API changes around key_import and key_export

key_import will autodetect key_format and key_file_format. Only the
expected key_type is required.
key_export needs to have key_format and key_file_format explicitly
given (obviously). It will get the key_type from the key.

Change-Id: I6a8e04c886f6acd95dc124918606fbad992108c2

diff --git a/api/yaca/key.h b/api/yaca/key.h
index dd1dbe8..3a829d5 100644 (file)
--- a/api/yaca/key.h
+++ b/api/yaca/key.h
@@ -53,19 +53,29 @@ extern "C" {
 int yaca_key_get_bits(const yaca_key_h key);
 
 /**
- * @brief yaca_key_import  Imports a key from the arbitrary format.
+ * @brief yaca_key_import  Imports a key.
  *
- * @param[out] key           Returned key (must be freed with yaca_key_free()).
- * @param[in]  key_file_fmt  Format of the key file.
- * @param[in]  key_type      Type of the key.
- * @param[in]  data          Blob containing the key.
- * @param[in]  data_len      Size of the blob.
+ * This function imports a key trying to match it to the key_type specified.
+ * It should autodetect both, key format and file format.
+ *
+ * For symmetric, IV and DES keys RAW binary format and BASE64 encoded
+ * binary format are supported.
+ * For asymmetric keys PEM and DER file formats are supported.
+ *
+ * Asymmetric keys can be in PKCS#1 or SSleay key formats (for RSA and
+ * DSA respectively). Asymmetric private keys can also be in PKCS#8
+ * format. Additionally it is possible to import public RSA key from
+ * X509 certificate.
+ *
+ * @param[out] key       Returned key (must be freed with yaca_key_free()).
+ * @param[in]  key_type  Type of the key.
+ * @param[in]  data      Blob containing the key.
+ * @param[in]  data_len  Size of the blob.
  *
  * @return 0 on success, negative on error.
- * @see #yaca_key_fmt_e, #yaca_key_type_e, yaca_key_export(), yaca_key_free()
+ * @see #yaca_key_type_e, yaca_key_export(), yaca_key_free()
  */
 int yaca_key_import(yaca_key_h *key,
-                    yaca_key_file_fmt_e key_file_fmt,
                     yaca_key_type_e key_type,
                     const char *data,
                     size_t data_len);
@@ -73,16 +83,31 @@ int yaca_key_import(yaca_key_h *key,
 /**
  * @brief yaca_key_export  Exports a key to arbitrary format. Export may fail if key is HW-based.
  *
+ * This function exports the key to an arbitrary key format and key file format.
+ *
+ * For key formats two values are allowed:
+ * - #YACA_KEY_FORMAT_DEFAULT: this is the only option possible in case of symmetric keys (or IV),
+ *                            for asymmetric keys it will choose PKCS#1 for RSA and SSLeay for DSA.
+ * - #YACA_KEY_FORMAT_PKCS8:   this will only work for private asymmetric keys.
+ *
+ * The following file formats are supported:
+ * - #YACA_KEY_FILE_FORMAT_RAW:    used only for symmetric, raw binary format
+ * - #YACA_KEY_FILE_FORMAT_BASE64: used only for symmetric, BASE64 encoded binary form
+ * - #YACA_KEY_FILE_FORMAT_PEM:    used only for asymmetric, PEM file format
+ * - #YACA_KEY_FILE_FORMAT_DER:    used only for asymmetric, DER file format
+ *
  * @param[in]  key           Key to be exported.
- * @param[in]  key_file_fmt  Format of the key.
+ * @param[in]  key_fmt       Format of the key.
+ * @param[in]  key_file_fmt  Format of the key file.
  * @param[out] data          Data, allocated by the library, containing exported key
  *                           (must be freed with yaca_free()).
  * @param[out] data_len      Size of the output data.
  *
  * @return 0 on success, negative on error.
- * @see #yaca_key_fmt_e, yaca_key_import(), yaca_key_free()
+ * @see #yaca_key_fmt_e, #yaca_key_file_fmt_e, yaca_key_import(), yaca_key_free()
  */
 int yaca_key_export(const yaca_key_h key,
+                    yaca_key_fmt_e key_fmt,
                     yaca_key_file_fmt_e key_file_fmt,
                     char **data,
                     size_t *data_len);

diff --git a/examples/encrypt_aes_gcm.c b/examples/encrypt_aes_gcm.c
index 17c51ff..9bc60fe 100644 (file)
--- a/examples/encrypt_aes_gcm.c
+++ b/examples/encrypt_aes_gcm.c
@@ -71,7 +71,7 @@ void encrypt_decrypt_aes_gcm(void)
                goto clean;
 
        // generate and export aad?
-       ret = yaca_key_export(aad_key, YACA_KEY_FILE_FORMAT_RAW, &aad, &aad_len);
+       ret = yaca_key_export(aad_key, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_RAW, &aad, &aad_len);
        if (ret < 0)
                goto clean;
 

diff --git a/examples/key_exchange.c b/examples/key_exchange.c
index edbcd5d..9192679 100644 (file)
--- a/examples/key_exchange.c
+++ b/examples/key_exchange.c
@@ -67,8 +67,7 @@ void key_exchange_dh(void)
        if (1 != fread(buffer, size, 1, fp))
                goto clean;
 
-       ret = yaca_key_import(&peer_key,
-                             YACA_KEY_FILE_FORMAT_RAW, YACA_KEY_TYPE_DH_PUB,
+       ret = yaca_key_import(&peer_key, YACA_KEY_TYPE_DH_PUB,
                              buffer, size);
        if (ret < 0)
                goto clean;
@@ -124,7 +123,7 @@ void key_exchange_ecdh(void)
        if (1 != fread(buffer, size, 1, fp))
                goto clean;
 
-       ret = yaca_key_import(&peer_key, YACA_KEY_FILE_FORMAT_RAW, YACA_KEY_TYPE_ECDH_PUB, buffer, size);
+       ret = yaca_key_import(&peer_key, YACA_KEY_TYPE_ECDH_PUB, buffer, size);
        if (ret < 0)
                goto clean;
 

diff --git a/examples/test.c b/examples/test.c
index a26148a..6f1bdf4 100644 (file)
--- a/examples/test.c
+++ b/examples/test.c
@@ -45,7 +45,7 @@ int main(int argc, char* argv[])
        printf("done (%d)\n", ret);
 
        printf("Exporting key using CryptoAPI.. ");
-       ret = yaca_key_export(key, YACA_KEY_FILE_FORMAT_RAW, &k, &kl);
+       ret = yaca_key_export(key, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_RAW, &k, &kl);
        if (ret < 0)
                return ret;
        printf("done (%d)\n", ret);

diff --git a/src/key.c b/src/key.c
index eacaccd..1aba0d3 100644 (file)
--- a/src/key.c
+++ b/src/key.c
@@ -123,7 +123,6 @@ API int yaca_key_get_bits(const yaca_key_h key)
 }
 
 API int yaca_key_import(yaca_key_h *key,
-                        yaca_key_file_fmt_e key_file_fmt,
                         yaca_key_type_e key_type,
                         const char *data,
                         size_t data_len)
@@ -131,9 +130,6 @@ API int yaca_key_import(yaca_key_h *key,
        if (key == NULL || data == NULL || data_len == 0)
                return YACA_ERROR_INVALID_ARGUMENT;
 
-       if (key_file_fmt != YACA_KEY_FILE_FORMAT_RAW)
-               return YACA_ERROR_NOT_IMPLEMENTED;
-
        if (key_type == YACA_KEY_TYPE_SYMMETRIC) {
                struct yaca_key_simple_s *nk = NULL;
 
@@ -164,6 +160,7 @@ API int yaca_key_import(yaca_key_h *key,
 }
 
 API int yaca_key_export(const yaca_key_h key,
+                        yaca_key_fmt_e key_fmt,
                         yaca_key_file_fmt_e key_file_fmt,
                         char **data,
                         size_t *data_len)
@@ -175,6 +172,9 @@ API int yaca_key_export(const yaca_key_h key,
        if (data == NULL || data_len == NULL)
                return YACA_ERROR_INVALID_ARGUMENT;
 
+       if (key_fmt != YACA_KEY_FORMAT_DEFAULT)
+               return YACA_ERROR_NOT_IMPLEMENTED;
+
        if (key_file_fmt != YACA_KEY_FILE_FORMAT_RAW)
                return YACA_ERROR_NOT_IMPLEMENTED;