintext & ciphertext.
 * Synopsis:
 *   libVES_Seek *sk = libVES_Cipher_seek(ci, NULL);
 *   // Set (sk->plainPos) or (sk->cipherPos) to the desired position      //
 *   sk = libVES_Cipher_seek(ci, sk);
 *   if (sk->flags & LIBVES_SK_FBK) {
 *     // Seek the ciphertext to (sk->cipherFbPos),                        //
 *     // Read at least (sk->cipherFbLen) bytes from the ciphertext,       //
 *     // Point (sk->cipherFb) to the read bytes.                          //
 *     sk = libVES_Cipher_seek(ci, sk);
 *   }
 *   if (sk->flags & LIBVES_SK_RDY) {
 *     // Seek the plaintext to (sk->plainPos),                            //
 *     // Seek the ciphertext to (sk->cipherPos),                          //
 *     // Proceed with encryption / decryption.                            //
 *   }
 ***************************************************************************/
struct libVES_Seek *libVES_Cipher_seek(libVES_Cipher *ci, struct libVES_Seek *sk);

char *libVES_Cipher_toStringl(libVES_Cipher *ci, size_t *len, char *buf);

struct jVar *libVES_Cipher_getMeta(libVES_Cipher *ci);
int libVES_Cipher_setMeta(libVES_Cipher *ci, struct jVar *jv);

#define libVES_Cipher_algoStr(algo)	((algo) ? (algo)->str : NULL)
const libVES_CiAlgo *libVES_Cipher_algoFromStr(const char *str);
void libVES_Cipher_reset(libVES_Cipher *ci);
void libVES_Cipher_free(libVES_Cipher *ci);

#define libVES_Seek_free(sk)	free(sk)

/***************************************************************************
 * Apps are encouraged to use custom stream cipher algorithms.
 * Make sure the string identifier of the algorithm (algo->str)
 * is unique within the scope of any apps the Vault Items can be shared with.
 * Registered algorithm is available to all libVES instances within the process.
 ***************************************************************************/
void libVES_Cipher_registerAlgo(const struct libVES_CiAlgo *algo);

/***************************************************************************
 * "NULL" cipher. No encryption implemented, secret metadata only.
 ***************************************************************************/
extern const struct libVES_CiAlgo libVES_CiAlgo_NULL;



/***************************************************************************
 *          ___       ___
 *         /   \     /   \    VESvault
 *         \__ /     \ __/    Encrypt Everything without fear of losing the Key
 *            \\     //                   https://vesvault.com https://ves.host
 *             \\   //
 *     ___      \\_//
 *    /   \     /   \         libVES:                      VESvault API library
 *    \__ /     \ __/
 *       \\     //            VES Utility:   A command line interface to libVES
 *        \\   //
 *         \\_//              - Key Management and Exchange
 *         /   \              - Item Encryption and Sharing
 *         \___/              - Stream Encryption
 *
 *
 * (c) 2018 VESvault Corp
 * Jim Zubov <jz@vesvault.com>
 *
 * GNU General Public License v3
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 * libVES/File.h              libVES: File object, for user vault items.
 *                            Internal to libVES in this version.
 *
 ***************************************************************************/

typedef struct libVES_File {
    long long int id;
    char *name;
    char *mime;
    char *path;
    struct libVES_Ref *external;
    struct libVES_User *creator;
} libVES_File;

libVES_File *libVES_File_new(struct libVES_Ref *ref);
libVES_File *libVES_File_fromJVar(struct jVar *data);
struct jVar *libVES_File_toJVar(libVES_File *file);
char *libVES_File_toURI(libVES_File *file);

/***************************************************************************
 * Get a Verify Token that can be used instead of libVES Session Token to
 * allow retrieving creator and external on the file
 * without granting any other permissions.
 * free() the token when done.
 * See also libVES_VaultItem_fetchVerifyToken()
 ***************************************************************************/
#define libVES_File_fetchVerifyToken(file, ves)		((file) ? libVES_fetchVerifyToken("files", (file)->id, ves) : NULL)

#define libVES_File_getCreator(file)	((file) ? (file)->creator : NULL)

void libVES_File_free(libVES_File *file);



/***************************************************************************
 *          ___       ___
 *         /   \     /   \    VESvault
 *         \__ /     \ __/    Encrypt Everything without fear of losing the Key
 *            \\     //                   https://vesvault.com https://ves.host
 *             \\   //
 *     ___      \\_//
 *    /   \     /   \         libVES:                      VESvault API library
 *    \__ /     \ __/
 *       \\     //            VES Utility:   A command line interface to libVES
 *        \\   //
 *         \\_//              - Key Management and Exchange
 *         /   \              - Item Encryption and Sharing
 *         \___/              - Stream Encryption
 *
 *
 * (c) 2018 VESvault Corp
 * Jim Zubov <jz@vesvault.com>
 *
 * GNU General Public License v3
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 * libVES/User.h              libVES: User object header
 *
 ***************************************************************************/

typedef struct libVES_User {
    long long int id;
    char *email;
    char *firstName;
    char *lastName;
} libVES_User;
struct libVES_VaultKey;
struct libVES;

/***************************************************************************
 * Parse the userRef part of VES URI (ves://domain/externalId/userRef)
 ***************************************************************************/
libVES_User *libVES_User_fromPath(const char **path);

libVES_User *libVES_User_fromJVar(struct jVar *data);
struct jVar *libVES_User_toJVar(libVES_User *user);
struct libVES_List *libVES_User_vaultKeys2(libVES_User *user, struct libVES_List *lst, struct libVES *ves, const char *reqs, const char *rsps);

/***************************************************************************
 * Primary Vault Keys, current and shadow.
 * Push to lst, or to a new Vault Key list lst == NULL.
 ***************************************************************************/
#define libVES_User_activeVaultKeys(user, lst, ves)	libVES_User_vaultKeys2(user, lst, ves, "users?fields=activeVaultKeys(id,type,algo,publicKey)", "activeVaultKeys")

/***************************************************************************
 * Vault Keys for the user.
 * Push to lst, or to a new Vault Key list lst == NULL.
 ***************************************************************************/
#define libVES_User_vaultKeys(user, lst, ves)	libVES_User_vaultKeys2(user, lst, ves, "users?fields=vaultKeys(id,type,algo,publicKey,privateKey)", "vaultKeys")

/***************************************************************************
 * Authenticate using VESvault password, populate sesstkn,
 * return current primary Vault Key
 ***************************************************************************/
struct libVES_VaultKey *libVES_User_primary(libVES_User *user, const char *passwd, char **sesstkn, struct libVES *ves);

libVES_User *libVES_User_loadFields(libVES_User *user, struct libVES *ves);
#define libVES_User_getId(user)			((user) ? (user)->id : 0)
#define libVES_User_getEmail(user)		((user) ? (user)->email : NULL)
#define libVES_User_getFirstName(user)		((user) ? (user)->firstName : NULL)
#define libVES_User_getLastName(user)		((user) ? (user)->lastName : NULL)
char *libVES_User_getName1(libVES_User *user);
libVES_User *libVES_User_copy(libVES_User *user);
void libVES_User_free(libVES_User *user);



/***************************************************************************
 *          ___       ___
 *         /   \     /   \    VESvault
 *         \__ /     \ __/    Encrypt Everything without fear of losing the Key
 *            \\     //                   https://vesvault.com https://ves.host
 *             \\   //
 *     ___      \\_//
 *    /   \     /   \         libVES:                      VESvault API library
 *    \__ /     \ __/
 *       \\     //            VES Utility:   A command line interface to libVES
 *        \\   //
 *         \\_//              - Key Management and Exchange
 *         /   \              - Item Encryption and Sharing
 *         \___/              - Stream Encryption
 *
 *
 * (c) 2018 VESvault Corp
 * Jim Zubov <jz@vesvault.com>
 *
 * GNU General Public License v3
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 * libVES/Ref.h               libVES: Object reference header
 *
 ***************************************************************************/

typedef struct libVES_Ref {
    char *domain;
    union {
	char externalId[0];
	long long int internalId;
    };
} libVES_Ref;

/***************************************************************************
 * New internalID ref, ves:///internalId[/...]
 ***************************************************************************/
libVES_Ref *libVES_Ref_new(long long int intId);

/***************************************************************************
 * New externalID ref, ves://domain/externalId[/...]
 ***************************************************************************/
libVES_Ref *libVES_External_new(const char *domain, const char *extId);

/***************************************************************************
 * Parse the domain and externalId, or the internalId, from the URI.
 * Upon return, *uri points to the next char after the parsed part.
 ***************************************************************************/
libVES_Ref *libVES_Ref_fromURI(const char **uri, struct libVES *ves);

libVES_Ref *libVES_External_fromJVar(struct jVar *data);
struct jVar *libVES_Ref_toJVar(libVES_Ref *ref, struct jVar *dst);
libVES_Ref *libVES_Ref_copy(libVES_Ref *ref);
#define libVES_Ref_free(ref)	free(ref)



/***************************************************************************
 *          ___       ___
 *         /   \     /   \    VESvault
 *         \__ /     \ __/    Encrypt Everything without fear of losing the Key
 *            \\     //                   https://vesvault.com https://ves.host
 *             \\   //
 *     ___      \\_//
 *    /   \     /   \         libVES:                      VESvault API library
 *    \__ /     \ __/
 *       \\     //            VES Utility:   A command line interface to libVES
 *        \\   //
 *         \\_//              - Key Management and Exchange
 *         /   \              - Item Encryption and Sharing
 *         \___/              - Stream Encryption
 *
 *
 * (c) 2018 VESvault Corp
 * Jim Zubov <jz@vesvault.com>
 *
 * GNU General Public License v3
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 * libVES/List.h              libVES: Dynamic list header
 *
 ***************************************************************************/
typedef struct libVES_List {
    const struct libVES_ListCtl *ctl;
    void **list;
    size_t len;
    size_t max;
} libVES_List;

typedef struct libVES_ListCtl {
    int (*cmpfn)(void *, void *);
    void (*freefn)(void *);
} libVES_ListCtl;

extern const libVES_ListCtl libVES_ListCtl_NULL;

libVES_List *libVES_List_new(const struct libVES_ListCtl *ctl);
void *libVES_List_add(struct libVES_List *lst, void *entry, int pos);
void libVES_List_remove(struct libVES_List *lst, void *entry);
#define libVES_List_unshift(lst, entry)		libVES_List_add(lst, entry, 0)
#define libVES_List_push(lst, entry)		libVES_List_add(lst, entry, -1)
void *libVES_List_find(struct libVES_List *lst, void *entry);
void libVES_List_free(struct libVES_List *lst);

#define libVES_List_STATIC(var, ctrl, length, ...)	const void *var ## LST[length] = { __VA_ARGS__ }; libVES_List var = { .ctl = (ctrl), .len = length, .max = 0, .list = (void **) var ## LST }
#define libVES_List_STATIC0(var, ctrl)			libVES_List var = { .ctl = (ctrl), .len = 0, .max = 0, .list = NULL }



/***************************************************************************
 *          ___       ___
 *         /   \     /   \    VESvault
 *         \__ /     \ __/    Encrypt Everything without fear of losing the Key
 *            \\     //                   https://vesvault.com https://ves.host
 *             \\   //
 *     ___      \\_//
 *    /   \     /   \         libVES:                      VESvault API library
 *    \__ /     \ __/
 *       \\     //            VES Utility:   A command line interface to libVES
 *        \\   //
 *         \\_//              - Key Management and Exchange
 *         /   \              - Item Encryption and Sharing
 *         \___/              - Stream Encryption
 *
 *
 * (c) 2018 VESvault Corp
 * Jim Zubov <jz@vesvault.com>
 *
 * GNU General Public License v3
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 * libVES/KeyAlgo_EVP.h       libVES: Vault Key algo header, via OpenSSL EVP
 *
 ***************************************************************************/

/***************************************************************************
 * RSA via EVP
 ***************************************************************************/
extern const struct libVES_KeyAlgo libVES_KeyAlgo_RSA;
#define libVES_KeyAlgo_RSA_defaultBits		4096

/***************************************************************************
 * ECDH via EVP
 ***************************************************************************/
extern const struct libVES_KeyAlgo libVES_KeyAlgo_ECDH;
#define libVES_KeyAlgo_ECDH_defaultCurve	NID_secp384r1

extern void *libVES_KeyAlgo_autoEVPfn;
extern void *libVES_KeyAlgo_autoPEMfn;

/***************************************************************************
 * Pseudo algo - autodetect from EVP private key
 ***************************************************************************/
#define libVES_KeyAlgo_autoEVP		libVES_KeyAlgo_pseudo(libVES_KeyAlgo_autoEVPfn)

/***************************************************************************
 * Pseudo algo - autodetect from PEM private key
 ***************************************************************************/
#define libVES_KeyAlgo_autoPEM		libVES_KeyAlgo_pseudo(libVES_KeyAlgo_autoPEMfn)

/***************************************************************************
 * Private PEM to EVP, use veskey if encrypted
 ***************************************************************************/
struct evp_pkey_st *libVES_KeyAlgo_EVP_fromPEM(struct libVES_veskey *veskey, const char *pem);

/***************************************************************************
 * Private EVP to PEM, encrypted if veskey != NULL
 ***************************************************************************/
char *libVES_KeyAlgo_EVP_toPEM(struct libVES_veskey *veskey, struct evp_pkey_st *pkey);



/***************************************************************************
 *          ___       ___
 *         /   \     /   \    VESvault
 *         \__ /     \ __/    Encrypt Everything without fear of losing the Key
 *            \\     //                   https://vesvault.com https://ves.host
 *             \\   //
 *     ___      \\_//
 *    /   \     /   \         libVES:                      VESvault API library
 *    \__ /     \ __/
 *       \\     //            VES Utility:   A command line interface to libVES
 *        \\   //
 *         \\_//              - Key Management and Exchange
 *         /   \              - Item Encryption and Sharing
 *         \___/              - Stream Encryption
 *
 *
 * (c) 2018 VESvault Corp
 * Jim Zubov <jz@vesvault.com>
 *
 * GNU General Public License v3
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 * libVES/CiAlgo_AES.h        libVES: Stream cipher AES* algorithm header
 *
 ***************************************************************************/

/***************************************************************************
 * AES256GCM1K
 * Chunked seekable GCM stream cipher with integrity check.
 ***************************************************************************/
extern const struct libVES_CiAlgo libVES_CiAlgo_AES256GCM1K;

/***************************************************************************
 * AES256CFB
 * Seekable CFB stream cipher, no integrity check.
 ***************************************************************************/
extern const struct libVES_CiAlgo libVES_CiAlgo_AES256CFB;

/***************************************************************************
 * AES256GCMp
 * Padded GCM, used internally for Vault Item content.
 ***************************************************************************/
extern const struct libVES_CiAlgo libVES_CiAlgo_AES256GCMp;