Rename key_fmt to key_file_fmt type and introduce a real key_fmt enum.

key_file_fmt is a format of the file (PEM, DER, RAW, BASE64).
Newly added key_fmt is a format of a key within file format (PKCS#X, etc).

E.g. we can have PKCS#1 encoded as PEM or DER and PKCS#8 encoded again
as PEM or DER. Those two format types are independent of each other.

Change-Id: I38b9106c619a5b45c09be48d95f9278f43b79dd4

diff --git a/api/yaca/key.h b/api/yaca/key.h
index c9c924c..dd1dbe8 100644 (file)
--- a/api/yaca/key.h
+++ b/api/yaca/key.h
@@ -55,17 +55,17 @@ int yaca_key_get_bits(const yaca_key_h key);
 /**
  * @brief yaca_key_import  Imports a key from the arbitrary format.
  *
- * @param[out] key       Returned key (must be freed with yaca_key_free()).
- * @param[in]  key_fmt   Format of the key.
- * @param[in]  key_type  Type of the key.
- * @param[in]  data      Blob containing the key.
- * @param[in]  data_len  Size of the blob.
+ * @param[out] key           Returned key (must be freed with yaca_key_free()).
+ * @param[in]  key_file_fmt  Format of the key file.
+ * @param[in]  key_type      Type of the key.
+ * @param[in]  data          Blob containing the key.
+ * @param[in]  data_len      Size of the blob.
  *
  * @return 0 on success, negative on error.
  * @see #yaca_key_fmt_e, #yaca_key_type_e, yaca_key_export(), yaca_key_free()
  */
 int yaca_key_import(yaca_key_h *key,
-                    yaca_key_fmt_e key_fmt,
+                    yaca_key_file_fmt_e key_file_fmt,
                     yaca_key_type_e key_type,
                     const char *data,
                     size_t data_len);
@@ -73,17 +73,17 @@ int yaca_key_import(yaca_key_h *key,
 /**
  * @brief yaca_key_export  Exports a key to arbitrary format. Export may fail if key is HW-based.
  *
- * @param[in]  key       Key to be exported.
- * @param[in]  key_fmt   Format of the key.
- * @param[out] data      Data, allocated by the library, containing exported key
- *                       (must be freed with yaca_free()).
- * @param[out] data_len  Size of the output data.
+ * @param[in]  key           Key to be exported.
+ * @param[in]  key_file_fmt  Format of the key.
+ * @param[out] data          Data, allocated by the library, containing exported key
+ *                           (must be freed with yaca_free()).
+ * @param[out] data_len      Size of the output data.
  *
  * @return 0 on success, negative on error.
  * @see #yaca_key_fmt_e, yaca_key_import(), yaca_key_free()
  */
 int yaca_key_export(const yaca_key_h key,
-                    yaca_key_fmt_e key_fmt,
+                    yaca_key_file_fmt_e key_file_fmt,
                     char **data,
                     size_t *data_len);
 

diff --git a/api/yaca/types.h b/api/yaca/types.h
index 80750bf..5478a46 100644 (file)
--- a/api/yaca/types.h
+++ b/api/yaca/types.h
@@ -50,13 +50,21 @@ typedef struct yaca_key_s *yaca_key_h;
  * @brief Key formats
  */
 typedef enum {
-       YACA_KEY_FORMAT_RAW,      /**< key is in clear format */
-       YACA_KEY_FORMAT_BASE64,   /**< key is encoded in ASCII-base64 */
-       YACA_KEY_FORMAT_PEM,      /**< key is in PEM file format */
-       YACA_KEY_FORMAT_DER       /**< key is in DER file format */
+       YACA_KEY_FORMAT_DEFAULT,  /**< key is either PKCS#1 for RSA or SSLeay for DSA, also use this option for symmetric */
+       YACA_KEY_FORMAT_PKCS8     /**< key is in PKCS#8, can only be used for asymmetric private keys */
 } yaca_key_fmt_e;
 
 /**
+ * @brief Key file formats
+ */
+typedef enum {
+       YACA_KEY_FILE_FORMAT_RAW,      /**< key file is in raw binary format, used for symmetric keys */
+       YACA_KEY_FILE_FORMAT_BASE64,   /**< key file is encoded in ASCII-base64, used for symmetric keys */
+       YACA_KEY_FILE_FORMAT_PEM,      /**< key file is in PEM file format, used for asymmetric keys */
+       YACA_KEY_FILE_FORMAT_DER       /**< key file is in DER file format, used for asymmetric keys */
+} yaca_key_file_fmt_e;
+
+/**
  * @brief Key types, IV is considered as key
  */
 typedef enum {

diff --git a/examples/encrypt_aes_gcm.c b/examples/encrypt_aes_gcm.c
index 9b2c6f8..17c51ff 100644 (file)
--- a/examples/encrypt_aes_gcm.c
+++ b/examples/encrypt_aes_gcm.c
@@ -71,7 +71,7 @@ void encrypt_decrypt_aes_gcm(void)
                goto clean;
 
        // generate and export aad?
-       ret = yaca_key_export(aad_key, YACA_KEY_FORMAT_RAW, &aad, &aad_len);
+       ret = yaca_key_export(aad_key, YACA_KEY_FILE_FORMAT_RAW, &aad, &aad_len);
        if (ret < 0)
                goto clean;
 

diff --git a/examples/key_exchange.c b/examples/key_exchange.c
index 2b0b61c..edbcd5d 100644 (file)
--- a/examples/key_exchange.c
+++ b/examples/key_exchange.c
@@ -68,7 +68,7 @@ void key_exchange_dh(void)
                goto clean;
 
        ret = yaca_key_import(&peer_key,
-                             YACA_KEY_FORMAT_RAW, YACA_KEY_TYPE_DH_PUB,
+                             YACA_KEY_FILE_FORMAT_RAW, YACA_KEY_TYPE_DH_PUB,
                              buffer, size);
        if (ret < 0)
                goto clean;
@@ -124,7 +124,7 @@ void key_exchange_ecdh(void)
        if (1 != fread(buffer, size, 1, fp))
                goto clean;
 
-       ret = yaca_key_import(&peer_key, YACA_KEY_FORMAT_RAW, YACA_KEY_TYPE_ECDH_PUB, buffer, size);
+       ret = yaca_key_import(&peer_key, YACA_KEY_FILE_FORMAT_RAW, YACA_KEY_TYPE_ECDH_PUB, buffer, size);
        if (ret < 0)
                goto clean;
 

diff --git a/examples/test.c b/examples/test.c
index 22f9632..a26148a 100644 (file)
--- a/examples/test.c
+++ b/examples/test.c
@@ -45,7 +45,7 @@ int main(int argc, char* argv[])
        printf("done (%d)\n", ret);
 
        printf("Exporting key using CryptoAPI.. ");
-       ret = yaca_key_export(key, YACA_KEY_FORMAT_RAW, &k, &kl);
+       ret = yaca_key_export(key, YACA_KEY_FILE_FORMAT_RAW, &k, &kl);
        if (ret < 0)
                return ret;
        printf("done (%d)\n", ret);

diff --git a/src/key.c b/src/key.c
index 6f47834..eacaccd 100644 (file)
--- a/src/key.c
+++ b/src/key.c
@@ -123,7 +123,7 @@ API int yaca_key_get_bits(const yaca_key_h key)
 }
 
 API int yaca_key_import(yaca_key_h *key,
-                        yaca_key_fmt_e key_fmt,
+                        yaca_key_file_fmt_e key_file_fmt,
                         yaca_key_type_e key_type,
                         const char *data,
                         size_t data_len)
@@ -131,7 +131,7 @@ API int yaca_key_import(yaca_key_h *key,
        if (key == NULL || data == NULL || data_len == 0)
                return YACA_ERROR_INVALID_ARGUMENT;
 
-       if (key_fmt != YACA_KEY_FORMAT_RAW)
+       if (key_file_fmt != YACA_KEY_FILE_FORMAT_RAW)
                return YACA_ERROR_NOT_IMPLEMENTED;
 
        if (key_type == YACA_KEY_TYPE_SYMMETRIC) {
@@ -164,7 +164,7 @@ API int yaca_key_import(yaca_key_h *key,
 }
 
 API int yaca_key_export(const yaca_key_h key,
-                        yaca_key_fmt_e key_fmt,
+                        yaca_key_file_fmt_e key_file_fmt,
                         char **data,
                         size_t *data_len)
 {
@@ -175,7 +175,7 @@ API int yaca_key_export(const yaca_key_h key,
        if (data == NULL || data_len == NULL)
                return YACA_ERROR_INVALID_ARGUMENT;
 
-       if (key_fmt != YACA_KEY_FORMAT_RAW)
+       if (key_file_fmt != YACA_KEY_FILE_FORMAT_RAW)
                return YACA_ERROR_NOT_IMPLEMENTED;
 
        if (simple_key != NULL) {

diff --git a/todo.txt b/todo.txt
index 4f24242..b2e5846 100644 (file)
--- a/todo.txt
+++ b/todo.txt
@@ -1,3 +1,5 @@
 Global:
 - Rethink and possibly add verification of output buffer lengths.
   In other words check whether the user won't cause a buffer overflow.
+- Importing/exporting encrypted (passphrased) RSA keys
+- What about importing RSA priv and generating PUB from it?