Return buffer with shared secret instead of yaca_key_h.
Shared secret should not be used as a key.
Change-Id: I55de2b330deb06dd6b15902bf5f4ea9fe45e4359
void yaca_key_destroy(yaca_key_h key);
/**
- * @brief Derives a key using Diffie-Helmann or EC Diffie-Helmann key exchange protocol.
+ * @brief Derives a shared secret using Diffie-Helmann or EC Diffie-Helmann key exchange protocol.
*
* @since_tizen 3.0
*
- * @remarks The @a sym_key should be released using yaca_key_destroy()
+ * @remarks The @a secret should not be used as a symmetric key,
+ * to produce a symmetric key pass the secret to a key derivation function (KDF) or a message digest function
*
- * @param[in] prv_key Our private key
- * @param[in] pub_key Peer public key
- * @param[out] sym_key Shared secret, that can be used as a symmetric key
+ * @remarks The @a secret should be freed with yaca_free()
+ *
+ * @param[in] prv_key Our private key
+ * @param[in] pub_key Peer public key
+ * @param[out] secret Generated shared secret
+ * @param[out] secret_len Size of the shared secret
*
* @return #YACA_ERROR_NONE on success, negative on error
* @retval #YACA_ERROR_NONE Successful
- * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values
+ * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (invalid key)
* @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error
* @retval #YACA_ERROR_INTERNAL Internal error
*
- * @see yaca_key_destroy()
+ * @see yaca_simple_calculate_digest()
+ * @see yaca_free()
*/
int yaca_key_derive_dh(const yaca_key_h prv_key,
const yaca_key_h pub_key,
- yaca_key_h *sym_key);
+ char **secret,
+ size_t *secret_len);
/**
* @brief Derives a key from user password (PKCS #5 a.k.a. pbkdf2 algorithm).
BUILD_EXAMPLE("yaca-example-encrypt-gcm-ccm" encrypt_aes_gcm_ccm.c)
BUILD_EXAMPLE("yaca-example-sign" sign.c)
BUILD_EXAMPLE("yaca-example-key-gen" key_gen.c)
-BUILD_EXAMPLE("yaca-example-key-exchange" key_exchange.c)
+#BUILD_EXAMPLE("yaca-example-key-exchange" key_exchange.c)
BUILD_EXAMPLE("yaca-example-key-impexp" key_import_export.c)
BUILD_EXAMPLE("yaca-example-key-password" key_password.c)
BUILD_EXAMPLE("yaca-example-key-wrap" key_wrap.c)
API int yaca_key_derive_dh(const yaca_key_h prv_key,
const yaca_key_h pub_key,
- yaca_key_h *sym_key)
+ char **secret,
+ size_t *secret_len)
{
int ret;
struct yaca_key_evp_s *lprv_key = key_get_evp(prv_key);
struct yaca_key_evp_s *lpub_key = key_get_evp(pub_key);
- struct yaca_key_simple_s *nk = NULL;
- size_t nk_len;
EVP_PKEY_CTX *ctx;
+ char *data = NULL;
+ size_t data_len;
- if (lprv_key == NULL || lpub_key == NULL || sym_key == NULL ||
+ if (lprv_key == NULL || lpub_key == NULL || secret == NULL || secret_len == NULL ||
(!(lprv_key->key.type == YACA_KEY_TYPE_DH_PRIV &&
lpub_key->key.type == YACA_KEY_TYPE_DH_PUB)
&&
goto exit;
}
- ret = EVP_PKEY_derive(ctx, NULL, &nk_len);
+ ret = EVP_PKEY_derive(ctx, NULL, &data_len);
if (ret != 1) {
ret = YACA_ERROR_INTERNAL;
ERROR_DUMP(ret);
goto exit;
}
- if (nk_len == 0 || nk_len > SIZE_MAX / 8) {
+ if (data_len == 0 || data_len > SIZE_MAX / 8) {
ret = YACA_ERROR_INVALID_PARAMETER;
goto exit;
}
- ret = yaca_zalloc(sizeof(struct yaca_key_simple_s) + nk_len, (void**)&nk);
+ ret = yaca_zalloc(data_len, (void**)&data);
if (ret != YACA_ERROR_NONE)
goto exit;
- ret = EVP_PKEY_derive(ctx, (unsigned char*)nk->d, &nk_len);
+ ret = EVP_PKEY_derive(ctx, (unsigned char*)data, &data_len);
if (ret != 1) {
ret = YACA_ERROR_INTERNAL;
ERROR_DUMP(ret);
goto exit;
}
- nk->bit_len = nk_len * 8;
- nk->key.type = YACA_KEY_TYPE_SYMMETRIC;
- *sym_key = (yaca_key_h)nk;
- nk = NULL;
+ *secret = data;
+ data = NULL;
+ *secret_len = data_len;
+
ret = YACA_ERROR_NONE;
exit:
EVP_PKEY_CTX_free(ctx);
- yaca_free(nk);
+ yaca_free(data);
return ret;
}