summaryrefslogtreecommitdiff
path: root/zen/open_ssl.h
blob: 2b0c72450782ba9f111263fc05d92f6d97c2efec (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

// *****************************************************************************
// * This file is part of the FreeFileSync project. It is distributed under    *
// * GNU General Public License: https://www.gnu.org/licenses/gpl-3.0          *
// * Copyright (C) Zenju (zenju AT freefilesync DOT org) - All Rights Reserved *
// *****************************************************************************

#ifndef OPEN_SSL_H_801974580936508934568792347506
#define OPEN_SSL_H_801974580936508934568792347506

#include <zen/zstring.h>
#include <zen/sys_error.h>


namespace zen
{
//init OpenSSL before use!
void openSslInit();
void openSslTearDown();


enum class RsaStreamType
{
    pkix,  //base-64-encoded X.509 SubjectPublicKeyInfo structure ("BEGIN PUBLIC KEY")
    pkcs1, //base-64-encoded PKCS#1 RSAPublicKey: RSA number and exponent ("BEGIN RSA PUBLIC KEY")
    raw    //raw bytes: DER-encoded PKCS#1
};

//verify signatures produced with: "openssl dgst -sha256 -sign private.pem -out file.sig file.txt"
void verifySignature(const std::string& message,
                     const std::string& signature,
                     const std::string& publicKeyStream,
                     RsaStreamType streamType); //throw SysError

std::string convertRsaKey(const std::string& keyStream, RsaStreamType typeFrom, RsaStreamType typeTo, bool publicKey); //throw SysError


bool isPuttyKeyStream(const std::string& keyStream);
std::string convertPuttyKeyToPkix(const std::string& keyStream, const std::string& passphrase); //throw SysError


class TlsContext
{
public:
    TlsContext(int socket, //throw SysError
               const Zstring& server,
               const Zstring* caCertFilePath /*optional: enable certificate validation*/);
    ~TlsContext();

    size_t tryRead(       void* buffer, size_t bytesToRead ); //throw SysError; may return short, only 0 means EOF!
    size_t tryWrite(const void* buffer, size_t bytesToWrite); //throw SysError; may return short! CONTRACT: bytesToWrite > 0

private:
    class Impl;
    const std::unique_ptr<Impl> pimpl_;
};
}

#endif //OPEN_SSL_H_801974580936508934568792347506
bgstack15