15.1.39. tablet_qt/crypto/cryptofunc.h

/*
    Copyright (C) 2012, University of Cambridge, Department of Psychiatry.
    Created by Rudolf Cardinal (rnc1001@cam.ac.uk).

    This file is part of CamCOPS.

    CamCOPS is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    CamCOPS is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with CamCOPS. If not, see <https://www.gnu.org/licenses/>.
*/

#pragma once

// #define OPENSSL_VIA_QLIBRARY

// #include <openssl/crypto.h>  // for OpenSSL_cleanse
#include <QString>

#include "secureqbytearray.h"
#include "secureqstring.h"

namespace cryptofunc {

// ============================================================================
// DLL helpers
// ============================================================================

#ifdef OPENSSL_VIA_QLIBRARY
// Ensure all relevant OpenSSL functions are loaded.
void ensureAllCryptoFunctionsLoaded();
#endif

// ============================================================================
// Simple calculations
// ============================================================================

// Length of the base64 representation of this many bytes.
int base64Length(int nbytes);

// ============================================================================
// Low-level calls
// ============================================================================

// AES encryption.
void aesEncrypt(
    const QByteArray& key_bytes,
    const QByteArray& iv_bytes,
    const QByteArray& plaintext_bytes,
    QByteArray& ciphertext_bytes
);

// AES decryption.
void aesDecrypt(
    const QByteArray& key_bytes,
    const QByteArray& iv_bytes,
    const QByteArray& ciphertext_bytes,
    QByteArray& recoveredtext_bytes
);

// Makes a new random AES initialization vector.
SecureQByteArray makeAesIV();

// Is this a valid AES key?
bool isValidAesKey(const QByteArray& key_bytes);

// Is this a valid AES key?
bool isValidAesKey(const QString& key_b64);

// Is this a valid AES initialization vector?
bool isValidAesIV(const QByteArray& iv_bytes);

// Is this a valid AES initialization vector?
bool isValidAesIV(const QString& iv_b64);

// Hash bytes via SHA512.
SecureQByteArray hashBytes(const QByteArray& plaintext_bytes);

// Salt plaintxt and hash it via SHA512.
QString hash(const QString& plaintext, const QString& salt);

// Create a random salt.
QString makeSalt();

// ============================================================================
// Front end
// ============================================================================

// Generate random bytes.
SecureQByteArray randomBytes(int n);

// Generate a base64 representation of some random bytes, for use as a
// password-obscuring key.
SecureQString generateObscuringKeyBase64();

// Generate an AES initialization vector in base64 format.
QString generateIVBase64();

// Encrypts plaintext via AES, returning the result in base64 format.
QString encryptToBase64(
    const QString& plaintext, const QString& key_b64, const QString& iv_b64
);

// Decrypts base64-encoded AES-encrypted data.
SecureQString decryptFromBase64(
    const QString& ciphertext_b64,
    const QString& key_b64,
    const QString& iv_b64
);

// Hashes a password.
QString hash(const QString& plaintext);

// Checks if a plaintext password matches a hashed version.
bool matchesHash(const QString& plaintext, const QString& hashed);

}  // namespace cryptofunc