2 * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
4 * Contact: Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License
26 #include <yaca/crypto.h>
27 #include <yaca/error.h>
29 #include <yaca/types.h>
31 #include <openssl/evp.h>
32 #include <openssl/rsa.h>
33 #include <openssl/bio.h>
34 #include <openssl/pem.h>
35 #include <openssl/des.h>
40 int base64_decode_length(const char *data, size_t data_len, size_t *len)
43 assert(data_len != 0);
47 size_t tmp_len = data_len;
49 if (data_len % 4 != 0)
50 return YACA_ERROR_INVALID_ARGUMENT;
52 if (data[tmp_len - 1] == '=') {
54 if (data[tmp_len - 2] == '=')
58 *len = data_len / 4 * 3 - padded;
62 #define TMP_BUF_LEN 512
64 int base64_decode(const char *data, size_t data_len, BIO **output)
67 assert(data_len != 0);
68 assert(output != NULL);
74 char tmpbuf[TMP_BUF_LEN];
79 /* This is because of BIO_new_mem_buf() having its length param typed int */
80 if (data_len > INT_MAX)
81 return YACA_ERROR_TOO_BIG_ARGUMENT;
83 /* First phase of correctness checking, calculate expected output length */
84 ret = base64_decode_length(data, data_len, &b64_len);
88 b64 = BIO_new(BIO_f_base64());
90 ret = YACA_ERROR_INTERNAL;
95 src = BIO_new_mem_buf(data, data_len);
97 ret = YACA_ERROR_INTERNAL;
104 dst = BIO_new(BIO_s_mem());
106 ret = YACA_ERROR_INTERNAL;
111 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
115 ret = BIO_read(b64, tmpbuf, TMP_BUF_LEN);
117 ret = YACA_ERROR_INTERNAL;
125 if (BIO_write(dst, tmpbuf, ret) != ret) {
126 ret = YACA_ERROR_INTERNAL;
134 /* Check wether the length of the decoded data is what we expected */
135 out_len = BIO_get_mem_data(dst, &out);
137 ret = YACA_ERROR_INTERNAL;
141 if ((size_t)out_len != b64_len) {
142 ret = YACA_ERROR_INVALID_ARGUMENT;
157 int import_simple(yaca_key_h *key,
158 yaca_key_type_e key_type,
163 assert(data != NULL);
164 assert(data_len != 0);
168 const char *key_data;
170 struct yaca_key_simple_s *nk = NULL;
172 ret = base64_decode(data, data_len, &decoded);
174 /* Conversion successfull, get the BASE64 */
175 long len = BIO_get_mem_data(decoded, &key_data);
176 if (len <= 0 || key_data == NULL) {
177 ret = YACA_ERROR_INTERNAL;
182 } else if (ret == YACA_ERROR_INVALID_ARGUMENT) {
183 /* This was not BASE64 or it was corrupted, treat as RAW */
184 key_data_len = data_len;
187 /* Some other, possibly unrecoverable error, give up */
191 if (key_data_len > SIZE_MAX - sizeof(struct yaca_key_simple_s)) {
192 ret = YACA_ERROR_TOO_BIG_ARGUMENT;
196 /* DES key length verification */
197 if (key_type == YACA_KEY_TYPE_DES) {
198 size_t key_bits = key_data_len * 8;
199 if (key_bits != YACA_KEY_UNSAFE_64BIT &&
200 key_bits != YACA_KEY_UNSAFE_128BIT &&
201 key_bits != YACA_KEY_192BIT) {
202 ret = YACA_ERROR_INVALID_ARGUMENT;
207 nk = yaca_zalloc(sizeof(struct yaca_key_simple_s) + key_data_len);
209 ret = YACA_ERROR_OUT_OF_MEMORY;
213 memcpy(nk->d, key_data, key_data_len);
214 nk->bits = key_data_len * 8;
215 nk->key.type = key_type;
217 *key = (yaca_key_h)nk;
221 BIO_free_all(decoded);
225 int import_evp(yaca_key_h *key,
226 yaca_key_type_e key_type,
231 assert(data != NULL);
232 assert(data_len != 0);
236 EVP_PKEY *pkey = NULL;
238 yaca_key_type_e type;
239 struct yaca_key_evp_s *nk = NULL;
241 /* Neither PEM nor DER will ever be shorter then 4 bytes (12 seems
242 * to be minimum for DER, much more for PEM). This is just to make
243 * sure we have at least 4 bytes for strncmp() below.
246 return YACA_ERROR_INVALID_ARGUMENT;
248 /* This is because of BIO_new_mem_buf() having its length param typed int */
249 if (data_len > INT_MAX)
250 return YACA_ERROR_TOO_BIG_ARGUMENT;
252 src = BIO_new_mem_buf(data, data_len);
254 ERROR_DUMP(YACA_ERROR_INTERNAL);
255 return YACA_ERROR_INTERNAL;
259 if (strncmp("----", data, 4) == 0) {
262 pkey = PEM_read_bio_PrivateKey(src, NULL, NULL, NULL);
268 pkey = PEM_read_bio_PUBKEY(src, NULL, NULL, NULL);
274 X509 *x509 = PEM_read_bio_X509(src, NULL, NULL, NULL);
276 pkey = X509_get_pubkey(x509);
285 pkey = d2i_PrivateKey_bio(src, NULL);
291 pkey = d2i_PUBKEY_bio(src, NULL);
299 return YACA_ERROR_INVALID_ARGUMENT;
301 switch (EVP_PKEY_type(pkey->type)) {
303 type = private ? YACA_KEY_TYPE_RSA_PRIV : YACA_KEY_TYPE_RSA_PUB;
307 type = private ? YACA_KEY_TYPE_DSA_PRIV : YACA_KEY_TYPE_DSA_PUB;
311 type = private ? YACA_KEY_TYPE_ECDSA_PRIV : YACA_KEY_TYPE_ECDSA_PUB;
315 ret = YACA_ERROR_INVALID_ARGUMENT;
319 if (type != key_type) {
320 ret = YACA_ERROR_INVALID_ARGUMENT;
324 nk = yaca_zalloc(sizeof(struct yaca_key_evp_s));
326 ret = YACA_ERROR_OUT_OF_MEMORY;
331 *key = (yaca_key_h)nk;
342 int export_simple_raw(struct yaca_key_simple_s *simple_key,
346 assert(simple_key != NULL);
347 assert(data != NULL);
348 assert(data_len != NULL);
350 size_t key_len = simple_key->bits / 8;
352 *data = yaca_malloc(key_len);
354 ERROR_DUMP(YACA_ERROR_OUT_OF_MEMORY);
355 return YACA_ERROR_OUT_OF_MEMORY;
358 memcpy(*data, simple_key->d, key_len);
364 int export_simple_base64(struct yaca_key_simple_s *simple_key,
368 assert(simple_key != NULL);
369 assert(data != NULL);
370 assert(data_len != NULL);
373 size_t key_len = simple_key->bits / 8;
379 b64 = BIO_new(BIO_f_base64());
381 ret = YACA_ERROR_INTERNAL;
386 mem = BIO_new(BIO_s_mem());
388 ret = YACA_ERROR_INTERNAL;
394 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
396 ret = BIO_write(b64, simple_key->d, key_len);
397 if (ret <= 0 || (unsigned)ret != key_len) {
398 ret = YACA_ERROR_INTERNAL;
403 ret = BIO_flush(b64);
405 ret = YACA_ERROR_INTERNAL;
410 bio_data_len = BIO_get_mem_data(mem, &bio_data);
411 if (bio_data_len <= 0) {
412 ret = YACA_ERROR_INTERNAL;
417 *data = yaca_malloc(bio_data_len);
419 ret = YACA_ERROR_OUT_OF_MEMORY;
424 memcpy(*data, bio_data, bio_data_len);
425 *data_len = bio_data_len;
434 int export_evp(struct yaca_key_evp_s *evp_key,
435 yaca_key_file_fmt_e key_file_fmt,
439 assert(evp_key != NULL);
440 assert(data != NULL);
441 assert(data_len != NULL);
448 mem = BIO_new(BIO_s_mem());
450 ret = YACA_ERROR_INTERNAL;
455 switch (key_file_fmt) {
457 case YACA_KEY_FILE_FORMAT_PEM:
458 switch (evp_key->key.type) {
460 case YACA_KEY_TYPE_RSA_PRIV:
461 ret = PEM_write_bio_RSAPrivateKey(mem, EVP_PKEY_get0(evp_key->evp),
462 NULL, NULL, 0, NULL, NULL);
464 case YACA_KEY_TYPE_DSA_PRIV:
465 ret = PEM_write_bio_DSAPrivateKey(mem, EVP_PKEY_get0(evp_key->evp),
466 NULL, NULL, 0, NULL, NULL);
469 case YACA_KEY_TYPE_RSA_PUB:
470 case YACA_KEY_TYPE_DSA_PUB:
471 ret = PEM_write_bio_PUBKEY(mem, evp_key->evp);
474 case YACA_KEY_TYPE_DH_PRIV:
475 case YACA_KEY_TYPE_DH_PUB:
476 case YACA_KEY_TYPE_ECDSA_PRIV:
477 case YACA_KEY_TYPE_ECDSA_PUB:
478 case YACA_KEY_TYPE_ECDH_PRIV:
479 case YACA_KEY_TYPE_ECDH_PUB:
480 ret = YACA_ERROR_NOT_IMPLEMENTED;
484 ret = YACA_ERROR_INVALID_ARGUMENT;
490 case YACA_KEY_FILE_FORMAT_DER:
491 switch (evp_key->key.type) {
493 case YACA_KEY_TYPE_RSA_PRIV:
494 ret = i2d_RSAPrivateKey_bio(mem, EVP_PKEY_get0(evp_key->evp));
497 case YACA_KEY_TYPE_DSA_PRIV:
498 ret = i2d_DSAPrivateKey_bio(mem, EVP_PKEY_get0(evp_key->evp));
501 case YACA_KEY_TYPE_RSA_PUB:
502 case YACA_KEY_TYPE_DSA_PUB:
503 ret = i2d_PUBKEY_bio(mem, evp_key->evp);
506 case YACA_KEY_TYPE_DH_PRIV:
507 case YACA_KEY_TYPE_DH_PUB:
508 case YACA_KEY_TYPE_ECDSA_PRIV:
509 case YACA_KEY_TYPE_ECDSA_PUB:
510 case YACA_KEY_TYPE_ECDH_PRIV:
511 case YACA_KEY_TYPE_ECDH_PUB:
512 ret = YACA_ERROR_NOT_IMPLEMENTED;
516 ret = YACA_ERROR_INVALID_ARGUMENT;
523 ret = YACA_ERROR_INVALID_ARGUMENT;
528 ret = YACA_ERROR_INTERNAL;
533 ret = BIO_flush(mem);
535 ret = YACA_ERROR_INTERNAL;
540 bio_data_len = BIO_get_mem_data(mem, &bio_data);
541 if (bio_data_len <= 0) {
542 ret = YACA_ERROR_INTERNAL;
547 *data = yaca_malloc(bio_data_len);
549 ret = YACA_ERROR_OUT_OF_MEMORY;
554 memcpy(*data, bio_data, bio_data_len);
555 *data_len = bio_data_len;
563 int gen_simple(struct yaca_key_simple_s **out, size_t key_bits)
568 struct yaca_key_simple_s *nk;
569 size_t key_byte_len = key_bits / 8;
571 if (key_byte_len > SIZE_MAX - sizeof(struct yaca_key_simple_s))
572 return YACA_ERROR_TOO_BIG_ARGUMENT;
574 nk = yaca_zalloc(sizeof(struct yaca_key_simple_s) + key_byte_len);
576 return YACA_ERROR_OUT_OF_MEMORY;
580 ret = yaca_rand_bytes(nk->d, key_byte_len);
588 int gen_simple_des(struct yaca_key_simple_s **out, size_t key_bits)
592 if (key_bits != YACA_KEY_UNSAFE_64BIT &&
593 key_bits != YACA_KEY_UNSAFE_128BIT &&
594 key_bits != YACA_KEY_192BIT)
595 return YACA_ERROR_INVALID_ARGUMENT;
598 struct yaca_key_simple_s *nk;
599 size_t key_byte_len = key_bits / 8;
601 if (key_byte_len > SIZE_MAX - sizeof(struct yaca_key_simple_s))
602 return YACA_ERROR_TOO_BIG_ARGUMENT;
604 nk = yaca_zalloc(sizeof(struct yaca_key_simple_s) + key_byte_len);
606 return YACA_ERROR_OUT_OF_MEMORY;
608 DES_cblock *des_key = (DES_cblock*)nk->d;
609 if (key_byte_len >= 8) {
610 ret = DES_random_key(des_key);
614 if (key_byte_len >= 16) {
615 ret = DES_random_key(des_key + 1);
619 if (key_byte_len >= 24) {
620 ret = DES_random_key(des_key + 2);
631 ret = YACA_ERROR_INTERNAL;
636 int gen_evp_rsa(struct yaca_key_evp_s **out, size_t key_bits)
639 assert(key_bits > 0);
640 assert(key_bits % 8 == 0);
643 struct yaca_key_evp_s *nk;
645 EVP_PKEY *pkey = NULL;
647 nk = yaca_zalloc(sizeof(struct yaca_key_evp_s));
649 return YACA_ERROR_OUT_OF_MEMORY;
651 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
653 ret = YACA_ERROR_INTERNAL;
658 ret = EVP_PKEY_keygen_init(ctx);
660 ret = YACA_ERROR_INTERNAL;
665 ret = EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, key_bits);
667 ret = YACA_ERROR_INTERNAL;
672 ret = EVP_PKEY_keygen(ctx, &pkey);
674 ret = YACA_ERROR_INTERNAL;
686 EVP_PKEY_CTX_free(ctx);
693 int gen_evp_dsa(struct yaca_key_evp_s **out, size_t key_bits)
696 assert(key_bits > 0);
697 assert(key_bits % 8 == 0);
700 struct yaca_key_evp_s *nk;
703 EVP_PKEY *pkey = NULL;
704 EVP_PKEY *params = NULL;
706 nk = yaca_zalloc(sizeof(struct yaca_key_evp_s));
708 return YACA_ERROR_OUT_OF_MEMORY;
710 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DSA, NULL);
712 ret = YACA_ERROR_INTERNAL;
717 ret = EVP_PKEY_paramgen_init(pctx);
719 ret = YACA_ERROR_INTERNAL;
724 ret = EVP_PKEY_CTX_set_dsa_paramgen_bits(pctx, key_bits);
726 ret = YACA_ERROR_INTERNAL;
731 ret = EVP_PKEY_paramgen(pctx, ¶ms);
733 ret = YACA_ERROR_INTERNAL;
738 kctx = EVP_PKEY_CTX_new(params, NULL);
740 ret = YACA_ERROR_INTERNAL;
745 ret = EVP_PKEY_keygen_init(kctx);
747 ret = YACA_ERROR_INTERNAL;
752 ret = EVP_PKEY_keygen(kctx, &pkey);
754 ret = YACA_ERROR_INTERNAL;
766 EVP_PKEY_CTX_free(kctx);
768 EVP_PKEY_free(params);
770 EVP_PKEY_CTX_free(pctx);
777 struct yaca_key_simple_s *key_get_simple(const yaca_key_h key)
779 struct yaca_key_simple_s *k;
781 if (key == YACA_KEY_NULL)
786 case YACA_KEY_TYPE_SYMMETRIC:
787 case YACA_KEY_TYPE_DES:
788 case YACA_KEY_TYPE_IV:
789 k = (struct yaca_key_simple_s *)key;
792 assert(k->bits != 0);
793 assert(k->bits % 8 == 0);
794 assert(k->d != NULL);
802 struct yaca_key_evp_s *key_get_evp(const yaca_key_h key)
804 struct yaca_key_evp_s *k;
806 if (key == YACA_KEY_NULL)
811 case YACA_KEY_TYPE_RSA_PUB:
812 case YACA_KEY_TYPE_RSA_PRIV:
813 case YACA_KEY_TYPE_DSA_PUB:
814 case YACA_KEY_TYPE_DSA_PRIV:
815 k = (struct yaca_key_evp_s *)key;
818 assert(k->evp != NULL);
826 API int yaca_key_get_bits(const yaca_key_h key)
828 const struct yaca_key_simple_s *simple_key = key_get_simple(key);
829 const struct yaca_key_evp_s *evp_key = key_get_evp(key);
831 if (simple_key != NULL)
832 return simple_key->bits;
834 if (evp_key != NULL) {
837 // TODO: handle ECC keys when they're implemented
838 ret = EVP_PKEY_bits(evp_key->evp);
840 ret = YACA_ERROR_INTERNAL;
848 return YACA_ERROR_INVALID_ARGUMENT;
851 API int yaca_key_import(yaca_key_h *key,
852 yaca_key_type_e key_type,
856 if (key == NULL || data == NULL || data_len == 0)
857 return YACA_ERROR_INVALID_ARGUMENT;
860 case YACA_KEY_TYPE_SYMMETRIC:
861 case YACA_KEY_TYPE_DES:
862 case YACA_KEY_TYPE_IV:
863 return import_simple(key, key_type, data, data_len);
864 case YACA_KEY_TYPE_RSA_PUB:
865 case YACA_KEY_TYPE_RSA_PRIV:
866 case YACA_KEY_TYPE_DSA_PUB:
867 case YACA_KEY_TYPE_DSA_PRIV:
868 return import_evp(key, key_type, data, data_len);
869 case YACA_KEY_TYPE_DH_PUB:
870 case YACA_KEY_TYPE_DH_PRIV:
871 case YACA_KEY_TYPE_ECDSA_PUB:
872 case YACA_KEY_TYPE_ECDSA_PRIV:
873 case YACA_KEY_TYPE_ECDH_PUB:
874 case YACA_KEY_TYPE_ECDH_PRIV:
875 return YACA_ERROR_NOT_IMPLEMENTED;
877 return YACA_ERROR_INVALID_ARGUMENT;
881 API int yaca_key_export(const yaca_key_h key,
882 yaca_key_fmt_e key_fmt,
883 yaca_key_file_fmt_e key_file_fmt,
887 struct yaca_key_simple_s *simple_key = key_get_simple(key);
888 struct yaca_key_evp_s *evp_key = key_get_evp(key);
890 if (data == NULL || data_len == NULL)
891 return YACA_ERROR_INVALID_ARGUMENT;
893 if (key_fmt == YACA_KEY_FORMAT_DEFAULT &&
894 key_file_fmt == YACA_KEY_FILE_FORMAT_RAW &&
896 return export_simple_raw(simple_key, data, data_len);
898 if (key_fmt == YACA_KEY_FORMAT_DEFAULT &&
899 key_file_fmt == YACA_KEY_FILE_FORMAT_BASE64 &&
901 return export_simple_base64(simple_key, data, data_len);
903 if (key_fmt == YACA_KEY_FORMAT_DEFAULT &&
905 return export_evp(evp_key, key_file_fmt, data, data_len);
907 if (key_fmt == YACA_KEY_FORMAT_PKCS8)
908 return YACA_ERROR_NOT_IMPLEMENTED;
910 return YACA_ERROR_INVALID_ARGUMENT;
913 // TODO: this NEEDS random number generator initialized
914 // there is some other TODO elsewhere about it
915 API int yaca_key_gen(yaca_key_h *key,
916 yaca_key_type_e key_type,
920 struct yaca_key_simple_s *nk_simple = NULL;
921 struct yaca_key_evp_s *nk_evp = NULL;
923 if (key == NULL || key_bits == 0 || key_bits % 8 != 0)
924 return YACA_ERROR_INVALID_ARGUMENT;
928 case YACA_KEY_TYPE_SYMMETRIC:
929 case YACA_KEY_TYPE_IV:
930 ret = gen_simple(&nk_simple, key_bits);
934 nk_simple->key.type = key_type;
936 *key = (yaca_key_h)nk_simple;
939 case YACA_KEY_TYPE_DES:
940 ret = gen_simple_des(&nk_simple, key_bits);
944 nk_simple->key.type = key_type;
946 *key = (yaca_key_h)nk_simple;
949 case YACA_KEY_TYPE_RSA_PRIV:
950 ret = gen_evp_rsa(&nk_evp, key_bits);
954 nk_evp->key.type = key_type;
956 *key = (yaca_key_h)nk_evp;
959 case YACA_KEY_TYPE_DSA_PRIV:
960 ret = gen_evp_dsa(&nk_evp, key_bits);
964 nk_evp->key.type = key_type;
966 *key = (yaca_key_h)nk_evp;
969 case YACA_KEY_TYPE_DH_PRIV:
970 case YACA_KEY_TYPE_ECDSA_PRIV:
971 case YACA_KEY_TYPE_ECDH_PRIV:
972 return YACA_ERROR_NOT_IMPLEMENTED;
974 return YACA_ERROR_INVALID_ARGUMENT;
978 API int yaca_key_extract_public(const yaca_key_h prv_key, yaca_key_h *pub_key)
981 struct yaca_key_evp_s *evp_key = key_get_evp(prv_key);
982 struct yaca_key_evp_s *nk;
986 if (prv_key == YACA_KEY_NULL || evp_key == NULL || pub_key == NULL)
987 return YACA_ERROR_INVALID_ARGUMENT;
989 nk = yaca_zalloc(sizeof(struct yaca_key_evp_s));
991 return YACA_ERROR_OUT_OF_MEMORY;
993 mem = BIO_new(BIO_s_mem());
995 ret = YACA_ERROR_INTERNAL;
1000 ret = i2d_PUBKEY_bio(mem, evp_key->evp);
1002 ret = YACA_ERROR_INTERNAL;
1007 pkey = d2i_PUBKEY_bio(mem, NULL);
1009 ret = YACA_ERROR_INTERNAL;
1018 *pub_key = (yaca_key_h)nk;
1020 switch(prv_key->type)
1022 case YACA_KEY_TYPE_RSA_PRIV:
1023 (*pub_key)->type = YACA_KEY_TYPE_RSA_PUB;
1025 case YACA_KEY_TYPE_DSA_PRIV:
1026 (*pub_key)->type = YACA_KEY_TYPE_DSA_PUB;
1028 case YACA_KEY_TYPE_ECDSA_PRIV:
1029 (*pub_key)->type = YACA_KEY_TYPE_ECDSA_PUB;
1032 ret = YACA_ERROR_INVALID_ARGUMENT;
1039 EVP_PKEY_free(pkey);
1048 API void yaca_key_free(yaca_key_h key)
1050 struct yaca_key_simple_s *simple_key = key_get_simple(key);
1051 struct yaca_key_evp_s *evp_key = key_get_evp(key);
1053 if (simple_key != NULL)
1054 yaca_free(simple_key);
1056 if (evp_key != NULL) {
1057 EVP_PKEY_free(evp_key->evp);
1062 API int yaca_key_derive_dh(const yaca_key_h prv_key,
1063 const yaca_key_h pub_key,
1064 yaca_key_h *sym_key)
1066 return YACA_ERROR_NOT_IMPLEMENTED;
1069 API int yaca_key_derive_kea(const yaca_key_h prv_key,
1070 const yaca_key_h pub_key,
1071 const yaca_key_h prv_key_auth,
1072 const yaca_key_h pub_key_auth,
1073 yaca_key_h *sym_key)
1075 return YACA_ERROR_NOT_IMPLEMENTED;
1078 API int yaca_key_derive_pbkdf2(const char *password,
1082 yaca_digest_algo_e algo,
1087 struct yaca_key_simple_s *nk;
1088 size_t key_byte_len = key_bits / 8;
1091 if (password == NULL || salt == NULL || salt_len == 0 ||
1092 iter == 0 || key_bits == 0 || key == NULL)
1093 return YACA_ERROR_INVALID_ARGUMENT;
1095 if (key_bits % 8) /* Key length must be multiple of 8-bits */
1096 return YACA_ERROR_INVALID_ARGUMENT;
1098 if (key_byte_len > SIZE_MAX - sizeof(struct yaca_key_simple_s))
1099 return YACA_ERROR_TOO_BIG_ARGUMENT;
1101 ret = digest_get_algorithm(algo, &md);
1105 nk = yaca_zalloc(sizeof(struct yaca_key_simple_s) + key_byte_len);
1107 return YACA_ERROR_OUT_OF_MEMORY;
1109 nk->bits = key_bits;
1110 nk->key.type = YACA_KEY_TYPE_SYMMETRIC; // TODO: how to handle other keys?
1112 ret = PKCS5_PBKDF2_HMAC(password, -1, (const unsigned char*)salt,
1113 salt_len, iter, md, key_byte_len,
1114 (unsigned char*)nk->d);
1116 ret = YACA_ERROR_INTERNAL;
1121 *key = (yaca_key_h)nk;