1 /*************************************************************************
6 * [2011] - [2015] Realm Inc
9 * NOTICE: All information contained herein is, and remains
10 * the property of Realm Incorporated and its suppliers,
11 * if any. The intellectual and technical concepts contained
12 * herein are proprietary to Realm Incorporated
13 * and its suppliers and may be covered by U.S. and Foreign Patents,
14 * patents in process, and are protected by trade secret or copyright law.
15 * Dissemination of this information or reproduction of this material
16 * is strictly forbidden unless prior written permission is obtained
17 * from Realm Incorporated.
19 **************************************************************************/
21 #ifndef REALM_SYNC_CRYPTO_SERVER_HPP
22 #define REALM_SYNC_CRYPTO_SERVER_HPP
27 #include <realm/binary_data.hpp>
28 #include <realm/util/buffer.hpp>
33 struct CryptoError: std::runtime_error {
34 CryptoError(std::string message) : std::runtime_error(std::move(message)) {}
37 /// This class represents a public/private keypair, or more commonly a single public
38 /// key used for verifying signatures.
40 /// Only RSA keys are supported for now.
42 /// Its methods correspond roughly to the EVP_PKEY_* set of functionality found in
43 /// the OpenSSL library.
47 PKey& operator=(PKey&&);
50 /// Load RSA public key from \a pemfile.
51 static PKey load_public(const std::string& pemfile);
52 /// Load RSA public key from a PEM buffer
53 static PKey load_public(BinaryData pem_buffer);
55 /// Load RSA public/private keypair from \a pemfile.
56 static PKey load_private(const std::string& pemfile);
57 /// Load RSA public/private keypair from a PEM buffer
58 static PKey load_private(BinaryData pem_buffer);
60 /// Whether or not the key can be used for signing.
62 /// True if the private part is loaded.
63 bool can_sign() const noexcept;
65 /// Whether or not the key can be used for verifying.
67 /// Always true for RSA keys.
68 bool can_verify() const noexcept;
70 /// Sign \a message with the loaded key, if the private part is
71 /// loaded. Store the signed message as binary data in \a signature.
73 /// If a private key is not loaded, throws an exception of type CryptoError.
74 void sign(BinaryData message, util::Buffer<unsigned char>& signature) const;
76 /// Verify that \a signature is a valid digest of \a message.
78 /// Returns true if the signature is valid, otherwise false. If an error occurs while
79 /// attempting verification, an exception of type CryptoError is thrown.
80 bool verify(BinaryData message, BinaryData signature) const;
85 std::unique_ptr<Impl> m_impl;
91 #endif // REALM_SYNC_CRYPTO_SERVER_HPP