{#cryptomodule}
Cryptographic operations; hashing, HMAC, RSA, X509 certificates.
| Name | Description |
|---|---|
crypto |
Cryptographic primitives, key helpers, and certificate utilities backed by OpenSSL. |
{#crypto}
Cryptographic primitives, key helpers, and certificate utilities backed by OpenSSL.
| Name | Description |
|---|---|
Cipher |
Provides symmetric algorithms for encryption and decryption. The algorithms that are available depend on the particular version of OpenSSL that is installed. |
Hash |
Incremental cryptographic hash engine wrapping OpenSSL EVP digest functions. |
X509Certificate |
RAII wrapper for an OpenSSL X509 certificate with PEM loading and inspection. |
| Return | Name | Description |
|---|---|---|
std::unique_ptr< EVP_CIPHER_CTX, decltype(&EVP_CIPHER_CTX_free)> |
EvpCipherCtxPtr |
Owning OpenSSL cipher context handle with automatic EVP_CIPHER_CTX_free. |
std::vector< unsigned char > |
ByteVec |
Generic storage container for storing cryptographic binary data. |
std::unique_ptr< EVP_MD_CTX, decltype(&EVP_MD_CTX_free)> |
EvpMdCtxPtr |
Owning OpenSSL digest context handle with automatic EVP_MD_CTX_free. |
::RSA |
RSAKey |
Alias for the OpenSSL RSA key type, brought into the icy::crypto namespace. |
std::unique_ptr< X509, decltype(&X509_free)> |
X509Ptr |
RAII pointer alias for OpenSSL X509* values. |
{#evpcipherctxptr}
using EvpCipherCtxPtr = std::unique_ptr< EVP_CIPHER_CTX, decltype(&EVP_CIPHER_CTX_free)>Owning OpenSSL cipher context handle with automatic EVP_CIPHER_CTX_free.
{#bytevec}
using ByteVec = std::vector< unsigned char >Generic storage container for storing cryptographic binary data.
{#evpmdctxptr}
using EvpMdCtxPtr = std::unique_ptr< EVP_MD_CTX, decltype(&EVP_MD_CTX_free)>Owning OpenSSL digest context handle with automatic EVP_MD_CTX_free.
{#rsakey}
using RSAKey = ::RSAAlias for the OpenSSL RSA key type, brought into the icy::crypto namespace.
Currently a transparent alias for the OpenSSL RSA struct. Use OpenSSL RSA_* functions directly to create, populate, and free RSAKey objects. This alias exists as a stable forward-declaration point; a higher-level RAII wrapper may replace it in a future version.
{#x509ptr}
using X509Ptr = std::unique_ptr< X509, decltype(&X509_free)>RAII pointer alias for OpenSSL X509* values.
| Return | Name | Description |
|---|---|---|
std::string |
encryptString |
Encrypts a string using the specified cipher, key, and IV in a single call. |
std::string |
decryptString |
Decrypts a string using the specified cipher, key, and IV in a single call. |
void |
initializeEngine |
Initialize the Crypto library, as well as the underlying OpenSSL libraries. |
void |
uninitializeEngine |
Uninitializes the Crypto library. |
std::string |
hash inline |
Computes a hex-encoded digest of a string in a single call. |
std::string |
hash inline |
Computes a hex-encoded digest of a raw buffer in a single call. |
std::string |
checksum inline |
Computes the hex-encoded checksum of a file using the given algorithm. |
std::string |
computeHMAC nodiscard |
Computes an HMAC-SHA1 message authentication code. |
{#encryptstring}
template<typename K, typename I> std::string encryptString(const std::string & algorithm, const std::string & data, const K & key, const I & iv, Cipher::Encoding encoding = Cipher::Binary)Encrypts a string using the specified cipher, key, and IV in a single call.
Constructs a Cipher, optionally applies key and iv (skipped when empty), then delegates to Cipher::encryptString().
-
KKey container type compatible with internal::Raw. -
IIV container type compatible with internal::Raw.
-
algorithmOpenSSL cipher name (e.g. "aes-256-cbc"). -
dataPlaintext string to encrypt. -
keyEncryption key; pass an empty container to use a random key. -
ivInitialization vector; pass an empty container to use a random IV. -
encodingTransport encoding for the output (default: Binary).
Encrypted (and optionally encoded) result as a std::string.
{#decryptstring}
template<typename K, typename I> std::string decryptString(const std::string & algorithm, const std::string & data, const K & key, const I & iv, Cipher::Encoding encoding = Cipher::Binary)Decrypts a string using the specified cipher, key, and IV in a single call.
Constructs a Cipher, optionally applies key and iv (skipped when empty), then delegates to Cipher::decryptString().
-
KKey container type compatible with internal::Raw. -
IIV container type compatible with internal::Raw.
-
algorithmOpenSSL cipher name (e.g. "aes-256-cbc"). -
dataCiphertext string to decrypt, in the format given byencoding. -
keyDecryption key; pass an empty container to use a random key. -
ivInitialization vector; pass an empty container to use a random IV. -
encodingTransport encoding of the input data (default: Binary).
Decrypted plaintext as a std::string.
{#initializeengine}
void initializeEngine()Initialize the Crypto library, as well as the underlying OpenSSL libraries.
OpenSSL must be initialized before using any classes from the Crypto library. OpenSSL will be initialized automatically through OpenSSL instances held by various Crypto classes (Cipher, Hash, X509Certificate), however it is recommended to call initializeEngine() in any case at application startup.
The Crypto library can be called multiple times; however, for every call to initializeEngine(), a matching call to uninitializeEngine() must be performed.
{#uninitializeengine}
void uninitializeEngine()Uninitializes the Crypto library.
{#hash-1}
inline
inline std::string hash(const std::string & algorithm, std::string_view data)Computes a hex-encoded digest of a string in a single call.
-
algorithmOpenSSL digest name (e.g. "sha256", "md5"). -
dataInput data to hash.
Lowercase hex-encoded digest string.
{#hash-2}
inline
inline std::string hash(const std::string & algorithm, const void * data, unsigned length)Computes a hex-encoded digest of a raw buffer in a single call.
-
algorithmOpenSSL digest name (e.g. "sha256", "md5"). -
dataPointer to the input buffer. -
lengthNumber of bytes to hash.
Lowercase hex-encoded digest string.
{#checksum-1}
inline
inline std::string checksum(const std::string & algorithm, const std::string & path)Computes the hex-encoded checksum of a file using the given algorithm.
Reads the file in 4096-byte chunks; suitable for large files.
-
algorithmOpenSSL digest name (e.g. "sha256", "md5"). -
pathFilesystem path to the file to hash.
Lowercase hex-encoded digest string.
std::runtime_errorif the file cannot be opened.
{#computehmac}
nodiscard
[[nodiscard]] std::string computeHMAC(std::string_view input, std::string_view key)Computes an HMAC-SHA1 message authentication code.
Uses OpenSSL HMAC with SHA-1 as the underlying digest. The output is a 20-byte raw binary string (not hex-encoded).
-
inputData to authenticate. -
keySecret key used for the HMAC computation.
20-byte raw binary HMAC-SHA1 digest.
std::runtime_errorif OpenSSL returns an unexpected digest length.
{#cipher}
#include <icy/crypto/cipher.h>class CipherDefined in src/crypto/include/icy/crypto/cipher.h:40
Provides symmetric algorithms for encryption and decryption. The algorithms that are available depend on the particular version of OpenSSL that is installed.
| Name | Kind | Owner |
|---|---|---|
Cipher |
function |
Declared here |
Cipher |
function |
Declared here |
Cipher |
function |
Declared here |
~Cipher |
function |
Declared here |
initEncryptor |
function |
Declared here |
initDecryptor |
function |
Declared here |
update |
function |
Declared here |
update |
function |
Declared here |
final |
function |
Declared here |
final |
function |
Declared here |
encrypt |
function |
Declared here |
encrypt |
function |
Declared here |
encryptString |
function |
Declared here |
decryptString |
function |
Declared here |
encryptStream |
function |
Declared here |
decryptStream |
function |
Declared here |
setKey |
function |
Declared here |
setIV |
function |
Declared here |
setPadding |
function |
Declared here |
getKey |
function |
Declared here |
getIV |
function |
Declared here |
name |
function |
Declared here |
blockSize |
function |
Declared here |
keySize |
function |
Declared here |
ivSize |
function |
Declared here |
cipher |
function |
Declared here |
_initialized |
variable |
Declared here |
_encrypt |
variable |
Declared here |
_cipher |
variable |
Declared here |
_ctx |
variable |
Declared here |
_name |
variable |
Declared here |
_key |
variable |
Declared here |
_iv |
variable |
Declared here |
Cipher |
function |
Declared here |
Cipher |
function |
Declared here |
Cipher |
function |
Declared here |
generateKey |
function |
Declared here |
setRandomKey |
function |
Declared here |
setRandomIV |
function |
Declared here |
init |
function |
Declared here |
Encoding |
enum |
Declared here |
| Return | Name | Description |
|---|---|---|
Cipher |
Constructs a Cipher with a randomly generated key and IV. | |
Cipher |
Constructs a Cipher with an explicit key and initialization vector. | |
Cipher |
Constructs a Cipher and derives a key and IV from a passphrase. | |
~Cipher |
Destroys the Cipher and resets the OpenSSL context. | |
void |
initEncryptor |
Initializes the cipher context for encryption. |
void |
initDecryptor |
Initializes the cipher context for decryption. |
ssize_t |
update |
Processes a block of data through the cipher (encrypt or decrypt). |
ssize_t |
update inline |
Processes a block of data through the cipher using generic buffer types. |
ssize_t |
final |
Finalizes the cipher operation and flushes any remaining buffered data. |
ssize_t |
final inline |
Finalizes the cipher operation using a generic output buffer type. |
ssize_t |
encrypt |
Encrypts a buffer and writes the result with optional transport encoding. |
ssize_t |
encrypt inline |
Encrypts data using generic input/output buffer types. |
std::string |
encryptString virtual nodiscard |
Encrypts a string and returns the result with optional transport encoding. |
std::string |
decryptString virtual nodiscard |
Decrypts a string that was previously encrypted with optional encoding. |
void |
encryptStream virtual |
Encrypts all data from source and writes the result to sink. |
void |
decryptStream virtual |
Decrypts all data from source and writes the result to sink. |
void |
setKey inline |
Sets the encryption key. |
void |
setIV inline |
Sets the initialization vector (IV). |
int |
setPadding |
Enables or disables PKCS block padding. |
const ByteVec & |
getKey const |
Returns the raw encryption key bytes. |
const ByteVec & |
getIV const |
Returns the raw initialization vector bytes. |
const std::string & |
name const |
Returns the OpenSSL cipher name this object was constructed with. |
int |
blockSize const |
Returns the cipher block size in bytes. |
int |
keySize const |
Returns the required key length in bytes for this cipher. |
int |
ivSize const |
Returns the required initialization vector length in bytes. |
const EVP_CIPHER * |
cipher |
Returns the underlying OpenSSL EVP_CIPHER object. |
{#cipher-1}
Cipher(const std::string & name)Defined in src/crypto/include/icy/crypto/cipher.h:47
Constructs a Cipher with a randomly generated key and IV.
nameOpenSSL cipher name (e.g. "aes-256-cbc").
std::invalid_argumentif the cipher name is not recognized.
{#cipher-2}
Cipher(const std::string & name, const ByteVec & key, const ByteVec & iv)Defined in src/crypto/include/icy/crypto/cipher.h:55
Constructs a Cipher with an explicit key and initialization vector.
-
nameOpenSSL cipher name (e.g. "aes-256-cbc"). -
keyEncryption key; must match the cipher's required key length. -
ivInitialization vector; must match the cipher's IV length.
std::invalid_argumentif the cipher name is not recognized.
{#cipher-3}
Cipher(const std::string & name, std::string_view passphrase, std::string_view salt, int iterationCount)Defined in src/crypto/include/icy/crypto/cipher.h:67
Constructs a Cipher and derives a key and IV from a passphrase.
Uses EVP_BytesToKey with SHA-256 to derive the key material.
-
nameOpenSSL cipher name (e.g. "aes-256-cbc"). -
passphraseSecret passphrase for key derivation. -
saltOptional salt string; empty string means no salt. Values longer than 8 bytes are folded via XOR. -
iterationCountNumber of key-derivation iterations.
std::invalid_argumentif the cipher name is not recognized.
{#cipher-4}
~Cipher()Defined in src/crypto/include/icy/crypto/cipher.h:71
Destroys the Cipher and resets the OpenSSL context.
{#initencryptor}
void initEncryptor()Defined in src/crypto/include/icy/crypto/cipher.h:77
Initializes the cipher context for encryption.
Must be called before using update() and final() in encrypt mode. Calling this resets any prior context state.
{#initdecryptor}
void initDecryptor()Defined in src/crypto/include/icy/crypto/cipher.h:83
Initializes the cipher context for decryption.
Must be called before using update() and final() in decrypt mode. Calling this resets any prior context state.
{#update-7}
ssize_t update(const unsigned char * input, size_t inputLength, unsigned char * output, size_t outputLength)Defined in src/crypto/include/icy/crypto/cipher.h:98
Processes a block of data through the cipher (encrypt or decrypt).
Hand consecutive blocks of data to this method for streaming operation. The output buffer must be at least inputLength + [blockSize()](#blocksize) - 1 bytes. After all input is processed, call final() to flush any remaining buffered data from the cipher context.
-
inputPointer to the input data buffer. -
inputLengthNumber of bytes to process frominput. -
outputPointer to the output buffer. -
outputLengthSize of the output buffer in bytes.
Number of bytes written to output.
std::runtime_errorif the output buffer is too small.
{#update-8}
inline
template<typename I, typename O> inline ssize_t update(const I & input, O & output)Defined in src/crypto/include/icy/crypto/cipher.h:110
Processes a block of data through the cipher using generic buffer types.
Convenience wrapper around update(const unsigned char*, size_t, unsigned char*, size_t). Accepts any type supported by internal::Raw.
-
inputInput buffer (std::string, ByteVec, etc.). -
outputOutput buffer; must be large enough for the result.
Number of bytes written to output.
{#final}
ssize_t final(unsigned char * output, size_t length)Defined in src/crypto/include/icy/crypto/cipher.h:130
Finalizes the cipher operation and flushes any remaining buffered data.
Must be called after the last update() call to retrieve any trailing cipher block. Further calls to update() or final() after this point produce undefined results; call initEncryptor() / initDecryptor() to reset. The output buffer must be at least blockSize() bytes.
See EVP_CipherFinal_ex for further information.
-
outputPointer to the output buffer; must be at least blockSize() bytes. -
lengthSize of the output buffer in bytes.
Number of bytes written to output.
std::runtime_errorif the output buffer is smaller than blockSize().
{#final-1}
inline
template<typename O> inline ssize_t final(O & output)Defined in src/crypto/include/icy/crypto/cipher.h:140
Finalizes the cipher operation using a generic output buffer type.
Convenience wrapper around final(unsigned char*, size_t). Accepts any type supported by internal::Raw.
outputOutput buffer; must hold at least blockSize() bytes.
Number of bytes written to output.
{#encrypt}
ssize_t encrypt(const unsigned char * inbuf, size_t inlen, unsigned char * outbuf, size_t outlen, Encoding encoding = Binary)Defined in src/crypto/include/icy/crypto/cipher.h:168
Encrypts a buffer and writes the result with optional transport encoding.
Calls initEncryptor(), update(), and final() internally; the cipher does not need to be pre-initialized. The output buffer must be large enough to hold the encrypted and encoded result.
-
inbufPointer to the plaintext input buffer. -
inlenNumber of bytes to encrypt frominbuf. -
outbufPointer to the output buffer. -
outlenSize of the output buffer in bytes. -
encodingTransport encoding applied to the ciphertext (default: Binary).
Total number of bytes written to outbuf.
{#encrypt-1}
inline
template<typename I, typename O> inline ssize_t encrypt(const I & input, O & output, Encoding encoding = Binary)Defined in src/crypto/include/icy/crypto/cipher.h:183
Encrypts data using generic input/output buffer types.
Convenience wrapper around encrypt(const unsigned char*, size_t, unsigned char*, size_t, Encoding). Accepts any type supported by internal::Raw.
-
inputInput buffer containing plaintext. -
outputOutput buffer; must be large enough for the result. -
encodingTransport encoding applied to the ciphertext (default: Binary).
Total number of bytes written to output.
{#encryptstring-1}
virtual nodiscard
[[nodiscard]] virtual std::string encryptString(const std::string & str, Encoding encoding = Binary)Defined in src/crypto/include/icy/crypto/cipher.h:198
Encrypts a string and returns the result with optional transport encoding.
Internally streams through encryptStream(); the cipher is re-initialized on each call.
-
strPlaintext string to encrypt. -
encodingTransport encoding for the output (default: Binary).
Encrypted (and optionally encoded) result as a std::string.
{#decryptstring-1}
virtual nodiscard
[[nodiscard]] virtual std::string decryptString(const std::string & str, Encoding encoding = Binary)Defined in src/crypto/include/icy/crypto/cipher.h:208
Decrypts a string that was previously encrypted with optional encoding.
Internally streams through decryptStream(); the cipher is re-initialized on each call.
-
strCiphertext string to decrypt, in the format given byencoding. -
encodingTransport encoding of the input (default: Binary).
Decrypted plaintext as a std::string.
{#encryptstream}
virtual
virtual void encryptStream(std::istream & source, std::ostream & sink, Encoding encoding = Binary)Defined in src/crypto/include/icy/crypto/cipher.h:218
Encrypts all data from source and writes the result to sink.
Reads in chunks of [blockSize()](#blocksize) * 128 bytes. Calls initEncryptor() internally; no prior initialization is required.
-
sourceInput stream containing plaintext. -
sinkOutput stream to receive the encrypted (and encoded) data. -
encodingTransport encoding applied to the output (default: Binary).
{#decryptstream}
virtual
virtual void decryptStream(std::istream & source, std::ostream & sink, Encoding encoding = Binary)Defined in src/crypto/include/icy/crypto/cipher.h:228
Decrypts all data from source and writes the result to sink.
Reads in chunks of [blockSize()](#blocksize) * 128 bytes. Calls initDecryptor() internally; no prior initialization is required.
-
sourceInput stream containing ciphertext (in the given encoding). -
sinkOutput stream to receive the decrypted plaintext. -
encodingTransport encoding of the input data (default: Binary).
{#setkey-1}
inline
template<typename T> inline void setKey(const T & key)Defined in src/crypto/include/icy/crypto/cipher.h:235
Sets the encryption key.
keyContainer whose size must exactly match keySize().
std::logic_errorif key.size() != keySize().
{#setiv}
inline
template<typename T> inline void setIV(const T & iv)Defined in src/crypto/include/icy/crypto/cipher.h:250
Sets the initialization vector (IV).
ivContainer whose size must exactly match ivSize().
std::logic_errorif iv.size() != ivSize().
{#setpadding}
int setPadding(int padding)Defined in src/crypto/include/icy/crypto/cipher.h:271
Enables or disables PKCS block padding.
By default, encryption pads input to a block boundary and decryption strips and validates the padding. If padding is zero, no padding is applied; the total data length must then be an exact multiple of blockSize() or the operation will fail.
See EVP_CIPHER_CTX_set_padding for further information.
paddingNon-zero to enable padding (default), zero to disable.
The return value from EVP_CIPHER_CTX_set_padding.
{#getkey}
const
const ByteVec & getKey() constDefined in src/crypto/include/icy/crypto/cipher.h:276
Returns the raw encryption key bytes.
Reference to the internal key byte vector.
{#getiv}
const
const ByteVec & getIV() constDefined in src/crypto/include/icy/crypto/cipher.h:281
Returns the raw initialization vector bytes.
Reference to the internal IV byte vector.
{#name-11}
const
const std::string & name() constDefined in src/crypto/include/icy/crypto/cipher.h:286
Returns the OpenSSL cipher name this object was constructed with.
Cipher name string (e.g. "aes-256-cbc").
{#blocksize}
const
int blockSize() constDefined in src/crypto/include/icy/crypto/cipher.h:291
Returns the cipher block size in bytes.
Block size as reported by EVP_CIPHER_block_size.
{#keysize}
const
int keySize() constDefined in src/crypto/include/icy/crypto/cipher.h:296
Returns the required key length in bytes for this cipher.
Key length as reported by EVP_CIPHER_key_length.
{#ivsize}
const
int ivSize() constDefined in src/crypto/include/icy/crypto/cipher.h:301
Returns the required initialization vector length in bytes.
IV length as reported by EVP_CIPHER_iv_length.
{#cipher-5}
const EVP_CIPHER * cipher()Defined in src/crypto/include/icy/crypto/cipher.h:307
Returns the underlying OpenSSL EVP_CIPHER object.
Pointer to the OpenSSL cipher descriptor; valid for the lifetime of this Cipher object.
| Return | Name | Description |
|---|---|---|
bool |
_initialized |
|
bool |
_encrypt |
|
const EVP_CIPHER * |
_cipher |
|
EvpCipherCtxPtr |
_ctx |
|
std::string |
_name |
|
ByteVec |
_key |
|
ByteVec |
_iv |
{#_initialized-2}
bool _initializedDefined in src/crypto/include/icy/crypto/cipher.h:337
{#_encrypt}
bool _encryptDefined in src/crypto/include/icy/crypto/cipher.h:338
{#_cipher}
const EVP_CIPHER * _cipherDefined in src/crypto/include/icy/crypto/cipher.h:339
{#_ctx}
EvpCipherCtxPtr _ctxDefined in src/crypto/include/icy/crypto/cipher.h:340
{#_name-2}
std::string _nameDefined in src/crypto/include/icy/crypto/cipher.h:341
{#_key-2}
ByteVec _keyDefined in src/crypto/include/icy/crypto/cipher.h:342
{#_iv}
ByteVec _ivDefined in src/crypto/include/icy/crypto/cipher.h:343
| Return | Name | Description |
|---|---|---|
Cipher |
Deleted constructor. | |
Cipher |
Deleted constructor. | |
Cipher |
Deleted constructor. | |
void |
generateKey |
Derives and sets the key and IV from a passphrase using EVP_BytesToKey. |
void |
setRandomKey |
Fills the key buffer with cryptographically random bytes. |
void |
setRandomIV |
Fills the IV buffer with cryptographically random bytes. |
void |
init |
Initializes or resets the OpenSSL cipher context for the given direction. |
{#cipher-6}
Cipher() = deleteDefined in src/crypto/include/icy/crypto/cipher.h:310
Deleted constructor.
{#cipher-7}
Cipher(const Cipher &) = deleteDefined in src/crypto/include/icy/crypto/cipher.h:311
Deleted constructor.
{#cipher-8}
Cipher(Cipher &&) = deleteDefined in src/crypto/include/icy/crypto/cipher.h:313
Deleted constructor.
{#generatekey}
void generateKey(std::string_view passphrase, std::string_view salt, int iterationCount)Defined in src/crypto/include/icy/crypto/cipher.h:324
Derives and sets the key and IV from a passphrase using EVP_BytesToKey.
Uses SHA-256 as the digest. Salt values longer than 8 bytes are folded by XOR into an 8-byte array as required by OpenSSL.
-
passphraseSecret passphrase for key derivation. -
saltSalt string (may be empty for no salt). -
iterationCountNumber of digest iterations.
{#setrandomkey}
void setRandomKey()Defined in src/crypto/include/icy/crypto/cipher.h:327
Fills the key buffer with cryptographically random bytes.
{#setrandomiv}
void setRandomIV()Defined in src/crypto/include/icy/crypto/cipher.h:330
Fills the IV buffer with cryptographically random bytes.
{#init-9}
void init(bool encrypt)Defined in src/crypto/include/icy/crypto/cipher.h:335
Initializes or resets the OpenSSL cipher context for the given direction.
encrypttrue to initialize for encryption, false for decryption.
| Name | Description |
|---|---|
Encoding |
Transport encoding to use for encrypt() and decrypt(). |
{#encoding-1}
enum EncodingDefined in src/crypto/include/icy/crypto/cipher.h:147
Transport encoding to use for encrypt() and decrypt().
| Value | Description |
|---|---|
Binary |
Plain binary output. |
Base64 |
Base64-encoded output. |
BinHex |
BinHex-encoded output. |
Base64_NoLF |
Base64-encoded output, no linefeeds. |
BinHex_NoLF |
BinHex-encoded output, no linefeeds. |
{#hash-3}
#include <icy/crypto/hash.h>class HashDefined in src/crypto/include/icy/crypto/hash.h:38
Incremental cryptographic hash engine wrapping OpenSSL EVP digest functions.
Construct with an algorithm name recognized by OpenSSL (e.g. "sha256", "md5"). Feed data with one or more calls to update(), then call digest() or digestStr() to finalize and retrieve the result. Call reset() to reuse the engine for a new computation without reallocating the context.
| Name | Kind | Owner |
|---|---|---|
Hash |
function |
Declared here |
~Hash |
function |
Declared here |
update |
function |
Declared here |
update |
function |
Declared here |
update |
function |
Declared here |
digest |
function |
Declared here |
digestStr |
function |
Declared here |
reset |
function |
Declared here |
algorithm |
function |
Declared here |
_ctx |
variable |
Declared here |
_md |
variable |
Declared here |
_digest |
variable |
Declared here |
_algorithm |
variable |
Declared here |
| Return | Name | Description |
|---|---|---|
Hash |
Constructs a Hash engine for the given algorithm. | |
~Hash |
Destroys the Hash engine and releases OpenSSL resources. | |
void |
update |
Feeds a single character into the digest computation. |
void |
update |
Feeds a string view into the digest computation. |
void |
update |
Feeds a raw memory buffer into the digest computation. |
const ByteVec & |
digest nodiscard |
Finalizes the digest computation and returns the raw binary result. |
std::string |
digestStr nodiscard |
Finalizes the digest computation and returns the result as a raw binary string (not hex-encoded). Use icy::hex::encode() on digest() if you need a printable representation. |
void |
reset |
Resets the digest context and clears the cached result, allowing the engine to be reused for a new computation with the same algorithm. |
const std::string & |
algorithm const |
Returns the algorithm name this engine was constructed with. |
{#hash-4}
Hash(const std::string & algorithm)Defined in src/crypto/include/icy/crypto/hash.h:45
Constructs a Hash engine for the given algorithm.
algorithmOpenSSL digest name (e.g. "sha256", "sha1", "md5").
std::runtime_errorif the algorithm is not recognized by OpenSSL.
{#hash-5}
~Hash()Defined in src/crypto/include/icy/crypto/hash.h:48
Destroys the Hash engine and releases OpenSSL resources.
{#update-9}
void update(char data)Defined in src/crypto/include/icy/crypto/hash.h:53
Feeds a single character into the digest computation.
dataThe byte to hash.
{#update-10}
void update(std::string_view data)Defined in src/crypto/include/icy/crypto/hash.h:58
Feeds a string view into the digest computation.
dataThe data to hash.
{#update-11}
void update(const void * data, size_t length)Defined in src/crypto/include/icy/crypto/hash.h:66
Feeds a raw memory buffer into the digest computation.
This method may be called multiple times for streaming large inputs.
-
dataPointer to the input buffer. -
lengthNumber of bytes to hash fromdata.
{#digest}
nodiscard
[[nodiscard]] const ByteVec & digest()Defined in src/crypto/include/icy/crypto/hash.h:75
Finalizes the digest computation and returns the raw binary result.
The result is computed on the first call and cached; subsequent calls return the same value without recomputing. Call reset() before reusing the engine for a new computation.
Reference to the internal byte vector containing the digest.
{#digeststr}
nodiscard
[[nodiscard]] std::string digestStr()Defined in src/crypto/include/icy/crypto/hash.h:82
Finalizes the digest computation and returns the result as a raw binary string (not hex-encoded). Use icy::hex::encode() on digest() if you need a printable representation.
Binary digest as a std::string.
{#reset-13}
void reset()Defined in src/crypto/include/icy/crypto/hash.h:86
Resets the digest context and clears the cached result, allowing the engine to be reused for a new computation with the same algorithm.
{#algorithm}
const
const std::string & algorithm() constDefined in src/crypto/include/icy/crypto/hash.h:91
Returns the algorithm name this engine was constructed with.
OpenSSL digest name string (e.g. "sha256").
| Return | Name | Description |
|---|---|---|
EvpMdCtxPtr |
_ctx |
|
const EVP_MD * |
_md |
|
crypto::ByteVec |
_digest |
|
std::string |
_algorithm |
{#_ctx-1}
EvpMdCtxPtr _ctxDefined in src/crypto/include/icy/crypto/hash.h:96
{#_md}
const EVP_MD * _mdDefined in src/crypto/include/icy/crypto/hash.h:97
{#_digest}
crypto::ByteVec _digestDefined in src/crypto/include/icy/crypto/hash.h:98
{#_algorithm}
std::string _algorithmDefined in src/crypto/include/icy/crypto/hash.h:99
{#x509certificate}
#include <icy/crypto/x509certificate.h>class X509CertificateDefined in src/crypto/include/icy/crypto/x509certificate.h:33
RAII wrapper for an OpenSSL X509 certificate with PEM loading and inspection.
| Name | Kind | Owner |
|---|---|---|
X509Certificate |
function |
Declared here |
X509Certificate |
function |
Declared here |
X509Certificate |
function |
Declared here |
X509Certificate |
function |
Declared here |
X509Certificate |
function |
Declared here |
X509Certificate |
function |
Declared here |
operator= |
function |
Declared here |
operator= |
function |
Declared here |
swap |
function |
Declared here |
~X509Certificate |
function |
Declared here |
issuerName |
function |
Declared here |
issuerName |
function |
Declared here |
subjectName |
function |
Declared here |
subjectName |
function |
Declared here |
commonName |
function |
Declared here |
extractNames |
function |
Declared here |
validFrom |
function |
Declared here |
expiresOn |
function |
Declared here |
save |
function |
Declared here |
save |
function |
Declared here |
issuedBy |
function |
Declared here |
certificate |
function |
Declared here |
certificate |
function |
Declared here |
load |
function |
Declared here |
load |
function |
Declared here |
init |
function |
Declared here |
NID |
enum |
Declared here |
_issuerName |
variable |
Declared here |
_subjectName |
variable |
Declared here |
_certificate |
variable |
Declared here |
| Return | Name | Description |
|---|---|---|
X509Certificate explicit |
Constructs an X509Certificate by parsing a PEM-encoded certificate from memory. | |
X509Certificate explicit |
Constructs an X509Certificate by reading a PEM-encoded certificate from a file. | |
X509Certificate explicit |
Constructs an X509Certificate taking ownership of an existing OpenSSL X509 object. | |
X509Certificate |
Constructs an X509Certificate from an existing OpenSSL X509 object, optionally sharing ownership via reference count increment. | |
X509Certificate |
Copy-constructs an X509Certificate by duplicating the underlying X509 object. | |
X509Certificate noexcept |
Move-constructs an X509Certificate, transferring ownership from cert. |
|
X509Certificate & |
operator= |
Copy-assigns a certificate, duplicating the underlying X509 object. |
X509Certificate & |
operator= noexcept |
Move-assigns a certificate, transferring ownership from cert. |
void |
swap |
Swaps this certificate with cert. |
~X509Certificate |
Destroys the X509Certificate and releases the underlying OpenSSL X509 object. | |
const std::string & |
issuerName const |
Returns the full distinguished name of the certificate issuer. |
std::string |
issuerName const |
Extracts a single field from the certificate issuer's distinguished name. |
const std::string & |
subjectName const |
Returns the full distinguished name of the certificate subject. |
std::string |
subjectName const |
Extracts a single field from the certificate subject's distinguished name. |
std::string |
commonName const |
Returns the common name (CN) from the certificate subject. |
void |
extractNames const |
Extracts the common name and the set of Subject Alternative Name (SAN) DNS entries from the certificate. |
DateTime |
validFrom const |
Returns the date and time from which the certificate is valid. |
DateTime |
expiresOn const |
Returns the date and time at which the certificate expires. |
void |
save const |
Writes the certificate in PEM format to an output stream. |
void |
save const |
Writes the certificate in PEM format to a file. |
bool |
issuedBy const |
Verifies whether this certificate was signed by the given issuer. |
const X509 * |
certificate const |
Returns a const pointer to the underlying OpenSSL X509 object. |
X509 * |
certificate |
Returns a mutable pointer to the underlying OpenSSL X509 object. |
{#x509certificate-1}
explicit
explicit X509Certificate(const char * data, size_t length)Defined in src/crypto/include/icy/crypto/x509certificate.h:55
Constructs an X509Certificate by parsing a PEM-encoded certificate from memory.
-
dataPointer to a buffer containing the PEM-encoded certificate. -
lengthNumber of bytes indata.
std::runtime_errorif the BIO cannot be created or PEM parsing fails.
{#x509certificate-2}
explicit
explicit X509Certificate(const std::string & path)Defined in src/crypto/include/icy/crypto/x509certificate.h:61
Constructs an X509Certificate by reading a PEM-encoded certificate from a file.
pathFilesystem path to the PEM certificate file.
std::runtime_errorif the file cannot be opened or PEM parsing fails.
{#x509certificate-3}
explicit
explicit X509Certificate(X509 * pCert)Defined in src/crypto/include/icy/crypto/x509certificate.h:68
Constructs an X509Certificate taking ownership of an existing OpenSSL X509 object.
pCertNon-null pointer to an OpenSSL X509 certificate. This object takes ownership and will call X509_free on destruction.
std::runtime_errorifpCertis null.
{#x509certificate-4}
X509Certificate(X509 * pCert, bool shared)Defined in src/crypto/include/icy/crypto/x509certificate.h:79
Constructs an X509Certificate from an existing OpenSSL X509 object, optionally sharing ownership via reference count increment.
-
pCertNon-null pointer to an OpenSSL X509 certificate. Ownership is always taken (X509_free called on destruction). -
sharedIf true, increments the certificate's reference count via X509_up_ref before taking ownership, so the original pointer remains valid after this object is destroyed.
std::runtime_errorifpCertis null.
{#x509certificate-5}
X509Certificate(const X509Certificate & cert)Defined in src/crypto/include/icy/crypto/x509certificate.h:84
Copy-constructs an X509Certificate by duplicating the underlying X509 object.
certThe certificate to copy.
{#x509certificate-6}
noexcept
X509Certificate(X509Certificate && cert) noexceptDefined in src/crypto/include/icy/crypto/x509certificate.h:89
Move-constructs an X509Certificate, transferring ownership from cert.
certThe certificate to move from; left in a valid but empty state.
{#operator-32}
X509Certificate & operator=(const X509Certificate & cert)Defined in src/crypto/include/icy/crypto/x509certificate.h:95
Copy-assigns a certificate, duplicating the underlying X509 object.
certThe certificate to copy.
Reference to this object.
{#operator-33}
noexcept
X509Certificate & operator=(X509Certificate && cert) noexceptDefined in src/crypto/include/icy/crypto/x509certificate.h:101
Move-assigns a certificate, transferring ownership from cert.
certThe certificate to move from; left in a valid but empty state.
Reference to this object.
{#swap-6}
void swap(X509Certificate & cert)Defined in src/crypto/include/icy/crypto/x509certificate.h:106
Swaps this certificate with cert.
certThe certificate to swap with.
{#x509certificate-7}
~X509Certificate()Defined in src/crypto/include/icy/crypto/x509certificate.h:109
Destroys the X509Certificate and releases the underlying OpenSSL X509 object.
{#issuername}
const
const std::string & issuerName() constDefined in src/crypto/include/icy/crypto/x509certificate.h:114
Returns the full distinguished name of the certificate issuer.
One-line string representation produced by X509_NAME_oneline.
{#issuername-1}
const
std::string issuerName(NID nid) constDefined in src/crypto/include/icy/crypto/x509certificate.h:120
Extracts a single field from the certificate issuer's distinguished name.
nidThe field to extract (e.g. NID_COMMON_NAME).
Field value, or an empty string if the field is absent.
{#subjectname}
const
const std::string & subjectName() constDefined in src/crypto/include/icy/crypto/x509certificate.h:125
Returns the full distinguished name of the certificate subject.
One-line string representation produced by X509_NAME_oneline.
{#subjectname-1}
const
std::string subjectName(NID nid) constDefined in src/crypto/include/icy/crypto/x509certificate.h:131
Extracts a single field from the certificate subject's distinguished name.
nidThe field to extract (e.g. NID_ORGANIZATION_NAME).
Field value, or an empty string if the field is absent.
{#commonname}
const
std::string commonName() constDefined in src/crypto/include/icy/crypto/x509certificate.h:138
Returns the common name (CN) from the certificate subject.
Convenience wrapper for subjectName(NID_COMMON_NAME).
Common name string, or empty if absent.
{#extractnames}
const
void extractNames(std::string & commonName, std::set< std::string > & domainNames) constDefined in src/crypto/include/icy/crypto/x509certificate.h:148
Extracts the common name and the set of Subject Alternative Name (SAN) DNS entries from the certificate.
If no SAN DNS entries are present and the common name is non-empty, the common name is added to domainNames as a fallback.
-
commonNameReceives the certificate's common name. -
domainNamesReceives all DNS SAN entries (cleared before population).
{#validfrom}
const
DateTime validFrom() constDefined in src/crypto/include/icy/crypto/x509certificate.h:156
Returns the date and time from which the certificate is valid.
Parsed from the X509 notBefore field.
UTC DateTime representing the start of the validity period.
{#expireson}
const
DateTime expiresOn() constDefined in src/crypto/include/icy/crypto/x509certificate.h:163
Returns the date and time at which the certificate expires.
Parsed from the X509 notAfter field.
UTC DateTime representing the end of the validity period.
{#save-1}
const
void save(std::ostream & stream) constDefined in src/crypto/include/icy/crypto/x509certificate.h:169
Writes the certificate in PEM format to an output stream.
streamDestination stream to write to.
std::runtime_errorif the BIO cannot be created or write fails.
{#save-2}
const
void save(const std::string & path) constDefined in src/crypto/include/icy/crypto/x509certificate.h:175
Writes the certificate in PEM format to a file.
pathFilesystem path of the output file (created or truncated).
std::runtime_errorif the file cannot be opened or write fails.
{#issuedby}
const
bool issuedBy(const X509Certificate & issuerCertificate) constDefined in src/crypto/include/icy/crypto/x509certificate.h:186
Verifies whether this certificate was signed by the given issuer.
Extracts the public key from issuerCertificate and calls X509_verify. Use this to validate links in a certificate chain.
issuerCertificateThe certificate of the purported issuer.
true if this certificate's signature verifies against the issuer's public key, false otherwise.
std::invalid_argumentif the issuer certificate has no public key.
{#certificate-1}
const
const X509 * certificate() constDefined in src/crypto/include/icy/crypto/x509certificate.h:191
Returns a const pointer to the underlying OpenSSL X509 object.
Pointer valid for the lifetime of this X509Certificate.
{#certificate-2}
X509 * certificate()Defined in src/crypto/include/icy/crypto/x509certificate.h:196
Returns a mutable pointer to the underlying OpenSSL X509 object.
Pointer valid for the lifetime of this X509Certificate.
| Return | Name | Description |
|---|---|---|
void |
load |
Parses a PEM-encoded certificate from a memory buffer and stores it. |
void |
load |
Reads a PEM-encoded certificate from a file and stores it. |
void |
init |
Populates _issuerName and _subjectName from the loaded certificate. |
{#load-2}
void load(const char * data, size_t length)Defined in src/crypto/include/icy/crypto/x509certificate.h:205
Parses a PEM-encoded certificate from a memory buffer and stores it.
-
dataPointer to PEM data. -
lengthNumber of bytes indata.
-
std::logic_errorif a certificate is already loaded. -
std::runtime_errorif BIO creation or PEM parsing fails.
{#load-3}
void load(const std::string & path)Defined in src/crypto/include/icy/crypto/x509certificate.h:212
Reads a PEM-encoded certificate from a file and stores it.
pathFilesystem path to the PEM certificate file.
-
std::logic_errorif a certificate is already loaded. -
std::runtime_errorif the file cannot be opened or PEM parsing fails.
{#init-10}
void init()Defined in src/crypto/include/icy/crypto/x509certificate.h:217
Populates _issuerName and _subjectName from the loaded certificate.
Called after each successful load or construction from an X509 pointer.
| Name | Description |
|---|---|
NID |
Name identifier for extracting fields from a certificate's distinguished name. |
{#nid}
enum NIDDefined in src/crypto/include/icy/crypto/x509certificate.h:40
Name identifier for extracting fields from a certificate's distinguished name.
Values correspond to OpenSSL NID constants used with X509_NAME_get_text_by_NID.
| Value | Description |
|---|---|
NID_COMMON_NAME |
Common name (CN field). |
NID_COUNTRY |
Country code (C field). |
NID_LOCALITY_NAME |
Locality / city (L field). |
NID_STATE_OR_PROVINCE |
State or province (ST field). |
NID_ORGANIZATION_NAME |
Organization name (O field). |
NID_ORGANIZATION_UNIT_NAME |
Organizational unit (OU field). |
| Return | Name | Description |
|---|---|---|
std::string |
_issuerName |
|
std::string |
_subjectName |
|
X509Ptr |
_certificate |
{#_issuername}
std::string _issuerNameDefined in src/crypto/include/icy/crypto/x509certificate.h:225
{#_subjectname}
std::string _subjectNameDefined in src/crypto/include/icy/crypto/x509certificate.h:226
{#_certificate}
X509Ptr _certificateDefined in src/crypto/include/icy/crypto/x509certificate.h:227