Virgil Security Crypto Library v2.6.0

CMakeLists.txt

@@ -111,8 +111,8 @@ project (VirgilSecurity)
 
 # Set library version
 set (VIRGIL_VERSION_MAJOR 2)
-set (VIRGIL_VERSION_MINOR 4)
-set (VIRGIL_VERSION_PATCH 6)
+set (VIRGIL_VERSION_MINOR 6)
+set (VIRGIL_VERSION_PATCH 0)
 set (VIRGIL_VERSION_TAG)
 set (VIRGIL_VERSION ${VIRGIL_VERSION_MAJOR}.${VIRGIL_VERSION_MINOR}.${VIRGIL_VERSION_PATCH})
 set (VIRGIL_SOVERSION 2)

ChangeLog

@@ -1,5 +1,13 @@
 virgil ChangeLog (Sorted per date)
 
+= Version 2.6.0 released 2018-09-07
+
+## Features
+
+  * [Lib] Add class VirgilSeqCipher that provides sequential encryption and decryption
+  * [Lib] Add class VirgilSeqSigner that provides sequential signing and verifying
+
+
 = Version 2.4.6 released 2018-06-21
 
 ## Features
@@ -17,7 +25,6 @@ virgil ChangeLog (Sorted per date)
   * [JS] Update NodeJS version v6.14.2 -> v6.14.3
   * [SWIG] Place includes at the 'begin' SWIG section instead of 'header' section
 
-
 ## Bugfix
 
   * [Lib] Fix crash on Pythia object creation for NodeJS versions >= 10.0

VERSION

@@ -1 +1 @@
-2.4.6
+2.6.0

lib/include/virgil/crypto/VirgilChunkCipher.h

@@ -105,11 +105,11 @@ class VirgilChunkCipher : public VirgilCipherBase {
      * @brief Retrieve actual chunk size from the custom parameters.
      */
     size_t retrieveChunkSize() const;
+
     /**
-     * @brief Attempt to read content info from the data source.
-     * @return Data that was read from the source and is not content info.
+     * @brief Do encryption / decryption depends on the configured mode.
      */
-    VirgilByteArray tryReadContentInfo(VirgilDataSource& source);
+    void process(VirgilDataSource& source, VirgilDataSink& sink, size_t actualChunkSize);
 };
 
 }}

lib/include/virgil/crypto/VirgilCipher.h

@@ -77,15 +77,12 @@ class VirgilCipher : public VirgilCipherBase {
      * @return Decrypted data.
      */
     VirgilByteArray decryptWithPassword(const VirgilByteArray& encryptedData, const VirgilByteArray& pwd);
-
 private:
     /**
      * @brief Decrypt given data.
      * @return Decrypted data.
      */
-    VirgilByteArray decrypt(
-            const VirgilByteArray& encryptedData,
-            virgil::crypto::foundation::VirgilSymmetricCipher& cipher);
+    VirgilByteArray decrypt(const VirgilByteArray& encryptedData);
 };
 
 }}

lib/include/virgil/crypto/VirgilCipherBase.h

@@ -206,41 +206,54 @@ class VirgilCipherBase {
 
 protected:
     /**
-     * @brief Make attempt to read content info from the encrypted data.
+     * @brief Extract content info from the encrypted data and setup it.
      *
-     * Payload content info if was detected in the encrypted data.
+     * This function should be used always to filter input encrypted data.
      *
      * @param encryptedData - data that was encrypted.
-     * return Encrypted data without content info.
+     * @param isLastChunk - tell filter that given data is the last one.
+     * return Encrypted data that is follows content info, if content info was fully extracted, otherwise - empty data.
      */
-    VirgilByteArray tryReadContentInfo(const VirgilByteArray& encryptedData);
+    VirgilByteArray filterAndSetupContentInfo(const VirgilByteArray& encryptedData, bool isLastChunk);
 
     /**
      * @brief Configures symmetric cipher for encryption.
-     * @return Configured cipher.
      * @note cipher's key randomly generated.
      * @note cipher's input vector is randomly generated.
      */
-    virgil::crypto::foundation::VirgilSymmetricCipher& initEncryption();
+    void initEncryption();
 
     /**
-     * @brief Configures symmetric cipher for decryption based on the recipient's password.
+     * @brief Stores recipient's password that is used for cipher's key decryption when content becomes available.
      * @param pwd - recipient's password.
-     * @return Configured cipher.
      */
-    virgil::crypto::foundation::VirgilSymmetricCipher& initDecryptionWithPassword(const VirgilByteArray& pwd);
+    void initDecryptionWithPassword(const VirgilByteArray& pwd);
 
     /**
-     * @brief Configures symmetric cipher for decryption based on the recipient's id and private key.
+     * @brief Stores recipient's information that is used for cipher's key decryption when content becomes available.
      * @param recipientId - recipient's id.
      * @param privateKey - recipient's private key.
      * @param privateKeyPassword - recipient's private key password.
-     * @return Configured cipher.
      */
-    virgil::crypto::foundation::VirgilSymmetricCipher& initDecryptionWithKey(
+    void initDecryptionWithKey(
             const VirgilByteArray& recipientId,
             const VirgilByteArray& privateKey, const VirgilByteArray& privateKeyPassword);
 
+    /**
+     * Return true if one one of the init function was called.
+     */
+    bool isInited() const;
+
+    /**
+     * Return true if underlying symmetric cipher is properly configured for encryption.
+     */
+    bool isReadyForEncryption() const;
+
+    /**
+     * Return true if underlying symmetric cipher is properly configured for decryption.
+     */
+    bool isReadyForDecryption() const;
+
     /**
      * @brief Return symmetric cipher configure by one of the methods:
      *     initEncryption(), initDecryptionWithPassword(), initDecryptionWithKey.
@@ -260,10 +273,10 @@ class VirgilCipherBase {
      *
      * Clear symmetric cipher and correspond internal states.
      * @note This method SHOULD be called after encryption or decryption process is finished.
-     * @note You CAN not use symmetric cipher returned by the method @link getSymmetricCipher () @endlink,
+     * @note You CAN not use symmetric cipher returned by the method @link getSymmetricCipher() @endlink,
      *     after this method call.
      */
-    void clearCipherInfo();
+    void clear();
 
 public:
     //! @cond Doxygen_Suppress
@@ -283,6 +296,14 @@ class VirgilCipherBase {
             const VirgilByteArray& encryptedKey, const VirgilByteArray& encryptionAlgorithm,
             const VirgilByteArray& password) const;
 
+
+    /**
+     * @brief Configures symmetric cipher for decryption.
+     * @note cipher's key is extracted from the content info.
+     * @note cipher's input vector is extracted from the content info.
+     */
+    void accomplishInitDecryption();
+
 private:
     class Impl;
 

lib/include/virgil/crypto/VirgilContentInfo.h

@@ -211,6 +211,10 @@ class VirgilContentInfo : public foundation::asn1::VirgilAsn1Compatible {
 
     VirgilByteArray getContentEncryptionAlgorithm() const;
 
+    bool isReadyForEncryption();
+
+    bool isReadyForDecryption();
+
     friend class VirgilCipherBase;
     ///@}
 

lib/include/virgil/crypto/VirgilSeqCipher.h

@@ -0,0 +1,97 @@
+/**
+ * Copyright (C) 2015-2018 Virgil Security Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     (1) Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *
+ *     (2) Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *
+ *     (3) Neither the name of the copyright holder nor the names of its
+ *     contributors may be used to endorse or promote products derived from
+ *     this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Lead Maintainer: Virgil Security Inc. <[email protected]>
+ */
+
+#ifndef VIRGIL_SEQ_CIPHER_H
+#define VIRGIL_SEQ_CIPHER_H
+
+#include <vector>
+
+#include "VirgilCipherBase.h"
+#include "VirgilByteArray.h"
+
+namespace virgil { namespace crypto {
+
+/**
+ * @brief This class provides high-level interface to sequenctially encrypt / decrypt data using Virgil Security keys.
+ */
+class VirgilSeqCipher : public VirgilCipherBase {
+public:
+    /**
+     * @brief Start sequential encryption process.
+     * @note Store content info to use it for decryption process, or use it as beginning of encrypted data (embedding).
+     * @return Content info.
+     */
+    VirgilByteArray startEncryption();
+
+    /**
+     * @brief Start sequential decryption for recipient defined by id and private key.
+     * @note Content info MUST be defined, if it was not embedded to the encrypted data.
+     * @see method setContentInfo().
+     */
+    void startDecryptionWithKey(
+            const VirgilByteArray& recipientId, const VirgilByteArray& privateKey,
+            const VirgilByteArray& privateKeyPassword = VirgilByteArray());
+    /**
+     * @brief Start sequential decryption for recipient defined by id and private key.
+     * @note Content info MUST be defined, if it was not embedded to the encrypted data.
+     * @see method setContentInfo().
+     */
+    void startDecryptionWithPassword(const VirgilByteArray& pwd);
+
+    /**
+     * Encrypt or decrypt given data depends on the current sequential mode.
+     * @param  data - plain text, if cipher in the encryption mode, encrypted data, if cipher in the decryption mode.
+     * @return plain text, if cipher in the decryption mode, encrypted data, if cipher in the encryption mode.
+     */
+    VirgilByteArray process(const VirgilByteArray& data);
+
+    /**
+     * Accomplish sequential encryption or decryption depends on the mode.
+     * @return plain text, if cipher in the decryption mode, encrypted data, if cipher in the encryption mode.
+     */
+    VirgilByteArray finish();
+
+private:
+    /**
+     * @brief Decrypt given data.
+     * @return Decrypted data.
+     */
+    VirgilByteArray decrypt(const VirgilByteArray& encryptedData);
+};
+
+}}
+
+#endif /* VIRGIL_SEQ_CIPHER_H */

lib/include/virgil/crypto/VirgilSeqSigner.h

@@ -0,0 +1,100 @@
+/**
+ * Copyright (C) 2015-2018 Virgil Security Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     (1) Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *
+ *     (2) Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *
+ *     (3) Neither the name of the copyright holder nor the names of its
+ *     contributors may be used to endorse or promote products derived from
+ *     this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Lead Maintainer: Virgil Security Inc. <[email protected]>
+ */
+
+#ifndef VIRGIL_SEQ_SIGNER_H
+#define VIRGIL_SEQ_SIGNER_H
+
+#include "VirgilSignerBase.h"
+
+#include "VirgilByteArray.h"
+#include "foundation/VirgilHash.h"
+
+#include <memory>
+
+namespace virgil { namespace crypto {
+
+/**
+ * @brief This class provides high-level interface to sign and verify data using Virgil Security keys.
+ *
+ * This module can sign / verify data that is fed to the signer sequentially.
+ */
+class VirgilSeqSigner : public VirgilSignerBase {
+public:
+    /**
+     * @brief Create signer with predefined hash function.
+     * @note Specified hash function algorithm is used only during signing.
+     */
+    explicit VirgilSeqSigner (
+            foundation::VirgilHash::Algorithm hashAlgorithm = foundation::VirgilHash::Algorithm::SHA384);
+
+    /**
+     * Start new data signing.
+     */
+    void startSigning();
+
+    /**
+     * Start new data verifying.
+     * @param signature -
+     */
+    void startVerifying(const VirgilByteArray& signature);
+
+    /**
+     * Append new data chunk to be signed or verified.
+     * @param data - next data chunk.
+     */
+    void update(const VirgilByteArray& data);
+
+    /**
+     * @brief Sign data that was collected by update() function.
+     * @return Virgil Security sign.
+     */
+    VirgilByteArray sign(const VirgilByteArray& privateKey,
+            const VirgilByteArray& privateKeyPassword = VirgilByteArray());
+
+    /**
+     * @brief Verify sign and data that was collected by update() function to be conformed to the given public key.
+     * @return true if sign is valid and data was not malformed.
+     */
+    bool verify(const VirgilByteArray& publicKey);
+
+private:
+    VirgilByteArray unpackedSignature_;
+    foundation::VirgilHash hash_;
+};
+
+}}
+
+#endif /* VIRGIL_SEQ_SIGNER_H */

lib/include/virgil/crypto/VirgilStreamCipher.h

@@ -88,9 +88,7 @@ class VirgilStreamCipher : public VirgilCipherBase {
     /**
      * @brief Decrypt data read from given source, and write it to the sink.
      */
-    void decrypt(
-            VirgilDataSource& source, VirgilDataSink& sink,
-            virgil::crypto::foundation::VirgilSymmetricCipher& cipher, const VirgilByteArray& firstChunk);
+    void decrypt(VirgilDataSource& source, VirgilDataSink& sink);
 };
 
 }}

lib/include/virgil/crypto/foundation/VirgilSymmetricCipher.h

@@ -107,6 +107,12 @@ class VirgilSymmetricCipher : public virgil::crypto::foundation::asn1::VirgilAsn
      * @name Info
      */
     ///@{
+
+    /**
+     * Return true if cipher is inited with specific algorithm.
+     */
+    bool isInited() const;
+
     /**
      * @brief Returns the name of the given cipher, as a string.
      */