ascii-chat 0.6.0
Real-time terminal-based video chat with ASCII art conversion
Loading...
Searching...
No Matches
Data Fields
crypto_context_t Struct Reference
Crypto Module

Cryptographic context structure. More...

#include <lib/crypto/crypto.h>

Data Fields

uint8_t public_key [32]
 
uint8_t private_key [32]
 
uint8_t peer_public_key [32]
 
uint8_t shared_key [32]
 
uint8_t password_key [32]
 
uint8_t password_salt [32]
 
uint8_t nonce_size
 
uint8_t mac_size
 
uint8_t hmac_size
 
uint8_t encryption_key_size
 
uint8_t auth_challenge_size
 
uint16_t public_key_size
 
uint16_t private_key_size
 
uint16_t shared_key_size
 
uint16_t auth_public_key_size
 
uint16_t salt_size
 
uint16_t signature_size
 
bool initialized
 
bool has_password
 
bool key_exchange_complete
 
bool peer_key_received
 
bool handshake_complete
 
uint8_t auth_nonce [32]
 
uint8_t auth_hmac [32]
 
uint64_t nonce_counter
 
uint8_t session_id [16]
 
uint64_t rekey_packet_count
 
time_t rekey_last_time
 
time_t rekey_last_request_time
 
bool rekey_in_progress
 
uint8_t rekey_failure_count
 
uint8_t temp_public_key [32]
 
uint8_t temp_private_key [32]
 
uint8_t temp_shared_key [32]
 
bool has_temp_key
 
uint64_t rekey_packet_threshold
 
time_t rekey_time_threshold
 
uint64_t bytes_encrypted
 
uint64_t bytes_decrypted
 
uint64_t rekey_count
 

Detailed Description

Cryptographic context structure.

Manages all cryptographic state for a single connection, including key exchange, encryption/decryption, authentication, and session rekeying.

Note
Nonce generation: Nonces are constructed as session_id || counter where session_id is 16 bytes and counter fills the remaining bytes. This prevents both within-session and cross-session replay attacks.
Session ID: Generated once per connection and remains constant. Used to prevent cross-session replay attacks.
Nonce counter: Starts at 1 (0 is reserved for testing) and increments for each encryption operation. Prevents nonce reuse within a session.
Byte order: Client must convert network byte order to host byte order for crypto parameters. Server uses host byte order directly.
Key exchange formats:
  • Simple format: Only ephemeral public key (when server has no identity key)
  • Authenticated format: Ephemeral key + identity key + signature (when server has identity key)

Definition at line 260 of file lib/crypto/crypto.h.

Field Documentation

◆ auth_challenge_size

uint8_t crypto_context_t::auth_challenge_size

Authentication challenge nonce size (e.g., 32)

Definition at line 276 of file lib/crypto/crypto.h.

Referenced by crypto_create_auth_challenge(), crypto_handshake_client_auth_response(), crypto_handshake_server_auth_challenge(), crypto_handshake_server_complete(), crypto_handshake_set_parameters(), crypto_handshake_validate_packet_size(), crypto_init(), and crypto_process_auth_challenge().

◆ auth_hmac

uint8_t crypto_context_t::auth_hmac[ 32]

Client's HMAC response (or expected on server)

Definition at line 295 of file lib/crypto/crypto.h.

◆ auth_nonce

uint8_t crypto_context_t::auth_nonce[32]

Authentication state Server-generated challenge nonce

Definition at line 294 of file lib/crypto/crypto.h.

Referenced by crypto_create_auth_challenge(), crypto_handshake_server_auth_challenge(), crypto_handshake_server_complete(), crypto_process_auth_challenge(), and crypto_process_auth_response().

◆ auth_public_key_size

uint16_t crypto_context_t::auth_public_key_size

Authentication public key size (32 for Ed25519, 1952 for Dilithium3)

Definition at line 282 of file lib/crypto/crypto.h.

Referenced by crypto_handshake_client_key_exchange(), crypto_handshake_server_auth_challenge(), crypto_handshake_server_start(), crypto_handshake_set_parameters(), and crypto_handshake_validate_packet_size().

◆ bytes_decrypted

uint64_t crypto_context_t::bytes_decrypted

Total bytes decrypted

Definition at line 320 of file lib/crypto/crypto.h.

Referenced by crypto_cleanup(), crypto_decrypt(), crypto_get_status(), and crypto_init().

◆ bytes_encrypted

uint64_t crypto_context_t::bytes_encrypted

Performance tracking Total bytes encrypted

Definition at line 319 of file lib/crypto/crypto.h.

Referenced by crypto_cleanup(), crypto_encrypt(), crypto_get_status(), and crypto_init().

◆ encryption_key_size

uint8_t crypto_context_t::encryption_key_size

Encryption key size (e.g., 32 for XSalsa20, 32 for AES-256)

Definition at line 275 of file lib/crypto/crypto.h.

Referenced by crypto_derive_password_key(), crypto_handshake_set_parameters(), crypto_init(), and crypto_verify_password().

◆ handshake_complete

bool crypto_context_t::handshake_complete

Whether full handshake is complete

Definition at line 291 of file lib/crypto/crypto.h.

Referenced by crypto_handshake_client_auth_response(), crypto_handshake_server_auth_challenge(), crypto_init(), crypto_process_auth_response(), and crypto_should_rekey().

◆ has_password

bool crypto_context_t::has_password

Whether password-based encryption is enabled

Definition at line 288 of file lib/crypto/crypto.h.

Referenced by client_crypto_init(), crypto_compute_auth_response(), crypto_decrypt(), crypto_encrypt(), crypto_get_status(), crypto_handshake_client_auth_response(), crypto_handshake_server_auth_challenge(), crypto_handshake_server_complete(), crypto_init(), crypto_init_with_password(), crypto_is_ready(), crypto_verify_auth_response(), and crypto_verify_password().

◆ has_temp_key

bool crypto_context_t::has_temp_key

True if temporary keys are valid

Definition at line 312 of file lib/crypto/crypto.h.

Referenced by crypto_handshake_process_rekey_complete(), crypto_handshake_process_rekey_response(), crypto_handshake_rekey_complete(), crypto_handshake_rekey_response(), crypto_init(), crypto_rekey_abort(), crypto_rekey_commit(), crypto_rekey_init(), crypto_rekey_process_request(), and crypto_rekey_process_response().

◆ hmac_size

uint8_t crypto_context_t::hmac_size

HMAC size (e.g., 32 for HMAC-SHA256, 64 for HMAC-SHA512)

Definition at line 274 of file lib/crypto/crypto.h.

Referenced by crypto_handshake_client_complete(), crypto_handshake_server_complete(), crypto_handshake_set_parameters(), crypto_handshake_validate_packet_size(), and crypto_init().

◆ initialized

bool crypto_context_t::initialized

State tracking flags Whether context has been initialized

Definition at line 287 of file lib/crypto/crypto.h.

Referenced by crypto_cleanup(), crypto_create_auth_challenge(), crypto_create_public_key_packet(), crypto_decrypt(), crypto_derive_password_key(), crypto_encrypt(), crypto_get_public_key(), crypto_get_status(), crypto_init(), crypto_is_ready(), crypto_process_auth_challenge(), crypto_process_auth_response(), crypto_process_public_key_packet(), crypto_rekey_commit(), crypto_rekey_init(), crypto_rekey_process_request(), crypto_rekey_process_response(), crypto_set_peer_public_key(), crypto_should_rekey(), and crypto_verify_password().

◆ key_exchange_complete

bool crypto_context_t::key_exchange_complete

Whether DH key exchange is complete

Definition at line 289 of file lib/crypto/crypto.h.

Referenced by crypto_compute_auth_response(), crypto_decrypt(), crypto_encrypt(), crypto_get_status(), crypto_handshake_server_complete(), crypto_init(), crypto_is_ready(), crypto_set_peer_public_key(), and crypto_verify_auth_response().

◆ mac_size

uint8_t crypto_context_t::mac_size

MAC size (e.g., 16 for Poly1305, 16 for GCM)

Definition at line 273 of file lib/crypto/crypto.h.

Referenced by crypto_create_encrypted_packet(), crypto_decrypt(), crypto_encrypt(), crypto_handshake_set_parameters(), and crypto_init().

◆ nonce_counter

uint64_t crypto_context_t::nonce_counter

Security parameters Nonce counter (starts at 1, increments per encryption)

Definition at line 298 of file lib/crypto/crypto.h.

Referenced by crypto_encrypt(), crypto_get_status(), crypto_init(), and crypto_rekey_commit().

◆ nonce_size

uint8_t crypto_context_t::nonce_size

Dynamic crypto parameters (negotiated during handshake) Nonce size (e.g., 24 for XSalsa20, 12 for ChaCha20)

Definition at line 272 of file lib/crypto/crypto.h.

Referenced by crypto_create_encrypted_packet(), crypto_decrypt(), crypto_encrypt(), crypto_handshake_set_parameters(), and crypto_init().

◆ password_key

uint8_t crypto_context_t::password_key[ 32]

Password-derived key (optional additional layer) Argon2id-derived key from password

Definition at line 268 of file lib/crypto/crypto.h.

Referenced by crypto_cleanup(), crypto_compute_auth_response(), crypto_decrypt(), crypto_derive_password_key(), crypto_encrypt(), crypto_verify_auth_response(), and crypto_verify_password().

◆ password_salt

uint8_t crypto_context_t::password_salt[ 32]

Salt used for password derivation

Definition at line 269 of file lib/crypto/crypto.h.

Referenced by crypto_cleanup(), and crypto_derive_password_key().

◆ peer_key_received

bool crypto_context_t::peer_key_received

Whether peer's public key has been received

Definition at line 290 of file lib/crypto/crypto.h.

Referenced by crypto_init(), and crypto_set_peer_public_key().

◆ peer_public_key

uint8_t crypto_context_t::peer_public_key[ 32]

Peer's ephemeral public key

Definition at line 264 of file lib/crypto/crypto.h.

Referenced by crypto_set_peer_public_key().

◆ private_key

uint8_t crypto_context_t::private_key[ 32]

Our ephemeral private key

Definition at line 263 of file lib/crypto/crypto.h.

Referenced by crypto_cleanup(), crypto_generate_keypair(), and crypto_set_peer_public_key().

◆ private_key_size

uint16_t crypto_context_t::private_key_size

Key exchange private key size (32 for X25519, 1568 for Kyber1024)

Definition at line 280 of file lib/crypto/crypto.h.

Referenced by crypto_handshake_set_parameters(), and crypto_init().

◆ public_key

uint8_t crypto_context_t::public_key[ 32]

X25519 key exchange keys Our ephemeral public key

Definition at line 262 of file lib/crypto/crypto.h.

Referenced by crypto_create_public_key_packet(), crypto_generate_keypair(), crypto_get_public_key(), crypto_handshake_client_key_exchange(), and crypto_handshake_server_start().

◆ public_key_size

uint16_t crypto_context_t::public_key_size

Key sizes for dynamic negotiation (future: post-quantum crypto) Key exchange public key size (32 for X25519, 1568 for Kyber1024)

Definition at line 279 of file lib/crypto/crypto.h.

Referenced by crypto_create_public_key_packet(), crypto_get_public_key(), crypto_handshake_client_key_exchange(), crypto_handshake_server_auth_challenge(), crypto_handshake_server_start(), crypto_handshake_set_parameters(), crypto_handshake_validate_packet_size(), crypto_init(), crypto_process_public_key_packet(), and crypto_set_peer_public_key().

◆ rekey_count

uint64_t crypto_context_t::rekey_count

Number of successful rekeys performed

Definition at line 321 of file lib/crypto/crypto.h.

Referenced by crypto_get_rekey_status(), crypto_init(), and crypto_rekey_commit().

◆ rekey_failure_count

uint8_t crypto_context_t::rekey_failure_count

Consecutive rekey failures (for exponential backoff)

Definition at line 306 of file lib/crypto/crypto.h.

Referenced by crypto_get_rekey_status(), crypto_init(), crypto_rekey_abort(), crypto_rekey_commit(), and crypto_rekey_init().

◆ rekey_in_progress

bool crypto_context_t::rekey_in_progress

Rekey handshake currently in progress

Definition at line 305 of file lib/crypto/crypto.h.

Referenced by crypto_get_rekey_status(), crypto_handshake_process_rekey_complete(), crypto_handshake_process_rekey_response(), crypto_handshake_rekey_complete(), crypto_handshake_rekey_response(), crypto_init(), crypto_rekey_abort(), crypto_rekey_commit(), crypto_rekey_init(), crypto_rekey_process_request(), crypto_rekey_process_response(), and crypto_should_rekey().

◆ rekey_last_request_time

time_t crypto_context_t::rekey_last_request_time

Timestamp of last rekey request (for DDoS protection)

Definition at line 304 of file lib/crypto/crypto.h.

Referenced by crypto_handshake_process_rekey_request(), and crypto_init().

◆ rekey_last_time

time_t crypto_context_t::rekey_last_time

Timestamp of last successful rekey (or initial handshake)

Definition at line 303 of file lib/crypto/crypto.h.

Referenced by crypto_get_rekey_status(), crypto_init(), crypto_rekey_commit(), crypto_rekey_init(), and crypto_should_rekey().

◆ rekey_packet_count

uint64_t crypto_context_t::rekey_packet_count

Session rekeying state Packets encrypted since last rekey/handshake

Definition at line 302 of file lib/crypto/crypto.h.

Referenced by crypto_encrypt(), crypto_get_rekey_status(), crypto_init(), crypto_rekey_commit(), crypto_rekey_init(), and crypto_should_rekey().

◆ rekey_packet_threshold

uint64_t crypto_context_t::rekey_packet_threshold

Configurable rekeying thresholds Rekey after N packets (default: 1,000,000)

Definition at line 315 of file lib/crypto/crypto.h.

Referenced by crypto_get_rekey_status(), crypto_init(), and crypto_should_rekey().

◆ rekey_time_threshold

time_t crypto_context_t::rekey_time_threshold

Rekey after N seconds (default: 3600 = 1 hour)

Definition at line 316 of file lib/crypto/crypto.h.

Referenced by crypto_get_rekey_status(), crypto_init(), and crypto_should_rekey().

◆ salt_size

uint16_t crypto_context_t::salt_size

Salt size (32 for Argon2id)

Definition at line 283 of file lib/crypto/crypto.h.

Referenced by crypto_derive_password_key(), crypto_handshake_set_parameters(), crypto_init(), and crypto_verify_password().

◆ session_id

uint8_t crypto_context_t::session_id[16]

Unique session ID (16 bytes, prevents cross-session replay)

Definition at line 299 of file lib/crypto/crypto.h.

Referenced by crypto_init(), and crypto_rekey_commit().

◆ shared_key

uint8_t crypto_context_t::shared_key[ 32]

Computed shared secret from DH

Definition at line 265 of file lib/crypto/crypto.h.

Referenced by crypto_cleanup(), crypto_compute_auth_response(), crypto_decrypt(), crypto_encrypt(), crypto_handshake_process_rekey_complete(), crypto_handshake_rekey_complete(), crypto_process_auth_response(), crypto_rekey_commit(), crypto_set_peer_public_key(), and crypto_verify_auth_response().

◆ shared_key_size

uint16_t crypto_context_t::shared_key_size

Shared secret size (32 for X25519, 32 for Kyber1024)

Definition at line 281 of file lib/crypto/crypto.h.

Referenced by crypto_handshake_set_parameters(), and crypto_init().

◆ signature_size

uint16_t crypto_context_t::signature_size

Signature size (64 for Ed25519, 3309 for Dilithium3)

Definition at line 284 of file lib/crypto/crypto.h.

Referenced by crypto_handshake_client_key_exchange(), crypto_handshake_server_auth_challenge(), crypto_handshake_server_complete(), crypto_handshake_server_start(), crypto_handshake_set_parameters(), crypto_handshake_validate_packet_size(), and crypto_init().

◆ temp_private_key

uint8_t crypto_context_t::temp_private_key[ 32]

New ephemeral private key (not yet active)

Definition at line 310 of file lib/crypto/crypto.h.

Referenced by crypto_rekey_abort(), crypto_rekey_commit(), crypto_rekey_init(), crypto_rekey_process_request(), and crypto_rekey_process_response().

◆ temp_public_key

uint8_t crypto_context_t::temp_public_key[ 32]

Temporary keys during rekeying transition New ephemeral public key (not yet active)

Definition at line 309 of file lib/crypto/crypto.h.

Referenced by crypto_handshake_rekey_request(), crypto_handshake_rekey_response(), crypto_rekey_abort(), crypto_rekey_commit(), crypto_rekey_init(), and crypto_rekey_process_request().

◆ temp_shared_key

uint8_t crypto_context_t::temp_shared_key[ 32]

New shared secret (not yet active)

Definition at line 311 of file lib/crypto/crypto.h.

Referenced by crypto_handshake_process_rekey_complete(), crypto_handshake_rekey_complete(), crypto_rekey_abort(), crypto_rekey_commit(), crypto_rekey_process_request(), and crypto_rekey_process_response().

The documentation for this struct was generated from the following file: