From c74009102692e8ef59f70de4c49917efbd387c16 Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Wed, 4 May 2016 13:36:27 +0200 Subject: [PATCH] Removal of yaca_key_gen_pair() and its enum values You can achieve the same now with yaca_key_gen() and yaca_key_extract_public() if/when the latter is needed. Change-Id: I5f47ed118e283b4d868f000108900f377b1260df --- api/yaca/key.h | 20 +------- api/yaca/types.h | 6 --- examples/key_exchange.c | 14 ++++-- examples/key_import_export.c | 6 ++- examples/seal.c | 10 ++-- examples/sign.c | 5 +- src/key.c | 113 ------------------------------------------- todo.txt | 1 - 8 files changed, 28 insertions(+), 147 deletions(-) diff --git a/api/yaca/key.h b/api/yaca/key.h index e1126a6..0ffc8cf 100644 --- a/api/yaca/key.h +++ b/api/yaca/key.h @@ -122,7 +122,7 @@ int yaca_key_export(const yaca_key_h key, * @param[in] key_bits Length of the key (in bits) to be generated. * * @return 0 on success, negative on error. - * @see #yaca_key_type_e, #yaca_key_bits_e, yaca_key_gen_pair(), yaca_key_free() + * @see #yaca_key_type_e, #yaca_key_bits_e, yaca_key_free() */ int yaca_key_gen(yaca_key_h *key, yaca_key_type_e key_type, @@ -140,27 +140,11 @@ int yaca_key_gen(yaca_key_h *key, int yaca_key_extract_public(const yaca_key_h prv_key, yaca_key_h *pub_key); /** - * @brief yaca_key_gen_pair Generates a new key pair. - * - * @param[out] prv_key Newly generated private key (must be freed with yaca_key_free()). - * @param[out] pub_key Newly generated public key (must be freed with yaca_key_free()). - * @param[in] key_type Type of the key to be generated (must be YACA_KEY_TYPE_PAIR*). - * @param[in] key_bits Length of the key (in bits) to be generated. - * - * @return 0 on success, negative on error. - * @see #yaca_key_type_e, #yaca_key_bits_e, yaca_key_gen(), yaca_key_free() - */ -int yaca_key_gen_pair(yaca_key_h *prv_key, - yaca_key_h *pub_key, - yaca_key_type_e key_type, - size_t key_bits); - -/** * @brief yaca_key_free Frees the key created by the library. * Passing YACA_KEY_NULL is allowed. * * @param key Key to be freed. - * @see yaca_key_import(), yaca_key_export(), yaca_key_gen(), yaca_key_gen_pair() + * @see yaca_key_import(), yaca_key_export(), yaca_key_gen() * */ void yaca_key_free(yaca_key_h key); diff --git a/api/yaca/types.h b/api/yaca/types.h index c467121..ea9b2bd 100644 --- a/api/yaca/types.h +++ b/api/yaca/types.h @@ -87,12 +87,6 @@ typedef enum { // TODO: ECDH might not exist as a separate key type, remove? YACA_KEY_TYPE_ECDH_PUB, /**< Elliptic Curve Diffie-Hellman public key */ YACA_KEY_TYPE_ECDH_PRIV, /**< Elliptic Curve Diffie-Hellman private key */ - - YACA_KEY_TYPE_PAIR_RSA, /**< Pair of RSA keys */ - YACA_KEY_TYPE_PAIR_DSA, /**< Pair of DSA keys */ - YACA_KEY_TYPE_PAIR_DH, /**< Pair of DH keys */ - YACA_KEY_TYPE_PAIR_ECDSA, /**< Pair of ECDSA keys */ - YACA_KEY_TYPE_PAIR_ECDH /**< Pair of ECDH keys */ } yaca_key_type_e; /** diff --git a/examples/key_exchange.c b/examples/key_exchange.c index 9192679..b3e4f05 100644 --- a/examples/key_exchange.c +++ b/examples/key_exchange.c @@ -43,9 +43,11 @@ void key_exchange_dh(void) long size; // generate private, public key - // add KEY_TYPE_PAIR_DH or use KEY_TYPE_PAIR_ECC and proper len? - // imo add KEY_TYPE_PAIR_DH - ret = yaca_key_gen_pair(&private_key, &public_key, YACA_KEY_TYPE_PAIR_DH, YACA_KEY_2048BIT); + ret = yaca_key_gen(&private_key, YACA_KEY_TYPE_DH_PRIV, YACA_KEY_2048BIT); + if (ret < 0) + goto clean; + + ret = yaca_key_extract_public(private_key, &public_key); if (ret < 0) goto clean; @@ -101,7 +103,11 @@ void key_exchange_ecdh(void) long size; // generate private, public key - ret = yaca_key_gen_pair(&private_key, &public_key, YACA_KEY_TYPE_PAIR_ECDH, YACA_KEY_CURVE_P256); + ret = yaca_key_gen(&private_key, YACA_KEY_TYPE_ECDH_PRIV, YACA_KEY_CURVE_P256); + if (ret < 0) + goto clean; + + ret = yaca_key_extract_public(private_key, &public_key); if (ret < 0) goto clean; diff --git a/examples/key_import_export.c b/examples/key_import_export.c index fba4664..02fb4ab 100644 --- a/examples/key_import_export.c +++ b/examples/key_import_export.c @@ -213,7 +213,11 @@ int main() if (ret != 0) goto exit; - ret = yaca_key_gen_pair(&rsa_priv, &rsa_pub, YACA_KEY_TYPE_PAIR_RSA, YACA_KEY_1024BIT); + ret = yaca_key_gen(&rsa_priv, YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_1024BIT); + if (ret != 0) + goto free_sym; + + ret = yaca_key_extract_public(rsa_priv, &rsa_pub); if (ret != 0) goto free_sym; diff --git a/examples/seal.c b/examples/seal.c index a631c91..c75b721 100644 --- a/examples/seal.c +++ b/examples/seal.c @@ -54,13 +54,16 @@ void encrypt_seal(void) printf("Plain data (16 of %zu bytes): %.16s\n", LOREM4096_SIZE, lorem4096); /* Generate key pair */ - if (yaca_key_gen_pair(&key_priv, &key_pub, YACA_KEY_TYPE_PAIR_RSA, YACA_KEY_4096BIT) != 0) + if (yaca_key_gen(&key_priv, YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_4096BIT) != 0) return; + if (yaca_key_extract_public(key_priv, &key_pub) != 0) + goto ex_prvk; + /* Encrypt a.k.a. seal */ { if (yaca_seal_init(&ctx, key_pub, algo, bcm, key_bits, &aes_key, &iv) != 0) - goto ex_pk; + goto ex_pubk; if ((block_len = yaca_get_block_length(ctx)) <= 0) goto ex_ak; @@ -128,8 +131,9 @@ ex_ak: yaca_ctx_free(ctx); yaca_key_free(aes_key); yaca_key_free(iv); -ex_pk: +ex_pubk: yaca_key_free(key_pub); +ex_prvk: yaca_key_free(key_priv); } diff --git a/examples/sign.c b/examples/sign.c index 58b921f..84d5574 100644 --- a/examples/sign.c +++ b/examples/sign.c @@ -46,9 +46,12 @@ void sign_verify_rsa(void) #endif // GENERATE - if (yaca_key_gen_pair(&prv, &pub, YACA_KEY_TYPE_PAIR_RSA, YACA_KEY_4096BIT) != 0) + if (yaca_key_gen(&prv, YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_4096BIT) != 0) return; + if (yaca_key_extract_public(prv, &pub) != 0) + goto finish; + // SIGN if (yaca_sign_init(&ctx, YACA_DIGEST_SHA512, prv) != 0) goto finish; diff --git a/src/key.c b/src/key.c index 2ba3fe9..de2b48e 100644 --- a/src/key.c +++ b/src/key.c @@ -855,119 +855,6 @@ free_key: return ret; } -API int yaca_key_gen_pair(yaca_key_h *prv_key, - yaca_key_h *pub_key, - yaca_key_type_e key_type, - size_t key_bits) -{ - int ret; - struct yaca_key_evp_s *nk_prv = NULL; - struct yaca_key_evp_s *nk_pub = NULL; - RSA *rsa = NULL; - BIGNUM *bne = NULL; - - if (prv_key == NULL || pub_key == NULL) - return YACA_ERROR_INVALID_ARGUMENT; - - if (key_type != YACA_KEY_TYPE_PAIR_RSA) - return YACA_ERROR_NOT_IMPLEMENTED; - - nk_prv = yaca_zalloc(sizeof(struct yaca_key_evp_s)); - if (nk_prv == NULL) - return YACA_ERROR_OUT_OF_MEMORY; - - nk_pub = yaca_zalloc(sizeof(struct yaca_key_evp_s)); - if (nk_pub == NULL) { - ret = YACA_ERROR_OUT_OF_MEMORY; - goto free_prv; - } - - // TODO: this NEEDS random number generator initialized - // there is some other TODO elsewhere about it - - bne = BN_new(); - if (bne == NULL) { - ret = YACA_ERROR_OUT_OF_MEMORY; - ERROR_DUMP(ret); - goto free_pub; - } - - ret = BN_set_word(bne, RSA_F4); - if (ret != 1) { - ret = YACA_ERROR_INTERNAL; - ERROR_DUMP(ret); - goto free_bne; - } - - rsa = RSA_new(); - if (rsa == NULL) { - ret = YACA_ERROR_OUT_OF_MEMORY; - ERROR_DUMP(ret); - goto free_bne; - } - - ret = RSA_generate_key_ex(rsa, key_bits, bne, NULL); - if (ret != 1) { - ret = YACA_ERROR_INTERNAL; - ERROR_DUMP(ret); - goto free_rsa; - } - - nk_prv->evp = EVP_PKEY_new(); - if (nk_prv->evp == NULL) { - ret = YACA_ERROR_OUT_OF_MEMORY; - ERROR_DUMP(ret); - goto free_rsa; - } - - nk_pub->evp = EVP_PKEY_new(); - if (nk_prv->evp == NULL) { - ret = YACA_ERROR_OUT_OF_MEMORY; - ERROR_DUMP(ret); - goto free_evp_prv; - } - - ret = EVP_PKEY_assign_RSA(nk_prv->evp, RSAPrivateKey_dup(rsa)); - if (ret != 1) { - ret = YACA_ERROR_INTERNAL; - ERROR_DUMP(ret); - goto free_evp_pub; - } - - ret = EVP_PKEY_assign_RSA(nk_pub->evp, RSAPublicKey_dup(rsa)); - if (ret != 1) { - ret = YACA_ERROR_INTERNAL; - ERROR_DUMP(ret); - goto free_evp_pub; - } - - *prv_key = (yaca_key_h)nk_prv; - (*prv_key)->type = YACA_KEY_TYPE_RSA_PRIV; - *pub_key = (yaca_key_h)nk_pub; - (*pub_key)->type = YACA_KEY_TYPE_RSA_PUB; - - ret = 0; - -free_evp_pub: - if (ret != 0) - EVP_PKEY_free(nk_pub->evp); -free_evp_prv: - if (ret != 0) - EVP_PKEY_free(nk_prv->evp); -free_rsa: - RSA_free(rsa); -free_bne: - BN_free(bne); -free_pub: - if (ret != 0) - yaca_free(nk_pub); -free_prv: - if (ret != 0) - yaca_free(nk_prv); - - return ret; -} - API void yaca_key_free(yaca_key_h key) { struct yaca_key_simple_s *simple_key = key_get_simple(key); diff --git a/todo.txt b/todo.txt index b2e5846..a13943d 100644 --- a/todo.txt +++ b/todo.txt @@ -2,4 +2,3 @@ Global: - Rethink and possibly add verification of output buffer lengths. In other words check whether the user won't cause a buffer overflow. - Importing/exporting encrypted (passphrased) RSA keys -- What about importing RSA priv and generating PUB from it? -- 2.7.4