/// If a `FILE*` stream is used that is invalid or `NULL`.
CC20_ERR_INVALID_FILE,
CC20_ERR_INVALID_FILE,
/// If a pointer is `NULL` that should not be
CC20_ERR_NULL_PTR,
CC20_ERR_NULL_PTR,
/// An underlying `libssl` call fails
CC20_ERR_SSL,
CC20_ERR_SSL,
/// There is a generic I/O failure
CC20_ERR_IO
CC20_ERR_IO
}cc20_result_t;
}cc20_result_t;
#define CC20_OK(v) ((v)==CC20_ERR_NONE)
#define CC20_OK(v) ((v)==CC20_ERR_NONE)
#define CC20_ERR(v) ((v)!=CC20_ERR_NONE)
#define CC20_ERR(v) ((v)!=CC20_ERR_NONE)
/// A chacha20_poly1305 key
typedefuint8_tcc20_key_t[KEY_SIZE];
typedefuint8_tcc20_key_t[KEY_SIZE];
/// A chacha20_poly1305 IV
typedefuint8_tcc20_iv_t[IV_SIZE];
typedefuint8_tcc20_iv_t[IV_SIZE];
/// Metadata used to construct an instance of `cc20_sink_t`.
typedefstructcc20_metadata{
typedefstructcc20_metadata{
/// A valid, non-NULL, stream that the sink will write the transformed data to.
FILE*backing;
FILE*backing;
/// The key used for the cipher
cc20_key_tkey;
cc20_key_tkey;
/// The iv used to initialise the cipher.
cc20_iv_tiv;
cc20_iv_tiv;
/// The transformation mode
///
/// *MUST* be a valid `enum cc20_mode` disctiminant or UB.
enumcc20_modemode;
enumcc20_modemode;
}cc20_meta_t;
}cc20_meta_t;
/// Configuration for a wrapper `FILE*` stream over a `cc20_sink_t`.
structcc20_wrap_cfg{
structcc20_wrap_cfg{
// default: false (0)
/// Keep the backing (`cc20_meta_t.backing`) stream alive (do not `fclose()` it) when the wrapper is closed.
/// # Default
/// * false (0)
intkeep_alive;
intkeep_alive;
};
};
/// An opaque type containing the cipher transform and the backing stream.
typedefstructcc20_sinkcc20_sink_t;
typedefstructcc20_sinkcc20_sink_t;
// Functions //
// Functions //
/// Parameters tagged with this must be valid, non-NULL and non-aliased; but can point to uninitialised memory for this type.
/// They are guaranteed to be written to with a valid value if the function succeeds. If it fails, it is unspecified whether it will be written to.
//TODO: Attribute non-NULL how?
#define _cc20_OUT *restrict
#define _cc20_OUT *restrict
/// Generate a new securely random key and/or iv.
///
/// # Possible errors
/// * `CC20_ERR_PANIC` - If the RNG fails.
cc20_result_tcc20_keygen(cc20_key_t*restrictkey,
cc20_result_tcc20_keygen(cc20_key_t*restrictkey,
cc20_iv_t*restrictiv);
cc20_iv_t*restrictiv);
/// Write these parameters to `output` metadata.
/// * `key` and `iv` can be NULL, if one or both are, the field(s) will be initialised to secure random data in the `output` metadata (same as `cc20_keygen`.
/// * `file` must be non-NULL and valid.
/// # Possible errors
/// * `CC20_ERR_INVALID_FILE` - if `file` is NULL.
/// * `CC20_ERR_NULL_PTR` - if `output` is NULL. (see `_cc20_OUT`.)
/// ## Undefined behaviour
/// If `mode` is not a valid distriminant of `enum cc20_mdoe`.
cc20_result_tcc20_gen_meta(FILE*file,
cc20_result_tcc20_gen_meta(FILE*file,
constcc20_key_t*key,
constcc20_key_t*key,
constcc20_iv_t*iv,
constcc20_iv_t*iv,
enumcc20_modemode,
enumcc20_modemode,
structcc20_metadata_cc20_OUToutput);
structcc20_metadata_cc20_OUToutput);
/// Create a sink from the specified metadata and write it to `output`.
///
/// # Possible errors
/// * `CC20_ERR_NULL_PTR` - If `meta` or `output` is NULL.