char *plain,
size_t *plain_len);
-/**@}*/
-
-/**
- * @defgroup Advanced-Encryption-Asymmetric Advanced API for the asymmetric encryption.
- *
- * TODO: extended description and examples.
- *
- * TODO: Seal does more than just encrypt. It first generates the encryption key and IV,
- * then encrypts whole message using this key (and selected symmetric algorithm).
- * Finally it encrypts symmetric key with public key.
- *
- * @{
- */
-
-/**
- * @brief yaca_seal_init Initializes an asymmetric encryption context.
- *
- * @param[out] ctx Newly created context (must be freed with @see yaca_ctx_free).
- * @param[in] pub_key Public key of the peer that will receive the encrypted data.
- * @param[in] algo Symmetric algorithm that will be used.
- * @param[in] bcm Block chaining mode for the symmetric algorithm.
- * @param[out] sym_key Generated symmetric key that will be used. It is encrypted with peer's public key.
- * @param[out] iv Generated initialization vector that will be used.
- *
- * @return 0 on success, negative on error (@see error.h).
- */
-int yaca_seal_init(yaca_ctx_h *ctx,
- const yaca_key_h pub_key,
- yaca_enc_algo_e algo,
- yaca_block_cipher_mode_e bcm,
- yaca_key_h *sym_key,
- yaca_key_h *iv);
-
-/**
- * @brief yaca_seal_update Encrypts piece of the data.
- *
- * @param[in,out] ctx Context created by @see yaca_seal_init.
- * @param[in] plain Plain text to be encrypted.
- * @param[in] plain_len Length of the plain text.
- * @param[out] cipher Buffer for the encrypted data (must be allocated by client, @see yaca_get_output_length).
- * @param[out] cipher_len Length of the encrypted data, actual number of bytes written will be returned here.
- *
- * @return 0 on success, negative on error (@see error.h).
- */
-int yaca_seal_update(yaca_ctx_h ctx,
- const char *plain,
- size_t plain_len,
- char *cipher,
- size_t *cipher_len);
-
-/**
- * @brief yaca_seal_final Encrypts the final piece of the data.
- *
- * @param[in,out] ctx A valid seal context.
- * @param[out] cipher Final piece of the encrypted data (must be allocated by client, @see yaca_get_block_length).
- * @param[out] cipher_len Length of the final piece, actual number of bytes written will be returned here.
- *
- * @return 0 on success, negative on error (@see error.h).
- */
-int yaca_seal_final(yaca_ctx_h ctx,
- char *cipher,
- size_t *cipher_len);
-
-/**
- * @brief yaca_open_init Initializes an asymmetric decryption context.
- *
- * @param[out] ctx Newly created context. Must be freed by @see yaca_ctx_free.
- * @param[in] prv_key Private key, part of the pair that was used for the encryption.
- * @param[in] algo Symmetric algorithm that was used for the encryption.
- * @param[in] bcm Block chaining mode for the symmetric algorithm.
- * @param[in] sym_key Symmetric key, encrypted with the public key, that was used to encrypt the data.
- * @param[in] iv Initialization vector that was used for the encryption.
- *
- * @return 0 on success, negative on error (@see error.h).
- */
-int yaca_open_init(yaca_ctx_h *ctx,
- const yaca_key_h prv_key,
- yaca_enc_algo_e algo,
- yaca_block_cipher_mode_e bcm,
- const yaca_key_h sym_key,
- const yaca_key_h iv);
-
-/**
- * @brief yaca_open_update Decrypts piece of the data.
- *
- * @param[in,out] ctx Context created by @see yaca_open_init.
- * @param[in] cipher Cipher text to be decrypted.
- * @param[in] cipher_len Length of the cipher text.
- * @param[out] plain Buffer for the decrypted data (must be allocated by client, @see yaca_get_output_length).
- * @param[out] plain_len Length of the decrypted data, actual number of bytes written will be returned here.
- *
- * @return 0 on success, negative on error (@see error.h).
- */
-int yaca_open_update(yaca_ctx_h ctx,
- const char *cipher,
- size_t cipher_len,
- char *plain,
- size_t *plain_len);
-
-/**
- * @brief yaca_open_final Decrypts last chunk of sealed message.
- *
- * @param[in,out] ctx A valid open context.
- * @param[out] plain Final piece of the decrypted data (must be allocated by client, @see yaca_get_block_length).
- * @param[out] plain_len Length of the final piece, actual number of bytes written will be returned here.
- *
- * @return 0 on success, negative on error (@see error.h).
- */
-int yaca_open_final(yaca_ctx_h ctx,
- char *plain,
- size_t *plain_len);
-
/**
* @brief yaca_get_iv_bits Returns the recomended/default length of the IV for a given encryption configuration.
*
--- /dev/null
+/*
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+/**
+ * @file seal.h
+ * @brief
+ */
+
+#ifndef SEAL_H
+#define SEAL_H
+
+#include <stddef.h>
+#include <yaca/types.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @defgroup Advanced-Encryption-Asymmetric Advanced API for the asymmetric encryption.
+ *
+ * TODO: extended description and examples.
+ *
+ * TODO: Seal does more than just encrypt. It first generates the encryption key and IV,
+ * then encrypts whole message using this key (and selected symmetric algorithm).
+ * Finally it encrypts symmetric key with public key.
+ *
+ * @{
+ */
+
+/**
+ * @brief yaca_seal_init Initializes an asymmetric encryption context.
+ *
+ * @param[out] ctx Newly created context (must be freed with @see yaca_ctx_free).
+ * @param[in] pub_key Public key of the peer that will receive the encrypted data.
+ * @param[in] algo Symmetric algorithm that will be used.
+ * @param[in] bcm Block chaining mode for the symmetric algorithm.
+ * @param[out] sym_key Generated symmetric key that will be used. It is encrypted with peer's public key.
+ * @param[out] iv Generated initialization vector that will be used.
+ *
+ * @return 0 on success, negative on error (@see error.h).
+ */
+int yaca_seal_init(yaca_ctx_h *ctx,
+ const yaca_key_h pub_key,
+ yaca_enc_algo_e algo,
+ yaca_block_cipher_mode_e bcm,
+ yaca_key_h *sym_key,
+ yaca_key_h *iv);
+
+/**
+ * @brief yaca_seal_update Encrypts piece of the data.
+ *
+ * @param[in,out] ctx Context created by @see yaca_seal_init.
+ * @param[in] plain Plain text to be encrypted.
+ * @param[in] plain_len Length of the plain text.
+ * @param[out] cipher Buffer for the encrypted data (must be allocated by client, @see yaca_get_output_length).
+ * @param[out] cipher_len Length of the encrypted data, actual number of bytes written will be returned here.
+ *
+ * @return 0 on success, negative on error (@see error.h).
+ */
+int yaca_seal_update(yaca_ctx_h ctx,
+ const char *plain,
+ size_t plain_len,
+ char *cipher,
+ size_t *cipher_len);
+
+/**
+ * @brief yaca_seal_final Encrypts the final piece of the data.
+ *
+ * @param[in,out] ctx A valid seal context.
+ * @param[out] cipher Final piece of the encrypted data (must be allocated by client, @see yaca_get_block_length).
+ * @param[out] cipher_len Length of the final piece, actual number of bytes written will be returned here.
+ *
+ * @return 0 on success, negative on error (@see error.h).
+ */
+int yaca_seal_final(yaca_ctx_h ctx,
+ char *cipher,
+ size_t *cipher_len);
+
+/**
+ * @brief yaca_open_init Initializes an asymmetric decryption context.
+ *
+ * @param[out] ctx Newly created context. Must be freed by @see yaca_ctx_free.
+ * @param[in] prv_key Private key, part of the pair that was used for the encryption.
+ * @param[in] algo Symmetric algorithm that was used for the encryption.
+ * @param[in] bcm Block chaining mode for the symmetric algorithm.
+ * @param[in] sym_key Symmetric key, encrypted with the public key, that was used to encrypt the data.
+ * @param[in] iv Initialization vector that was used for the encryption.
+ *
+ * @return 0 on success, negative on error (@see error.h).
+ */
+int yaca_open_init(yaca_ctx_h *ctx,
+ const yaca_key_h prv_key,
+ yaca_enc_algo_e algo,
+ yaca_block_cipher_mode_e bcm,
+ const yaca_key_h sym_key,
+ const yaca_key_h iv);
+
+/**
+ * @brief yaca_open_update Decrypts piece of the data.
+ *
+ * @param[in,out] ctx Context created by @see yaca_open_init.
+ * @param[in] cipher Cipher text to be decrypted.
+ * @param[in] cipher_len Length of the cipher text.
+ * @param[out] plain Buffer for the decrypted data (must be allocated by client, @see yaca_get_output_length).
+ * @param[out] plain_len Length of the decrypted data, actual number of bytes written will be returned here.
+ *
+ * @return 0 on success, negative on error (@see error.h).
+ */
+int yaca_open_update(yaca_ctx_h ctx,
+ const char *cipher,
+ size_t cipher_len,
+ char *plain,
+ size_t *plain_len);
+
+/**
+ * @brief yaca_open_final Decrypts last chunk of sealed message.
+ *
+ * @param[in,out] ctx A valid open context.
+ * @param[out] plain Final piece of the decrypted data (must be allocated by client, @see yaca_get_block_length).
+ * @param[out] plain_len Length of the final piece, actual number of bytes written will be returned here.
+ *
+ * @return 0 on success, negative on error (@see error.h).
+ */
+int yaca_open_final(yaca_ctx_h ctx,
+ char *plain,
+ size_t *plain_len);
+
+/**@}*/
+
+#ifdef __cplusplus
+} /* extern */
+#endif
+
+#endif /* SEAL_H */
BUILD_EXAMPLE("yaca-example-digest" digest.c)
BUILD_EXAMPLE("yaca-example-encrypt" encrypt.c)
+BUILD_EXAMPLE("yaca-example-seal" seal.c)
BUILD_EXAMPLE("yaca-example-encrypt-gcm" encrypt_aes_gcm.c)
BUILD_EXAMPLE("yaca-example-sign" sign.c)
BUILD_EXAMPLE("yaca-example-key-exchange" key_exchange.c)
yaca_key_free(key);
}
-void encrypt_seal(void)
-{
- int ret;
- yaca_ctx_h ctx = YACA_CTX_NULL;
- yaca_key_h key_pub = YACA_KEY_NULL;
- yaca_key_h key_priv = YACA_KEY_NULL;
- yaca_key_h aes_key = YACA_KEY_NULL;
- yaca_key_h iv = YACA_KEY_NULL;
-
- char *enc = NULL;
- char *dec = NULL;
- size_t enc_size;
- size_t dec_size;
-
- printf("Plain data (16 of %zu bytes): %.16s\n", (size_t)4096, lorem1024);
-
- /// Generate key pair
- ret = yaca_key_gen_pair(&key_priv, &key_pub,
- YACA_KEY_TYPE_PAIR_RSA,
- YACA_KEY_2048BIT);
- if (ret) return;
-
- /// Encrypt a.k.a. seal
- {
- size_t out_size;
- size_t rem;
-
- ret = yaca_seal_init(&ctx, key_pub,
- YACA_ENC_AES, YACA_BCM_CBC,
- &aes_key, &iv);
- if (ret < 0)
- goto ex_pk;
-
- ret = yaca_seal_update(ctx, lorem4096, 4096, NULL, &enc_size);
- if (ret < 0)
- goto ex_ak;
-
- ret = yaca_get_block_length(ctx);
- if (ret < 0)
- goto ex_ak;
-
- enc_size = enc_size + ret;
- enc = yaca_malloc(enc_size);
- if (enc == NULL)
- goto ex_ak;
-
- // Seal and finalize
- out_size = enc_size;
- ret = yaca_seal_update(ctx, lorem4096, 4096, enc, &out_size);
- if (ret < 0)
- goto ex_of;
-
- rem = enc_size - out_size;
- ret = yaca_seal_final(ctx, enc + out_size, &rem);
- if (ret < 0)
- goto ex_of;
-
- enc_size = rem + out_size;
-
- dump_hex(enc, 16, "Encrypted data (16 of %zu bytes): ", enc_size);
-
- yaca_ctx_free(ctx); // TODO: perhaps it should not return value
- }
-
- /// Decrypt a.k.a. open
- {
- size_t out_size;
- size_t rem;
-
- ret = yaca_open_init(&ctx, key_priv,
- YACA_ENC_AES, YACA_BCM_CBC,
- aes_key, iv);
- if (ret < 0) {
- yaca_free(enc);
- goto ex_ak;
- }
-
- ret = yaca_open_update(ctx, enc, enc_size, NULL, &dec_size);
- if (ret < 0)
- goto ex_of;
-
- ret = yaca_get_block_length(ctx);
- if (ret < 0)
- goto ex_of;
-
- dec_size = dec_size + ret;
- dec = yaca_malloc(dec_size);
- if (dec == NULL)
- goto ex_of;
-
- // Seal and finalize
- out_size = enc_size;
- ret = yaca_open_update(ctx, enc, enc_size, dec, &out_size);
- if (ret < 0)
- goto ex_in;
-
- rem = dec_size - out_size;
- ret = yaca_open_final(ctx, dec + out_size, &rem);
- if (ret < 0)
- goto ex_in;
-
- dec_size = rem + out_size;
-
- printf("Decrypted data (16 of %zu bytes): %.16s\n", (size_t)dec_size, dec);
-
- yaca_ctx_free(ctx); // TODO: perhaps it should not return value
- }
-
-ex_in:
- yaca_free(dec);
-ex_of:
- yaca_free(enc);
-ex_ak:
- yaca_key_free(aes_key);
- yaca_key_free(iv);
-ex_pk:
- yaca_key_free(key_pub);
- yaca_key_free(key_priv);
-}
-
int main()
{
int ret = yaca_init();
encrypt_advanced();
- encrypt_seal();
-
yaca_exit(); // TODO: what about handing of return value from exit??
return ret;
}
--- /dev/null
+/*
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+/**
+ * @file seal.c
+ * @brief
+ */
+
+#include <stdio.h>
+
+#include <yaca/crypto.h>
+#include <yaca/seal.h>
+#include <yaca/key.h>
+#include "lorem.h"
+#include "misc.h"
+
+void encrypt_seal(void)
+{
+ int ret;
+ yaca_ctx_h ctx = YACA_CTX_NULL;
+ yaca_key_h key_pub = YACA_KEY_NULL;
+ yaca_key_h key_priv = YACA_KEY_NULL;
+ yaca_key_h aes_key = YACA_KEY_NULL;
+ yaca_key_h iv = YACA_KEY_NULL;
+
+ char *enc = NULL;
+ char *dec = NULL;
+ size_t enc_size;
+ size_t dec_size;
+
+ printf("Plain data (16 of %zu bytes): %.16s\n", (size_t)4096, lorem1024);
+
+ /// Generate key pair
+ ret = yaca_key_gen_pair(&key_priv, &key_pub,
+ YACA_KEY_TYPE_PAIR_RSA,
+ YACA_KEY_2048BIT);
+ if (ret) return;
+
+ /// Encrypt a.k.a. seal
+ {
+ size_t out_size;
+ size_t rem;
+
+ ret = yaca_seal_init(&ctx, key_pub,
+ YACA_ENC_AES, YACA_BCM_CBC,
+ &aes_key, &iv);
+ if (ret < 0)
+ goto ex_pk;
+
+ ret = yaca_seal_update(ctx, lorem4096, 4096, NULL, &enc_size);
+ if (ret < 0)
+ goto ex_ak;
+
+ ret = yaca_get_block_length(ctx);
+ if (ret < 0)
+ goto ex_ak;
+
+ enc_size = enc_size + ret;
+ enc = yaca_malloc(enc_size);
+ if (enc == NULL)
+ goto ex_ak;
+
+ // Seal and finalize
+ out_size = enc_size;
+ ret = yaca_seal_update(ctx, lorem4096, 4096, enc, &out_size);
+ if (ret < 0)
+ goto ex_of;
+
+ rem = enc_size - out_size;
+ ret = yaca_seal_final(ctx, enc + out_size, &rem);
+ if (ret < 0)
+ goto ex_of;
+
+ enc_size = rem + out_size;
+
+ dump_hex(enc, 16, "Encrypted data (16 of %zu bytes): ", enc_size);
+
+ yaca_ctx_free(ctx); // TODO: perhaps it should not return value
+ }
+
+ /// Decrypt a.k.a. open
+ {
+ size_t out_size;
+ size_t rem;
+
+ ret = yaca_open_init(&ctx, key_priv,
+ YACA_ENC_AES, YACA_BCM_CBC,
+ aes_key, iv);
+ if (ret < 0) {
+ yaca_free(enc);
+ goto ex_ak;
+ }
+
+ ret = yaca_open_update(ctx, enc, enc_size, NULL, &dec_size);
+ if (ret < 0)
+ goto ex_of;
+
+ ret = yaca_get_block_length(ctx);
+ if (ret < 0)
+ goto ex_of;
+
+ dec_size = dec_size + ret;
+ dec = yaca_malloc(dec_size);
+ if (dec == NULL)
+ goto ex_of;
+
+ // Seal and finalize
+ out_size = enc_size;
+ ret = yaca_open_update(ctx, enc, enc_size, dec, &out_size);
+ if (ret < 0)
+ goto ex_in;
+
+ rem = dec_size - out_size;
+ ret = yaca_open_final(ctx, dec + out_size, &rem);
+ if (ret < 0)
+ goto ex_in;
+
+ dec_size = rem + out_size;
+
+ printf("Decrypted data (16 of %zu bytes): %.16s\n", (size_t)dec_size, dec);
+
+ yaca_ctx_free(ctx); // TODO: perhaps it should not return value
+ }
+
+ex_in:
+ yaca_free(dec);
+ex_of:
+ yaca_free(enc);
+ex_ak:
+ yaca_key_free(aes_key);
+ yaca_key_free(iv);
+ex_pk:
+ yaca_key_free(key_pub);
+ yaca_key_free(key_priv);
+}
+
+int main()
+{
+ int ret = yaca_init();
+ if (ret < 0)
+ return ret;
+
+ encrypt_seal();
+
+ yaca_exit(); // TODO: what about handing of return value from exit??
+ return ret;
+}
return encrypt_final(ctx,(unsigned char*)plain, plain_len,
OP_DECRYPT);
}
-
-API int yaca_seal_init(yaca_ctx_h *ctx,
- const yaca_key_h pub_key,
- yaca_enc_algo_e algo,
- yaca_block_cipher_mode_e bcm,
- yaca_key_h *sym_key,
- yaca_key_h *iv)
-{
- return YACA_ERROR_NOT_IMPLEMENTED;
-}
-
-API int yaca_seal_update(yaca_ctx_h ctx,
- const char *plain,
- size_t plain_len,
- char *cipher,
- size_t *cipher_len)
-{
- return YACA_ERROR_NOT_IMPLEMENTED;
-}
-
-API int yaca_seal_final(yaca_ctx_h ctx,
- char *cipher,
- size_t *cipher_len)
-{
- return YACA_ERROR_NOT_IMPLEMENTED;
-}
-
-API int yaca_open_init(yaca_ctx_h *ctx,
- const yaca_key_h prv_key,
- yaca_enc_algo_e algo,
- yaca_block_cipher_mode_e bcm,
- const yaca_key_h sym_key,
- const yaca_key_h iv)
-{
- return YACA_ERROR_NOT_IMPLEMENTED;
-}
-
-API int yaca_open_update(yaca_ctx_h ctx,
- const char *cipher,
- size_t cipher_len,
- char *plain,
- size_t *plain_len)
-{
- return YACA_ERROR_NOT_IMPLEMENTED;
-}
-
-API int yaca_open_final(yaca_ctx_h ctx,
- char *plain,
- size_t *plain_len)
-{
- return YACA_ERROR_NOT_IMPLEMENTED;
-}
--- /dev/null
+/*
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#include <assert.h>
+#include <string.h>
+
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/evp.h>
+
+#include <yaca/crypto.h>
+#include <yaca/seal.h>
+#include <yaca/error.h>
+#include <yaca/key.h>
+
+#include "internal.h"
+
+API int yaca_seal_init(yaca_ctx_h *ctx,
+ const yaca_key_h pub_key,
+ yaca_enc_algo_e algo,
+ yaca_block_cipher_mode_e bcm,
+ yaca_key_h *sym_key,
+ yaca_key_h *iv)
+{
+ return YACA_ERROR_NOT_IMPLEMENTED;
+}
+
+API int yaca_seal_update(yaca_ctx_h ctx,
+ const char *plain,
+ size_t plain_len,
+ char *cipher,
+ size_t *cipher_len)
+{
+ return YACA_ERROR_NOT_IMPLEMENTED;
+}
+
+API int yaca_seal_final(yaca_ctx_h ctx,
+ char *cipher,
+ size_t *cipher_len)
+{
+ return YACA_ERROR_NOT_IMPLEMENTED;
+}
+
+API int yaca_open_init(yaca_ctx_h *ctx,
+ const yaca_key_h prv_key,
+ yaca_enc_algo_e algo,
+ yaca_block_cipher_mode_e bcm,
+ const yaca_key_h sym_key,
+ const yaca_key_h iv)
+{
+ return YACA_ERROR_NOT_IMPLEMENTED;
+}
+
+API int yaca_open_update(yaca_ctx_h ctx,
+ const char *cipher,
+ size_t cipher_len,
+ char *plain,
+ size_t *plain_len)
+{
+ return YACA_ERROR_NOT_IMPLEMENTED;
+}
+
+API int yaca_open_final(yaca_ctx_h ctx,
+ char *plain,
+ size_t *plain_len)
+{
+ return YACA_ERROR_NOT_IMPLEMENTED;
+}
projects / platform / core / security / yaca.git / commitdiff