/*************************************************************************** * ___ ___ * / \ / \ VESvault * \__ / \ __/ Encrypt Everything without fear of losing the Key * \\ // https://vesvault.com https://ves.host * \\ // * ___ \\_// * / \ / \ libVES: VESvault API library * \__ / \ __/ * \\ // VES Utility: A command line interface to libVES * \\ // * \\_// - Key Management and Exchange * / \ - Item Encryption and Sharing * \___/ - Stream Encryption * * * (c) 2018 VESvault Corp * Jim Zubov <jz@vesvault.com> * * GNU General Public License v3 * You may opt to use, copy, modify, merge, publish, distribute and/or sell * copies of the Software, and permit persons to whom the Software is * furnished to do so, under the terms of the COPYING file. * * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY * KIND, either express or implied. * * libVES.h libVES: Main header * ***************************************************************************/ #define LIBVES_VERSION_NUMBER 0x00090500L #define LIBVES_VERSION_CODE "0.95b" #define LIBVES_VERSION_STR "libVES.c " LIBVES_VERSION_CODE " (c) 2018 - 2020 VESvault Corp" #define LIBVES_VERSION_SHORT "libVES/" LIBVES_VERSION_CODE struct libVES_Ref; struct libVES_User; struct jVar; typedef struct libVES { char *apiUrl; const char *appName; struct libVES_Ref *external; char *sessionToken; struct libVES_VaultKey *vaultKey; struct libVES_User *me; struct libVES_VaultKey *(*genVaultKeyFn)(struct libVES *ves, int type, struct libVES_Ref *ref, struct libVES_User *user); void (*attnFn)(struct libVES *ves, struct jVar *attn); struct CURL *curl; void (*httpInitFn)(struct libVES *ves); const char *errorMsg; char *errorBuf; const struct libVES_CiAlgo *cipherAlgo; const struct libVES_KeyAlgo *keyAlgo; struct libVES_List *unlockedKeys; short int veskeyLen; short int error; char debug; } libVES; #define LIBVES_E_OK 0 #define LIBVES_E_PARAM 1 #define LIBVES_E_CONN 2 #define LIBVES_E_PARSE 3 #define LIBVES_E_CRYPTO 4 #define LIBVES_E_UNLOCK 5 #define LIBVES_E_DENIED 6 #define LIBVES_E_NOTFOUND 7 #define LIBVES_E_SERVER 8 #define LIBVES_E_UNSUPPORTED 9 #define LIBVES_E_INCORRECT 10 #define LIBVES_E_ASSERT 11 #define LIBVES_O_FILE 0x01 #define LIBVES_O_VKEY 0x02 #define LIBVES_O_VITEM 0x04 #define LIBVES_O_NEW 0x10 #define LIBVES_O_GET 0x20 #define LIBVES_API_URL "https://api.ves.host/v1/" /*************************************************************************** * Global initialization. Optionally, call libVES_init() before creating any * instances of libVES to set the app name. * appName = "App_Name/version" (User-Agent format), * defaults to "(unspecified app)" ***************************************************************************/ void libVES_init(const char *appName); /*************************************************************************** * A new instance of libVES. vaultURI is an App Vault ves://domain/externalID/ * or NULL ***************************************************************************/ libVES *libVES_new(const char *vaultURI); libVES *libVES_fromRef(struct libVES_Ref *ref); /*************************************************************************** * Return the code of the last error, LIBVES_E_*. * The code is reset to LIBVES_E_OK after the call. ***************************************************************************/ int libVES_getError(libVES *ves); /*************************************************************************** * If the error code matches err - reset the code to LIBVES_E_OK * and return true. Otherwise return false without altering the error code. ***************************************************************************/ int libVES_checkError(libVES *ves, int err); /*************************************************************************** * Error description string for error code err. ***************************************************************************/ const char *libVES_errorStr(int err); /*************************************************************************** * Populate the error description str for the last error code on ves, and * an error detailds message msg. * The error code on ves is reset to LIBVES_E_OK after the call. ***************************************************************************/ int libVES_getErrorInfo(libVES *ves, const char **str, const char **msg); /*************************************************************************** * Convert a VES URI into an object, libVES_VaultKey or libVES_VaultItem. * flags are a combination of LIBVES_O_* * Returns the object, sets *type to LIBVES_O_* if type != NULL ***************************************************************************/ void *libVES_objectFromURI(const char **uri, struct libVES *ves, int flags, int *type); struct libVES_VaultKey *libVES_defaultGenVaultKey(libVES *ves, int type, struct libVES_Ref *ref, struct libVES_User *user); void libVES_defaultAttn(libVES *ves, struct jVar *attn); /*************************************************************************** * The App Vault Key associated with the instance of libVES, do not deallocate ***************************************************************************/ struct libVES_VaultKey *libVES_getVaultKey(libVES *ves); /*************************************************************************** * Create a new Vault Key for the App Vault associated with the instance * of libVES. API restrictions apply. ***************************************************************************/ struct libVES_VaultKey *libVES_createVaultKey(libVES *ves); /*************************************************************************** * Unlock the App Vault, returns the Vault Key, or NULL on error. ***************************************************************************/ struct libVES_VaultKey *libVES_unlock(libVES *ves, size_t keylen, const char *veskey); /*************************************************************************** * Lock all Vault Keys previously unlocked on ves. ***************************************************************************/ void libVES_lock(libVES *ves); /*************************************************************************** * API session authorization token, an ascii string. Do not deallocate. * Created by libVES_unlock() or libVES_primary(). ***************************************************************************/ #define libVES_getSessionToken(ves) ((ves) ? (ves)->sessionToken : NULL) /*************************************************************************** * Set the API session authorization token, from another API session ***************************************************************************/ void libVES_setSessionToken(libVES *ves, const char *token); /*************************************************************************** * Authorize the Primary Vault session using VESvault password. * Returns the current primary Vault Key, that can be further unlocked * using libVES_VaultKey_unlock() ***************************************************************************/ struct libVES_VaultKey *libVES_primary(libVES *ves, const char *email, const char *passwd); /*************************************************************************** * The owner of the Vault associated with ves. Do not deallocate. ***************************************************************************/ struct libVES_User *libVES_me(libVES *ves); /*************************************************************************** * Get raw string content of the Vault Item identified by uri. * If buf == NULL - allocate a new buffer of proper length, the returned buffer * is to be deallocated with free(). * If buf != NULL && len != NULL - fail if *len is less that required length. * If len != NULL - populate the actual length *len on success. * If len == NULL - terminate the buffer with "\0". ***************************************************************************/ char *libVES_getValue(libVES *ves, const char *uri, size_t *len, char *buf); /*************************************************************************** * Put a raw string value into an existing or new Vault Item, * share with listed Vault URIs if shareURI != NULL ***************************************************************************/ int libVES_putValue(libVES *ves, const char *uri, size_t len, const char *value, size_t sharelen, const char **shareURI); /*************************************************************************** * Return 1 if the Vault Item identified by uri exists, 0 if doesn't exist, * -1 on error. This function does not need any kind of authentication, * can be run on newly instantiated ves. ***************************************************************************/ int libVES_fileExists(libVES *ves, const char *uri); /*************************************************************************** * Share an existing Vault Item identified by uri, with shareURI ***************************************************************************/ int libVES_shareFile(libVES *ves, const char *uri, size_t sharelen, const char **shareURI); /*************************************************************************** * Flag the Vault Item identified by uri as deleted. ***************************************************************************/ int libVES_deleteFile(libVES *ves, const char *uri); /*************************************************************************** * Deallocate libVES, wipe all private content from memory ***************************************************************************/ void libVES_free(libVES *ves); /*************************************************************************** * Recursively erase any sensitive data from a jVar structure ***************************************************************************/ void libVES_cleanseJVar(struct jVar *jvar);
/*************************************************************************** * ___ ___ * / \ / \ VESvault * \__ / \ __/ Encrypt Everything without fear of losing the Key * \\ // https://vesvault.com https://ves.host * \\ // * ___ \\_// * / \ / \ libVES: VESvault API library * \__ / \ __/ * \\ // VES Utility: A command line interface to libVES * \\ // * \\_// - Key Management and Exchange * / \ - Item Encryption and Sharing * \___/ - Stream Encryption * * * (c) 2018 VESvault Corp * Jim Zubov <jz@vesvault.com> * * GNU General Public License v3 * You may opt to use, copy, modify, merge, publish, distribute and/or sell * copies of the Software, and permit persons to whom the Software is * furnished to do so, under the terms of the COPYING file. * * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY * KIND, either express or implied. * * libVES/VaultKey.h libVES: Vault Key object header * ***************************************************************************/ typedef struct libVES_VaultKey { long long int id; const struct libVES_KeyAlgo *algo; int type; struct libVES *ves; struct libVES_User *user; char *publicKey; void *pPub; char *privateKey; void *pPriv; struct libVES_Ref *external; struct libVES_VaultItem *vitem; struct jVar *entries; char *appUrl; } libVES_VaultKey; typedef struct libVES_veskey { size_t keylen; char veskey[]; } libVES_veskey; struct jVar; #define LIBVES_VK_CURRENT 0 #define LIBVES_VK_SHADOW 1 #define LIBVES_VK_TEMP 2 #define LIBVES_VK_LOST 3 #define LIBVES_VK_SECONDARY 4 #define LIBVES_VK_RECOVERY 5 #define LIBVES_VK_PENDING 6 #define LIBVES_VK_DELETED 7 typedef struct libVES_KeyAlgo { char *str; char *name; libVES_VaultKey *(*newfn)(const struct libVES_KeyAlgo *algo, void *pkey, struct libVES_veskey *veskey, struct libVES *ves); char *(*pub2strfn)(libVES_VaultKey *vkey, void *pkey); void *(*str2pubfn)(libVES_VaultKey *vkey, const char *str); char *(*priv2strfn)(libVES_VaultKey *vkey, void *pkey, struct libVES_veskey *veskey); void *(*str2privfn)(libVES_VaultKey *vkey, const char *str, struct libVES_veskey *veskey); void *(*priv2pubfn)(libVES_VaultKey *vkey, void *pkey); int (*encfn)(libVES_VaultKey *vkey, const char *plaintext, size_t *ptlen, char *ciphertext, char *key, size_t *keylen); int (*decfn)(libVES_VaultKey *vkey, const char *ciphertext, size_t *ctlen, char *plaintext, char *key, size_t *keylen); int (*signfn)(libVES_VaultKey *vkey, const char *plaintext, size_t ptlen, char *signature); int (*verifyfn)(libVES_VaultKey *vkey, const char *plaintext, size_t ptlen, const char *signature, size_t sglen); void (*lockfn)(libVES_VaultKey *vkey); int (*dumpfn)(libVES_VaultKey *vkey, int fd, int flags); void (*freefn)(libVES_VaultKey *vkey); } libVES_KeyAlgo; #define libVES_KeyAlgo_pseudo(newfn_ptr) (*((libVES_KeyAlgo *) (((char *) &newfn_ptr) - offsetof(libVES_KeyAlgo, newfn)))) extern const char *libVES_VaultKey_types[]; extern struct libVES_List libVES_VaultKey_algos; /*************************************************************************** * Create a Vault Key from private key structure pkey, * generate a new private key if pkey == NULL ***************************************************************************/ libVES_VaultKey *libVES_VaultKey_new(int type, const struct libVES_KeyAlgo *algo, void *pkey, struct libVES_veskey *veskey, struct libVES *ves); #define libVES_VaultKey_isNew(vkey) (vkey && !vkey->id) libVES_VaultKey *libVES_VaultKey_fromJVar(struct jVar *j_vkey, struct libVES *ves); /*************************************************************************** * Parse a Vault Key from VES URI, * ves://domain/externalId/[userRef] | ves:///internalId/ | ves:////userRef ***************************************************************************/ #define libVES_VaultKey_fromURI(uri, ves) ((libVES_VaultKey *) libVES_objectFromURI(uri, ves, LIBVES_O_VKEY | LIBVES_O_GET | LIBVES_O_NEW, NULL)) /*************************************************************************** * Push Vault Key(s) parsed from the URI into lst, * if lst == NULL a new list will be created * return lst, or NULL on error * One Vault Key will be matched for an App Vault or internalId, * up to 2 (current + shadow) for a Primary Vault (ves:////userRef) ***************************************************************************/ struct libVES_List *libVES_VaultKey_listFromURI(const char **path, struct libVES *ves, struct libVES_List *lst); struct jVar *libVES_VaultKey_toJVar(libVES_VaultKey *vkey); /*************************************************************************** * Get VES URI - ves://domain/externalId/, use free() to deallocate ***************************************************************************/ char *libVES_VaultKey_toURI(libVES_VaultKey *vkey); /*************************************************************************** * Get internalId URI - ves:///internalId/, use free() to deallocate ***************************************************************************/ char *libVES_VaultKey_toURIi(libVES_VaultKey *vkey); libVES_VaultKey *libVES_VaultKey_get2(struct libVES_Ref *ref, struct libVES *ves, struct libVES_User *user, char **sesstkn, int flags); #define libVES_VaultKey_get(ref, ves, user) libVES_VaultKey_get2(ref, ves, user, NULL, LIBVES_O_GET | LIBVES_O_NEW) libVES_VaultKey *libVES_VaultKey_create(struct libVES_Ref *ref, struct libVES *ves, struct libVES_User *user); libVES_VaultKey *libVES_VaultKey_createFrom(libVES_VaultKey *vkey); struct libVES_VaultItem *libVES_VaultKey_propagate(libVES_VaultKey *vkey); /*************************************************************************** * Unlock the Vault Key using the veskey. * If veskey == NULL - attempt to unlock indirectly * using libVES_VaultKey_getVESkey() * a VESkey stored * in an associated Vault Item. ***************************************************************************/ void *libVES_VaultKey_unlock(libVES_VaultKey *vkey, struct libVES_veskey *veskey); /*************************************************************************** * Lock the Vault Key, wipe all private data from memory. ***************************************************************************/ void libVES_VaultKey_lock(libVES_VaultKey *vkey); /*************************************************************************** * Retrieve a VESkey from an associated Vault Item. ***************************************************************************/ struct libVES_veskey *libVES_VaultKey_getVESkey(libVES_VaultKey *vkey); /*************************************************************************** * Decrypt the Vault Item content. Return decrypted length, or -1 on error. ***************************************************************************/ int libVES_VaultKey_decrypt(libVES_VaultKey *vkey, const char *ciphertext, char **plaintext); /*************************************************************************** * Encrypt the Vault Item content, return base64 encoded encrypted string * or NULL on error. ***************************************************************************/ char *libVES_VaultKey_encrypt(libVES_VaultKey *vkey, const char *plaintext, size_t ptlen); /*************************************************************************** * Re-encrypt the entries for all Vault Items from fromVkey to vkey ***************************************************************************/ struct jVar *libVES_VaultKey_rekeyFrom(libVES_VaultKey *vkey, libVES_VaultKey *fromVkey, int flags); /*************************************************************************** * Find an active Vault Key for a Vault associated with vkey. * If exists and is different from vkey - re-encrypt the entries for all * Vault Items from vkey to active key. Return true if successful. ***************************************************************************/ int libVES_VaultKey_rekey(libVES_VaultKey *vkey); /*************************************************************************** * Try to apply the unlocked vkey to the associated libVES instance, * either by rekeying it, or by setting as the vaultKey on libVES. * Intended for unlocked temp keys. * If true - applied successfully, do NOT alter or deallocate vkey. * Otherwise - vkey cannot be applied, deallocate as usual. ***************************************************************************/ int libVES_VaultKey_apply(libVES_VaultKey *vkey); int libVES_VaultKey_post(libVES_VaultKey *vkey); int libVES_VaultKey_typeFromStr(const char *str); const char *libVES_VaultKey_typeStr(int type); const libVES_KeyAlgo *libVES_VaultKey_algoFromStr(const char *str); #define libVES_VaultKey_algoStr(algo) ((algo) ? (algo)->str : NULL) #define libVES_VaultKey_getId(vkey) ((vkey) ? (vkey)->id : 0) #define libVES_VaultKey_getType(vkey) ((vkey) ? (vkey)->type : -1) #define libVES_VaultKey_getAlgo(vkey) ((vkey) ? (vkey)->algo : NULL) #define libVES_VaultKey_getPublicKey(vkey) ((vkey) ? (vkey)->publicKey : NULL) /*************************************************************************** * Encrypted private key (PEM), load from the API if not loaded yet. * Do not deallocate. ***************************************************************************/ char *libVES_VaultKey_getPrivateKey(libVES_VaultKey *vkey); /*************************************************************************** * The private key (PEM), decrypted if the Vault Key is unlocked, * encrypted otherwise. Use free() to deallocate. ***************************************************************************/ char *libVES_VaultKey_getPrivateKey1(libVES_VaultKey *vkey); #define libVES_VaultKey_getExternal(vkey) ((vkey) ? (vkey)->external : NULL) struct libVES_User *libVES_VaultKey_getUser(libVES_VaultKey *vkey); /*************************************************************************** * Output the algorithm specific human readable key info to fd. ***************************************************************************/ int libVES_VaultKey_dump(libVES_VaultKey *vkey, int fd, int flags); /*************************************************************************** * App URL for a new temp key, to be sent in the notification email ***************************************************************************/ int libVES_VaultKey_setAppUrl(libVES_VaultKey *vkey, const char *url); void libVES_VaultKey_free(libVES_VaultKey *vkey); /*************************************************************************** * Unlike stream ciphers, Vault Key algorithms should be treated * conservatively to minimize cross-platform issues. ***************************************************************************/ void libVES_VaultKey_registerAlgo(const struct libVES_KeyAlgo *algo); extern const struct libVES_ListCtl libVES_VaultKey_ListCtl; extern const struct libVES_ListCtl libVES_VaultKey_ListCtlU; /*************************************************************************** * VESkey, a binary with length * Generate a random one if veskey == NULL, see libVES_veskey_generate() ***************************************************************************/ libVES_veskey *libVES_veskey_new(size_t keylen, const char *veskey); /*************************************************************************** * Generate a random ascii VESkey * The character frequency is biased to improve human readability, * the entropy is ~ 203 bit for keylen == 32 (vs 256 bit for a random binary) * Character frequency graph: * https://i.imgur.com/o2oTDLz.png (credits: https://reddit.com/u/skeeto) ***************************************************************************/ #define libVES_veskey_generate(keylen) libVES_veskey_new(keylen, NULL) void libVES_veskey_free(libVES_veskey *veskey);
/*************************************************************************** * ___ ___ * / \ / \ VESvault * \__ / \ __/ Encrypt Everything without fear of losing the Key * \\ // https://vesvault.com https://ves.host * \\ // * ___ \\_// * / \ / \ libVES: VESvault API library * \__ / \ __/ * \\ // VES Utility: A command line interface to libVES * \\ // * \\_// - Key Management and Exchange * / \ - Item Encryption and Sharing * \___/ - Stream Encryption * * * (c) 2018 VESvault Corp * Jim Zubov <jz@vesvault.com> * * GNU General Public License v3 * You may opt to use, copy, modify, merge, publish, distribute and/or sell * copies of the Software, and permit persons to whom the Software is * furnished to do so, under the terms of the COPYING file. * * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY * KIND, either express or implied. * * libVES/VaultItem.h libVES: Vault Item object header * ***************************************************************************/ typedef struct libVES_VaultItem { long long int id; short int type; short int objectType; int flags; size_t len; char *value; union { void *object; struct libVES_File *file; struct libVES_VaultKey *vaultKey; }; struct jVar *meta; struct jVar *entries; size_t sharelen; struct libVES_VaultKey *share[]; } libVES_VaultItem; struct libVES_Ref; #define LIBVES_VI_STRING 0 #define LIBVES_VI_FILE 1 #define LIBVES_VI_PASSWORD 2 #define LIBVES_VI_SECRET 3 #define LIBVES_SH_CLN 0x01 #define LIBVES_SH_PRI 0x02 #define LIBVES_SH_ADD 0x10 #define LIBVES_SH_UPD 0x20 #define LIBVES_SH_IGN 0x4000 #define LIBVES_SH_DEL 0x8000 #define LIBVES_SH_SET (LIBVES_SH_ADD | LIBVES_SH_CLN) #define LIBVES_SH_META 0x0100 extern const struct libVES_ListCtl libVES_VaultItem_ListCtl; libVES_VaultItem *libVES_VaultItem_new(); #define libVES_VaultItem_isNew(vitem) (vitem && (vitem->flags & LIBVES_SH_ADD)) struct jVar *libVES_VaultItem_Ref_toJVar(struct libVES_Ref *ref); struct jVar *libVES_VaultItem_toJVar(libVES_VaultItem *vitem); libVES_VaultItem *libVES_VaultItem_fromJVar(struct jVar *data, struct libVES *ves); /*************************************************************************** * Load and/or create a Vault Item from ves URI * (ves://domain/externalId or ves:///internalId) ***************************************************************************/ #define libVES_VaultItem_fromURI(uri, ves) ((libVES_VaultItem *) libVES_objectFromURI(uri, ves, LIBVES_O_VITEM | LIBVES_O_GET | LIBVES_O_NEW, NULL)) #define libVES_VaultItem_loadFromURI(uri, ves) ((libVES_VaultItem *) libVES_objectFromURI(uri, ves, LIBVES_O_VITEM | LIBVES_O_GET, NULL)) #define libVES_VaultItem_createFromURI(uti, ves) ((libVES_VaultItem *) libVES_objectFromURI(uri, ves, LIBVES_O_VITEM | LIBVES_O_NEW, NULL)) /*************************************************************************** * Get VES URI - ves://domain/externalId, use free() to deallocate ***************************************************************************/ char *libVES_VaultItem_toURI(libVES_VaultItem *vitem); /*************************************************************************** * Get internalId URI - ves:///internalId, use free() to deallocate ***************************************************************************/ char *libVES_VaultItem_toURIi(libVES_VaultItem *vitem); libVES_VaultItem *libVES_VaultItem_create(struct libVES_Ref *ref); char *libVES_VaultItem_toStringl(libVES_VaultItem *vitem, size_t *len, char *buf); /*************************************************************************** * Set the raw content and type ***************************************************************************/ int libVES_VaultItem_setValue(libVES_VaultItem *vitem, size_t len, const char *value, int type); /*************************************************************************** * A stream cipher object stored in the Vault Item ***************************************************************************/ struct libVES_Cipher *libVES_VaultItem_getCipher(libVES_VaultItem *vitem, struct libVES *ves); int libVES_VaultItem_setCipher(libVES_VaultItem *vitem, struct libVES_Cipher *ci); /*************************************************************************** * Treat the Vault Item content as JSON string ***************************************************************************/ struct jVar *libVES_VaultItem_getObject(libVES_VaultItem *vitem); int libVES_VaultItem_setObject(libVES_VaultItem *vitem, struct jVar *obj); /*************************************************************************** * Prepare entries to share/unshare the Vault Item with the list of Vault Keys, * call libVES_VaultItem_post() to commit ***************************************************************************/ struct jVar *libVES_VaultItem_entries(libVES_VaultItem *vitem, struct libVES_List *share, int flags); libVES_VaultItem *libVES_VaultItem_get(struct libVES_Ref *ref, struct libVES *ves); int libVES_VaultItem_post(libVES_VaultItem *vitem, struct libVES *ves); int libVES_VaultItem_delete(libVES_VaultItem *vitem, struct libVES *ves); /*************************************************************************** * List all Vault Items shared with vkey ***************************************************************************/ struct libVES_List *libVES_VaultItem_list(struct libVES_VaultKey *vkey); struct jVar *libVES_VaultItem_getMeta(libVES_VaultItem *vitem); int libVES_VaultItem_setMeta(libVES_VaultItem *vitem, struct jVar *meta); const char *libVES_VaultItem_typeStr(int type); int libVES_VaultItem_typeFromStr(const char *str); #define libVES_VaultItem_isDeleted(vitem) ((vitem) ? (vitem)->flags & LIBVES_SH_DEL : 0) #define libVES_VaultItem_force(vitem) ((vitem) ? (vitem)->flags |= LIBVES_SH_UPD : 0) #define libVES_VaultItem_getId(vkey) ((vitem) ? (vitem)->id : 0) #define libVES_VaultItem_getType(vitem) ((vitem) ? (vitem)->type : -1) #define libVES_VaultItem_getFile(vitem) ((vitem && (vitem)->objectType == LIBVES_O_FILE) ? (vitem)->file : NULL) #define libVES_VaultItem_getVaultKey(vitem) ((vitem && (vitem)->objectType == LIBVES_O_VKEY) ? (vitem)->vaultKey : NULL) void libVES_VaultItem_free(libVES_VaultItem *vitem);
/*************************************************************************** * ___ ___ * / \ / \ VESvault * \__ / \ __/ Encrypt Everything without fear of losing the Key * \\ // https://vesvault.com https://ves.host * \\ // * ___ \\_// * / \ / \ libVES: VESvault API library * \__ / \ __/ * \\ // VES Utility: A command line interface to libVES * \\ // * \\_// - Key Management and Exchange * / \ - Item Encryption and Sharing * \___/ - Stream Encryption * * * (c) 2018 VESvault Corp * Jim Zubov <jz@vesvault.com> * * GNU General Public License v3 * You may opt to use, copy, modify, merge, publish, distribute and/or sell * copies of the Software, and permit persons to whom the Software is * furnished to do so, under the terms of the COPYING file. * * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY * KIND, either express or implied. * * libVES/Cipher.h libVES: Stream cipher header * ***************************************************************************/ typedef struct libVES_Cipher { const struct libVES_CiAlgo *algo; struct libVES *ves; void *ctx; struct jVar *meta; int flags; union { char key[0]; struct { unsigned char key[32]; unsigned char seed[12]; unsigned char iv[12]; size_t offs; union { char *pbuf; struct { void *mdctx; char gbuf[16]; }; }; char end[0]; } gcm; struct { unsigned char key[32]; unsigned char seed[32]; unsigned char iv[32]; char end[0]; } cfb; }; } libVES_Cipher; typedef struct libVES_CiAlgo { const char *str; const char *name; struct libVES_Cipher *(*newfn)(const struct libVES_CiAlgo *algo, struct libVES *ves, size_t, const char *); int (*keylenfn)(struct libVES_Cipher *ci); int (*decfn)(struct libVES_Cipher *, int, const char *, size_t, char *); int (*encfn)(struct libVES_Cipher *, int, const char *, size_t, char *); struct libVES_Seek *(*seekfn)(struct libVES_Cipher *, struct libVES_Seek *); void (*resetfn)(struct libVES_Cipher *); void (*freefn)(struct libVES_Cipher *); } libVES_CiAlgo; #define LIBVES_CF_ENC 0x01 #define LIBVES_CF_DEC 0x02 typedef struct libVES_Seek { off_t plainPos; off_t cipherPos; off_t cipherFbPos; size_t cipherFbLen; void *cipherFb; int flags; } libVES_Seek; #define LIBVES_SK_ENC 0x01 #define LIBVES_SK_DEC 0x02 #define LIBVES_SK_RDY 0x0100 #define LIBVES_SK_FBK 0x0200 #define LIBVES_SK_ERR 0x8000 #define LIBVES_SK_NEW 0 #define libVES_Cipher_KEYLENforVEntry (sizeof(((libVES_Cipher *)0)->gcm.key) + sizeof(((libVES_Cipher *)0)->gcm.seed)) #define libVES_Cipher_PADLENforVEntry 48 extern struct libVES_List libVES_Cipher_algos; /*************************************************************************** * New cipher object. If key == NULL - generate a random key. ***************************************************************************/ libVES_Cipher *libVES_Cipher_new(const struct libVES_CiAlgo *algo, struct libVES *ves, size_t keylen, const char *key); /*************************************************************************** * New cipher, default algorithm, randomly generated key. ***************************************************************************/ #define libVES_Cipher_generate(ves) libVES_Cipher_new(ves->cipherAlgo, ves, 0, NULL) libVES_Cipher *libVES_Cipher_forVEntry(size_t keylen, const char *key, struct libVES *ves); int libVES_Cipher_proceed(libVES_Cipher *ci, int final, const char *srctext, size_t srclen, char **dsttext, int func(libVES_Cipher *ci, int final, const char *src, size_t srclen, char *dst)); /*************************************************************************** * Decrypt stream. Returns the decrypted length, -1 on error, * or max expected length if plaintext == NULL. ***************************************************************************/ int libVES_Cipher_decrypt(libVES_Cipher *ci, int final, const char *ciphertext, size_t ctlen, char **plaintext); /*************************************************************************** * Encrypt stream. Returns the encrypted length, -1 on error, * or max expected length if ciphertext == NULL. ***************************************************************************/ int libVES_Cipher_encrypt(libVES_Cipher *ci, int final, const char *plaintext, size_t ptlen, char **ciphertext); /*************************************************************************** * Seek to a specific position in plaintext & ciphertext. * Synopsis: * libVES_Seek *sk = libVES_Cipher_seek(ci, NULL); * // Set (sk->plainPos) or (sk->cipherPos) to the desired position // * sk = libVES_Cipher_seek(ci, sk); * if (sk->flags & LIBVES_SK_FBK) { * // Seek the ciphertext to (sk->cipherFbPos), // * // Read at least (sk->cipherFbLen) bytes from the ciphertext, // * // Point (sk->cipherFb) to the read bytes. // * sk = libVES_Cipher_seek(ci, sk); * } * if (sk->flags & LIBVES_SK_RDY) { * // Seek the plaintext to (sk->plainPos), // * // Seek the ciphertext to (sk->cipherPos), // * // Proceed with encryption / decryption. // * } ***************************************************************************/ struct libVES_Seek *libVES_Cipher_seek(libVES_Cipher *ci, struct libVES_Seek *sk); char *libVES_Cipher_toStringl(libVES_Cipher *ci, size_t *len, char *buf); struct jVar *libVES_Cipher_getMeta(libVES_Cipher *ci); int libVES_Cipher_setMeta(libVES_Cipher *ci, struct jVar *jv); #define libVES_Cipher_algoStr(algo) ((algo) ? (algo)->str : NULL) const libVES_CiAlgo *libVES_Cipher_algoFromStr(const char *str); void libVES_Cipher_reset(libVES_Cipher *ci); void libVES_Cipher_free(libVES_Cipher *ci); #define libVES_Seek_free(sk) free(sk) /*************************************************************************** * Apps are encouraged to use custom stream cipher algorithms. * Make sure the string identifier of the algorithm (algo->str) * is unique within the scope of any apps the Vault Items can be shared with. * Registered algorithm is available to all libVES instances within the process. ***************************************************************************/ void libVES_Cipher_registerAlgo(const struct libVES_CiAlgo *algo); /*************************************************************************** * "NULL" cipher. No encryption implemented, secret metadata only. ***************************************************************************/ extern const struct libVES_CiAlgo libVES_CiAlgo_NULL;
/*************************************************************************** * ___ ___ * / \ / \ VESvault * \__ / \ __/ Encrypt Everything without fear of losing the Key * \\ // https://vesvault.com https://ves.host * \\ // * ___ \\_// * / \ / \ libVES: VESvault API library * \__ / \ __/ * \\ // VES Utility: A command line interface to libVES * \\ // * \\_// - Key Management and Exchange * / \ - Item Encryption and Sharing * \___/ - Stream Encryption * * * (c) 2018 VESvault Corp * Jim Zubov <jz@vesvault.com> * * GNU General Public License v3 * You may opt to use, copy, modify, merge, publish, distribute and/or sell * copies of the Software, and permit persons to whom the Software is * furnished to do so, under the terms of the COPYING file. * * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY * KIND, either express or implied. * * libVES/User.h libVES: User object header * ***************************************************************************/ typedef struct libVES_User { long long int id; char *email; char *firstName; char *lastName; } libVES_User; struct libVES_VaultKey; struct libVES; /*************************************************************************** * Parse the userRef part of VES URI (ves://domain/externalId/userRef) ***************************************************************************/ libVES_User *libVES_User_fromPath(const char **path); libVES_User *libVES_User_fromJVar(struct jVar *data); struct jVar *libVES_User_toJVar(libVES_User *user); struct libVES_List *libVES_User_vaultKeys2(libVES_User *user, struct libVES_List *lst, struct libVES *ves, const char *reqs, const char *rsps); /*************************************************************************** * Primary Vault Keys, current and shadow. * Push to lst, or to a new Vault Key list lst == NULL. ***************************************************************************/ #define libVES_User_activeVaultKeys(user, lst, ves) libVES_User_vaultKeys2(user, lst, ves, "users?fields=activeVaultKeys(id,type,algo,publicKey)", "activeVaultKeys") /*************************************************************************** * Vault Keys for the user. * Push to lst, or to a new Vault Key list lst == NULL. ***************************************************************************/ #define libVES_User_vaultKeys(user, lst, ves) libVES_User_vaultKeys2(user, lst, ves, "users?fields=vaultKeys(id,type,algo,publicKey,privateKey)", "vaultKeys") /*************************************************************************** * Authenticate using VESvault password, populate sesstkn, * return current primary Vault Key ***************************************************************************/ struct libVES_VaultKey *libVES_User_primary(libVES_User *user, const char *passwd, char **sesstkn, struct libVES *ves); libVES_User *libVES_User_loadFields(libVES_User *user, struct libVES *ves); #define libVES_User_getId(user) ((user) ? (user)->id : 0) #define libVES_User_getEmail(user) ((user) ? (user)->email : NULL) #define libVES_User_getFirstName(user) ((user) ? (user)->firstName : NULL) #define libVES_User_getLastName(user) ((user) ? (user)->lastName : NULL) char *libVES_User_getName1(libVES_User *user); libVES_User *libVES_User_copy(libVES_User *user); void libVES_User_free(libVES_User *user);
/*************************************************************************** * ___ ___ * / \ / \ VESvault * \__ / \ __/ Encrypt Everything without fear of losing the Key * \\ // https://vesvault.com https://ves.host * \\ // * ___ \\_// * / \ / \ libVES: VESvault API library * \__ / \ __/ * \\ // VES Utility: A command line interface to libVES * \\ // * \\_// - Key Management and Exchange * / \ - Item Encryption and Sharing * \___/ - Stream Encryption * * * (c) 2018 VESvault Corp * Jim Zubov <jz@vesvault.com> * * GNU General Public License v3 * You may opt to use, copy, modify, merge, publish, distribute and/or sell * copies of the Software, and permit persons to whom the Software is * furnished to do so, under the terms of the COPYING file. * * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY * KIND, either express or implied. * * libVES/Ref.h libVES: Object reference header * ***************************************************************************/ typedef struct libVES_Ref { char *domain; union { char externalId[0]; long long int internalId; }; } libVES_Ref; /*************************************************************************** * New internalID ref, ves:///internalId[/...] ***************************************************************************/ libVES_Ref *libVES_Ref_new(long long int intId); /*************************************************************************** * New externalID ref, ves://domain/externalId[/...] ***************************************************************************/ libVES_Ref *libVES_External_new(const char *domain, const char *extId); /*************************************************************************** * Parse the domain and externalId, or the internalId, from the URI. * Upon return, *uri points to the next char after the parsed part. ***************************************************************************/ libVES_Ref *libVES_Ref_fromURI(const char **uri, struct libVES *ves); libVES_Ref *libVES_External_fromJVar(struct jVar *data); struct jVar *libVES_Ref_toJVar(libVES_Ref *ref, struct jVar *dst); libVES_Ref *libVES_Ref_copy(libVES_Ref *ref); #define libVES_Ref_free(ref) free(ref)
/*************************************************************************** * ___ ___ * / \ / \ VESvault * \__ / \ __/ Encrypt Everything without fear of losing the Key * \\ // https://vesvault.com https://ves.host * \\ // * ___ \\_// * / \ / \ libVES: VESvault API library * \__ / \ __/ * \\ // VES Utility: A command line interface to libVES * \\ // * \\_// - Key Management and Exchange * / \ - Item Encryption and Sharing * \___/ - Stream Encryption * * * (c) 2018 VESvault Corp * Jim Zubov <jz@vesvault.com> * * GNU General Public License v3 * You may opt to use, copy, modify, merge, publish, distribute and/or sell * copies of the Software, and permit persons to whom the Software is * furnished to do so, under the terms of the COPYING file. * * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY * KIND, either express or implied. * * libVES/List.h libVES: Dynamic list header * ***************************************************************************/ typedef struct libVES_List { const struct libVES_ListCtl *ctl; void **list; size_t len; size_t max; } libVES_List; typedef struct libVES_ListCtl { int (*cmpfn)(void *, void *); void (*freefn)(void *); } libVES_ListCtl; extern const libVES_ListCtl libVES_ListCtl_NULL; libVES_List *libVES_List_new(const struct libVES_ListCtl *ctl); void *libVES_List_add(struct libVES_List *lst, void *entry, int pos); void libVES_List_remove(struct libVES_List *lst, void *entry); #define libVES_List_unshift(lst, entry) libVES_List_add(lst, entry, 0) #define libVES_List_push(lst, entry) libVES_List_add(lst, entry, -1) void *libVES_List_find(struct libVES_List *lst, void *entry); void libVES_List_free(struct libVES_List *lst); #define libVES_List_STATIC(var, ctrl, length, ...) const void *var ## LST[length] = { __VA_ARGS__ }; libVES_List var = { .ctl = (ctrl), .len = length, .max = 0, .list = (void **) var ## LST } #define libVES_List_STATIC0(var, ctrl) libVES_List var = { .ctl = (ctrl), .len = 0, .max = 0, .list = NULL }
/*************************************************************************** * ___ ___ * / \ / \ VESvault * \__ / \ __/ Encrypt Everything without fear of losing the Key * \\ // https://vesvault.com https://ves.host * \\ // * ___ \\_// * / \ / \ libVES: VESvault API library * \__ / \ __/ * \\ // VES Utility: A command line interface to libVES * \\ // * \\_// - Key Management and Exchange * / \ - Item Encryption and Sharing * \___/ - Stream Encryption * * * (c) 2018 VESvault Corp * Jim Zubov <jz@vesvault.com> * * GNU General Public License v3 * You may opt to use, copy, modify, merge, publish, distribute and/or sell * copies of the Software, and permit persons to whom the Software is * furnished to do so, under the terms of the COPYING file. * * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY * KIND, either express or implied. * * libVES/KeyAlgo_EVP.h libVES: Vault Key algo header, via OpenSSL EVP * ***************************************************************************/ /*************************************************************************** * RSA via EVP ***************************************************************************/ extern const struct libVES_KeyAlgo libVES_KeyAlgo_RSA; /*************************************************************************** * ECDH via EVP ***************************************************************************/ extern const struct libVES_KeyAlgo libVES_KeyAlgo_ECDH; extern void *libVES_KeyAlgo_autoEVPfn; extern void *libVES_KeyAlgo_autoPEMfn; /*************************************************************************** * Pseudo algo - autodetect from EVP private key ***************************************************************************/ #define libVES_KeyAlgo_autoEVP libVES_KeyAlgo_pseudo(libVES_KeyAlgo_autoEVPfn) /*************************************************************************** * Pseudo algo - autodetect from PEM private key ***************************************************************************/ #define libVES_KeyAlgo_autoPEM libVES_KeyAlgo_pseudo(libVES_KeyAlgo_autoPEMfn) /*************************************************************************** * Private PEM to EVP, use veskey if encrypted ***************************************************************************/ struct evp_pkey_st *libVES_KeyAlgo_EVP_fromPEM(struct libVES_veskey *veskey, const char *pem); /*************************************************************************** * Private EVP to PEM, encrypted if veskey != NULL ***************************************************************************/ char *libVES_KeyAlgo_EVP_toPEM(struct libVES_veskey *veskey, struct evp_pkey_st *pkey);
/*************************************************************************** * ___ ___ * / \ / \ VESvault * \__ / \ __/ Encrypt Everything without fear of losing the Key * \\ // https://vesvault.com https://ves.host * \\ // * ___ \\_// * / \ / \ libVES: VESvault API library * \__ / \ __/ * \\ // VES Utility: A command line interface to libVES * \\ // * \\_// - Key Management and Exchange * / \ - Item Encryption and Sharing * \___/ - Stream Encryption * * * (c) 2018 VESvault Corp * Jim Zubov <jz@vesvault.com> * * GNU General Public License v3 * You may opt to use, copy, modify, merge, publish, distribute and/or sell * copies of the Software, and permit persons to whom the Software is * furnished to do so, under the terms of the COPYING file. * * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY * KIND, either express or implied. * * libVES/CiAlgo_AES.h libVES: Stream cipher AES* algorithm header * ***************************************************************************/ /*************************************************************************** * AES256GCM1K * Chunked seekable GCM stream cipher with integrity check. ***************************************************************************/ extern const struct libVES_CiAlgo libVES_CiAlgo_AES256GCM1K; /*************************************************************************** * AES256CFB * Seekable CFB stream cipher, no integrity check. ***************************************************************************/ extern const struct libVES_CiAlgo libVES_CiAlgo_AES256CFB; /*************************************************************************** * AES256GCMp * Padded GCM, used internally for Vault Item content. ***************************************************************************/ extern const struct libVES_CiAlgo libVES_CiAlgo_AES256GCMp;