A pure abstract class defining the API to encrypt/decrypt/manage user and its keys.
More...
|
| virtual void | encrypt (std::shared_ptr< lime::EncryptionContext > encryptionContext, const std::shared_ptr< limeCallback > callback, const std::shared_ptr< limeRandomSeedCallback > randomSeedCallback=nullptr)=0 |
| | Encrypt a buffer (text or file) for a given list of recipient devices. More...
|
| |
| virtual lime::PeerDeviceStatus | decrypt (const std::vector< uint8_t > &recipientUserId, const std::string &senderDeviceId, const std::vector< uint8_t > &DRmessage, const std::vector< uint8_t > &cipherMessage, std::vector< uint8_t > &plainMessage)=0 |
| | Decrypt the given message. More...
|
| |
| virtual std::unique_lock< std::mutex > | lock (void)=0 |
| |
| virtual void | processEncryptionQueue (void)=0 |
| | Check if we have queued encryption to process, if yes, do it. More...
|
| |
| virtual void | DRcache_delete (const std::string &deviceId)=0 |
| | delete an entry (if found) from the DR session cache More...
|
| |
| virtual void | DRcache_insert (const std::string &deviceId, std::shared_ptr< DR > DRsession)=0 |
| | insert an entry in the DR session cache if an entry with the same key already exists, do nothing More...
|
| |
| virtual std::shared_ptr< X3DH > | get_X3DH (void)=0 |
| | accessor to the internal X3DH engine More...
|
| |
| virtual void | publish_user (const std::shared_ptr< limeCallback > callback, const uint16_t OPkInitialBatchSize)=0 |
| | Publish on X3DH server the user, it is performed just after creation in local storage this will, on success, trigger generation and sending of SPk and OPks for our new user. More...
|
| |
| virtual void | delete_user (const std::shared_ptr< limeCallback > callback)=0 |
| | Delete user from local Storage and from X3DH server. More...
|
| |
| virtual void | delete_peerDevice (const std::string &peerDeviceId)=0 |
| | Purge cached sessions for a given peer Device (used when a peer device is being deleted) More...
|
| |
| virtual void | update_SPk (const std::shared_ptr< limeCallback > callback)=0 |
| | Check if the current SPk needs to be updated, if yes, generate a new one and publish it on server. More...
|
| |
| virtual void | update_OPk (const std::shared_ptr< limeCallback > callback, uint16_t OPkServerLowLimit, uint16_t OPkBatchSize)=0 |
| | check if we shall upload more OPks on X3DH server More...
|
| |
| virtual void | get_Ik (std::vector< uint8_t > &Ik)=0 |
| | Retrieve self public Identity key. More...
|
| |
| virtual void | set_x3dhServerUrl (const std::string &x3dhServerUrl)=0 |
| | Set the X3DH key server URL for this identified user. More...
|
| |
| virtual std::string | get_x3dhServerUrl ()=0 |
| | Get the X3DH key server URL for this identified user. More...
|
| |
| virtual void | stale_sessions (const std::string &peerDeviceId)=0 |
| | Stale all sessions between localDeviceId and peerDevice. If peerDevice keep using this session to encrypt and we decrypt with success, the session will be reactivated but to encrypt a message to this peerDevice, a new session will be created. If no session is active between the given device, this call has no effect. More...
|
| |
| virtual | ~LimeGeneric () |
| |
A pure abstract class defining the API to encrypt/decrypt/manage user and its keys.
underlying implementation is templated to be able to use C25519 or C448, it is selected by the curveId parameter given to insert/load_limeUser function
- Note
- : never instanciate directly a Lime object, always use the Lime Factory function as Lime object MUST be held by a shared pointer
Encrypt a buffer (text or file) for a given list of recipient devices.
Clarification on recipients:
recipients information needed are a list of the device Id and one userId. The device Id shall be their GRUU while the userId is a sip:uri.
recipient User Id is used to identify the actual intended recipient. Example: alice have two devices and is signed up on a conference having bob and claire as other members. The recipientUserId will be the conference sip:uri and device list will include:
- alice other device
- bob devices
- claire devices If Alice write to Bob only, the recipientUserId will be bob sip:uri and recipient devices list :
- alice other device
- bob devices
In all cases, the identified source of the message will be the localDeviceId
If the X3DH server can't provide keys for a peer device, its status is set to fail and its DRmessage is empty. Other devices get their encrypted message If no peer device could get encrypted for all of them are missing keys on the X3DH server, the callback will be called with fail exit status
- Note
- encryptionContext is shared pointers as the process being asynchronous, the ownership will be taken internally exempting caller to manage the buffers.
- Parameters
-
| [in,out] | encryptionContext | This context must persist during asynchronous calls to the lime X3DH server. It holds
- associated Data (recipientUserId or other) is used as associated data to ensure no-one can mess with intended recipient (when the recipientUserId is given)
- recipients a list of RecipientData holding:
- the recipient device Id(GRUU)
- an empty buffer to store the DRmessage which must then be routed to that recipient
- the peer Status. If peerStatus is set to fail, this entry is ignored otherwise the peerStatus is set by the encrypt, see PeerDeviceStatus definition for details
- plainMessage: a buffer holding the message to encrypt, can be text or data.
- cipherMessage: points to the buffer to store the encrypted message which must be routed to all recipients(if one is produced, depends on encryption policy)
- encryptionPolicy: select how to manage the encryption: direct use of Double Ratchet message or encrypt in the cipher message and use the DR message to share the cipher message key default is optimized upload size mode.
|
| [in] | callback | Performing encryption may involve the X3DH server and is thus asynchronous, when the operation is completed, this callback will be called giving the exit status and an error message in case of failure. It is advised to capture a copy of cipherMessage and recipients shared_ptr in this callback so they can access the output of encryption as it won't be part of the callback parameters. |
| [in] | randomSeedCallback | when provided and encryption policy ends to be cipherMessage, allow to set/get the random seed and cipher text tag this is needed to encrypt the same message with differents lime users (for multi base algorithm purpose) |
Implemented in lime::Lime< Curve >.
1.8.10
