key_file_fmt is a format of the file (PEM, DER, RAW, BASE64).
Newly added key_fmt is a format of a key within file format (PKCS#X, etc).
E.g. we can have PKCS#1 encoded as PEM or DER and PKCS#8 encoded again
as PEM or DER. Those two format types are independent of each other.
Change-Id: I38b9106c619a5b45c09be48d95f9278f43b79dd4
/**
* @brief yaca_key_import Imports a key from the arbitrary format.
*
- * @param[out] key Returned key (must be freed with yaca_key_free()).
- * @param[in] key_fmt Format of the key.
- * @param[in] key_type Type of the key.
- * @param[in] data Blob containing the key.
- * @param[in] data_len Size of the blob.
+ * @param[out] key Returned key (must be freed with yaca_key_free()).
+ * @param[in] key_file_fmt Format of the key file.
+ * @param[in] key_type Type of the key.
+ * @param[in] data Blob containing the key.
+ * @param[in] data_len Size of the blob.
*
* @return 0 on success, negative on error.
* @see #yaca_key_fmt_e, #yaca_key_type_e, yaca_key_export(), yaca_key_free()
*/
int yaca_key_import(yaca_key_h *key,
- yaca_key_fmt_e key_fmt,
+ yaca_key_file_fmt_e key_file_fmt,
yaca_key_type_e key_type,
const char *data,
size_t data_len);
/**
* @brief yaca_key_export Exports a key to arbitrary format. Export may fail if key is HW-based.
*
- * @param[in] key Key to be exported.
- * @param[in] key_fmt Format of the key.
- * @param[out] data Data, allocated by the library, containing exported key
- * (must be freed with yaca_free()).
- * @param[out] data_len Size of the output data.
+ * @param[in] key Key to be exported.
+ * @param[in] key_file_fmt Format of the key.
+ * @param[out] data Data, allocated by the library, containing exported key
+ * (must be freed with yaca_free()).
+ * @param[out] data_len Size of the output data.
*
* @return 0 on success, negative on error.
* @see #yaca_key_fmt_e, yaca_key_import(), yaca_key_free()
*/
int yaca_key_export(const yaca_key_h key,
- yaca_key_fmt_e key_fmt,
+ yaca_key_file_fmt_e key_file_fmt,
char **data,
size_t *data_len);
* @brief Key formats
*/
typedef enum {
- YACA_KEY_FORMAT_RAW, /**< key is in clear format */
- YACA_KEY_FORMAT_BASE64, /**< key is encoded in ASCII-base64 */
- YACA_KEY_FORMAT_PEM, /**< key is in PEM file format */
- YACA_KEY_FORMAT_DER /**< key is in DER file format */
+ YACA_KEY_FORMAT_DEFAULT, /**< key is either PKCS#1 for RSA or SSLeay for DSA, also use this option for symmetric */
+ YACA_KEY_FORMAT_PKCS8 /**< key is in PKCS#8, can only be used for asymmetric private keys */
} yaca_key_fmt_e;
/**
+ * @brief Key file formats
+ */
+typedef enum {
+ YACA_KEY_FILE_FORMAT_RAW, /**< key file is in raw binary format, used for symmetric keys */
+ YACA_KEY_FILE_FORMAT_BASE64, /**< key file is encoded in ASCII-base64, used for symmetric keys */
+ YACA_KEY_FILE_FORMAT_PEM, /**< key file is in PEM file format, used for asymmetric keys */
+ YACA_KEY_FILE_FORMAT_DER /**< key file is in DER file format, used for asymmetric keys */
+} yaca_key_file_fmt_e;
+
+/**
* @brief Key types, IV is considered as key
*/
typedef enum {
goto clean;
// generate and export aad?
- ret = yaca_key_export(aad_key, YACA_KEY_FORMAT_RAW, &aad, &aad_len);
+ ret = yaca_key_export(aad_key, YACA_KEY_FILE_FORMAT_RAW, &aad, &aad_len);
if (ret < 0)
goto clean;
goto clean;
ret = yaca_key_import(&peer_key,
- YACA_KEY_FORMAT_RAW, YACA_KEY_TYPE_DH_PUB,
+ YACA_KEY_FILE_FORMAT_RAW, YACA_KEY_TYPE_DH_PUB,
buffer, size);
if (ret < 0)
goto clean;
if (1 != fread(buffer, size, 1, fp))
goto clean;
- ret = yaca_key_import(&peer_key, YACA_KEY_FORMAT_RAW, YACA_KEY_TYPE_ECDH_PUB, buffer, size);
+ ret = yaca_key_import(&peer_key, YACA_KEY_FILE_FORMAT_RAW, YACA_KEY_TYPE_ECDH_PUB, buffer, size);
if (ret < 0)
goto clean;
printf("done (%d)\n", ret);
printf("Exporting key using CryptoAPI.. ");
- ret = yaca_key_export(key, YACA_KEY_FORMAT_RAW, &k, &kl);
+ ret = yaca_key_export(key, YACA_KEY_FILE_FORMAT_RAW, &k, &kl);
if (ret < 0)
return ret;
printf("done (%d)\n", ret);
}
API int yaca_key_import(yaca_key_h *key,
- yaca_key_fmt_e key_fmt,
+ yaca_key_file_fmt_e key_file_fmt,
yaca_key_type_e key_type,
const char *data,
size_t data_len)
if (key == NULL || data == NULL || data_len == 0)
return YACA_ERROR_INVALID_ARGUMENT;
- if (key_fmt != YACA_KEY_FORMAT_RAW)
+ if (key_file_fmt != YACA_KEY_FILE_FORMAT_RAW)
return YACA_ERROR_NOT_IMPLEMENTED;
if (key_type == YACA_KEY_TYPE_SYMMETRIC) {
}
API int yaca_key_export(const yaca_key_h key,
- yaca_key_fmt_e key_fmt,
+ yaca_key_file_fmt_e key_file_fmt,
char **data,
size_t *data_len)
{
if (data == NULL || data_len == NULL)
return YACA_ERROR_INVALID_ARGUMENT;
- if (key_fmt != YACA_KEY_FORMAT_RAW)
+ if (key_file_fmt != YACA_KEY_FILE_FORMAT_RAW)
return YACA_ERROR_NOT_IMPLEMENTED;
if (simple_key != NULL) {
Global:
- Rethink and possibly add verification of output buffer lengths.
In other words check whether the user won't cause a buffer overflow.
+- Importing/exporting encrypted (passphrased) RSA keys
+- What about importing RSA priv and generating PUB from it?