From: Dariusz Michaluk <d.michaluk@samsung.com>
Date: Fri, 8 Jul 2016 12:04:05 +0000 (+0200)
Subject: Add yaca_key_derive_dh(), define proper key types and lengths
X-Git-Tag: accepted/tizen/common/20160901.143419~35^2~26
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=596cd43cc60e86e79802965ae41f971fb0d7a801;p=platform%2Fcore%2Fsecurity%2Fyaca.git

Add yaca_key_derive_dh(), define proper key types and lengths

Restore YACA_KEY_TYPE_EC* defines.

Change-Id: Iff2413253134d945cf0de405f5b90e159e7664ae
---

diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h
index 2072cef..c877766 100755
--- a/api/yaca/yaca_key.h
+++ b/api/yaca/yaca_key.h
@@ -252,6 +252,29 @@ int yaca_key_extract_public(const yaca_key_h prv_key, yaca_key_h *pub_key);
 void yaca_key_destroy(yaca_key_h key);
 
 /**
+ * @brief  Derives a key using Diffie-Helmann or EC Diffie-Helmann key exchange protocol.
+ *
+ * @since_tizen 3.0
+ *
+ * @remarks  The @a sym_key should be released using yaca_key_destroy()
+ *
+ * @param[in]  prv_key  Our private key
+ * @param[in]  pub_key  Peer public key
+ * @param[out] sym_key  Shared secret, that can be used as a symmetric key
+ *
+ * @return #YACA_ERROR_NONE on success, negative on error
+ * @retval #YACA_ERROR_NONE Successful
+ * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values
+ * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error
+ * @retval #YACA_ERROR_INTERNAL Internal error
+ *
+ * @see yaca_key_destroy()
+ */
+int yaca_key_derive_dh(const yaca_key_h prv_key,
+                       const yaca_key_h pub_key,
+                       yaca_key_h *sym_key);
+
+/**
  * @brief  Derives a key from user password (PKCS #5 a.k.a. pbkdf2 algorithm).
  *
  * @since_tizen 3.0
diff --git a/api/yaca/yaca_types.h b/api/yaca/yaca_types.h
index bb47cdf..cd78f88 100755
--- a/api/yaca/yaca_types.h
+++ b/api/yaca/yaca_types.h
@@ -97,6 +97,16 @@ typedef enum {
 	YACA_KEY_TYPE_DSA_PUB,
 	/** Digital Signature Algorithm private key */
 	YACA_KEY_TYPE_DSA_PRIV,
+
+	/** Diffie-Hellman public key */
+	YACA_KEY_TYPE_DH_PUB,
+	/** Diffie-Hellman private key */
+	YACA_KEY_TYPE_DH_PRIV,
+
+	/** Elliptic Curve public key (for DSA and DH) */
+	YACA_KEY_TYPE_EC_PUB,
+	/** Elliptic Curve private key (for DSA and DH) */
+	YACA_KEY_TYPE_EC_PRIV
 } yaca_key_type_e;
 
 /**
diff --git a/examples/CMakeLists.txt b/examples/CMakeLists.txt
index c1f6ef1..3eae22c 100644
--- a/examples/CMakeLists.txt
+++ b/examples/CMakeLists.txt
@@ -48,8 +48,9 @@ BUILD_EXAMPLE("yaca-example-encrypt"          encrypt.c)
 BUILD_EXAMPLE("yaca-example-seal"             seal.c)
 BUILD_EXAMPLE("yaca-example-encrypt-gcm-ccm"  encrypt_aes_gcm_ccm.c)
 BUILD_EXAMPLE("yaca-example-sign"             sign.c)
+BUILD_EXAMPLE("yaca-example-key-exchange"     key_exchange.c)
 BUILD_EXAMPLE("yaca-example-key-impexp"       key_import_export.c)
-BUILD_EXAMPLE("yaca-example-key-password" key_password.c)
+BUILD_EXAMPLE("yaca-example-key-password"     key_password.c)
 
 INSTALL(FILES       ${COMMON_SOURCES}
         DESTINATION ${EXAMPLES_DIR})
diff --git a/examples/key_exchange.c b/examples/key_exchange.c
index eb9beae..c825090 100644
--- a/examples/key_exchange.c
+++ b/examples/key_exchange.c
@@ -32,8 +32,6 @@
 
 void key_exchange_dh(void)
 {
-// TODO DH is not supported yet
-#if 0
 	int ret;
 
 	yaca_key_h private_key = YACA_KEY_NULL;
@@ -89,13 +87,12 @@ exit:
 	if (fp != NULL)
 		fclose(fp);
 	yaca_free(buffer);
-#endif
 }
 
-void key_exchange_ecdh(void)
-{
 // TODO ECDH is not supported yet
 #if 0
+void key_exchange_ecdh(void)
+{
 	int ret;
 
 	yaca_key_h private_key = YACA_KEY_NULL;
@@ -151,8 +148,8 @@ exit:
 	if (fp != NULL)
 		fclose(fp);
 	yaca_free(buffer);
-#endif
 }
+#endif
 
 int main()
 {
@@ -163,7 +160,7 @@ int main()
 		return ret;
 
 	key_exchange_dh();
-	key_exchange_ecdh();
+	//key_exchange_ecdh();
 
 	yaca_cleanup();
 	return ret;
diff --git a/src/internal.h b/src/internal.h
index 762c019..e9ee271 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -92,6 +92,10 @@ struct yaca_key_simple_s {
  * - YACA_KEY_TYPE_RSA_PRIV
  * - YACA_KEY_TYPE_DSA_PUB
  * - YACA_KEY_TYPE_DSA_PRIV
+ * - YACA_KEY_TYPE_DH_PUB
+ * - YACA_KEY_TYPE_DH_PRIV
+ * - YACA_KEY_TYPE_EC_PUB
+ * - YACA_KEY_TYPE_EC_PRIV
  *
  */
 struct yaca_key_evp_s {
diff --git a/src/key.c b/src/key.c
index e018d14..51a3993 100644
--- a/src/key.c
+++ b/src/key.c
@@ -385,9 +385,9 @@ int import_evp(yaca_key_h *key,
 		type = private ? YACA_KEY_TYPE_DSA_PRIV : YACA_KEY_TYPE_DSA_PUB;
 		break;
 
-//	case EVP_PKEY_EC:
-//		type = private ? YACA_KEY_TYPE_EC_PRIV : YACA_KEY_TYPE_EC_PUB;
-//		break;
+	case EVP_PKEY_EC:
+		type = private ? YACA_KEY_TYPE_EC_PRIV : YACA_KEY_TYPE_EC_PUB;
+		break;
 
 	default:
 		ret = YACA_ERROR_INVALID_PARAMETER;
@@ -542,11 +542,11 @@ int export_evp_default_bio(struct yaca_key_evp_s *evp_key,
 			ret = PEM_write_bio_PUBKEY(mem, evp_key->evp);
 			break;
 
-//		case YACA_KEY_TYPE_DH_PRIV:
-//		case YACA_KEY_TYPE_DH_PUB:
-//		case YACA_KEY_TYPE_EC_PRIV:
-//		case YACA_KEY_TYPE_EC_PUB:
-//			TODO NOT_IMPLEMENTED
+		case YACA_KEY_TYPE_DH_PRIV:
+		case YACA_KEY_TYPE_DH_PUB:
+		case YACA_KEY_TYPE_EC_PRIV:
+		case YACA_KEY_TYPE_EC_PUB:
+			//TODO NOT_IMPLEMENTED
 		default:
 			return YACA_ERROR_INVALID_PARAMETER;
 		}
@@ -575,11 +575,11 @@ int export_evp_default_bio(struct yaca_key_evp_s *evp_key,
 			ret = i2d_PUBKEY_bio(mem, evp_key->evp);
 			break;
 
-//		case YACA_KEY_TYPE_DH_PRIV:
-//		case YACA_KEY_TYPE_DH_PUB:
-//		case YACA_KEY_TYPE_EC_PRIV:
-//		case YACA_KEY_TYPE_EC_PUB:
-//			TODO NOT_IMPLEMENTED
+		case YACA_KEY_TYPE_DH_PRIV:
+		case YACA_KEY_TYPE_DH_PUB:
+		case YACA_KEY_TYPE_EC_PRIV:
+		case YACA_KEY_TYPE_EC_PUB:
+			//TODO NOT_IMPLEMENTED
 		default:
 			return YACA_ERROR_INVALID_PARAMETER;
 		}
@@ -625,9 +625,9 @@ int export_evp_pkcs8_bio(struct yaca_key_evp_s *evp_key,
 			ret = PEM_write_bio_PKCS8PrivateKey_nid(mem, evp_key->evp, nid,
 			                                        NULL, 0, NULL, (void*)password);
 			break;
-//		case YACA_KEY_TYPE_DH_PRIV:
-//		case YACA_KEY_TYPE_EC_PRIV:
-//			TODO NOT_IMPLEMENTED
+		case YACA_KEY_TYPE_DH_PRIV:
+		case YACA_KEY_TYPE_EC_PRIV:
+			//TODO NOT_IMPLEMENTED
 		default:
 			/* Public keys are not supported by PKCS8 */
 			return YACA_ERROR_INVALID_PARAMETER;
@@ -644,9 +644,9 @@ int export_evp_pkcs8_bio(struct yaca_key_evp_s *evp_key,
 			                                  NULL, 0, NULL, (void*)password);
 			break;
 
-//		case YACA_KEY_TYPE_DH_PRIV:
-//		case YACA_KEY_TYPE_EC_PRIV:
-//			TODO NOT_IMPLEMENTED
+		case YACA_KEY_TYPE_DH_PRIV:
+		case YACA_KEY_TYPE_EC_PRIV:
+			//TODO NOT_IMPLEMENTED
 		default:
 			/* Public keys are not supported by PKCS8 */
 			return YACA_ERROR_INVALID_PARAMETER;
@@ -1114,11 +1114,11 @@ API int yaca_key_import(yaca_key_type_e key_type,
 	case YACA_KEY_TYPE_DSA_PUB:
 	case YACA_KEY_TYPE_DSA_PRIV:
 		return import_evp(key, key_type, password, data, data_len);
-//	case YACA_KEY_TYPE_DH_PUB:
-//	case YACA_KEY_TYPE_DH_PRIV:
-//	case YACA_KEY_TYPE_EC_PUB:
-//	case YACA_KEY_TYPE_EC_PRIV:
-//		TODO NOT_IMPLEMENTED
+	case YACA_KEY_TYPE_DH_PUB:
+	case YACA_KEY_TYPE_DH_PRIV:
+	case YACA_KEY_TYPE_EC_PUB:
+	case YACA_KEY_TYPE_EC_PRIV:
+		//TODO NOT_IMPLEMENTED
 	default:
 		return YACA_ERROR_INVALID_PARAMETER;
 	}
@@ -1186,9 +1186,9 @@ API int yaca_key_generate(yaca_key_type_e key_type,
 	case YACA_KEY_TYPE_DSA_PRIV:
 		ret = generate_evp_dsa(&nk_evp, key_bit_len);
 		break;
-//	case YACA_KEY_TYPE_DH_PRIV:
-//	case YACA_KEY_TYPE_EC_PRIV:
-//		TODO NOT_IMPLEMENTED
+	case YACA_KEY_TYPE_DH_PRIV:
+	case YACA_KEY_TYPE_EC_PRIV:
+		//TODO NOT_IMPLEMENTED
 	default:
 		return YACA_ERROR_INVALID_PARAMETER;
 	}
@@ -1254,9 +1254,9 @@ API int yaca_key_extract_public(const yaca_key_h prv_key, yaca_key_h *pub_key)
 	case YACA_KEY_TYPE_DSA_PRIV:
 		nk->key.type = YACA_KEY_TYPE_DSA_PUB;
 		break;
-//	case YACA_KEY_TYPE_EC_PRIV:
-//		nk->key.type = YACA_KEY_TYPE_EC_PUB;
-//		break;
+	case YACA_KEY_TYPE_EC_PRIV:
+		nk->key.type = YACA_KEY_TYPE_EC_PUB;
+		break;
 	default:
 		ret = YACA_ERROR_INVALID_PARAMETER;
 		goto exit;
@@ -1290,6 +1290,14 @@ API void yaca_key_destroy(yaca_key_h key)
 	}
 }
 
+API int yaca_key_derive_dh(UNUSED const yaca_key_h prv_key,
+                           UNUSED const yaca_key_h pub_key,
+                           UNUSED yaca_key_h *sym_key)
+{
+	//TODO NOT_IMPLEMENTED
+	return YACA_ERROR_INVALID_PARAMETER;
+}
+
 API int yaca_key_derive_pbkdf2(const char *password,
                                const char *salt,
                                size_t salt_len,
diff --git a/src/sign.c b/src/sign.c
index 58b6d03..2576501 100644
--- a/src/sign.c
+++ b/src/sign.c
@@ -252,8 +252,8 @@ API int yaca_sign_initialize(yaca_context_h *ctx,
 	case YACA_KEY_TYPE_RSA_PRIV:
 	case YACA_KEY_TYPE_DSA_PRIV:
 		break;
-//	case YACA_KEY_TYPE_EC_PRIV:
-//		TODO NOT_IMPLEMENTED
+	case YACA_KEY_TYPE_EC_PRIV:
+		//TODO NOT_IMPLEMENTED
 	default:
 		return YACA_ERROR_INVALID_PARAMETER;
 	}
@@ -504,8 +504,8 @@ API int yaca_verify_initialize(yaca_context_h *ctx,
 	case YACA_KEY_TYPE_RSA_PUB:
 	case YACA_KEY_TYPE_DSA_PUB:
 		break;
-//	case YACA_KEY_TYPE_EC_PUB:
-//		TODO NOT_IMPLEMENTED
+	case YACA_KEY_TYPE_EC_PUB:
+		//TODO NOT_IMPLEMENTED
 	default:
 		return YACA_ERROR_INVALID_PARAMETER;
 	}