From 9b921fe12666a908006ee8e6f5308e6fc0699026 Mon Sep 17 00:00:00 2001 From: Mateusz Kulikowski Date: Wed, 23 Mar 2016 14:35:32 +0100 Subject: [PATCH] Remove old code Remove code from previous designs (no longer needed) Change-Id: I3ad0589e3e5559f81053718e44dd797ae3b5d7c7 Signed-off-by: Mateusz Kulikowski --- crypt.c | 27 --------- crypt.h | 184 --------------------------------------------------------- crypto_final.h | 8 --- evp-key-gen.c | 47 --------------- 4 files changed, 266 deletions(-) delete mode 100644 crypt.c delete mode 100644 crypt.h delete mode 100644 crypto_final.h delete mode 100644 evp-key-gen.c diff --git a/crypt.c b/crypt.c deleted file mode 100644 index 6d7c476..0000000 --- a/crypt.c +++ /dev/null @@ -1,27 +0,0 @@ -#include "crypt.h" -#include -#include - -// Use case 1 -// encypt buffer of bytes with defined buffers -void use_case_1() { - char buf[200] = "The quick brown fox jumps over the lazy dog"; - char out[200]; - size_t len = strlen(buf); - size_t outlen=sizeof(out); - crypt_key_h *key = NULL; - - crypt_init(&key, CIPHER_DES); - crypt_import_key(key, KEYFORMAT_RAW, "012345678", 8); // setup 64-bit key for DES operation - - // encrypt - int r = crypt_encrypt(key, buf, len, (void**)(&out), &outlen); - if (r < 0) { printf("context is incorect"); } - if (r < len) { printf("Out but to short"); } - - // decrypt - len = sizeof(buf); - r = crypt_decrypt(key, out, outlen, (void**)(&buf), &len); - - crypt_destroy(key); -} diff --git a/crypt.h b/crypt.h deleted file mode 100644 index 14f2635..0000000 --- a/crypt.h +++ /dev/null @@ -1,184 +0,0 @@ -#include - -#ifdef __cplusplus -extern "C" { -#endif - -typedef enum { - //symetric - CIPHER_NONE, //e.g. no cipher based digests - CIPHER_DES, //unsafe - CIPHER_DES3, - CIPHER_DESX, //only CBC blockmode - CIPHER_AES, - CIPHER_RC2, //unsafe - CIPHER_RC4, //unsafe - CIPHER_RC5, - CIPHER_CAST5, - CIPHER_SKIPJACK,//unsafe - - //aymetric - CIPHER_RSA, //RSA cert - md5+sha1 is signed - CIPHER_DSA, //DSA cert - sha1 is signed - CIPHER_KEA, //key pair generation, TEK derivation (Token Encryption Key) - CIPHER_DH, //key pair generation, TEK derivation - CIPHER_EC, //eliptic curve - CIPHER_ECDH, //eliptic curve -} cipher_t; - -typedef enum { - BLOCKMODE_NONE, - BLOCKMODE_EBC, // Electronic Codeblock, unsafe - BLOCKMODE_CBC, // Cipher Block Chaining - BLOCKMODE_CFB, // Cipher Feedback - BLOCKMODE_OFB, // Output Feedback - BLOCKMODE_CTR, // Counter (DES,AES) [RFC 3686] - BLOCKMODE_GCM, // Galois Counter Mode (AES) - BLOCKMODE_OCB, // Offest Codebook Mode (AES) - BLOCKMODE_CCM, // CBC-MAC Mode (AES) -} blockmode_t; - -typedef enum { - DIGEST_MD5, /**< Message digest algorithm MD5 */ - DIGEST_SHA1, /**< Message digest algorithm SHA1 */ - DIGEST_SHA224, /**< Message digest algorithm SHA2, 224bit */ - DIGEST_SHA256, /**< Message digest algorithm SHA2, 256bit */ - DIGEST_SHA384, /**< Message digest algorithm SHA2, 384bit */ - DIGEST_SHA512 /**< Message digest algorithm SHA2, 512bit */ -} digest_algo_t; - -typedef enum { - PADDING_NONE, // total number of data MUST multiple of block size - PADDING_ZEROS, // pad with zores - PADDING_ISO10126, - PADDING_ANSIX923, - PADDING_ANSIX931, // same as zero padding ? - PADDING_PKCS1, // RSA signature creation - PADDING_PKCS7, // Byte padding for symetric algos (RFC 5652), (PKCS5 padding is the same) -} padding_t; - -typedef enum { - KEYFORMAT_RAW, // key is clear from - KEYFORMAT_BASE64, // key is encoded in ASCII-base64 - KEYFORMAT_PEM, // key is in PEM file format - KEYFORMAT_DER, // key is in DER file format -} keyformat_t; - -typedef enum { - //common params - PARAM_DIGEST_ALGO, - PARAM_KEY, - PARAM_IV, // Initial Vector - PARAM_PADDING, - PARAM_BLOCKMODE, - //specific params - PARAM_CTR_CNT, // CTR Counter bits - PARAM_GCM_TAG, // GCM Tag bits - PARAM_GCM_ADD, // GCM Additional Authentication Data - PARAM_CCM_NONCE,// Nonce - PARAM_CCM_ADD, // Additional Authentication Data - PARAM_CCM_MAC, // MAC length in bytes -} param_t; - -typedef enum { - SIGN_CALC, - SIGN_VERIFY, -} sign_dir_t; - -//internal key info struct -typedef struct __crypt_key_info crypt_key_h; - -// cryptograohic module initialization (crypt_module_init must be first func) -int crypt_module_init(); -int crypt_module_exit(); - -// context init/reset -int crypt_init(crypt_key_h**, cipher_t); -int crypt_destroy(crypt_key_h *); - -//******************************************* -// various parameters, depends on used cipher -//******************************************* - -// optional parameters (research needed for what we need) -// note: internally it is stored as list of tag,length,value (TLV) -int crypt_setparam(crypt_key_h *, param_t p, const void *v, size_t len); -int crypt_getparam(crypt_key_h *, param_t p, void *v, size_t len); -//param_t : key, iv, padding method, block mode …. - -// set of functions for known parameters -int crypt_setparam_digest_algo(crypt_key_h *, const digest_algo_t algo); -int crypt_setparam_iv(crypt_key_h *, const void *iv, size_t len); -int crypt_setparam_padding(crypt_key_h *, padding_t v); -int crypt_setparam_blockmode(crypt_key_h *, blockmode_t v); -// Note: GCM concat message len, message, and ADD (3 update calls) -// (https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption) -int crypt_setparam_gcm_tag(crypt_key_h *, const void *tag, size_t len); -int crypt_setparam_gcm_aad(crypt_key_h *, const void *add, size_t len); - -int crypt_getparam_iv(crypt_key_h *, void *iv, size_t *len); -int crypt_getparam_gcm_tag(crypt_key_h *, void *tag, size_t len); - -//******************************************* -// top level (simple) interface -//******************************************* - -int crypt_import_key(crypt_key_h *key, keyformat_t format, void *blob, size_t size); -int crypt_export_key(crypt_key_h *key, keyformat_t format, void *blob, size_t size); - -// possible static predefined digests contexts like SHA1,SHA224,SHA256 -// digests (no key, default iv=) -int crypt_digest_calc(const digest_algo_t algo, const void *data, size_t len, void **digest, size_t *digest_len); - -// encryptions (key is mandatory, default iv=), symmetric or asymetric -int crypt_encrypt(crypt_key_h *key, const void *data, size_t len, void **enc_data, size_t * enc_len); -int crypt_decrypt(crypt_key_h *key, const void *enc_data, size_t enc_len, void **data, size_t * len); - -// message authentication (key is mandatory, padding method, default iv=) -// note: this is, in fact, the same as diggest with key set up -int crypt_sign_verify(crypt_key_h *key, const void *data, size_t len, const void *mac, size_t mac_len); -int crypt_sign_calc(crypt_key_h *key, const void *data, size_t len, void **mac, size_t mac_len); - -// deallocete memory allocated by crypto library -int crypto_free(void *buf); - -// seal creates symkey (with set param iv, ivlen) -int crypt_seal(crypt_key_h *pubkey, crypt_key_h *symkey, const void *data, size_t len, void **enc_data, size_t *enc_len); -// open uses symkey taken from seal -int crypt_open(crypt_key_h *prvkey, crypt_key_h *symkey, const void *enc_data, size_t enc_len, void **data, size_t *len); - - -//******************************************* -// low level (advanced) interface -//******************************************* - -//key material generation (depends on context cipher) -// key - store generated key bytes -//implememtation: -// read byte sequence from /dev/urandom, until got not trivial key -int crypt_generate_key(crypt_key_h *key, size_t key_len); -// keypub = (n,e) keyprv = (n,d) -// where n is modulus, e is public key exponents, d is private key exponent -int crypt_generate_pkey(crypt_key_h *pub, crypt_key_h *priv, size_t key_len); - -int crypt_digest_update(crypt_key_h *dig, const void *data, size_t len); -int crypt_digest_final(crypt_key_h *dig, void **digest, size_t *digest_len); - -int crypt_encrypt_update(crypt_key_h *key, const void *indata, size_t inlen, void **outdata, size_t *outlen); -int crypt_encrypt_final(crypt_key_h *key, void **outdata, size_t *outlen); - -int crypt_decrypt_update(crypt_key_h *key, const void *indata, size_t inlen, void **outdata, size_t *outlen); -int crypt_decrypt_final(crypt_key_h *key, void **outdata, size_t *outlen); - -int crypt_sign_init(crypt_key_h *key, sign_dir_t); -int crypt_sign_update(crypt_key_h *key, const void *data, size_t len); -int crypt_sign_final(crypt_key_h *key, void **mac, size_t *mac_len); - -int crypt_derive_key(crypt_key_h *dk, crypt_key_h *key); - -int crypt_derive_pkey(crypt_key_h *dk, crypt_key_h *key); - -#ifdef __cplusplus -} -#endif - diff --git a/crypto_final.h b/crypto_final.h deleted file mode 100644 index dfa4db1..0000000 --- a/crypto_final.h +++ /dev/null @@ -1,8 +0,0 @@ -#ifndef CRYPTO_FINAL_H -#define CRYPTO_FINAL_H - -// TODO: discussion about params -// A: digest_init etc are helpers, -// internally they use crypto_init + set param -/// -#endif // CRYPTO_FINAL_H diff --git a/evp-key-gen.c b/evp-key-gen.c deleted file mode 100644 index b516e0a..0000000 --- a/evp-key-gen.c +++ /dev/null @@ -1,47 +0,0 @@ - -void RSA_gen() { - EVP_PKEY_CTX *ctx; - EVP_PKEY *pkey = NULL; - ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); - // or ctx from param (wchich is set before) - // ctx = EVP_PKEY_CTX_new(param); - if (!ctx) - /* Error occurred */ - if (EVP_PKEY_keygen_init(ctx) <= 0) - /* Error */ - if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) - /* Error */ - - /* Generate key */ - if (EVP_PKEY_keygen(ctx, &pkey) <= 0) - /* Error */ -} - -void DH_gen() { - /* Use built-in parameters */ - if(NULL == (params = EVP_PKEY_new())) handleErrors(); - if(1 != EVP_PKEY_set1_DH(params,DH_get_2048_256())) handleErrors(); - - /* Create context for the key generation */ - if(!(kctx = EVP_PKEY_CTX_new(params, NULL))) handleErrors(); - - /* Generate a new key */ - if(1 != EVP_PKEY_keygen_init(kctx)) handleErrors(); - if(1 != EVP_PKEY_keygen(kctx, &dhkey)) handleErrors(); -}; - - -void DH_key_exchange() { - //1. create DH public params (generator: 2 or 5, numbits) - - //2. each user uses public params to create their own key_pair (pub+prv) - // e.g. dhkey1 for user1 and dhkey2 for user2 - - //3. the users must exchange their public keys (user1_pub,user2_pub) - - //4. after exchanging public keys users can derive shared secret keya (symetric) - //shared_key = dh_derive(user1_pub, user2_prv); //shared key derived by user1 - //shared_key = dh_derive(user2_pub, user1_prv); //shared key derived by user2 - - shared_len = DH_compute_key(shared_key, pubkey, privkey) -} -- 2.7.4