Change yaca_key_derive_dh() API

Return buffer with shared secret instead of yaca_key_h.
Shared secret should not be used as a key.

Change-Id: I55de2b330deb06dd6b15902bf5f4ea9fe45e4359

diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h
index b8714b1..693c4d6 100755 (executable)
--- a/api/yaca/yaca_key.h
+++ b/api/yaca/yaca_key.h
@@ -330,27 +330,33 @@ int yaca_key_extract_parameters(const yaca_key_h key, yaca_key_h *params);
 void yaca_key_destroy(yaca_key_h key);
 
 /**
- * @brief  Derives a key using Diffie-Helmann or EC Diffie-Helmann key exchange protocol.
+ * @brief  Derives a shared secret using Diffie-Helmann or EC Diffie-Helmann key exchange protocol.
  *
  * @since_tizen 3.0
  *
- * @remarks  The @a sym_key should be released using yaca_key_destroy()
+ * @remarks  The @a secret should not be used as a symmetric key,
+ *           to produce a symmetric key pass the secret to a key derivation function (KDF) or a message digest function
  *
- * @param[in]  prv_key  Our private key
- * @param[in]  pub_key  Peer public key
- * @param[out] sym_key  Shared secret, that can be used as a symmetric key
+ * @remarks  The @a secret should be freed with yaca_free()
+ *
+ * @param[in]  prv_key      Our private key
+ * @param[in]  pub_key      Peer public key
+ * @param[out] secret       Generated shared secret
+ * @param[out] secret_len   Size of the shared secret
  *
  * @return #YACA_ERROR_NONE on success, negative on error
  * @retval #YACA_ERROR_NONE Successful
- * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values
+ * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (invalid key)
  * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error
  * @retval #YACA_ERROR_INTERNAL Internal error
  *
- * @see yaca_key_destroy()
+ * @see yaca_simple_calculate_digest()
+ * @see yaca_free()
  */
 int yaca_key_derive_dh(const yaca_key_h prv_key,
                        const yaca_key_h pub_key,
-                       yaca_key_h *sym_key);
+                       char **secret,
+                       size_t *secret_len);
 
 /**
  * @brief  Derives a key from user password (PKCS #5 a.k.a. pbkdf2 algorithm).

diff --git a/examples/CMakeLists.txt b/examples/CMakeLists.txt
index 12cd956..7cad03a 100644 (file)
--- a/examples/CMakeLists.txt
+++ b/examples/CMakeLists.txt
@@ -49,7 +49,7 @@ BUILD_EXAMPLE("yaca-example-seal"             seal.c)
 BUILD_EXAMPLE("yaca-example-encrypt-gcm-ccm"  encrypt_aes_gcm_ccm.c)
 BUILD_EXAMPLE("yaca-example-sign"             sign.c)
 BUILD_EXAMPLE("yaca-example-key-gen"          key_gen.c)
-BUILD_EXAMPLE("yaca-example-key-exchange"     key_exchange.c)
+#BUILD_EXAMPLE("yaca-example-key-exchange"     key_exchange.c)
 BUILD_EXAMPLE("yaca-example-key-impexp"       key_import_export.c)
 BUILD_EXAMPLE("yaca-example-key-password"     key_password.c)
 BUILD_EXAMPLE("yaca-example-key-wrap"         key_wrap.c)

diff --git a/src/key.c b/src/key.c
index 462ace9..a0c6943 100644 (file)
--- a/src/key.c
+++ b/src/key.c
@@ -1748,16 +1748,17 @@ API void yaca_key_destroy(yaca_key_h key)
 
 API int yaca_key_derive_dh(const yaca_key_h prv_key,
                            const yaca_key_h pub_key,
-                           yaca_key_h *sym_key)
+                           char **secret,
+                           size_t *secret_len)
 {
        int ret;
        struct yaca_key_evp_s *lprv_key = key_get_evp(prv_key);
        struct yaca_key_evp_s *lpub_key = key_get_evp(pub_key);
-       struct yaca_key_simple_s *nk = NULL;
-       size_t nk_len;
        EVP_PKEY_CTX *ctx;
+       char *data = NULL;
+       size_t data_len;
 
-       if (lprv_key == NULL || lpub_key == NULL || sym_key == NULL ||
+       if (lprv_key == NULL || lpub_key == NULL || secret == NULL || secret_len == NULL ||
            (!(lprv_key->key.type == YACA_KEY_TYPE_DH_PRIV &&
               lpub_key->key.type == YACA_KEY_TYPE_DH_PUB)
            &&
@@ -1786,38 +1787,38 @@ API int yaca_key_derive_dh(const yaca_key_h prv_key,
                goto exit;
        }
 
-       ret = EVP_PKEY_derive(ctx, NULL, &nk_len);
+       ret = EVP_PKEY_derive(ctx, NULL, &data_len);
        if (ret != 1) {
                ret = YACA_ERROR_INTERNAL;
                ERROR_DUMP(ret);
                goto exit;
        }
 
-       if (nk_len == 0 || nk_len > SIZE_MAX / 8) {
+       if (data_len == 0 || data_len > SIZE_MAX / 8) {
                ret = YACA_ERROR_INVALID_PARAMETER;
                goto exit;
        }
 
-       ret = yaca_zalloc(sizeof(struct yaca_key_simple_s) + nk_len, (void**)&nk);
+       ret = yaca_zalloc(data_len, (void**)&data);
        if (ret != YACA_ERROR_NONE)
                goto exit;
 
-       ret = EVP_PKEY_derive(ctx, (unsigned char*)nk->d, &nk_len);
+       ret = EVP_PKEY_derive(ctx, (unsigned char*)data, &data_len);
        if (ret != 1) {
                ret = YACA_ERROR_INTERNAL;
                ERROR_DUMP(ret);
                goto exit;
        }
 
-       nk->bit_len = nk_len * 8;
-       nk->key.type = YACA_KEY_TYPE_SYMMETRIC;
-       *sym_key = (yaca_key_h)nk;
-       nk = NULL;
+       *secret = data;
+       data = NULL;
+       *secret_len = data_len;
+
        ret = YACA_ERROR_NONE;
 
 exit:
        EVP_PKEY_CTX_free(ctx);
-       yaca_free(nk);
+       yaca_free(data);
        return ret;
 }