voile

version: ~master

overview

voile.crypto

Crypto
This module provides cryptographic functions for voile. Supported architecture:
  • OpenSSL (Apache License 2.0): Enabled when dependent on Deimos OpenSSL library
    • [x] AES256 encrypt/decrypt OpenSSLAESCBCEncryptEngine, OpenSSLAES128CBCEncryptEngine, OpenSSLAES192CBCEncryptEngine, OpenSSLAES256CBCEncryptEngine, OpenSSLAESCBCDecryptEngine, OpenSSLAES128CBCDecryptEngine, OpenSSLAES192CBCDecryptEngine, OpenSSLAES256CBCDecryptEngine,
    • [x] Ed25519 sign/verify OpenSSLEd25519Engine
    • [x] ECDSA sign/verify OpenSSLECDSAP256Engine, OpenSSLECDSAP256KEngine, OpenSSLECDSAP384Engine, OpenSSLECDSAP521Engine
    • [x] RSA 4096 sign/verify/encrypt/decrypt OpenSSLRSA4096Engine
    • [x] ECDH P256 key exchange OpenSSLECDHP256Engine
  • Bcrypt (BSD-1.0): Enabled on Windows
    • [x] AES256 encrypt/decrypt BcryptAESCBCEncryptEngine, BcryptAES128CBCEncryptEngine, BcryptAES192CBCEncryptEngine, BcryptAES256CBCEncryptEngine, BcryptAESCBCDecryptEngine, BcryptAES128CBCDecryptEngine, BcryptAES192CBCDecryptEngine, BcryptAES256CBCDecryptEngine,
    • [ ] Ed25519 sign/verify - Not Supported BcryptEd25519Engine
    • [x] ECDSA sign/verify BcryptECDSAP256Engine, BcryptECDSAP256KEngine, BcryptECDSAP384Engine, BcryptECDSAP521Engine
    • [x] RSA 4096 sign/verify/encrypt/decrypt BcryptRSA4096Engine
    • [x] ECDH P256 key exchange BcryptECDHP256Engine
  • OpenSSL Command Line Interface (BSD-1.0): Does not work if the command is not available
    • [x] AES256 encrypt/decrypt OpenSSLCmdAESCBCEncryptEngine, OpenSSLCmdAES128CBCEncryptEngine, OpenSSLCmdAES192CBCEncryptEngine, OpenSSLCmdAES256CBCEncryptEngine, OpenSSLCmdAESCBCDecryptEngine, OpenSSLCmdAES128CBCDecryptEngine, OpenSSLCmdAES192CBCDecryptEngine, OpenSSLCmdAES256CBCDecryptEngine,
    • [x] Ed25519 sign/verify OpenSSLCmdEd25519Engine
    • [x] ECDSA sign/verify OpenSSLCmdECDSAP256Engine, OpenSSLCmdECDSAP256KEngine, OpenSSLCmdECDSAP384Engine, OpenSSLCmdECDSAP521Engine
    • [x] RSA 4096 sign/verify/encrypt/decrypt OpenSSLCmdRSA4096Engine
    • [x] ECDH P256 key exchange OpenSSLCmdECDHP256Engine
Engines:
  • DefaultAES256EncryptEngine
  • DefaultAES256DecryptEngine
  • DefaultEd25519Engine
  • DefaultECDSAP256Engine
  • DefaultRSA4096Engine
  • DefaultECDHP256Engine
Helpers:
  • Encrypter AES256 (with CommonKey, IV), RSA4096 (with PublicKey)
  • Decrypter AES256, RSA4096 (with PrivateKey)
  • Signer (opt: Pre hash) Ed25519 (with PrivateKey), ECDSA P256 (with PrivateKey), RSA4096 (with PrivateKey)
  • Verifier (opt: Pre hash) Ed25519 (with PublicKey), ECDSA P256 (with PublicKey), RSA4096 (with PublicKey)
  • Other pem2der, der2pem, calcHKDF, calcPBKDF2
alias DERBinary = immutable(ubyte)[];
DER format binary
alias PEMString = string;
PEM format string
template BinaryKey(size_t N)
Raw binary format
alias bin_t = immutable(ubyte)[];
Binary data
@safe DERBinary pem2der(in char[] pem);
PEMからDER形式に変換するヘルパ
@safe PEMString der2pem(in ubyte[] der, string name);
PEMからDER形式に変換するヘルパ
bin_t calcHKDF(DigestEngine = SHA256)(in ubyte[] secret, size_t len, in ubyte[] salt = null, string info = null);
HKDFを計算するヘルパ
bin_t calcPBKDF2(DigestEngine = SHA256)(string password, size_t len, size_t iterations, in ubyte[] salt = null);
HKDFを計算するヘルパ
alias OpenSSLCmdECDSAP256Engine = OpenSSLCmdECDSAEngine!(ECDSAType.p256).OpenSSLCmdECDSAEngine;
alias OpenSSLCmdECDSAP256KEngine = OpenSSLCmdECDSAEngine!(ECDSAType.p256k).OpenSSLCmdECDSAEngine;
alias OpenSSLCmdECDSAP384Engine = OpenSSLCmdECDSAEngine!(ECDSAType.p384).OpenSSLCmdECDSAEngine;
alias OpenSSLCmdECDSAP521Engine = OpenSSLCmdECDSAEngine!(ECDSAType.p521).OpenSSLCmdECDSAEngine;
enum bool isOpenSSLCmdAESEngine(T);
enum bool isOpenSSLCmdEd25519Engine(T);
enum bool isOpenSSLCmdECDSAP256Engine(T);
enum bool isOpenSSLCmdECDSAP256KEngine(T);
enum bool isOpenSSLCmdECDSAP384Engine(T);
enum bool isOpenSSLCmdECDSAP521Engine(T);
enum bool isOpenSSLCmdECDSAEngine(T);
enum bool isOpenSSLCmdRSA4096Engine(T);
enum bool isOpenSSLCmdECDHP256Engine(T);
enum bool isOpenSSLAESEngine(T);
enum bool isOpenSSLEd25519Engine(T);
enum bool isOpenSSLECDSAP256Engine(T);
enum bool isOpenSSLECDSAP256KEngine(T);
enum bool isOpenSSLECDSAP384Engine(T);
enum bool isOpenSSLECDSAP521Engine(T);
enum bool isOpenSSLECDSAEngine(T);
enum bool isOpenSSLRSA4096Engine(T);
enum bool isOpenSSLECDHP256Engine(T);
enum bool isBcryptAESEngine(T);
enum bool isBcryptEd25519Engine(T);
enum bool isBcryptECDSAP256Engine(T);
enum bool isBcryptECDSAP256KEngine(T);
enum bool isBcryptECDSAP384Engine(T);
enum bool isBcryptECDSAP521Engine(T);
enum bool isBcryptECDSAEngine(T);
enum bool isBcryptRSA4096Engine(T);
enum bool isBcryptECDHP256Engine(T);
enum bool isOpenSSLCmdEngine(T);
enum bool isOpenSSLEngine(T);
enum bool isBcryptEngine(T);
enum bool isAESEngine(T);
enum bool isEd25519Engine(T);
enum bool isECDSAP256Engine(T);
enum bool isECDSAP256KEngine(T);
enum bool isECDSAP384Engine(T);
enum bool isECDSAP521Engine(T);
enum bool isECDSAEngine(T);
enum bool isRSAEngine(T);
enum bool isECDHEngine(T);
alias DefaultAES128CBCEncryptEngine = OpenSSLCmdAESCBCEncryptEngine;
alias DefaultAES256CBCEncryptEngine = OpenSSLCmdAESCBCEncryptEngine;
alias DefaultAES128CBCDecryptEngine = OpenSSLCmdAESCBCDecryptEngine;
alias DefaultAES256CBCDecryptEngine = OpenSSLCmdAESCBCDecryptEngine;
alias DefaultEd25519Engine = OpenSSLCmdEd25519Engine;
alias DefaultECDSAP256Engine = OpenSSLCmdECDSAEngine!(ECDSAType.p256).OpenSSLCmdECDSAEngine;
alias DefaultECDSAP256KEngine = OpenSSLCmdECDSAEngine!(ECDSAType.p256k).OpenSSLCmdECDSAEngine;
alias DefaultECDSAP384Engine = OpenSSLCmdECDSAEngine!(ECDSAType.p384).OpenSSLCmdECDSAEngine;
alias DefaultECDSAP521Engine = OpenSSLCmdECDSAEngine!(ECDSAType.p521).OpenSSLCmdECDSAEngine;
alias DefaultRSA4096Engine = OpenSSLCmdRSA4096Engine;
alias DefaultECDHP256Engine = OpenSSLCmdECDHP256Engine;
struct Encrypter(Engine);
alias AES256CBCEncrypter = Encrypter!(OpenSSLCmdAESCBCEncryptEngine).Encrypter;
Encrypt
this(Engine engine, bool padding = true);
this(in ubyte[] key, in ubyte[] iv, bool padding = true, string cmd = defaultOpenSSLCommand);
this(in ubyte[] key, in ubyte[] iv, bool padding = true);
this(in char[] pubKey, bool padding = true, string cmd = defaultOpenSSLCommand);
this(in ubyte[] pubKey, bool padding = true, string cmd = defaultOpenSSLCommand);
this(in BinaryKey!(Engine.pubKeyLen) pubKey, bool padding = true, string cmd = defaultOpenSSLCommand);
this(in char[] pubKey, bool padding = true);
this(in ubyte[] pubKey, bool padding = true);
this(BinaryKey!(Engine.pubKeyLen) pubKey, bool padding = true);
Constructor
void update(in ubyte[] data);
Update
bin_t data();
Data
bin_t encrypt(in ubyte[] dat);
OneShot encrypt
struct Decrypter(Engine);
alias AES256CBCDecrypter = Decrypter!(OpenSSLCmdAESCBCDecryptEngine).Decrypter;
alias RSA4096Decrypter = Decrypter!(OpenSSLCmdRSA4096Engine).Decrypter;
Decrypt
this(Engine engine, bool padding = true);
this(immutable(ubyte)[] key, immutable(ubyte)[] iv, bool padding = true, string cmd = defaultOpenSSLCommand);
this(immutable(ubyte)[] key, immutable(ubyte)[] iv, bool padding = true);
this(string pubKey, bool padding = true, string cmd = defaultOpenSSLCommand);
this(immutable(ubyte)[] prvKey, bool padding = true, string cmd = defaultOpenSSLCommand);
this(size_t N)(immutable(ubyte)[N] prvKey, bool padding = true, string cmd = defaultOpenSSLCommand);
this(string prvKey, bool padding = true);
this(immutable(ubyte)[] prvKey, bool padding = true);
this(size_t N)(immutable(ubyte)[N] prvKey, bool padding = true);
Constructor
void update(in ubyte[] data);
Update
immutable(ubyte)[] data();
Data
immutable(ubyte)[] decrypt(in ubyte[] dat);
OneShot decrypt
struct Signer(Engine, DigestEngine = void);
template Ed25519Signer(DigestEngine = void)
alias Ed25519phSigner = Signer!(OpenSSLCmdEd25519Engine, SHA!(1024u, 512u)).Signer;
template ECDSAP256Signer(DigestEngine = void)
template ECDSAP256KSigner(DigestEngine = void)
template ECDSAP384Signer(DigestEngine = void)
template ECDSAP521Signer(DigestEngine = void)
template RSA4096Signer(DigestEngine = void)
Sign
@trusted this(Engine engine, Engine.PrivateKey prvKey);
@trusted this(in char[] prvKeyPEM, string cmd = defaultOpenSSLCommand);
@trusted this(in ubyte[] prvKeyDER, string cmd = defaultOpenSSLCommand);
@trusted this(in BinaryKey!(Engine.prvKeyLen) prvKeyRaw, string cmd = defaultOpenSSLCommand);
@trusted this(in char[] prvKeyPEM);
@trusted this(in ubyte[] prvKeyDER);
@trusted this(in BinaryKey!(Engine.prvKeyLen) prvKeyRaw);
Constructor
@safe void update(in ubyte[] message);
Update
@trusted bin_t sign();
Sign
@trusted bin_t sign(in ubyte[] data);
Sign
struct Verifier(Engine, DigestEngine = void);
template Ed25519Verifier(DigestEngine = void)
alias Ed25519phVerifier = Verifier!(OpenSSLCmdEd25519Engine, SHA!(1024u, 512u)).Verifier;
template ECDSAP256Verifier(DigestEngine = void)
template ECDSAP256KVerifier(DigestEngine = void)
template ECDSAP384Verifier(DigestEngine = void)
template ECDSAP521Verifier(DigestEngine = void)
template RSA4096Verifier(DigestEngine = void)
Vefiry
@trusted this(Engine engine, Engine.PublicKey pubKey);
@trusted this(in char[] pubKeyPEM, string cmd = defaultOpenSSLCommand);
@trusted this(in ubyte[] pubKeyDER, string cmd = defaultOpenSSLCommand);
@trusted this(in BinaryKey!(Engine.pubKeyLen) pubKeyRaw, string cmd = defaultOpenSSLCommand);
@trusted this(in char[] pubKeyPEM);
@trusted this(in ubyte[] pubKeyDER);
@trusted this(in BinaryKey!(Engine.pubKeyLen) pubKeyRaw);
Constructor
@safe void update(in ubyte[] message);
Update
@trusted bool verify(in ubyte[] signature);
@trusted bool verify(in ubyte[] signature, in ubyte[] message);
Verify
struct KeyExchanger(Engine);
Key exchange
this(Engine engine, Engine.PrivateKey prvKey);
this(in char[] prvKeyPEM, string cmd = defaultOpenSSLCommand);
this(in ubyte[] prvKeyDER, string cmd = defaultOpenSSLCommand);
this(size_t N)(ubyte[N] prvKeyRaw, string cmd = defaultOpenSSLCommand);
this(in char[] prvKeyPEM);
this(in ubyte[] prvKeyDER);
this(size_t N)(ubyte[N] prvKeyRaw);
Constructor
immutable(ubyte)[] derive(in char[] pubKeyPEM);
immutable(ubyte)[] derive(in ubyte[] pubKeyPEM);
immutable(ubyte)[] derive(size_t N)(in ubyte[N] pubKeyRaw);
Derive
immutable(ubyte)[] deriveHKDF(DigestEngine = SHA256)(in char[] pubKeyPEM, size_t len, immutable(ubyte)[] salt = null, string info = null);
immutable(ubyte)[] deriveHKDF(DigestEngine = SHA256)(in ubyte[] pubKeyDER, size_t len, immutable(ubyte)[] salt = null, string info = null);
immutable(ubyte)[] deriveHKDF(DigestEngine = SHA256, size_t N)(in ubyte[N] pubKeyRaw, size_t len, immutable(ubyte)[] salt = null, string info = null);
Derive with calculate HKDF
auto deriveEncrypter(DigestEngine = SHA256)(in char[] pubKeyPEM, immutable(ubyte)[] salt = null, size_t aesKeyBits = 256);
auto deriveEncrypter(DigestEngine = SHA256)(in ubyte[] pubKeyDER, immutable(ubyte)[] salt = null, size_t aesKeyBits = 256);
auto deriveEncrypter(DigestEngine = SHA256, size_t N)(in ubyte[N] pubKeyRaw, immutable(ubyte)[] salt = null, size_t aesKeyBits = 256);
Derive encrypter
auto deriveEncrypter(DigestEngine = SHA256)(in char[] pubKeyPEM, immutable(ubyte)[] salt = null, size_t aesKeyBits = 256);
auto deriveEncrypter(DigestEngine = SHA256)(in ubyte[] pubKeyDER, immutable(ubyte)[] salt = null, size_t aesKeyBits = 256);
auto deriveEncrypter(DigestEngine = SHA256, size_t N)(in ubyte[N] pubKeyRaw, immutable(ubyte)[] salt = null, size_t aesKeyBits = 256);
Derive decrypter
@trusted BinaryKey!(Engine.prvKeyLen) createPrivateKey(Engine)();
@trusted BinaryKey!(Engine.pubKeyLen) createPublicKey(Engine)(in BinaryKey!(Engine.prvKeyLen) prvKey);
@safe BinaryKey!32 createEd25519PrivateKey();
@safe BinaryKey!32 createEd25519PublicKey(BinaryKey!32 prvKey);
@safe BinaryKey!32 createECDSAP256PrivateKey();
@safe BinaryKey!65 createECDSAP256PublicKey(BinaryKey!32 prvKey);
@safe BinaryKey!32 createECDSAP256KPrivateKey();
@safe BinaryKey!65 createECDSAP256KPublicKey(BinaryKey!32 prvKey);
@safe BinaryKey!48 createECDSAP384PrivateKey();
@safe BinaryKey!97 createECDSAP384PublicKey(BinaryKey!48 prvKey);
@safe BinaryKey!66 createECDSAP521PrivateKey();
@safe BinaryKey!133 createECDSAP521PublicKey(BinaryKey!66 prvKey);
@safe ubyte[DefaultRSA4096Engine.prvKeyLen] createRSA4096PrivateKey();
@safe ubyte[DefaultRSA4096Engine.pubKeyLen] createRSA4096PublicKey(ubyte[DefaultRSA4096Engine.prvKeyLen] prvKey);
Create key
@trusted PEMString convPrivateKeyToPEM(Engine)(in BinaryKey!(Engine.prvKeyLen) prvKey);
@trusted BinaryKey!(Engine.prvKeyLen) convPrivateKeyFromPEM(Engine)(in char[] pem);
@trusted DERBinary convPrivateKeyToDER(Engine)(in BinaryKey!(Engine.prvKeyLen) prvKey);
@trusted BinaryKey!(Engine.prvKeyLen) convPrivateKeyFromDER(Engine)(in ubyte[] der);
@trusted PEMString convPublicKeyToPEM(Engine)(in BinaryKey!(Engine.pubKeyLen) pubKey);
@trusted BinaryKey!(Engine.pubKeyLen) convPublicKeyFromPEM(Engine)(in char[] pem);
@trusted DERBinary convPublicKeyToDER(Engine)(in BinaryKey!(Engine.pubKeyLen) pubKey);
@trusted BinaryKey!(Engine.pubKeyLen) convPublicKeyFromDER(Engine)(in ubyte[] der);
@safe PEMString convEd25519PrivateKeyToPEM(in BinaryKey!32 prvKey);
@safe BinaryKey!32 convEd25519PrivateKeyFromPEM(in char[] pem);
@safe DERBinary convEd25519PrivateKeyToDER(in BinaryKey!32 prvKey);
@safe BinaryKey!32 convEd25519PrivateKeyFromDER(in ubyte[] der);
@safe PEMString convEd25519PublicKeyToPEM(in BinaryKey!32 pubKey);
@safe BinaryKey!32 convEd25519PublicKeyFromPEM(in char[] pem);
@safe DERBinary convEd25519PublicKeyToDER(in BinaryKey!32 pubKey);
@safe BinaryKey!32 convEd25519PublicKeyFromDER(in ubyte[] der);
@safe PEMString convECDSAP256PrivateKeyToPEM(in BinaryKey!32 prvKey);
@safe BinaryKey!32 convECDSAP256PrivateKeyFromPEM(in char[] pem);
@safe DERBinary convECDSAP256PrivateKeyToDER(in BinaryKey!32 prvKey);
@safe BinaryKey!32 convECDSAP256PrivateKeyFromDER(in ubyte[] der);
@safe PEMString convECDSAP256PublicKeyToPEM(in BinaryKey!65 pubKey);
@safe BinaryKey!65 convECDSAP256PublicKeyFromPEM(in char[] pem);
@safe DERBinary convECDSAP256PublicKeyToDER(in BinaryKey!65 pubKey);
@safe BinaryKey!65 convECDSAP256PublicKeyFromDER(in ubyte[] der);
@safe PEMString convECDSAP256KPrivateKeyToPEM(in BinaryKey!32 prvKey);
@safe BinaryKey!32 convECDSAP256KPrivateKeyFromPEM(in char[] pem);
@safe DERBinary convECDSAP256KPrivateKeyToDER(in BinaryKey!32 prvKey);
@safe BinaryKey!32 convECDSAP256KPrivateKeyFromDER(in ubyte[] der);
@safe PEMString convECDSAP256KPublicKeyToPEM(in BinaryKey!65 pubKey);
@safe BinaryKey!65 convECDSAP256KPublicKeyFromPEM(in char[] pem);
@safe DERBinary convECDSAP256KPublicKeyToDER(in BinaryKey!65 pubKey);
@safe BinaryKey!65 convECDSAP256KPublicKeyFromDER(in ubyte[] der);
@safe PEMString convECDSAP384PrivateKeyToPEM(in BinaryKey!48 prvKey);
@safe BinaryKey!48 convECDSAP384PrivateKeyFromPEM(in char[] pem);
@safe DERBinary convECDSAP384PrivateKeyToDER(in BinaryKey!48 prvKey);
@safe BinaryKey!48 convECDSAP384PrivateKeyFromDER(in ubyte[] der);
@safe PEMString convECDSAP384PublicKeyToPEM(in BinaryKey!97 pubKey);
@safe BinaryKey!97 convECDSAP384PublicKeyFromPEM(in char[] pem);
@safe DERBinary convECDSAP384PublicKeyToDER(in BinaryKey!97 pubKey);
@safe BinaryKey!97 convECDSAP384PublicKeyFromDER(in ubyte[] der);
@safe PEMString convECDSAP521PrivateKeyToPEM(in BinaryKey!66 prvKey);
@safe BinaryKey!66 convECDSAP521PrivateKeyFromPEM(in char[] pem);
@safe DERBinary convECDSAP521PrivateKeyToDER(in BinaryKey!66 prvKey);
@safe BinaryKey!66 convECDSAP521PrivateKeyFromDER(in ubyte[] der);
@safe PEMString convECDSAP521PublicKeyToPEM(in BinaryKey!133 pubKey);
@safe BinaryKey!133 convECDSAP521PublicKeyFromPEM(in char[] pem);
@safe DERBinary convECDSAP521PublicKeyToDER(in BinaryKey!133 pubKey);
@safe BinaryKey!133 convECDSAP521PublicKeyFromDER(in ubyte[] der);
Conversion of key formats
bin_t convECDSASignDer2Bin(in ubyte[] der);
bin_t convECDSASignBin2Der(in ubyte[] bin);
Methods of ECDSA P256 Signature format convertion
DER format:
  • SEQUENCE
    • INTEGER: R
    • INTEGER: S
BIN format:
  • ubyte[32]: R
  • ubyte[32]: S