* @param[in] key_bits Length of the key (in bits) to be generated.
*
* @return 0 on success, negative on error.
- * @see #yaca_key_type_e, #yaca_key_bits_e, yaca_key_gen_pair(), yaca_key_free()
+ * @see #yaca_key_type_e, #yaca_key_bits_e, yaca_key_free()
*/
int yaca_key_gen(yaca_key_h *key,
yaca_key_type_e key_type,
int yaca_key_extract_public(const yaca_key_h prv_key, yaca_key_h *pub_key);
/**
- * @brief yaca_key_gen_pair Generates a new key pair.
- *
- * @param[out] prv_key Newly generated private key (must be freed with yaca_key_free()).
- * @param[out] pub_key Newly generated public key (must be freed with yaca_key_free()).
- * @param[in] key_type Type of the key to be generated (must be YACA_KEY_TYPE_PAIR*).
- * @param[in] key_bits Length of the key (in bits) to be generated.
- *
- * @return 0 on success, negative on error.
- * @see #yaca_key_type_e, #yaca_key_bits_e, yaca_key_gen(), yaca_key_free()
- */
-int yaca_key_gen_pair(yaca_key_h *prv_key,
- yaca_key_h *pub_key,
- yaca_key_type_e key_type,
- size_t key_bits);
-
-/**
* @brief yaca_key_free Frees the key created by the library.
* Passing YACA_KEY_NULL is allowed.
*
* @param key Key to be freed.
- * @see yaca_key_import(), yaca_key_export(), yaca_key_gen(), yaca_key_gen_pair()
+ * @see yaca_key_import(), yaca_key_export(), yaca_key_gen()
*
*/
void yaca_key_free(yaca_key_h key);
// TODO: ECDH might not exist as a separate key type, remove?
YACA_KEY_TYPE_ECDH_PUB, /**< Elliptic Curve Diffie-Hellman public key */
YACA_KEY_TYPE_ECDH_PRIV, /**< Elliptic Curve Diffie-Hellman private key */
-
- YACA_KEY_TYPE_PAIR_RSA, /**< Pair of RSA keys */
- YACA_KEY_TYPE_PAIR_DSA, /**< Pair of DSA keys */
- YACA_KEY_TYPE_PAIR_DH, /**< Pair of DH keys */
- YACA_KEY_TYPE_PAIR_ECDSA, /**< Pair of ECDSA keys */
- YACA_KEY_TYPE_PAIR_ECDH /**< Pair of ECDH keys */
} yaca_key_type_e;
/**
long size;
// generate private, public key
- // add KEY_TYPE_PAIR_DH or use KEY_TYPE_PAIR_ECC and proper len?
- // imo add KEY_TYPE_PAIR_DH
- ret = yaca_key_gen_pair(&private_key, &public_key, YACA_KEY_TYPE_PAIR_DH, YACA_KEY_2048BIT);
+ ret = yaca_key_gen(&private_key, YACA_KEY_TYPE_DH_PRIV, YACA_KEY_2048BIT);
+ if (ret < 0)
+ goto clean;
+
+ ret = yaca_key_extract_public(private_key, &public_key);
if (ret < 0)
goto clean;
long size;
// generate private, public key
- ret = yaca_key_gen_pair(&private_key, &public_key, YACA_KEY_TYPE_PAIR_ECDH, YACA_KEY_CURVE_P256);
+ ret = yaca_key_gen(&private_key, YACA_KEY_TYPE_ECDH_PRIV, YACA_KEY_CURVE_P256);
+ if (ret < 0)
+ goto clean;
+
+ ret = yaca_key_extract_public(private_key, &public_key);
if (ret < 0)
goto clean;
if (ret != 0)
goto exit;
- ret = yaca_key_gen_pair(&rsa_priv, &rsa_pub, YACA_KEY_TYPE_PAIR_RSA, YACA_KEY_1024BIT);
+ ret = yaca_key_gen(&rsa_priv, YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_1024BIT);
+ if (ret != 0)
+ goto free_sym;
+
+ ret = yaca_key_extract_public(rsa_priv, &rsa_pub);
if (ret != 0)
goto free_sym;
printf("Plain data (16 of %zu bytes): %.16s\n", LOREM4096_SIZE, lorem4096);
/* Generate key pair */
- if (yaca_key_gen_pair(&key_priv, &key_pub, YACA_KEY_TYPE_PAIR_RSA, YACA_KEY_4096BIT) != 0)
+ if (yaca_key_gen(&key_priv, YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_4096BIT) != 0)
return;
+ if (yaca_key_extract_public(key_priv, &key_pub) != 0)
+ goto ex_prvk;
+
/* Encrypt a.k.a. seal */
{
if (yaca_seal_init(&ctx, key_pub, algo, bcm, key_bits, &aes_key, &iv) != 0)
- goto ex_pk;
+ goto ex_pubk;
if ((block_len = yaca_get_block_length(ctx)) <= 0)
goto ex_ak;
yaca_ctx_free(ctx);
yaca_key_free(aes_key);
yaca_key_free(iv);
-ex_pk:
+ex_pubk:
yaca_key_free(key_pub);
+ex_prvk:
yaca_key_free(key_priv);
}
#endif
// GENERATE
- if (yaca_key_gen_pair(&prv, &pub, YACA_KEY_TYPE_PAIR_RSA, YACA_KEY_4096BIT) != 0)
+ if (yaca_key_gen(&prv, YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_4096BIT) != 0)
return;
+ if (yaca_key_extract_public(prv, &pub) != 0)
+ goto finish;
+
// SIGN
if (yaca_sign_init(&ctx, YACA_DIGEST_SHA512, prv) != 0)
goto finish;
return ret;
}
-API int yaca_key_gen_pair(yaca_key_h *prv_key,
- yaca_key_h *pub_key,
- yaca_key_type_e key_type,
- size_t key_bits)
-{
- int ret;
- struct yaca_key_evp_s *nk_prv = NULL;
- struct yaca_key_evp_s *nk_pub = NULL;
- RSA *rsa = NULL;
- BIGNUM *bne = NULL;
-
- if (prv_key == NULL || pub_key == NULL)
- return YACA_ERROR_INVALID_ARGUMENT;
-
- if (key_type != YACA_KEY_TYPE_PAIR_RSA)
- return YACA_ERROR_NOT_IMPLEMENTED;
-
- nk_prv = yaca_zalloc(sizeof(struct yaca_key_evp_s));
- if (nk_prv == NULL)
- return YACA_ERROR_OUT_OF_MEMORY;
-
- nk_pub = yaca_zalloc(sizeof(struct yaca_key_evp_s));
- if (nk_pub == NULL) {
- ret = YACA_ERROR_OUT_OF_MEMORY;
- goto free_prv;
- }
-
- // TODO: this NEEDS random number generator initialized
- // there is some other TODO elsewhere about it
-
- bne = BN_new();
- if (bne == NULL) {
- ret = YACA_ERROR_OUT_OF_MEMORY;
- ERROR_DUMP(ret);
- goto free_pub;
- }
-
- ret = BN_set_word(bne, RSA_F4);
- if (ret != 1) {
- ret = YACA_ERROR_INTERNAL;
- ERROR_DUMP(ret);
- goto free_bne;
- }
-
- rsa = RSA_new();
- if (rsa == NULL) {
- ret = YACA_ERROR_OUT_OF_MEMORY;
- ERROR_DUMP(ret);
- goto free_bne;
- }
-
- ret = RSA_generate_key_ex(rsa, key_bits, bne, NULL);
- if (ret != 1) {
- ret = YACA_ERROR_INTERNAL;
- ERROR_DUMP(ret);
- goto free_rsa;
- }
-
- nk_prv->evp = EVP_PKEY_new();
- if (nk_prv->evp == NULL) {
- ret = YACA_ERROR_OUT_OF_MEMORY;
- ERROR_DUMP(ret);
- goto free_rsa;
- }
-
- nk_pub->evp = EVP_PKEY_new();
- if (nk_prv->evp == NULL) {
- ret = YACA_ERROR_OUT_OF_MEMORY;
- ERROR_DUMP(ret);
- goto free_evp_prv;
- }
-
- ret = EVP_PKEY_assign_RSA(nk_prv->evp, RSAPrivateKey_dup(rsa));
- if (ret != 1) {
- ret = YACA_ERROR_INTERNAL;
- ERROR_DUMP(ret);
- goto free_evp_pub;
- }
-
- ret = EVP_PKEY_assign_RSA(nk_pub->evp, RSAPublicKey_dup(rsa));
- if (ret != 1) {
- ret = YACA_ERROR_INTERNAL;
- ERROR_DUMP(ret);
- goto free_evp_pub;
- }
-
- *prv_key = (yaca_key_h)nk_prv;
- (*prv_key)->type = YACA_KEY_TYPE_RSA_PRIV;
- *pub_key = (yaca_key_h)nk_pub;
- (*pub_key)->type = YACA_KEY_TYPE_RSA_PUB;
-
- ret = 0;
-
-free_evp_pub:
- if (ret != 0)
- EVP_PKEY_free(nk_pub->evp);
-free_evp_prv:
- if (ret != 0)
- EVP_PKEY_free(nk_prv->evp);
-free_rsa:
- RSA_free(rsa);
-free_bne:
- BN_free(bne);
-free_pub:
- if (ret != 0)
- yaca_free(nk_pub);
-free_prv:
- if (ret != 0)
- yaca_free(nk_prv);
-
- return ret;
-}
-
API void yaca_key_free(yaca_key_h key)
{
struct yaca_key_simple_s *simple_key = key_get_simple(key);
- Rethink and possibly add verification of output buffer lengths.
In other words check whether the user won't cause a buffer overflow.
- Importing/exporting encrypted (passphrased) RSA keys
-- What about importing RSA priv and generating PUB from it?
projects / platform / core / security / yaca.git / commitdiff