From b1d8262b9bfccf75c48c3d8984d58ad72619e9a9 Mon Sep 17 00:00:00 2001 From: Dariusz Michaluk Date: Mon, 3 Oct 2016 18:04:57 +0200 Subject: [PATCH 01/16] Simplify and unify examples. Change-Id: I6f6f7997c3c04af686b4ec0202cde3027d630e9f --- examples/CMakeLists.txt | 25 ++- examples/digest.c | 53 ++--- examples/digest_simple.c | 61 ++++++ examples/encrypt.c | 211 +++++++----------- examples/encrypt_aes_gcm_ccm.c | 335 ----------------------------- examples/encrypt_ccm.c | 225 ++++++++++++++++++++ examples/encrypt_gcm.c | 214 +++++++++++++++++++ examples/encrypt_simple.c | 102 +++++++++ examples/key_exchange.c | 167 ++++----------- examples/key_gen.c | 80 ++----- examples/key_import_export.c | 321 ---------------------------- examples/key_import_export_asym.c | 114 ++++++++++ examples/key_import_export_sym.c | 108 ++++++++++ examples/key_password.c | 103 +++++---- examples/key_wrap.c | 164 ++++---------- examples/lorem.c | 37 ---- examples/lorem.h | 45 ---- examples/misc.c | 102 ++------- examples/misc.h | 9 +- examples/rsa.c | 150 ------------- examples/rsa_private.c | 94 ++++++++ examples/rsa_public.c | 100 +++++++++ examples/seal.c | 437 +++++++------------------------------- examples/sign.c | 408 ++++++++--------------------------- examples/sign_hmac.c | 132 ++++++++++++ examples/sign_simple.c | 90 ++++++++ examples/sign_simple_cmac.c | 90 ++++++++ examples/x509.crt | 21 -- examples/x509.key | 28 --- 29 files changed, 1764 insertions(+), 2262 deletions(-) create mode 100644 examples/digest_simple.c delete mode 100644 examples/encrypt_aes_gcm_ccm.c create mode 100644 examples/encrypt_ccm.c create mode 100644 examples/encrypt_gcm.c create mode 100644 examples/encrypt_simple.c delete mode 100644 examples/key_import_export.c create mode 100644 examples/key_import_export_asym.c create mode 100644 examples/key_import_export_sym.c delete mode 100644 examples/lorem.c delete mode 100644 examples/lorem.h delete mode 100644 examples/rsa.c create mode 100644 examples/rsa_private.c create mode 100644 examples/rsa_public.c create mode 100644 examples/sign_hmac.c create mode 100644 examples/sign_simple.c create mode 100644 examples/sign_simple_cmac.c delete mode 100644 examples/x509.crt delete mode 100644 examples/x509.key diff --git a/examples/CMakeLists.txt b/examples/CMakeLists.txt index bfb7a09..a71dc0c 100644 --- a/examples/CMakeLists.txt +++ b/examples/CMakeLists.txt @@ -22,8 +22,7 @@ INCLUDE_DIRECTORIES(${API_FOLDER}) -SET(COMMON_SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/lorem.c - ${CMAKE_CURRENT_SOURCE_DIR}/misc.c) +SET(COMMON_SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/misc.c) FUNCTION(BUILD_EXAMPLE EXAMPLE_NAME SOURCE_FILE) ADD_EXECUTABLE(${EXAMPLE_NAME} @@ -44,16 +43,24 @@ FUNCTION(BUILD_EXAMPLE EXAMPLE_NAME SOURCE_FILE) ENDFUNCTION(BUILD_EXAMPLE) BUILD_EXAMPLE("yaca-example-digest" digest.c) +BUILD_EXAMPLE("yaca-example-digest-simple" digest_simple.c) BUILD_EXAMPLE("yaca-example-encrypt" encrypt.c) -BUILD_EXAMPLE("yaca-example-seal" seal.c) -BUILD_EXAMPLE("yaca-example-encrypt-gcm-ccm" encrypt_aes_gcm_ccm.c) -BUILD_EXAMPLE("yaca-example-sign" sign.c) +BUILD_EXAMPLE("yaca-example-encrypt-gcm" encrypt_gcm.c) +BUILD_EXAMPLE("yaca-example-encrypt-ccm" encrypt_ccm.c) +BUILD_EXAMPLE("yaca-example-encrypt-simple" encrypt_simple.c) +BUILD_EXAMPLE("yaca-example-key-wrap" key_wrap.c) BUILD_EXAMPLE("yaca-example-key-gen" key_gen.c) -BUILD_EXAMPLE("yaca-example-key-exchange" key_exchange.c) -BUILD_EXAMPLE("yaca-example-key-impexp" key_import_export.c) BUILD_EXAMPLE("yaca-example-key-password" key_password.c) -BUILD_EXAMPLE("yaca-example-key-wrap" key_wrap.c) -BUILD_EXAMPLE("yaca-example-rsa" rsa.c) +BUILD_EXAMPLE("yaca-example-key-exchange" key_exchange.c) +BUILD_EXAMPLE("yaca-example-key-impexp-sym" key_import_export_sym.c) +BUILD_EXAMPLE("yaca-example-key-impexp-asym" key_import_export_asym.c) +BUILD_EXAMPLE("yaca-example-rsa-private" rsa_private.c) +BUILD_EXAMPLE("yaca-example-rsa-public" rsa_public.c) +BUILD_EXAMPLE("yaca-example-seal" seal.c) +BUILD_EXAMPLE("yaca-example-sign" sign.c) +BUILD_EXAMPLE("yaca-example-sign-hmac" sign_hmac.c) +BUILD_EXAMPLE("yaca-example-sign-simple" sign_simple.c) +BUILD_EXAMPLE("yaca-example-sign-simple-cmac" sign_simple_cmac.c) INSTALL(FILES ${COMMON_SOURCES} DESTINATION ${EXAMPLES_DIR}) diff --git a/examples/digest.c b/examples/digest.c index 582323e..f37f128 100644 --- a/examples/digest.c +++ b/examples/digest.c @@ -18,76 +18,61 @@ /** * @file digest.c - * @brief + * @brief Message Digest API example. */ +//! [Message Digest API example] +#include + #include #include -#include #include -#include "lorem.h" +/* include helpers functions and definitions */ #include "misc.h" -void digest_simple(void) +int main() { - int ret = YACA_ERROR_NONE; - char *digest; - size_t digest_len; + int ret; + yaca_context_h ctx = YACA_CONTEXT_NULL; - ret = yaca_simple_calculate_digest(YACA_DIGEST_SHA256, - lorem1024, - 1024, &digest, &digest_len); + ret = yaca_initialize(); if (ret != YACA_ERROR_NONE) - return; - - dump_hex(digest, digest_len, "Message digest: "); - - yaca_free(digest); -} + goto exit; -void digest_advanced(void) -{ - int ret = YACA_ERROR_NONE; - yaca_context_h ctx; + printf("Plain data (16 of %zu bytes): %.16s\n", INPUT_DATA_SIZE, INPUT_DATA); + /* Initialize digest context */ ret = yaca_digest_initialize(&ctx, YACA_DIGEST_SHA256); if (ret != YACA_ERROR_NONE) - return; + goto exit; - ret = yaca_digest_update(ctx, lorem1024, 1024); + /* Feeds the message */ + ret = yaca_digest_update(ctx, INPUT_DATA, INPUT_DATA_SIZE); if (ret != YACA_ERROR_NONE) goto exit; + /* Get digest length */ size_t digest_len; ret = yaca_context_get_output_length(ctx, 0, &digest_len); if (ret != YACA_ERROR_NONE) goto exit; + /* Calculate digest */ { char digest[digest_len]; - ret = yaca_digest_finalize(ctx, digest, &digest_len); if (ret != YACA_ERROR_NONE) goto exit; + /* display digest in hexadecimal format */ dump_hex(digest, digest_len, "Message digest: "); } exit: yaca_context_destroy(ctx); -} - -int main() -{ - int ret = yaca_initialize(); - if (ret != YACA_ERROR_NONE) - return ret; - - digest_simple(); - - digest_advanced(); yaca_cleanup(); return ret; } +//! [Message Digest API example] diff --git a/examples/digest_simple.c b/examples/digest_simple.c new file mode 100644 index 0000000..083d537 --- /dev/null +++ b/examples/digest_simple.c @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Krzysztof Jackiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file digest_simple.c + * @brief Simple Message Digest API example. + */ + +//! [Simple Message Digest API example] +#include + +#include +#include +#include + +/* include helpers functions and definitions */ +#include "misc.h" + +int main() +{ + int ret; + char *digest = NULL; + size_t digest_len; + + ret = yaca_initialize(); + if (ret != YACA_ERROR_NONE) + goto exit; + + printf("Plain data (16 of %zu bytes): %.16s\n", INPUT_DATA_SIZE, INPUT_DATA); + + /* Calculate digest */ + ret = yaca_simple_calculate_digest(YACA_DIGEST_SHA256, INPUT_DATA, INPUT_DATA_SIZE, + &digest, &digest_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* display digest in hexadecimal format */ + dump_hex(digest, digest_len, "Message digest: "); + +exit: + yaca_free(digest); + + yaca_cleanup(); + return ret; +} +//! [Simple Message Digest API example] diff --git a/examples/encrypt.c b/examples/encrypt.c index f152588..a72c3b0 100644 --- a/examples/encrypt.c +++ b/examples/encrypt.c @@ -18,123 +18,95 @@ /** * @file encrypt.c - * @brief + * @brief Encrypt API example. */ +//! [Encrypt API example] #include #include -#include #include #include #include -#include "lorem.h" +/* include helpers functions and definitions */ #include "misc.h" -void encrypt_simple(const yaca_encrypt_algorithm_e algo, - const yaca_block_cipher_mode_e bcm, - const size_t key_bit_len) -{ - yaca_key_h key = YACA_KEY_NULL; - yaca_key_h iv = YACA_KEY_NULL; - - char *enc = NULL; - char *dec = NULL; - size_t enc_len; - size_t dec_len; - size_t iv_bit_len; - - printf("Plain data (16 of %zu bytes): %.16s\n", LOREM4096_SIZE, lorem4096); - - /* Key generation */ - if (yaca_key_derive_pbkdf2("foo bar", "123456789", 10, 1000, - YACA_DIGEST_SHA256, key_bit_len, &key) != YACA_ERROR_NONE) - return; - - if (yaca_encrypt_get_iv_bit_length(algo, bcm, key_bit_len, &iv_bit_len) != YACA_ERROR_NONE) - goto exit; - - if (iv_bit_len > 0 && yaca_key_generate(YACA_KEY_TYPE_IV, iv_bit_len, &iv) != YACA_ERROR_NONE) - goto exit; - - if (yaca_simple_encrypt(algo, bcm, key, iv, lorem4096, LOREM4096_SIZE, &enc, &enc_len) != YACA_ERROR_NONE) - goto exit; - - dump_hex(enc, 16, "Encrypted data (16 of %zu bytes): ", enc_len); - - if (yaca_simple_decrypt(algo, bcm, key, iv, enc, enc_len, &dec, &dec_len) != YACA_ERROR_NONE) - goto exit; - - printf("Decrypted data (16 of %zu bytes): %.16s\n\n", dec_len, dec); - -exit: - yaca_free(enc); - yaca_free(dec); - yaca_key_destroy(iv); - yaca_key_destroy(key); -} - -void encrypt_advanced(const yaca_encrypt_algorithm_e algo, - const yaca_block_cipher_mode_e bcm, - const yaca_key_type_e key_type, - const size_t key_bit_len) +int main() { + int ret; yaca_context_h ctx = YACA_CONTEXT_NULL; yaca_key_h key = YACA_KEY_NULL; yaca_key_h iv = YACA_KEY_NULL; - size_t iv_bit_len; - char *enc = NULL; - char *dec = NULL; - size_t enc_len; - size_t dec_len; + char *encrypted = NULL; + char *decrypted = NULL; + size_t encrypted_len; + size_t decrypted_len; size_t block_len; size_t output_len; size_t written_len; - printf("Plain data (16 of %zu bytes): %.16s\n", LOREM4096_SIZE, lorem4096); + ret = yaca_initialize(); + if (ret != YACA_ERROR_NONE) + goto exit; + + printf("Plain data (16 of %zu bytes): %.16s\n", INPUT_DATA_SIZE, INPUT_DATA); /* Key generation */ - if (yaca_key_generate(key_type, key_bit_len, &key) != YACA_ERROR_NONE) - return; - - if (yaca_encrypt_get_iv_bit_length(algo, bcm, key_bit_len, &iv_bit_len) != YACA_ERROR_NONE) + ret = yaca_key_generate(YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_LENGTH_256BIT, &key); + if (ret != YACA_ERROR_NONE) goto exit; - if (iv_bit_len > 0 && yaca_key_generate(YACA_KEY_TYPE_IV, iv_bit_len, &iv) != YACA_ERROR_NONE) + /* IV generation */ + ret = yaca_key_generate(YACA_KEY_TYPE_IV, YACA_KEY_LENGTH_IV_128BIT, &iv); + if (ret != YACA_ERROR_NONE) goto exit; /* Encryption */ { - if (yaca_encrypt_initialize(&ctx, algo, bcm, key, iv) != YACA_ERROR_NONE) + /* Initialize encryption context */ + ret = yaca_encrypt_initialize(&ctx, YACA_ENCRYPT_AES, YACA_BCM_CBC, key, iv); + if (ret != YACA_ERROR_NONE) goto exit; - /* For the update */ - if (yaca_context_get_output_length(ctx, LOREM4096_SIZE, &output_len) != YACA_ERROR_NONE) + /* Get output length for the update */ + ret = yaca_context_get_output_length(ctx, INPUT_DATA_SIZE, &output_len); + if (ret != YACA_ERROR_NONE) goto exit; - /* For the finalize */ - if (yaca_context_get_output_length(ctx, 0, &block_len) != YACA_ERROR_NONE) + /* Get output length for the finalize */ + ret = yaca_context_get_output_length(ctx, 0, &block_len); + if (ret != YACA_ERROR_NONE) goto exit; - /* Calculate max output: size of update + final chunks */ - enc_len = output_len + block_len; - if (yaca_malloc(enc_len, (void**)&enc) != YACA_ERROR_NONE) + /* Calculate max output length and allocate memory */ + encrypted_len = output_len + block_len; + ret = yaca_zalloc(encrypted_len, (void**)&encrypted); + if (ret != YACA_ERROR_NONE) goto exit; - if (yaca_encrypt_update(ctx, lorem4096, LOREM4096_SIZE, enc, &written_len) != YACA_ERROR_NONE) + /* Encrypt data */ + ret = yaca_encrypt_update(ctx, INPUT_DATA, INPUT_DATA_SIZE, encrypted, &written_len); + if (ret != YACA_ERROR_NONE) goto exit; - enc_len = written_len; + encrypted_len = written_len; - if (yaca_encrypt_finalize(ctx, enc + written_len, &written_len) != YACA_ERROR_NONE) + ret = yaca_encrypt_finalize(ctx, encrypted + encrypted_len, &written_len); + if (ret != YACA_ERROR_NONE) goto exit; - enc_len += written_len; + encrypted_len += written_len; + + /* Resize output buffer */ + ret = yaca_realloc(encrypted_len, (void**)&encrypted); + if (ret != YACA_ERROR_NONE) + goto exit; - dump_hex(enc, 16, "Encrypted data (16 of %zu bytes): ", enc_len); + /* display encrypted data in hexadecimal format */ + dump_hex(encrypted, 16, "Encrypted data (16 of %zu bytes): ", encrypted_len); yaca_context_destroy(ctx); ctx = YACA_CONTEXT_NULL; @@ -142,89 +114,56 @@ void encrypt_advanced(const yaca_encrypt_algorithm_e algo, /* Decryption */ { - if (yaca_decrypt_initialize(&ctx, algo, bcm, key, iv) != YACA_ERROR_NONE) + /* Initialize decryption context */ + ret = yaca_decrypt_initialize(&ctx, YACA_ENCRYPT_AES, YACA_BCM_CBC, key, iv); + if (ret != YACA_ERROR_NONE) goto exit; - /* For the update */ - if (yaca_context_get_output_length(ctx, enc_len, &output_len) != YACA_ERROR_NONE) + /* Get output length for the update */ + ret = yaca_context_get_output_length(ctx, encrypted_len, &output_len); + if (ret != YACA_ERROR_NONE) goto exit; - /* For the finalize */ - if (yaca_context_get_output_length(ctx, 0, &block_len) != YACA_ERROR_NONE) + /* Get output length for the finalize */ + ret = yaca_context_get_output_length(ctx, 0, &block_len); + if (ret != YACA_ERROR_NONE) goto exit; - /* Calculate max output: size of update + final chunks */ - dec_len = output_len + block_len; - if (yaca_malloc(dec_len, (void**)&dec) != YACA_ERROR_NONE) + /* Calculate max output length and allocate memory */ + decrypted_len = output_len + block_len; + ret = yaca_zalloc(decrypted_len, (void**)&decrypted); + if (ret != YACA_ERROR_NONE) goto exit; - if (yaca_decrypt_update(ctx, enc, enc_len, dec, &written_len) != YACA_ERROR_NONE) + /* Decrypt data */ + ret = yaca_decrypt_update(ctx, encrypted, encrypted_len, decrypted, &written_len); + if (ret != YACA_ERROR_NONE) goto exit; - dec_len = written_len; + decrypted_len = written_len; - if (yaca_decrypt_finalize(ctx, dec + written_len, &written_len) != YACA_ERROR_NONE) + ret = yaca_decrypt_finalize(ctx, decrypted + decrypted_len, &written_len); + if (ret != YACA_ERROR_NONE) goto exit; - dec_len += written_len; + decrypted_len += written_len; - printf("Decrypted data (16 of %zu bytes): %.16s\n\n", dec_len, dec); + /* Resize output buffer */ + ret = yaca_realloc(decrypted_len, (void**)&decrypted); + if (ret != YACA_ERROR_NONE) + goto exit; + + printf("Decrypted data (16 of %zu bytes): %.16s\n\n", decrypted_len, decrypted); } exit: - yaca_free(dec); - yaca_free(enc); + yaca_free(decrypted); + yaca_free(encrypted); yaca_context_destroy(ctx); yaca_key_destroy(iv); yaca_key_destroy(key); -} - -int main() -{ - int ret = yaca_initialize(); - if (ret != YACA_ERROR_NONE) - return ret; - - yaca_encrypt_algorithm_e algo = YACA_ENCRYPT_AES; - yaca_block_cipher_mode_e bcm = YACA_BCM_ECB; - yaca_key_type_e key_type = YACA_KEY_TYPE_SYMMETRIC; - size_t key_bit_len = YACA_KEY_LENGTH_256BIT; - - encrypt_simple(algo, bcm, key_bit_len); - encrypt_advanced(algo, bcm, key_type, key_bit_len); - - algo = YACA_ENCRYPT_3DES_3TDEA; - bcm = YACA_BCM_OFB; - key_type = YACA_KEY_TYPE_DES; - key_bit_len = YACA_KEY_LENGTH_192BIT; - - encrypt_advanced(algo, bcm, key_type, key_bit_len); - - algo = YACA_ENCRYPT_CAST5; - bcm = YACA_BCM_CFB; - key_type = YACA_KEY_TYPE_SYMMETRIC; - key_bit_len = YACA_KEY_LENGTH_UNSAFE_40BIT; - - encrypt_simple(algo, bcm, key_bit_len); - encrypt_advanced(algo, bcm, key_type, key_bit_len); - - algo = YACA_ENCRYPT_UNSAFE_RC2; - bcm = YACA_BCM_CBC; - key_type = YACA_KEY_TYPE_SYMMETRIC; - key_bit_len = YACA_KEY_LENGTH_UNSAFE_8BIT; - - encrypt_simple(algo, bcm, key_bit_len); - encrypt_advanced(algo, bcm, key_type, key_bit_len); - - algo = YACA_ENCRYPT_UNSAFE_RC4; - bcm = YACA_BCM_NONE; - key_type = YACA_KEY_TYPE_SYMMETRIC; - key_bit_len = YACA_KEY_LENGTH_2048BIT; - - encrypt_simple(algo, bcm, key_bit_len); - encrypt_advanced(algo, bcm, key_type, key_bit_len); yaca_cleanup(); - return ret; } +//! [Encrypt API example] diff --git a/examples/encrypt_aes_gcm_ccm.c b/examples/encrypt_aes_gcm_ccm.c deleted file mode 100644 index 05f2cfd..0000000 --- a/examples/encrypt_aes_gcm_ccm.c +++ /dev/null @@ -1,335 +0,0 @@ -/* - * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Krzysztof Jackiewicz - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -/** - * @file encrypt_aes_gcm_ccm.c - * @brief - */ - -#include - -#include -#include -#include -#include - -#include "lorem.h" -#include "misc.h" - -void encrypt_decrypt_aes_gcm(void) -{ - yaca_encrypt_algorithm_e algo = YACA_ENCRYPT_AES; - yaca_block_cipher_mode_e bcm = YACA_BCM_GCM; - yaca_key_type_e key_type = YACA_KEY_TYPE_SYMMETRIC; - size_t key_bit_len = YACA_KEY_LENGTH_256BIT; - size_t iv_bit_len = YACA_KEY_LENGTH_IV_128BIT; - - yaca_context_h ctx = YACA_CONTEXT_NULL; - yaca_key_h key = YACA_KEY_NULL; - yaca_key_h iv = YACA_KEY_NULL; - - char *enc = NULL; - char *dec = NULL; - size_t enc_len; - size_t dec_len; - - char *aad = NULL; - char *tag = NULL; - size_t aad_len = 16; - size_t tag_len = 16; - - size_t block_len; - size_t output_len; - size_t written_len; - - printf("AES GCM 256bit key encryption/decryption\n"); - printf("Plain data (16 of %zu bytes): %.16s\n", LOREM4096_SIZE, lorem4096); - - /* Key generation */ - if (yaca_key_generate(key_type, key_bit_len, &key) != YACA_ERROR_NONE) - return; - - /* IV generation */ - if (yaca_key_generate(YACA_KEY_TYPE_IV, iv_bit_len, &iv) != YACA_ERROR_NONE) - goto exit; - - if (yaca_zalloc(aad_len, (void**)&aad) != YACA_ERROR_NONE) - goto exit; - - if (yaca_randomize_bytes(aad, aad_len) != YACA_ERROR_NONE) - goto exit; - - if (yaca_zalloc(tag_len, (void**)&tag) != YACA_ERROR_NONE) - goto exit; - - /* Encryption */ - { - if (yaca_encrypt_initialize(&ctx, algo, bcm, key, iv) != YACA_ERROR_NONE) - goto exit; - - /* Provide any AAD data */ - if (yaca_context_set_property(ctx, YACA_PROPERTY_GCM_AAD, aad, aad_len) != YACA_ERROR_NONE) - goto exit; - - /* For the update */ - if (yaca_context_get_output_length(ctx, LOREM4096_SIZE, &output_len) != YACA_ERROR_NONE) - goto exit; - - /* For the finalize */ - if (yaca_context_get_output_length(ctx, 0, &block_len) != YACA_ERROR_NONE) - goto exit; - - /* Calculate max output: size of update + final chunks */ - enc_len = output_len + block_len; - if (yaca_malloc(enc_len, (void**)&enc) != YACA_ERROR_NONE) - goto exit; - - if (yaca_encrypt_update(ctx, lorem4096, LOREM4096_SIZE, enc, &written_len) != YACA_ERROR_NONE) - goto exit; - - enc_len = written_len; - - if (yaca_encrypt_finalize(ctx, enc + written_len, &written_len) != YACA_ERROR_NONE) - goto exit; - - enc_len += written_len; - - /* Set the tag length and get the tag after final encryption */ - if (yaca_context_set_property(ctx, YACA_PROPERTY_GCM_TAG_LEN, - (void*)&tag_len, sizeof(tag_len)) != YACA_ERROR_NONE) - goto exit; - - if (yaca_context_get_property(ctx, YACA_PROPERTY_GCM_TAG, (void**)tag, &tag_len) != YACA_ERROR_NONE) - goto exit; - - dump_hex(enc, 16, "Encrypted data (16 of %zu bytes): ", enc_len); - - yaca_context_destroy(ctx); - ctx = YACA_CONTEXT_NULL; - } - - /* Decryption */ - { - if (yaca_decrypt_initialize(&ctx, algo, bcm, key, iv) != YACA_ERROR_NONE) - goto exit; - - /* Provide any AAD data */ - if (yaca_context_set_property(ctx, YACA_PROPERTY_GCM_AAD, aad, aad_len) != YACA_ERROR_NONE) - goto exit; - - /* For the update */ - if (yaca_context_get_output_length(ctx, enc_len, &output_len) != YACA_ERROR_NONE) - goto exit; - - /* For the finalize */ - if (yaca_context_get_output_length(ctx, 0, &block_len) != YACA_ERROR_NONE) - goto exit; - - /* Calculate max output: size of update + final chunks */ - dec_len = output_len + block_len; - if (yaca_malloc(dec_len, (void**)&dec) != YACA_ERROR_NONE) - goto exit; - - if (yaca_decrypt_update(ctx, enc, enc_len, dec, &written_len) != YACA_ERROR_NONE) - goto exit; - - dec_len = written_len; - - /* Set expected tag value before final decryption */ - if (yaca_context_set_property(ctx, YACA_PROPERTY_GCM_TAG, tag, tag_len) != YACA_ERROR_NONE) - goto exit; - - if (yaca_decrypt_finalize(ctx, dec + written_len, &written_len) != YACA_ERROR_NONE) - goto exit; - - dec_len += written_len; - - printf("Decrypted data (16 of %zu bytes): %.16s\n\n", dec_len, dec); - } - -exit: - yaca_free(enc); - yaca_free(dec); - yaca_free(tag); - yaca_free(aad); - yaca_context_destroy(ctx); - yaca_key_destroy(iv); - yaca_key_destroy(key); -} - -void encrypt_decrypt_aes_ccm(void) -{ - yaca_encrypt_algorithm_e algo = YACA_ENCRYPT_AES; - yaca_block_cipher_mode_e bcm = YACA_BCM_CCM; - yaca_key_type_e key_type = YACA_KEY_TYPE_SYMMETRIC; - size_t key_bit_len = YACA_KEY_LENGTH_256BIT; - size_t iv_bit_len = YACA_KEY_LENGTH_IV_64BIT; - - yaca_context_h ctx = YACA_CONTEXT_NULL; - yaca_key_h key = YACA_KEY_NULL; - yaca_key_h iv = YACA_KEY_NULL; - - char *enc = NULL; - char *dec = NULL; - size_t enc_len; - size_t dec_len; - - char *aad = NULL; - char *tag = NULL; - size_t aad_len = 16; - size_t tag_len = 14; - - size_t block_len; - size_t output_len; - size_t written_len; - size_t len; - - printf("AES CCM 256bit key encryption/decryption\n"); - printf("Plain data (16 of %zu bytes): %.16s\n", LOREM4096_SIZE, lorem4096); - - /* Key generation */ - if (yaca_key_generate(key_type, key_bit_len, &key) != YACA_ERROR_NONE) - return; - - /* IV generation */ - if (yaca_key_generate(YACA_KEY_TYPE_IV, iv_bit_len, &iv) != YACA_ERROR_NONE) - goto exit; - - if (yaca_zalloc(aad_len, (void**)&aad) != YACA_ERROR_NONE) - goto exit; - - if (yaca_randomize_bytes(aad, aad_len) != YACA_ERROR_NONE) - goto exit; - - if (yaca_zalloc(tag_len, (void**)&tag) != YACA_ERROR_NONE) - goto exit; - - /* Encryption */ - { - if (yaca_encrypt_initialize(&ctx, algo, bcm, key, iv) != YACA_ERROR_NONE) - goto exit; - - /* Set tag length (optionally) */ - if (yaca_context_set_property(ctx, YACA_PROPERTY_CCM_TAG_LEN, - (void*)&tag_len, sizeof(tag_len)) != YACA_ERROR_NONE) - goto exit; - - /* The total plain text length must be passed (only needed if AAD is passed) */ - if (yaca_encrypt_update(ctx, NULL, LOREM4096_SIZE , NULL, &len) != YACA_ERROR_NONE) - goto exit; - - if (yaca_context_set_property(ctx, YACA_PROPERTY_CCM_AAD, aad, aad_len) != YACA_ERROR_NONE) - goto exit; - - /* For the update */ - if (yaca_context_get_output_length(ctx, LOREM4096_SIZE, &output_len) != YACA_ERROR_NONE) - goto exit; - - /* For the finalize */ - if (yaca_context_get_output_length(ctx, 0, &block_len) != YACA_ERROR_NONE) - goto exit; - - /* Calculate max output: size of update + final chunks */ - enc_len = output_len + block_len; - if (yaca_malloc(enc_len, (void**)&enc) != YACA_ERROR_NONE) - goto exit; - - if (yaca_encrypt_update(ctx, lorem4096, LOREM4096_SIZE, enc, &written_len) != YACA_ERROR_NONE) - goto exit; - - enc_len = written_len; - - if (yaca_encrypt_finalize(ctx, enc + written_len, &written_len) != YACA_ERROR_NONE) - goto exit; - - enc_len += written_len; - - /* Get the tag after final encryption */ - if (yaca_context_get_property(ctx, YACA_PROPERTY_CCM_TAG, (void**)tag, &tag_len) != YACA_ERROR_NONE) - goto exit; - - dump_hex(enc, 16, "Encrypted data (16 of %zu bytes): ", enc_len); - - yaca_context_destroy(ctx); - ctx = YACA_CONTEXT_NULL; - } - - /* Decryption */ - { - if (yaca_decrypt_initialize(&ctx, algo, bcm, key, iv) != YACA_ERROR_NONE) - goto exit; - - /* Set expected tag value */ - if (yaca_context_set_property(ctx, YACA_PROPERTY_CCM_TAG, tag, tag_len) != YACA_ERROR_NONE) - goto exit; - - /* The total encrypted text length must be passed (only needed if AAD is passed) */ - if (yaca_decrypt_update(ctx, NULL, enc_len , NULL, &len) != YACA_ERROR_NONE) - goto exit; - - if (yaca_context_set_property(ctx, YACA_PROPERTY_CCM_AAD, aad, aad_len) != YACA_ERROR_NONE) - goto exit; - - /* For the update */ - if (yaca_context_get_output_length(ctx, enc_len, &output_len) != YACA_ERROR_NONE) - goto exit; - - /* For the finalize */ - if (yaca_context_get_output_length(ctx, 0, &block_len) != YACA_ERROR_NONE) - goto exit; - - /* Calculate max output: size of update + final chunks */ - dec_len = output_len + block_len; - if (yaca_malloc(dec_len, (void**)&dec) != YACA_ERROR_NONE) - goto exit; - - if (yaca_decrypt_update(ctx, enc, enc_len, dec, &written_len) != YACA_ERROR_NONE) - goto exit; - - dec_len = written_len; - - if (yaca_decrypt_finalize(ctx, dec + written_len, &written_len) != YACA_ERROR_NONE) - goto exit; - - dec_len += written_len; - - printf("Decrypted data (16 of %zu bytes): %.16s\n\n", dec_len, dec); - } - -exit: - yaca_free(enc); - yaca_free(dec); - yaca_free(tag); - yaca_free(aad); - yaca_context_destroy(ctx); - yaca_key_destroy(iv); - yaca_key_destroy(key); -} - -int main() -{ - int ret = yaca_initialize(); - if (ret != YACA_ERROR_NONE) - return ret; - - encrypt_decrypt_aes_gcm(); - encrypt_decrypt_aes_ccm(); - - yaca_cleanup(); - return ret; -} diff --git a/examples/encrypt_ccm.c b/examples/encrypt_ccm.c new file mode 100644 index 0000000..3bc11f8 --- /dev/null +++ b/examples/encrypt_ccm.c @@ -0,0 +1,225 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Krzysztof Jackiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file encrypt_ccm.c + * @brief AES CCM encrypt API example. + */ + +//! [AES CCM encrypt API example] +#include + +#include +#include +#include +#include + +/* include helpers functions and definitions */ +#include "misc.h" + +int main() +{ + int ret; + yaca_context_h ctx = YACA_CONTEXT_NULL; + yaca_key_h key = YACA_KEY_NULL; + yaca_key_h iv = YACA_KEY_NULL; + + char *encrypted = NULL; + char *decrypted = NULL; + size_t encrypted_len; + size_t decrypted_len; + + char *aad = NULL; + char *tag = NULL; + size_t aad_len = 16; + size_t tag_len = 12; + + size_t block_len; + size_t output_len; + size_t written_len; + + ret = yaca_initialize(); + if (ret != YACA_ERROR_NONE) + goto exit; + + printf("Plain data (16 of %zu bytes): %.16s\n", INPUT_DATA_SIZE, INPUT_DATA); + + /* Key generation */ + ret = yaca_key_generate(YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_LENGTH_256BIT, &key); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* IV generation */ + ret = yaca_key_generate(YACA_KEY_TYPE_IV, YACA_KEY_LENGTH_IV_64BIT, &iv); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Additional Authentication Data generation */ + ret = yaca_zalloc(aad_len, (void**)&aad); + if (ret != YACA_ERROR_NONE) + goto exit; + + ret = yaca_randomize_bytes(aad, aad_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Allocate memory for tag */ + ret = yaca_zalloc(tag_len, (void**)&tag); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Encryption */ + { + /* Initialize encryption context */ + ret = yaca_encrypt_initialize(&ctx, YACA_ENCRYPT_AES, YACA_BCM_CCM, key, iv); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Get output length for the update */ + ret = yaca_context_get_output_length(ctx, INPUT_DATA_SIZE, &output_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Get output length for the finalize */ + ret = yaca_context_get_output_length(ctx, 0, &block_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Calculate max output length and allocate memory */ + encrypted_len = output_len + block_len; + ret = yaca_zalloc(encrypted_len, (void**)&encrypted); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Set tag length */ + ret = yaca_context_set_property(ctx, YACA_PROPERTY_CCM_TAG_LEN, &tag_len, sizeof(tag_len)); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* The total plain text length must be passed (only needed if AAD is passed) */ + ret = yaca_encrypt_update(ctx, NULL, INPUT_DATA_SIZE , NULL, &written_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Provide Additional Authentication Data */ + ret = yaca_context_set_property(ctx, YACA_PROPERTY_CCM_AAD, aad, aad_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Encrypt data */ + ret = yaca_encrypt_update(ctx, INPUT_DATA, INPUT_DATA_SIZE, encrypted, &written_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + encrypted_len = written_len; + + ret = yaca_encrypt_finalize(ctx, encrypted + encrypted_len, &written_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + encrypted_len += written_len; + + /* Resize output buffer */ + ret = yaca_realloc(encrypted_len, (void**)&encrypted); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Get the tag after final encryption */ + ret = yaca_context_get_property(ctx, YACA_PROPERTY_CCM_TAG, (void**)tag, &tag_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* display encrypted data in hexadecimal format */ + dump_hex(encrypted, 16, "Encrypted data (16 of %zu bytes): ", encrypted_len); + + yaca_context_destroy(ctx); + ctx = YACA_CONTEXT_NULL; + } + + /* Decryption */ + { + /* Initialize decryption context */ + ret = yaca_decrypt_initialize(&ctx, YACA_ENCRYPT_AES, YACA_BCM_CCM, key, iv); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Get output length for the update */ + ret = yaca_context_get_output_length(ctx, encrypted_len, &output_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Get output length for the finalize */ + ret = yaca_context_get_output_length(ctx, 0, &block_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Calculate max output length and allocate memory */ + decrypted_len = output_len + block_len; + ret = yaca_zalloc(decrypted_len, (void**)&decrypted); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Set expected tag value */ + ret = yaca_context_set_property(ctx, YACA_PROPERTY_CCM_TAG, tag, tag_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* The total encrypted text length must be passed (only needed if AAD is passed) */ + ret = yaca_decrypt_update(ctx, NULL, encrypted_len , NULL, &written_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Provide Additional Authentication Data */ + ret = yaca_context_set_property(ctx, YACA_PROPERTY_CCM_AAD, aad, aad_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Decrypt data */ + ret = yaca_decrypt_update(ctx, encrypted, encrypted_len, decrypted, &written_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + decrypted_len = written_len; + + ret = yaca_decrypt_finalize(ctx, decrypted + decrypted_len, &written_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + decrypted_len += written_len; + + /* Resize output buffer */ + ret = yaca_realloc(decrypted_len, (void**)&decrypted); + if (ret != YACA_ERROR_NONE) + goto exit; + + printf("Decrypted data (16 of %zu bytes): %.16s\n\n", decrypted_len, decrypted); + } + +exit: + yaca_free(decrypted); + yaca_free(encrypted); + yaca_free(tag); + yaca_free(aad); + yaca_context_destroy(ctx); + yaca_key_destroy(iv); + yaca_key_destroy(key); + + yaca_cleanup(); + return ret; +} +//! [AES CCM encrypt API example] diff --git a/examples/encrypt_gcm.c b/examples/encrypt_gcm.c new file mode 100644 index 0000000..9778acb --- /dev/null +++ b/examples/encrypt_gcm.c @@ -0,0 +1,214 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Krzysztof Jackiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file encrypt_gcm.c + * @brief AES GCM encrypt API example. + */ + +//! [AES GCM encrypt API example] +#include + +#include +#include +#include +#include + +/* include helpers functions and definitions */ +#include "misc.h" + +int main() +{ + int ret; + yaca_context_h ctx = YACA_CONTEXT_NULL; + yaca_key_h key = YACA_KEY_NULL; + yaca_key_h iv = YACA_KEY_NULL; + + char *encrypted = NULL; + char *decrypted = NULL; + size_t encrypted_len; + size_t decrypted_len; + + char *aad = NULL; + char *tag = NULL; + size_t aad_len = 16; + size_t tag_len = 16; + + size_t block_len; + size_t output_len; + size_t written_len; + + ret = yaca_initialize(); + if (ret != YACA_ERROR_NONE) + goto exit; + + printf("Plain data (16 of %zu bytes): %.16s\n", INPUT_DATA_SIZE, INPUT_DATA); + + /* Key generation */ + ret = yaca_key_generate(YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_LENGTH_256BIT, &key); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* IV generation */ + ret = yaca_key_generate(YACA_KEY_TYPE_IV, YACA_KEY_LENGTH_IV_128BIT, &iv); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Additional Authentication Data generation */ + ret = yaca_zalloc(aad_len, (void**)&aad); + if (ret != YACA_ERROR_NONE) + goto exit; + + ret = yaca_randomize_bytes(aad, aad_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Allocate memory for tag */ + ret = yaca_zalloc(tag_len, (void**)&tag); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Encryption */ + { + /* Initialize encryption context */ + ret = yaca_encrypt_initialize(&ctx, YACA_ENCRYPT_AES, YACA_BCM_GCM, key, iv); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Get output length for the update */ + ret = yaca_context_get_output_length(ctx, INPUT_DATA_SIZE, &output_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Get output length for the finalize */ + ret = yaca_context_get_output_length(ctx, 0, &block_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Calculate max output length and allocate memory */ + encrypted_len = output_len + block_len; + ret = yaca_zalloc(encrypted_len, (void**)&encrypted); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Provide Additional Authentication Data */ + ret = yaca_context_set_property(ctx, YACA_PROPERTY_GCM_AAD, aad, aad_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Encrypt data */ + ret = yaca_encrypt_update(ctx, INPUT_DATA, INPUT_DATA_SIZE, encrypted, &written_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + encrypted_len = written_len; + + ret = yaca_encrypt_finalize(ctx, encrypted + encrypted_len, &written_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + encrypted_len += written_len; + + /* Resize output buffer */ + ret = yaca_realloc(encrypted_len, (void**)&encrypted); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Set the tag length and get the tag */ + ret = yaca_context_set_property(ctx, YACA_PROPERTY_GCM_TAG_LEN, &tag_len, sizeof(tag_len)); + if (ret != YACA_ERROR_NONE) + goto exit; + + ret = yaca_context_get_property(ctx, YACA_PROPERTY_GCM_TAG, (void**)tag, &tag_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* display encrypted data in hexadecimal format */ + dump_hex(encrypted, 16, "Encrypted data (16 of %zu bytes): ", encrypted_len); + + yaca_context_destroy(ctx); + ctx = YACA_CONTEXT_NULL; + } + + /* Decryption */ + { + /* Initialize decryption context */ + ret = yaca_decrypt_initialize(&ctx, YACA_ENCRYPT_AES, YACA_BCM_GCM, key, iv); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Get output length for the update */ + ret = yaca_context_get_output_length(ctx, encrypted_len, &output_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Get output length for the finalize */ + ret = yaca_context_get_output_length(ctx, 0, &block_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Calculate max output length and allocate memory */ + decrypted_len = output_len + block_len; + ret = yaca_zalloc(decrypted_len, (void**)&decrypted); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Provide Additional Authentication Data */ + ret = yaca_context_set_property(ctx, YACA_PROPERTY_GCM_AAD, aad, aad_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Decrypt data */ + ret = yaca_decrypt_update(ctx, encrypted, encrypted_len, decrypted, &written_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + decrypted_len = written_len; + + /* Set expected tag value before final decryption */ + ret = yaca_context_set_property(ctx, YACA_PROPERTY_GCM_TAG, tag, tag_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + ret = yaca_decrypt_finalize(ctx, decrypted + decrypted_len, &written_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + decrypted_len += written_len; + + /* Resize output buffer */ + ret = yaca_realloc(decrypted_len, (void**)&decrypted); + if (ret != YACA_ERROR_NONE) + goto exit; + + printf("Decrypted data (16 of %zu bytes): %.16s\n\n", decrypted_len, decrypted); + } + +exit: + yaca_free(decrypted); + yaca_free(encrypted); + yaca_free(tag); + yaca_free(aad); + yaca_context_destroy(ctx); + yaca_key_destroy(iv); + yaca_key_destroy(key); + + yaca_cleanup(); + return ret; +} +//! [AES GCM encrypt API example] diff --git a/examples/encrypt_simple.c b/examples/encrypt_simple.c new file mode 100644 index 0000000..dadab7c --- /dev/null +++ b/examples/encrypt_simple.c @@ -0,0 +1,102 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Krzysztof Jackiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file encrypt_simple.c + * @brief Simple Encrypt API example. + */ + +//! [Simple Encrypt API example] +#include + +#include +#include +#include +#include +#include + +/* include helpers functions and definitions */ +#include "misc.h" + +int main() +{ + int ret; + yaca_key_h key = YACA_KEY_NULL; + yaca_key_h iv = YACA_KEY_NULL; + size_t iv_bit_len; + + char *encrypted = NULL; + char *decrypted = NULL; + size_t encrypted_len; + size_t decrypted_len; + + ret = yaca_initialize(); + if (ret != YACA_ERROR_NONE) + goto exit; + + printf("Plain data (16 of %zu bytes): %.16s\n", INPUT_DATA_SIZE, INPUT_DATA); + + /* Key generation */ + ret = yaca_key_derive_pbkdf2("foo bar", "123456789", 10, 1000, + YACA_DIGEST_SHA256, YACA_KEY_LENGTH_256BIT, &key); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* IV generation */ + ret = yaca_encrypt_get_iv_bit_length(YACA_ENCRYPT_AES, YACA_BCM_CTR, YACA_KEY_LENGTH_256BIT, + &iv_bit_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + if (iv_bit_len > 0) { + ret = yaca_key_generate(YACA_KEY_TYPE_IV, iv_bit_len, &iv); + if (ret != YACA_ERROR_NONE) + goto exit; + } + + /* Encryption */ + { + ret = yaca_simple_encrypt(YACA_ENCRYPT_AES, YACA_BCM_CTR, key, iv, + INPUT_DATA, INPUT_DATA_SIZE, &encrypted, &encrypted_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* display encrypted data in hexadecimal format */ + dump_hex(encrypted, 16, "Encrypted data (16 of %zu bytes): ", encrypted_len); + } + + /* Decryption */ + { + ret = yaca_simple_decrypt(YACA_ENCRYPT_AES, YACA_BCM_CTR, key, iv, + encrypted, encrypted_len, &decrypted, &decrypted_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + printf("Decrypted data (16 of %zu bytes): %.16s\n\n", decrypted_len, decrypted); + } + +exit: + yaca_free(encrypted); + yaca_free(decrypted); + yaca_key_destroy(iv); + yaca_key_destroy(key); + + yaca_cleanup(); + return ret; +} +//! [Simple Encrypt API example] diff --git a/examples/key_exchange.c b/examples/key_exchange.c index ee75eac..1520a4c 100644 --- a/examples/key_exchange.c +++ b/examples/key_exchange.c @@ -18,125 +18,90 @@ /** * @file key_exchange.c - * @brief + * @brief Diffie-Helmann key exchange API example. */ -#include - +//! [Diffie-Helmann key exchange API example] #include #include #include +/* include helpers functions and definitions */ #include "misc.h" -/* send own public key and get peer public key */ -static yaca_key_h exchange_keys(const yaca_key_h pkey) +static yaca_key_h exchange_public_keys(const yaca_key_h peer_key) { int ret; - char *secret = NULL; - size_t secret_len; - char *temp_material = NULL; - size_t temp_material_len; - char *key_material = NULL; - size_t key_material_len; - char *iv_material = NULL; - size_t iv_material_len; - - yaca_key_h private_key = YACA_KEY_NULL; - yaca_key_h public_key = YACA_KEY_NULL; yaca_key_h params = YACA_KEY_NULL; - yaca_key_h aes_key = YACA_KEY_NULL; - yaca_key_h iv = YACA_KEY_NULL; - - ret = yaca_key_extract_parameters(pkey, ¶ms); - if (ret != YACA_ERROR_NONE) - goto exit; - - ret = yaca_key_generate_from_parameters(params, &private_key); - if (ret != YACA_ERROR_NONE) - goto exit; + yaca_key_h priv_key = YACA_KEY_NULL; + yaca_key_h pub_key = YACA_KEY_NULL; - ret = yaca_key_extract_public(private_key, &public_key); + ret = yaca_key_extract_parameters(peer_key, ¶ms); if (ret != YACA_ERROR_NONE) goto exit; - /* derive secret */ - ret = yaca_key_derive_dh(private_key, pkey, &secret, &secret_len); + ret = yaca_key_generate_from_parameters(params, &priv_key); if (ret != YACA_ERROR_NONE) goto exit; - key_material_len = YACA_KEY_LENGTH_192BIT / 8; - iv_material_len = YACA_KEY_LENGTH_IV_128BIT / 8; - temp_material_len = key_material_len + iv_material_len; - ret = yaca_key_derive_kdf(YACA_KDF_X962, YACA_DIGEST_SHA512, secret, secret_len, - NULL, 0, temp_material_len, &temp_material); - - if (ret != YACA_ERROR_NONE) - goto exit; - - key_material = temp_material; - iv_material = temp_material + key_material_len; - - ret = yaca_key_import(YACA_KEY_TYPE_SYMMETRIC, NULL, key_material, key_material_len, &aes_key); + ret = yaca_key_extract_public(priv_key, &pub_key); if (ret != YACA_ERROR_NONE) goto exit; - ret = yaca_key_import(YACA_KEY_TYPE_IV, NULL, iv_material, iv_material_len, &iv); - if (ret != YACA_ERROR_NONE) - goto exit; - - dump_hex(secret, secret_len, "\n***** Peer Secret: *****"); - dump_hex(key_material, key_material_len, "\n***** Peer AES key: *****"); - dump_hex(iv_material, iv_material_len, "\n***** Peer IV: *****"); - exit: - yaca_key_destroy(private_key); + yaca_key_destroy(priv_key); yaca_key_destroy(params); - yaca_key_destroy(aes_key); - yaca_key_destroy(iv); - yaca_free(secret); - yaca_free(temp_material); - return public_key; + return pub_key; } -void key_derivation(const yaca_key_h private_key) +int main() { int ret; + yaca_key_h priv_key = YACA_KEY_NULL; + yaca_key_h pub_key = YACA_KEY_NULL; + yaca_key_h peer_key = YACA_KEY_NULL; + yaca_key_h aes_key = YACA_KEY_NULL; + yaca_key_h iv = YACA_KEY_NULL; + char *secret = NULL; size_t secret_len; - char *temp_material = NULL; - size_t temp_material_len; char *key_material = NULL; size_t key_material_len; char *iv_material = NULL; size_t iv_material_len; + char *temp_material = NULL; + size_t temp_material_len; - yaca_key_h public_key = YACA_KEY_NULL; - yaca_key_h peer_key = YACA_KEY_NULL; - yaca_key_h aes_key = YACA_KEY_NULL; - yaca_key_h iv = YACA_KEY_NULL; + ret = yaca_initialize(); + if (ret != YACA_ERROR_NONE) + goto exit; - ret = yaca_key_extract_public(private_key, &public_key); + /* Key generation */ + ret = yaca_key_generate(YACA_KEY_TYPE_DH_PRIV, YACA_KEY_LENGTH_DH_RFC_2048_256, &priv_key); if (ret != YACA_ERROR_NONE) goto exit; - /* get peer public key */ - peer_key = exchange_keys(public_key); + ret = yaca_key_extract_public(priv_key, &pub_key); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Send own public key and get peer public key */ + peer_key = exchange_public_keys(pub_key); if (peer_key == YACA_KEY_NULL) goto exit; - /* derive secret */ - ret = yaca_key_derive_dh(private_key, peer_key, &secret, &secret_len); + /* Derive shared secret */ + ret = yaca_key_derive_dh(priv_key, peer_key, &secret, &secret_len); if (ret != YACA_ERROR_NONE) goto exit; - key_material_len = YACA_KEY_LENGTH_192BIT / 8; + /* Derive AES key and IV */ + key_material_len = YACA_KEY_LENGTH_256BIT / 8; iv_material_len = YACA_KEY_LENGTH_IV_128BIT / 8; temp_material_len = key_material_len + iv_material_len; - ret = yaca_key_derive_kdf(YACA_KDF_X962, YACA_DIGEST_SHA512, secret, secret_len, + ret = yaca_key_derive_kdf(YACA_KDF_X942, YACA_DIGEST_SHA512, secret, secret_len, NULL, 0, temp_material_len, &temp_material); - if (ret != YACA_ERROR_NONE) goto exit; @@ -151,68 +116,20 @@ void key_derivation(const yaca_key_h private_key) if (ret != YACA_ERROR_NONE) goto exit; - dump_hex(secret, secret_len, "\n***** My Secret: *****"); - dump_hex(key_material, key_material_len, "\n***** My AES key: *****"); - dump_hex(iv_material, iv_material_len, "\n***** My IV: *****"); + /* display key and IV in hexadecimal format */ + dump_hex(key_material, key_material_len, "***** Derived AES key: *****"); + dump_hex(iv_material, iv_material_len, "\n***** Derived IV: *****"); exit: - yaca_key_destroy(public_key); + yaca_key_destroy(priv_key); + yaca_key_destroy(pub_key); yaca_key_destroy(peer_key); yaca_key_destroy(aes_key); yaca_key_destroy(iv); yaca_free(secret); yaca_free(temp_material); -} - -int main() -{ - yaca_key_h ecdh_key = YACA_KEY_NULL; - yaca_key_h dh_params = YACA_KEY_NULL; - yaca_key_h dh_key_from_params = YACA_KEY_NULL; - yaca_key_h dh_key = YACA_KEY_NULL; - - int ret = yaca_initialize(); - if (ret != YACA_ERROR_NONE) - return ret; - - printf("\n***** Elliptic Curve Diffie Hellman key exchange and key/iv derivation *****"); - { - ret = yaca_key_generate(YACA_KEY_TYPE_EC_PRIV, YACA_KEY_LENGTH_EC_PRIME256V1, &ecdh_key); - if (ret != YACA_ERROR_NONE) - goto exit; - key_derivation(ecdh_key); - } - - printf("\n***** Diffie Hellman Diffie Hellman key exchange and key/iv derivation *****"); - { - ret = yaca_key_generate(YACA_KEY_TYPE_DH_PARAMS, - YACA_KEY_LENGTH_DH_GENERATOR_2 | 1024, &dh_params); - if (ret != YACA_ERROR_NONE) - goto exit; - - ret = yaca_key_generate_from_parameters(dh_params, &dh_key_from_params); - if (ret != YACA_ERROR_NONE) - goto exit; - - key_derivation(dh_key_from_params); - } - - printf("\n***** Diffie Hellman Diffie Hellman key exchange and key/iv derivation *****"); - { - ret = yaca_key_generate(YACA_KEY_TYPE_DH_PRIV, YACA_KEY_LENGTH_DH_RFC_2048_256, &dh_key); - if (ret != YACA_ERROR_NONE) - goto exit; - - key_derivation(dh_key); - } - -exit: - yaca_key_destroy(ecdh_key); - yaca_key_destroy(dh_params); - yaca_key_destroy(dh_key_from_params); - yaca_key_destroy(dh_key); yaca_cleanup(); - return ret; } +//! [Diffie-Helmann key exchange API example] diff --git a/examples/key_gen.c b/examples/key_gen.c index a771d81..43ab6c3 100644 --- a/examples/key_gen.c +++ b/examples/key_gen.c @@ -16,15 +16,16 @@ * limitations under the License */ -#include +/** + * @file key_gen.c + * @brief Key generation API example. + */ +//! [Key generation API example] #include #include -#include #include -#include "misc.h" - int main() { int ret; @@ -33,94 +34,51 @@ int main() ret = yaca_initialize(); if (ret != YACA_ERROR_NONE) - goto error; - - printf("This example doesn't print anything useful unless an error occured.\n" - "It is intended to be looked at only as a code example.\n" - "It might take a long time to execute though due to several keys being generated.\n"); + goto exit; /* Regular generation */ - ret = yaca_key_generate(YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_LENGTH_256BIT, &key); if (ret != YACA_ERROR_NONE) - goto error; + goto exit; yaca_key_destroy(key); - ret = yaca_key_generate(YACA_KEY_TYPE_DES, YACA_KEY_LENGTH_192BIT, &key); + ret = yaca_key_generate(YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_LENGTH_2048BIT, &key); if (ret != YACA_ERROR_NONE) - goto error; - yaca_key_destroy(key); - - ret = yaca_key_generate(YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_LENGTH_1024BIT, &key); - if (ret != YACA_ERROR_NONE) - goto error; - yaca_key_destroy(key); - - ret = yaca_key_generate(YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_512BIT, &key); - if (ret != YACA_ERROR_NONE) - goto error; - yaca_key_destroy(key); - - ret = yaca_key_generate(YACA_KEY_TYPE_DH_PRIV, YACA_KEY_LENGTH_DH_GENERATOR_2 | 333, &key); - if (ret != YACA_ERROR_NONE) - goto error; + goto exit; yaca_key_destroy(key); ret = yaca_key_generate(YACA_KEY_TYPE_DH_PRIV, YACA_KEY_LENGTH_DH_RFC_2048_224, &key); if (ret != YACA_ERROR_NONE) - goto error; + goto exit; yaca_key_destroy(key); ret = yaca_key_generate(YACA_KEY_TYPE_EC_PRIV, YACA_KEY_LENGTH_EC_SECP384R1, &key); if (ret != YACA_ERROR_NONE) - goto error; + goto exit; yaca_key_destroy(key); /* Params + key generation */ - - ret = yaca_key_generate(YACA_KEY_TYPE_DSA_PARAMS, YACA_KEY_LENGTH_512BIT, &key_params); - if (ret != YACA_ERROR_NONE) - goto error; - ret = yaca_key_generate_from_parameters(key_params, &key); - if (ret != YACA_ERROR_NONE) - goto error; - yaca_key_destroy(key); - yaca_key_destroy(key_params); - - ret = yaca_key_generate(YACA_KEY_TYPE_DH_PARAMS, - YACA_KEY_LENGTH_DH_GENERATOR_5 | YACA_KEY_LENGTH_2048BIT, &key_params); - if (ret != YACA_ERROR_NONE) - goto error; - ret = yaca_key_generate_from_parameters(key_params, &key); - if (ret != YACA_ERROR_NONE) - goto error; - yaca_key_destroy(key); - yaca_key_destroy(key_params); - ret = yaca_key_generate(YACA_KEY_TYPE_DH_PARAMS, YACA_KEY_LENGTH_DH_RFC_2048_256, &key_params); if (ret != YACA_ERROR_NONE) - goto error; + goto exit; ret = yaca_key_generate_from_parameters(key_params, &key); if (ret != YACA_ERROR_NONE) - goto error; + goto exit; yaca_key_destroy(key); yaca_key_destroy(key_params); ret = yaca_key_generate(YACA_KEY_TYPE_EC_PARAMS, YACA_KEY_LENGTH_EC_PRIME256V1, &key_params); if (ret != YACA_ERROR_NONE) - goto error; + goto exit; ret = yaca_key_generate_from_parameters(key_params, &key); if (ret != YACA_ERROR_NONE) - goto error; + goto exit; + +exit: yaca_key_destroy(key); yaca_key_destroy(key_params); yaca_cleanup(); - return 0; - -error: - printf("Error occured.\n"); - yaca_cleanup(); - - return 1; + return ret; } +//! [Key generation API example] diff --git a/examples/key_import_export.c b/examples/key_import_export.c deleted file mode 100644 index 4a50cb7..0000000 --- a/examples/key_import_export.c +++ /dev/null @@ -1,321 +0,0 @@ -/* - * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Krzysztof Jackiewicz - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -/** - * @file key_import_export.c - * @brief - */ - -#include - -#include -#include -#include - -#include "misc.h" - -int key_import_export_sym(yaca_key_h sym) -{ - int ret; - - char *raw = NULL; - size_t raw_len; - char *b64 = NULL; - size_t b64_len; - - yaca_key_h raw_imported = YACA_KEY_NULL; - yaca_key_h b64_imported = YACA_KEY_NULL; - - - /* BASE64 */ - - ret = yaca_key_export(sym, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_BASE64, NULL, &b64, &b64_len); - if (ret != YACA_ERROR_NONE) - return ret; - ret = yaca_key_import(YACA_KEY_TYPE_SYMMETRIC, NULL, b64, b64_len, &b64_imported); - if (ret != YACA_ERROR_NONE) - goto exit; - - printf("\n\t***** BASE64 exported key: *****\n%.*s\n", (int)b64_len, b64); - yaca_free(b64); - b64 = NULL; - - ret = yaca_key_export(b64_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_BASE64, NULL, &b64, &b64_len); - if (ret != YACA_ERROR_NONE) - goto exit; - - printf("\t***** BASE64 imported key: *****\n%.*s\n", (int)b64_len, b64); - - - /* RAW */ - - ret = yaca_key_export(sym, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_RAW, NULL, &raw, &raw_len); - if (ret != YACA_ERROR_NONE) - goto exit; - ret = yaca_key_import(YACA_KEY_TYPE_SYMMETRIC, NULL, raw, raw_len, &raw_imported); - if (ret != YACA_ERROR_NONE) - goto exit; - - dump_hex(raw, raw_len, "\n\t***** RAW exported key: *****"); - yaca_free(raw); - raw = NULL; - - ret = yaca_key_export(raw_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_RAW, NULL, &raw, &raw_len); - if (ret != YACA_ERROR_NONE) - goto exit; - - dump_hex(raw, raw_len, "\t***** RAW imported key: *****"); - -exit: - yaca_key_destroy(raw_imported); - yaca_key_destroy(b64_imported); - yaca_free(raw); - yaca_free(b64); - - return ret; -} - -int key_import_export_asym(yaca_key_h priv, yaca_key_h pub, - yaca_key_type_e priv_type, yaca_key_type_e pub_type, - const char *algo) -{ - int ret; - - char *pem_prv = NULL; - size_t pem_prv_len; - char *der_prv = NULL; - size_t der_prv_len; - - char *pem_pub = NULL; - size_t pem_pub_len; - char *der_pub = NULL; - size_t der_pub_len; - - yaca_key_h pem_prv_imported = YACA_KEY_NULL; - yaca_key_h der_prv_imported = YACA_KEY_NULL; - yaca_key_h pem_pub_imported = YACA_KEY_NULL; - yaca_key_h der_pub_imported = YACA_KEY_NULL; - - - /* PEM private */ - - ret = yaca_key_export(priv, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_PEM, NULL, &pem_prv, &pem_prv_len); - if (ret != YACA_ERROR_NONE) - return ret; - ret = yaca_key_import(priv_type, NULL, pem_prv, pem_prv_len, &pem_prv_imported); - if (ret != YACA_ERROR_NONE) - goto exit; - - printf("\n\t***** %s PEM exported private key: *****\n%.*s", algo, (int)pem_prv_len, pem_prv); - yaca_free(pem_prv); - pem_prv = NULL; - - ret = yaca_key_export(pem_prv_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_PEM, NULL, &pem_prv, &pem_prv_len); - if (ret != YACA_ERROR_NONE) - goto exit; - - printf("\t***** %s PEM imported private key: *****\n%.*s", algo, (int)pem_prv_len, pem_prv); - - - /* DER private */ - - ret = yaca_key_export(priv, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_DER, NULL, &der_prv, &der_prv_len); - if (ret != YACA_ERROR_NONE) - goto exit; - ret = yaca_key_import(priv_type, NULL, der_prv, der_prv_len, &der_prv_imported); - if (ret != YACA_ERROR_NONE) - goto exit; - - dump_hex(der_prv, der_prv_len, "\n\t***** %s DER exported private key: *****", algo); - yaca_free(der_prv); - der_prv = NULL; - - ret = yaca_key_export(der_prv_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_DER, NULL, &der_prv, &der_prv_len); - if (ret != YACA_ERROR_NONE) - goto exit; - - dump_hex(der_prv, der_prv_len, "\t***** %s DER imported private key: *****", algo); - - - /* PEM public */ - - ret = yaca_key_export(pub, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_PEM, NULL, &pem_pub, &pem_pub_len); - if (ret != YACA_ERROR_NONE) - goto exit; - ret = yaca_key_import(pub_type, NULL, pem_pub, pem_pub_len, &pem_pub_imported); - if (ret != YACA_ERROR_NONE) - goto exit; - - printf("\n\t***** %s PEM exported public key: *****\n%.*s", algo, (int)pem_pub_len, pem_pub); - yaca_free(pem_pub); - pem_pub = NULL; - - ret = yaca_key_export(pem_pub_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_PEM, NULL, &pem_pub, &pem_pub_len); - if (ret != YACA_ERROR_NONE) - goto exit; - - printf("\t***** %s PEM imported public key: *****\n%.*s", algo, (int)pem_pub_len, pem_pub); - - - /* DER public */ - - ret = yaca_key_export(pub, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_DER, NULL, &der_pub, &der_pub_len); - if (ret != YACA_ERROR_NONE) - goto exit; - ret = yaca_key_import(pub_type, NULL, der_pub, der_pub_len, &der_pub_imported); - if (ret != YACA_ERROR_NONE) - goto exit; - - dump_hex(der_pub, der_pub_len, "\n\t***** %s DER exported public key: *****", algo); - yaca_free(der_pub); - der_pub = NULL; - - ret = yaca_key_export(der_pub_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_DER, NULL, &der_pub, &der_pub_len); - if (ret != YACA_ERROR_NONE) - goto exit; - - dump_hex(der_pub, der_pub_len, "\t***** %s DER imported public key: *****", algo); - -exit: - yaca_key_destroy(der_pub_imported); - yaca_key_destroy(pem_pub_imported); - yaca_key_destroy(der_prv_imported); - yaca_key_destroy(pem_prv_imported); - yaca_free(der_pub); - yaca_free(pem_pub); - yaca_free(der_prv); - yaca_free(pem_prv); - - return ret; -} - -int key_import_x509(void) -{ - int ret; - char *pub = NULL; - size_t pub_len; - yaca_key_h rsa_pub_from_cert = YACA_KEY_NULL; - - ret = read_file("x509.crt", &pub, &pub_len); - if (ret != YACA_ERROR_NONE) { - printf("Make sure you copied a x509.crt from yaca_root/examples to your current directory\n"); - printf("You can also generate one with:\n"); - printf("openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout x509.key -out x509.crt\n"); - return ret; - } - - ret = yaca_key_import(YACA_KEY_TYPE_RSA_PUB, NULL, pub, pub_len, &rsa_pub_from_cert); - if (ret != YACA_ERROR_NONE) - goto exit; - - yaca_free(pub); - pub = NULL; - - ret = yaca_key_export(rsa_pub_from_cert, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_PEM, NULL, &pub, &pub_len); - if (ret != YACA_ERROR_NONE) - goto exit; - - printf("\n\t***** RSA X509 imported public key: *****\n%.*s", (int)pub_len, pub); - -exit: - yaca_key_destroy(rsa_pub_from_cert); - yaca_free(pub); - - return ret; -} - -int main() -{ - yaca_key_h sym = YACA_KEY_NULL; - yaca_key_h rsa_priv = YACA_KEY_NULL; - yaca_key_h rsa_pub = YACA_KEY_NULL; - yaca_key_h dsa_priv = YACA_KEY_NULL; - yaca_key_h dsa_pub = YACA_KEY_NULL; - int ret; - - ret = yaca_initialize(); - if (ret != YACA_ERROR_NONE) - return ret; - - ret = yaca_key_generate(YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_LENGTH_1024BIT, &sym); - if (ret != YACA_ERROR_NONE) - goto exit; - - ret = yaca_key_generate(YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_LENGTH_1024BIT, &rsa_priv); - if (ret != YACA_ERROR_NONE) - goto exit; - - ret = yaca_key_extract_public(rsa_priv, &rsa_pub); - if (ret != YACA_ERROR_NONE) - goto exit; - - ret = yaca_key_generate(YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_1024BIT, &dsa_priv); - if (ret != YACA_ERROR_NONE) - goto exit; - - ret = yaca_key_extract_public(dsa_priv, &dsa_pub); - if (ret != YACA_ERROR_NONE) - goto exit; - - printf("\t***************************************\n"); - printf("\t************** SYMMETRIC **************\n"); - printf("\t***************************************\n"); - ret = key_import_export_sym(sym); - if (ret == YACA_ERROR_NONE) - printf("\n\t********* SYMMETRIC - success *********\n\n"); - else - printf("\n\t********* SYMMETRIC - failure *********\n\n"); - - printf("\t***************************************\n"); - printf("\t***************** RSA *****************\n"); - printf("\t***************************************\n"); - ret = key_import_export_asym(rsa_priv, rsa_pub, YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_TYPE_RSA_PUB, "RSA"); - if (ret == YACA_ERROR_NONE) - printf("\n\t************ RSA - success ************\n\n"); - else - printf("\n\t************ RSA - failure ************\n\n"); - - printf("\t***************************************\n"); - printf("\t***************** DSA *****************\n"); - printf("\t***************************************\n"); - ret = key_import_export_asym(dsa_priv, dsa_pub, YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_TYPE_DSA_PUB, "DSA"); - if (ret == YACA_ERROR_NONE) - printf("\n\t************ DSA - success ************\n\n"); - else - printf("\n\t************ DSA - failure ************\n\n"); - - printf("\t***************************************\n"); - printf("\t**************** X509 *****************\n"); - printf("\t***************************************\n"); - ret = key_import_x509(); - if (ret == YACA_ERROR_NONE) - printf("\n\t*********** X509 - success ************\n\n"); - else - printf("\n\t*********** X509 - failure ************\n\n"); - -exit: - yaca_key_destroy(dsa_pub); - yaca_key_destroy(dsa_priv); - yaca_key_destroy(rsa_pub); - yaca_key_destroy(rsa_priv); - yaca_key_destroy(sym); - - yaca_cleanup(); - - return ret; -} diff --git a/examples/key_import_export_asym.c b/examples/key_import_export_asym.c new file mode 100644 index 0000000..7d97532 --- /dev/null +++ b/examples/key_import_export_asym.c @@ -0,0 +1,114 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Krzysztof Jackiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file key_import_export_asym.c + * @brief Asymmetric key import/export API example. + */ + +//! [Asymmetric key import/export API example] +#include + +#include +#include +#include + +/* include helpers functions and definitions */ +#include "misc.h" + +int main() +{ + int ret; + yaca_key_h rsa_priv = YACA_KEY_NULL; + yaca_key_h rsa_pub = YACA_KEY_NULL; + yaca_key_h pem_priv_imported = YACA_KEY_NULL; + yaca_key_h der_pub_imported = YACA_KEY_NULL; + + char *pem_priv = NULL; + size_t pem_priv_len; + char *der_pub = NULL; + size_t der_pub_len; + + ret = yaca_initialize(); + if (ret != YACA_ERROR_NONE) + goto exit; + + ret = yaca_key_generate(YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_LENGTH_2048BIT, &rsa_priv); + if (ret != YACA_ERROR_NONE) + goto exit; + + ret = yaca_key_extract_public(rsa_priv, &rsa_pub); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* PEM private */ + ret = yaca_key_export(rsa_priv, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_PEM, NULL, + &pem_priv, &pem_priv_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + ret = yaca_key_import(YACA_KEY_TYPE_RSA_PRIV, NULL, pem_priv, pem_priv_len, &pem_priv_imported); + if (ret != YACA_ERROR_NONE) + goto exit; + + printf("\t***** PEM exported private key: *****\n%.*s", (int)pem_priv_len, pem_priv); + yaca_free(pem_priv); + pem_priv = NULL; + + ret = yaca_key_export(pem_priv_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_PEM, + NULL, &pem_priv, &pem_priv_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + printf("\t***** PEM imported private key: *****\n%.*s", (int)pem_priv_len, pem_priv); + + /* DER public */ + ret = yaca_key_export(rsa_pub, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_DER, NULL, + &der_pub, &der_pub_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + ret = yaca_key_import(YACA_KEY_TYPE_RSA_PUB, NULL, der_pub, der_pub_len, &der_pub_imported); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* display key in hexadecimal format */ + dump_hex(der_pub, der_pub_len, "\n\t***** DER exported public key: *****"); + yaca_free(der_pub); + der_pub = NULL; + + ret = yaca_key_export(der_pub_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_DER, + NULL, &der_pub, &der_pub_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* display key in hexadecimal format */ + dump_hex(der_pub, der_pub_len, "\t***** DER imported public key: *****"); + +exit: + yaca_key_destroy(rsa_pub); + yaca_key_destroy(rsa_priv); + yaca_key_destroy(pem_priv_imported); + yaca_key_destroy(der_pub_imported); + yaca_free(pem_priv); + yaca_free(der_pub); + + yaca_cleanup(); + return ret; +} +//! [Asymmetric key import/export API example] diff --git a/examples/key_import_export_sym.c b/examples/key_import_export_sym.c new file mode 100644 index 0000000..3dafd9f --- /dev/null +++ b/examples/key_import_export_sym.c @@ -0,0 +1,108 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Krzysztof Jackiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file key_import_export_sym.c + * @brief Symmetric key import/export API example. + */ + +//! [Symmetric key import/export API example] +#include + +#include +#include +#include + +/* include helpers functions and definitions */ +#include "misc.h" + +int main() +{ + int ret; + yaca_key_h sym_key = YACA_KEY_NULL; + yaca_key_h raw_imported = YACA_KEY_NULL; + yaca_key_h b64_imported = YACA_KEY_NULL; + + char *raw = NULL; + size_t raw_len; + char *b64 = NULL; + size_t b64_len; + + ret = yaca_initialize(); + if (ret != YACA_ERROR_NONE) + goto exit; + + ret = yaca_key_generate(YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_LENGTH_256BIT, &sym_key); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* BASE64 */ + ret = yaca_key_export(sym_key, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_BASE64, NULL, + &b64, &b64_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + ret = yaca_key_import(YACA_KEY_TYPE_SYMMETRIC, NULL, b64, b64_len, &b64_imported); + if (ret != YACA_ERROR_NONE) + goto exit; + + printf("\t***** BASE64 exported key: *****\n%.*s\n", (int)b64_len, b64); + yaca_free(b64); + b64 = NULL; + + ret = yaca_key_export(b64_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_BASE64, NULL, + &b64, &b64_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + printf("\t***** BASE64 imported key: *****\n%.*s\n", (int)b64_len, b64); + + /* RAW */ + ret = yaca_key_export(sym_key, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_RAW, NULL, + &raw, &raw_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + ret = yaca_key_import(YACA_KEY_TYPE_SYMMETRIC, NULL, raw, raw_len, &raw_imported); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* display key in hexadecimal format */ + dump_hex(raw, raw_len, "\n\t***** RAW exported key: *****"); + yaca_free(raw); + raw = NULL; + + ret = yaca_key_export(raw_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_RAW, NULL, + &raw, &raw_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* display key in hexadecimal format */ + dump_hex(raw, raw_len, "\t***** RAW imported key: *****"); + +exit: + yaca_key_destroy(sym_key); + yaca_key_destroy(raw_imported); + yaca_key_destroy(b64_imported); + yaca_free(raw); + yaca_free(b64); + + yaca_cleanup(); + return ret; +} +//! [Symmetric key import/export API example] diff --git a/examples/key_password.c b/examples/key_password.c index 7eb46b4..9c9df78 100644 --- a/examples/key_password.c +++ b/examples/key_password.c @@ -16,90 +16,85 @@ * limitations under the License */ +/** + * @file key_password.c + * @brief Key import/export with password API example. + */ + +//! [Key import/export with password API example] #include -#include #include #include -#include #include -#include "misc.h" +/* include helpers functions and definitions */ +#include "misc.h" -void example_password(const yaca_key_h key, yaca_key_format_e key_fmt, - yaca_key_file_format_e key_file_fmt) +int main() { - char *k = NULL; - size_t kl; int ret; + yaca_key_h key = YACA_KEY_NULL; char *password = NULL; - yaca_key_h lkey = YACA_KEY_NULL; + char *key_data = NULL; + size_t key_data_len; - ret = read_stdin_line("encryption pass: ", &password); + ret = yaca_initialize(); if (ret != YACA_ERROR_NONE) goto exit; - ret = yaca_key_export(key, key_fmt, key_file_fmt, password, &k, &kl); - if (ret == YACA_ERROR_INVALID_PARAMETER) - printf("invalid parameter, probably a missing password for PKCS8\n"); + ret = yaca_key_generate(YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_LENGTH_2048BIT, &key); if (ret != YACA_ERROR_NONE) goto exit; - yaca_free(password); - password = NULL; + /* Export key */ + { + ret = read_stdin_line("encryption pass: ", &password); + if (ret != YACA_ERROR_NONE) + goto exit; + + ret = yaca_key_export(key, YACA_KEY_FORMAT_PKCS8, YACA_KEY_FILE_FORMAT_PEM, password, + &key_data, &key_data_len); + if (ret == YACA_ERROR_INVALID_PARAMETER) + printf("invalid parameter, probably a missing password for PKCS8\n"); + if (ret != YACA_ERROR_NONE) + goto exit; - ret = yaca_key_import(YACA_KEY_TYPE_RSA_PRIV, NULL, k, kl, &lkey); - if (ret == YACA_ERROR_INVALID_PASSWORD) { + yaca_key_destroy(key); + key = YACA_KEY_NULL; + yaca_free(password); + password = NULL; + } + + /* Import key */ + { ret = read_stdin_line("decryption pass: ", &password); if (ret != YACA_ERROR_NONE) goto exit; - ret = yaca_key_import(YACA_KEY_TYPE_RSA_PRIV, password, k, kl, &lkey); + ret = yaca_key_import(YACA_KEY_TYPE_RSA_PRIV, password, key_data, key_data_len, &key); if (ret == YACA_ERROR_INVALID_PASSWORD) printf("invalid password\n"); - } - - if (ret != YACA_ERROR_NONE) - goto exit; + if (ret != YACA_ERROR_NONE) + goto exit; - yaca_free(k); - k = NULL; + yaca_free(key_data); + key_data = NULL; - ret = yaca_key_export(lkey, key_fmt, YACA_KEY_FILE_FORMAT_PEM, password, &k, &kl); - if (ret != YACA_ERROR_NONE) - goto exit; + ret = yaca_key_export(key, YACA_KEY_FORMAT_PKCS8, YACA_KEY_FILE_FORMAT_PEM, password, + &key_data, &key_data_len); + if (ret != YACA_ERROR_NONE) + goto exit; - printf("%.*s", (int)kl, k); + printf("%.*s", (int)key_data_len, key_data); + } exit: - yaca_free(k); + yaca_free(key_data); yaca_free(password); - yaca_key_destroy(lkey); -} - -int main() -{ - int ret; - yaca_key_h key = YACA_KEY_NULL; - - ret = yaca_initialize(); - if (ret != YACA_ERROR_NONE) - goto exit; - - ret = yaca_key_generate(YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_LENGTH_1024BIT, &key); - if (ret != YACA_ERROR_NONE) - goto exit; - - printf("Default format with PEM:\n"); - example_password(key, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_PEM); - printf("\nPKCS8 format with PEM:\n"); - example_password(key, YACA_KEY_FORMAT_PKCS8, YACA_KEY_FILE_FORMAT_PEM); - printf("\nPKCS8 format with DER:\n"); - example_password(key, YACA_KEY_FORMAT_PKCS8, YACA_KEY_FILE_FORMAT_DER); - -exit: yaca_key_destroy(key); - yaca_cleanup(); - return 0; + yaca_cleanup(); + return ret; } +//! [Key import/export with password API example] diff --git a/examples/key_wrap.c b/examples/key_wrap.c index 6162397..5363268 100644 --- a/examples/key_wrap.c +++ b/examples/key_wrap.c @@ -18,46 +18,48 @@ /** * @file key_wrap.c - * @brief + * @brief Key wrapping API example. */ -#include -#include - +//! [Key wrapping API example] #include #include #include #include #include +/* include helpers functions and definitions */ #include "misc.h" -void key_wrap_aes(void) +int main() { int ret; - yaca_key_h sym_key = YACA_KEY_NULL; - yaca_key_h iv = YACA_KEY_NULL; yaca_key_h aes_key = YACA_KEY_NULL; - + yaca_key_h key = YACA_KEY_NULL; + yaca_key_h iv = YACA_KEY_NULL; size_t iv_bit_len; - char *key_data = NULL; - size_t key_data_len; - char *wrapped_key = NULL; - size_t wrapped_key_len; - printf("\n***** AES key wrapping ******\n"); + char *aes_key_data = NULL; + size_t aes_key_data_len; + char *wrapped_key_data = NULL; + size_t wrapped_key_data_len; + + ret = yaca_initialize(); + if (ret != YACA_ERROR_NONE) + goto exit; + /* Generate key to wrap */ ret = yaca_key_generate(YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_LENGTH_256BIT, &aes_key); if (ret != YACA_ERROR_NONE) goto exit; - ret = yaca_key_generate(YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_LENGTH_192BIT, &sym_key); + /* Key generation */ + ret = yaca_key_generate(YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_LENGTH_256BIT, &key); if (ret != YACA_ERROR_NONE) goto exit; - ret = yaca_encrypt_get_iv_bit_length(YACA_ENCRYPT_AES, - YACA_BCM_WRAP, - YACA_KEY_LENGTH_192BIT, + /* IV generation */ + ret = yaca_encrypt_get_iv_bit_length(YACA_ENCRYPT_AES, YACA_BCM_WRAP, YACA_KEY_LENGTH_256BIT, &iv_bit_len); if (ret != YACA_ERROR_NONE) goto exit; @@ -71,139 +73,51 @@ void key_wrap_aes(void) /* Key wrapping */ { ret = yaca_key_export(aes_key, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_RAW, NULL, - &key_data, &key_data_len); + &aes_key_data, &aes_key_data_len); if (ret != YACA_ERROR_NONE) goto exit; - ret = yaca_simple_encrypt(YACA_ENCRYPT_AES, YACA_BCM_WRAP, sym_key, iv, - key_data, key_data_len, - &wrapped_key, &wrapped_key_len); + ret = yaca_simple_encrypt(YACA_ENCRYPT_AES, YACA_BCM_WRAP, key, iv, + aes_key_data, aes_key_data_len, + &wrapped_key_data, &wrapped_key_data_len); if (ret != YACA_ERROR_NONE) goto exit; - dump_hex(key_data, key_data_len, "***** Unwrapped key:*****"); - dump_hex(wrapped_key, wrapped_key_len, "***** Wrapped key:*****"); + /* display key in hexadecimal format */ + dump_hex(aes_key_data, aes_key_data_len, "***** Unwrapped key:*****"); + dump_hex(wrapped_key_data, wrapped_key_data_len, "***** Wrapped key:*****"); } - yaca_free(key_data); - key_data = NULL; + yaca_free(aes_key_data); + aes_key_data = NULL; yaca_key_destroy(aes_key); aes_key = YACA_KEY_NULL; /* Key unwrapping */ { - ret = yaca_simple_decrypt(YACA_ENCRYPT_AES, YACA_BCM_WRAP, sym_key, iv, - wrapped_key, wrapped_key_len, - &key_data, &key_data_len); + ret = yaca_simple_decrypt(YACA_ENCRYPT_AES, YACA_BCM_WRAP, key, iv, + wrapped_key_data, wrapped_key_data_len, + &aes_key_data, &aes_key_data_len); if (ret != YACA_ERROR_NONE) goto exit; - ret = yaca_key_import(YACA_KEY_TYPE_SYMMETRIC, NULL, key_data, key_data_len, &aes_key); + ret = yaca_key_import(YACA_KEY_TYPE_SYMMETRIC, NULL, aes_key_data, aes_key_data_len, + &aes_key); if (ret != YACA_ERROR_NONE) goto exit; - dump_hex(key_data, key_data_len, "***** Unwrapped key:*****"); + /* display key in hexadecimal format */ + dump_hex(aes_key_data, aes_key_data_len, "***** Unwrapped key:*****"); } exit: yaca_key_destroy(aes_key); - yaca_key_destroy(sym_key); + yaca_key_destroy(key); yaca_key_destroy(iv); - yaca_free(key_data); - yaca_free(wrapped_key); -} - -void key_wrap_des(void) -{ - int ret; - yaca_key_h sym_key = YACA_KEY_NULL; - yaca_key_h iv = YACA_KEY_NULL; - yaca_key_h des_key = YACA_KEY_NULL; - - size_t iv_bit_len; - char *key_data = NULL; - size_t key_data_len; - char *wrapped_key = NULL; - size_t wrapped_key_len; - - printf("\n***** 3DES key wrapping ******\n"); - - ret = yaca_key_generate(YACA_KEY_TYPE_DES, YACA_KEY_LENGTH_192BIT, &des_key); - if (ret != YACA_ERROR_NONE) - goto exit; - - ret = yaca_key_generate(YACA_KEY_TYPE_DES, YACA_KEY_LENGTH_192BIT, &sym_key); - if (ret != YACA_ERROR_NONE) - goto exit; - - ret = yaca_encrypt_get_iv_bit_length(YACA_ENCRYPT_3DES_3TDEA, - YACA_BCM_WRAP, - YACA_KEY_LENGTH_192BIT, - &iv_bit_len); - if (ret != YACA_ERROR_NONE) - goto exit; - - if (iv_bit_len > 0) { - ret = yaca_key_generate(YACA_KEY_TYPE_IV, iv_bit_len, &iv); - if (ret != YACA_ERROR_NONE) - goto exit; - } - - /* Key wrapping */ - { - ret = yaca_key_export(des_key, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_RAW, NULL, - &key_data, &key_data_len); - if (ret != YACA_ERROR_NONE) - goto exit; - - ret = yaca_simple_encrypt(YACA_ENCRYPT_3DES_3TDEA, YACA_BCM_WRAP, sym_key, iv, - key_data, key_data_len, - &wrapped_key, &wrapped_key_len); - if (ret != YACA_ERROR_NONE) - goto exit; - - dump_hex(key_data, key_data_len, "***** Unwrapped key:*****"); - dump_hex(wrapped_key, wrapped_key_len, "***** Wrapped key:*****"); - } - - yaca_free(key_data); - key_data = NULL; - yaca_key_destroy(des_key); - des_key = YACA_KEY_NULL; - - /* Key unwrapping */ - { - ret = yaca_simple_decrypt(YACA_ENCRYPT_3DES_3TDEA, YACA_BCM_WRAP, sym_key, iv, - wrapped_key, wrapped_key_len, - &key_data, &key_data_len); - if (ret != YACA_ERROR_NONE) - goto exit; - - ret = yaca_key_import(YACA_KEY_TYPE_DES, NULL, key_data, key_data_len, &des_key); - if (ret != YACA_ERROR_NONE) - goto exit; - - dump_hex(key_data, key_data_len, "***** Unwrapped key:*****"); - } - -exit: - yaca_key_destroy(des_key); - yaca_key_destroy(sym_key); - yaca_key_destroy(iv); - yaca_free(key_data); - yaca_free(wrapped_key); -} - -int main() -{ - int ret = yaca_initialize(); - if (ret != YACA_ERROR_NONE) - return ret; - - key_wrap_aes(); - key_wrap_des(); + yaca_free(aes_key_data); + yaca_free(wrapped_key_data); yaca_cleanup(); return ret; } - +//! [Key wrapping API example] diff --git a/examples/lorem.c b/examples/lorem.c deleted file mode 100644 index d6f9f42..0000000 --- a/examples/lorem.c +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Krzysztof Jackiewicz - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -/** - * @file lorem.c - * @brief Lorem Ipsum - */ - -#include "lorem.h" - -const char lorem8[LOREM8_SIZE] = "Lorem i"; -const char lorem16[LOREM16_SIZE] = "Lorem ipsum dol"; -const char lorem1024[LOREM1024_SIZE] = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec non dolor tincidunt, vehicula erat non, pulvinar nisl. Suspendisse gravida commodo hendrerit. Sed ex magna, aliquet malesuada lectus ut, porttitor tincidunt ante. Nulla facilisi. Morbi nec scelerisque risus. Sed a gravida sapien. Cras sed neque bibendum, dapibus lectus sed, porta nulla. Morbi tristique velit lacus, at luctus turpis mollis sed. Nam quis sapien eu magna cursus venenatis. Phasellus et vestibulum urna, non pellentesque ex. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Etiam pretium aliquam porta.\ -Morbi magna metus, commodo in fermentum id, mattis pretium mauris. Donec sed rhoncus justo. Duis fringilla sem quis velit dignissim bibendum. Sed porta efficitur ipsum, in dignissim magna molestie eu. Sed elementum maximus risus. Quisque cursus urna lectus, sit amet fringilla purus tempor eu. Praesent tincidunt dolor sit amet dolor vulputate, et molestie tellus euismod. Proin suscipit dictum amet."; - -const char lorem4096[LOREM4096_SIZE] = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus congue semper ipsum, ac convallis magna rhoncus sit amet. Donec pellentesque maximus convallis. Mauris ut egestas sem. Maecenas efficitur suscipit auctor. Nunc malesuada laoreet porttitor. Donec gravida tortor nisi, in mattis lectus porta ut. Integer vehicula eros et tellus placerat, nec fermentum justo aliquet.\ -Maecenas metus massa, ultrices et ultricies sed, imperdiet nec dolor. Nam eget massa eros. Proin vitae laoreet metus, at scelerisque massa. Nullam convallis dolor id nisl iaculis, a gravida risus pretium. Proin non nunc eget nibh fermentum dignissim. Nullam tristique, odio eget rutrum sagittis, tortor purus cursus nunc, nec iaculis quam nunc ac metus. Cras ut tortor a eros porta vehicula non at lectus. Aliquam volutpat quis nisi ut mattis. Curabitur semper vehicula ultrices. Aenean cursus laoreet venenatis. Aenean vulputate, nisl id facilisis fringilla, neque velit posuere libero, et viverra tortor felis vitae urna. Sed in congue nunc. Fusce molestie tempor pharetra. Cras sodales pulvinar nunc non sollicitudin.\ -Maecenas vehicula metus ac tristique ultricies. Suspendisse potenti. Pellentesque suscipit egestas augue, sed dictum orci. Pellentesque eu lorem ultricies, vestibulum est in, bibendum turpis. Proin placerat tincidunt metus, eget volutpat dolor. Pellentesque varius leo eget velit lobortis, sit amet congue orci bibendum. Aliquam vitae posuere lorem. Donec sed convallis diam. Quisque aliquam interdum purus, eu ornare ex ullamcorper iaculis. In sit amet nisl eu nisl ultricies dapibus. Aenean finibus efficitur elit ut sodales. Nam sit amet auctor sem, eu iaculis nunc. Vivamus mattis arcu a viverra faucibus. In dignissim, nisi sit amet consectetur tempus, lorem dui fringilla augue, sit amet lacinia lectus sapien efficitur odio.\ -Nullam et egestas enim. Nam sit amet mi malesuada, dapibus felis quis, viverra mauris. Ut quis enim eu neque porta vehicula. Etiam ullamcorper vitae turpis vehicula blandit. Maecenas blandit tristique semper. Aliquam at sagittis enim. Donec quis molestie urna. Duis ut urna blandit, pellentesque magna ultrices, dignissim mi. Morbi fermentum ex massa, ut facilisis est tincidunt vel. Nam sed erat in lacus molestie mattis quis ut leo. Phasellus tempus elit urna, eget sagittis purus volutpat sed. Suspendisse aliquam, sem vel gravida lobortis, tortor orci ornare nisi, sed mollis ligula sem nec risus. In a ex nibh. Praesent odio est, molestie sed vestibulum id, varius sit amet lectus. Donec vel diam efficitur, tristique ligula a, aliquet felis. Nullam sit amet neque tellus.\ -Phasellus aliquet non libero non aliquet. Aliquam efficitur ultrices tortor vitae lobortis. Pellentesque sed dolor quis nisl faucibus eleifend vitae ultrices est. Integer et libero quis nisl sollicitudin volutpat sit amet a quam. Vivamus commodo dolor augue, volutpat dapibus odio dapibus et. Nulla sed congue nisl. Duis nunc sem, condimentum nec neque ac, blandit blandit quam. Integer tincidunt ipsum nec risus viverra mollis. In porta porttitor mattis. Nulla ac eleifend nibh. Vivamus suscipit at nunc ac interdum. In fermentum fringilla odio.\ -Sed nec erat eget mauris varius pulvinar. Ut fermentum ante non erat elementum, vitae tempor velit blandit. Curabitur turpis tellus, sodales sit amet mattis nec, volutpat ac magna. Nulla quam orci, rutrum sit amet imperdiet ut, iaculis in nisl. Donec semper vitae tellus nec bibendum. Nam pharetra hendrerit sapien quis rutrum. Morbi tincidunt justo ut sodales ullamcorper. Suspendisse eget pellentesque nulla, non placerat purus. Donec placerat id turpis in interdum. Curabitur lobortis risus et placerat commodo. Morbi pulvinar eros leo, scelerisque rutrum arcu pretium at. Quisque eget diam dui. Quisque bibendum luctus arcu quis semper. Nullam erat lacus, lacinia sit amet neque aliquam, lacinia maximus lorem.\ -Nunc ac purus vel sem laoreet interdum quis eget ligula. Aenean id nisl ut quam vehicula pretium sed sit amet urna. Aenean diam lorem, vehicula et sapien nec, pellentesque consectetur libero. Cras fringilla nibh eu libero nullam."; diff --git a/examples/lorem.h b/examples/lorem.h deleted file mode 100644 index 8d1ad45..0000000 --- a/examples/lorem.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Krzysztof Jackiewicz - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -/** - * @file lorem.h - * @brief - */ - -#ifndef LOREM_H -#define LOREM_H - -#include - -/** - * Test strings, sizes include null-termination - */ -extern const char lorem8[]; -extern const char lorem16[]; -extern const char lorem1024[]; -extern const char lorem4096[]; - -/** - * Sizes of test strings - */ -#define LOREM8_SIZE ((size_t)8) -#define LOREM16_SIZE ((size_t)16) -#define LOREM1024_SIZE ((size_t)1024) -#define LOREM4096_SIZE ((size_t)4096) - -#endif diff --git a/examples/misc.c b/examples/misc.c index 07784d7..6478fc5 100644 --- a/examples/misc.c +++ b/examples/misc.c @@ -20,12 +20,7 @@ * @file misc.c * @brief */ - -#define _POSIX_C_SOURCE 200809L - -#include -#include -#include +#define _GNU_SOURCE #include @@ -45,81 +40,6 @@ void dump_hex(const char *buf, size_t dump_len, const char *fmt, ...) BIO_dump_fp(stdout, buf, dump_len); } -void debug_func(const char *buf) -{ - puts(buf); -} - -int write_file(const char *path, const char *data, size_t data_len) -{ - size_t written = 0; - FILE *f; - - f = fopen(path, "w"); - if (f == NULL) - return -1; - - while (written != data_len) { - int ret = fwrite(data + written, 1, data_len - written, f); - - if (ferror(f) != 0) { - fclose(f); - return -1; - } - - written += ret; - } - - fclose(f); - return 0; -} - -#define BUF_SIZE 512 - -int read_file(const char *path, char **data, size_t *data_len) -{ - int ret; - char tmp[BUF_SIZE]; - char *buf = NULL; - size_t buf_len = 0; - FILE *f; - - f = fopen(path, "r"); - if (f == NULL) - return -1; - - for (;;) { - size_t read = fread(tmp, 1, BUF_SIZE, f); - - if (read > 0) { - if (yaca_realloc(buf_len + read, (void**)&buf) != YACA_ERROR_NONE) { - ret = -1; - break; - } - - memcpy(buf + buf_len, tmp, read); - buf_len += read; - } - - if (ferror(f) != 0) { - ret = -1; - break; - } - - if (feof(f)) { - *data = buf; - *data_len = buf_len; - buf = NULL; - ret = 0; - break; - } - } - - fclose(f); - free(buf); - return ret; -} - int read_stdin_line(const char *prompt, char **string) { char *buf = NULL; @@ -132,15 +52,25 @@ int read_stdin_line(const char *prompt, char **string) read = getline(&buf, &size, stdin); if (read <= 0) { free(buf); - return -1; + return YACA_ERROR_INVALID_PARAMETER; } - if (yaca_realloc(read, (void**)&buf) != YACA_ERROR_NONE) { - free(buf); - return -1; + int ret = yaca_realloc(read, (void**)&buf); + if (ret != YACA_ERROR_NONE) { + yaca_free(buf); + return ret; } buf[read - 1] = '\0'; *string = buf; - return 0; + return YACA_ERROR_NONE; } + +const char INPUT_DATA[INPUT_DATA_SIZE] = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus congue semper ipsum, ac convallis magna rhoncus sit amet. Donec pellentesque maximus convallis. Mauris ut egestas sem. Maecenas efficitur suscipit auctor. Nunc malesuada laoreet porttitor. Donec gravida tortor nisi, in mattis lectus porta ut. Integer vehicula eros et tellus placerat, nec fermentum justo aliquet.\ +Maecenas metus massa, ultrices et ultricies sed, imperdiet nec dolor. Nam eget massa eros. Proin vitae laoreet metus, at scelerisque massa. Nullam convallis dolor id nisl iaculis, a gravida risus pretium. Proin non nunc eget nibh fermentum dignissim. Nullam tristique, odio eget rutrum sagittis, tortor purus cursus nunc, nec iaculis quam nunc ac metus. Cras ut tortor a eros porta vehicula non at lectus. Aliquam volutpat quis nisi ut mattis. Curabitur semper vehicula ultrices. Aenean cursus laoreet venenatis. Aenean vulputate, nisl id facilisis fringilla, neque velit posuere libero, et viverra tortor felis vitae urna. Sed in congue nunc. Fusce molestie tempor pharetra. Cras sodales pulvinar nunc non sollicitudin.\ +Maecenas vehicula metus ac tristique ultricies. Suspendisse potenti. Pellentesque suscipit egestas augue, sed dictum orci. Pellentesque eu lorem ultricies, vestibulum est in, bibendum turpis. Proin placerat tincidunt metus, eget volutpat dolor. Pellentesque varius leo eget velit lobortis, sit amet congue orci bibendum. Aliquam vitae posuere lorem. Donec sed convallis diam. Quisque aliquam interdum purus, eu ornare ex ullamcorper iaculis. In sit amet nisl eu nisl ultricies dapibus. Aenean finibus efficitur elit ut sodales. Nam sit amet auctor sem, eu iaculis nunc. Vivamus mattis arcu a viverra faucibus. In dignissim, nisi sit amet consectetur tempus, lorem dui fringilla augue, sit amet lacinia lectus sapien efficitur odio.\ +Nullam et egestas enim. Nam sit amet mi malesuada, dapibus felis quis, viverra mauris. Ut quis enim eu neque porta vehicula. Etiam ullamcorper vitae turpis vehicula blandit. Maecenas blandit tristique semper. Aliquam at sagittis enim. Donec quis molestie urna. Duis ut urna blandit, pellentesque magna ultrices, dignissim mi. Morbi fermentum ex massa, ut facilisis est tincidunt vel. Nam sed erat in lacus molestie mattis quis ut leo. Phasellus tempus elit urna, eget sagittis purus volutpat sed. Suspendisse aliquam, sem vel gravida lobortis, tortor orci ornare nisi, sed mollis ligula sem nec risus. In a ex nibh. Praesent odio est, molestie sed vestibulum id, varius sit amet lectus. Donec vel diam efficitur, tristique ligula a, aliquet felis. Nullam sit amet neque tellus.\ +Phasellus aliquet non libero non aliquet. Aliquam efficitur ultrices tortor vitae lobortis. Pellentesque sed dolor quis nisl faucibus eleifend vitae ultrices est. Integer et libero quis nisl sollicitudin volutpat sit amet a quam. Vivamus commodo dolor augue, volutpat dapibus odio dapibus et. Nulla sed congue nisl. Duis nunc sem, condimentum nec neque ac, blandit blandit quam. Integer tincidunt ipsum nec risus viverra mollis. In porta porttitor mattis. Nulla ac eleifend nibh. Vivamus suscipit at nunc ac interdum. In fermentum fringilla odio.\ +Sed nec erat eget mauris varius pulvinar. Ut fermentum ante non erat elementum, vitae tempor velit blandit. Curabitur turpis tellus, sodales sit amet mattis nec, volutpat ac magna. Nulla quam orci, rutrum sit amet imperdiet ut, iaculis in nisl. Donec semper vitae tellus nec bibendum. Nam pharetra hendrerit sapien quis rutrum. Morbi tincidunt justo ut sodales ullamcorper. Suspendisse eget pellentesque nulla, non placerat purus. Donec placerat id turpis in interdum. Curabitur lobortis risus et placerat commodo. Morbi pulvinar eros leo, scelerisque rutrum arcu pretium at. Quisque eget diam dui. Quisque bibendum luctus arcu quis semper. Nullam erat lacus, lacinia sit amet neque aliquam, lacinia maximus lorem.\ +Nunc ac purus vel sem laoreet interdum quis eget ligula. Aenean id nisl ut quam vehicula pretium sed sit amet urna. Aenean diam lorem, vehicula et sapien nec, pellentesque consectetur libero. Cras fringilla nibh eu libero nullam."; + diff --git a/examples/misc.h b/examples/misc.h index 33c50bb..70f3454 100644 --- a/examples/misc.h +++ b/examples/misc.h @@ -24,16 +24,11 @@ #ifndef MISC_H #define MISC_H -#include +extern const char INPUT_DATA[]; +#define INPUT_DATA_SIZE ((size_t)4096) void dump_hex(const char *buf, size_t dump_len, const char *fmt, ...); -void debug_func(const char *buf); - -int write_file(const char *path, const char *data, size_t data_len); - -int read_file(const char *path, char **data, size_t *data_len); - int read_stdin_line(const char *prompt, char **string); #endif /* MISC_H */ diff --git a/examples/rsa.c b/examples/rsa.c deleted file mode 100644 index 1c0487b..0000000 --- a/examples/rsa.c +++ /dev/null @@ -1,150 +0,0 @@ -/* - * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Krzysztof Jackiewicz - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -/** - * @file rsa.c - * @brief - */ - -#include - -#include -#include -#include -#include -#include - -#include "lorem.h" -#include "misc.h" - -static int public_encrypt() -{ - yaca_key_h prv_key = YACA_KEY_NULL; - yaca_key_h pub_key = YACA_KEY_NULL; - char *ciphertext = NULL; - size_t ciphertext_len; - char *plaintext = NULL; - size_t plaintext_len; - const size_t key_bit_len = YACA_KEY_LENGTH_1024BIT; - const size_t input_len = key_bit_len / 8 - 12; - int ret; - - printf("Plain data (16 of %zu bytes): %.16s\n", input_len, lorem1024); - - /* Key generation */ - ret = yaca_key_generate(YACA_KEY_TYPE_RSA_PRIV, key_bit_len, &prv_key); - if (ret != YACA_ERROR_NONE) - return ret; - - ret = yaca_key_extract_public(prv_key, &pub_key); - if (ret != YACA_ERROR_NONE) - goto exit; - - /* encrypt with PKCS1 padding */ - ret = yaca_rsa_public_encrypt(YACA_PADDING_PKCS1, pub_key, - lorem1024, input_len, - &ciphertext, &ciphertext_len); - if (ret != YACA_ERROR_NONE) - goto exit; - - dump_hex(ciphertext, 16, "Encrypted data (16 of %zu bytes): ", ciphertext_len); - - /* - * YACA_PADDING_PKCS1_SSLV23 is compatible with YACA_PADDING_PKCS1. It is used to detect if - * both the encrypting and decrypting side used YACA_PADDING_PKCS1_SSLV23, that is, both are - * SSL3 capable but use the SSL2 (rollback attack detection). - */ - ret = yaca_rsa_private_decrypt(YACA_PADDING_PKCS1_SSLV23, prv_key, - ciphertext, ciphertext_len, - &plaintext, &plaintext_len); - if (ret != YACA_ERROR_NONE) - goto exit; - - printf("Decrypted data (16 of %zu bytes): %.16s\n\n", plaintext_len, plaintext); - -exit: - yaca_free(ciphertext); - yaca_free(plaintext); - yaca_key_destroy(prv_key); - yaca_key_destroy(pub_key); - return ret; -} - -static int private_encrypt() -{ - yaca_key_h prv_key = YACA_KEY_NULL; - yaca_key_h pub_key = YACA_KEY_NULL; - char *ciphertext = NULL; - size_t ciphertext_len; - char *plaintext = NULL; - size_t plaintext_len; - const size_t key_bit_len = YACA_KEY_LENGTH_1024BIT; - const size_t input_len = key_bit_len / 8 - 12; - int ret; - - printf("Plain data (16 of %zu bytes): %.16s\n", input_len, lorem1024); - - /* Key generation */ - ret = yaca_key_generate(YACA_KEY_TYPE_RSA_PRIV, key_bit_len, &prv_key); - if (ret != YACA_ERROR_NONE) - return ret; - - ret = yaca_key_extract_public(prv_key, &pub_key); - if (ret != YACA_ERROR_NONE) - goto exit; - - ret = yaca_rsa_private_encrypt(YACA_PADDING_PKCS1, prv_key, - lorem1024, input_len, - &ciphertext, &ciphertext_len); - if (ret != YACA_ERROR_NONE) - goto exit; - - dump_hex(ciphertext, 16, "Encrypted data (16 of %zu bytes): ", ciphertext_len); - - ret = yaca_rsa_public_decrypt(YACA_PADDING_PKCS1, pub_key, - ciphertext, ciphertext_len, - &plaintext, &plaintext_len); - if (ret != YACA_ERROR_NONE) - goto exit; - - printf("Decrypted data (16 of %zu bytes): %.16s\n\n", plaintext_len, plaintext); - -exit: - yaca_free(ciphertext); - yaca_free(plaintext); - yaca_key_destroy(prv_key); - yaca_key_destroy(pub_key); - return ret; -} - -int main() -{ - int ret = yaca_initialize(); - if (ret != YACA_ERROR_NONE) - return ret; - - ret = public_encrypt(); - if (ret != YACA_ERROR_NONE) - goto exit; - - ret = private_encrypt(); - -exit: - yaca_cleanup(); - return ret; -} diff --git a/examples/rsa_private.c b/examples/rsa_private.c new file mode 100644 index 0000000..d8b9818 --- /dev/null +++ b/examples/rsa_private.c @@ -0,0 +1,94 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Krzysztof Jackiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file rsa_private.c + * @brief Private RSA Encrypt API example. + */ + +//! [Private RSA Encrypt API example] +#include + +#include +#include +#include +#include + +/* include helpers functions and definitions */ +#include "misc.h" + +int main() +{ + int ret; + yaca_key_h rsa_priv = YACA_KEY_NULL; + yaca_key_h rsa_pub = YACA_KEY_NULL; + + char *encrypted = NULL; + char *decrypted = NULL; + size_t encrypted_len; + size_t decrypted_len; + + const size_t key_bit_len = YACA_KEY_LENGTH_1024BIT; + const size_t input_len = key_bit_len / 8 - 12; + + printf("Plain data (16 of %zu bytes): %.16s\n", input_len, INPUT_DATA); + + ret = yaca_initialize(); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Key generation */ + ret = yaca_key_generate(YACA_KEY_TYPE_RSA_PRIV, key_bit_len, &rsa_priv); + if (ret != YACA_ERROR_NONE) + goto exit; + + ret = yaca_key_extract_public(rsa_priv, &rsa_pub); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Encryption */ + { + ret = yaca_rsa_private_encrypt(YACA_PADDING_PKCS1, rsa_priv, INPUT_DATA, input_len, + &encrypted, &encrypted_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* display encrypted data in hexadecimal format */ + dump_hex(encrypted, 16, "Encrypted data (16 of %zu bytes): ", encrypted_len); + } + + /* Decryption */ + { + ret = yaca_rsa_public_decrypt(YACA_PADDING_PKCS1, rsa_pub, encrypted, encrypted_len, + &decrypted, &decrypted_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + printf("Decrypted data (16 of %zu bytes): %.16s\n\n", decrypted_len, decrypted); + } + +exit: + yaca_free(encrypted); + yaca_free(decrypted); + yaca_key_destroy(rsa_priv); + yaca_key_destroy(rsa_pub); + + yaca_cleanup(); + return ret; +} +//! [Private RSA Encrypt API example] diff --git a/examples/rsa_public.c b/examples/rsa_public.c new file mode 100644 index 0000000..08c788a --- /dev/null +++ b/examples/rsa_public.c @@ -0,0 +1,100 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Krzysztof Jackiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file rsa_public.c + * @brief Public RSA Encrypt API example. + */ + +//! [Public RSA Encrypt API example] +#include + +#include +#include +#include +#include + +/* include helpers functions and definitions */ +#include "misc.h" + +int main() +{ + int ret; + yaca_key_h rsa_priv = YACA_KEY_NULL; + yaca_key_h rsa_pub = YACA_KEY_NULL; + + char *encrypted = NULL; + char *decrypted = NULL; + size_t encrypted_len; + size_t decrypted_len; + + const size_t key_bit_len = YACA_KEY_LENGTH_1024BIT; + const size_t input_len = key_bit_len / 8 - 12; + + printf("Plain data (16 of %zu bytes): %.16s\n", input_len, INPUT_DATA); + + ret = yaca_initialize(); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Key generation */ + ret = yaca_key_generate(YACA_KEY_TYPE_RSA_PRIV, key_bit_len, &rsa_priv); + if (ret != YACA_ERROR_NONE) + goto exit; + + ret = yaca_key_extract_public(rsa_priv, &rsa_pub); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Encryption */ + { + ret = yaca_rsa_public_encrypt(YACA_PADDING_PKCS1, rsa_pub, INPUT_DATA, input_len, + &encrypted, &encrypted_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* display encrypted data in hexadecimal format */ + dump_hex(encrypted, 16, "Encrypted data (16 of %zu bytes): ", encrypted_len); + } + + /* + * YACA_PADDING_PKCS1_SSLV23 is compatible with YACA_PADDING_PKCS1. It is used to detect if + * both the encrypting and decrypting side used YACA_PADDING_PKCS1_SSLV23, that is, both are + * SSL3 capable but use the SSL2 (rollback attack detection). + */ + + /* Decryption */ + { + ret = yaca_rsa_private_decrypt(YACA_PADDING_PKCS1, rsa_priv, encrypted, encrypted_len, + &decrypted, &decrypted_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + printf("Decrypted data (16 of %zu bytes): %.16s\n\n", decrypted_len, decrypted); + } + +exit: + yaca_free(encrypted); + yaca_free(decrypted); + yaca_key_destroy(rsa_priv); + yaca_key_destroy(rsa_pub); + + yaca_cleanup(); + return ret; +} +//! [Public RSA Encrypt API example] diff --git a/examples/seal.c b/examples/seal.c index 494c416..821df48 100644 --- a/examples/seal.c +++ b/examples/seal.c @@ -18,9 +18,10 @@ /** * @file seal.c - * @brief + * @brief Asymmetric Encryption API example. */ +//! [Asymmetric Encryption API example] #include #include @@ -28,346 +29,86 @@ #include #include -#include "lorem.h" +/* include helpers functions and definitions */ #include "misc.h" -void encrypt_seal(const yaca_encrypt_algorithm_e algo, - const yaca_block_cipher_mode_e bcm, - const size_t key_bit_len) +int main() { + int ret; yaca_context_h ctx = YACA_CONTEXT_NULL; - yaca_key_h key_pub = YACA_KEY_NULL; - yaca_key_h key_priv = YACA_KEY_NULL; + yaca_key_h rsa_pub = YACA_KEY_NULL; + yaca_key_h rsa_priv = YACA_KEY_NULL; yaca_key_h sym_key = YACA_KEY_NULL; yaca_key_h iv = YACA_KEY_NULL; - char *enc = NULL; - char *dec = NULL; - size_t enc_len; - size_t dec_len; + char *encrypted = NULL; + char *decrypted = NULL; + size_t encrypted_len; + size_t decrypted_len; size_t block_len; size_t output_len; size_t written_len; - printf("Plain data (16 of %zu bytes): %.16s\n", LOREM4096_SIZE, lorem4096); - - /* Generate key pair */ - if (yaca_key_generate(YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_LENGTH_4096BIT, &key_priv) != YACA_ERROR_NONE) - return; - - if (yaca_key_extract_public(key_priv, &key_pub) != YACA_ERROR_NONE) + ret = yaca_initialize(); + if (ret != YACA_ERROR_NONE) goto exit; - /* Encrypt a.k.a. seal */ - { - if (yaca_seal_initialize(&ctx, key_pub, algo, bcm, key_bit_len, &sym_key, &iv) != YACA_ERROR_NONE) - goto exit; - - /* For the update */ - if (yaca_context_get_output_length(ctx, LOREM4096_SIZE, &output_len) != YACA_ERROR_NONE) - goto exit; - - /* For the finalize */ - if (yaca_context_get_output_length(ctx, 0, &block_len) != YACA_ERROR_NONE) - goto exit; - - /* Calculate max output: size of update + final chunks */ - enc_len = output_len + block_len; - if (yaca_malloc(enc_len, (void**)&enc) != YACA_ERROR_NONE) - goto exit; - - /* Seal and finalize */ - if (yaca_seal_update(ctx, lorem4096, LOREM4096_SIZE, enc, &written_len) != YACA_ERROR_NONE) - goto exit; - - enc_len = written_len; - - if (yaca_seal_finalize(ctx, enc + written_len, &written_len) != YACA_ERROR_NONE) - goto exit; - - enc_len += written_len; - - dump_hex(enc, 16, "Encrypted data (16 of %zu bytes): ", enc_len); - - yaca_context_destroy(ctx); - ctx = YACA_CONTEXT_NULL; - } - - /* Decrypt a.k.a. open */ - { - if (yaca_open_initialize(&ctx, key_priv, algo, bcm, key_bit_len, sym_key, iv) != YACA_ERROR_NONE) - goto exit; - - /* For the update */ - if (yaca_context_get_output_length(ctx, enc_len, &output_len) != YACA_ERROR_NONE) - goto exit; - - /* For the finalize */ - if (yaca_context_get_output_length(ctx, 0, &block_len) != YACA_ERROR_NONE) - goto exit; - - /* Calculate max output: size of update + final chunks */ - dec_len = output_len + block_len; - if (yaca_malloc(dec_len, (void**)&dec) != YACA_ERROR_NONE) - goto exit; - - /* Open and finalize */ - if (yaca_open_update(ctx, enc, enc_len, dec, &written_len) != YACA_ERROR_NONE) - goto exit; - - dec_len = written_len; - - if (yaca_open_finalize(ctx, dec + written_len, &written_len) != YACA_ERROR_NONE) - goto exit; - - dec_len += written_len; - - printf("Decrypted data (16 of %zu bytes): %.16s\n\n", dec_len, dec); - } - -exit: - yaca_free(dec); - yaca_free(enc); - yaca_context_destroy(ctx); - yaca_key_destroy(sym_key); - yaca_key_destroy(iv); - yaca_key_destroy(key_pub); - yaca_key_destroy(key_priv); -} - -void encrypt_seal_aes_gcm(void) -{ - yaca_encrypt_algorithm_e algo = YACA_ENCRYPT_AES; - yaca_block_cipher_mode_e bcm = YACA_BCM_GCM; - size_t key_bit_len = YACA_KEY_LENGTH_256BIT; - - yaca_context_h ctx = YACA_CONTEXT_NULL; - yaca_key_h key_pub = YACA_KEY_NULL; - yaca_key_h key_priv = YACA_KEY_NULL; - yaca_key_h sym_key = YACA_KEY_NULL; - yaca_key_h iv = YACA_KEY_NULL; - - char *enc = NULL; - char *dec = NULL; - size_t enc_len; - size_t dec_len; - - char *aad = NULL; - char *tag = NULL; - size_t aad_len = 16; - size_t tag_len = 13; - - size_t block_len; - size_t output_len; - size_t written_len; - - printf("Plain data (16 of %zu bytes): %.16s\n", LOREM4096_SIZE, lorem4096); + printf("Plain data (16 of %zu bytes): %.16s\n", INPUT_DATA_SIZE, INPUT_DATA); /* Generate key pair */ - if (yaca_key_generate(YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_LENGTH_4096BIT, &key_priv) != YACA_ERROR_NONE) - return; - - if (yaca_key_extract_public(key_priv, &key_pub) != YACA_ERROR_NONE) - goto exit; - - if (yaca_zalloc(aad_len, (void**)&aad) != YACA_ERROR_NONE) - goto exit; - - if (yaca_randomize_bytes(aad, aad_len) != YACA_ERROR_NONE) - goto exit; - - if (yaca_zalloc(tag_len, (void**)&tag) != YACA_ERROR_NONE) - goto exit; - - /* Encryption */ - { - if (yaca_seal_initialize(&ctx, key_pub, algo, bcm, key_bit_len, &sym_key, &iv) != YACA_ERROR_NONE) - goto exit; - - /* Provide any AAD data */ - if (yaca_context_set_property(ctx, YACA_PROPERTY_GCM_AAD, aad, aad_len) != YACA_ERROR_NONE) - goto exit; - - /* For the update */ - if (yaca_context_get_output_length(ctx, LOREM4096_SIZE, &output_len) != YACA_ERROR_NONE) - goto exit; - - /* For the finalize */ - if (yaca_context_get_output_length(ctx, 0, &block_len) != YACA_ERROR_NONE) - goto exit; - - /* Calculate max output: size of update + final chunks */ - enc_len = output_len + block_len; - if (yaca_malloc(enc_len, (void**)&enc) != YACA_ERROR_NONE) - goto exit; - - if (yaca_seal_update(ctx, lorem4096, LOREM4096_SIZE, enc, &written_len) != YACA_ERROR_NONE) - goto exit; - - enc_len = written_len; - - if (yaca_seal_finalize(ctx, enc + written_len, &written_len) != YACA_ERROR_NONE) - goto exit; - - enc_len += written_len; - - /* Set the tag length and get the tag after final encryption */ - if (yaca_context_set_property(ctx, YACA_PROPERTY_GCM_TAG_LEN, - (void*)&tag_len, sizeof(tag_len)) != YACA_ERROR_NONE) - goto exit; - - if (yaca_context_get_property(ctx, YACA_PROPERTY_GCM_TAG, (void**)tag, &tag_len) != YACA_ERROR_NONE) - goto exit; - - dump_hex(enc, 16, "Encrypted data (16 of %zu bytes): ", enc_len); - - yaca_context_destroy(ctx); - ctx = YACA_CONTEXT_NULL; - } - - /* Decryption */ - { - if (yaca_open_initialize(&ctx, key_priv, algo, bcm, key_bit_len, sym_key, iv) != YACA_ERROR_NONE) - goto exit; - - /* Provide any AAD data */ - if (yaca_context_set_property(ctx, YACA_PROPERTY_GCM_AAD, aad, aad_len) != YACA_ERROR_NONE) - goto exit; - - /* For the update */ - if (yaca_context_get_output_length(ctx, enc_len, &output_len) != YACA_ERROR_NONE) - goto exit; - - /* For the finalize */ - if (yaca_context_get_output_length(ctx, 0, &block_len) != YACA_ERROR_NONE) - goto exit; - - /* Calculate max output: size of update + final chunks */ - dec_len = output_len + block_len; - if (yaca_malloc(dec_len, (void**)&dec) != YACA_ERROR_NONE) - goto exit; - - if (yaca_open_update(ctx, enc, enc_len, dec, &written_len) != YACA_ERROR_NONE) - goto exit; - - /* Set expected tag value before final decryption */ - if (yaca_context_set_property(ctx, YACA_PROPERTY_GCM_TAG, tag, tag_len) != YACA_ERROR_NONE) - goto exit; - - dec_len = written_len; - - if (yaca_open_finalize(ctx, dec + written_len, &written_len) != YACA_ERROR_NONE) - goto exit; - - dec_len += written_len; - - printf("Decrypted data (16 of %zu bytes): %.16s\n\n", dec_len, dec); - } - -exit: - yaca_free(dec); - yaca_free(enc); - yaca_context_destroy(ctx); - yaca_key_destroy(sym_key); - yaca_key_destroy(iv); - yaca_free(aad); - yaca_free(tag); - yaca_key_destroy(key_pub); - yaca_key_destroy(key_priv); -} - -void encrypt_seal_aes_ccm(void) -{ - yaca_encrypt_algorithm_e algo = YACA_ENCRYPT_AES; - yaca_block_cipher_mode_e bcm = YACA_BCM_CCM; - size_t key_bit_len = YACA_KEY_LENGTH_192BIT; - - yaca_context_h ctx = YACA_CONTEXT_NULL; - yaca_key_h key_pub = YACA_KEY_NULL; - yaca_key_h key_priv = YACA_KEY_NULL; - yaca_key_h sym_key = YACA_KEY_NULL; - yaca_key_h iv = YACA_KEY_NULL; - - char *enc = NULL; - char *dec = NULL; - size_t enc_len; - size_t dec_len; - - char *aad = NULL; - char *tag = NULL; - size_t aad_len = 16; - size_t tag_len = 8; - - size_t block_len; - size_t output_len; - size_t written_len; - size_t len; - - printf("Plain data (16 of %zu bytes): %.16s\n", LOREM4096_SIZE, lorem4096); - - /* Generate key pair */ - if (yaca_key_generate(YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_LENGTH_3072BIT, &key_priv) != YACA_ERROR_NONE) - return; - - if (yaca_key_extract_public(key_priv, &key_pub) != YACA_ERROR_NONE) - goto exit; - - if (yaca_zalloc(aad_len, (void**)&aad) != YACA_ERROR_NONE) - goto exit; - - if (yaca_randomize_bytes(aad, aad_len) != YACA_ERROR_NONE) + ret = yaca_key_generate(YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_LENGTH_4096BIT, &rsa_priv); + if (ret != YACA_ERROR_NONE) goto exit; - if (yaca_zalloc(tag_len, (void**)&tag) != YACA_ERROR_NONE) + ret = yaca_key_extract_public(rsa_priv, &rsa_pub); + if (ret != YACA_ERROR_NONE) goto exit; /* Encryption */ { - if (yaca_seal_initialize(&ctx, key_pub, algo, bcm, key_bit_len, &sym_key, &iv) != YACA_ERROR_NONE) + /* Initialize encryption context */ + ret = yaca_seal_initialize(&ctx, rsa_pub, YACA_ENCRYPT_AES, YACA_BCM_CBC, + YACA_KEY_LENGTH_256BIT, &sym_key, &iv); + if (ret != YACA_ERROR_NONE) goto exit; - /* Set tag length (optionally) */ - if (yaca_context_set_property(ctx, YACA_PROPERTY_CCM_TAG_LEN, - (void*)&tag_len, sizeof(tag_len)) != YACA_ERROR_NONE) + /* Get output length for the update */ + ret = yaca_context_get_output_length(ctx, INPUT_DATA_SIZE, &output_len); + if (ret != YACA_ERROR_NONE) goto exit; - /* The total plain text length must be passed (only needed if AAD is passed) */ - if (yaca_seal_update(ctx, NULL, LOREM4096_SIZE , NULL, &len) != YACA_ERROR_NONE) + /* Get output length for the finalize */ + ret = yaca_context_get_output_length(ctx, 0, &block_len); + if (ret != YACA_ERROR_NONE) goto exit; - /* Provide any AAD data */ - if (yaca_context_set_property(ctx, YACA_PROPERTY_CCM_AAD, aad, aad_len) != YACA_ERROR_NONE) + /* Calculate max output length and allocate memory */ + encrypted_len = output_len + block_len; + ret = yaca_zalloc(encrypted_len, (void**)&encrypted); + if (ret != YACA_ERROR_NONE) goto exit; - /* For the update */ - if (yaca_context_get_output_length(ctx, LOREM4096_SIZE, &output_len) != YACA_ERROR_NONE) + /* Encrypt data */ + ret = yaca_seal_update(ctx, INPUT_DATA, INPUT_DATA_SIZE, encrypted, &written_len); + if (ret != YACA_ERROR_NONE) goto exit; - /* For the finalize */ - if (yaca_context_get_output_length(ctx, 0, &block_len) != YACA_ERROR_NONE) - goto exit; - - /* Calculate max output: size of update + final chunks */ - enc_len = output_len + block_len; - if (yaca_malloc(enc_len, (void**)&enc) != YACA_ERROR_NONE) - goto exit; - - if (yaca_seal_update(ctx, lorem4096, LOREM4096_SIZE, enc, &written_len) != YACA_ERROR_NONE) - goto exit; + encrypted_len = written_len; - enc_len = written_len; - - if (yaca_seal_finalize(ctx, enc + written_len, &written_len) != YACA_ERROR_NONE) + ret = yaca_seal_finalize(ctx, encrypted + encrypted_len, &written_len); + if (ret != YACA_ERROR_NONE) goto exit; - enc_len += written_len; + encrypted_len += written_len; - /* Get the tag after final encryption */ - if (yaca_context_get_property(ctx, YACA_PROPERTY_CCM_TAG, (void**)tag, &tag_len) != YACA_ERROR_NONE) + /* Resize output buffer */ + ret = yaca_realloc(encrypted_len, (void**)&encrypted); + if (ret != YACA_ERROR_NONE) goto exit; - dump_hex(enc, 16, "Encrypted data (16 of %zu bytes): ", enc_len); + /* display encrypted data in hexadecimal format */ + dump_hex(encrypted, 16, "Encrypted data (16 of %zu bytes): ", encrypted_len); yaca_context_destroy(ctx); ctx = YACA_CONTEXT_NULL; @@ -375,89 +116,59 @@ void encrypt_seal_aes_ccm(void) /* Decryption */ { - if (yaca_open_initialize(&ctx, key_priv, algo, bcm, key_bit_len, sym_key, iv) != YACA_ERROR_NONE) + /* Initialize decryption context */ + ret = yaca_open_initialize(&ctx, rsa_priv, YACA_ENCRYPT_AES, YACA_BCM_CBC, + YACA_KEY_LENGTH_256BIT, sym_key, iv); + if (ret != YACA_ERROR_NONE) goto exit; - /* Set expected tag value */ - if (yaca_context_set_property(ctx, YACA_PROPERTY_CCM_TAG, tag, tag_len) != YACA_ERROR_NONE) + /* Get output length for the update */ + ret = yaca_context_get_output_length(ctx, encrypted_len, &output_len); + if (ret != YACA_ERROR_NONE) goto exit; - /* The total encrypted text length must be passed (only needed if AAD is passed) */ - if (yaca_open_update(ctx, NULL, enc_len , NULL, &len) != YACA_ERROR_NONE) + /* Get output length for the finalize */ + ret = yaca_context_get_output_length(ctx, 0, &block_len); + if (ret != YACA_ERROR_NONE) goto exit; - /* Provide any AAD data */ - if (yaca_context_set_property(ctx, YACA_PROPERTY_CCM_AAD, aad, aad_len) != YACA_ERROR_NONE) + /* Calculate max output length and allocate memory */ + decrypted_len = output_len + block_len; + ret = yaca_zalloc(decrypted_len, (void**)&decrypted); + if (ret != YACA_ERROR_NONE) goto exit; - /* For the update */ - if (yaca_context_get_output_length(ctx, enc_len, &output_len) != YACA_ERROR_NONE) + /* Decrypt data */ + ret = yaca_open_update(ctx, encrypted, encrypted_len, decrypted, &written_len); + if (ret != YACA_ERROR_NONE) goto exit; - /* For the finalize */ - if (yaca_context_get_output_length(ctx, 0, &block_len) != YACA_ERROR_NONE) - goto exit; + decrypted_len = written_len; - /* Calculate max output: size of update + final chunks */ - dec_len = output_len + block_len; - if (yaca_malloc(dec_len, (void**)&dec) != YACA_ERROR_NONE) + ret = yaca_open_finalize(ctx, decrypted + decrypted_len, &written_len); + if (ret != YACA_ERROR_NONE) goto exit; - if (yaca_open_update(ctx, enc, enc_len, dec, &written_len) != YACA_ERROR_NONE) - goto exit; + decrypted_len += written_len; - dec_len = written_len; - - if (yaca_open_finalize(ctx, dec + written_len, &written_len) != YACA_ERROR_NONE) + /* Resize output buffer */ + ret = yaca_realloc(decrypted_len, (void**)&decrypted); + if (ret != YACA_ERROR_NONE) goto exit; - dec_len += written_len; - - printf("Decrypted data (16 of %zu bytes): %.16s\n\n", dec_len, dec); + printf("Decrypted data (16 of %zu bytes): %.16s\n\n", decrypted_len, decrypted); } exit: - yaca_free(dec); - yaca_free(enc); + yaca_free(decrypted); + yaca_free(encrypted); yaca_context_destroy(ctx); yaca_key_destroy(sym_key); yaca_key_destroy(iv); - yaca_free(aad); - yaca_free(tag); - yaca_key_destroy(key_pub); - yaca_key_destroy(key_priv); -} - -int main() -{ - int ret = yaca_initialize(); - if (ret != YACA_ERROR_NONE) - return ret; - - printf("AES CBC 256bit key seal/open\n"); - yaca_encrypt_algorithm_e algo = YACA_ENCRYPT_AES; - yaca_block_cipher_mode_e bcm = YACA_BCM_CBC; - size_t key_bit_len = YACA_KEY_LENGTH_256BIT; - encrypt_seal(algo, bcm, key_bit_len); - - printf("3DES 192bit key seal/open\n"); - algo = YACA_ENCRYPT_3DES_3TDEA; - bcm = YACA_BCM_CFB; - key_bit_len = YACA_KEY_LENGTH_192BIT; - encrypt_seal(algo, bcm, key_bit_len); - - printf("RC2 40bit key seal/open\n"); - algo = YACA_ENCRYPT_UNSAFE_RC2; - bcm = YACA_BCM_OFB; - key_bit_len = YACA_KEY_LENGTH_UNSAFE_40BIT; - encrypt_seal(algo, bcm, key_bit_len); - - printf("AES GCM 256bit key seal/open\n"); - encrypt_seal_aes_gcm(); - - printf("AES CCM 192bit key seal/open\n"); - encrypt_seal_aes_ccm(); + yaca_key_destroy(rsa_pub); + yaca_key_destroy(rsa_priv); yaca_cleanup(); return ret; } +//! [Asymmetric Encryption API example] diff --git a/examples/sign.c b/examples/sign.c index db6f39a..6a8710d 100644 --- a/examples/sign.c +++ b/examples/sign.c @@ -18,358 +18,116 @@ /** * @file sign.c - * @brief + * @brief Signature API example. */ +//! [Signature API example] #include #include #include #include #include -#include -#include "lorem.h" +/* include helpers functions and definitions */ #include "misc.h" -/* Signature creation and verification using simple API */ -void simple_sign_verify_asym(yaca_key_type_e type, const char *algo) -{ - char *signature = NULL; - size_t signature_len; - - yaca_key_h prv = YACA_KEY_NULL; - yaca_key_h pub = YACA_KEY_NULL; - - /* GENERATE */ - if (yaca_key_generate(type, YACA_KEY_LENGTH_1024BIT, &prv) != YACA_ERROR_NONE) - return; - - if (yaca_key_extract_public(prv, &pub) != YACA_ERROR_NONE) - goto exit; - - /* SIGN */ - if (yaca_simple_calculate_signature(YACA_DIGEST_SHA512, - prv, - lorem4096, - LOREM4096_SIZE, - &signature, - &signature_len) != YACA_ERROR_NONE) - goto exit; - - dump_hex(signature, signature_len, "[Simple API] %s Signature of lorem4096:", algo); - - /* VERIFY */ - if (yaca_simple_verify_signature(YACA_DIGEST_SHA512, - pub, - lorem4096, - LOREM4096_SIZE, - signature, - signature_len) != YACA_ERROR_NONE) - printf("[Simple API] %s verification failed\n", algo); - else - printf("[Simple API] %s verification successful\n", algo); - -exit: - yaca_free(signature); - yaca_key_destroy(prv); - yaca_key_destroy(pub); -} - -void simple_sign_verify_hmac(void) -{ - char *signature1 = NULL; - char *signature2 = NULL; - size_t signature_len; - - yaca_key_h key = YACA_KEY_NULL; - - /* GENERATE */ - if (yaca_key_generate(YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_LENGTH_256BIT, &key) != YACA_ERROR_NONE) - return; - - /* SIGN */ - if (yaca_simple_calculate_hmac(YACA_DIGEST_SHA512, - key, - lorem4096, - LOREM4096_SIZE, - &signature1, - &signature_len) != YACA_ERROR_NONE) - goto exit; - - dump_hex(signature1, signature_len, "[Simple API] HMAC Signature of lorem4096:"); - - /* VERIFY */ - if (yaca_simple_calculate_hmac(YACA_DIGEST_SHA512, - key, - lorem4096, - LOREM4096_SIZE, - &signature2, - &signature_len) != YACA_ERROR_NONE) - goto exit; - - if (yaca_memcmp(signature1, signature2, signature_len) != YACA_ERROR_NONE) - printf("[Simple API] HMAC verification failed\n"); - else - printf("[Simple API] HMAC verification successful\n"); - -exit: - yaca_free(signature1); - yaca_free(signature2); - yaca_key_destroy(key); -} - -void simple_sign_verify_cmac(void) -{ - char *signature1 = NULL; - char *signature2 = NULL; - size_t signature_len; - - yaca_key_h key = YACA_KEY_NULL; - - /* GENERATE */ - if (yaca_key_generate(YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_LENGTH_256BIT, &key)) - return; - - /* SIGN */ - if (yaca_simple_calculate_cmac(YACA_ENCRYPT_AES, - key, - lorem4096, - LOREM4096_SIZE, - &signature1, - &signature_len) != YACA_ERROR_NONE) - goto exit; - - dump_hex(signature1, signature_len, "[Simple API] CMAC Signature of lorem4096:"); - - - /* VERIFY */ - if (yaca_simple_calculate_cmac(YACA_ENCRYPT_AES, - key, - lorem4096, - LOREM4096_SIZE, - &signature2, - &signature_len) != YACA_ERROR_NONE) - goto exit; - - if (yaca_memcmp(signature1, signature2, signature_len) != YACA_ERROR_NONE) - printf("[Simple API] CMAC verification failed\n"); - else - printf("[Simple API] CMAC verification successful\n"); - -exit: - yaca_free(signature1); - yaca_free(signature2); - yaca_key_destroy(key); -} - -/* Signature creation and verification using advanced API */ -void sign_verify_asym(yaca_key_type_e type, const char *algo) +int main() { - char *signature = NULL; - size_t signature_len; - + int ret; yaca_context_h ctx = YACA_CONTEXT_NULL; - yaca_key_h prv = YACA_KEY_NULL; - yaca_key_h pub = YACA_KEY_NULL; + yaca_key_h priv_key = YACA_KEY_NULL; + yaca_key_h pub_key = YACA_KEY_NULL; yaca_padding_e padding = YACA_PADDING_PKCS1_PSS; - /* GENERATE */ - if (yaca_key_generate(type, YACA_KEY_LENGTH_1024BIT, &prv) != YACA_ERROR_NONE) - return; - - if (yaca_key_extract_public(prv, &pub) != YACA_ERROR_NONE) - goto exit; - - /* SIGN */ - if (yaca_sign_initialize(&ctx, YACA_DIGEST_SHA512, prv) != YACA_ERROR_NONE) - goto exit; - - if (yaca_context_set_property(ctx, YACA_PROPERTY_PADDING, (char*)(&padding), sizeof(padding)) != YACA_ERROR_NONE) - goto exit; - - if (yaca_sign_update(ctx, lorem4096, LOREM4096_SIZE) != YACA_ERROR_NONE) - goto exit; - - if (yaca_context_get_output_length(ctx, 0, &signature_len) != YACA_ERROR_NONE) - goto exit; - - if (yaca_malloc(signature_len, (void**)&signature) != YACA_ERROR_NONE) - goto exit; - - if (yaca_sign_finalize(ctx, signature, &signature_len) != YACA_ERROR_NONE) - goto exit; - - dump_hex(signature, signature_len, "[Advanced API] %s Signature of lorem4096:", algo); - - /* CLEANUP */ - yaca_context_destroy(ctx); - ctx = YACA_CONTEXT_NULL; - - /* VERIFY */ - if (yaca_verify_initialize(&ctx, YACA_DIGEST_SHA512, pub) != YACA_ERROR_NONE) - goto exit; - - if (yaca_context_set_property(ctx, YACA_PROPERTY_PADDING, (char*)(&padding), sizeof(padding)) != YACA_ERROR_NONE) - goto exit; - - if (yaca_verify_update(ctx, lorem4096, LOREM4096_SIZE) != YACA_ERROR_NONE) - goto exit; - - if (yaca_verify_finalize(ctx, signature, signature_len) != YACA_ERROR_NONE) - printf("[Advanced API] %s verification failed\n", algo); - else - printf("[Advanced API] %s verification successful\n", algo); - -exit: - yaca_free(signature); - yaca_key_destroy(prv); - yaca_key_destroy(pub); - yaca_context_destroy(ctx); -} - -void sign_verify_hmac(void) -{ - char *signature1 = NULL; - char *signature2 = NULL; - size_t signature_len; - - yaca_context_h ctx = YACA_CONTEXT_NULL; - yaca_key_h key = YACA_KEY_NULL; - - /* GENERATE */ - if (yaca_key_generate(YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_LENGTH_256BIT, &key) != YACA_ERROR_NONE) - return; - - /* SIGN */ - if (yaca_sign_initialize_hmac(&ctx, YACA_DIGEST_SHA512, key) != YACA_ERROR_NONE) - goto exit; - - if (yaca_sign_update(ctx, lorem4096, LOREM4096_SIZE) != YACA_ERROR_NONE) - goto exit; - - if (yaca_context_get_output_length(ctx, 0, &signature_len) != YACA_ERROR_NONE) - goto exit; - - if (yaca_malloc(signature_len, (void**)&signature1) != YACA_ERROR_NONE) - goto exit; - - if (yaca_sign_finalize(ctx, signature1, &signature_len) != YACA_ERROR_NONE) - goto exit; - - dump_hex(signature1, signature_len, "[Advanced API] HMAC Signature of lorem4096:"); - - /* CLEANUP */ - yaca_context_destroy(ctx); - ctx = YACA_CONTEXT_NULL; - - /* VERIFY */ - if (yaca_sign_initialize_hmac(&ctx, YACA_DIGEST_SHA512, key) != YACA_ERROR_NONE) - goto exit; - - if (yaca_sign_update(ctx, lorem4096, LOREM4096_SIZE) != YACA_ERROR_NONE) - goto exit; - - if (yaca_context_get_output_length(ctx, 0, &signature_len) != YACA_ERROR_NONE) - goto exit; - - if (yaca_malloc(signature_len, (void**)&signature2) != YACA_ERROR_NONE) - goto exit; - - if (yaca_sign_finalize(ctx, signature2, &signature_len) != YACA_ERROR_NONE) - goto exit; - - if (yaca_memcmp(signature1, signature2, signature_len) != YACA_ERROR_NONE) - printf("[Advanced API] HMAC verification failed\n"); - else - printf("[Advanced API] HMAC verification successful\n"); - -exit: - yaca_free(signature1); - yaca_free(signature2); - yaca_key_destroy(key); - yaca_context_destroy(ctx); -} - -void sign_verify_cmac(void) -{ - char *signature1 = NULL; - char *signature2 = NULL; + char *signature = NULL; size_t signature_len; - yaca_context_h ctx = YACA_CONTEXT_NULL; - yaca_key_h key = YACA_KEY_NULL; - - /* GENERATE */ - if (yaca_key_generate(YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_LENGTH_256BIT, &key)) - return; - - /* SIGN */ - if (yaca_sign_initialize_cmac(&ctx, YACA_ENCRYPT_AES, key) != YACA_ERROR_NONE) - goto exit; - - if (yaca_sign_update(ctx, lorem4096, LOREM4096_SIZE)) - goto exit; - - if (yaca_context_get_output_length(ctx, 0, &signature_len) != YACA_ERROR_NONE) - goto exit; - - if (yaca_malloc(signature_len, (void**)&signature1) != YACA_ERROR_NONE) - goto exit; - - if (yaca_sign_finalize(ctx, signature1, &signature_len)) - goto exit; - - dump_hex(signature1, signature_len, "[Advanced API] CMAC Signature of lorem4096:"); - - /* CLEANUP */ - yaca_context_destroy(ctx); - ctx = YACA_CONTEXT_NULL; - - /* VERIFY */ - if (yaca_sign_initialize_cmac(&ctx, YACA_ENCRYPT_AES, key) != YACA_ERROR_NONE) - goto exit; - - if (yaca_sign_update(ctx, lorem4096, LOREM4096_SIZE)) - goto exit; - - if (yaca_context_get_output_length(ctx, 0, &signature_len) != YACA_ERROR_NONE) + ret = yaca_initialize(); + if (ret != YACA_ERROR_NONE) goto exit; - if (yaca_malloc(signature_len, (void**)&signature2) != YACA_ERROR_NONE) + /* Generate key pair */ + ret = yaca_key_generate(YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_LENGTH_2048BIT, &priv_key); + if (ret != YACA_ERROR_NONE) goto exit; - if (yaca_sign_finalize(ctx, signature2, &signature_len)) + ret = yaca_key_extract_public(priv_key, &pub_key); + if (ret != YACA_ERROR_NONE) goto exit; - if (yaca_memcmp(signature1, signature2, signature_len) != YACA_ERROR_NONE) - printf("[Advanced API] CMAC verification failed\n"); - else - printf("[Advanced API] CMAC verification successful\n"); + /* Sign */ + { + /* Initialize sign context */ + ret = yaca_sign_initialize(&ctx, YACA_DIGEST_SHA256, priv_key); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Set padding method */ + ret = yaca_context_set_property(ctx, YACA_PROPERTY_PADDING, &padding, sizeof(padding)); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Feeds the message */ + ret = yaca_sign_update(ctx, INPUT_DATA, INPUT_DATA_SIZE); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Get signature length and allocate memory */ + ret = yaca_context_get_output_length(ctx, 0, &signature_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + ret = yaca_malloc(signature_len, (void**)&signature); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Calculate signature */ + ret = yaca_sign_finalize(ctx, signature, &signature_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* display signature in hexadecimal format */ + dump_hex(signature, signature_len, "Signature of INPUT_DATA:"); + + yaca_context_destroy(ctx); + ctx = YACA_CONTEXT_NULL; + } + + /* Verify */ + { + /* Initialize verify context */ + ret = yaca_verify_initialize(&ctx, YACA_DIGEST_SHA256, pub_key); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Set padding method */ + ret = yaca_context_set_property(ctx, YACA_PROPERTY_PADDING, &padding, sizeof(padding)); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Feeds the message */ + ret = yaca_verify_update(ctx, INPUT_DATA, INPUT_DATA_SIZE); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Verify signature */ + ret = yaca_verify_finalize(ctx, signature, signature_len); + if (ret != YACA_ERROR_NONE) { + printf("Verification failed\n"); + goto exit; + } else { + printf("Verification successful\n"); + } + } exit: - yaca_free(signature1); - yaca_free(signature2); - yaca_key_destroy(key); + yaca_free(signature); + yaca_key_destroy(priv_key); + yaca_key_destroy(pub_key); yaca_context_destroy(ctx); -} - -int main() -{ - int ret = yaca_initialize(); - if (ret != YACA_ERROR_NONE) - return ret; - - simple_sign_verify_asym(YACA_KEY_TYPE_RSA_PRIV, "RSA"); - simple_sign_verify_asym(YACA_KEY_TYPE_DSA_PRIV, "DSA"); - simple_sign_verify_cmac(); - simple_sign_verify_hmac(); - - sign_verify_asym(YACA_KEY_TYPE_RSA_PRIV, "RSA"); - sign_verify_asym(YACA_KEY_TYPE_DSA_PRIV, "DSA"); - sign_verify_hmac(); - sign_verify_cmac(); yaca_cleanup(); return ret; } +//! [Signature API example] diff --git a/examples/sign_hmac.c b/examples/sign_hmac.c new file mode 100644 index 0000000..0fdc28d --- /dev/null +++ b/examples/sign_hmac.c @@ -0,0 +1,132 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Krzysztof Jackiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file sign_hmac.c + * @brief HMAC Signature API example. + */ + +//! [HMAC Signature API example] +#include + +#include +#include +#include +#include + +/* include helpers functions and definitions */ +#include "misc.h" + +int main() +{ + int ret; + yaca_context_h ctx = YACA_CONTEXT_NULL; + yaca_key_h sym_key = YACA_KEY_NULL; + + char *signature1 = NULL; + char *signature2 = NULL; + size_t signature_len; + + ret = yaca_initialize(); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Key generation */ + ret = yaca_key_generate(YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_LENGTH_256BIT, &sym_key); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Sign */ + { + /* Initialize sign context */ + ret = yaca_sign_initialize_hmac(&ctx, YACA_DIGEST_SHA512, sym_key); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Feeds the message */ + ret = yaca_sign_update(ctx, INPUT_DATA, INPUT_DATA_SIZE); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Get signature length and allocate memory */ + ret = yaca_context_get_output_length(ctx, 0, &signature_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + ret = yaca_malloc(signature_len, (void**)&signature1); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Calculate signature */ + ret = yaca_sign_finalize(ctx, signature1, &signature_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* display signature in hexadecimal format */ + dump_hex(signature1, signature_len, "HMAC Signature of INPUT_DATA:"); + + yaca_context_destroy(ctx); + ctx = YACA_CONTEXT_NULL; + } + + /* Verify */ + { + /* Initialize sign context */ + ret = yaca_sign_initialize_hmac(&ctx, YACA_DIGEST_SHA512, sym_key); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Feeds the message */ + ret = yaca_sign_update(ctx, INPUT_DATA, INPUT_DATA_SIZE); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Get signature length and allocate memory */ + ret = yaca_context_get_output_length(ctx, 0, &signature_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + ret = yaca_malloc(signature_len, (void**)&signature2); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Calculate signature */ + ret = yaca_sign_finalize(ctx, signature2, &signature_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Verify signature */ + ret = yaca_memcmp(signature1, signature2, signature_len); + if (ret != YACA_ERROR_NONE) { + printf("Verification failed\n"); + goto exit; + } else { + printf("Verification successful\n"); + } + } + +exit: + yaca_free(signature1); + yaca_free(signature2); + yaca_key_destroy(sym_key); + yaca_context_destroy(ctx); + + yaca_cleanup(); + return ret; +} +//! [HMAC Signature API example] diff --git a/examples/sign_simple.c b/examples/sign_simple.c new file mode 100644 index 0000000..04e1ff3 --- /dev/null +++ b/examples/sign_simple.c @@ -0,0 +1,90 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Krzysztof Jackiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file sign_simple.c + * @brief Simple Signature API example. + */ + +//! [Simple Signature API example] +#include + +#include +#include +#include +#include + +/* include helpers functions and definitions */ +#include "misc.h" + +int main() +{ + int ret; + yaca_key_h priv_key = YACA_KEY_NULL; + yaca_key_h pub_key = YACA_KEY_NULL; + + char *signature = NULL; + size_t signature_len; + + ret = yaca_initialize(); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Generate key pair */ + ret = yaca_key_generate(YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_2048BIT, &priv_key); + if (ret != YACA_ERROR_NONE) + goto exit; + + ret = yaca_key_extract_public(priv_key, &pub_key); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Sign */ + { + ret = yaca_simple_calculate_signature(YACA_DIGEST_SHA384, priv_key, + INPUT_DATA, INPUT_DATA_SIZE, + &signature, &signature_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* display signature in hexadecimal format */ + dump_hex(signature, signature_len, "Signature of INPUT_DATA:"); + } + + /* Verify */ + { + ret = yaca_simple_verify_signature(YACA_DIGEST_SHA384, pub_key, + INPUT_DATA, INPUT_DATA_SIZE, + signature, signature_len); + if (ret != YACA_ERROR_NONE) { + printf("Verification failed\n"); + goto exit; + } else { + printf("Verification successful\n"); + } + } + +exit: + yaca_free(signature); + yaca_key_destroy(priv_key); + yaca_key_destroy(pub_key); + + yaca_cleanup(); + return ret; +} +//! [Simple Signature API example] diff --git a/examples/sign_simple_cmac.c b/examples/sign_simple_cmac.c new file mode 100644 index 0000000..882c0bc --- /dev/null +++ b/examples/sign_simple_cmac.c @@ -0,0 +1,90 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Krzysztof Jackiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file sign_simple_cmac.c + * @brief Simple CMAC Signature API example. + */ + +//! [Simple CMAC Signature API example] +#include + +#include +#include +#include +#include + +/* include helpers functions and definitions */ +#include "misc.h" + +int main() +{ + int ret; + yaca_key_h sym_key = YACA_KEY_NULL; + + char *signature1 = NULL; + char *signature2 = NULL; + size_t signature_len; + + ret = yaca_initialize(); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Key generation */ + ret = yaca_key_generate(YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_LENGTH_256BIT, &sym_key); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* Sign */ + { + ret = yaca_simple_calculate_cmac(YACA_ENCRYPT_AES, sym_key, + INPUT_DATA, INPUT_DATA_SIZE, + &signature1, &signature_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + /* display signature in hexadecimal format */ + dump_hex(signature1, signature_len, "CMAC Signature of INPUT_DATA:"); + } + + /* Verify */ + { + ret = yaca_simple_calculate_cmac(YACA_ENCRYPT_AES, sym_key, + INPUT_DATA, INPUT_DATA_SIZE, + &signature2, &signature_len); + if (ret != YACA_ERROR_NONE) + goto exit; + + ret = yaca_memcmp(signature1, signature2, signature_len); + if (ret != YACA_ERROR_NONE) { + printf("Verification failed\n"); + goto exit; + } else { + printf("Verification successful\n"); + } + } + +exit: + yaca_free(signature1); + yaca_free(signature2); + yaca_key_destroy(sym_key); + + yaca_cleanup(); + return ret; +} +//! [Simple CMAC Signature API example] diff --git a/examples/x509.crt b/examples/x509.crt deleted file mode 100644 index f421e11..0000000 --- a/examples/x509.crt +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDiTCCAnGgAwIBAgIJAMmTp8b7IBZ4MA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNV -BAYTAlBMMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxEDAOBgNVBAoMB1NhbXN1bmcx -CzAJBgNVBAsMAlJEMRYwFAYDVQQDDA15YWNhLnRlc3Qua2V5MB4XDTE2MDUwOTE0 -MDUwM1oXDTE3MDUwOTE0MDUwM1owWzELMAkGA1UEBhMCUEwxFTATBgNVBAcMDERl -ZmF1bHQgQ2l0eTEQMA4GA1UECgwHU2Ftc3VuZzELMAkGA1UECwwCUkQxFjAUBgNV -BAMMDXlhY2EudGVzdC5rZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQC7729iOIdGcnuTba8nq1G4HF8isCR/8K/vtclsoCjAxQph5ANa+/9gbIFdQmmn -MBhSOckl9Tl/a9g/2b/vbezo2qXAuaeOPNr/ZF6Z+h7yPJids7WmBAPphzHeIKQf -kr2KLRbFYIIGF4mC/JfNOBzh8ChcklxnUJu4W8bJPrPkr3zlcMqxpRCCXAqIUxh7 -lCDta7Uoip+VcibRqh8g7+eZmTu3GwWtZQCB9kq5BijfguxxDHAXyQ6g7gxOZpwA -BP9AXdB7K1KAoeBf0e/lUjC1eXkhvno9TJSp2Q7LEIJqEe/Khyj4FG4KrOu/ifpS -wpGP1ztzdMcY5UGwSbtEwMqvAgMBAAGjUDBOMB0GA1UdDgQWBBTtvbhve2aaeNIL -0eYjakjeEGMCsDAfBgNVHSMEGDAWgBTtvbhve2aaeNIL0eYjakjeEGMCsDAMBgNV -HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBj9LtBvK6P65J/1jEfSajvoIip -ZtpW38KbRkgencq9bFeNONMHGv5M7tEnWNdytCPunlh5DLEXMUORcWfXU73GCNHO -9So74rri+q8NKrllJWxWmbYoAo+zJ3xSJ0PKhU8SW6J+dfPvsg140bUXI+MbOGrr -ski88TRVnBOb3HBU1Vd+A2W7YKy9j2ykQH4NiIUPV01h3hguvMLcLzHZ6LN/BHnA -NQx/K/EVIHZxy1ez8vbbIuWW5MRj6SPeofyZC0QoxQGIT6sGDZSNDP6xIGVuKw4D -UpzPNfCvsWgNIaIFTTzLBZJYCwoexJYIO+NiaJxCV9l3swj2iUA3yeyNQZhI ------END CERTIFICATE----- diff --git a/examples/x509.key b/examples/x509.key deleted file mode 100644 index e2d8ae1..0000000 --- a/examples/x509.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC7729iOIdGcnuT -ba8nq1G4HF8isCR/8K/vtclsoCjAxQph5ANa+/9gbIFdQmmnMBhSOckl9Tl/a9g/ -2b/vbezo2qXAuaeOPNr/ZF6Z+h7yPJids7WmBAPphzHeIKQfkr2KLRbFYIIGF4mC -/JfNOBzh8ChcklxnUJu4W8bJPrPkr3zlcMqxpRCCXAqIUxh7lCDta7Uoip+VcibR -qh8g7+eZmTu3GwWtZQCB9kq5BijfguxxDHAXyQ6g7gxOZpwABP9AXdB7K1KAoeBf -0e/lUjC1eXkhvno9TJSp2Q7LEIJqEe/Khyj4FG4KrOu/ifpSwpGP1ztzdMcY5UGw -SbtEwMqvAgMBAAECggEBAJhdhZM/O0U9Gb0sJt5lggpfTi4kWmMzsqAIZPZhXsjy -tvkoUCQavC/jqHoAlwHJ913qpY7VorkQqTETDA5Es9cRNWLr4dFquy5lpGD3rNE9 -mYn5oeKnzLgvOJnbItTKNkrpRVXeaWwg9wawXS4vORNgjoiGzM2iR62PEroj0Nss -mwua2xs92ZHTAMNH6PdJC9U4gqjmlAMofV7ZgpxJLzKsI4rbxcGk9NWrie5bmMu+ -SECwtFDqxHe7YJRjSOvz/HErbXg9qWsglU6PFCVUjQ2dLM4k78ORkR5hvpGYGc83 -DucbEGqOnQ37RACvgNX4/RGFMvVnJDx3FVoDMcz2NFECgYEA6jEiY5RZuUy7jIBR -t1RFTem0KUFco7YLxwHacrT66vEntc1REXeBYSMPeKav1R319jxVVD7iiF4w49Ol -4VxxgPBUhfHou/ZU5S5xLbWRrJG0jvUPUKNVebNCqbv1YXhzf6kRn1vE5j+MR9ge -YMMFG1Si3VXoUm5+IInj1b2mC5kCgYEAzW+YiRJpEbl0+2gNCcHTAhr2cA1t6mdL -9/JGkUhHqwGhMAByZr1QFJeOTLKR9cSNS1FYOJu6wUetnkYDvNgx7gnsiJ50TEof -poTZgtnFCxgGwcEFL23L0PPim5CEUMHRti4j+Wlb8FzTQvz5WvyOw79II4i6DRaL -JA4KN/5aNYcCgYEA4EAqYNY2UGR0lqZtGTKdpmyp8nM/JRh2EJrqtbotJvnC/6hZ -/3LCteQftXVPm7AzzRSa1K/etZwUDqSlC7Y8ja4UEarCI/JN+qLNB2r80hU3o0hv -4NR2TbHknKl531q6pjybvk/erGefiVAeTqOP6UrTJURU0VIyfi/rtckDDckCgYBQ -Lm0/mrLtmw/gjCUCmObtnG5xH5y172lENgh67dYjFXi/Dn2YQe1+jASbRNsZLITl -T7N6LLYAeCR4cOVGkK80NCVg0U+c8xVVXeazXqG8ib0hZF/MujLhtD7O7uHlzzA1 -xd5+mzOqJeDC9Y+xhn+GQSM700Kilxjpkp1Ea370AwKBgGQzCY1tbO48s8RKd/Nz -oKG6ctp9S9vYtinXwuCdw0iL2i671bUgMONoXDNGcVBsYsuXb2324BKpw/bQK+BP -8p3TlBB1szA/W0EeueJkTHCkQninGc9vzvc6VbfacqJnuz7Pv/v1CkMa/E+ILamd -0aJoZHwNLuCkrzbVG+t+5yAS ------END PRIVATE KEY----- -- 2.7.4 From 9302e79f439eae32c47bec06f418d99795b3e643 Mon Sep 17 00:00:00 2001 From: Dariusz Michaluk Date: Wed, 5 Oct 2016 14:37:49 +0200 Subject: [PATCH 02/16] Include examples in documentation. Change-Id: Ifeb8ae0e322eae37bc9642dbc166c3ee68c694cc --- doc/doxygen.cfg | 4 ++-- doc/yaca_encryption_doc.h | 9 +++++++++ doc/yaca_integrity_doc.h | 7 +++++++ doc/yaca_key_doc.h | 13 +++++++++++++ doc/yaca_rsa_doc.h | 5 +++++ doc/yaca_simple_doc.h | 9 +++++++++ 6 files changed, 45 insertions(+), 2 deletions(-) diff --git a/doc/doxygen.cfg b/doc/doxygen.cfg index d034006..af86cf4 100644 --- a/doc/doxygen.cfg +++ b/doc/doxygen.cfg @@ -839,7 +839,7 @@ EXCLUDE_SYMBOLS = # that contain example code fragments that are included (see the \include # command). -EXAMPLE_PATH = +EXAMPLE_PATH = ../examples/ # If the value of the EXAMPLE_PATH tag contains directories, you can use the # EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp and @@ -1394,7 +1394,7 @@ GENERATE_TREEVIEW = YES # Minimum value: 0, maximum value: 20, default value: 4. # This tag requires that the tag GENERATE_HTML is set to YES. -ENUM_VALUES_PER_LINE = 4 +ENUM_VALUES_PER_LINE = 1 # If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be used # to set the initial width (in pixels) of the frame in which the tree is shown. diff --git a/doc/yaca_encryption_doc.h b/doc/yaca_encryption_doc.h index 7ab66fb..95dcdef 100755 --- a/doc/yaca_encryption_doc.h +++ b/doc/yaca_encryption_doc.h @@ -30,6 +30,15 @@ * @section CAPI_YACA_ENCRYPTION_MODULE_OVERVIEW Overview * It provides advanced APIs for encryption/decryption operations with symmetric keys and sealing/opening operations with asymmetric keys. * + * @section CAPI_YACA_ENCRYPTION_MODULE_EXAMPLES Examples + * Encrypt API example + * @snippet examples/encrypt.c Encrypt API example + * AES GCM encrypt API example + * @snippet examples/encrypt_gcm.c AES GCM encrypt API example + * AES CCM encrypt API example + * @snippet examples/encrypt_ccm.c AES CCM encrypt API example + * Asymmetric Encryption API example + * @snippet examples/seal.c Asymmetric Encryption API example */ #endif /* __TIZEN_CORE_YACA_ENCRYPTION_DOC_H__ */ diff --git a/doc/yaca_integrity_doc.h b/doc/yaca_integrity_doc.h index 049043f..c5b61f3 100755 --- a/doc/yaca_integrity_doc.h +++ b/doc/yaca_integrity_doc.h @@ -27,6 +27,13 @@ * @section CAPI_YACA_INTEGRITY_MODULE_OVERVIEW Overview * It provides advanced APIs for creating a signature using asymmetric private key, verifying a signature using asymmetric public key, calculating a HMAC/CMAC of given message using symmetric key and calculating message digests of given message without key. * + * @section CAPI_YACA_INTEGRITY_MODULE_EXAMPLES Examples + * Message Digest API example + * @snippet examples/digest.c Message Digest API example + * Signature API example + * @snippet examples/sign.c Signature API example + * HMAC Signature API example + * @snippet examples/sign_hmac.c HMAC Signature API example */ #endif /* __TIZEN_CORE_YACA_INTEGRITY_DOC_H__ */ diff --git a/doc/yaca_key_doc.h b/doc/yaca_key_doc.h index a28c57c..6bd69d6 100755 --- a/doc/yaca_key_doc.h +++ b/doc/yaca_key_doc.h @@ -26,6 +26,19 @@ * @section CAPI_YACA_KEY_MODULE_OVERVIEW Overview * It provides APIs for generating key using random number or password, importing a key trying to match it to the key_type specified and exporting a key to arbitrary format. * + * @section CAPI_YACA_KEY_MODULE_EXAMPLES Examples + * Key generation API example + * @snippet examples/key_gen.c Key generation API example + * Symmetric key import/export API example + * @snippet examples/key_import_export_sym.c Symmetric key import/export API example + * Asymmetric key import/export API example + * @snippet examples/key_import_export_asym.c Asymmetric key import/export API example + * Key import/export with password API example + * @snippet examples/key_password.c Key import/export with password API example + * Diffie-Helmann key exchange API example + * @snippet examples/key_exchange.c Diffie-Helmann key exchange API example + * Key wrapping API example + * @snippet examples/key_wrap.c Key wrapping API example */ #endif /* __TIZEN_CORE_YACA_KEY_DOC_H__ */ diff --git a/doc/yaca_rsa_doc.h b/doc/yaca_rsa_doc.h index 4012e68..5645188 100755 --- a/doc/yaca_rsa_doc.h +++ b/doc/yaca_rsa_doc.h @@ -27,6 +27,11 @@ * It provides advanced APIs for low-level encryption/decryption operations * with asymmetric RSA keys. * + * @section CAPI_YACA_RSA_MODULE_EXAMPLES Examples + * Public RSA Encrypt API example + * @snippet examples/rsa_public.c Public RSA Encrypt API example + * Private RSA Encrypt API example + * @snippet examples/rsa_private.c Private RSA Encrypt API example */ #endif /* __TIZEN_CORE_YACA_RSA_DOC_H__ */ diff --git a/doc/yaca_simple_doc.h b/doc/yaca_simple_doc.h index bc29b5d..ae2fcd1 100755 --- a/doc/yaca_simple_doc.h +++ b/doc/yaca_simple_doc.h @@ -26,6 +26,15 @@ * @section CAPI_YACA_SIMPLE_MODULE_OVERVIEW Overview * It provides simple APIs for encryption/decryption, signing/verification, and message digestion. * + * @section CAPI_YACA_SIMPLE_MODULE_EXAMPLES Examples + * Simple Encrypt API example + * @snippet examples/encrypt_simple.c Simple Encrypt API example + * Simple Message Digest API example + * @snippet examples/digest_simple.c Simple Message Digest API example + * Simple Signature API example + * @snippet examples/sign_simple.c Simple Signature API example + * Simple CMAC Signature API example + * @snippet examples/sign_simple_cmac.c Simple CMAC Signature API example */ #endif /* __TIZEN_CORE_YACA_SIMPLE_DOC_H__ */ -- 2.7.4 From c095a7929efba8f737180d0e8987f34b461df5fd Mon Sep 17 00:00:00 2001 From: Dariusz Michaluk Date: Tue, 11 Oct 2016 13:02:21 +0200 Subject: [PATCH 03/16] Remove outdated TODO's Change-Id: I2a0d00923ffa4f105461a7ee2bc6bb025c6bdb82 --- src/key.c | 2 +- todo.txt | 7 ------- 2 files changed, 1 insertion(+), 8 deletions(-) delete mode 100644 todo.txt diff --git a/src/key.c b/src/key.c index 0c04179..404840a 100644 --- a/src/key.c +++ b/src/key.c @@ -1926,7 +1926,7 @@ API int yaca_key_derive_pbkdf2(const char *password, return ret; nk->bit_len = key_bit_len; - nk->key.type = YACA_KEY_TYPE_SYMMETRIC; // TODO: how to handle other keys? + nk->key.type = YACA_KEY_TYPE_SYMMETRIC; ret = PKCS5_PBKDF2_HMAC(password, -1, (const unsigned char*)salt, salt_len, iterations, md, key_byte_len, diff --git a/todo.txt b/todo.txt deleted file mode 100644 index 78272ad..0000000 --- a/todo.txt +++ /dev/null @@ -1,7 +0,0 @@ -Global: -- Rethink and possibly add verification of output buffer lengths. - In other words check whether the user won't cause a buffer overflow. -- Support for OCB mode was added in OpenSSL 1.1.0 -- We need a way to import keys encrypted with hw (or other) keys. New - function like yaca_key_load or sth? -- Add extended description and examples in documentation. -- 2.7.4 From a2b610b035f732233e5fbdc8ed55ea134d9f007c Mon Sep 17 00:00:00 2001 From: Dariusz Michaluk Date: Tue, 18 Oct 2016 09:24:32 +0200 Subject: [PATCH 04/16] Release 0.0.2 Change-Id: I62a0ff6fff1b3a3b4cdfa611c59a310555b9e001 --- CMakeLists.txt | 2 +- packaging/yaca.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 606c9fc..653daef 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -23,7 +23,7 @@ CMAKE_MINIMUM_REQUIRED (VERSION 2.6.2) PROJECT(yaca) -SET(VERSION "0.0.1") +SET(VERSION "0.0.2") ## pkgconfig ################################################################### INCLUDE(FindPkgConfig) diff --git a/packaging/yaca.spec b/packaging/yaca.spec index 8e81aa4..2b43c19 100644 --- a/packaging/yaca.spec +++ b/packaging/yaca.spec @@ -1,5 +1,5 @@ Name: yaca -Version: 0.0.1 +Version: 0.0.2 Release: 0 Source0: %{name}-%{version}.tar.gz License: Apache-2.0 -- 2.7.4 From 52d9fac96f1db8eb862f2622bb2abfb01b92312b Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Mon, 7 Nov 2016 09:21:36 +0100 Subject: [PATCH 05/16] Replace spaces with tabs Tab policy [IDT_M_TAB] have changed from optional to mandatory and whole code has to be adjusted. doc/coding_rules.txt updated. File access rights fixed Change-Id: I7b855be9560e9b4f134294a1f97a70a50af578c1 --- api/yaca/yaca_crypto.h | 16 +-- api/yaca/yaca_digest.h | 0 api/yaca/yaca_encrypt.h | 46 ++++----- api/yaca/yaca_error.h | 0 api/yaca/yaca_key.h | 54 +++++----- api/yaca/yaca_rsa.h | 40 +++---- api/yaca/yaca_seal.h | 48 ++++----- api/yaca/yaca_sign.h | 32 +++--- api/yaca/yaca_simple.h | 76 +++++++------- api/yaca/yaca_types.h | 0 doc/coding-rules.txt | 64 ++++++------ doc/yaca_doc.h | 0 doc/yaca_encryption_doc.h | 0 doc/yaca_integrity_doc.h | 0 doc/yaca_key_doc.h | 0 doc/yaca_rsa_doc.h | 0 doc/yaca_simple_doc.h | 0 examples/digest_simple.c | 2 +- examples/encrypt_simple.c | 8 +- examples/key_exchange.c | 2 +- examples/key_import_export_asym.c | 8 +- examples/key_import_export_sym.c | 8 +- examples/key_password.c | 4 +- examples/key_wrap.c | 14 +-- examples/rsa_private.c | 4 +- examples/rsa_public.c | 4 +- examples/seal.c | 4 +- examples/sign_simple.c | 8 +- examples/sign_simple_cmac.c | 8 +- src/crypto.c | 10 +- src/debug.c | 8 +- src/digest.c | 4 +- src/encrypt.c | 212 +++++++++++++++++++------------------- src/internal.h | 32 +++--- src/key.c | 162 ++++++++++++++--------------- src/rsa.c | 110 ++++++++++---------- src/seal.c | 80 +++++++------- src/sign.c | 64 ++++++------ src/simple.c | 104 +++++++++---------- 39 files changed, 618 insertions(+), 618 deletions(-) mode change 100755 => 100644 api/yaca/yaca_crypto.h mode change 100755 => 100644 api/yaca/yaca_digest.h mode change 100755 => 100644 api/yaca/yaca_encrypt.h mode change 100755 => 100644 api/yaca/yaca_error.h mode change 100755 => 100644 api/yaca/yaca_key.h mode change 100755 => 100644 api/yaca/yaca_rsa.h mode change 100755 => 100644 api/yaca/yaca_seal.h mode change 100755 => 100644 api/yaca/yaca_sign.h mode change 100755 => 100644 api/yaca/yaca_simple.h mode change 100755 => 100644 api/yaca/yaca_types.h mode change 100755 => 100644 doc/yaca_doc.h mode change 100755 => 100644 doc/yaca_encryption_doc.h mode change 100755 => 100644 doc/yaca_integrity_doc.h mode change 100755 => 100644 doc/yaca_key_doc.h mode change 100755 => 100644 doc/yaca_rsa_doc.h mode change 100755 => 100644 doc/yaca_simple_doc.h diff --git a/api/yaca/yaca_crypto.h b/api/yaca/yaca_crypto.h old mode 100755 new mode 100644 index e2b2d5a..56425eb --- a/api/yaca/yaca_crypto.h +++ b/api/yaca/yaca_crypto.h @@ -206,9 +206,9 @@ int yaca_randomize_bytes(char *data, size_t data_len); * @see yaca_context_get_property() */ int yaca_context_set_property(yaca_context_h ctx, - yaca_property_e property, - const void *value, - size_t value_len); + yaca_property_e property, + const void *value, + size_t value_len); /** * @brief Returns the non-standard context properties. Can only be called on an @@ -241,9 +241,9 @@ int yaca_context_set_property(yaca_context_h ctx, * @see yaca_free() */ int yaca_context_get_property(const yaca_context_h ctx, - yaca_property_e property, - void **value, - size_t *value_len); + yaca_property_e property, + void **value, + size_t *value_len); /** * @brief Returns the minimum required size of the output buffer for a single crypto function call. @@ -271,8 +271,8 @@ int yaca_context_get_property(const yaca_context_h ctx, * @retval #YACA_ERROR_INTERNAL Internal error */ int yaca_context_get_output_length(const yaca_context_h ctx, - size_t input_len, - size_t *output_len); + size_t input_len, + size_t *output_len); /** * @brief Destroys the crypto context. Must be called on all contexts that are diff --git a/api/yaca/yaca_digest.h b/api/yaca/yaca_digest.h old mode 100755 new mode 100644 diff --git a/api/yaca/yaca_encrypt.h b/api/yaca/yaca_encrypt.h old mode 100755 new mode 100644 index 3395013..4031f2c --- a/api/yaca/yaca_encrypt.h +++ b/api/yaca/yaca_encrypt.h @@ -58,9 +58,9 @@ extern "C" { * */ int yaca_encrypt_get_iv_bit_length(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t key_bit_len, - size_t *iv_bit_len); + yaca_block_cipher_mode_e bcm, + size_t key_bit_len, + size_t *iv_bit_len); /** * @brief Initializes an encryption context. @@ -89,10 +89,10 @@ int yaca_encrypt_get_iv_bit_length(yaca_encrypt_algorithm_e algo, * @see yaca_context_destroy() */ int yaca_encrypt_initialize(yaca_context_h *ctx, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv); + yaca_encrypt_algorithm_e algo, + yaca_block_cipher_mode_e bcm, + const yaca_key_h sym_key, + const yaca_key_h iv); /** * @brief Encrypts chunk of the data. @@ -118,10 +118,10 @@ int yaca_encrypt_initialize(yaca_context_h *ctx, * @see yaca_context_get_output_length() */ int yaca_encrypt_update(yaca_context_h ctx, - const char *plaintext, - size_t plaintext_len, - char *ciphertext, - size_t *ciphertext_len); + const char *plaintext, + size_t plaintext_len, + char *ciphertext, + size_t *ciphertext_len); /** * @brief Encrypts the final chunk of the data. @@ -148,8 +148,8 @@ int yaca_encrypt_update(yaca_context_h ctx, * @see yaca_context_get_output_length() */ int yaca_encrypt_finalize(yaca_context_h ctx, - char *ciphertext, - size_t *ciphertext_len); + char *ciphertext, + size_t *ciphertext_len); /** * @brief Initializes an decryption context. @@ -178,10 +178,10 @@ int yaca_encrypt_finalize(yaca_context_h ctx, * @see yaca_context_destroy() */ int yaca_decrypt_initialize(yaca_context_h *ctx, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv); + yaca_encrypt_algorithm_e algo, + yaca_block_cipher_mode_e bcm, + const yaca_key_h sym_key, + const yaca_key_h iv); /** * @brief Decrypts chunk of the data. @@ -208,10 +208,10 @@ int yaca_decrypt_initialize(yaca_context_h *ctx, * @see yaca_context_get_output_length() */ int yaca_decrypt_update(yaca_context_h ctx, - const char *ciphertext, - size_t ciphertext_len, - char *plaintext, - size_t *plaintext_len); + const char *ciphertext, + size_t ciphertext_len, + char *plaintext, + size_t *plaintext_len); /** * @brief Decrypts the final chunk of the data. @@ -239,8 +239,8 @@ int yaca_decrypt_update(yaca_context_h ctx, * @see yaca_context_get_output_length() */ int yaca_decrypt_finalize(yaca_context_h ctx, - char *plaintext, - size_t *plaintext_len); + char *plaintext, + size_t *plaintext_len); /** * @} diff --git a/api/yaca/yaca_error.h b/api/yaca/yaca_error.h old mode 100755 new mode 100644 diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h old mode 100755 new mode 100644 index 4f50550..5c87944 --- a/api/yaca/yaca_key.h +++ b/api/yaca/yaca_key.h @@ -138,10 +138,10 @@ int yaca_key_get_bit_length(const yaca_key_h key, size_t *key_bit_len); * @see yaca_key_destroy() */ int yaca_key_import(yaca_key_type_e key_type, - const char *password, - const char *data, - size_t data_len, - yaca_key_h *key); + const char *password, + const char *data, + size_t data_len, + yaca_key_h *key); /** * @brief Exports a key or key generation parameters to arbitrary format. @@ -201,11 +201,11 @@ int yaca_key_import(yaca_key_type_e key_type, * @see yaca_key_destroy() */ int yaca_key_export(const yaca_key_h key, - yaca_key_format_e key_fmt, - yaca_key_file_format_e key_file_fmt, - const char *password, - char **data, - size_t *data_len); + yaca_key_format_e key_fmt, + yaca_key_file_format_e key_file_fmt, + const char *password, + char **data, + size_t *data_len); /** * @brief Generates a secure key or key generation parameters (or an Initialization Vector). @@ -245,8 +245,8 @@ int yaca_key_export(const yaca_key_h key, * @see yaca_key_destroy() */ int yaca_key_generate(yaca_key_type_e key_type, - size_t key_bit_len, - yaca_key_h *key); + size_t key_bit_len, + yaca_key_h *key); /** * @brief Generates a secure private asymmetric key from parameters. @@ -346,9 +346,9 @@ int yaca_key_extract_parameters(const yaca_key_h key, yaca_key_h *params); * @see yaca_free() */ int yaca_key_derive_dh(const yaca_key_h prv_key, - const yaca_key_h pub_key, - char **secret, - size_t *secret_len); + const yaca_key_h pub_key, + char **secret, + size_t *secret_len); /** * @brief Derives a key material from shared secret. @@ -386,13 +386,13 @@ int yaca_key_derive_dh(const yaca_key_h prv_key, * @see yaca_free() */ int yaca_key_derive_kdf(yaca_kdf_e kdf, - yaca_digest_algorithm_e algo, - const char *secret, - size_t secret_len, - const char *info, - size_t info_len, - size_t key_material_len, - char **key_material); + yaca_digest_algorithm_e algo, + const char *secret, + size_t secret_len, + const char *info, + size_t info_len, + size_t key_material_len, + char **key_material); /** * @brief Derives a key from user password (PKCS #5 a.k.a. pbkdf2 algorithm). @@ -420,12 +420,12 @@ int yaca_key_derive_kdf(yaca_kdf_e kdf, * @see yaca_key_destroy() */ int yaca_key_derive_pbkdf2(const char *password, - const char *salt, - size_t salt_len, - size_t iterations, - yaca_digest_algorithm_e algo, - size_t key_bit_len, - yaca_key_h *key); + const char *salt, + size_t salt_len, + size_t iterations, + yaca_digest_algorithm_e algo, + size_t key_bit_len, + yaca_key_h *key); /** * @brief Release the key created by the library. Passing YACA_KEY_NULL is allowed. diff --git a/api/yaca/yaca_rsa.h b/api/yaca/yaca_rsa.h old mode 100755 new mode 100644 index 20b1b4d..a57bfd7 --- a/api/yaca/yaca_rsa.h +++ b/api/yaca/yaca_rsa.h @@ -70,11 +70,11 @@ extern "C" { * @see yaca_free() */ int yaca_rsa_public_encrypt(yaca_padding_e padding, - const yaca_key_h pub_key, - const char *plaintext, - size_t plaintext_len, - char **ciphertext, - size_t *ciphertext_len); + const yaca_key_h pub_key, + const char *plaintext, + size_t plaintext_len, + char **ciphertext, + size_t *ciphertext_len); /** * @brief Decrypts data using a RSA private key (low-level decrypt equivalent). @@ -105,11 +105,11 @@ int yaca_rsa_public_encrypt(yaca_padding_e padding, * @see yaca_free() */ int yaca_rsa_private_decrypt(yaca_padding_e padding, - const yaca_key_h prv_key, - const char *ciphertext, - size_t ciphertext_len, - char **plaintext, - size_t *plaintext_len); + const yaca_key_h prv_key, + const char *ciphertext, + size_t ciphertext_len, + char **plaintext, + size_t *plaintext_len); /** * @brief Encrypts data using a RSA private key (low-level sign equivalent). @@ -145,11 +145,11 @@ int yaca_rsa_private_decrypt(yaca_padding_e padding, * @see yaca_free() */ int yaca_rsa_private_encrypt(yaca_padding_e padding, - const yaca_key_h prv_key, - const char *plaintext, - size_t plaintext_len, - char **ciphertext, - size_t *ciphertext_len); + const yaca_key_h prv_key, + const char *plaintext, + size_t plaintext_len, + char **ciphertext, + size_t *ciphertext_len); /** * @brief Decrypts data using a RSA public key (low-level verify equivalent). @@ -180,11 +180,11 @@ int yaca_rsa_private_encrypt(yaca_padding_e padding, * @see yaca_free() */ int yaca_rsa_public_decrypt(yaca_padding_e padding, - const yaca_key_h pub_key, - const char *ciphertext, - size_t ciphertext_len, - char **plaintext, - size_t *plaintext_len); + const yaca_key_h pub_key, + const char *ciphertext, + size_t ciphertext_len, + char **plaintext, + size_t *plaintext_len); /** * @} diff --git a/api/yaca/yaca_seal.h b/api/yaca/yaca_seal.h old mode 100755 new mode 100644 index 7fab958..5db810e --- a/api/yaca/yaca_seal.h +++ b/api/yaca/yaca_seal.h @@ -87,12 +87,12 @@ extern "C" { * @see yaca_context_destroy() */ int yaca_seal_initialize(yaca_context_h *ctx, - const yaca_key_h pub_key, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t sym_key_bit_len, - yaca_key_h *sym_key, - yaca_key_h *iv); + const yaca_key_h pub_key, + yaca_encrypt_algorithm_e algo, + yaca_block_cipher_mode_e bcm, + size_t sym_key_bit_len, + yaca_key_h *sym_key, + yaca_key_h *iv); /** * @brief Encrypts piece of the data. @@ -118,10 +118,10 @@ int yaca_seal_initialize(yaca_context_h *ctx, * @see yaca_context_get_output_length() */ int yaca_seal_update(yaca_context_h ctx, - const char *plaintext, - size_t plaintext_len, - char *ciphertext, - size_t *ciphertext_len); + const char *plaintext, + size_t plaintext_len, + char *ciphertext, + size_t *ciphertext_len); /** * @brief Encrypts the final piece of the data. @@ -148,8 +148,8 @@ int yaca_seal_update(yaca_context_h ctx, * @see yaca_context_get_output_length() */ int yaca_seal_finalize(yaca_context_h ctx, - char *ciphertext, - size_t *ciphertext_len); + char *ciphertext, + size_t *ciphertext_len); /** * @brief Initializes an asymmetric decryption context. @@ -185,12 +185,12 @@ int yaca_seal_finalize(yaca_context_h ctx, * @see yaca_context_destroy() */ int yaca_open_initialize(yaca_context_h *ctx, - const yaca_key_h prv_key, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t sym_key_bit_len, - const yaca_key_h sym_key, - const yaca_key_h iv); + const yaca_key_h prv_key, + yaca_encrypt_algorithm_e algo, + yaca_block_cipher_mode_e bcm, + size_t sym_key_bit_len, + const yaca_key_h sym_key, + const yaca_key_h iv); /** * @brief Decrypts piece of the data. @@ -217,10 +217,10 @@ int yaca_open_initialize(yaca_context_h *ctx, * @see yaca_context_get_output_length() */ int yaca_open_update(yaca_context_h ctx, - const char *ciphertext, - size_t ciphertext_len, - char *plaintext, - size_t *plaintext_len); + const char *ciphertext, + size_t ciphertext_len, + char *plaintext, + size_t *plaintext_len); /** * @brief Decrypts last chunk of sealed message. @@ -248,8 +248,8 @@ int yaca_open_update(yaca_context_h ctx, * @see yaca_context_get_output_length() */ int yaca_open_finalize(yaca_context_h ctx, - char *plaintext, - size_t *plaintext_len); + char *plaintext, + size_t *plaintext_len); /** * @} diff --git a/api/yaca/yaca_sign.h b/api/yaca/yaca_sign.h old mode 100755 new mode 100644 index e627262..0fcbec3 --- a/api/yaca/yaca_sign.h +++ b/api/yaca/yaca_sign.h @@ -83,8 +83,8 @@ extern "C" { * @see yaca_context_destroy() */ int yaca_sign_initialize(yaca_context_h *ctx, - yaca_digest_algorithm_e algo, - const yaca_key_h prv_key); + yaca_digest_algorithm_e algo, + const yaca_key_h prv_key); /** * @brief Initializes a signature context for HMAC. @@ -117,8 +117,8 @@ int yaca_sign_initialize(yaca_context_h *ctx, * @see yaca_context_destroy() */ int yaca_sign_initialize_hmac(yaca_context_h *ctx, - yaca_digest_algorithm_e algo, - const yaca_key_h sym_key); + yaca_digest_algorithm_e algo, + const yaca_key_h sym_key); /** * @brief Initializes a signature context for CMAC. @@ -151,8 +151,8 @@ int yaca_sign_initialize_hmac(yaca_context_h *ctx, * @see yaca_context_destroy() */ int yaca_sign_initialize_cmac(yaca_context_h *ctx, - yaca_encrypt_algorithm_e algo, - const yaca_key_h sym_key); + yaca_encrypt_algorithm_e algo, + const yaca_key_h sym_key); /** * @brief Feeds the message into the digital signature or MAC algorithm. @@ -176,8 +176,8 @@ int yaca_sign_initialize_cmac(yaca_context_h *ctx, * @see yaca_sign_initialize_cmac() */ int yaca_sign_update(yaca_context_h ctx, - const char *message, - size_t message_len); + const char *message, + size_t message_len); /** * @brief Calculates the final signature or MAC. @@ -206,8 +206,8 @@ int yaca_sign_update(yaca_context_h ctx, * @see yaca_context_get_output_length() */ int yaca_sign_finalize(yaca_context_h ctx, - char *signature, - size_t *signature_len); + char *signature, + size_t *signature_len); /** * @brief Initializes a signature verification context for asymmetric signatures. @@ -244,8 +244,8 @@ int yaca_sign_finalize(yaca_context_h ctx, * @see yaca_context_destroy() */ int yaca_verify_initialize(yaca_context_h *ctx, - yaca_digest_algorithm_e algo, - const yaca_key_h pub_key); + yaca_digest_algorithm_e algo, + const yaca_key_h pub_key); /** * @brief Feeds the message into the digital signature verification algorithm. @@ -266,8 +266,8 @@ int yaca_verify_initialize(yaca_context_h *ctx, * @see yaca_verify_finalize() */ int yaca_verify_update(yaca_context_h ctx, - const char *message, - size_t message_len); + const char *message, + size_t message_len); /** * @brief Performs the verification. @@ -293,8 +293,8 @@ int yaca_verify_update(yaca_context_h ctx, * @see yaca_sign_finalize() */ int yaca_verify_finalize(yaca_context_h ctx, - const char *signature, - size_t signature_len); + const char *signature, + size_t signature_len); /** * @} diff --git a/api/yaca/yaca_simple.h b/api/yaca/yaca_simple.h old mode 100755 new mode 100644 index b77e9bc..97a9826 --- a/api/yaca/yaca_simple.h +++ b/api/yaca/yaca_simple.h @@ -80,13 +80,13 @@ extern "C" { * @see yaca_free() */ int yaca_simple_encrypt(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv, - const char *plaintext, - size_t plaintext_len, - char **ciphertext, - size_t *ciphertext_len); + yaca_block_cipher_mode_e bcm, + const yaca_key_h sym_key, + const yaca_key_h iv, + const char *plaintext, + size_t plaintext_len, + char **ciphertext, + size_t *ciphertext_len); /** * @brief Decrypts data using a symmetric cipher. @@ -121,13 +121,13 @@ int yaca_simple_encrypt(yaca_encrypt_algorithm_e algo, * @see yaca_free() */ int yaca_simple_decrypt(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv, - const char *ciphertext, - size_t ciphertext_len, - char **plaintext, - size_t *plaintext_len); + yaca_block_cipher_mode_e bcm, + const yaca_key_h sym_key, + const yaca_key_h iv, + const char *ciphertext, + size_t ciphertext_len, + char **plaintext, + size_t *plaintext_len); /** * @brief Calculates a digest of a message. @@ -155,10 +155,10 @@ int yaca_simple_decrypt(yaca_encrypt_algorithm_e algo, * @see yaca_free() */ int yaca_simple_calculate_digest(yaca_digest_algorithm_e algo, - const char *message, - size_t message_len, - char **digest, - size_t *digest_len); + const char *message, + size_t message_len, + char **digest, + size_t *digest_len); /** * @brief Creates a signature using asymmetric private key. @@ -198,11 +198,11 @@ int yaca_simple_calculate_digest(yaca_digest_algorithm_e algo, * @see yaca_free() */ int yaca_simple_calculate_signature(yaca_digest_algorithm_e algo, - const yaca_key_h prv_key, - const char *message, - size_t message_len, - char **signature, - size_t *signature_len); + const yaca_key_h prv_key, + const char *message, + size_t message_len, + char **signature, + size_t *signature_len); /** * @brief Verifies a signature using asymmetric public key. @@ -235,11 +235,11 @@ int yaca_simple_calculate_signature(yaca_digest_algorithm_e algo, * @see yaca_simple_calculate_signature() */ int yaca_simple_verify_signature(yaca_digest_algorithm_e algo, - const yaca_key_h pub_key, - const char *message, - size_t message_len, - const char *signature, - size_t signature_len); + const yaca_key_h pub_key, + const char *message, + size_t message_len, + const char *signature, + size_t signature_len); /** * @brief Calculates a HMAC of given message using symmetric key. @@ -275,11 +275,11 @@ int yaca_simple_verify_signature(yaca_digest_algorithm_e algo, * @see yaca_free() */ int yaca_simple_calculate_hmac(yaca_digest_algorithm_e algo, - const yaca_key_h sym_key, - const char *message, - size_t message_len, - char **mac, - size_t *mac_len); + const yaca_key_h sym_key, + const char *message, + size_t message_len, + char **mac, + size_t *mac_len); /** * @brief Calculates a CMAC of given message using symmetric key. @@ -315,11 +315,11 @@ int yaca_simple_calculate_hmac(yaca_digest_algorithm_e algo, * @see yaca_free() */ int yaca_simple_calculate_cmac(yaca_encrypt_algorithm_e algo, - const yaca_key_h sym_key, - const char *message, - size_t message_len, - char **mac, - size_t *mac_len); + const yaca_key_h sym_key, + const char *message, + size_t message_len, + char **mac, + size_t *mac_len); /** * @} diff --git a/api/yaca/yaca_types.h b/api/yaca/yaca_types.h old mode 100755 new mode 100644 diff --git a/doc/coding-rules.txt b/doc/coding-rules.txt index 4f55843..9f8b70e 100644 --- a/doc/coding-rules.txt +++ b/doc/coding-rules.txt @@ -4,24 +4,24 @@ Differences from Tizen rules are included as "Notes". For full description of each rule - please refer to Tizen documentation. -[R01] [CMT_M_C89] Style for comment is the C89 "/* … */" style. +[R01] [CMT_M_C89] Both comment styles are allowed : C89 "/* ... */" style & C99 "//" style Note: Temporary comments may use C99 style (TODO, FIXME etc.) [R02] [DEC_R_INL] inline keyword should sit between storage class and type. -[R03] [IDT_R_TAB] Use tabs. All tabs are 4 characters. Indentation use only tab (No space key). -Note: If possible use Smart Tabs, if not - 4-character tabs + alignment spaces +[M01] [IDT_M_TAB] Use tabs. All tabs are 4 characters. Indentation use only tab (No space key). +Note: If necessary use 4-character tabs + alignment spaces -[R04] [IDT_R_SCH] Switch and case should be at the same indent. +[M02] [IDT_M_SCH] Switch and case should be at the same indent. -[R05] [IDT_R_LBL] goto labels aren't indented, allow a single space however. +[R03] [IDT_R_LBL] goto labels aren't indented, allow a single space however. Note: No single space allowed -[M01] [SPC_M_KWD] Keywords have following space rules +[M03] [SPC_M_KWD] Keywords have following space rules -Put a space after (most) keywords (ex: if, switch, case, for, do, while). -Exception: Do not put a space after function like keywords, such as sizeof, typeof, alignof, __attribute__. - -[M02] [SPC_M_OPR] Operators have following space rules +[M04] [SPC_M_OPR] Operators have following space rules -Put a space around(on each side of) most binary and ternary operators -Example: = + -< > * / % | & ^ <= >= == != ? : -Do not put a space after unary operators @@ -30,7 +30,7 @@ Note: No single space allowed -Do not put a space after cast operator -Do not put a space around the "." and "->" structure member operators. -[M03] [SPC_M_SEP] Seperators have following space rules +[M05] [SPC_M_SEP] Seperators have following space rules -Put a space after closing brace when it has anything on the line. -Exception : comma after closing brace '},' -Put a space after comma @@ -38,50 +38,50 @@ Note: No single space allowed -Do not put a space after the function name in function calls. -Do not put space before open square bracket '['; and inside square bracket '[', ']'. -[M04] [BRC_M_FTN] functions have the opening brace at the beginning of the next line. +[M06] [BRC_M_FTN] functions have the opening brace at the beginning of the next line. -[M05] [BRC_M_SMT] Statement brace: Open brace last on the line. The closing brace is empty on a line of its own. +[M07] [BRC_M_SMT] Statement brace: Open brace last on the line. The closing brace is empty on a line of its own. -Exception: Where the closing race is followed by a continuation of the same statement, else should follow close brace '}', while should follow close brace '}' -[M06] [BRC_M_EUS] Open braces for enum, union and struct go on the same line. +[M08] [BRC_M_EUS] Open braces for enum, union and struct go on the same line. -[R06] [BRC_R_SST] Do not unnecessarily use braces where a single statement will do. +[R04] [BRC_R_SST] Do not unnecessarily use braces where a single statement will do. -Exception: if one branch of a conditional statement is a single statement, use braces in both branches. -[R07] [LNE_R_TWS] No trailing whitespaces at the ends of lines. +[R05] [LNE_R_TWS] No trailing whitespaces at the ends of lines. -[R08] [LNE_R_EOF] Check for adding lines without a newline at end of file. -Notes: File should end with '\n' (single newline at the end of file) +[R06] [LNE_R_EOF] Check for adding lines without a newline at end of file. +Note: File should end with '\n' (single newline at the end of file) -[R09] In source file, the sequence of the code organization : Copyright File comments Header files Define constant and macros Declare static (private) functions Define exported (public) functions Define static (private) functions Define protected functions. -Notes: Static (private) function code first, then functions used by other objects in library; API (public) functions at the end +[R07] In source file, the sequence of the code organization : Copyright, File comments, Header files, Define constant and macros, Declare static (private) functions, Define exported (public) functions, Define static (private) functions, Define protected functions. +Note: Static (private) function code first, then functions used by other objects in library; API (public) functions at the end ******** Public API should use 'API' macro - other functions are not visible outside of library -[M07] Separate external public header(API) and internal header(declare protected functions that are not exported but use for many files) +[M09] Separate external public header(API) and internal header(declare protected functions that are not exported but use for many files) -[M08] External public headers include the Doxygen style for comment. ex) Variable, Function, Struct. +[M10] External public headers include the Doxygen style for comment. ex) Variable, Function, Struct. -[M09] In function prototypes, include parameter names with their data types and return type. +[M11] In function prototypes, include parameter names with their data types and return type. -[R10] Macros with multiple statements should be enclosed in a "do -while" block. +[R08] Macros with multiple statements should be enclosed in a "do -while" block. -[R11] ''#' symbol for macro shall be located at the first column. +[R09] ''#' symbol for macro shall be located at the first column. -[R12] In macro definition, every expression and the arguments in the expressions shall be enclosed by '(' and ')' for each. +[R10] In macro definition, every expression and the arguments in the expressions shall be enclosed by '(' and ')' for each. -[R13] Don’t declare both a structure tag and variables or typedefs in the same declaration. +[R11] Don’t declare both a structure tag and variables or typedefs in the same declaration. Note: Avoid use of typedefs for structures/enums unless it's needed (for handles in API etc.) -[R14] Each variable shall be declared in the new line. +[R12] Each variable shall be declared in the new line. Notes: except for counters (like i, j, k, etc.). -[M10] No mixed-case, Use underscores('_') to separate words in a name. +[M12] No mixed-case, Use underscores('_') to separate words in a name. -[R15] Names of macros defining constants and labels in enums are composed of capital letters, numbers and '_' character. +[R13] Names of macros defining constants and labels in enums are composed of capital letters, numbers and '_' character. -[R16] Name of functions are Verb + Noun to have a good representation of features. +[R14] Name of functions are Verb + Noun to have a good representation of features. Note: this is rule of thumb except for Public API. Public API has prefix (__fcn). -------------------------------------------------------------------------------- @@ -98,8 +98,8 @@ Note: this is rule of thumb except for Public API. Public API has prefix ( 0) { ret = yaca_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t), - (void**)&mutexes); + (void**)&mutexes); if (ret != YACA_ERROR_NONE) goto exit; @@ -393,7 +393,7 @@ API int yaca_randomize_bytes(char *data, size_t data_len) } API int yaca_context_set_property(yaca_context_h ctx, yaca_property_e property, - const void *value, size_t value_len) + const void *value, size_t value_len) { if (ctx == YACA_CONTEXT_NULL || ctx->set_property == NULL) return YACA_ERROR_INVALID_PARAMETER; @@ -402,7 +402,7 @@ API int yaca_context_set_property(yaca_context_h ctx, yaca_property_e property, } API int yaca_context_get_property(const yaca_context_h ctx, yaca_property_e property, - void **value, size_t *value_len) + void **value, size_t *value_len) { if (ctx == YACA_CONTEXT_NULL || ctx->get_property == NULL) return YACA_ERROR_INVALID_PARAMETER; @@ -420,10 +420,10 @@ API void yaca_context_destroy(yaca_context_h ctx) } API int yaca_context_get_output_length(const yaca_context_h ctx, - size_t input_len, size_t *output_len) + size_t input_len, size_t *output_len) { if (ctx == YACA_CONTEXT_NULL || output_len == NULL || - ctx->get_output_length == NULL) + ctx->get_output_length == NULL) return YACA_ERROR_INVALID_PARAMETER; return ctx->get_output_length(ctx, input_len, output_len); diff --git a/src/debug.c b/src/debug.c index 80edb1d..e49a4ca 100644 --- a/src/debug.c +++ b/src/debug.c @@ -81,7 +81,7 @@ void error_dump(const char *file, int line, const char *function, int code) } written = snprintf(buf, BUF_SIZE, "%s:%d %s() API error: %s0x%02X (%s)\n", file, - line, function, sign, code, err_str); + line, function, sign, code, err_str); while ((err = ERR_get_error()) != 0 && written < BUF_SIZE - 1) { if (!error_strings_loaded) { @@ -151,9 +151,9 @@ int error_handle(const char *file, int line, const char *function) while ((err = ERR_get_error()) != 0) if (err == ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, PKCS12_R_DECODE_ERROR) || - err == ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PBE_CRYPT, PKCS12_R_PKCS12_CIPHERFINAL_ERROR) || - err == ERR_PACK(ERR_LIB_DSA, DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB) || - err == ERR_PACK(ERR_LIB_RSA, RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB)) { + err == ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PBE_CRYPT, PKCS12_R_PKCS12_CIPHERFINAL_ERROR) || + err == ERR_PACK(ERR_LIB_DSA, DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB) || + err == ERR_PACK(ERR_LIB_RSA, RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB)) { found_crypto_error = true; break; } diff --git a/src/digest.c b/src/digest.c index 7b14ad2..1d7cbad 100644 --- a/src/digest.c +++ b/src/digest.c @@ -80,8 +80,8 @@ static struct yaca_digest_context_s *get_digest_context(const yaca_context_h ctx } static int get_digest_output_length(const yaca_context_h ctx, - size_t input_len, - size_t *output_len) + size_t input_len, + size_t *output_len) { assert(output_len != NULL); diff --git a/src/encrypt.c b/src/encrypt.c index 5b0e9f5..f4a21f3 100644 --- a/src/encrypt.c +++ b/src/encrypt.c @@ -320,8 +320,8 @@ int get_wrap_output_length(const yaca_context_h ctx, size_t input_len, size_t *o } static int encrypt_ctx_create(struct yaca_encrypt_context_s **c, - enum encrypt_op_type_e op_type, - const EVP_CIPHER *cipher) + enum encrypt_op_type_e op_type, + const EVP_CIPHER *cipher) { int ret; int mode; @@ -340,8 +340,8 @@ static int encrypt_ctx_create(struct yaca_encrypt_context_s **c, nc->backup_ctx = NULL; nc->ctx.context_destroy = destroy_encrypt_context; nc->ctx.get_output_length = (mode == EVP_CIPH_WRAP_MODE) ? - get_wrap_output_length : - get_encrypt_output_length; + get_wrap_output_length : + get_encrypt_output_length; nc->ctx.set_property = set_encrypt_property; nc->ctx.get_property = get_encrypt_property; nc->op_type = op_type; @@ -374,8 +374,8 @@ exit: } static int encrypt_ctx_init(struct yaca_encrypt_context_s *c, - const EVP_CIPHER *cipher, - size_t key_bit_len) + const EVP_CIPHER *cipher, + size_t key_bit_len) { int ret; @@ -386,11 +386,11 @@ static int encrypt_ctx_init(struct yaca_encrypt_context_s *c, return YACA_ERROR_INVALID_PARAMETER; ret = EVP_CipherInit_ex(c->cipher_ctx, - cipher, - NULL, - NULL, - NULL, - is_encryption_op(c->op_type) ? 1 : 0); + cipher, + NULL, + NULL, + NULL, + is_encryption_op(c->op_type) ? 1 : 0); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); @@ -409,8 +409,8 @@ static int encrypt_ctx_init(struct yaca_encrypt_context_s *c, } static int encrypt_ctx_setup_iv(struct yaca_encrypt_context_s *c, - const EVP_CIPHER *cipher, - const struct yaca_key_simple_s *iv) + const EVP_CIPHER *cipher, + const struct yaca_key_simple_s *iv) { int ret; size_t default_iv_bit_len; @@ -445,10 +445,10 @@ static int encrypt_ctx_setup_iv(struct yaca_encrypt_context_s *c, if (mode == EVP_CIPH_GCM_MODE) { ret = EVP_CIPHER_CTX_ctrl(c->cipher_ctx, EVP_CTRL_GCM_SET_IVLEN, - iv->bit_len / 8, NULL); + iv->bit_len / 8, NULL); } else if (mode == EVP_CIPH_CCM_MODE) { ret = EVP_CIPHER_CTX_ctrl(c->cipher_ctx, EVP_CTRL_CCM_SET_IVLEN, - iv->bit_len / 8, NULL); + iv->bit_len / 8, NULL); } else { return YACA_ERROR_INVALID_PARAMETER; } @@ -462,8 +462,8 @@ static int encrypt_ctx_setup_iv(struct yaca_encrypt_context_s *c, } static int encrypt_ctx_setup(struct yaca_encrypt_context_s *c, - const yaca_key_h key, - const yaca_key_h iv) + const yaca_key_h key, + const yaca_key_h iv) { int ret; unsigned char *iv_data = NULL; @@ -499,11 +499,11 @@ static int encrypt_ctx_setup(struct yaca_encrypt_context_s *c, iv_data = (unsigned char*)liv->d; ret = EVP_CipherInit_ex(c->cipher_ctx, - NULL, - NULL, - (unsigned char*)lkey->d, - iv_data, - is_encryption_op(c->op_type) ? 1 : 0); + NULL, + NULL, + (unsigned char*)lkey->d, + iv_data, + is_encryption_op(c->op_type) ? 1 : 0); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); @@ -514,9 +514,9 @@ static int encrypt_ctx_setup(struct yaca_encrypt_context_s *c, } static int encrypt_ctx_backup(struct yaca_encrypt_context_s *c, - const EVP_CIPHER *cipher, - const yaca_key_h sym_key, - const yaca_key_h iv) + const EVP_CIPHER *cipher, + const yaca_key_h sym_key, + const yaca_key_h iv) { int ret; struct yaca_backup_context_s *bc; @@ -562,7 +562,7 @@ static int encrypt_ctx_restore(struct yaca_encrypt_context_s *c) assert(ret != YACA_ERROR_INVALID_PARAMETER); if (c->backup_ctx->padding == YACA_PADDING_NONE && - EVP_CIPHER_CTX_set_padding(c->cipher_ctx, 0) != 1) { + EVP_CIPHER_CTX_set_padding(c->cipher_ctx, 0) != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); return ret; @@ -648,9 +648,9 @@ static int encrypt_ctx_set_rc2_effective_key_bits(struct yaca_encrypt_context_s } int set_encrypt_property(yaca_context_h ctx, - yaca_property_e property, - const void *value, - size_t value_len) + yaca_property_e property, + const void *value, + size_t value_len) { struct yaca_encrypt_context_s *c = get_encrypt_context(ctx); int len; @@ -666,7 +666,7 @@ int set_encrypt_property(yaca_context_h ctx, switch (property) { case YACA_PROPERTY_GCM_AAD: if (mode != EVP_CIPH_GCM_MODE || - !verify_state_change(c, ENC_CTX_AAD_UPDATED)) + !verify_state_change(c, ENC_CTX_AAD_UPDATED)) return YACA_ERROR_INVALID_PARAMETER; if (EVP_CipherUpdate(c->cipher_ctx, NULL, &len, value, value_len) != 1) { @@ -677,7 +677,7 @@ int set_encrypt_property(yaca_context_h ctx, break; case YACA_PROPERTY_CCM_AAD: if (mode != EVP_CIPH_CCM_MODE || - !verify_state_change(c, ENC_CTX_AAD_UPDATED)) + !verify_state_change(c, ENC_CTX_AAD_UPDATED)) return YACA_ERROR_INVALID_PARAMETER; if (EVP_CipherUpdate(c->cipher_ctx, NULL, &len, value, value_len) != 1) { @@ -688,8 +688,8 @@ int set_encrypt_property(yaca_context_h ctx, break; case YACA_PROPERTY_GCM_TAG: if (mode != EVP_CIPH_GCM_MODE || is_encryption_op(c->op_type) || - !is_valid_tag_len(mode, value_len) || - !verify_state_change(c, ENC_CTX_TAG_SET)) + !is_valid_tag_len(mode, value_len) || + !verify_state_change(c, ENC_CTX_TAG_SET)) return YACA_ERROR_INVALID_PARAMETER; if (EVP_CIPHER_CTX_ctrl(c->cipher_ctx, EVP_CTRL_GCM_SET_TAG, value_len, (void*)value) != 1) { @@ -700,9 +700,9 @@ int set_encrypt_property(yaca_context_h ctx, break; case YACA_PROPERTY_GCM_TAG_LEN: if (value_len != sizeof(size_t) || mode != EVP_CIPH_GCM_MODE || - !is_encryption_op(c->op_type) || - !is_valid_tag_len(mode, *(size_t*)value) || - !verify_state_change(c, ENC_CTX_TAG_LENGTH_SET)) + !is_encryption_op(c->op_type) || + !is_valid_tag_len(mode, *(size_t*)value) || + !verify_state_change(c, ENC_CTX_TAG_LENGTH_SET)) return YACA_ERROR_INVALID_PARAMETER; c->tag_len = *(size_t*)value; @@ -710,8 +710,8 @@ int set_encrypt_property(yaca_context_h ctx, break; case YACA_PROPERTY_CCM_TAG: if (mode != EVP_CIPH_CCM_MODE || is_encryption_op(c->op_type) || - !is_valid_tag_len(mode, value_len) || - !verify_state_change(c, ENC_CTX_TAG_SET)) + !is_valid_tag_len(mode, value_len) || + !verify_state_change(c, ENC_CTX_TAG_SET)) return YACA_ERROR_INVALID_PARAMETER; ret = encrypt_ctx_set_ccm_tag(c, (char*)value, value_len); @@ -722,9 +722,9 @@ int set_encrypt_property(yaca_context_h ctx, break; case YACA_PROPERTY_CCM_TAG_LEN: if (value_len != sizeof(size_t) || mode != EVP_CIPH_CCM_MODE || - !is_encryption_op(c->op_type) || - !is_valid_tag_len(mode, *(size_t*)value) || - !verify_state_change(c, ENC_CTX_TAG_LENGTH_SET)) + !is_encryption_op(c->op_type) || + !is_valid_tag_len(mode, *(size_t*)value) || + !verify_state_change(c, ENC_CTX_TAG_LENGTH_SET)) return YACA_ERROR_INVALID_PARAMETER; ret = encrypt_ctx_set_ccm_tag_len(c, *(size_t*)value); @@ -735,10 +735,10 @@ int set_encrypt_property(yaca_context_h ctx, break; case YACA_PROPERTY_PADDING: if ((mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE) || - value_len != sizeof(yaca_padding_e) || - (*(yaca_padding_e*)value != YACA_PADDING_NONE && - *(yaca_padding_e*)value != YACA_PADDING_PKCS7) || - c->state == ENC_CTX_FINALIZED) + value_len != sizeof(yaca_padding_e) || + (*(yaca_padding_e*)value != YACA_PADDING_NONE && + *(yaca_padding_e*)value != YACA_PADDING_PKCS7) || + c->state == ENC_CTX_FINALIZED) return YACA_ERROR_INVALID_PARAMETER; int padding = *(yaca_padding_e*)value == YACA_PADDING_NONE ? 0 : 1; @@ -751,8 +751,8 @@ int set_encrypt_property(yaca_context_h ctx, break; case YACA_PROPERTY_RC2_EFFECTIVE_KEY_BITS: if (value_len != sizeof(size_t) || - (nid != NID_rc2_cbc && nid != NID_rc2_ecb && nid != NID_rc2_cfb64 && nid != NID_rc2_ofb64) || - c->state != ENC_CTX_INITIALIZED) + (nid != NID_rc2_cbc && nid != NID_rc2_ecb && nid != NID_rc2_cfb64 && nid != NID_rc2_ofb64) || + c->state != ENC_CTX_INITIALIZED) return YACA_ERROR_INVALID_PARAMETER; ret = encrypt_ctx_set_rc2_effective_key_bits(c, *(size_t*)value); @@ -765,7 +765,7 @@ int set_encrypt_property(yaca_context_h ctx, } int get_encrypt_property(const yaca_context_h ctx, yaca_property_e property, - void **value, size_t *value_len) + void **value, size_t *value_len) { struct yaca_encrypt_context_s *c = get_encrypt_context(ctx); int mode; @@ -779,17 +779,17 @@ int get_encrypt_property(const yaca_context_h ctx, yaca_property_e property, switch (property) { case YACA_PROPERTY_GCM_TAG: if (value_len == NULL || - !is_encryption_op(c->op_type) || - mode != EVP_CIPH_GCM_MODE || - (c->state != ENC_CTX_TAG_LENGTH_SET && c->state != ENC_CTX_FINALIZED)) + !is_encryption_op(c->op_type) || + mode != EVP_CIPH_GCM_MODE || + (c->state != ENC_CTX_TAG_LENGTH_SET && c->state != ENC_CTX_FINALIZED)) return YACA_ERROR_INVALID_PARAMETER; assert(c->tag_len <= INT_MAX); if (EVP_CIPHER_CTX_ctrl(c->cipher_ctx, - EVP_CTRL_GCM_GET_TAG, - c->tag_len, - value) != 1) { + EVP_CTRL_GCM_GET_TAG, + c->tag_len, + value) != 1) { ERROR_DUMP(YACA_ERROR_INTERNAL); return YACA_ERROR_INTERNAL; } @@ -797,17 +797,17 @@ int get_encrypt_property(const yaca_context_h ctx, yaca_property_e property, break; case YACA_PROPERTY_CCM_TAG: if (value_len == NULL || - !is_encryption_op(c->op_type) || - mode != EVP_CIPH_CCM_MODE || - c->state != ENC_CTX_FINALIZED) + !is_encryption_op(c->op_type) || + mode != EVP_CIPH_CCM_MODE || + c->state != ENC_CTX_FINALIZED) return YACA_ERROR_INVALID_PARAMETER; assert(c->tag_len <= INT_MAX); if (EVP_CIPHER_CTX_ctrl(c->cipher_ctx, - EVP_CTRL_CCM_GET_TAG, - c->tag_len, - value) != 1) { + EVP_CTRL_CCM_GET_TAG, + c->tag_len, + value) != 1) { ERROR_DUMP(YACA_ERROR_INTERNAL); return YACA_ERROR_INTERNAL; } @@ -829,8 +829,8 @@ static int check_key_bit_length_for_algo(yaca_encrypt_algorithm_e algo, size_t k switch (algo) { case YACA_ENCRYPT_AES: if (key_bit_len != YACA_KEY_LENGTH_UNSAFE_128BIT && - key_bit_len != YACA_KEY_LENGTH_192BIT && - key_bit_len != YACA_KEY_LENGTH_256BIT) + key_bit_len != YACA_KEY_LENGTH_192BIT && + key_bit_len != YACA_KEY_LENGTH_256BIT) ret = YACA_ERROR_INVALID_PARAMETER; break; case YACA_ENCRYPT_UNSAFE_DES: @@ -866,9 +866,9 @@ static int check_key_bit_length_for_algo(yaca_encrypt_algorithm_e algo, size_t k } int encrypt_get_algorithm(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t key_bit_len, - const EVP_CIPHER **cipher) + yaca_block_cipher_mode_e bcm, + size_t key_bit_len, + const EVP_CIPHER **cipher) { int ret; size_t i; @@ -884,9 +884,9 @@ int encrypt_get_algorithm(yaca_encrypt_algorithm_e algo, for (i = 0; i < ENCRYPTION_CIPHERS_SIZE; ++i) if (ENCRYPTION_CIPHERS[i].algo == algo && - ENCRYPTION_CIPHERS[i].bcm == bcm && - (ENCRYPTION_CIPHERS[i].key_bit_len == key_bit_len || - ENCRYPTION_CIPHERS[i].key_bit_len == (size_t)-1)) { + ENCRYPTION_CIPHERS[i].bcm == bcm && + (ENCRYPTION_CIPHERS[i].key_bit_len == key_bit_len || + ENCRYPTION_CIPHERS[i].key_bit_len == (size_t)-1)) { *cipher = ENCRYPTION_CIPHERS[i].cipher(); ret = YACA_ERROR_NONE; break; @@ -901,10 +901,10 @@ int encrypt_get_algorithm(yaca_encrypt_algorithm_e algo, } int encrypt_initialize(yaca_context_h *ctx, - const EVP_CIPHER *cipher, - const yaca_key_h sym_key, - const yaca_key_h iv, - enum encrypt_op_type_e op_type) + const EVP_CIPHER *cipher, + const yaca_key_h sym_key, + const yaca_key_h iv, + enum encrypt_op_type_e op_type) { struct yaca_encrypt_context_s *nc; struct yaca_key_simple_s *lsym_key; @@ -918,7 +918,7 @@ int encrypt_initialize(yaca_context_h *ctx, return YACA_ERROR_INVALID_PARAMETER; if (lsym_key->key.type != YACA_KEY_TYPE_DES && - lsym_key->key.type != YACA_KEY_TYPE_SYMMETRIC) + lsym_key->key.type != YACA_KEY_TYPE_SYMMETRIC) return YACA_ERROR_INVALID_PARAMETER; ret = encrypt_ctx_create(&nc, op_type, cipher); @@ -936,7 +936,7 @@ int encrypt_initialize(yaca_context_h *ctx, int mode = EVP_CIPHER_CTX_mode(nc->cipher_ctx); int nid = EVP_CIPHER_CTX_nid(nc->cipher_ctx); if (mode == EVP_CIPH_CCM_MODE || - nid == NID_rc2_cbc || nid == NID_rc2_ecb || nid == NID_rc2_cfb64 || nid == NID_rc2_ofb64) { + nid == NID_rc2_cbc || nid == NID_rc2_ecb || nid == NID_rc2_cfb64 || nid == NID_rc2_ofb64) { ret = encrypt_ctx_backup(nc, cipher, sym_key, iv); if (ret != YACA_ERROR_NONE) goto exit; @@ -955,9 +955,9 @@ exit: } int encrypt_update(yaca_context_h ctx, - const unsigned char *input, size_t input_len, - unsigned char *output, size_t *output_len, - enum encrypt_op_type_e op_type) + const unsigned char *input, size_t input_len, + unsigned char *output, size_t *output_len, + enum encrypt_op_type_e op_type) { struct yaca_encrypt_context_s *c = get_encrypt_context(ctx); int ret; @@ -989,7 +989,7 @@ int encrypt_update(yaca_context_h ctx, return YACA_ERROR_INVALID_PARAMETER; } else if (nid == NID_id_smime_alg_CMS3DESwrap) { if (input_len != (YACA_KEY_LENGTH_UNSAFE_128BIT / 8) && - input_len != (YACA_KEY_LENGTH_192BIT / 8)) + input_len != (YACA_KEY_LENGTH_192BIT / 8)) return YACA_ERROR_INVALID_PARAMETER; } else { assert(false); @@ -1001,7 +1001,7 @@ int encrypt_update(yaca_context_h ctx, return YACA_ERROR_INVALID_PARAMETER; } else if (nid == NID_id_smime_alg_CMS3DESwrap) { if (input_len != (YACA_KEY_LENGTH_UNSAFE_128BIT / 8 + 16) && - input_len != (YACA_KEY_LENGTH_192BIT / 8 + 16)) + input_len != (YACA_KEY_LENGTH_192BIT / 8 + 16)) return YACA_ERROR_INVALID_PARAMETER; } else { assert(false); @@ -1048,8 +1048,8 @@ int encrypt_update(yaca_context_h ctx, } int encrypt_finalize(yaca_context_h ctx, - unsigned char *output, size_t *output_len, - enum encrypt_op_type_e op_type) + unsigned char *output, size_t *output_len, + enum encrypt_op_type_e op_type) { struct yaca_encrypt_context_s *c = get_encrypt_context(ctx); int ret; @@ -1088,9 +1088,9 @@ int encrypt_finalize(yaca_context_h ctx, } API int yaca_encrypt_get_iv_bit_length(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t key_bit_len, - size_t *iv_bit_len) + yaca_block_cipher_mode_e bcm, + size_t key_bit_len, + size_t *iv_bit_len) { const EVP_CIPHER *cipher; int ret; @@ -1113,10 +1113,10 @@ API int yaca_encrypt_get_iv_bit_length(yaca_encrypt_algorithm_e algo, } API int yaca_encrypt_initialize(yaca_context_h *ctx, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv) + yaca_encrypt_algorithm_e algo, + yaca_block_cipher_mode_e bcm, + const yaca_key_h sym_key, + const yaca_key_h iv) { int ret; const EVP_CIPHER *cipher; @@ -1133,27 +1133,27 @@ API int yaca_encrypt_initialize(yaca_context_h *ctx, } API int yaca_encrypt_update(yaca_context_h ctx, - const char *plaintext, - size_t plaintext_len, - char *ciphertext, - size_t *ciphertext_len) + const char *plaintext, + size_t plaintext_len, + char *ciphertext, + size_t *ciphertext_len) { return encrypt_update(ctx, (const unsigned char*)plaintext, plaintext_len, - (unsigned char*)ciphertext, ciphertext_len, OP_ENCRYPT); + (unsigned char*)ciphertext, ciphertext_len, OP_ENCRYPT); } API int yaca_encrypt_finalize(yaca_context_h ctx, - char *ciphertext, - size_t *ciphertext_len) + char *ciphertext, + size_t *ciphertext_len) { return encrypt_finalize(ctx, (unsigned char*)ciphertext, ciphertext_len, OP_ENCRYPT); } API int yaca_decrypt_initialize(yaca_context_h *ctx, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv) + yaca_encrypt_algorithm_e algo, + yaca_block_cipher_mode_e bcm, + const yaca_key_h sym_key, + const yaca_key_h iv) { int ret; const EVP_CIPHER *cipher; @@ -1170,18 +1170,18 @@ API int yaca_decrypt_initialize(yaca_context_h *ctx, } API int yaca_decrypt_update(yaca_context_h ctx, - const char *ciphertext, - size_t ciphertext_len, - char *plaintext, - size_t *plaintext_len) + const char *ciphertext, + size_t ciphertext_len, + char *plaintext, + size_t *plaintext_len) { return encrypt_update(ctx, (const unsigned char*)ciphertext, ciphertext_len, - (unsigned char*)plaintext, plaintext_len, OP_DECRYPT); + (unsigned char*)plaintext, plaintext_len, OP_DECRYPT); } API int yaca_decrypt_finalize(yaca_context_h ctx, - char *plaintext, - size_t *plaintext_len) + char *plaintext, + size_t *plaintext_len) { return encrypt_finalize(ctx, (unsigned char*)plaintext, plaintext_len, OP_DECRYPT); } diff --git a/src/internal.h b/src/internal.h index 4bae2aa..ac8062b 100644 --- a/src/internal.h +++ b/src/internal.h @@ -85,9 +85,9 @@ struct yaca_context_s { void (*context_destroy)(const yaca_context_h ctx); int (*get_output_length)(const yaca_context_h ctx, size_t input_len, size_t *output_len); int (*set_property)(yaca_context_h ctx, yaca_property_e property, - const void *value, size_t value_len); + const void *value, size_t value_len); int (*get_property)(const yaca_context_h ctx, yaca_property_e property, - void **value, size_t *value_len); + void **value, size_t *value_len); }; struct yaca_backup_context_s { @@ -172,30 +172,30 @@ void destroy_encrypt_context(const yaca_context_h ctx); int get_encrypt_output_length(const yaca_context_h ctx, size_t input_len, size_t *output_len); int set_encrypt_property(yaca_context_h ctx, yaca_property_e property, - const void *value, size_t value_len); + const void *value, size_t value_len); int get_encrypt_property(const yaca_context_h ctx, yaca_property_e property, - void **value, size_t *value_len); + void **value, size_t *value_len); int encrypt_get_algorithm(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t key_bit_len, - const EVP_CIPHER **cipher); + yaca_block_cipher_mode_e bcm, + size_t key_bit_len, + const EVP_CIPHER **cipher); int encrypt_initialize(yaca_context_h *ctx, - const EVP_CIPHER *cipher, - const yaca_key_h sym_key, - const yaca_key_h iv, - enum encrypt_op_type_e op_type); + const EVP_CIPHER *cipher, + const yaca_key_h sym_key, + const yaca_key_h iv, + enum encrypt_op_type_e op_type); int encrypt_update(yaca_context_h ctx, - const unsigned char *input, size_t input_len, - unsigned char *output, size_t *output_len, - enum encrypt_op_type_e op_type); + const unsigned char *input, size_t input_len, + unsigned char *output, size_t *output_len, + enum encrypt_op_type_e op_type); int encrypt_finalize(yaca_context_h ctx, - unsigned char *output, size_t *output_len, - enum encrypt_op_type_e op_type); + unsigned char *output, size_t *output_len, + enum encrypt_op_type_e op_type); struct yaca_key_simple_s *key_get_simple(const yaca_key_h key); struct yaca_key_evp_s *key_get_evp(const yaca_key_h key); diff --git a/src/key.c b/src/key.c index 404840a..a9fdfef 100644 --- a/src/key.c +++ b/src/key.c @@ -246,9 +246,9 @@ exit: } static int import_simple(yaca_key_h *key, - yaca_key_type_e key_type, - const char *data, - size_t data_len) + yaca_key_type_e key_type, + const char *data, + size_t data_len) { assert(key != NULL); assert(data != NULL); @@ -289,8 +289,8 @@ static int import_simple(yaca_key_h *key, if (key_type == YACA_KEY_TYPE_DES) { size_t key_bit_len = key_data_len * 8; if (key_bit_len != YACA_KEY_LENGTH_UNSAFE_64BIT && - key_bit_len != YACA_KEY_LENGTH_UNSAFE_128BIT && - key_bit_len != YACA_KEY_LENGTH_192BIT) { + key_bit_len != YACA_KEY_LENGTH_UNSAFE_128BIT && + key_bit_len != YACA_KEY_LENGTH_192BIT) { ret = YACA_ERROR_INVALID_PARAMETER; goto exit; } @@ -405,10 +405,10 @@ exit: } static int import_evp(yaca_key_h *key, - yaca_key_type_e key_type, - const char *password, - const char *data, - size_t data_len) + yaca_key_type_e key_type, + const char *password, + const char *data, + size_t data_len) { assert(key != NULL); assert(password == NULL || password[0] != '\0'); @@ -594,7 +594,7 @@ static int import_evp(yaca_key_h *key, } if ((key_type == YACA_KEY_TYPE_RSA_PRIV || key_type == YACA_KEY_TYPE_RSA_PUB) && - (EVP_PKEY_size(pkey) < YACA_KEY_LENGTH_512BIT / 8)) { + (EVP_PKEY_size(pkey) < YACA_KEY_LENGTH_512BIT / 8)) { ret = YACA_ERROR_INVALID_PARAMETER; goto exit; } @@ -617,8 +617,8 @@ exit: } static int export_simple_raw(struct yaca_key_simple_s *simple_key, - char **data, - size_t *data_len) + char **data, + size_t *data_len) { int ret; assert(simple_key != NULL); @@ -640,8 +640,8 @@ static int export_simple_raw(struct yaca_key_simple_s *simple_key, } static int export_simple_base64(struct yaca_key_simple_s *simple_key, - char **data, - size_t *data_len) + char **data, + size_t *data_len) { assert(simple_key != NULL); assert(data != NULL); @@ -707,9 +707,9 @@ exit: } static int export_evp_default_bio(struct yaca_key_evp_s *evp_key, - yaca_key_file_format_e key_file_fmt, - const char *password, - BIO *mem) + yaca_key_file_format_e key_file_fmt, + const char *password, + BIO *mem) { assert(evp_key != NULL); assert(password == NULL || password[0] != '\0'); @@ -731,7 +731,7 @@ static int export_evp_default_bio(struct yaca_key_evp_s *evp_key, case YACA_KEY_TYPE_DH_PRIV: case YACA_KEY_TYPE_EC_PRIV: ret = PEM_write_bio_PrivateKey(mem, evp_key->evp, enc, - NULL, 0, NULL, (void*)password); + NULL, 0, NULL, (void*)password); break; case YACA_KEY_TYPE_RSA_PUB: @@ -811,9 +811,9 @@ static int export_evp_default_bio(struct yaca_key_evp_s *evp_key, } static int export_evp_pkcs8_bio(struct yaca_key_evp_s *evp_key, - yaca_key_file_format_e key_file_fmt, - const char *password, - BIO *mem) + yaca_key_file_format_e key_file_fmt, + const char *password, + BIO *mem) { assert(evp_key != NULL); assert(password == NULL || password[0] != '\0'); @@ -836,7 +836,7 @@ static int export_evp_pkcs8_bio(struct yaca_key_evp_s *evp_key, case YACA_KEY_TYPE_DH_PRIV: case YACA_KEY_TYPE_EC_PRIV: ret = PEM_write_bio_PKCS8PrivateKey(mem, evp_key->evp, enc, - NULL, 0, NULL, (void*)password); + NULL, 0, NULL, (void*)password); break; default: @@ -853,7 +853,7 @@ static int export_evp_pkcs8_bio(struct yaca_key_evp_s *evp_key, case YACA_KEY_TYPE_DH_PRIV: case YACA_KEY_TYPE_EC_PRIV: ret = i2d_PKCS8PrivateKey_bio(mem, evp_key->evp, enc, - NULL, 0, NULL, (void*)password); + NULL, 0, NULL, (void*)password); break; default: @@ -876,11 +876,11 @@ static int export_evp_pkcs8_bio(struct yaca_key_evp_s *evp_key, } static int export_evp(struct yaca_key_evp_s *evp_key, - yaca_key_format_e key_fmt, - yaca_key_file_format_e key_file_fmt, - const char *password, - char **data, - size_t *data_len) + yaca_key_format_e key_fmt, + yaca_key_file_format_e key_file_fmt, + const char *password, + char **data, + size_t *data_len) { assert(evp_key != NULL); assert(password == NULL || password[0] != '\0'); @@ -972,8 +972,8 @@ static int generate_simple_des(struct yaca_key_simple_s **out, size_t key_bit_le assert(out != NULL); if (key_bit_len != YACA_KEY_LENGTH_UNSAFE_64BIT && - key_bit_len != YACA_KEY_LENGTH_UNSAFE_128BIT && - key_bit_len != YACA_KEY_LENGTH_192BIT) + key_bit_len != YACA_KEY_LENGTH_UNSAFE_128BIT && + key_bit_len != YACA_KEY_LENGTH_192BIT) return YACA_ERROR_INVALID_PARAMETER; int ret; @@ -1037,7 +1037,7 @@ static int generate_evp_pkey_params(int evp_id, size_t key_bit_len, EVP_PKEY **p switch (evp_id) { case EVP_PKEY_DSA: if ((key_bit_len & YACA_KEYLEN_COMPONENT_TYPE_MASK) != YACA_KEYLEN_COMPONENT_TYPE_BITS || - key_bit_len > INT_MAX || key_bit_len < 512 || key_bit_len % 64 != 0) + key_bit_len > INT_MAX || key_bit_len < 512 || key_bit_len % 64 != 0) return YACA_ERROR_INVALID_PARAMETER; bit_len = key_bit_len; @@ -1113,7 +1113,7 @@ static int generate_evp_pkey_params(int evp_id, size_t key_bit_len, EVP_PKEY **p * fact that the _set_dh_ variant actually passes EVP_PKEY_DHX: * ret = EVP_PKEY_CTX_set_dh_rfc5114(pctx, dh_rfc5114); */ ret = EVP_PKEY_CTX_ctrl(pctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DH_RFC5114, dh_rfc5114, NULL); + EVP_PKEY_CTRL_DH_RFC5114, dh_rfc5114, NULL); } else { ret = EVP_PKEY_CTX_set_dh_paramgen_prime_len(pctx, dh_prime_len); if (ret == 1) @@ -1191,7 +1191,7 @@ static int generate_evp_pkey_key(int evp_id, size_t key_bit_len, EVP_PKEY *param if (evp_id == EVP_PKEY_RSA) { if ((key_bit_len & YACA_KEYLEN_COMPONENT_TYPE_MASK) != YACA_KEYLEN_COMPONENT_TYPE_BITS || - key_bit_len > INT_MAX || key_bit_len < 512 || key_bit_len % 8 != 0) { + key_bit_len > INT_MAX || key_bit_len < 512 || key_bit_len % 8 != 0) { ret = YACA_ERROR_INVALID_PARAMETER; goto exit; } @@ -1219,7 +1219,7 @@ exit: } static int generate_evp(yaca_key_type_e out_type, size_t key_bit_len, - struct yaca_key_evp_s *params, struct yaca_key_evp_s **out) + struct yaca_key_evp_s *params, struct yaca_key_evp_s **out) { assert(out != NULL); assert(key_bit_len > 0 || params != NULL); @@ -1459,10 +1459,10 @@ API int yaca_key_get_bit_length(const yaca_key_h key, size_t *key_bit_len) } API int yaca_key_import(yaca_key_type_e key_type, - const char *password, - const char *data, - size_t data_len, - yaca_key_h *key) + const char *password, + const char *data, + size_t data_len, + yaca_key_h *key) { if (key == NULL || data == NULL || data_len == 0) return YACA_ERROR_INVALID_PARAMETER; @@ -1496,11 +1496,11 @@ API int yaca_key_import(yaca_key_type_e key_type, } API int yaca_key_export(const yaca_key_h key, - yaca_key_format_e key_fmt, - yaca_key_file_format_e key_file_fmt, - const char *password, - char **data, - size_t *data_len) + yaca_key_format_e key_fmt, + yaca_key_file_format_e key_file_fmt, + const char *password, + char **data, + size_t *data_len) { struct yaca_key_simple_s *simple_key = key_get_simple(key); struct yaca_key_evp_s *evp_key = key_get_evp(key); @@ -1516,25 +1516,25 @@ API int yaca_key_export(const yaca_key_h key, return YACA_ERROR_INVALID_PARAMETER; if (key_fmt == YACA_KEY_FORMAT_DEFAULT && - key_file_fmt == YACA_KEY_FILE_FORMAT_RAW && - simple_key != NULL) + key_file_fmt == YACA_KEY_FILE_FORMAT_RAW && + simple_key != NULL) return export_simple_raw(simple_key, data, data_len); if (key_fmt == YACA_KEY_FORMAT_DEFAULT && - key_file_fmt == YACA_KEY_FILE_FORMAT_BASE64 && - simple_key != NULL) + key_file_fmt == YACA_KEY_FILE_FORMAT_BASE64 && + simple_key != NULL) return export_simple_base64(simple_key, data, data_len); if (evp_key != NULL) return export_evp(evp_key, key_fmt, key_file_fmt, - password, data, data_len); + password, data, data_len); return YACA_ERROR_INVALID_PARAMETER; } API int yaca_key_generate(yaca_key_type_e key_type, - size_t key_bit_len, - yaca_key_h *key) + size_t key_bit_len, + yaca_key_h *key) { int ret; struct yaca_key_simple_s *nk_simple = NULL; @@ -1758,9 +1758,9 @@ API void yaca_key_destroy(yaca_key_h key) } API int yaca_key_derive_dh(const yaca_key_h prv_key, - const yaca_key_h pub_key, - char **secret, - size_t *secret_len) + const yaca_key_h pub_key, + char **secret, + size_t *secret_len) { int ret; struct yaca_key_evp_s *lprv_key = key_get_evp(prv_key); @@ -1770,11 +1770,11 @@ API int yaca_key_derive_dh(const yaca_key_h prv_key, size_t data_len; if (lprv_key == NULL || lpub_key == NULL || secret == NULL || secret_len == NULL || - (!(lprv_key->key.type == YACA_KEY_TYPE_DH_PRIV && - lpub_key->key.type == YACA_KEY_TYPE_DH_PUB) - && - !(lprv_key->key.type == YACA_KEY_TYPE_EC_PRIV && - lpub_key->key.type == YACA_KEY_TYPE_EC_PUB))) + (!(lprv_key->key.type == YACA_KEY_TYPE_DH_PRIV && + lpub_key->key.type == YACA_KEY_TYPE_DH_PUB) + && + !(lprv_key->key.type == YACA_KEY_TYPE_EC_PRIV && + lpub_key->key.type == YACA_KEY_TYPE_EC_PUB))) return YACA_ERROR_INVALID_PARAMETER; ctx = EVP_PKEY_CTX_new(lprv_key->evp, NULL); @@ -1833,21 +1833,21 @@ exit: } API int yaca_key_derive_kdf(yaca_kdf_e kdf, - yaca_digest_algorithm_e algo, - const char *secret, - size_t secret_len, - const char *info, - size_t info_len, - size_t key_material_len, - char **key_material) + yaca_digest_algorithm_e algo, + const char *secret, + size_t secret_len, + const char *info, + size_t info_len, + size_t key_material_len, + char **key_material) { int ret; char *out = NULL; const EVP_MD *md; if (secret == NULL || secret_len == 0 || - (info == NULL && info_len > 0) || (info != NULL && info_len == 0) || - key_material_len == 0 || key_material == NULL) + (info == NULL && info_len > 0) || (info != NULL && info_len == 0) || + key_material_len == 0 || key_material == NULL) return YACA_ERROR_INVALID_PARAMETER; ret = yaca_zalloc(key_material_len, (void**)&out); @@ -1861,8 +1861,8 @@ API int yaca_key_derive_kdf(yaca_kdf_e kdf, switch (kdf) { case YACA_KDF_X942: ret = DH_KDF_X9_42((unsigned char*)out, key_material_len, - (unsigned char*)secret, secret_len, - OBJ_nid2obj(NID_id_smime_alg_ESDH), (unsigned char*)info, info_len, md); + (unsigned char*)secret, secret_len, + OBJ_nid2obj(NID_id_smime_alg_ESDH), (unsigned char*)info, info_len, md); if (ret != 1 || out == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); @@ -1871,8 +1871,8 @@ API int yaca_key_derive_kdf(yaca_kdf_e kdf, break; case YACA_KDF_X962: ret = ECDH_KDF_X9_62((unsigned char*)out, key_material_len, - (unsigned char*)secret, secret_len, - (unsigned char*)info, info_len, md); + (unsigned char*)secret, secret_len, + (unsigned char*)info, info_len, md); if (ret != 1 || out == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); @@ -1894,12 +1894,12 @@ exit: } API int yaca_key_derive_pbkdf2(const char *password, - const char *salt, - size_t salt_len, - size_t iterations, - yaca_digest_algorithm_e algo, - size_t key_bit_len, - yaca_key_h *key) + const char *salt, + size_t salt_len, + size_t iterations, + yaca_digest_algorithm_e algo, + size_t key_bit_len, + yaca_key_h *key) { const EVP_MD *md; struct yaca_key_simple_s *nk; @@ -1907,8 +1907,8 @@ API int yaca_key_derive_pbkdf2(const char *password, int ret; if (password == NULL || - (salt == NULL && salt_len > 0) || (salt != NULL && salt_len == 0) || - iterations == 0 || key_bit_len == 0 || key == NULL) + (salt == NULL && salt_len > 0) || (salt != NULL && salt_len == 0) || + iterations == 0 || key_bit_len == 0 || key == NULL) return YACA_ERROR_INVALID_PARAMETER; if (key_bit_len % 8) /* Key length must be multiple of 8-bit_len */ @@ -1929,8 +1929,8 @@ API int yaca_key_derive_pbkdf2(const char *password, nk->key.type = YACA_KEY_TYPE_SYMMETRIC; ret = PKCS5_PBKDF2_HMAC(password, -1, (const unsigned char*)salt, - salt_len, iterations, md, key_byte_len, - (unsigned char*)nk->d); + salt_len, iterations, md, key_byte_len, + (unsigned char*)nk->d); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); diff --git a/src/rsa.c b/src/rsa.c index 436c3b9..7fbb6e4 100644 --- a/src/rsa.c +++ b/src/rsa.c @@ -57,12 +57,12 @@ int rsa_padding2openssl(yaca_padding_e padding) typedef int (*encrypt_decrypt_fn)(int, const unsigned char*, unsigned char*, RSA*, int); static int encrypt_decrypt(yaca_padding_e padding, - const yaca_key_h key, - const char *input, - size_t input_len, - char **output, - size_t *output_len, - encrypt_decrypt_fn fn) + const yaca_key_h key, + const char *input, + size_t input_len, + char **output, + size_t *output_len, + encrypt_decrypt_fn fn) { int ret; size_t max_len; @@ -71,7 +71,7 @@ static int encrypt_decrypt(yaca_padding_e padding, int lpadding; if ((input == NULL && input_len > 0) || (input != NULL && input_len == 0) || - output == NULL || output_len == NULL) + output == NULL || output_len == NULL) return YACA_ERROR_INVALID_PARAMETER; lpadding = rsa_padding2openssl(padding); @@ -94,10 +94,10 @@ static int encrypt_decrypt(yaca_padding_e padding, return ret; ret = fn(input_len, - (const unsigned char*)input, - (unsigned char*)loutput, - EVP_PKEY_get0_RSA(lasym_key->evp), - lpadding); + (const unsigned char*)input, + (unsigned char*)loutput, + EVP_PKEY_get0_RSA(lasym_key->evp), + lpadding); if (ret < 0) { ret = ERROR_HANDLE(); @@ -121,11 +121,11 @@ exit: API int yaca_rsa_public_encrypt(yaca_padding_e padding, - const yaca_key_h pub_key, - const char *plaintext, - size_t plaintext_len, - char **ciphertext, - size_t *ciphertext_len) + const yaca_key_h pub_key, + const char *plaintext, + size_t plaintext_len, + char **ciphertext, + size_t *ciphertext_len) { if (pub_key == YACA_KEY_NULL || pub_key->type != YACA_KEY_TYPE_RSA_PUB) return YACA_ERROR_INVALID_PARAMETER; @@ -141,20 +141,20 @@ API int yaca_rsa_public_encrypt(yaca_padding_e padding, } return encrypt_decrypt(padding, - pub_key, - plaintext, - plaintext_len, - ciphertext, - ciphertext_len, - RSA_public_encrypt); + pub_key, + plaintext, + plaintext_len, + ciphertext, + ciphertext_len, + RSA_public_encrypt); } API int yaca_rsa_private_decrypt(yaca_padding_e padding, - const yaca_key_h prv_key, - const char *ciphertext, - size_t ciphertext_len, - char **plaintext, - size_t *plaintext_len) + const yaca_key_h prv_key, + const char *ciphertext, + size_t ciphertext_len, + char **plaintext, + size_t *plaintext_len) { if (prv_key == YACA_KEY_NULL || prv_key->type != YACA_KEY_TYPE_RSA_PRIV) return YACA_ERROR_INVALID_PARAMETER; @@ -170,20 +170,20 @@ API int yaca_rsa_private_decrypt(yaca_padding_e padding, } return encrypt_decrypt(padding, - prv_key, - ciphertext, - ciphertext_len, - plaintext, - plaintext_len, - RSA_private_decrypt); + prv_key, + ciphertext, + ciphertext_len, + plaintext, + plaintext_len, + RSA_private_decrypt); } API int yaca_rsa_private_encrypt(yaca_padding_e padding, - const yaca_key_h prv_key, - const char *plaintext, - size_t plaintext_len, - char **ciphertext, - size_t *ciphertext_len) + const yaca_key_h prv_key, + const char *plaintext, + size_t plaintext_len, + char **ciphertext, + size_t *ciphertext_len) { if (prv_key == YACA_KEY_NULL || prv_key->type != YACA_KEY_TYPE_RSA_PRIV) return YACA_ERROR_INVALID_PARAMETER; @@ -197,20 +197,20 @@ API int yaca_rsa_private_encrypt(yaca_padding_e padding, } return encrypt_decrypt(padding, - prv_key, - plaintext, - plaintext_len, - ciphertext, - ciphertext_len, - RSA_private_encrypt); + prv_key, + plaintext, + plaintext_len, + ciphertext, + ciphertext_len, + RSA_private_encrypt); } API int yaca_rsa_public_decrypt(yaca_padding_e padding, - const yaca_key_h pub_key, - const char *ciphertext, - size_t ciphertext_len, - char **plaintext, - size_t *plaintext_len) + const yaca_key_h pub_key, + const char *ciphertext, + size_t ciphertext_len, + char **plaintext, + size_t *plaintext_len) { if (pub_key == YACA_KEY_NULL || pub_key->type != YACA_KEY_TYPE_RSA_PUB) return YACA_ERROR_INVALID_PARAMETER; @@ -224,10 +224,10 @@ API int yaca_rsa_public_decrypt(yaca_padding_e padding, } return encrypt_decrypt(padding, - pub_key, - ciphertext, - ciphertext_len, - plaintext, - plaintext_len, - RSA_public_decrypt); + pub_key, + ciphertext, + ciphertext_len, + plaintext, + plaintext_len, + RSA_public_decrypt); } diff --git a/src/seal.c b/src/seal.c index f9b16a4..a7c3b50 100644 --- a/src/seal.c +++ b/src/seal.c @@ -35,14 +35,14 @@ #include "internal.h" static int seal_generate_sym_key(yaca_encrypt_algorithm_e algo, - size_t sym_key_bit_len, - yaca_key_h *sym_key) + size_t sym_key_bit_len, + yaca_key_h *sym_key) { assert(sym_key != NULL); if (algo == YACA_ENCRYPT_3DES_3TDEA || - algo == YACA_ENCRYPT_UNSAFE_3DES_2TDEA || - algo == YACA_ENCRYPT_UNSAFE_DES) + algo == YACA_ENCRYPT_UNSAFE_3DES_2TDEA || + algo == YACA_ENCRYPT_UNSAFE_DES) return yaca_key_generate(YACA_KEY_TYPE_DES, sym_key_bit_len, sym_key); else return yaca_key_generate(YACA_KEY_TYPE_SYMMETRIC, sym_key_bit_len, sym_key); @@ -74,8 +74,8 @@ static int seal_generate_iv(const EVP_CIPHER *cipher, yaca_key_h *iv) /* used for asymmetric encryption and decryption */ static int seal_encrypt_decrypt_key(const yaca_key_h asym_key, - const yaca_key_h in_key, - yaca_key_h *out_key) + const yaca_key_h in_key, + yaca_key_h *out_key) { int ret; const struct yaca_key_evp_s *lasym_key; @@ -112,14 +112,14 @@ static int seal_encrypt_decrypt_key(const yaca_key_h asym_key, if (asym_key->type == YACA_KEY_TYPE_RSA_PRIV) ret = EVP_PKEY_decrypt_old((unsigned char*)lout_key->d, - (unsigned char*)lin_key->d, - lin_key->bit_len / 8, - lasym_key->evp); + (unsigned char*)lin_key->d, + lin_key->bit_len / 8, + lasym_key->evp); else ret = EVP_PKEY_encrypt_old((unsigned char*)lout_key->d, - (unsigned char*)lin_key->d, - lin_key->bit_len / 8, - lasym_key->evp); + (unsigned char*)lin_key->d, + lin_key->bit_len / 8, + lasym_key->evp); if (ret <= 0) { ret = ERROR_HANDLE(); @@ -143,12 +143,12 @@ exit: } API int yaca_seal_initialize(yaca_context_h *ctx, - const yaca_key_h pub_key, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t sym_key_bit_len, - yaca_key_h *sym_key, - yaca_key_h *iv) + const yaca_key_h pub_key, + yaca_encrypt_algorithm_e algo, + yaca_block_cipher_mode_e bcm, + size_t sym_key_bit_len, + yaca_key_h *sym_key, + yaca_key_h *iv) { int ret; const EVP_CIPHER *cipher; @@ -157,7 +157,7 @@ API int yaca_seal_initialize(yaca_context_h *ctx, yaca_key_h lenc_sym_key = YACA_KEY_NULL; if (pub_key == YACA_KEY_NULL || pub_key->type != YACA_KEY_TYPE_RSA_PUB || - sym_key == NULL || bcm == YACA_BCM_WRAP || sym_key_bit_len % 8 != 0) + sym_key == NULL || bcm == YACA_BCM_WRAP || sym_key_bit_len % 8 != 0) return YACA_ERROR_INVALID_PARAMETER; ret = encrypt_get_algorithm(algo, bcm, sym_key_bit_len, &cipher); @@ -201,36 +201,36 @@ exit: } API int yaca_seal_update(yaca_context_h ctx, - const char *plaintext, - size_t plaintext_len, - char *ciphertext, - size_t *ciphertext_len) + const char *plaintext, + size_t plaintext_len, + char *ciphertext, + size_t *ciphertext_len) { return encrypt_update(ctx, (const unsigned char*)plaintext, plaintext_len, - (unsigned char*)ciphertext, ciphertext_len, OP_SEAL); + (unsigned char*)ciphertext, ciphertext_len, OP_SEAL); } API int yaca_seal_finalize(yaca_context_h ctx, - char *ciphertext, - size_t *ciphertext_len) + char *ciphertext, + size_t *ciphertext_len) { return encrypt_finalize(ctx, (unsigned char*)ciphertext, ciphertext_len, OP_SEAL); } API int yaca_open_initialize(yaca_context_h *ctx, - const yaca_key_h prv_key, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t sym_key_bit_len, - const yaca_key_h sym_key, - const yaca_key_h iv) + const yaca_key_h prv_key, + yaca_encrypt_algorithm_e algo, + yaca_block_cipher_mode_e bcm, + size_t sym_key_bit_len, + const yaca_key_h sym_key, + const yaca_key_h iv) { int ret; const EVP_CIPHER *cipher; yaca_key_h lsym_key = YACA_KEY_NULL; if (prv_key == YACA_KEY_NULL || prv_key->type != YACA_KEY_TYPE_RSA_PRIV || - sym_key == YACA_KEY_NULL || bcm == YACA_BCM_WRAP || sym_key_bit_len % 8 != 0) + sym_key == YACA_KEY_NULL || bcm == YACA_BCM_WRAP || sym_key_bit_len % 8 != 0) return YACA_ERROR_INVALID_PARAMETER; ret = encrypt_get_algorithm(algo, bcm, sym_key_bit_len, &cipher); @@ -254,18 +254,18 @@ exit: } API int yaca_open_update(yaca_context_h ctx, - const char *ciphertext, - size_t ciphertext_len, - char *plaintext, - size_t *plaintext_len) + const char *ciphertext, + size_t ciphertext_len, + char *plaintext, + size_t *plaintext_len) { return encrypt_update(ctx, (const unsigned char*)ciphertext, ciphertext_len, - (unsigned char*)plaintext, plaintext_len, OP_OPEN); + (unsigned char*)plaintext, plaintext_len, OP_OPEN); } API int yaca_open_finalize(yaca_context_h ctx, - char *plaintext, - size_t *plaintext_len) + char *plaintext, + size_t *plaintext_len) { return encrypt_finalize(ctx, (unsigned char*)plaintext, plaintext_len, OP_OPEN); } diff --git a/src/sign.c b/src/sign.c index 6ef23df..23c9fa0 100644 --- a/src/sign.c +++ b/src/sign.c @@ -79,8 +79,8 @@ static struct yaca_sign_context_s *get_sign_context(const yaca_context_h ctx) } static int get_sign_output_length(const yaca_context_h ctx, - size_t input_len, - size_t *output_len) + size_t input_len, + size_t *output_len) { assert(output_len != NULL); @@ -124,9 +124,9 @@ static void destroy_sign_context(yaca_context_h ctx) } int set_sign_property(yaca_context_h ctx, - yaca_property_e property, - const void *value, - size_t value_len) + yaca_property_e property, + const void *value, + size_t value_len) { int ret; struct yaca_sign_context_s *c = get_sign_context(ctx); @@ -183,8 +183,8 @@ int set_sign_property(yaca_context_h ctx, } API int yaca_sign_initialize(yaca_context_h *ctx, - yaca_digest_algorithm_e algo, - const yaca_key_h prv_key) + yaca_digest_algorithm_e algo, + const yaca_key_h prv_key) { struct yaca_sign_context_s *nc = NULL; const EVP_MD *md = NULL; @@ -201,7 +201,7 @@ API int yaca_sign_initialize(yaca_context_h *ctx, switch (prv_key->type) { case YACA_KEY_TYPE_RSA_PRIV: if (EVP_MD_size(md) >= EVP_PKEY_size(evp_key->evp) || - (algo == YACA_DIGEST_SHA384 && (EVP_PKEY_size(evp_key->evp) <= YACA_KEY_LENGTH_512BIT / 8))) + (algo == YACA_DIGEST_SHA384 && (EVP_PKEY_size(evp_key->evp) <= YACA_KEY_LENGTH_512BIT / 8))) return YACA_ERROR_INVALID_PARAMETER; break; case YACA_KEY_TYPE_DSA_PRIV: @@ -247,8 +247,8 @@ exit: } API int yaca_sign_initialize_hmac(yaca_context_h *ctx, - yaca_digest_algorithm_e algo, - const yaca_key_h sym_key) + yaca_digest_algorithm_e algo, + const yaca_key_h sym_key) { struct yaca_sign_context_s *nc = NULL; EVP_PKEY *pkey = NULL; @@ -257,7 +257,7 @@ API int yaca_sign_initialize_hmac(yaca_context_h *ctx, const struct yaca_key_simple_s *simple_key = key_get_simple(sym_key); if (ctx == NULL || simple_key == NULL || - (sym_key->type != YACA_KEY_TYPE_SYMMETRIC && sym_key->type != YACA_KEY_TYPE_DES)) + (sym_key->type != YACA_KEY_TYPE_SYMMETRIC && sym_key->type != YACA_KEY_TYPE_DES)) return YACA_ERROR_INVALID_PARAMETER; ret = yaca_zalloc(sizeof(struct yaca_sign_context_s), (void**)&nc); @@ -272,9 +272,9 @@ API int yaca_sign_initialize_hmac(yaca_context_h *ctx, nc->ctx.get_property = NULL; pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, - NULL, - (unsigned char *)simple_key->d, - simple_key->bit_len / 8); + NULL, + (unsigned char *)simple_key->d, + simple_key->bit_len / 8); if (pkey == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); @@ -312,8 +312,8 @@ exit: } API int yaca_sign_initialize_cmac(yaca_context_h *ctx, - yaca_encrypt_algorithm_e algo, - const yaca_key_h sym_key) + yaca_encrypt_algorithm_e algo, + const yaca_key_h sym_key) { struct yaca_sign_context_s *nc = NULL; CMAC_CTX* cmac_ctx = NULL; @@ -323,7 +323,7 @@ API int yaca_sign_initialize_cmac(yaca_context_h *ctx, const struct yaca_key_simple_s *simple_key = key_get_simple(sym_key); if (ctx == NULL || simple_key == NULL || - (sym_key->type != YACA_KEY_TYPE_SYMMETRIC && sym_key->type != YACA_KEY_TYPE_DES)) + (sym_key->type != YACA_KEY_TYPE_SYMMETRIC && sym_key->type != YACA_KEY_TYPE_DES)) return YACA_ERROR_INVALID_PARAMETER; ret = yaca_zalloc(sizeof(struct yaca_sign_context_s), (void**)&nc); @@ -398,14 +398,14 @@ exit: } API int yaca_sign_update(yaca_context_h ctx, - const char *message, - size_t message_len) + const char *message, + size_t message_len) { struct yaca_sign_context_s *c = get_sign_context(ctx); int ret; if (c == NULL || c->op_type != OP_SIGN || - message == NULL || message_len == 0) + message == NULL || message_len == 0) return YACA_ERROR_INVALID_PARAMETER; if (!verify_state_change(c, CTX_MSG_UPDATED)) @@ -423,14 +423,14 @@ API int yaca_sign_update(yaca_context_h ctx, } API int yaca_sign_finalize(yaca_context_h ctx, - char *signature, - size_t *signature_len) + char *signature, + size_t *signature_len) { struct yaca_sign_context_s *c = get_sign_context(ctx); int ret; if (c == NULL || c->op_type != OP_SIGN || - signature == NULL || signature_len == NULL || *signature_len == 0) + signature == NULL || signature_len == NULL || *signature_len == 0) return YACA_ERROR_INVALID_PARAMETER; if (!verify_state_change(c, CTX_FINALIZED)) @@ -448,8 +448,8 @@ API int yaca_sign_finalize(yaca_context_h ctx, } API int yaca_verify_initialize(yaca_context_h *ctx, - yaca_digest_algorithm_e algo, - const yaca_key_h pub_key) + yaca_digest_algorithm_e algo, + const yaca_key_h pub_key) { struct yaca_sign_context_s *nc = NULL; const EVP_MD *md = NULL; @@ -466,7 +466,7 @@ API int yaca_verify_initialize(yaca_context_h *ctx, switch (pub_key->type) { case YACA_KEY_TYPE_RSA_PUB: if (EVP_MD_size(md) >= EVP_PKEY_size(evp_key->evp) || - (algo == YACA_DIGEST_SHA384 && (EVP_PKEY_size(evp_key->evp) <= YACA_KEY_LENGTH_512BIT / 8))) + (algo == YACA_DIGEST_SHA384 && (EVP_PKEY_size(evp_key->evp) <= YACA_KEY_LENGTH_512BIT / 8))) return YACA_ERROR_INVALID_PARAMETER; break; case YACA_KEY_TYPE_DSA_PUB: @@ -512,8 +512,8 @@ exit: } API int yaca_verify_update(yaca_context_h ctx, - const char *message, - size_t message_len) + const char *message, + size_t message_len) { struct yaca_sign_context_s *c = get_sign_context(ctx); int ret; @@ -536,8 +536,8 @@ API int yaca_verify_update(yaca_context_h ctx, } API int yaca_verify_finalize(yaca_context_h ctx, - const char *signature, - size_t signature_len) + const char *signature, + size_t signature_len) { struct yaca_sign_context_s *c = get_sign_context(ctx); int ret; @@ -549,8 +549,8 @@ API int yaca_verify_finalize(yaca_context_h ctx, return YACA_ERROR_INVALID_PARAMETER; ret = EVP_DigestVerifyFinal(c->md_ctx, - (unsigned char *)signature, - signature_len); + (unsigned char *)signature, + signature_len); if (ret == 1) { c->state = CTX_FINALIZED; diff --git a/src/simple.c b/src/simple.c index 00d9b3c..e4c7a38 100644 --- a/src/simple.c +++ b/src/simple.c @@ -34,10 +34,10 @@ #include "internal.h" API int yaca_simple_calculate_digest(yaca_digest_algorithm_e algo, - const char *data, - size_t data_len, - char **digest, - size_t *digest_len) + const char *data, + size_t data_len, + char **digest, + size_t *digest_len) { yaca_context_h ctx; int ret; @@ -45,7 +45,7 @@ API int yaca_simple_calculate_digest(yaca_digest_algorithm_e algo, size_t ldigest_len; if ((data == NULL && data_len > 0) || (data != NULL && data_len == 0) || - digest == NULL || digest_len == NULL) + digest == NULL || digest_len == NULL) return YACA_ERROR_INVALID_PARAMETER; ret = yaca_digest_initialize(&ctx, algo); @@ -84,13 +84,13 @@ exit: } API int yaca_simple_encrypt(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv, - const char *plaintext, - size_t plaintext_len, - char **ciphertext, - size_t *ciphertext_len) + yaca_block_cipher_mode_e bcm, + const yaca_key_h sym_key, + const yaca_key_h iv, + const char *plaintext, + size_t plaintext_len, + char **ciphertext, + size_t *ciphertext_len) { yaca_context_h ctx; int ret; @@ -100,9 +100,9 @@ API int yaca_simple_encrypt(yaca_encrypt_algorithm_e algo, size_t written = 0; if ((plaintext == NULL && plaintext_len > 0) || (plaintext != NULL && plaintext_len == 0) || - ciphertext == NULL || ciphertext_len == NULL || - sym_key == YACA_KEY_NULL || - bcm == YACA_BCM_CCM || bcm == YACA_BCM_GCM) + ciphertext == NULL || ciphertext_len == NULL || + sym_key == YACA_KEY_NULL || + bcm == YACA_BCM_CCM || bcm == YACA_BCM_GCM) return YACA_ERROR_INVALID_PARAMETER; ret = yaca_encrypt_initialize(&ctx, algo, bcm, sym_key, iv); @@ -148,7 +148,7 @@ API int yaca_simple_encrypt(yaca_encrypt_algorithm_e algo, assert(written <= lciphertext_len); if (((bcm == YACA_BCM_CBC || bcm == YACA_BCM_ECB) && written == 0) || - (bcm != YACA_BCM_CBC && bcm != YACA_BCM_ECB && plaintext_len == 0 && written > 0)) { + (bcm != YACA_BCM_CBC && bcm != YACA_BCM_ECB && plaintext_len == 0 && written > 0)) { ret = YACA_ERROR_INTERNAL; goto exit; } @@ -175,13 +175,13 @@ exit: } API int yaca_simple_decrypt(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv, - const char *ciphertext, - size_t ciphertext_len, - char **plaintext, - size_t *plaintext_len) + yaca_block_cipher_mode_e bcm, + const yaca_key_h sym_key, + const yaca_key_h iv, + const char *ciphertext, + size_t ciphertext_len, + char **plaintext, + size_t *plaintext_len) { yaca_context_h ctx; int ret; @@ -191,10 +191,10 @@ API int yaca_simple_decrypt(yaca_encrypt_algorithm_e algo, size_t written = 0; if ((ciphertext == NULL && ciphertext_len > 0) || (ciphertext != NULL && ciphertext_len == 0) || - ((bcm == YACA_BCM_ECB || bcm == YACA_BCM_CBC) && ciphertext == NULL && ciphertext_len == 0) || - plaintext == NULL || plaintext_len == NULL || - sym_key == YACA_KEY_NULL || - bcm == YACA_BCM_CCM || bcm == YACA_BCM_GCM) + ((bcm == YACA_BCM_ECB || bcm == YACA_BCM_CBC) && ciphertext == NULL && ciphertext_len == 0) || + plaintext == NULL || plaintext_len == NULL || + sym_key == YACA_KEY_NULL || + bcm == YACA_BCM_CCM || bcm == YACA_BCM_GCM) return YACA_ERROR_INVALID_PARAMETER; ret = yaca_decrypt_initialize(&ctx, algo, bcm, sym_key, iv); @@ -266,7 +266,7 @@ exit: } static int sign(const yaca_context_h ctx, const char *data, size_t data_len, - char **signature, size_t *signature_len) + char **signature, size_t *signature_len) { int ret; @@ -299,17 +299,17 @@ static int sign(const yaca_context_h ctx, const char *data, size_t data_len, } API int yaca_simple_calculate_signature(yaca_digest_algorithm_e algo, - const yaca_key_h prv_key, - const char *data, - size_t data_len, - char **signature, - size_t *signature_len) + const yaca_key_h prv_key, + const char *data, + size_t data_len, + char **signature, + size_t *signature_len) { int ret; yaca_context_h ctx = YACA_CONTEXT_NULL; if ((data == NULL && data_len > 0) || (data != NULL && data_len == 0) || - signature == NULL || signature_len == NULL) + signature == NULL || signature_len == NULL) return YACA_ERROR_INVALID_PARAMETER; ret = yaca_sign_initialize(&ctx, algo, prv_key); @@ -324,17 +324,17 @@ API int yaca_simple_calculate_signature(yaca_digest_algorithm_e algo, } API int yaca_simple_verify_signature(yaca_digest_algorithm_e algo, - const yaca_key_h pub_key, - const char *data, - size_t data_len, - const char *signature, - size_t signature_len) + const yaca_key_h pub_key, + const char *data, + size_t data_len, + const char *signature, + size_t signature_len) { int ret; yaca_context_h ctx = YACA_CONTEXT_NULL; if ((data == NULL && data_len > 0) || (data != NULL && data_len == 0) || - signature == NULL || signature_len == 0) + signature == NULL || signature_len == 0) return YACA_ERROR_INVALID_PARAMETER; ret = yaca_verify_initialize(&ctx, algo, pub_key); @@ -356,17 +356,17 @@ exit: } API int yaca_simple_calculate_hmac(yaca_digest_algorithm_e algo, - const yaca_key_h sym_key, - const char *data, - size_t data_len, - char **mac, - size_t *mac_len) + const yaca_key_h sym_key, + const char *data, + size_t data_len, + char **mac, + size_t *mac_len) { int ret; yaca_context_h ctx = YACA_CONTEXT_NULL; if ((data == NULL && data_len > 0) || (data != NULL && data_len == 0) || - mac == NULL || mac_len == NULL) + mac == NULL || mac_len == NULL) return YACA_ERROR_INVALID_PARAMETER; ret = yaca_sign_initialize_hmac(&ctx, algo, sym_key); @@ -381,17 +381,17 @@ API int yaca_simple_calculate_hmac(yaca_digest_algorithm_e algo, } API int yaca_simple_calculate_cmac(yaca_encrypt_algorithm_e algo, - const yaca_key_h sym_key, - const char *data, - size_t data_len, - char **mac, - size_t *mac_len) + const yaca_key_h sym_key, + const char *data, + size_t data_len, + char **mac, + size_t *mac_len) { int ret; yaca_context_h ctx = YACA_CONTEXT_NULL; if ((data == NULL && data_len > 0) || (data != NULL && data_len == 0) || - mac == NULL || mac_len == NULL) + mac == NULL || mac_len == NULL) return YACA_ERROR_INVALID_PARAMETER; ret = yaca_sign_initialize_cmac(&ctx, algo, sym_key); -- 2.7.4 From a32e8b8b168bc497cdacd139e555a6bc77e695d1 Mon Sep 17 00:00:00 2001 From: Mateusz Forc Date: Wed, 23 Nov 2016 13:04:57 +0100 Subject: [PATCH 06/16] YACA : Make capi-base-common an optional dependency Change-Id: I6cc9995fecc7a5bf9849fb4d0e2d5e2c26058fa1 --- api/yaca/yaca_error.h | 11 +++++++++-- src/CMakeLists.txt | 8 +++++++- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/api/yaca/yaca_error.h b/api/yaca/yaca_error.h index f062812..c571485 100644 --- a/api/yaca/yaca_error.h +++ b/api/yaca/yaca_error.h @@ -21,11 +21,18 @@ * @brief Error enums and defines. */ +#ifdef CAPI_BASE_COMMON_PRESENT +#include +#else +#include +#define TIZEN_ERROR_NONE 0 +#define TIZEN_ERROR_INVALID_PARAMETER -EINVAL +#define TIZEN_ERROR_OUT_OF_MEMORY -ENOMEM +#endif + #ifndef YACA_ERROR_H #define YACA_ERROR_H -#include - #ifdef __cplusplus extern "C" { #endif diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index ae4168b..8d8badd 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -45,7 +45,13 @@ SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES VERSION ${_LIB_VERSION_}) ## Link libraries ############################################################## -PKG_CHECK_MODULES(YACA_DEPS REQUIRED openssl capi-base-common) +PKG_CHECK_MODULES(YACA_DEPS REQUIRED openssl) + +PKG_CHECK_MODULES(CAPI_BASE_COMMON capi-base-common) +IF (CAPI_BASE_COMMON_FOUND) + ADD_DEFINITIONS(-DCAPI_BASE_COMMON_PRESENT) + INCLUDE_DIRECTORIES(SYSTEM ${CAPI_BASE_COMMON_INCLUDE_DIRS}) +ENDIF() FIND_PACKAGE (Threads) -- 2.7.4 From 6a9daa80f2d8aa268f7f6613e6bcbf42d48379d9 Mon Sep 17 00:00:00 2001 From: "sangwan.kwon" Date: Fri, 3 Feb 2017 15:33:14 +0900 Subject: [PATCH 07/16] Apply the reviewed API documentation Change-Id: I071343de3d70cf0bcc4b1bf10b53ea878ff3da5d Signed-off-by: sangwan.kwon --- api/yaca/yaca_crypto.h | 237 +++++++++++--------------- api/yaca/yaca_digest.h | 69 ++++---- api/yaca/yaca_encrypt.h | 215 ++++++++++------------- api/yaca/yaca_error.h | 38 +++-- api/yaca/yaca_key.h | 441 ++++++++++++++++++++---------------------------- api/yaca/yaca_rsa.h | 168 ++++++++---------- api/yaca/yaca_seal.h | 238 +++++++++++--------------- api/yaca/yaca_sign.h | 260 ++++++++++++---------------- api/yaca/yaca_simple.h | 332 +++++++++++++++--------------------- api/yaca/yaca_types.h | 171 +++++++++---------- 10 files changed, 916 insertions(+), 1253 deletions(-) diff --git a/api/yaca/yaca_crypto.h b/api/yaca/yaca_crypto.h index 56425eb..6108336 100644 --- a/api/yaca/yaca_crypto.h +++ b/api/yaca/yaca_crypto.h @@ -16,283 +16,246 @@ * limitations under the License */ + /** - * @file yaca_crypto.h - * @brief Non crypto related functions. + * @file yaca_crypto.h + * @brief Non crypto related functions. */ + #ifndef YACA_CRYPTO_H #define YACA_CRYPTO_H + #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_ENCRYPTION_MODULE * @{ */ + /** - * @brief NULL value for the crypto context. - * + * @brief Definition for NULL value for the crypto context. * @since_tizen 3.0 */ #define YACA_CONTEXT_NULL ((yaca_context_h) NULL) + /** - * @brief Initializes the library. Must be called before any other crypto - * function. Should be called once in each thread that uses yaca. - * + * @brief Initializes the library. Must be called before any other crypto + * function. Should be called once in each thread that uses yaca. * @since_tizen 3.0 - * - * @return #YACA_ERROR_NONE on success, negative on error + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_cleanup() */ int yaca_initialize(void); + /** - * @brief Cleans up the library. Must be called before exiting the thread that - * called yaca_initialize(). - * + * @brief Cleans up the library. Must be called before exiting the thread that called yaca_initialize(). * @since_tizen 3.0 - * * @see yaca_initialize() */ void yaca_cleanup(void); + /** - * @brief Allocates the memory. - * + * @brief Allocates the memory. * @since_tizen 3.0 - * - * @remarks The @a memory should be freed using yaca_free(). - * - * @param[in] size Size of the allocation (bytes) + * @remarks The @a memory should be freed using yaca_free(). + * @param[in] size Size of the allocation (bytes) * @param[out] memory Allocated memory - * - * @return #YACA_ERROR_NONE on success, negative on error + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error - * * @see yaca_zalloc() * @see yaca_realloc() * @see yaca_free() */ int yaca_malloc(size_t size, void **memory); + /** - * @brief Allocates the zeroed memory. - * + * @brief Allocates the zeroed memory. * @since_tizen 3.0 - * - * @remarks The @a memory should be freed using yaca_free(). - * - * @param[in] size Size of the allocation (bytes) - * @param[out] memory Allocated memory - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a memory should be freed using yaca_free(). + * @param[in] size Size of the allocation (bytes) + * @param[out] memory Allocated memory + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error - * * @see yaca_malloc() * @see yaca_realloc() * @see yaca_free() */ int yaca_zalloc(size_t size, void **memory); + /** - * @brief Re-allocates the memory. - * + * @brief Re-allocates the memory. * @since_tizen 3.0 - * - * @remarks In case of failure the function doesn't free the memory pointed by @a memory. - * - * @remarks If @a memory is NULL then the call is equivalent to yaca_malloc(). - * - * @remarks If the function fails the contents of @a memory will be left unchanged. - * - * @remarks The @a memory should be freed using yaca_free(). - * - * @param[in] size Size of the new allocation (bytes) + * @remarks In case of failure the function doesn't free the memory pointed by @a memory. + * @remarks If @a memory is NULL then the call is equivalent to yaca_malloc(). + * @remarks If the function fails the contents of @a memory will be left unchanged. + * @remarks The @a memory should be freed using yaca_free(). + * @param[in] size Size of the new allocation (bytes) * @param[in,out] memory Memory to be reallocated - * - * @return #YACA_ERROR_NONE on success, negative on error + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error - * * @see yaca_malloc() * @see yaca_zalloc() * @see yaca_free() */ int yaca_realloc(size_t size, void **memory); + /** - * @brief Frees the memory allocated by yaca_malloc(), yaca_zalloc(), - * yaca_realloc() or one of the cryptographic operations. - * + * @brief Frees the memory allocated by yaca_malloc(), yaca_zalloc(), + * yaca_realloc() or one of the cryptographic operations. * @since_tizen 3.0 - * - * @param[in] memory Pointer to the memory to be freed - * + * @param[in] memory Pointer to the memory to be freed * @see yaca_malloc() * @see yaca_zalloc() * @see yaca_realloc() */ void yaca_free(void *memory); + /** - * @brief Safely compares first @a len bytes of two buffers. - * + * @brief Safely compares first @a len bytes of two buffers. * @since_tizen 3.0 - * - * @param[in] first Pointer to the first buffer - * @param[in] second Pointer to the second buffer - * @param[in] len Length to compare - * - * @return #YACA_ERROR_NONE when buffers are equal otherwise #YACA_ERROR_DATA_MISMATCH + * @param[in] first Pointer to the first buffer + * @param[in] second Pointer to the second buffer + * @param[in] len Length to compare + * @return #YACA_ERROR_NONE when buffers are equal, + * otherwise #YACA_ERROR_DATA_MISMATCH * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0) * @retval #YACA_ERROR_DATA_MISMATCH Buffers are different */ int yaca_memcmp(const void *first, const void *second, size_t len); + /** - * @brief Generates random data. - * + * @brief Generates random data. * @since_tizen 3.0 - * - * @param[in,out] data Pointer to the memory to be randomized - * @param[in] data_len Length of the memory to be randomized - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in,out] data Pointer to the memory to be randomized + * @param[in] data_len Length of the memory to be randomized + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0) * @retval #YACA_ERROR_INTERNAL Internal error */ int yaca_randomize_bytes(char *data, size_t data_len); + /** - * @brief Sets the non-standard context properties. Can only be called on an - * initialized context. - * - * @remarks The @a value has to be of type appropriate for given property. See #yaca_property_e - * for details on corresponding types. - * + * @brief Sets the non-standard context properties. Can only be called on an initialized context. * @since_tizen 3.0 - * - * @param[in,out] ctx Previously initialized crypto context - * @param[in] property Property to be set - * @param[in] value Property value - * @param[in] value_len Length of the property value - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a value has to be of type appropriate for given property. See #yaca_property_e + * for details on corresponding types. + * @param[in,out] ctx Previously initialized crypto context + * @param[in] property Property to be set + * @param[in] value Property value + * @param[in] value_len Length of the property value + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a ctx or @a property) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_property_e * @see yaca_context_get_property() */ -int yaca_context_set_property(yaca_context_h ctx, - yaca_property_e property, - const void *value, - size_t value_len); +int yaca_context_set_property(yaca_context_h ctx, yaca_property_e property, const void *value, size_t value_len); + /** - * @brief Returns the non-standard context properties. Can only be called on an - * initialized context. - * + * @brief Returns the non-standard context properties. Can only be called on an initialized context. * @since_tizen 3.0 - * - * @remarks The @a value should be freed using yaca_free(). - * - * @remarks The @a value has to be of type appropriate for given property. See #yaca_property_e - * for details on corresponding types. - * - * @remarks The @a value_len can be NULL if returned @a value is a single object - * (i.e. not an array/buffer). - * - * @param[in] ctx Previously initialized crypto context - * @param[in] property Property to be read - * @param[out] value Copy of the property value - * @param[out] value_len Length of the property value will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a value should be freed using yaca_free(). + * @remarks The @a value has to be of type appropriate for given property. See #yaca_property_e + * for details on corresponding types. + * @remarks The @a value_len can be NULL if returned @a value is a single object (i.e. not an array/buffer). + * @param[in] ctx Previously initialized crypto context + * @param[in] property Property to be read + * @param[out] value Copy of the property value + * @param[out] value_len Length of the property value will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx or @a property) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_property_e * @see yaca_context_set_property() * @see yaca_free() */ -int yaca_context_get_property(const yaca_context_h ctx, - yaca_property_e property, - void **value, - size_t *value_len); +int yaca_context_get_property(const yaca_context_h ctx, yaca_property_e property, void **value, size_t *value_len); + /** - * @brief Returns the minimum required size of the output buffer for a single crypto function call. - * + * @brief Returns the minimum required size of the output buffer for a single crypto function call. * @since_tizen 3.0 - * - * @remarks This function should be used to learn the required size of the output buffer - * for a single function call (eg. *_update or *_finalize). The actual output length - * (number of bytes that has been used) will be returned by the function call itself. - * - * @remarks In case the function call has no output (e.g. yaca_sign_update(), - * yaca_digest_update()), there is no need to use this function. - * - * @remarks In case the function call has no input (eg. *_finalize), the value of - * @a input_len has to be set to 0. - * - * @param[in] ctx Previously initialized crypto context - * @param[in] input_len Length of the input data to be processed - * @param[out] output_len Required length of the output - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks This function should be used to learn the required size of the output buffer + * for a single function call (eg. *_update or *_finalize). The actual output length + * (number of bytes that has been used) will be returned by the function call itself. + * @remarks In case the function call has no output (e.g. yaca_sign_update(), + * yaca_digest_update()), there is no need to use this function. + * @remarks In case the function call has no input (eg. *_finalize), the value of + * @a input_len has to be set to 0. + * @param[in] ctx Previously initialized crypto context + * @param[in] input_len Length of the input data to be processed + * @param[out] output_len Required length of the output + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx or too big @a input_len) * @retval #YACA_ERROR_INTERNAL Internal error */ -int yaca_context_get_output_length(const yaca_context_h ctx, - size_t input_len, - size_t *output_len); +int yaca_context_get_output_length(const yaca_context_h ctx, size_t input_len, size_t *output_len); + /** - * @brief Destroys the crypto context. Must be called on all contexts that are - * no longer used. Passing #YACA_CONTEXT_NULL is allowed. - * + * @brief Destroys the crypto context. Must be called on all contexts that are no longer used. + * Passing #YACA_CONTEXT_NULL is allowed. * @since_tizen 3.0 - * * @param[in,out] ctx Crypto context - * * @see #yaca_context_h - * */ void yaca_context_destroy(yaca_context_h ctx); + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_CRYPTO_H */ diff --git a/api/yaca/yaca_digest.h b/api/yaca/yaca_digest.h index 8d3bd02..377f85b 100644 --- a/api/yaca/yaca_digest.h +++ b/api/yaca/yaca_digest.h @@ -16,43 +16,45 @@ * limitations under the License */ + /** - * @file yaca_digest.h - * @brief Advanced API for the message digests. + * @file yaca_digest.h + * @brief Advanced API for the message digests. */ + #ifndef YACA_DIGEST_H #define YACA_DIGEST_H + #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_INTEGRITY_MODULE * @{ */ + /** - * @brief Initializes a digest context. - * + * @brief Initializes a digest context. * @since_tizen 3.0 - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @param[out] ctx Newly created context - * @param[in] algo Digest algorithm that will be used - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @param[out] ctx Newly created context + * @param[in] algo Digest algorithm that will be used + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_digest_algorithm_e * @see yaca_digest_update() * @see yaca_digest_finalize() @@ -60,58 +62,55 @@ extern "C" { */ int yaca_digest_initialize(yaca_context_h *ctx, yaca_digest_algorithm_e algo); + /** - * @brief Feeds the message into the message digest algorithm. - * + * @brief Feeds the message into the message digest algorithm. * @since_tizen 3.0 - * - * @param[in,out] ctx Context created by yaca_digest_initialize() - * @param[in] message Message from which the digest is to be calculated - * @param[in] message_len Length of the message - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in,out] ctx Context created by yaca_digest_initialize() + * @param[in] message Message from which the digest is to be calculated + * @param[in] message_len Length of the message + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_digest_initialize() * @see yaca_digest_finalize() */ int yaca_digest_update(yaca_context_h ctx, const char *message, size_t message_len); + /** - * @brief Calculates the final digest. - * + * @brief Calculates the final digest. * @since_tizen 3.0 - * - * @remarks Skipping yaca_digest_update() and calling only yaca_digest_finalize() will produce an - * empty message digest. - * - * @param[in,out] ctx A valid digest context - * @param[out] digest Buffer for the message digest - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] digest_len Length of the digest, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Skipping yaca_digest_update() and calling only yaca_digest_finalize() will produce an empty message digest. + * @param[in,out] ctx A valid digest context + * @param[out] digest Buffer for the message digest + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] digest_len Length of the digest, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_digest_initialize() * @see yaca_digest_update() * @see yaca_context_get_output_length() */ int yaca_digest_finalize(yaca_context_h ctx, char *digest, size_t *digest_len); + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_DIGEST_H */ diff --git a/api/yaca/yaca_encrypt.h b/api/yaca/yaca_encrypt.h index 4031f2c..ba2de37 100644 --- a/api/yaca/yaca_encrypt.h +++ b/api/yaca/yaca_encrypt.h @@ -16,238 +16,201 @@ * limitations under the License */ + /** - * @file yaca_encrypt.h - * @brief Advanced API for the symmetric encryption. + * @file yaca_encrypt.h + * @brief Advanced API for the symmetric encryption. */ + #ifndef YACA_ENCRYPT_H #define YACA_ENCRYPT_H + #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_ENCRYPTION_MODULE * @{ */ + /** - * @brief Returns the recommended/default length of the Initialization Vector - * for a given encryption configuration. - * + * @brief Returns the recommended/default length of the Initialization Vector for a given encryption configuration. * @since_tizen 3.0 - * - * @remarks If returned @a iv_bit_len equals 0 that means that for this - * specific algorithm and its parameters Initialization Vector is not used. - * - * @param[in] algo Encryption algorithm - * @param[in] bcm Chain mode - * @param[in] key_bit_len Key length in bits - * @param[out] iv_bit_len Recommended Initialization Vector length in bits - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks If returned @a iv_bit_len equals 0 that means that for this + * specific algorithm and its parameters Initialization Vector is not used. + * @param[in] algo Encryption algorithm + * @param[in] bcm Chain mode + * @param[in] key_bit_len Key length in bits + * @param[out] iv_bit_len Recommended Initialization Vector length in bits + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo, @a bcm or @a key_bit_len) * @retval #YACA_ERROR_INTERNAL Internal error - * */ -int yaca_encrypt_get_iv_bit_length(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t key_bit_len, - size_t *iv_bit_len); +int yaca_encrypt_get_iv_bit_length(yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, size_t key_bit_len, size_t *iv_bit_len); + /** - * @brief Initializes an encryption context. - * + * @brief Initializes an encryption context. * @since_tizen 3.0 - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @param[out] ctx Newly created context - * @param[in] algo Encryption algorithm that will be used - * @param[in] bcm Chaining mode that will be used - * @param[in] sym_key Symmetric key that will be used - * @param[in] iv Initialization Vector that will be used - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @param[out] ctx Newly created context + * @param[in] algo Encryption algorithm that will be used + * @param[in] bcm Chaining mode that will be used + * @param[in] sym_key Symmetric key that will be used + * @param[in] iv Initialization Vector that will be used + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo, @a bcm, @a sym_key or @a iv) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_encrypt_algorithm_e * @see #yaca_block_cipher_mode_e * @see yaca_encrypt_update() * @see yaca_encrypt_finalize() * @see yaca_context_destroy() */ -int yaca_encrypt_initialize(yaca_context_h *ctx, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv); +int yaca_encrypt_initialize(yaca_context_h *ctx, yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, const yaca_key_h sym_key, const yaca_key_h iv); + /** - * @brief Encrypts chunk of the data. - * + * @brief Encrypts chunk of the data. * @since_tizen 3.0 - * - * @param[in,out] ctx Context created by yaca_encrypt_initialize() - * @param[in] plaintext Plaintext to be encrypted - * @param[in] plaintext_len Length of the plaintext - * @param[out] ciphertext Buffer for the encrypted data - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] ciphertext_len Length of the encrypted data, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in,out] ctx Context created by yaca_encrypt_initialize() + * @param[in] plaintext Plaintext to be encrypted + * @param[in] plaintext_len Length of the plaintext + * @param[out] ciphertext Buffer for the encrypted data + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] ciphertext_len Length of the encrypted data, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_encrypt_initialize() * @see yaca_encrypt_finalize() * @see yaca_context_get_output_length() */ -int yaca_encrypt_update(yaca_context_h ctx, - const char *plaintext, - size_t plaintext_len, - char *ciphertext, - size_t *ciphertext_len); +int yaca_encrypt_update(yaca_context_h ctx, const char *plaintext, size_t plaintext_len, char *ciphertext, size_t *ciphertext_len); + /** - * @brief Encrypts the final chunk of the data. - * - * @remarks Skipping yaca_encrypt_update() and calling only yaca_encrypt_finalize() will produce an - * encryption of an empty message. - * + * @brief Encrypts the final chunk of the data. * @since_tizen 3.0 - * - * @param[in,out] ctx A valid encrypt context - * @param[out] ciphertext Final piece of the encrypted data - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] ciphertext_len Length of the final piece, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Skipping yaca_encrypt_update() and calling only yaca_encrypt_finalize() will produce an encryption of an empty message. + * @param[in,out] ctx A valid encrypt context + * @param[out] ciphertext Final piece of the encrypted data + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] ciphertext_len Length of the final piece, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_encrypt_initialize() * @see yaca_encrypt_update() * @see yaca_context_get_output_length() */ -int yaca_encrypt_finalize(yaca_context_h ctx, - char *ciphertext, - size_t *ciphertext_len); +int yaca_encrypt_finalize(yaca_context_h ctx, char *ciphertext, size_t *ciphertext_len); + /** - * @brief Initializes an decryption context. - * + * @brief Initializes an decryption context. * @since_tizen 3.0 - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @param[out] ctx Newly created context - * @param[in] algo Encryption algorithm that was used to encrypt the data - * @param[in] bcm Chaining mode that was used to encrypt the data - * @param[in] sym_key Symmetric key that was used to encrypt the data - * @param[in] iv Initialization Vector that was used to encrypt the data - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @param[out] ctx Newly created context + * @param[in] algo Encryption algorithm that was used to encrypt the data + * @param[in] bcm Chaining mode that was used to encrypt the data + * @param[in] sym_key Symmetric key that was used to encrypt the data + * @param[in] iv Initialization Vector that was used to encrypt the data + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo, @a bcm, @a sym_key or @a iv) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_encrypt_algorithm_e * @see #yaca_block_cipher_mode_e * @see yaca_decrypt_update() * @see yaca_decrypt_finalize() * @see yaca_context_destroy() */ -int yaca_decrypt_initialize(yaca_context_h *ctx, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv); +int yaca_decrypt_initialize(yaca_context_h *ctx, yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, const yaca_key_h sym_key, const yaca_key_h iv); + /** - * @brief Decrypts chunk of the data. - * + * @brief Decrypts chunk of the data. * @since_tizen 3.0 - * - * @param[in,out] ctx Context created by yaca_decrypt_initialize() - * @param[in] ciphertext Ciphertext to be decrypted - * @param[in] ciphertext_len Length of the ciphertext - * @param[out] plaintext Buffer for the decrypted data - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] plaintext_len Length of the decrypted data, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in,out] ctx Context created by yaca_decrypt_initialize() + * @param[in] ciphertext Ciphertext to be decrypted + * @param[in] ciphertext_len Length of the ciphertext + * @param[out] plaintext Buffer for the decrypted data + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] plaintext_len Length of the decrypted data, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a ctx), wrong #YACA_PROPERTY_CCM_AAD or * wrong #YACA_PROPERTY_CCM_TAG was used * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_decrypt_initialize() * @see yaca_decrypt_finalize() * @see yaca_context_get_output_length() */ -int yaca_decrypt_update(yaca_context_h ctx, - const char *ciphertext, - size_t ciphertext_len, - char *plaintext, - size_t *plaintext_len); +int yaca_decrypt_update(yaca_context_h ctx, const char *ciphertext, size_t ciphertext_len, char *plaintext, size_t *plaintext_len); + /** - * @brief Decrypts the final chunk of the data. - * - * @remarks Skipping yaca_decrypt_update() and calling only yaca_decrypt_finalize() will produce a - * decryption of an empty ciphertext. - * + * @brief Decrypts the final chunk of the data. * @since_tizen 3.0 - * - * @param[in,out] ctx A valid decrypt context - * @param[out] plaintext Final piece of the decrypted data - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] plaintext_len Length of the final piece, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Skipping yaca_decrypt_update() and calling only yaca_decrypt_finalize() will produce a decryption of an empty ciphertext. + * @param[in,out] ctx A valid decrypt context + * @param[out] plaintext Final piece of the decrypted data + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] plaintext_len Length of the final piece, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx), wrong #YACA_PROPERTY_GCM_AAD or * wrong #YACA_PROPERTY_GCM_TAG was used * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_decrypt_initialize() * @see yaca_decrypt_update() * @see yaca_context_get_output_length() */ -int yaca_decrypt_finalize(yaca_context_h ctx, - char *plaintext, - size_t *plaintext_len); +int yaca_decrypt_finalize(yaca_context_h ctx, char *plaintext, size_t *plaintext_len); + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_ENCRYPT_H */ diff --git a/api/yaca/yaca_error.h b/api/yaca/yaca_error.h index c571485..d8909ec 100644 --- a/api/yaca/yaca_error.h +++ b/api/yaca/yaca_error.h @@ -16,65 +16,67 @@ * limitations under the License */ + /** - * @file yaca_error.h - * @brief Error enums and defines. + * @file yaca_error.h + * @brief Error enums and defines. */ -#ifdef CAPI_BASE_COMMON_PRESENT -#include -#else -#include -#define TIZEN_ERROR_NONE 0 -#define TIZEN_ERROR_INVALID_PARAMETER -EINVAL -#define TIZEN_ERROR_OUT_OF_MEMORY -ENOMEM -#endif #ifndef YACA_ERROR_H #define YACA_ERROR_H + +#include + + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_ENCRYPTION_MODULE * @{ */ + /* @cond Define it temporarily until this code goes into capi-base-common package */ #ifndef TIZEN_ERROR_YACA #define TIZEN_ERROR_YACA -0x01E30000 #endif /* @endcond */ + /** - * @brief Enumeration of YACA error values. - * + * @brief Enumeration for YACA error values. * @since_tizen 3.0 */ typedef enum { /** Successful */ - YACA_ERROR_NONE = TIZEN_ERROR_NONE, + YACA_ERROR_NONE = TIZEN_ERROR_NONE, /** Invalid function parameter */ - YACA_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, + YACA_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, /** Out of memory */ - YACA_ERROR_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, + YACA_ERROR_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, /** Internal error */ - YACA_ERROR_INTERNAL = TIZEN_ERROR_YACA | 0x01, + YACA_ERROR_INTERNAL = TIZEN_ERROR_YACA | 0x01, /** Data mismatch */ - YACA_ERROR_DATA_MISMATCH = TIZEN_ERROR_YACA | 0x02, + YACA_ERROR_DATA_MISMATCH = TIZEN_ERROR_YACA | 0x02, /** Invalid password */ - YACA_ERROR_INVALID_PASSWORD = TIZEN_ERROR_YACA | 0x03 + YACA_ERROR_INVALID_PASSWORD = TIZEN_ERROR_YACA | 0x03 } yaca_error_e; + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_ERROR_H */ diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h index 5c87944..f946534 100644 --- a/api/yaca/yaca_key.h +++ b/api/yaca/yaca_key.h @@ -16,115 +16,105 @@ * limitations under the License */ + /** - * @file yaca_key.h - * @brief Advanced API for the key and Initialization Vector handling. + * @file yaca_key.h + * @brief Advanced API for the key and Initialization Vector handling. */ + #ifndef YACA_KEY_H #define YACA_KEY_H + #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_KEY_MODULE * @{ */ + /** - * @brief NULL value for yaca_key_h type. - * + * @brief Definition for NULL value for yaca_key_h type. * @since_tizen 3.0 */ #define YACA_KEY_NULL ((yaca_key_h) NULL) + /** - * @brief Gets key's type. - * + * @brief Gets key's type. * @since_tizen 3.0 - * - * @param[in] key Key which type we return - * @param[out] key_type Key type - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in] key Key which type we return + * @param[out] key_type Key type + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Either of the params is NULL - * * @see #yaca_key_type_e */ int yaca_key_get_type(const yaca_key_h key, yaca_key_type_e *key_type); + /** - * @brief Gets key's length (in bits). - * + * @brief Gets key's length (in bits). * @since_tizen 3.0 - * - * @remarks The @a key can be any symmetric (including an Initialization Vector) or - * asymmetric key (including key generation parameters). - * - * @remarks For Diffie-Helmann @a key_bit_len returns prime length in bits. Values - * used to generate the key/parameters in yaca_key_generate() are not - * restored. Neither generator number nor values from #yaca_key_bit_length_dh_rfc_e. - * - * @remarks For Elliptic Curves @a key_bit_len returns values from #yaca_key_bit_length_ec_e. - * - * @param[in] key Key which length we return - * @param[out] key_bit_len Key length in bits - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a key can be any symmetric (including an Initialization Vector) or + * asymmetric key (including key generation parameters). + * @remarks For Diffie-Helmann @a key_bit_len returns prime length in bits. Values + * used to generate the key/parameters in yaca_key_generate() are not + * restored. Neither generator number nor values from #yaca_key_bit_length_dh_rfc_e. + * @remarks For Elliptic Curves @a key_bit_len returns values from #yaca_key_bit_length_ec_e. + * @param[in] key Key which length we return + * @param[out] key_bit_len Key length in bits + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Either of the params is NULL * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_bit_length_e * @see #yaca_key_bit_length_dh_rfc_e * @see #yaca_key_bit_length_ec_e */ int yaca_key_get_bit_length(const yaca_key_h key, size_t *key_bit_len); + /** - * @brief Imports a key or key generation parameters. - * + * @brief Imports a key or key generation parameters. * @since_tizen 3.0 - * - * @remarks Everywhere where either a key (of any type) or an asymmetric key is referred - * in the documentation of this function key generator parameters are also included. - * - * @remarks This function imports a key trying to match it to the @a key_type specified. - * It should autodetect both the key format and the file format. - * - * @remarks For symmetric, Initialization Vector and DES keys RAW binary format and BASE64 encoded - * binary format are supported. - * For asymmetric keys PEM and DER file formats are supported. - * - * @remarks Asymmetric keys can be in their default ASN1 structure formats (like - * PKCS#1, SSleay or PKCS#3). Private asymmetric keys can also be in - * PKCS#8 format. Additionally it is possible to import public RSA/DSA/EC - * keys from X509 certificate. - * - * @remarks If the key is encrypted the algorithm will be autodetected and password - * used. If it's not known if the key is encrypted one should pass NULL as - * password and check for the #YACA_ERROR_INVALID_PASSWORD return code. - * - * @remarks If the imported key will be detected as a format that does not support - * encryption and password was passed #YACA_ERROR_INVALID_PARAMETER will - * be returned. For a list of keys and formats that do support encryption - * see yaca_key_export() documentation. - * - * @remarks The @a key should be released using yaca_key_destroy(). - * - * @param[in] key_type Type of the key - * @param[in] password Null-terminated password for the key (can be NULL) - * @param[in] data Blob containing the key - * @param[in] data_len Size of the blob - * @param[out] key Returned key - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Everywhere where either a key (of any type) or an asymmetric key is referred + * in the documentation of this function key generator parameters are also included. + * @remarks This function imports a key trying to match it to the @a key_type specified. + * It should autodetect both the key format and the file format. + * @remarks For symmetric, Initialization Vector and DES keys RAW binary format and BASE64 encoded + * binary format are supported. + * For asymmetric keys PEM and DER file formats are supported. + * @remarks Asymmetric keys can be in their default ASN1 structure formats (like + * PKCS#1, SSleay or PKCS#3). Private asymmetric keys can also be in + * PKCS#8 format. Additionally it is possible to import public RSA/DSA/EC + * keys from X509 certificate. + * @remarks If the key is encrypted the algorithm will be autodetected and password + * used. If it's not known if the key is encrypted one should pass NULL as + * password and check for the #YACA_ERROR_INVALID_PASSWORD return code. + * @remarks If the imported key will be detected as a format that does not support + * encryption and password was passed #YACA_ERROR_INVALID_PARAMETER will + * be returned. For a list of keys and formats that do support encryption + * see yaca_key_export() documentation. + * @remarks The @a key should be released using yaca_key_destroy(). + * @param[in] key_type Type of the key + * @param[in] password Null-terminated password for the key (can be NULL) + * @param[in] data Blob containing the key + * @param[in] data_len Size of the blob + * @param[out] key Returned key + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a key_type or @a data_len too big) @@ -132,110 +122,86 @@ int yaca_key_get_bit_length(const yaca_key_h key, size_t *key_bit_len); * @retval #YACA_ERROR_INTERNAL Internal error * @retval #YACA_ERROR_INVALID_PASSWORD Invalid @a password given or @a password was required * and none was given - * * @see #yaca_key_type_e * @see yaca_key_export() * @see yaca_key_destroy() */ -int yaca_key_import(yaca_key_type_e key_type, - const char *password, - const char *data, - size_t data_len, - yaca_key_h *key); +int yaca_key_import(yaca_key_type_e key_type, const char *password, const char *data, size_t data_len, yaca_key_h *key); + /** - * @brief Exports a key or key generation parameters to arbitrary format. - * + * @brief Exports a key or key generation parameters to arbitrary format. * @since_tizen 3.0 - * - * @remarks Everywhere where either a key (of any type) or an asymmetric key is referred - * in the documentation of this function key generator parameters are also included. - * - * @remarks This function exports the key to an arbitrary key format and key file format. - * - * @remarks For key formats two values are allowed: - * - #YACA_KEY_FORMAT_DEFAULT: this is the only option possible in case of symmetric keys - * (or Initialization Vector), for asymmetric keys it will - * export to their default ASN1 structure format - * (e.g. PKCS#1, SSLeay, PKCS#3). - * - #YACA_KEY_FORMAT_PKCS8: this will only work for private asymmetric keys. - * - * @remarks The following file formats are supported: - * - #YACA_KEY_FILE_FORMAT_RAW: used only for symmetric, raw binary format - * - #YACA_KEY_FILE_FORMAT_BASE64: used only for symmetric, BASE64 encoded binary form - * - #YACA_KEY_FILE_FORMAT_PEM: used only for asymmetric, PEM file format - * - #YACA_KEY_FILE_FORMAT_DER: used only for asymmetric, DER file format - * - * @remarks Encryption is supported and optional for RSA/DSA private keys in the - * #YACA_KEY_FORMAT_DEFAULT with #YACA_KEY_FILE_FORMAT_PEM format. If no password is - * provided the exported key will be unencrypted. The encryption algorithm used - * in this case is AES-256-CBC. - * - * @remarks Encryption is obligatory for #YACA_KEY_FORMAT_PKCS8 format (for both, PEM and DER - * file formats). If no password is provided the #YACA_ERROR_INVALID_PARAMETER will - * be returned. The encryption algorithm used in this case is AES-256-CBC. The key is - * generated from password using PBKDF2 with HMAC-SHA1 function and 2048 iterations. - * - * @remarks Encryption is not supported for the symmetric, public keys and key generation - * parameters in all their supported formats. If a password is provided in such - * case the #YACA_ERROR_INVALID_PARAMETER will be returned. - * - * @param[in] key Key to be exported - * @param[in] key_fmt Format of the key - * @param[in] key_file_fmt Format of the key file - * @param[in] password Password used for the encryption (can be NULL) - * @param[out] data Data, allocated by the library, containing exported key - * (must be freed with yaca_free()) - * @param[out] data_len Size of the output data - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Everywhere where either a key (of any type) or an asymmetric key is referred + * in the documentation of this function key generator parameters are also included. + * @remarks This function exports the key to an arbitrary key format and key file format. + * @remarks For key formats two values are allowed: + * - #YACA_KEY_FORMAT_DEFAULT: this is the only option possible in case of symmetric keys + * (or Initialization Vector), for asymmetric keys it will + * export to their default ASN1 structure format + * (e.g. PKCS#1, SSLeay, PKCS#3). + * - #YACA_KEY_FORMAT_PKCS8: this will only work for private asymmetric keys. + * @remarks The following file formats are supported: + * - #YACA_KEY_FILE_FORMAT_RAW: used only for symmetric, raw binary format + * - #YACA_KEY_FILE_FORMAT_BASE64: used only for symmetric, BASE64 encoded binary form + * - #YACA_KEY_FILE_FORMAT_PEM: used only for asymmetric, PEM file format + * - #YACA_KEY_FILE_FORMAT_DER: used only for asymmetric, DER file format + * @remarks Encryption is supported and optional for RSA/DSA private keys in the + * #YACA_KEY_FORMAT_DEFAULT with #YACA_KEY_FILE_FORMAT_PEM format. If no password is + * provided the exported key will be unencrypted. The encryption algorithm used + * in this case is AES-256-CBC. + * @remarks Encryption is obligatory for #YACA_KEY_FORMAT_PKCS8 format (for both, PEM and DER + * file formats). If no password is provided the #YACA_ERROR_INVALID_PARAMETER will + * be returned. The encryption algorithm used in this case is AES-256-CBC. The key is + * generated from password using PBKDF2 with HMAC-SHA1 function and 2048 iterations. + * @remarks Encryption is not supported for the symmetric, public keys and key generation + * parameters in all their supported formats. If a password is provided in such + * case the #YACA_ERROR_INVALID_PARAMETER will be returned. + * @param[in] key Key to be exported + * @param[in] key_fmt Format of the key + * @param[in] key_file_fmt Format of the key file + * @param[in] password Password used for the encryption (can be NULL) + * @param[out] data Data, allocated by the library, containing exported key + * (must be freed with yaca_free()) + * @param[out] data_len Size of the output data + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a key_fmt, @a key_file_fmt or @a data_len too big) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_format_e * @see #yaca_key_file_format_e * @see yaca_key_import() * @see yaca_key_destroy() */ -int yaca_key_export(const yaca_key_h key, - yaca_key_format_e key_fmt, - yaca_key_file_format_e key_file_fmt, - const char *password, - char **data, - size_t *data_len); +int yaca_key_export(const yaca_key_h key, yaca_key_format_e key_fmt, yaca_key_file_format_e key_file_fmt, const char *password, char **data, size_t *data_len); + /** - * @brief Generates a secure key or key generation parameters (or an Initialization Vector). - * + * @brief Generates a secure key or key generation parameters (or an Initialization Vector). * @since_tizen 3.0 - * - * @remarks This function is used to generate symmetric keys, private asymmetric keys - * or key generation parameters for key types that support them (DSA, DH and EC). - * - * @remarks Supported key lengths: - * - RSA: length >= 512bits - * - DSA: length >= 512bits, multiple of 64 - * - DH: a value taken from #yaca_key_bit_length_dh_rfc_e or - * (YACA_KEY_LENGTH_DH_GENERATOR_* | prime_length_in_bits), - * where prime_length_in_bits can be any positive number - * - EC: a value taken from #yaca_key_bit_length_ec_e - * - * @remarks The @a key should be released using yaca_key_destroy(). - * - * @param[in] key_type Type of the key to be generated - * @param[in] key_bit_len Length of the key (in bits) to be generated - * @param[out] key Newly generated key - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks This function is used to generate symmetric keys, private asymmetric keys + * or key generation parameters for key types that support them (DSA, DH and EC). + * @remarks Supported key lengths: + * - RSA: length >= 512bits + * - DSA: length >= 512bits, multiple of 64 + * - DH: a value taken from #yaca_key_bit_length_dh_rfc_e or + * (YACA_KEY_LENGTH_DH_GENERATOR_* | prime_length_in_bits), + * where prime_length_in_bits can be any positive number + * - EC: a value taken from #yaca_key_bit_length_ec_e + * @remarks The @a key should be released using yaca_key_destroy(). + * @param[in] key_type Type of the key to be generated + * @param[in] key_bit_len Length of the key (in bits) to be generated + * @param[out] key Newly generated key + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER @a key is NULL, incorrect @a key_type or * @a key_bit_len is not dividable by 8 * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_key_bit_length_e * @see #yaca_key_bit_length_dh_rfc_e @@ -244,73 +210,61 @@ int yaca_key_export(const yaca_key_h key, * @see #yaca_key_bit_length_ec_e * @see yaca_key_destroy() */ -int yaca_key_generate(yaca_key_type_e key_type, - size_t key_bit_len, - yaca_key_h *key); +int yaca_key_generate(yaca_key_type_e key_type, size_t key_bit_len, yaca_key_h *key); + /** - * @brief Generates a secure private asymmetric key from parameters. - * + * @brief Generates a secure private asymmetric key from parameters. * @since_tizen 3.0 - * - * @remarks This function is used to generate private asymmetric keys - * based on pre-generated parameters. - * - * @remarks The @a key should be released using yaca_key_destroy(). - * - * @param[in] params Pre-generated parameters - * @param[out] prv_key Newly generated private key - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks This function is used to generate private asymmetric keys + * based on pre-generated parameters. + * @remarks The @a key should be released using yaca_key_destroy(). + * @param[in] params Pre-generated parameters + * @param[out] prv_key Newly generated private key + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER @a prv_key is NULL or incorrect @a params * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_key_destroy() * @see yaca_key_generate() * @see yaca_key_extract_parameters() */ int yaca_key_generate_from_parameters(const yaca_key_h params, yaca_key_h *prv_key); + /** - * @brief Extracts public key from a private one. - * + * @brief Extracts public key from a private one. * @since_tizen 3.0 - * - * @remarks The @a pub_key should be released using yaca_key_destroy(). - * - * @param[in] prv_key Private key to extract the public one from - * @param[out] pub_key Extracted public key - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a pub_key should be released using yaca_key_destroy(). + * @param[in] prv_key Private key to extract the public one from + * @param[out] pub_key Extracted public key + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER @a prv_key is of invalid type or @a pub_key is NULL * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_key_generate() * @see yaca_key_import() * @see yaca_key_destroy() */ int yaca_key_extract_public(const yaca_key_h prv_key, yaca_key_h *pub_key); + /** - * @brief Extracts parameters from a private or a public key. - * + * @brief Extracts parameters from a private or a public key. * @since_tizen 3.0 - * - * @remarks The @a params should be released using yaca_key_destroy(). - * - * @param[in] key A key to extract the parameters from - * @param[out] params Extracted parameters - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a params should be released using yaca_key_destroy(). + * @param[in] key A key to extract the parameters from + * @param[out] params Extracted parameters + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER @a key is of invalid type or @a params is NULL * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_key_generate() * @see yaca_key_generate_from_parameters() * @see yaca_key_import() @@ -318,134 +272,107 @@ int yaca_key_extract_public(const yaca_key_h prv_key, yaca_key_h *pub_key); */ int yaca_key_extract_parameters(const yaca_key_h key, yaca_key_h *params); + /** - * @brief Derives a shared secret using Diffie-Helmann or EC Diffie-Helmann key exchange protocol. - * + * @brief Derives a shared secret using Diffie-Helmann or EC Diffie-Helmann key exchange protocol. * @since_tizen 3.0 - * - * @remarks The @a secret should not be used as a symmetric key, - * to produce a symmetric key pass the secret to a key derivation function (KDF) - * or a message digest function. - * - * @remarks The @a secret should be freed with yaca_free(). - * - * @param[in] prv_key Our private key - * @param[in] pub_key Peer public key - * @param[out] secret Generated shared secret - * @param[out] secret_len Size of the shared secret - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a secret should not be used as a symmetric key, + * to produce a symmetric key pass the secret to a key derivation function (KDF) + * or a message digest function. + * @remarks The @a secret should be freed with yaca_free(). + * @param[in] prv_key Our private key + * @param[in] pub_key Peer public key + * @param[out] secret Generated shared secret + * @param[out] secret_len Size of the shared secret + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values * (invalid @a prv_key or @a pub_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_key_derive_kdf() * @see yaca_simple_calculate_digest() * @see yaca_free() */ -int yaca_key_derive_dh(const yaca_key_h prv_key, - const yaca_key_h pub_key, - char **secret, - size_t *secret_len); +int yaca_key_derive_dh(const yaca_key_h prv_key, const yaca_key_h pub_key, char **secret, size_t *secret_len); + /** - * @brief Derives a key material from shared secret. - * + * @brief Derives a key material from shared secret. * @since_tizen 3.0 - * - * @remarks The @a info parameter is ANSI X9.42 OtherInfo or ANSI X9.62 SharedInfo structure, - * more information can be found in ANSI X9.42/62 standard specification. - * - * @remarks The @a key_material or separate parts of it can be used to import a symmetric key - * with yaca_key_import(). - * - * @remarks The @a key_material should be freed using yaca_free(). - * - * @param[in] kdf Key derivation function - * @param[in] algo Digest algorithm that should be used in key derivation - * @param[in] secret Shared secret - * @param[in] secret_len Size of the shared secret - * @param[in] info Optional additional info, use NULL if not appending extra info - * @param[in] info_len Length of additional info, use 0 if not using additional info - * @param[in] key_material_len Length of a key material to be generated - * @param[out] key_material Newly generated key material - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a info parameter is ANSI X9.42 OtherInfo or ANSI X9.62 SharedInfo structure, + * more information can be found in ANSI X9.42/62 standard specification. + * @remarks The @a key_material or separate parts of it can be used to import a symmetric key + * with yaca_key_import(). + * @remarks The @a key_material should be freed using yaca_free(). + * @param[in] kdf Key derivation function + * @param[in] algo Digest algorithm that should be used in key derivation + * @param[in] secret Shared secret + * @param[in] secret_len Size of the shared secret + * @param[in] info Optional additional info, use NULL if not appending extra info + * @param[in] info_len Length of additional info, use 0 if not using additional info + * @param[in] key_material_len Length of a key material to be generated + * @param[out] key_material Newly generated key material + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a algo or @a kdf) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_kdf_e * @see #yaca_digest_algorithm_e * @see yaca_key_derive_dh() * @see yaca_key_import() * @see yaca_free() */ -int yaca_key_derive_kdf(yaca_kdf_e kdf, - yaca_digest_algorithm_e algo, - const char *secret, - size_t secret_len, - const char *info, - size_t info_len, - size_t key_material_len, - char **key_material); +int yaca_key_derive_kdf(yaca_kdf_e kdf, yaca_digest_algorithm_e algo, const char *secret, size_t secret_len, const char *info, size_t info_len, size_t key_material_len, char **key_material); + /** - * @brief Derives a key from user password (PKCS #5 a.k.a. pbkdf2 algorithm). - * + * @brief Derives a key from user password (PKCS #5 a.k.a. pbkdf2 algorithm). * @since_tizen 3.0 - * - * @remarks The @a key should be released using yaca_key_destroy(). - * - * @param[in] password User password as a null-terminated string - * @param[in] salt Salt, should be a non-empty string - * @param[in] salt_len Length of the salt - * @param[in] iterations Number of iterations - * @param[in] algo Digest algorithm that should be used in key generation - * @param[in] key_bit_len Length of a key (in bits) to be generated - * @param[out] key Newly generated key - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a key should be released using yaca_key_destroy(). + * @param[in] password User password as a null-terminated string + * @param[in] salt Salt, should be a non-empty string + * @param[in] salt_len Length of the salt + * @param[in] iterations Number of iterations + * @param[in] algo Digest algorithm that should be used in key generation + * @param[in] key_bit_len Length of a key (in bits) to be generated + * @param[out] key Newly generated key + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a algo or @a key_bit_len not dividable by 8) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_digest_algorithm_e * @see yaca_key_destroy() */ -int yaca_key_derive_pbkdf2(const char *password, - const char *salt, - size_t salt_len, - size_t iterations, - yaca_digest_algorithm_e algo, - size_t key_bit_len, - yaca_key_h *key); +int yaca_key_derive_pbkdf2(const char *password, const char *salt, size_t salt_len, size_t iterations, yaca_digest_algorithm_e algo, size_t key_bit_len, yaca_key_h *key); + /** - * @brief Release the key created by the library. Passing YACA_KEY_NULL is allowed. - * + * @brief Releases the key created by the library. Passing YACA_KEY_NULL is allowed. * @since_tizen 3.0 - * - * @param[in,out] key Key to be released - * + * @param[in,out] key Key to be released * @see yaca_key_import() * @see yaca_key_export() * @see yaca_key_generate() */ void yaca_key_destroy(yaca_key_h key); + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_KEY_H */ diff --git a/api/yaca/yaca_rsa.h b/api/yaca/yaca_rsa.h index a57bfd7..4c226a8 100644 --- a/api/yaca/yaca_rsa.h +++ b/api/yaca/yaca_rsa.h @@ -16,182 +16,150 @@ * limitations under the License */ + /** - * @file yaca_rsa.h - * @brief Advanced API for low-level RSA operations + * @file yaca_rsa.h + * @brief Advanced API for low-level RSA operations. */ + #ifndef YACA_RSA_H #define YACA_RSA_H + #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_RSA_MODULE * @{ */ + /** - * @brief Encrypts data using a RSA public key (low-level encrypt equivalent). - * + * @brief Encrypts data using a RSA public key (low-level encrypt equivalent). * @since_tizen 3.0 - * - * @remarks The @a ciphertext should be freed using yaca_free(). - * - * @remarks The @a pub_key used has to be of a #YACA_KEY_TYPE_RSA_PUB type. - * - * @remarks The maximum length of plaintext depends on the key length and padding method. - * See #yaca_padding_e for details. - * - * @remarks The @a plaintext can be NULL but then the @a plaintext_len must be 0. - * - * @param[in] padding Padding method - * @param[in] pub_key Public RSA key (see yaca_key.h for key generation functions) - * @param[in] plaintext Plaintext to be encrypted - * @param[in] plaintext_len Length of the plaintext - * @param[out] ciphertext Encrypted data, will be allocated by the library - * @param[out] ciphertext_len Length of the encrypted data (may be larger than decrypted) - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a ciphertext should be freed using yaca_free(). + * @remarks The @a pub_key used has to be of a #YACA_KEY_TYPE_RSA_PUB type. + * @remarks The maximum length of plaintext depends on the key length and padding method. + * See #yaca_padding_e for details. + * @remarks The @a plaintext can be NULL but then the @a plaintext_len must be 0. + * @param[in] padding Padding method + * @param[in] pub_key Public RSA key (see yaca_key.h for key generation functions) + * @param[in] plaintext Plaintext to be encrypted + * @param[in] plaintext_len Length of the plaintext + * @param[out] ciphertext Encrypted data, will be allocated by the library + * @param[out] ciphertext_len Length of the encrypted data (may be larger than decrypted) + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a padding, @a pub_key or @a plaintext_len) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_padding_e * @see yaca_rsa_private_decrypt() * @see yaca_free() */ -int yaca_rsa_public_encrypt(yaca_padding_e padding, - const yaca_key_h pub_key, - const char *plaintext, - size_t plaintext_len, - char **ciphertext, - size_t *ciphertext_len); +int yaca_rsa_public_encrypt(yaca_padding_e padding, const yaca_key_h pub_key, const char *plaintext, size_t plaintext_len, char **ciphertext, size_t *ciphertext_len); + /** - * @brief Decrypts data using a RSA private key (low-level decrypt equivalent). - * + * @brief Decrypts data using a RSA private key (low-level decrypt equivalent). * @since_tizen 3.0 - * - * @remarks The @a plaintext should be freed using yaca_free(). - * - * @remarks The @a prv_key used has to be of a #YACA_KEY_TYPE_RSA_PRIV type. - * - * @param[in] padding Padding method - * @param[in] prv_key Private RSA key matching the public one used to encrypt the data - * @param[in] ciphertext Ciphertext to be decrypted - * @param[in] ciphertext_len Length of ciphertext - * @param[out] plaintext Decrypted data, will be allocated by the library - * @param[out] plaintext_len Length of the decrypted data - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a plaintext should be freed using yaca_free(). + * @remarks The @a prv_key used has to be of a #YACA_KEY_TYPE_RSA_PRIV type. + * @param[in] padding Padding method + * @param[in] prv_key Private RSA key matching the public one used to encrypt the data + * @param[in] ciphertext Ciphertext to be decrypted + * @param[in] ciphertext_len Length of ciphertext + * @param[out] plaintext Decrypted data, will be allocated by the library + * @param[out] plaintext_len Length of the decrypted data + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a padding or @a prv_key), padding check failed * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_padding_e * @see yaca_rsa_public_encrypt() * @see yaca_free() */ -int yaca_rsa_private_decrypt(yaca_padding_e padding, - const yaca_key_h prv_key, - const char *ciphertext, - size_t ciphertext_len, - char **plaintext, - size_t *plaintext_len); +int yaca_rsa_private_decrypt(yaca_padding_e padding, const yaca_key_h prv_key, const char *ciphertext, size_t ciphertext_len, char **plaintext, size_t *plaintext_len); + /** - * @brief Encrypts data using a RSA private key (low-level sign equivalent). - * + * @brief Encrypts data using a RSA private key (low-level sign equivalent). * @since_tizen 3.0 - * - * @remarks The @a ciphertext should be freed using yaca_free(). - * - * @remarks The @a prv_key used has to be of a #YACA_KEY_TYPE_RSA_PRIV type. - * - * @remarks The maximum length of plaintext depends on the key length and padding method, - * see #yaca_padding_e for details. - * - * @remarks The @a plaintext can be NULL but then the @a plaintext_len must be 0. - * - * @param[in] padding Padding method - * @param[in] prv_key Private RSA key (see yaca_key.h for key generation functions) - * @param[in] plaintext Plaintext to be encrypted - * @param[in] plaintext_len Length of the plaintext - * @param[out] ciphertext Encrypted data, will be allocated by the library - * @param[out] ciphertext_len Length of the encrypted data (may be larger than decrypted) - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a ciphertext should be freed using yaca_free(). + * @remarks The @a prv_key used has to be of a #YACA_KEY_TYPE_RSA_PRIV type. + * @remarks The maximum length of plaintext depends on the key length and padding method, + * see #yaca_padding_e for details. + * @remarks The @a plaintext can be NULL but then the @a plaintext_len must be 0. + * @param[in] padding Padding method + * @param[in] prv_key Private RSA key (see yaca_key.h for key generation functions) + * @param[in] plaintext Plaintext to be encrypted + * @param[in] plaintext_len Length of the plaintext + * @param[out] ciphertext Encrypted data, will be allocated by the library + * @param[out] ciphertext_len Length of the encrypted data (may be larger than decrypted) + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a padding, @a prv_key or @a plaintext_len) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_padding_e * @see yaca_rsa_public_decrypt() * @see yaca_free() */ -int yaca_rsa_private_encrypt(yaca_padding_e padding, - const yaca_key_h prv_key, - const char *plaintext, - size_t plaintext_len, - char **ciphertext, - size_t *ciphertext_len); +int yaca_rsa_private_encrypt(yaca_padding_e padding, const yaca_key_h prv_key, const char *plaintext, size_t plaintext_len, char **ciphertext, size_t *ciphertext_len); + /** - * @brief Decrypts data using a RSA public key (low-level verify equivalent). - * + * @brief Decrypts data using a RSA public key (low-level verify equivalent). * @since_tizen 3.0 - * - * @remarks The @a plaintext should be freed using yaca_free(). - * - * @remarks The @a pub_key used has to be of a #YACA_KEY_TYPE_RSA_PUB type. - * - * @param[in] padding Padding method - * @param[in] pub_key Public RSA key matching the private one used to encrypt the data - * @param[in] ciphertext Ciphertext to be decrypted - * @param[in] ciphertext_len Length of ciphertext - * @param[out] plaintext Decrypted data, will be allocated by the library - * @param[out] plaintext_len Length of the decrypted data - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a plaintext should be freed using yaca_free(). + * @remarks The @a pub_key used has to be of a #YACA_KEY_TYPE_RSA_PUB type. + * @param[in] padding Padding method + * @param[in] pub_key Public RSA key matching the private one used to encrypt the data + * @param[in] ciphertext Ciphertext to be decrypted + * @param[in] ciphertext_len Length of ciphertext + * @param[out] plaintext Decrypted data, will be allocated by the library + * @param[out] plaintext_len Length of the decrypted data + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a padding or @a pub_key), padding check failed * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_padding_e * @see yaca_rsa_private_encrypt() * @see yaca_free() */ -int yaca_rsa_public_decrypt(yaca_padding_e padding, - const yaca_key_h pub_key, - const char *ciphertext, - size_t ciphertext_len, - char **plaintext, - size_t *plaintext_len); +int yaca_rsa_public_decrypt(yaca_padding_e padding, const yaca_key_h pub_key, const char *ciphertext, size_t ciphertext_len, char **plaintext, size_t *plaintext_len); + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_RSA_H */ diff --git a/api/yaca/yaca_seal.h b/api/yaca/yaca_seal.h index 5db810e..1e08345 100644 --- a/api/yaca/yaca_seal.h +++ b/api/yaca/yaca_seal.h @@ -16,67 +16,62 @@ * limitations under the License */ + /** - * @file yaca_seal.h - * @brief Advanced API for the asymmetric encryption. - * - * @details Seal does more than just encrypt. It first generates the encryption key and - * Initialization Vector, then encrypts whole message using this key - * (and selected symmetric algorithm). - * Finally it encrypts symmetric key with public key. + * @file yaca_seal.h + * @brief Advanced API for the asymmetric encryption. + * @details Seal does more than just encrypt. It first generates the encryption key and + * Initialization Vector, then encrypts whole message using this key + * (and selected symmetric algorithm). + * Finally it encrypts symmetric key with public key. */ + #ifndef YACA_SEAL_H #define YACA_SEAL_H + #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_ENCRYPTION_MODULE * @{ */ + /** - * @brief Initializes an asymmetric encryption context and generates - * symmetric key and Initialization Vector. - * - * @remarks Generated symmetric key is encrypted with public key, - * so can be only used with yaca_open_initialize(). It can be exported, - * but after import it can be only used with yaca_open_initialize() as well. - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @remarks The @a pub_key must be #YACA_KEY_TYPE_RSA_PUB. - * - * @remarks The @a sym_key_bit_len must be at least 88 bits shorter than the @a pub_key bit length. - * - * @remarks The @a sym_key should be released using yaca_key_destroy(). - * - * @remarks The @a iv should be released using yaca_key_destroy(). - * + * @brief Initializes an asymmetric encryption context and generates symmetric key and Initialization Vector. * @since_tizen 3.0 - * - * @param[out] ctx Newly created context - * @param[in] pub_key Public key of the peer that will receive the encrypted data - * @param[in] algo Symmetric algorithm that will be used - * @param[in] bcm Block chaining mode for the symmetric algorithm - * @param[in] sym_key_bit_len Symmetric key length (in bits) that will be generated - * @param[out] sym_key Generated symmetric key that will be used, - * it is encrypted with peer's public key - * @param[out] iv Generated Initialization Vector that will be used - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Generated symmetric key is encrypted with public key, + * so can be only used with yaca_open_initialize(). It can be exported, + * but after import it can be only used with yaca_open_initialize() as well. + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @remarks The @a pub_key must be #YACA_KEY_TYPE_RSA_PUB. + * @remarks The @a sym_key_bit_len must be at least 88 bits shorter than the @a pub_key bit length. + * @remarks The @a sym_key should be released using yaca_key_destroy(). + * @remarks The @a iv should be released using yaca_key_destroy(). + * @param[out] ctx Newly created context + * @param[in] pub_key Public key of the peer that will receive the encrypted data + * @param[in] algo Symmetric algorithm that will be used + * @param[in] bcm Block chaining mode for the symmetric algorithm + * @param[in] sym_key_bit_len Symmetric key length (in bits) that will be generated + * @param[out] sym_key Generated symmetric key that will be used, + * it is encrypted with peer's public key + * @param[out] iv Generated Initialization Vector that will be used + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo, @a bcm, @a sym_key_bit_len or @a pub_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_encrypt_algorithm_e * @see #yaca_block_cipher_mode_e * @see #yaca_key_bit_length_e @@ -86,97 +81,77 @@ extern "C" { * @see yaca_key_destroy() * @see yaca_context_destroy() */ -int yaca_seal_initialize(yaca_context_h *ctx, - const yaca_key_h pub_key, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t sym_key_bit_len, - yaca_key_h *sym_key, - yaca_key_h *iv); +int yaca_seal_initialize(yaca_context_h *ctx, const yaca_key_h pub_key, yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, size_t sym_key_bit_len, + yaca_key_h *sym_key, yaca_key_h *iv); + /** - * @brief Encrypts piece of the data. - * + * @brief Encrypts piece of the data. * @since_tizen 3.0 - * - * @param[in,out] ctx Context created by yaca_seal_initialize() - * @param[in] plaintext Plaintext to be encrypted - * @param[in] plaintext_len Length of the plaintext - * @param[out] ciphertext Buffer for the encrypted data - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] ciphertext_len Length of the encrypted data, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in,out] ctx Context created by yaca_seal_initialize() + * @param[in] plaintext Plaintext to be encrypted + * @param[in] plaintext_len Length of the plaintext + * @param[out] ciphertext Buffer for the encrypted data + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] ciphertext_len Length of the encrypted data, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_seal_initialize() * @see yaca_seal_finalize() * @see yaca_context_get_output_length() */ -int yaca_seal_update(yaca_context_h ctx, - const char *plaintext, - size_t plaintext_len, - char *ciphertext, - size_t *ciphertext_len); +int yaca_seal_update(yaca_context_h ctx, const char *plaintext, size_t plaintext_len, char *ciphertext, size_t *ciphertext_len); + /** - * @brief Encrypts the final piece of the data. - * - * @remarks Skipping yaca_seal_update() and calling only yaca_seal_finalize() will produce an - * encryption of an empty message. - * + * @brief Encrypts the final piece of the data. * @since_tizen 3.0 - * - * @param[in,out] ctx A valid seal context - * @param[out] ciphertext Final piece of the encrypted data - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] ciphertext_len Length of the final piece, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Skipping yaca_seal_update() and calling only yaca_seal_finalize() will produce an + * encryption of an empty message. + * @param[in,out] ctx A valid seal context + * @param[out] ciphertext Final piece of the encrypted data + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] ciphertext_len Length of the final piece, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_seal_initialize() * @see yaca_seal_update() * @see yaca_context_get_output_length() */ -int yaca_seal_finalize(yaca_context_h ctx, - char *ciphertext, - size_t *ciphertext_len); +int yaca_seal_finalize(yaca_context_h ctx, char *ciphertext, size_t *ciphertext_len); + /** - * @brief Initializes an asymmetric decryption context. - * + * @brief Initializes an asymmetric decryption context. * @since_tizen 3.0 - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @remarks The @a prv_key must be #YACA_KEY_TYPE_RSA_PRIV. - * - * @param[out] ctx Newly created context - * @param[in] prv_key Private key, part of the pair that was used for the encryption - * @param[in] algo Symmetric algorithm that was used for the encryption - * @param[in] bcm Block chaining mode for the symmetric algorithm - * @param[in] sym_key_bit_len Symmetric key length (in bits) that was used for the encryption - * @param[in] sym_key Symmetric key, encrypted with the public key, - * that was used to encrypt the data - * @param[in] iv Initialization Vector that was used for the encryption - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @remarks The @a prv_key must be #YACA_KEY_TYPE_RSA_PRIV. + * @param[out] ctx Newly created context + * @param[in] prv_key Private key, part of the pair that was used for the encryption + * @param[in] algo Symmetric algorithm that was used for the encryption + * @param[in] bcm Block chaining mode for the symmetric algorithm + * @param[in] sym_key_bit_len Symmetric key length (in bits) that was used for the encryption + * @param[in] sym_key Symmetric key, encrypted with the public key, + * that was used to encrypt the data + * @param[in] iv Initialization Vector that was used for the encryption + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, invalid * @a algo, @a bcm, @a sym_key_bit_len, @a prv_key, * @a sym_key or @a iv) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_encrypt_algorithm_e * @see #yaca_block_cipher_mode_e * @see #yaca_key_bit_length_e @@ -184,79 +159,66 @@ int yaca_seal_finalize(yaca_context_h ctx, * @see yaca_open_finalize() * @see yaca_context_destroy() */ -int yaca_open_initialize(yaca_context_h *ctx, - const yaca_key_h prv_key, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t sym_key_bit_len, - const yaca_key_h sym_key, - const yaca_key_h iv); +int yaca_open_initialize(yaca_context_h *ctx, const yaca_key_h prv_key, yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, size_t sym_key_bit_len, + const yaca_key_h sym_key, const yaca_key_h iv); + /** - * @brief Decrypts piece of the data. - * + * @brief Decrypts piece of the data. * @since_tizen 3.0 - * - * @param[in,out] ctx Context created by yaca_open_initialize() - * @param[in] ciphertext Ciphertext to be decrypted - * @param[in] ciphertext_len Length of the ciphertext - * @param[out] plaintext Buffer for the decrypted data - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] plaintext_len Length of the decrypted data, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in,out] ctx Context created by yaca_open_initialize() + * @param[in] ciphertext Ciphertext to be decrypted + * @param[in] ciphertext_len Length of the ciphertext + * @param[out] plaintext Buffer for the decrypted data + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] plaintext_len Length of the decrypted data, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a ctx), wrong #YACA_PROPERTY_CCM_AAD or * wrong #YACA_PROPERTY_CCM_TAG was used * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_open_initialize() * @see yaca_open_finalize() * @see yaca_context_get_output_length() */ -int yaca_open_update(yaca_context_h ctx, - const char *ciphertext, - size_t ciphertext_len, - char *plaintext, - size_t *plaintext_len); +int yaca_open_update(yaca_context_h ctx, const char *ciphertext, size_t ciphertext_len, char *plaintext, size_t *plaintext_len); + /** - * @brief Decrypts last chunk of sealed message. - * - * @remarks Skipping yaca_open_update() and calling only yaca_open_finalize() will produce a - * decryption of an empty ciphertext. - * + * @brief Decrypts last chunk of sealed message. * @since_tizen 3.0 - * - * @param[in,out] ctx A valid open context - * @param[out] plaintext Final piece of the decrypted data - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] plaintext_len Length of the final piece, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Skipping yaca_open_update() and calling only yaca_open_finalize() will produce a + * decryption of an empty ciphertext. + * @param[in,out] ctx A valid open context + * @param[out] plaintext Final piece of the decrypted data + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] plaintext_len Length of the final piece, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx), wrong #YACA_PROPERTY_GCM_AAD or * wrong #YACA_PROPERTY_GCM_TAG was used * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_open_initialize() * @see yaca_open_update() * @see yaca_context_get_output_length() */ -int yaca_open_finalize(yaca_context_h ctx, - char *plaintext, - size_t *plaintext_len); +int yaca_open_finalize(yaca_context_h ctx, char *plaintext, size_t *plaintext_len); + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_SEAL_H */ diff --git a/api/yaca/yaca_sign.h b/api/yaca/yaca_sign.h index 0fcbec3..3ac545e 100644 --- a/api/yaca/yaca_sign.h +++ b/api/yaca/yaca_sign.h @@ -16,61 +16,58 @@ * limitations under the License */ + /** - * @file yaca_sign.h - * @brief Advanced API for the integrity handling - HMAC, CMAC and digital signature. + * @file yaca_sign.h + * @brief Advanced API for the integrity handling - HMAC, CMAC and digital signature. */ + #ifndef YACA_SIGN_H #define YACA_SIGN_H + #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_INTEGRITY_MODULE * @{ */ + /** - * @brief Initializes a signature context for asymmetric signatures. - * + * @brief Initializes a signature context for asymmetric signatures. * @since_tizen 3.0 - * - * @remarks For verification use yaca_verify_initialize(), yaca_verify_update() and - * yaca_verify_finalize() functions with matching public key. - * - * @remarks For RSA operations the default padding used is #YACA_PADDING_PKCS1. It can be - * changed using yaca_context_set_property() with #YACA_PROPERTY_PADDING. - * - * @remarks For #YACA_DIGEST_SHA384 and #YACA_DIGEST_SHA512 the RSA key size must be bigger than - * #YACA_KEY_LENGTH_512BIT. - * - * @remarks Using of #YACA_DIGEST_MD5 algorithm for DSA and ECDSA operations is prohibited. - * - * @remarks Using of #YACA_DIGEST_MD5 or #YACA_DIGEST_SHA224 with #YACA_PADDING_X931 is prohibited. - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @param[out] ctx Newly created context - * @param[in] algo Digest algorithm that will be used - * @param[in] prv_key Private key that will be used, algorithm is deduced based - * on key type, supported key types: - * - #YACA_KEY_TYPE_RSA_PRIV, - * - #YACA_KEY_TYPE_DSA_PRIV, - * - #YACA_KEY_TYPE_EC_PRIV - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks For verification use yaca_verify_initialize(), yaca_verify_update() and + * yaca_verify_finalize() functions with matching public key. + * @remarks For RSA operations the default padding used is #YACA_PADDING_PKCS1. It can be + * changed using yaca_context_set_property() with #YACA_PROPERTY_PADDING. + * @remarks For #YACA_DIGEST_SHA384 and #YACA_DIGEST_SHA512 the RSA key size must be bigger than + * #YACA_KEY_LENGTH_512BIT. + * @remarks Using of #YACA_DIGEST_MD5 algorithm for DSA and ECDSA operations is prohibited. + * @remarks Using of #YACA_DIGEST_MD5 or #YACA_DIGEST_SHA224 with #YACA_PADDING_X931 is prohibited. + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @param[out] ctx Newly created context + * @param[in] algo Digest algorithm that will be used + * @param[in] prv_key Private key that will be used, algorithm is deduced based + * on key type, supported key types: + * - #YACA_KEY_TYPE_RSA_PRIV, + * - #YACA_KEY_TYPE_DSA_PRIV, + * - #YACA_KEY_TYPE_EC_PRIV + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo or @a prv_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_digest_algorithm_e * @see #yaca_padding_e @@ -82,33 +79,26 @@ extern "C" { * @see yaca_verify_finalize() * @see yaca_context_destroy() */ -int yaca_sign_initialize(yaca_context_h *ctx, - yaca_digest_algorithm_e algo, - const yaca_key_h prv_key); +int yaca_sign_initialize(yaca_context_h *ctx, yaca_digest_algorithm_e algo, const yaca_key_h prv_key); + /** - * @brief Initializes a signature context for HMAC. - * + * @brief Initializes a signature context for HMAC. * @since_tizen 3.0 - * - * @remarks For verification, calculate message HMAC and compare with received MAC using - * yaca_memcmp(). - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @param[out] ctx Newly created context - * @param[in] algo Digest algorithm that will be used - * @param[in] sym_key Symmetric key that will be used, supported key types: - * - #YACA_KEY_TYPE_SYMMETRIC, - * - #YACA_KEY_TYPE_DES - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks For verification, calculate message HMAC and compare with received MAC using yaca_memcmp(). + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @param[out] ctx Newly created context + * @param[in] algo Digest algorithm that will be used + * @param[in] sym_key Symmetric key that will be used, supported key types: + * - #YACA_KEY_TYPE_SYMMETRIC, + * - #YACA_KEY_TYPE_DES + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo or @a sym_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_digest_algorithm_e * @see yaca_sign_update() @@ -116,33 +106,26 @@ int yaca_sign_initialize(yaca_context_h *ctx, * @see yaca_memcmp() * @see yaca_context_destroy() */ -int yaca_sign_initialize_hmac(yaca_context_h *ctx, - yaca_digest_algorithm_e algo, - const yaca_key_h sym_key); +int yaca_sign_initialize_hmac(yaca_context_h *ctx, yaca_digest_algorithm_e algo, const yaca_key_h sym_key); + /** - * @brief Initializes a signature context for CMAC. - * + * @brief Initializes a signature context for CMAC. * @since_tizen 3.0 - * - * @remarks For verification, calculate message CMAC and compare with received MAC using - * yaca_memcmp(). - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @param[out] ctx Newly created context - * @param[in] algo Encryption algorithm that will be used - * @param[in] sym_key Symmetric key that will be used, supported key types: - * - #YACA_KEY_TYPE_SYMMETRIC, - * - #YACA_KEY_TYPE_DES - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks For verification, calculate message CMAC and compare with received MAC using yaca_memcmp(). + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @param[out] ctx Newly created context + * @param[in] algo Encryption algorithm that will be used + * @param[in] sym_key Symmetric key that will be used, supported key types: + * - #YACA_KEY_TYPE_SYMMETRIC, + * - #YACA_KEY_TYPE_DES + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo or @a sym_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_encrypt_algorithm_e * @see yaca_sign_update() @@ -150,91 +133,76 @@ int yaca_sign_initialize_hmac(yaca_context_h *ctx, * @see yaca_memcmp() * @see yaca_context_destroy() */ -int yaca_sign_initialize_cmac(yaca_context_h *ctx, - yaca_encrypt_algorithm_e algo, - const yaca_key_h sym_key); +int yaca_sign_initialize_cmac(yaca_context_h *ctx, yaca_encrypt_algorithm_e algo, const yaca_key_h sym_key); + /** - * @brief Feeds the message into the digital signature or MAC algorithm. - * + * @brief Feeds the message into the digital signature or MAC algorithm. * @since_tizen 3.0 - * - * @param[in,out] ctx Context created by yaca_sign_initialize(), - * yaca_sign_initialize_hmac() or yaca_sign_initialize_cmac() - * @param[in] message Message to be signed - * @param[in] message_len Length of the message - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in,out] ctx Context created by yaca_sign_initialize(), + * yaca_sign_initialize_hmac() or yaca_sign_initialize_cmac() + * @param[in] message Message to be signed + * @param[in] message_len Length of the message + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_sign_initialize() * @see yaca_sign_finalize() * @see yaca_sign_initialize_hmac() * @see yaca_sign_initialize_cmac() */ -int yaca_sign_update(yaca_context_h ctx, - const char *message, - size_t message_len); +int yaca_sign_update(yaca_context_h ctx, const char *message, size_t message_len); + /** - * @brief Calculates the final signature or MAC. - * + * @brief Calculates the final signature or MAC. * @since_tizen 3.0 - * - * @remarks Skipping yaca_sign_update() and calling only yaca_sign_finalize() will produce a - * signature or MAC of an empty message. - * - * @param[in,out] ctx A valid sign context - * @param[out] signature Buffer for the MAC or the message signature - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] signature_len Length of the MAC or the signature, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Skipping yaca_sign_update() and calling only yaca_sign_finalize() will produce a + * signature or MAC of an empty message. + * @param[in,out] ctx A valid sign context + * @param[out] signature Buffer for the MAC or the message signature + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] signature_len Length of the MAC or the signature, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_sign_initialize() * @see yaca_sign_update() * @see yaca_sign_initialize_hmac() * @see yaca_sign_initialize_cmac() * @see yaca_context_get_output_length() */ -int yaca_sign_finalize(yaca_context_h ctx, - char *signature, - size_t *signature_len); +int yaca_sign_finalize(yaca_context_h ctx, char *signature, size_t *signature_len); + /** - * @brief Initializes a signature verification context for asymmetric signatures. - * + * @brief Initializes a signature verification context for asymmetric signatures. * @since_tizen 3.0 - * - * @remarks For RSA operations the default padding used is #YACA_PADDING_PKCS1. It can be - * changed using yaca_context_set_property() with #YACA_PROPERTY_PADDING. - * For verify to succeed it has to be set to the same value it was signed with. - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @param[out] ctx Newly created context - * @param[in] algo Digest algorithm that will be used - * @param[in] pub_key Public key that will be used, algorithm is deduced based on - * key type, supported key types: - * - #YACA_KEY_TYPE_RSA_PUB, - * - #YACA_KEY_TYPE_DSA_PUB, - * - #YACA_KEY_TYPE_EC_PUB - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks For RSA operations the default padding used is #YACA_PADDING_PKCS1. It can be + * changed using yaca_context_set_property() with #YACA_PROPERTY_PADDING. + * For verify to succeed it has to be set to the same value it was signed with. + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @param[out] ctx Newly created context + * @param[in] algo Digest algorithm that will be used + * @param[in] pub_key Public key that will be used, algorithm is deduced based on + * key type, supported key types: + * - #YACA_KEY_TYPE_RSA_PUB, + * - #YACA_KEY_TYPE_DSA_PUB, + * - #YACA_KEY_TYPE_EC_PUB + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo or @a pub_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_digest_algorithm_e * @see #yaca_padding_e @@ -243,65 +211,57 @@ int yaca_sign_finalize(yaca_context_h ctx, * @see yaca_verify_finalize() * @see yaca_context_destroy() */ -int yaca_verify_initialize(yaca_context_h *ctx, - yaca_digest_algorithm_e algo, - const yaca_key_h pub_key); +int yaca_verify_initialize(yaca_context_h *ctx, yaca_digest_algorithm_e algo, const yaca_key_h pub_key); + /** - * @brief Feeds the message into the digital signature verification algorithm. - * + * @brief Feeds the message into the digital signature verification algorithm. * @since_tizen 3.0 - * - * @param[in,out] ctx Context created by yaca_verify_initialize() - * @param[in] message Message - * @param[in] message_len Length of the message - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in,out] ctx Context created by yaca_verify_initialize() + * @param[in] message Message + * @param[in] message_len Length of the message + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_verify_initialize() * @see yaca_verify_finalize() */ -int yaca_verify_update(yaca_context_h ctx, - const char *message, - size_t message_len); +int yaca_verify_update(yaca_context_h ctx, const char *message, size_t message_len); + /** - * @brief Performs the verification. - * + * @brief Performs the verification. * @since_tizen 3.0 - * - * @remarks Skipping yaca_verify_update() and calling only yaca_verify_finalize() will verify - * the signature of an empty message. - * - * @param[in,out] ctx A valid verify context - * @param[in] signature Message signature to be verified - * @param[in] signature_len Length of the signature - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Skipping yaca_verify_update() and calling only yaca_verify_finalize() will verify + * the signature of an empty message. + * @param[in,out] ctx A valid verify context + * @param[in] signature Message signature to be verified + * @param[in] signature_len Length of the signature + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error * @retval #YACA_ERROR_DATA_MISMATCH The verification failed - * * @see yaca_verify_initialize() * @see yaca_verify_update() * @see yaca_sign_finalize() */ -int yaca_verify_finalize(yaca_context_h ctx, - const char *signature, - size_t signature_len); +int yaca_verify_finalize(yaca_context_h ctx, const char *signature, size_t signature_len); + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_SIGN_H */ diff --git a/api/yaca/yaca_simple.h b/api/yaca/yaca_simple.h index 97a9826..7328c7c 100644 --- a/api/yaca/yaca_simple.h +++ b/api/yaca/yaca_simple.h @@ -16,317 +16,253 @@ * limitations under the License */ + /** - * @file yaca_simple.h - * @brief Simple API. - * - * @details This is simple API. - * Design constraints: - * - All operations are single-shot (no streaming possible) - * - Context is not used - * - Only digest, signatures and symmetric ciphers are supported - * - Disabling PKCS#7 padding for ECB and CBC chaining is not supported - * - Changing the default PKCS#1 padding for sign/verify is not supported - * - GCM and CCM chaining is not supported - * - RC2 effective key bits property is not supported - * - All outputs are allocated by the library + * @file yaca_simple.h + * @brief Simple API. + * @details This is simple API. + * Design constraints: + * - All operations are single-shot (no streaming possible) + * - Context is not used + * - Only digest, signatures and symmetric ciphers are supported + * - Disabling PKCS#7 padding for ECB and CBC chaining is not supported + * - Changing the default PKCS#1 padding for sign/verify is not supported + * - GCM and CCM chaining is not supported + * - RC2 effective key bits property is not supported + * - All outputs are allocated by the library */ + #ifndef YACA_SIMPLE_H #define YACA_SIMPLE_H + #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_SIMPLE_MODULE * @{ */ + /** - * @brief Encrypts data using a symmetric cipher. - * + * @brief Encrypts data using a symmetric cipher. * @since_tizen 3.0 - * - * @remarks yaca_simple_encrypt() doesn't support #YACA_BCM_GCM and #YACA_BCM_CCM. - * - * @remarks The @a ciphertext should be freed using yaca_free(). - * - * @remarks The @a plaintext can be NULL but then @a plaintext_len must be 0. - * - * @param[in] algo Encryption algorithm (select #YACA_ENCRYPT_AES if unsure) - * @param[in] bcm Chaining mode (select #YACA_BCM_CBC if unsure) - * @param[in] sym_key Symmetric encryption key (see yaca_key.h for key generation functions) - * @param[in] iv Initialization Vector - * @param[in] plaintext Plaintext to be encrypted - * @param[in] plaintext_len Length of the plaintext - * @param[out] ciphertext Encrypted data, will be allocated by the library - * @param[out] ciphertext_len Length of the encrypted data (may be larger than decrypted) - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks yaca_simple_encrypt() doesn't support #YACA_BCM_GCM and #YACA_BCM_CCM. + * @remarks The @a ciphertext should be freed using yaca_free(). + * @remarks The @a plaintext can be NULL but then @a plaintext_len must be 0. + * @param[in] algo Encryption algorithm (select #YACA_ENCRYPT_AES if unsure) + * @param[in] bcm Chaining mode (select #YACA_BCM_CBC if unsure) + * @param[in] sym_key Symmetric encryption key (see yaca_key.h for key generation functions) + * @param[in] iv Initialization Vector + * @param[in] plaintext Plaintext to be encrypted + * @param[in] plaintext_len Length of the plaintext + * @param[out] ciphertext Encrypted data, will be allocated by the library + * @param[out] ciphertext_len Length of the encrypted data (may be larger than decrypted) + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a algo, @a bcm, @a sym_key or @a iv) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_encrypt_algorithm_e * @see #yaca_block_cipher_mode_e * @see yaca_simple_decrypt() * @see yaca_free() */ -int yaca_simple_encrypt(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv, - const char *plaintext, - size_t plaintext_len, - char **ciphertext, - size_t *ciphertext_len); +int yaca_simple_encrypt(yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, const yaca_key_h sym_key, const yaca_key_h iv, const char *plaintext, + size_t plaintext_len, char **ciphertext, size_t *ciphertext_len); + /** - * @brief Decrypts data using a symmetric cipher. - * + * @brief Decrypts data using a symmetric cipher. * @since_tizen 3.0 - * - * @remarks yaca_simple_decrypt() doesn't support #YACA_BCM_GCM and #YACA_BCM_CCM. - * - * @remarks The @a plaintext should be freed using yaca_free(). - * - * @remarks The @a ciphertext can be NULL but then @a ciphertext_len must be 0. - * - * @param[in] algo Decryption algorithm that was used to encrypt the data - * @param[in] bcm Chaining mode that was used to encrypt the data - * @param[in] sym_key Symmetric encryption key that was used to encrypt the data - * @param[in] iv Initialization Vector that was used to encrypt the data - * @param[in] ciphertext Ciphertext to be decrypted - * @param[in] ciphertext_len Length of ciphertext - * @param[out] plaintext Decrypted data, will be allocated by the library - * @param[out] plaintext_len Length of the decrypted data - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks yaca_simple_decrypt() doesn't support #YACA_BCM_GCM and #YACA_BCM_CCM. + * @remarks The @a plaintext should be freed using yaca_free(). + * @remarks The @a ciphertext can be NULL but then @a ciphertext_len must be 0. + * @param[in] algo Decryption algorithm that was used to encrypt the data + * @param[in] bcm Chaining mode that was used to encrypt the data + * @param[in] sym_key Symmetric encryption key that was used to encrypt the data + * @param[in] iv Initialization Vector that was used to encrypt the data + * @param[in] ciphertext Ciphertext to be decrypted + * @param[in] ciphertext_len Length of ciphertext + * @param[out] plaintext Decrypted data, will be allocated by the library + * @param[out] plaintext_len Length of the decrypted data + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a algo, @a bcm, @a sym_key or @a iv) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_encrypt_algorithm_e * @see #yaca_block_cipher_mode_e * @see yaca_simple_encrypt() * @see yaca_free() */ -int yaca_simple_decrypt(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv, - const char *ciphertext, - size_t ciphertext_len, - char **plaintext, - size_t *plaintext_len); +int yaca_simple_decrypt(yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, const yaca_key_h sym_key, const yaca_key_h iv, const char *ciphertext, + size_t ciphertext_len, char **plaintext, size_t *plaintext_len); + /** - * @brief Calculates a digest of a message. - * + * @brief Calculates a digest of a message. * @since_tizen 3.0 - * - * @remarks The @a digest should be freed using yaca_free(). - * - * @remarks The @a message can be NULL but then @a message_len must be 0. - * - * @param[in] algo Digest algorithm (select #YACA_DIGEST_SHA256 if unsure) - * @param[in] message Message from which the digest is to be calculated - * @param[in] message_len Length of the message - * @param[out] digest Message digest, will be allocated by the library - * @param[out] digest_len Length of message digest (depends on algorithm) - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a digest should be freed using yaca_free(). + * @remarks The @a message can be NULL but then @a message_len must be 0. + * @param[in] algo Digest algorithm (select #YACA_DIGEST_SHA256 if unsure) + * @param[in] message Message from which the digest is to be calculated + * @param[in] message_len Length of the message + * @param[out] digest Message digest, will be allocated by the library + * @param[out] digest_len Length of message digest (depends on algorithm) + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_digest_algorithm_e * @see yaca_free() */ -int yaca_simple_calculate_digest(yaca_digest_algorithm_e algo, - const char *message, - size_t message_len, - char **digest, - size_t *digest_len); +int yaca_simple_calculate_digest(yaca_digest_algorithm_e algo, const char *message, size_t message_len, char **digest, size_t *digest_len); + /** - * @brief Creates a signature using asymmetric private key. - * + * @brief Creates a signature using asymmetric private key. * @since_tizen 3.0 - * - * @remarks For #YACA_DIGEST_SHA384 and #YACA_DIGEST_SHA512 the RSA key size must be bigger than - * #YACA_KEY_LENGTH_512BIT. - * - * @remarks Using of #YACA_DIGEST_MD5 algorithm for DSA and ECDSA operations is prohibited. - * - * @remarks The @a signature should be freed using yaca_free(). - * - * @remarks The @a message can be NULL but then @a message_len must be 0. - * - * @param[in] algo Digest algorithm that will be used - * @param[in] prv_key Private key that will be used, algorithm is - * deduced based on key type, supported key types: - * - #YACA_KEY_TYPE_RSA_PRIV, - * - #YACA_KEY_TYPE_DSA_PRIV, - * - #YACA_KEY_TYPE_EC_PRIV - * @param[in] message Message to be signed - * @param[in] message_len Length of the message - * @param[out] signature Message signature, will be allocated by the library - * @param[out] signature_len Length of the signature - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks For #YACA_DIGEST_SHA384 and #YACA_DIGEST_SHA512 the RSA key size must be bigger than + * #YACA_KEY_LENGTH_512BIT. + * @remarks Using of #YACA_DIGEST_MD5 algorithm for DSA and ECDSA operations is prohibited. + * @remarks The @a signature should be freed using yaca_free(). + * @remarks The @a message can be NULL but then @a message_len must be 0. + * @param[in] algo Digest algorithm that will be used + * @param[in] prv_key Private key that will be used, algorithm is + * deduced based on key type, supported key types: + * - #YACA_KEY_TYPE_RSA_PRIV, + * - #YACA_KEY_TYPE_DSA_PRIV, + * - #YACA_KEY_TYPE_EC_PRIV + * @param[in] message Message to be signed + * @param[in] message_len Length of the message + * @param[out] signature Message signature, will be allocated by the library + * @param[out] signature_len Length of the signature + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a algo or @a prv_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_digest_algorithm_e * @see yaca_simple_verify_signature() * @see yaca_free() */ -int yaca_simple_calculate_signature(yaca_digest_algorithm_e algo, - const yaca_key_h prv_key, - const char *message, - size_t message_len, - char **signature, - size_t *signature_len); +int yaca_simple_calculate_signature(yaca_digest_algorithm_e algo, const yaca_key_h prv_key, const char *message, size_t message_len, char **signature, size_t *signature_len); + /** - * @brief Verifies a signature using asymmetric public key. - * + * @brief Verifies a signature using asymmetric public key. * @since_tizen 3.0 - * - * @remarks The @a message can be NULL but then @a message_len must be 0. - * - * @param[in] algo Digest algorithm that will be used - * @param[in] pub_key Public key that will be used, algorithm is - * deduced based on key type, supported key types: - * - #YACA_KEY_TYPE_RSA_PUB, - * - #YACA_KEY_TYPE_DSA_PUB, - * - #YACA_KEY_TYPE_EC_PUB - * @param[in] message Message - * @param[in] message_len Length of the message - * @param[in] signature Message signature to be verified - * @param[in] signature_len Length of the signature - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a message can be NULL but then @a message_len must be 0. + * @param[in] algo Digest algorithm that will be used + * @param[in] pub_key Public key that will be used, algorithm is + * deduced based on key type, supported key types: + * - #YACA_KEY_TYPE_RSA_PUB, + * - #YACA_KEY_TYPE_DSA_PUB, + * - #YACA_KEY_TYPE_EC_PUB + * @param[in] message Message + * @param[in] message_len Length of the message + * @param[in] signature Message signature to be verified + * @param[in] signature_len Length of the signature + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a algo or @a pub_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error * @retval #YACA_ERROR_DATA_MISMATCH The verification failed - * * @see #yaca_key_type_e * @see #yaca_digest_algorithm_e * @see yaca_simple_calculate_signature() */ -int yaca_simple_verify_signature(yaca_digest_algorithm_e algo, - const yaca_key_h pub_key, - const char *message, - size_t message_len, - const char *signature, - size_t signature_len); +int yaca_simple_verify_signature(yaca_digest_algorithm_e algo, const yaca_key_h pub_key, const char *message, size_t message_len, const char *signature, size_t signature_len); + /** - * @brief Calculates a HMAC of given message using symmetric key. - * + * @brief Calculates a HMAC of given message using symmetric key. * @since_tizen 3.0 - * - * @remarks For verification, calculate message HMAC and compare with received MAC using - * yaca_memcmp(). - * - * @remarks The @a mac should be freed using yaca_free(). - * - * @remarks The @a message can be NULL but then @a message_len must be 0. - * - * @param[in] algo Digest algorithm that will be used - * @param[in] sym_key Key that will be used, supported key types: - * - #YACA_KEY_TYPE_SYMMETRIC, - * - #YACA_KEY_TYPE_DES - * @param[in] message Message to calculate HMAC from - * @param[in] message_len Length of the message - * @param[out] mac MAC, will be allocated by the library - * @param[out] mac_len Length of the MAC - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks For verification, calculate message HMAC and compare with received MAC using yaca_memcmp(). + * @remarks The @a mac should be freed using yaca_free(). + * @remarks The @a message can be NULL but then @a message_len must be 0. + * @param[in] algo Digest algorithm that will be used + * @param[in] sym_key Key that will be used, supported key types: + * - #YACA_KEY_TYPE_SYMMETRIC, + * - #YACA_KEY_TYPE_DES + * @param[in] message Message to calculate HMAC from + * @param[in] message_len Length of the message + * @param[out] mac MAC, will be allocated by the library + * @param[out] mac_len Length of the MAC + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a algo or @a sym_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_digest_algorithm_e * @see yaca_memcmp() * @see yaca_free() */ -int yaca_simple_calculate_hmac(yaca_digest_algorithm_e algo, - const yaca_key_h sym_key, - const char *message, - size_t message_len, - char **mac, - size_t *mac_len); +int yaca_simple_calculate_hmac(yaca_digest_algorithm_e algo, const yaca_key_h sym_key, const char *message, size_t message_len, char **mac, size_t *mac_len); + /** - * @brief Calculates a CMAC of given message using symmetric key. - * + * @brief Calculates a CMAC of given message using symmetric key. * @since_tizen 3.0 - * - * @remarks For verification, calculate message CMAC and compare with received MAC using - * yaca_memcmp(). - * - * @remarks The @a mac should be freed using yaca_free(). - * - * @remarks The @a message can be NULL but then @a message_len must be 0. - * - * @param[in] algo Encryption algorithm that will be used - * @param[in] sym_key Key that will be used, supported key types: - * - #YACA_KEY_TYPE_SYMMETRIC, - * - #YACA_KEY_TYPE_DES - * @param[in] message Message to calculate CMAC from - * @param[in] message_len Length of the message - * @param[out] mac MAC, will be allocated by the library - * @param[out] mac_len Length of the MAC - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks For verification, calculate message CMAC and compare with received MAC using yaca_memcmp(). + * @remarks The @a mac should be freed using yaca_free(). + * @remarks The @a message can be NULL but then @a message_len must be 0. + * @param[in] algo Encryption algorithm that will be used + * @param[in] sym_key Key that will be used, supported key types: + * - #YACA_KEY_TYPE_SYMMETRIC, + * - #YACA_KEY_TYPE_DES + * @param[in] message Message to calculate CMAC from + * @param[in] message_len Length of the message + * @param[out] mac MAC, will be allocated by the library + * @param[out] mac_len Length of the MAC + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a algo or @a sym_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_encrypt_algorithm_e * @see yaca_memcmp() * @see yaca_free() */ -int yaca_simple_calculate_cmac(yaca_encrypt_algorithm_e algo, - const yaca_key_h sym_key, - const char *message, - size_t message_len, - char **mac, - size_t *mac_len); +int yaca_simple_calculate_cmac(yaca_encrypt_algorithm_e algo, const yaca_key_h sym_key, const char *message, size_t message_len, char **mac, size_t *mac_len); + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_SIMPLE_H */ diff --git a/api/yaca/yaca_types.h b/api/yaca/yaca_types.h index c6b1cb3..a4ae309 100644 --- a/api/yaca/yaca_types.h +++ b/api/yaca/yaca_types.h @@ -16,25 +16,29 @@ * limitations under the License */ + /** - * @file yaca_types.h - * @brief Types enums and defines. + * @file yaca_types.h + * @brief Types enums and defines. */ + #ifndef YACA_TYPES_H #define YACA_TYPES_H + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_ENCRYPTION_MODULE * @{ */ + /* The format of the unsigned int used to indicate key_bit_len is as follows: - * * Bits indicating a type: * bits 31-28 (4 bits) indicate key_length type: * 0000(0) - regular type for RSA, DSA @@ -42,10 +46,8 @@ extern "C" { * 0010(2) - DH with RFC 5114 * 0011(3) - elliptic curve * remaining combinations reserved - * * Bits for a regular type: * bits 27-0 (28 bits) indicate length of the key in bits - * * Bits for a DH with specified generator number: * bits 27-24 (4 bits) indicate DH generator * 0000(0) - generator 2 @@ -53,7 +55,6 @@ extern "C" { * remaining combinations reserved * bits 23-16 (8 bits) reserved * bits 15-0 (16 bits) length of the safe prime in bits - * * Bits for a DH with RFC 5114: * bits 27-24 (4 bits) indicate a bit subgroup: * 0000(0) - 160 @@ -62,7 +63,6 @@ extern "C" { * remaining combinations reserved * bits 23-16 (8 bits) reserved * bits 15-0 (16 bits) length of the safe prime in bits - * * Bits for an elliptic curve type: * bits 27-24 (4 bits) indicate type of an elliptic curve: * 0000(0) - X9.62 Prime @@ -83,75 +83,79 @@ extern "C" { * 0011(3) - 4 * remaining combinations reserved * bits 15-0 (16 bits) - length of the prime field in bits - * * Those bits are used for DH and EC. For any other keys key_bit_len can be passed just * as a number of bits (4 most significant bits set to 0000, 28 bits for bit length). - * * In any case those defines are not be used directly. - * * For DH keys use YACA_KEY_LENGTH_DH_GENERATOR_* or'ed with safe prime length. * Alternatively one can use values from yaca_key_bit_length_dh_rfc_e enum to use * RFC 5114 parameters. - * * For elliptic curves use values from yaca_key_bit_length_ec_e enum. */ + /** @cond Don't include those defines in doxygen, they are not to be used directly */ + /* types */ -#define YACA_KEYLEN_COMPONENT_TYPE_MASK (0xF << 28) -#define YACA_KEYLEN_COMPONENT_TYPE_BITS (0U << 28) -#define YACA_KEYLEN_COMPONENT_TYPE_DH (1U << 28) -#define YACA_KEYLEN_COMPONENT_TYPE_DH_RFC (2U << 28) -#define YACA_KEYLEN_COMPONENT_TYPE_EC (3U << 28) +#define YACA_KEYLEN_COMPONENT_TYPE_MASK (0xF << 28) +#define YACA_KEYLEN_COMPONENT_TYPE_BITS (0U << 28) +#define YACA_KEYLEN_COMPONENT_TYPE_DH (1U << 28) +#define YACA_KEYLEN_COMPONENT_TYPE_DH_RFC (2U << 28) +#define YACA_KEYLEN_COMPONENT_TYPE_EC (3U << 28) + /* DH type */ -#define YACA_KEYLEN_COMPONENT_DH_GEN_MASK (0xF << 24) -#define YACA_KEYLEN_COMPONENT_DH_GEN_2 (0U << 24) -#define YACA_KEYLEN_COMPONENT_DH_GEN_5 (1U << 24) +#define YACA_KEYLEN_COMPONENT_DH_GEN_MASK (0xF << 24) +#define YACA_KEYLEN_COMPONENT_DH_GEN_2 (0U << 24) +#define YACA_KEYLEN_COMPONENT_DH_GEN_5 (1U << 24) + #define YACA_KEYLEN_COMPONENT_DH_PRIME_MASK (0xFFFF << 0) + /* DH_RFC type */ -#define YACA_KEYLEN_COMPONENT_DH_RFC_MASK (0xF << 24) -#define YACA_KEYLEN_COMPONENT_DH_RFC_160 (0U << 24) -#define YACA_KEYLEN_COMPONENT_DH_RFC_224 (1U << 24) -#define YACA_KEYLEN_COMPONENT_DH_RFC_256 (2U << 24) +#define YACA_KEYLEN_COMPONENT_DH_RFC_MASK (0xF << 24) +#define YACA_KEYLEN_COMPONENT_DH_RFC_160 (0U << 24) +#define YACA_KEYLEN_COMPONENT_DH_RFC_224 (1U << 24) +#define YACA_KEYLEN_COMPONENT_DH_RFC_256 (2U << 24) + /* EC type */ -#define YACA_KEYLEN_COMPONENT_EC_PRIME (0U << 24) -#define YACA_KEYLEN_COMPONENT_EC_SECP (1U << 24) -#define YACA_KEYLEN_COMPONENT_EC_SECT (2U << 24) -#define YACA_KEYLEN_COMPONENT_EC_BRAINPOOL (3U << 24) - -#define YACA_KEYLEN_COMPONENT_EC_V (0U << 20) -#define YACA_KEYLEN_COMPONENT_EC_R (1U << 20) -#define YACA_KEYLEN_COMPONENT_EC_K (2U << 20) -#define YACA_KEYLEN_COMPONENT_EC_T (3U << 20) - -#define YACA_KEYLEN_COMPONENT_EC_1 (0U << 16) -#define YACA_KEYLEN_COMPONENT_EC_2 (1U << 16) -#define YACA_KEYLEN_COMPONENT_EC_3 (2U << 16) -#define YACA_KEYLEN_COMPONENT_EC_4 (3U << 16) +#define YACA_KEYLEN_COMPONENT_EC_PRIME (0U << 24) +#define YACA_KEYLEN_COMPONENT_EC_SECP (1U << 24) +#define YACA_KEYLEN_COMPONENT_EC_SECT (2U << 24) +#define YACA_KEYLEN_COMPONENT_EC_BRAINPOOL (3U << 24) + + +#define YACA_KEYLEN_COMPONENT_EC_V (0U << 20) +#define YACA_KEYLEN_COMPONENT_EC_R (1U << 20) +#define YACA_KEYLEN_COMPONENT_EC_K (2U << 20) +#define YACA_KEYLEN_COMPONENT_EC_T (3U << 20) + + +#define YACA_KEYLEN_COMPONENT_EC_1 (0U << 16) +#define YACA_KEYLEN_COMPONENT_EC_2 (1U << 16) +#define YACA_KEYLEN_COMPONENT_EC_3 (2U << 16) +#define YACA_KEYLEN_COMPONENT_EC_4 (3U << 16) /** @endcond */ + /** * @brief The context handle. - * * @since_tizen 3.0 */ typedef struct yaca_context_s *yaca_context_h; + /** - * @brief The handle of a key, an Initialization Vector or a key generation parameters. - * + * @brief An Initialization Vector or a key generation parameters by the key handle. * @since_tizen 3.0 */ typedef struct yaca_key_s *yaca_key_h; + /** - * @brief Enumeration of YACA key formats. - * + * @brief Enumeration for formats YACA key. * @since_tizen 3.0 */ typedef enum { @@ -161,9 +165,9 @@ typedef enum { YACA_KEY_FORMAT_PKCS8 } yaca_key_format_e; + /** - * @brief Enumeration of YACA key file formats. - * + * @brief Enumeration for formats YACA key file. * @since_tizen 3.0 */ typedef enum { @@ -177,9 +181,9 @@ typedef enum { YACA_KEY_FILE_FORMAT_DER } yaca_key_file_format_e; + /** - * @brief Enumeration of YACA key types, Initialization Vector is considered as key. - * + * @brief Enumeration for YACA key types, Initialization Vector is considered as key. * @since_tizen 3.0 */ typedef enum { @@ -218,11 +222,11 @@ typedef enum { YACA_KEY_TYPE_EC_PARAMS } yaca_key_type_e; + /** - * @brief Enumeration of YACA key lengths. + * @brief Enumeration for YACA key lengths. * It is possible to use arbitrary integer instead, * this enum values are placed here to avoid magic numbers. - * * @since_tizen 3.0 */ typedef enum { @@ -257,10 +261,9 @@ typedef enum { } yaca_key_bit_length_e; /** - * @brief Enumeration of YACA elliptic curve types with their bit lengths. + * @brief Enumeration for YACA elliptic curve types with their bit lengths. * It's meant to be passed or returned as a @a key_bit_len param * in appropriate functions when dealing with elliptic curves. - * * @since_tizen 3.0 */ typedef enum { @@ -277,24 +280,23 @@ typedef enum { } yaca_key_bit_length_ec_e; /** - * @brief A value indicating generator equal 2 for DH parameters. + * @brief Definition for the value indicating generator equal 2 for DH parameters. * To be or'ed with safe prime length in bits. Prime length is recommended * to be 2048 bits or higher. */ #define YACA_KEY_LENGTH_DH_GENERATOR_2 (YACA_KEYLEN_COMPONENT_TYPE_DH | YACA_KEYLEN_COMPONENT_DH_GEN_2) /** - * @brief A value indicating generator equal 5 for DH parameters. + * @brief Definition for the value indicating generator equal 5 for DH parameters. * To be or'ed with safe prime length in bits. Prime length is recommended * to be 2048 bits or higher. */ #define YACA_KEY_LENGTH_DH_GENERATOR_5 (YACA_KEYLEN_COMPONENT_TYPE_DH | YACA_KEYLEN_COMPONENT_DH_GEN_5) /** - * @brief Enumeration of YACA DH parameters taken from RFC 5114. + * @brief Enumeration for YACA DH parameters taken from RFC 5114. * It's meant to be passed or returned as a @a key_bit_len param * in appropriate functions when dealing with DH and wanting to * use RFC 5114 values. - * * @since_tizen 3.0 */ typedef enum { @@ -306,9 +308,9 @@ typedef enum { YACA_KEY_LENGTH_DH_RFC_2048_256 = YACA_KEYLEN_COMPONENT_TYPE_DH_RFC | YACA_KEYLEN_COMPONENT_DH_RFC_256 | 2048U } yaca_key_bit_length_dh_rfc_e; + /** - * @brief Enumeration of YACA message digest algorithms. - * + * @brief Enumeration for YACA message digest algorithms. * @since_tizen 3.0 */ typedef enum { @@ -326,9 +328,9 @@ typedef enum { YACA_DIGEST_SHA512, } yaca_digest_algorithm_e; + /** - * @brief Enumeration of YACA symmetric encryption algorithms. - * + * @brief Enumeration for YACA symmetric encryption algorithms. * @since_tizen 3.0 */ typedef enum { @@ -435,9 +437,9 @@ typedef enum { YACA_ENCRYPT_CAST5, } yaca_encrypt_algorithm_e; + /** - * @brief Enumeration of YACA chaining modes for block ciphers. - * + * @brief Enumeration for YACA chaining modes for block ciphers. * @since_tizen 3.0 */ typedef enum { @@ -450,7 +452,6 @@ typedef enum { /** * ECB block cipher mode. * Initialization Vector is not used. - * * By default the input data is padded using standard block padding (#YACA_PADDING_PKCS7). * Padding can be disabled using yaca_context_set_property() and * #YACA_PROPERTY_PADDING,#YACA_PADDING_NONE, @@ -470,7 +471,6 @@ typedef enum { * CBC block cipher mode. * 128-bit Initialization Vector for AES, * 64-bit for other algorithms is mandatory. - * * By default the input data is padded using standard block padding (#YACA_PADDING_PKCS7). * Padding can be disabled using yaca_context_set_property() and * #YACA_PROPERTY_PADDING, #YACA_PADDING_NONE, @@ -482,7 +482,6 @@ typedef enum { /** * GCM block cipher mode. * This is a variable Initialization Vector length mode (recommended 96-bits). - * * Supported properties: * - #YACA_PROPERTY_GCM_TAG_LEN = GCM tag length (optional)\n * Supported tag lengths: @c 4, @c 8, @c 12, @c 13, @c 14, @c 15, @c 16 @@ -490,22 +489,18 @@ typedef enum { * Set after yaca_encrypt_finalize() / yaca_seal_finalize() and before * yaca_context_get_property(#YACA_PROPERTY_GCM_TAG) in encryption / seal operation.\n * The @a value should be a size_t variable.\n - * In decryption / open operation tag length is not set.\n\n - * + * In decryption / open operation tag length is not set.\n * - #YACA_PROPERTY_GCM_TAG = GCM tag\n * Get after yaca_encrypt_finalize() / yaca_seal_finalize() in encryption / seal operation.\n * Set after yaca_decrypt_update() / yaca_open_update() and before - * yaca_decrypt_finalize() / yaca_open_finalize() in decryption / open operation.\n\n - * + * yaca_decrypt_finalize() / yaca_open_finalize() in decryption / open operation.\n * - #YACA_PROPERTY_GCM_AAD = additional authentication data (optional)\n * Set after yaca_encrypt_initialize() / yaca_seal_initialize() and before * yaca_encrypt_update() / yaca_seal_update() in encryption / seal operation.\n * Set after yaca_decrypt_initialize() / yaca_open_initialize() and before - * yaca_decrypt_update() / yaca_open_update() in decryption / open operation.\n\n - * + * yaca_decrypt_update() / yaca_open_update() in decryption / open operation.\n * @see yaca_context_set_property() * @see yaca_context_get_property() - * */ YACA_BCM_GCM, @@ -541,61 +536,50 @@ typedef enum { * CBC-MAC Mode (AES). * This is a variable Initialization Vector length mode.\n * Supported Initialization Vector lengths: 56-104 bits in steps of 8 bits - * (recommended 56-bits).\n\n - * + * (recommended 56-bits).\n * Supported properties: * - #YACA_PROPERTY_CCM_TAG_LEN = CCM tag length (optional)\n * Supported tag lengths: 4-16 bytes in steps of 2 bytes (12 bytes tag by default).\n * Set after yaca_encrypt_initialize() / yaca_seal_initialize() and before * yaca_encrypt_update() / yaca_seal_update() in encryption / seal operation.\n * The @a value should be a size_t variable.\n - * In decryption / open operation tag length is not set.\n\n - * + * In decryption / open operation tag length is not set.\n * - #YACA_PROPERTY_CCM_TAG = CCM tag\n * Get after yaca_encrypt_finalize() / yaca_seal_finalize() in encryption / seal operation.\n * Set after yaca_decrypt_initialize() / yaca_open_initialize() and before - * yaca_decrypt_update() / yaca_open_update() in decryption / open operation.\n\n - * + * yaca_decrypt_update() / yaca_open_update() in decryption / open operation.\n * - #YACA_PROPERTY_CCM_AAD = additional authentication data (optional)\n * The total plaintext length must be passed to yaca_encrypt_update() / yaca_seal_update() * if AAD is used.\n * Set after yaca_encrypt_initialize() / yaca_seal_initialize() and before * yaca_encrypt_update() / yaca_seal_update() in encryption / seal operation.\n * You can only call yaca_encrypt_update() / yaca_seal_update() once for AAD - * and once for the plaintext.\n\n - * + * and once for the plaintext.\n * The total encrypted text length must be passed to yaca_decrypt_update() / * yaca_open_update() if AAD is used.\n * Set after yaca_decrypt_initialize() / yaca_open_initialize() and before * yaca_decrypt_update() / yaca_open_update() in decryption / open operation.\n * You can only call yaca_decrypt_update() / yaca_open_update() once for AAD - * and once for the encrypted text.\n\n - * + * and once for the encrypted text.\n * @see yaca_context_set_property() * @see yaca_context_get_property() - * */ YACA_BCM_CCM, /** * Used with #YACA_ENCRYPT_AES or #YACA_ENCRYPT_3DES_3TDEA to perform a key wrapping * (key material symmetric encryption). - * * Only a single yaca_encrypt_update() / yaca_decrypt_update() is allowed. - * * Usage in yaca_seal_initialize() / yaca_open_finalize() is forbidden. - * * Key used to do the wrapping with #YACA_ENCRYPT_AES can be a 128-bit key, a 192-bit key, * or a 256-bit key.\n * 64-bit Initialization Vector is used.\n * Wrapped key can be a 128-bit key, a 192-bit key, or a 256-bit key.\n * #YACA_ENCRYPT_AES allows wrapping multiple keys together. - * * Key used to do the wrapping with #YACA_ENCRYPT_3DES_3TDEA can be a 192-bit DES key only.\n * Initialization Vector is not used.\n * Wrapped key can be a 128-bit DES key (two-key), or a 192-bit DES key (three-key).\n * #YACA_ENCRYPT_3DES_3TDEA allows wrapping only one key. - * */ YACA_BCM_WRAP @@ -603,16 +587,13 @@ typedef enum { /** - * @brief Enumeration of YACA non-standard properties for algorithms. - * + * @brief Enumeration for YACA non-standard properties for algorithms. * @since_tizen 3.0 - * * @see #yaca_padding_e */ typedef enum { /** * Padding for the encrypt/decrypt or sign/verify operation. Property type is #yaca_padding_e. - * * This property can be set at the latest before the *_finalize() call. */ YACA_PROPERTY_PADDING, @@ -636,8 +617,7 @@ typedef enum { } yaca_property_e; /** - * @brief Enumeration of YACA paddings. - * + * @brief Enumeration for YACA paddings. * @since_tizen 3.0 */ typedef enum { @@ -689,9 +669,9 @@ typedef enum { YACA_PADDING_PKCS7 } yaca_padding_e; + /** - * @brief Enumeration of YACA key derivation functions. - * + * @brief Enumeration for YACA key derivation functions. * @since_tizen 3.0 */ typedef enum { @@ -708,12 +688,15 @@ typedef enum { YACA_KDF_X962, } yaca_kdf_e; + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_TYPES_H */ -- 2.7.4 From 9d3c70918fb0041a89d821f7a5246b59f5f33a8c Mon Sep 17 00:00:00 2001 From: Piotr Sawicki Date: Tue, 7 Feb 2017 10:15:56 +0100 Subject: [PATCH 08/16] Remove unused code in CMakeLists Change-Id: I31210f92e62e5fce7035b4e5693c58fda8b29e5a --- src/CMakeLists.txt | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 8d8badd..2e022fc 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -1,5 +1,5 @@ # -# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved +# Copyright (c) 2016 - 2017 Samsung Electronics Co., Ltd All Rights Reserved # # Contact: Krzysztof Jackiewicz # @@ -45,13 +45,7 @@ SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES VERSION ${_LIB_VERSION_}) ## Link libraries ############################################################## -PKG_CHECK_MODULES(YACA_DEPS REQUIRED openssl) - -PKG_CHECK_MODULES(CAPI_BASE_COMMON capi-base-common) -IF (CAPI_BASE_COMMON_FOUND) - ADD_DEFINITIONS(-DCAPI_BASE_COMMON_PRESENT) - INCLUDE_DIRECTORIES(SYSTEM ${CAPI_BASE_COMMON_INCLUDE_DIRS}) -ENDIF() +PKG_CHECK_MODULES(YACA_DEPS REQUIRED openssl capi-base-common) FIND_PACKAGE (Threads) -- 2.7.4 From f28c538271df98283601b407577a7462d08fe5eb Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Mon, 20 Mar 2017 09:47:05 +0100 Subject: [PATCH 09/16] Install license file Change-Id: I1e80b2686d46e369084d062f2b0ef3c0e9e1d76d --- packaging/yaca.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/packaging/yaca.spec b/packaging/yaca.spec index 2b43c19..d22d931 100644 --- a/packaging/yaca.spec +++ b/packaging/yaca.spec @@ -19,6 +19,7 @@ The package provides Yet Another Crypto API. %postun -p /sbin/ldconfig %files +%license LICENSE %manifest yaca.manifest %{_libdir}/libyaca.so.0 %{_libdir}/libyaca.so.%{version} -- 2.7.4 From 6bae0c382ac2570a168094788a5dd86f986058dd Mon Sep 17 00:00:00 2001 From: Dariusz Michaluk Date: Tue, 14 Nov 2017 16:27:57 +0100 Subject: [PATCH 10/16] Fix: yaca_context_get_property() implementation unconsistent with documentation Change-Id: I5ffd12d68b2bc2764da50d7e7bc5dd1b92eb5ebb --- examples/encrypt_ccm.c | 7 +------ examples/encrypt_gcm.c | 7 +------ src/encrypt.c | 18 ++++++++++++++++-- 3 files changed, 18 insertions(+), 14 deletions(-) diff --git a/examples/encrypt_ccm.c b/examples/encrypt_ccm.c index 3bc11f8..572882c 100644 --- a/examples/encrypt_ccm.c +++ b/examples/encrypt_ccm.c @@ -78,11 +78,6 @@ int main() if (ret != YACA_ERROR_NONE) goto exit; - /* Allocate memory for tag */ - ret = yaca_zalloc(tag_len, (void**)&tag); - if (ret != YACA_ERROR_NONE) - goto exit; - /* Encryption */ { /* Initialize encryption context */ @@ -140,7 +135,7 @@ int main() goto exit; /* Get the tag after final encryption */ - ret = yaca_context_get_property(ctx, YACA_PROPERTY_CCM_TAG, (void**)tag, &tag_len); + ret = yaca_context_get_property(ctx, YACA_PROPERTY_CCM_TAG, (void**)&tag, &tag_len); if (ret != YACA_ERROR_NONE) goto exit; diff --git a/examples/encrypt_gcm.c b/examples/encrypt_gcm.c index 9778acb..7e1125b 100644 --- a/examples/encrypt_gcm.c +++ b/examples/encrypt_gcm.c @@ -78,11 +78,6 @@ int main() if (ret != YACA_ERROR_NONE) goto exit; - /* Allocate memory for tag */ - ret = yaca_zalloc(tag_len, (void**)&tag); - if (ret != YACA_ERROR_NONE) - goto exit; - /* Encryption */ { /* Initialize encryption context */ @@ -134,7 +129,7 @@ int main() if (ret != YACA_ERROR_NONE) goto exit; - ret = yaca_context_get_property(ctx, YACA_PROPERTY_GCM_TAG, (void**)tag, &tag_len); + ret = yaca_context_get_property(ctx, YACA_PROPERTY_GCM_TAG, (void**)&tag, &tag_len); if (ret != YACA_ERROR_NONE) goto exit; diff --git a/src/encrypt.c b/src/encrypt.c index f4a21f3..1fd935c 100644 --- a/src/encrypt.c +++ b/src/encrypt.c @@ -767,6 +767,8 @@ int set_encrypt_property(yaca_context_h ctx, int get_encrypt_property(const yaca_context_h ctx, yaca_property_e property, void **value, size_t *value_len) { + int ret; + void *tag = NULL; struct yaca_encrypt_context_s *c = get_encrypt_context(ctx); int mode; @@ -786,13 +788,19 @@ int get_encrypt_property(const yaca_context_h ctx, yaca_property_e property, assert(c->tag_len <= INT_MAX); + ret = yaca_malloc(c->tag_len, &tag); + if (ret != YACA_ERROR_NONE) + return ret; + if (EVP_CIPHER_CTX_ctrl(c->cipher_ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, - value) != 1) { + tag) != 1) { + yaca_free(tag); ERROR_DUMP(YACA_ERROR_INTERNAL); return YACA_ERROR_INTERNAL; } + *value = tag; *value_len = c->tag_len; break; case YACA_PROPERTY_CCM_TAG: @@ -804,13 +812,19 @@ int get_encrypt_property(const yaca_context_h ctx, yaca_property_e property, assert(c->tag_len <= INT_MAX); + ret = yaca_malloc(c->tag_len, &tag); + if (ret != YACA_ERROR_NONE) + return ret; + if (EVP_CIPHER_CTX_ctrl(c->cipher_ctx, EVP_CTRL_CCM_GET_TAG, c->tag_len, - value) != 1) { + tag) != 1) { + yaca_free(tag); ERROR_DUMP(YACA_ERROR_INTERNAL); return YACA_ERROR_INTERNAL; } + *value = tag; *value_len = c->tag_len; break; default: -- 2.7.4 From fd14778d5a704845c34f5add789c221abde2f594 Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Fri, 17 Nov 2017 11:31:23 +0100 Subject: [PATCH 11/16] Some additional API usage clarifications regarding keys Change-Id: I375ff08deedfdc4669f40dbf6a7473d216e531ed --- api/yaca/yaca_key.h | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h index f946534..bf871f6 100644 --- a/api/yaca/yaca_key.h +++ b/api/yaca/yaca_key.h @@ -218,6 +218,8 @@ int yaca_key_generate(yaca_key_type_e key_type, size_t key_bit_len, yaca_key_h * * @since_tizen 3.0 * @remarks This function is used to generate private asymmetric keys * based on pre-generated parameters. + * @remarks This function does not support RSA keys, as it's not possible + * to extract parameters from them. * @remarks The @a key should be released using yaca_key_destroy(). * @param[in] params Pre-generated parameters * @param[out] prv_key Newly generated private key @@ -257,6 +259,7 @@ int yaca_key_extract_public(const yaca_key_h prv_key, yaca_key_h *pub_key); * @brief Extracts parameters from a private or a public key. * @since_tizen 3.0 * @remarks The @a params should be released using yaca_key_destroy(). + * @remarks This function does not support RSA keys. * @param[in] key A key to extract the parameters from * @param[out] params Extracted parameters * @return #YACA_ERROR_NONE on success, @@ -276,9 +279,10 @@ int yaca_key_extract_parameters(const yaca_key_h key, yaca_key_h *params); /** * @brief Derives a shared secret using Diffie-Helmann or EC Diffie-Helmann key exchange protocol. * @since_tizen 3.0 - * @remarks The @a secret should not be used as a symmetric key, - * to produce a symmetric key pass the secret to a key derivation function (KDF) + * @remarks The @a secret should not be used as a symmetric key. + * To produce a symmetric key pass the secret to a key derivation function (KDF) * or a message digest function. + * @remarks Both the keys passed should be of DH type. * @remarks The @a secret should be freed with yaca_free(). * @param[in] prv_key Our private key * @param[in] pub_key Peer public key -- 2.7.4 From 56f96a8307f1b4dc771de32bdaf5fb8b561687ba Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Fri, 17 Nov 2017 11:32:26 +0100 Subject: [PATCH 12/16] Fix possible segfault in seal_initialize The iv is not mandatory. It depends on bcm mode and is already checked in this function. Don't blindly write to *iv because in some cases it might be NULL. Change-Id: Ieddf81b77482d2aec49d1cde3291c08d702b7c43 --- src/seal.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/seal.c b/src/seal.c index a7c3b50..24188e4 100644 --- a/src/seal.c +++ b/src/seal.c @@ -188,8 +188,11 @@ API int yaca_seal_initialize(yaca_context_h *ctx, *sym_key = lenc_sym_key; lenc_sym_key = YACA_KEY_NULL; - *iv = liv; - liv = YACA_KEY_NULL; + if (iv != NULL) { + *iv = liv; + liv = YACA_KEY_NULL; + } + ret = YACA_ERROR_NONE; exit: -- 2.7.4 From 5d1d5270ff1a668130932373a2a4be58be97ab4e Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Fri, 17 Nov 2017 11:34:07 +0100 Subject: [PATCH 13/16] Handle special use case of EVP_DigestSignFinal() EVP_DigestSignFinal() does not behave the same as other OpenSSL *Final functions in regards to its length param. Handle this use case so its different behaviour is not propagated onto YACA. Change-Id: Iac9338e00a39a986049d1504791ff5e409da96f1 --- src/sign.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/sign.c b/src/sign.c index 23c9fa0..03f1cb0 100644 --- a/src/sign.c +++ b/src/sign.c @@ -430,12 +430,20 @@ API int yaca_sign_finalize(yaca_context_h ctx, int ret; if (c == NULL || c->op_type != OP_SIGN || - signature == NULL || signature_len == NULL || *signature_len == 0) + signature == NULL || signature_len == NULL) return YACA_ERROR_INVALID_PARAMETER; if (!verify_state_change(c, CTX_FINALIZED)) return YACA_ERROR_INVALID_PARAMETER; + /* EVP_DigestSignFinal() is the only *Final that requires buffer + * length as the [in,out], don't break the symmetry in our API, + * don't require it from the user, get the apropriate length here. + */ + ret = ctx->get_output_length(ctx, 0, signature_len); + if (ret != YACA_ERROR_NONE) + return ret; + ret = EVP_DigestSignFinal(c->md_ctx, (unsigned char *)signature, signature_len); if (ret != 1) { ret = YACA_ERROR_INTERNAL; -- 2.7.4 From d13ea7e43f5fec4d1930feca73141485abcbbd9d Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Fri, 17 Nov 2017 15:20:36 +0100 Subject: [PATCH 14/16] Clarification for key_derive_dh, EC keys are also accepted Change-Id: I763712bb97de47267ebd1303bc3718c573edb164 --- api/yaca/yaca_key.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h index bf871f6..4f82cd9 100644 --- a/api/yaca/yaca_key.h +++ b/api/yaca/yaca_key.h @@ -282,7 +282,7 @@ int yaca_key_extract_parameters(const yaca_key_h key, yaca_key_h *params); * @remarks The @a secret should not be used as a symmetric key. * To produce a symmetric key pass the secret to a key derivation function (KDF) * or a message digest function. - * @remarks Both the keys passed should be of DH type. + * @remarks Both the keys passed should be of DH or EC type. * @remarks The @a secret should be freed with yaca_free(). * @param[in] prv_key Our private key * @param[in] pub_key Peer public key -- 2.7.4 From 750418075d3e913b8733520d82bfebd4323c64fd Mon Sep 17 00:00:00 2001 From: Dariusz Michaluk Date: Wed, 14 Mar 2018 12:22:32 +0100 Subject: [PATCH 15/16] Release 0.0.3 Change-Id: Ibafba8ab1f73392aa7a27483c468fafb33245dca --- CMakeLists.txt | 2 +- packaging/yaca.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 653daef..8596ea7 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -23,7 +23,7 @@ CMAKE_MINIMUM_REQUIRED (VERSION 2.6.2) PROJECT(yaca) -SET(VERSION "0.0.2") +SET(VERSION "0.0.3") ## pkgconfig ################################################################### INCLUDE(FindPkgConfig) diff --git a/packaging/yaca.spec b/packaging/yaca.spec index d22d931..a1484d1 100644 --- a/packaging/yaca.spec +++ b/packaging/yaca.spec @@ -1,5 +1,5 @@ Name: yaca -Version: 0.0.2 +Version: 0.0.3 Release: 0 Source0: %{name}-%{version}.tar.gz License: Apache-2.0 -- 2.7.4 From 932ca550e4b56fec34f2ad4045c0b148b7890aa1 Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Fri, 17 Nov 2017 14:51:46 +0100 Subject: [PATCH 16/16] Python3 bindings for YACA Change-Id: Ia7e7bf329d6b2e87c6587481dfe5c870ef482e54 --- CMakeLists.txt | 4 + packaging/yaca.spec | 14 + python/CMakeLists.txt | 8 + python/run_all_tests.py | 23 ++ python/yaca/__init__.py | 817 ++++++++++++++++++++++++++++++++++++++++++++++++ python/yaca/error.py | 48 +++ python/yaca/library.py | 298 ++++++++++++++++++ python/yaca/tests.py | 473 ++++++++++++++++++++++++++++ 8 files changed, 1685 insertions(+) create mode 100644 python/CMakeLists.txt create mode 100755 python/run_all_tests.py create mode 100755 python/yaca/__init__.py create mode 100644 python/yaca/error.py create mode 100644 python/yaca/library.py create mode 100644 python/yaca/tests.py diff --git a/CMakeLists.txt b/CMakeLists.txt index 8596ea7..51d28e7 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -74,6 +74,7 @@ ENDIF() SET(API_FOLDER ${PROJECT_SOURCE_DIR}/api/yaca) SET(EXAMPLES_FOLDER ${PROJECT_SOURCE_DIR}/examples) SET(SRC_FOLDER ${PROJECT_SOURCE_DIR}/src) +SET(PYTHON_FOLDER ${PROJECT_SOURCE_DIR}/python) IF(NOT DEFINED LIB_INSTALL_DIR) SET(LIB_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}") @@ -99,3 +100,6 @@ CONFIGURE_FILE(packaging/yaca.manifest.in yaca.manifest @ONLY) ADD_SUBDIRECTORY(${SRC_FOLDER}) ADD_SUBDIRECTORY(${EXAMPLES_FOLDER}) +IF(NOT WITHOUT_PYTHON) + ADD_SUBDIRECTORY(${PYTHON_FOLDER}) +ENDIF(NOT WITHOUT_PYTHON) diff --git a/packaging/yaca.spec b/packaging/yaca.spec index a1484d1..5135774 100644 --- a/packaging/yaca.spec +++ b/packaging/yaca.spec @@ -6,6 +6,7 @@ License: Apache-2.0 Group: Security/Other Summary: Yet Another Crypto API BuildRequires: cmake +BuildRequires: python3 >= 3.4 BuildRequires: pkgconfig(capi-base-common) BuildRequires: pkgconfig(openssl) Requires(post): /sbin/ldconfig @@ -35,6 +36,7 @@ make -k %{?jobs:-j%jobs} %install %make_install +%py3_compile %{buildroot}/%{python3_sitelib} %clean rm -rf %{buildroot} @@ -65,3 +67,15 @@ The package provides Yet Another Crypto API example files. %files examples %{_bindir}/yaca-example* %{_datadir}/%{name}/examples + +## Python3 Package ############################################################ +%package -n python3-yaca +Summary: Yet Another Crypto API Python3 bindings +Group: Security/Other +Requires: yaca = %{version}-%{release} + +%description -n python3-yaca +The package provides Yet Another Crypto API bindings for Python3. + +%files -n python3-yaca +%{python3_sitelib}/%{name} diff --git a/python/CMakeLists.txt b/python/CMakeLists.txt new file mode 100644 index 0000000..bb65b0c --- /dev/null +++ b/python/CMakeLists.txt @@ -0,0 +1,8 @@ +FIND_PACKAGE(PythonInterp 3.4 REQUIRED) + +EXECUTE_PROCESS(COMMAND ${PYTHON_EXECUTABLE} -c "from sys import stdout; from distutils import sysconfig; stdout.write(sysconfig.get_python_lib())" OUTPUT_VARIABLE PYTHON_INSTALL_DIR) +MESSAGE(STATUS "Python install dir is ${PYTHON_INSTALL_DIR}") +MESSAGE(STATUS "Python version is ${PYTHON_VERSION_STRING}") + +FILE(GLOB yaca_SRCS yaca/*.py) +INSTALL (FILES ${yaca_SRCS} DESTINATION ${PYTHON_INSTALL_DIR}/${PROJECT_NAME}) diff --git a/python/run_all_tests.py b/python/run_all_tests.py new file mode 100755 index 0000000..4877820 --- /dev/null +++ b/python/run_all_tests.py @@ -0,0 +1,23 @@ +#!/usr/bin/env python3 + +# Copyright (c) 2017-2018 Samsung Electronics Co., Ltd All Rights Reserved +# +# Contact: Lukasz Pawelczyk +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License + + +import yaca +import yaca.tests + +yaca.tests.run_all_tests() diff --git a/python/yaca/__init__.py b/python/yaca/__init__.py new file mode 100755 index 0000000..38e8648 --- /dev/null +++ b/python/yaca/__init__.py @@ -0,0 +1,817 @@ +#!/usr/bin/env python3 + +# Copyright (c) 2017-2018 Samsung Electronics Co., Ltd All Rights Reserved +# +# Contact: Lukasz Pawelczyk +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License + + +""" +Python3 bindings for YACA. + +Usage is almost the same as in the C API. All the functions that made +sense in Python were implemented. Memory allocations and functions for +getting length of the buffers were ommited as all those things are +handled automatically for both input and output. + +All the parameters for strings/data expect python's bytes type. All +the parameters are named the same as in the C API and their meaning is +exactly the same. + +The major exception being encrypt/decrypt update where second +parameter can have 2 meanings. This is only used for CCM_AAD. See +examples. + +Some parameters now have default values for ease of use. + +For details please refer to the C API doxygen documentation. + +For examples see tests/examples in yaca.tests module. +""" + +import enum as _enum +import ctypes as _ctypes +import yaca.library +from yaca.error import * +del yaca.error + +# Initialization + +_lib = yaca.library.get_yaca() +del yaca.library + + +# Helpers + +def _get_char_param_nullify_if_zero(param): + return None if len(param) == 0 else param + + +def _context_get_output_length(ctx, input_length): + output_length = _ctypes.c_size_t() + _lib.yaca_context_get_output_length(ctx, + input_length, + _ctypes.byref(output_length)) + return output_length.value + + +# Types + +class Context(): + def __init__(self, ptr): + if not isinstance(ptr, _ctypes.c_void_p): + raise TypeError('Invalid type') + self._as_parameter_ = ptr + + def __del__(self): + _lib.yaca_context_destroy(self._as_parameter_) + + +class Key(): + def __init__(self, ptr): + if not isinstance(ptr, _ctypes.c_void_p): + raise TypeError('Invalid type') + self._as_parameter_ = ptr + + def __del__(self): + _lib.yaca_key_destroy(self._as_parameter_) + + def __repr__(self): + if self._as_parameter_.value is None: + return '' + return '' + + def get_type(self): + return key_get_type(self) + + def get_bit_length(self): + return key_get_bit_length(self) + + +KEY_NULL = Key(_ctypes.c_void_p()) + + +# Enums + +@_enum.unique +class KEY_FORMAT(_enum.Enum): + DEFAULT = 0 + PKCS8 = 1 + + +@_enum.unique +class KEY_FILE_FORMAT(_enum.Enum): + RAW = 0 + BASE64 = 1 + PEM = 2 + DER = 3 + + +@_enum.unique +class KEY_TYPE(_enum.Enum): + SYMMETRIC = 0 + DES = 1 + IV = 2 + RSA_PUB = 3 + RSA_PRIV = 4 + DSA_PUB = 5 + DSA_PRIV = 6 + DH_PUB = 7 + DH_PRIV = 8 + EC_PUB = 9 + EC_PRIV = 10 + DSA_PARAMS = 11 + DH_PARAMS = 12 + EC_PARAMS = 13 + + +class KEY_BIT_LENGTH(_enum.IntEnum): + IV_64BIT = 64 + IV_128BIT = 128 + UNSAFE_8BIT = 8 + UNSAFE_40BIT = 40 + UNSAFE_64BIT = 64 + UNSAFE_80BIT = 80 + UNSAFE_128BIT = 128 + L192BIT = 192 + L256BIT = 256 + L512BIT = 512 + L1024BIT = 1024 + L2048BIT = 2048 + L3072BIT = 3072 + L4096BIT = 4096 + + +@_enum.unique +class KEY_BIT_LENGTH_EC(_enum.IntEnum): + PRIME192V1 = 0x300000C0 + PRIME256V1 = 0x30000100 + SECP256K1 = 0x31200100 + SECP384R1 = 0x31100180 + SECP521R1 = 0x31100209 + + +KEY_LENGTH_DH_GENERATOR_2 = 0x10000000 +KEY_LENGTH_DH_GENERATOR_5 = 0x11000000 + + +@_enum.unique +class KEY_BIT_LENGTH_DH_RFC(_enum.IntEnum): + L1024_160 = 0x20000400 + L2048_224 = 0x21000800 + L2048_256 = 0x22000800 + + +@_enum.unique +class DIGEST_ALGORITHM(_enum.Enum): + MD5 = 0 + SHA1 = 1 + SHA224 = 2 + SHA256 = 3 + SHA384 = 4 + SHA512 = 5 + + +@_enum.unique +class ENCRYPT_ALGORITHM(_enum.Enum): + AES = 0 + UNSAFE_DES = 1 + UNSAFE_TRIPPLE_DES_2TDEA = 2 + TRIPPLE_DES_3TDEA = 3 + UNSAFE_RC2 = 4 + UNSAFE_RC4 = 5 + CAST5 = 6 + + +@_enum.unique +class BLOCK_CIPHER_MODE(_enum.Enum): + NONE = 0 + ECB = 1 + CTR = 2 + CBC = 3 + GCM = 4 + CFB = 5 + CFB1 = 6 + CFB8 = 7 + OFB = 8 + CCM = 9 + WRAP = 10 + + +@_enum.unique +class PROPERTY(_enum.Enum): + PADDING = 0 + GCM_AAD = 1 + GCM_TAG = 2 + GCM_TAG_LEN = 3 + CCM_AAD = 4 + CCM_TAG = 5 + CCM_TAG_LEN = 6 + RC2_EFFECTIVE_KEY_BITS = 7 + + +@_enum.unique +class PADDING(_enum.Enum): + NONE = 0 + X931 = 1 + PKCS1 = 2 + PKCS1_PSS = 3 + PKCS1_OAEP = 4 + PKCS1_SSLV23 = 5 + PKCS7 = 6 + + +@_enum.unique +class KDF(_enum.Enum): + X942 = 0 + X962 = 1 + + +# Implementation crypto + +def initialize(): + """Initializes the library. Must be called before any other crypto + function. Should be called once in each thread that uses yaca.""" + _lib.yaca_initialize() + + +def cleanup(): + """Cleans up the library. + Must be called before exiting the thread that called yaca_initialize().""" + _lib.yaca_cleanup() + + +def memcmp(first, second, length): + """Safely compares first length bytes of two buffers.""" + l = _ctypes.c_size_t(length) + return _lib.yaca_memcmp(first, second, l) + + +def random_bytes(length): + """Generates random data.""" + data = _ctypes.create_string_buffer(length) + _lib.yaca_randomize_bytes(data, length) + return bytes(data) + + +def context_set_property(ctx, prop, prop_val): + """Sets the non-standard context properties. + Can only be called on an initialized context.""" + if prop == PROPERTY.PADDING: + value = _ctypes.c_int(prop_val.value) + value_length = _ctypes.sizeof(value) + _lib.yaca_context_set_property(ctx, + prop.value, + _ctypes.byref(value), + value_length) + elif (prop == PROPERTY.GCM_AAD) or (prop == PROPERTY.CCM_AAD) or \ + (prop == PROPERTY.GCM_TAG) or (prop == PROPERTY.CCM_TAG): + value = prop_val + value_length = len(prop_val) + _lib.yaca_context_set_property(ctx, prop.value, + value, value_length) + elif (prop == PROPERTY.GCM_TAG_LEN) or (prop == PROPERTY.CCM_TAG_LEN) or \ + (prop == PROPERTY.RC2_EFFECTIVE_KEY_BITS): + value = _ctypes.c_size_t(prop_val) + value_length = _ctypes.sizeof(value) + _lib.yaca_context_set_property( + ctx, prop.value, _ctypes.byref(value), value_length) + else: + raise InvalidParameterError('Wrong property passed') + + +def context_get_property(ctx, prop): + """Returns the non-standard context properties. + Can only be called on an initialized context.""" + value = _ctypes.c_void_p() + value_length = _ctypes.c_size_t() + _lib.yaca_context_get_property(ctx, prop.value, _ctypes.byref(value), + _ctypes.byref(value_length)) + if prop == PROPERTY.PADDING: + value_cast = _ctypes.cast(value, _ctypes.POINTER(_ctypes.c_int)) + value_proper = value_cast.contents.value + assert value_length.value == _ctypes.sizeof(value_cast.contents) + elif (prop == PROPERTY.GCM_AAD) or (prop == PROPERTY.CCM_AAD) or \ + (prop == PROPERTY.GCM_TAG) or (prop == PROPERTY.CCM_TAG): + value_cast = _ctypes.cast(value, _ctypes.POINTER(_ctypes.c_char)) + value_proper = value_cast[:value_length.value] + assert value_length.value == len(value_proper) + elif (prop == PROPERTY.GCM_TAG_LEN) or \ + (prop == PROPERTY.CCM_TAG_LEN) or \ + (prop == PROPERTY.RC2_EFFECTIVE_KEY_BITS): + value_cast = _ctypes.cast(value, _ctypes.POINTER(_ctypes.c_size_t)) + value_proper = value_cast.contents.value + assert value_length.value == _ctypes.sizeof(value_cast.contents) + else: + raise InvalidParameterError('Wrong property passed') + _lib.yaca_free(value) + return value_proper + + +# Implementation key + +def key_get_type(key): + """Gets key's type""" + key_type = _ctypes.c_int() + _lib.yaca_key_get_type(key, _ctypes.byref(key_type)) + return KEY_TYPE(key_type.value) + + +def key_get_bit_length(key): + """Gets key's length (in bits).""" + key_bit_length = _ctypes.c_size_t() + _lib.yaca_key_get_bit_length(key, _ctypes.byref(key_bit_length)) + return key_bit_length.value + + +def key_import(data, key_type=KEY_TYPE.SYMMETRIC, password=b''): + """Imports a key or key generation parameters.""" + key = _ctypes.c_void_p() + _lib.yaca_key_import(key_type.value, _ctypes.c_char_p(password), + data, len(data), _ctypes.byref(key)) + return Key(key) + + +def key_export(key, key_file_fmt=KEY_FILE_FORMAT.BASE64, + key_fmt=KEY_FORMAT.DEFAULT, password=b''): + """Exports a key or key generation parameters to arbitrary format.""" + data = _ctypes.POINTER(_ctypes.c_char)() + data_length = _ctypes.c_size_t() + _lib.yaca_key_export(key, key_fmt.value, key_file_fmt.value, + _ctypes.c_char_p(password), _ctypes.byref(data), + _ctypes.byref(data_length)) + data_bytes = data[:data_length.value] + _lib.yaca_free(data) + return data_bytes + + +def key_generate(key_type=KEY_TYPE.SYMMETRIC, + key_bit_length=KEY_BIT_LENGTH.L256BIT): + """Generates a secure key or key generation parameters + (or an Initialization Vector).""" + key = _ctypes.c_void_p() + _lib.yaca_key_generate(key_type.value, key_bit_length, + _ctypes.byref(key)) + return Key(key) + + +def key_generate_from_parameters(params): + """Generates a secure private asymmetric key from parameters.""" + prv_key = _ctypes.c_void_p() + _lib.yaca_key_generate_from_parameters(params, + _ctypes.byref(prv_key)) + return Key(prv_key) + + +def key_extract_public(prv_key): + """Extracts public key from a private one.""" + pub_key = _ctypes.c_void_p() + _lib.yaca_key_extract_public(prv_key, _ctypes.byref(pub_key)) + return Key(pub_key) + + +def key_extract_parameters(key): + """Extracts parameters from a private or a public key.""" + params = _ctypes.c_void_p() + _lib.yaca_key_extract_parameters(key, _ctypes.byref(params)) + return Key(params) + + +def key_derive_dh(prv_key, pub_key): + """Derives a shared secret using Diffie-Helmann or EC Diffie-Helmann + key exchange protocol.""" + secret = _ctypes.POINTER(_ctypes.c_char)() + secret_length = _ctypes.c_size_t() + _lib.yaca_key_derive_dh(prv_key, pub_key, _ctypes.byref(secret), + _ctypes.byref(secret_length)) + secret_bytes = secret[:secret_length.value] + _lib.yaca_free(secret) + return secret_bytes + + +def key_derive_kdf(secret, key_material_length, info=b'', + kdf=KDF.X942, digest_algo=DIGEST_ALGORITHM.SHA256): + """Derives a key material from shared secret.""" + info_param = _get_char_param_nullify_if_zero(info) + key_material = _ctypes.POINTER(_ctypes.c_char)() + _lib.yaca_key_derive_kdf(kdf.value, digest_algo.value, + secret, len(secret), + info_param, len(info), key_material_length, + _ctypes.byref(key_material)) + key_material_bytes = key_material[:key_material_length] + _lib.yaca_free(key_material) + return key_material_bytes + + +def key_derive_pbkdf2(password, key_bit_length=KEY_BIT_LENGTH.L256BIT, + salt=b'', digest_algo=DIGEST_ALGORITHM.SHA256, + iterations=50000): + """Derives a key from user password (PKCS #5 a.k.a. pbkdf2 algorithm).""" + salt_param = _get_char_param_nullify_if_zero(salt) + key = _ctypes.c_void_p() + _lib.yaca_key_derive_pbkdf2(_ctypes.c_char_p(password), salt_param, + len(salt), iterations, digest_algo.value, + key_bit_length, _ctypes.byref(key)) + return Key(key) + + +# Implementation simple + +def simple_encrypt(sym_key, plaintext, encrypt_algo=ENCRYPT_ALGORITHM.AES, + bcm=BLOCK_CIPHER_MODE.ECB, iv=KEY_NULL): + """Encrypts data using a symmetric cipher.""" + plaintext_param = _get_char_param_nullify_if_zero(plaintext) + ciphertext = _ctypes.POINTER(_ctypes.c_char)() + ciphertext_length = _ctypes.c_size_t() + _lib.yaca_simple_encrypt(encrypt_algo.value, bcm.value, sym_key, iv, + plaintext_param, len(plaintext), + _ctypes.byref(ciphertext), + _ctypes.byref(ciphertext_length)) + ciphertext_bytes = ciphertext[:ciphertext_length.value] + _lib.yaca_free(ciphertext) + return ciphertext_bytes + + +def simple_decrypt(sym_key, ciphertext, encrypt_algo=ENCRYPT_ALGORITHM.AES, + bcm=BLOCK_CIPHER_MODE.ECB, iv=KEY_NULL): + """Decrypts data using a symmetric cipher.""" + ciphertext_param = _get_char_param_nullify_if_zero(ciphertext) + plaintext = _ctypes.POINTER(_ctypes.c_char)() + plaintext_length = _ctypes.c_size_t() + _lib.yaca_simple_decrypt(encrypt_algo.value, bcm.value, sym_key, iv, + ciphertext_param, len(ciphertext), + _ctypes.byref(plaintext), + _ctypes.byref(plaintext_length)) + plaintext_bytes = plaintext[:plaintext_length.value] + _lib.yaca_free(plaintext) + return plaintext_bytes + + +def simple_calculate_digest(message, digest_algo=DIGEST_ALGORITHM.SHA256): + """Calculates a digest of a message.""" + message_param = _get_char_param_nullify_if_zero(message) + digest = _ctypes.POINTER(_ctypes.c_char)() + digest_length = _ctypes.c_size_t() + _lib.yaca_simple_calculate_digest(digest_algo.value, message_param, + len(message), + _ctypes.byref(digest), + _ctypes.byref(digest_length)) + digest_bytes = digest[:digest_length.value] + _lib.yaca_free(digest) + return digest_bytes + + +def simple_calculate_signature(prv_key, message, + digest_algo=DIGEST_ALGORITHM.SHA256): + """Creates a signature using asymmetric private key.""" + message_param = _get_char_param_nullify_if_zero(message) + signature = _ctypes.POINTER(_ctypes.c_char)() + signature_length = _ctypes.c_size_t() + _lib.yaca_simple_calculate_signature(digest_algo.value, prv_key, + message_param, len(message), + _ctypes.byref(signature), + _ctypes.byref(signature_length)) + signature_bytes = signature[:signature_length.value] + _lib.yaca_free(signature) + return signature_bytes + + +def simple_verify_signature(pub_key, message, signature, + digest_algo=DIGEST_ALGORITHM.SHA256): + """Verifies a signature using asymmetric public key.""" + return _lib.yaca_simple_verify_signature(digest_algo.value, pub_key, + message, len(message), + signature, len(signature)) + + +def simple_calculate_hmac(sym_key, message, + digest_algo=DIGEST_ALGORITHM.SHA256): + """Calculates a HMAC of given message using symmetric key.""" + message_param = _get_char_param_nullify_if_zero(message) + mac = _ctypes.POINTER(_ctypes.c_char)() + mac_length = _ctypes.c_size_t() + _lib.yaca_simple_calculate_hmac(digest_algo.value, sym_key, + message_param, len(message), + _ctypes.byref(mac), + _ctypes.byref(mac_length)) + mac_bytes = mac[:mac_length.value] + _lib.yaca_free(mac) + return mac_bytes + + +def simple_calculate_cmac(sym_key, message, + encrypt_algo=ENCRYPT_ALGORITHM.AES): + """Calculates a CMAC of given message using symmetric key.""" + message_param = _get_char_param_nullify_if_zero(message) + mac = _ctypes.POINTER(_ctypes.c_char)() + mac_length = _ctypes.c_size_t() + _lib.yaca_simple_calculate_cmac(encrypt_algo.value, sym_key, + message_param, len(message), + _ctypes.byref(mac), + _ctypes.byref(mac_length)) + mac_bytes = mac[:mac_length.value] + _lib.yaca_free(mac) + return mac_bytes + + +# Implementation digest + +def digest_initialize(digest_algo=DIGEST_ALGORITHM.SHA256): + """Initializes a digest context.""" + ctx = _ctypes.c_void_p() + _lib.yaca_digest_initialize(_ctypes.byref(ctx), digest_algo.value) + return Context(ctx) + + +def digest_update(ctx, message): + """Feeds the message into the message digest algorithm.""" + _lib.yaca_digest_update(ctx, message, len(message)) + + +def digest_finalize(ctx): + """Calculates the final digest.""" + output_length = _context_get_output_length(ctx, 0) + digest = _ctypes.create_string_buffer(output_length) + digest_length = _ctypes.c_size_t() + _lib.yaca_digest_finalize(ctx, digest, _ctypes.byref(digest_length)) + return bytes(digest[:digest_length.value]) + + +# Implementation encrypt + +def encrypt_get_iv_bit_length(encrypt_algo, bcm, key_bin_length): + """Returns the recommended/default length of the Initialization Vector + for a given encryption configuration.""" + iv_bit_length = _ctypes.c_size_t() + _lib.yaca_encrypt_get_iv_bit_length(encrypt_algo.value, bcm.value, + key_bin_length, + _ctypes.byref(iv_bit_length)) + return iv_bit_length.value + + +def encrypt_initialize(sym_key, encrypt_algo=ENCRYPT_ALGORITHM.AES, + bcm=BLOCK_CIPHER_MODE.ECB, iv=KEY_NULL): + """Initializes an encryption context.""" + ctx = _ctypes.c_void_p() + _lib.yaca_encrypt_initialize(_ctypes.byref(ctx), encrypt_algo.value, + bcm.value, sym_key, iv) + return Context(ctx) + + +def encrypt_update(ctx, plaintext): + """Encrypts chunk of the data. + Alternatively plaintext can be the total length of the input (int). + This is used for CCM_AAD.""" + if isinstance(plaintext, int): # the case of using AAD in CCM + _lib.yaca_encrypt_update(ctx, None, plaintext, None, + _ctypes.byref(_ctypes.c_size_t())) + return + + output_length = _context_get_output_length(ctx, len(plaintext)) + ciphertext = _ctypes.create_string_buffer(output_length) + ciphertext_length = _ctypes.c_size_t() + _lib.yaca_encrypt_update(ctx, plaintext, len(plaintext), + ciphertext, _ctypes.byref(ciphertext_length)) + return bytes(ciphertext[:ciphertext_length.value]) + + +def encrypt_finalize(ctx): + """Encrypts the final chunk of the data.""" + output_length = _context_get_output_length(ctx, 0) + ciphertext = _ctypes.create_string_buffer(output_length) + ciphertext_length = _ctypes.c_size_t() + _lib.yaca_encrypt_finalize(ctx, ciphertext, + _ctypes.byref(ciphertext_length)) + return bytes(ciphertext[:ciphertext_length.value]) + + +def decrypt_initialize(sym_key, encrypt_algo=ENCRYPT_ALGORITHM.AES, + bcm=BLOCK_CIPHER_MODE.ECB, iv=KEY_NULL): + """Initializes an decryption context.""" + ctx = _ctypes.c_void_p() + _lib.yaca_decrypt_initialize(_ctypes.byref(ctx), encrypt_algo.value, + bcm.value, sym_key, iv) + return Context(ctx) + + +def decrypt_update(ctx, ciphertext): + """Decrypts chunk of the data. + Alternatively ciphertext can be the total length of the input (int). + This is used for CCM_AAD.""" + if isinstance(ciphertext, int): # the case of using AAD in CCM + _lib.yaca_decrypt_update(ctx, None, ciphertext, None, + _ctypes.byref(_ctypes.c_size_t())) + return + + output_length = _context_get_output_length(ctx, len(ciphertext)) + plaintext = _ctypes.create_string_buffer(output_length) + plaintext_length = _ctypes.c_size_t() + _lib.yaca_decrypt_update(ctx, ciphertext, len(ciphertext), + plaintext, _ctypes.byref(plaintext_length)) + return bytes(plaintext[:plaintext_length.value]) + + +def decrypt_finalize(ctx): + """Encrypts the final chunk of the data.""" + output_length = _context_get_output_length(ctx, 0) + plaintext = _ctypes.create_string_buffer(output_length) + plaintext_length = _ctypes.c_size_t() + _lib.yaca_decrypt_finalize(ctx, plaintext, + _ctypes.byref(plaintext_length)) + return bytes(plaintext[:plaintext_length.value]) + + +# Implementation sign + +def sign_initialize(prv_key, digest_algo=DIGEST_ALGORITHM.SHA256): + """Initializes a signature context for asymmetric signatures.""" + ctx = _ctypes.c_void_p() + _lib.yaca_sign_initialize(_ctypes.byref(ctx), digest_algo.value, + prv_key) + return Context(ctx) + + +def sign_initialize_hmac(sym_key, digest_algo=DIGEST_ALGORITHM.SHA256): + """Initializes a signature context for HMAC.""" + ctx = _ctypes.c_void_p() + _lib.yaca_sign_initialize_hmac(_ctypes.byref(ctx), + digest_algo.value, sym_key) + return Context(ctx) + + +def sign_initialize_cmac(sym_key, encrypt_algo=ENCRYPT_ALGORITHM.AES): + """Initializes a signature context for CMAC.""" + ctx = _ctypes.c_void_p() + _lib.yaca_sign_initialize_cmac(_ctypes.byref(ctx), + encrypt_algo.value, sym_key) + return Context(ctx) + + +def sign_update(ctx, message): + """Feeds the message into the digital signature or MAC algorithm.""" + _lib.yaca_sign_update(ctx, message, len(message)) + + +def sign_finalize(ctx): + """Calculates the final signature or MAC.""" + output_length = _context_get_output_length(ctx, 0) + signature = _ctypes.create_string_buffer(output_length) + signature_len = _ctypes.c_size_t() + _lib.yaca_sign_finalize(ctx, signature, _ctypes.byref(signature_len)) + return bytes(signature[:signature_len.value]) + + +def verify_initialize(pub_key, digest_algo=DIGEST_ALGORITHM.SHA256): + """Initializes a signature verification context for asymmetric signatures. + """ + ctx = _ctypes.c_void_p() + _lib.yaca_verify_initialize(_ctypes.byref(ctx), digest_algo.value, + pub_key) + return Context(ctx) + + +def verify_update(ctx, message): + """Feeds the message into the digital signature verification algorithm.""" + _lib.yaca_verify_update(ctx, message, len(message)) + + +def verify_finalize(ctx, signature): + """Performs the verification.""" + return _lib.yaca_verify_finalize(ctx, signature, len(signature)) + + +# Implementation seal + +def seal_initialize(pub_key, sym_key_bit_length=KEY_BIT_LENGTH.L256BIT, + encrypt_algo=ENCRYPT_ALGORITHM.AES, + bcm=BLOCK_CIPHER_MODE.ECB): + ctx = _ctypes.c_void_p() + sym_key = _ctypes.c_void_p() + iv = _ctypes.c_void_p() + _lib.yaca_seal_initialize(_ctypes.byref(ctx), pub_key, + encrypt_algo.value, bcm.value, + sym_key_bit_length, _ctypes.byref(sym_key), + _ctypes.byref(iv)) + return Context(ctx), Key(sym_key), Key(iv) + + +def seal_update(ctx, plaintext): + """Encrypts piece of the data.""" + output_length = _context_get_output_length(ctx, len(plaintext)) + ciphertext = _ctypes.create_string_buffer(output_length) + ciphertext_length = _ctypes.c_size_t() + _lib.yaca_seal_update(ctx, plaintext, len(plaintext), + ciphertext, _ctypes.byref(ciphertext_length)) + return bytes(ciphertext[:ciphertext_length.value]) + + +def seal_finalize(ctx): + """Encrypts the final piece of the data.""" + output_length = _context_get_output_length(ctx, 0) + ciphertext = _ctypes.create_string_buffer(output_length) + ciphertext_length = _ctypes.c_size_t() + _lib.yaca_seal_finalize(ctx, ciphertext, + _ctypes.byref(ciphertext_length)) + return bytes(ciphertext[:ciphertext_length.value]) + + +def open_initialize(prv_key, sym_key, iv=KEY_NULL, + sym_key_bit_length=KEY_BIT_LENGTH.L256BIT, + encrypt_algo=ENCRYPT_ALGORITHM.AES, + bcm=BLOCK_CIPHER_MODE.ECB): + """Initializes an asymmetric decryption context.""" + ctx = _ctypes.c_void_p() + _lib.yaca_open_initialize(_ctypes.byref(ctx), prv_key, + encrypt_algo.value, bcm.value, + sym_key_bit_length, sym_key, iv) + return Context(ctx) + + +def open_update(ctx, ciphertext): + """Decrypts piece of the data.""" + output_length = _context_get_output_length(ctx, len(ciphertext)) + plaintext = _ctypes.create_string_buffer(output_length) + plaintext_length = _ctypes.c_size_t() + _lib.yaca_open_update(ctx, ciphertext, len(ciphertext), + plaintext, _ctypes.byref(plaintext_length)) + return bytes(plaintext[:plaintext_length.value]) + + +def open_finalize(ctx): + """Decrypts last chunk of sealed message.""" + output_length = _context_get_output_length(ctx, 0) + plaintext = _ctypes.create_string_buffer(output_length) + plaintext_length = _ctypes.c_size_t() + _lib.yaca_open_finalize(ctx, plaintext, + _ctypes.byref(plaintext_length)) + return bytes(plaintext[:plaintext_length.value]) + + +# Implementation rsa + +def rsa_public_encrypt(pub_key, plaintext, padding=PADDING.PKCS1): + """Encrypts data using a RSA public key (low-level encrypt equivalent).""" + ciphertext = _ctypes.POINTER(_ctypes.c_char)() + ciphertext_length = _ctypes.c_size_t() + plaintext_param = _get_char_param_nullify_if_zero(plaintext) + _lib.yaca_rsa_public_encrypt(padding.value, pub_key, plaintext_param, + len(plaintext), + _ctypes.byref(ciphertext), + _ctypes.byref(ciphertext_length)) + ciphertext_bytes = ciphertext[:ciphertext_length.value] + _lib.yaca_free(ciphertext) + return ciphertext_bytes + + +def rsa_private_decrypt(prv_key, ciphertext, padding=PADDING.PKCS1): + """Decrypts data using a RSA private key (low-level decrypt equivalent).""" + plaintext = _ctypes.POINTER(_ctypes.c_char)() + plaintext_length = _ctypes.c_size_t() + ciphertext_param = _get_char_param_nullify_if_zero(ciphertext) + _lib.yaca_rsa_private_decrypt(padding.value, prv_key, + ciphertext_param, len(ciphertext), + _ctypes.byref(plaintext), + _ctypes.byref(plaintext_length)) + plaintext_bytes = plaintext[:plaintext_length.value] + _lib.yaca_free(plaintext) + return plaintext_bytes + + +def rsa_private_encrypt(prv_key, plaintext, padding=PADDING.PKCS1): + """Encrypts data using a RSA private key (low-level sign equivalent).""" + ciphertext = _ctypes.POINTER(_ctypes.c_char)() + ciphertext_length = _ctypes.c_size_t() + plaintext_param = _get_char_param_nullify_if_zero(plaintext) + _lib.yaca_rsa_private_encrypt(padding.value, prv_key, + plaintext_param, len(plaintext), + _ctypes.byref(ciphertext), + _ctypes.byref(ciphertext_length)) + ciphertext_bytes = ciphertext[:ciphertext_length.value] + _lib.yaca_free(ciphertext) + return ciphertext_bytes + + +def rsa_public_decrypt(pub_key, ciphertext, padding=PADDING.PKCS1): + """Decrypts data using a RSA public key (low-level verify equivalent).""" + plaintext = _ctypes.POINTER(_ctypes.c_char)() + plaintext_length = _ctypes.c_size_t() + ciphertext_param = _get_char_param_nullify_if_zero(ciphertext) + _lib.yaca_rsa_public_decrypt(padding.value, pub_key, + ciphertext_param, len(ciphertext), + _ctypes.byref(plaintext), + _ctypes.byref(plaintext_length)) + plaintext_bytes = plaintext[:plaintext_length.value] + _lib.yaca_free(plaintext) + return plaintext_bytes diff --git a/python/yaca/error.py b/python/yaca/error.py new file mode 100644 index 0000000..8d691a8 --- /dev/null +++ b/python/yaca/error.py @@ -0,0 +1,48 @@ +# Copyright (c) 2017-2018 Samsung Electronics Co., Ltd All Rights Reserved +# +# Contact: Lukasz Pawelczyk +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License + + +class YacaError(Exception): + """Base class for YACA exceptions.""" + pass + + +class InvalidParameterError(YacaError): + """Invalid parameter exception""" + def __init__(self, message): + YacaError.__init__(self, message) + self.message = message + + +class OutOfMemoryError(YacaError): + """Out of memory exception""" + def __init__(self, message): + YacaError.__init__(self, message) + self.message = message + + +class InternalError(YacaError): + """Internal exception""" + def __init__(self, message): + YacaError.__init__(self, message) + self.message = message + + +class InvalidPasswordError(YacaError): + """Invalid password exception""" + def __init__(self, message): + YacaError.__init__(self, message) + self.message = message diff --git a/python/yaca/library.py b/python/yaca/library.py new file mode 100644 index 0000000..5f68d64 --- /dev/null +++ b/python/yaca/library.py @@ -0,0 +1,298 @@ +# Copyright (c) 2017-2018 Samsung Electronics Co., Ltd All Rights Reserved + +# Contact: Lukasz Pawelczyk +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License + + +import ctypes as _ctypes +import enum as _enum +import yaca.error as _err + + +@_enum.unique +class _Error(_enum.Enum): + __TIZEN_YACA_BASE = -0x01E30000 + NONE = 0 + INVALID_PARAMETER = -22 + OUT_OF_MEMORY = -12 + INTERNAL = __TIZEN_YACA_BASE | 0x01 + DATA_MISMATCH = __TIZEN_YACA_BASE | 0x02 + INVALID_PASSWORD = __TIZEN_YACA_BASE | 0x03 + + +def _errcheck(ret, func, arguments): + if ret == _Error.NONE.value: + return True + elif ret == _Error.DATA_MISMATCH.value: + return False + elif ret == _Error.INVALID_PARAMETER.value: + raise _err.InvalidParameterError( + 'Invalid Parameter error returned from YACA') + elif ret == _Error.OUT_OF_MEMORY.value: + raise _err.OutOfMemoryError('Out Of Memory error returned from YACA') + elif ret == _Error.INTERNAL.value: + raise _err.InternalError('Internal error returned from YACA') + elif ret == _Error.INVALID_PASSWORD.value: + raise _err.InvalidPasswordError( + 'Invalid Password error returned from YACA') + else: + raise RuntimeError('Unknown error returned from YACA') + + +def get_yaca(): + """Get C library and set argtypes""" + + lib = _ctypes.CDLL("libyaca.so.0") + + # crypto + lib.yaca_initialize.argtypes = [] + lib.yaca_initialize.errcheck = _errcheck + lib.yaca_cleanup.argtypes = [] + lib.yaca_cleanup.restype = None + lib.yaca_malloc.argtypes = \ + [_ctypes.c_size_t, _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_malloc.errcheck = _errcheck + lib.yaca_zalloc.argtypes = \ + [_ctypes.c_size_t, _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_zalloc.errcheck = _errcheck + lib.yaca_realloc.argtypes = \ + [_ctypes.c_size_t, _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_realloc.errcheck = _errcheck + lib.yaca_free.argtypes = [_ctypes.c_void_p] + lib.yaca_free.restype = None + lib.yaca_memcmp.argtypes = \ + [_ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_char), + _ctypes.c_size_t] + lib.yaca_memcmp.errcheck = _errcheck + lib.yaca_randomize_bytes.argtypes = \ + [_ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t] + lib.yaca_randomize_bytes.errcheck = _errcheck + lib.yaca_context_set_property.argtypes = \ + [_ctypes.c_void_p, _ctypes.c_int, _ctypes.c_void_p, _ctypes.c_size_t] + lib.yaca_context_set_property.errcheck = _errcheck + lib.yaca_context_get_property.argtypes = \ + [_ctypes.c_void_p, _ctypes.c_int, _ctypes.POINTER(_ctypes.c_void_p), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_context_get_property.errcheck = _errcheck + lib.yaca_context_get_output_length.argtypes = \ + [_ctypes.c_void_p, _ctypes.c_size_t, _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_context_get_output_length.errcheck = _errcheck + lib.yaca_context_destroy.argtypes = [_ctypes.c_void_p] + lib.yaca_context_destroy.restype = None + + # simple + lib.yaca_simple_encrypt.argtypes = \ + [_ctypes.c_int, _ctypes.c_int, _ctypes.c_void_p, _ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_simple_encrypt.errcheck = _errcheck + lib.yaca_simple_decrypt.argtypes = \ + [_ctypes.c_int, _ctypes.c_int, _ctypes.c_void_p, _ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_simple_decrypt.errcheck = _errcheck + lib.yaca_simple_calculate_digest.argtypes = \ + [_ctypes.c_int, _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_simple_calculate_digest.errcheck = _errcheck + lib.yaca_simple_calculate_signature.argtypes = \ + [_ctypes.c_int, _ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_simple_calculate_signature.errcheck = _errcheck + lib.yaca_simple_verify_signature.argtypes = \ + [_ctypes.c_int, _ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t] + lib.yaca_simple_verify_signature.errcheck = _errcheck + lib.yaca_simple_calculate_hmac.argtypes = \ + [_ctypes.c_int, _ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_simple_calculate_hmac.errcheck = _errcheck + lib.yaca_simple_calculate_cmac.argtypes = \ + [_ctypes.c_int, _ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_simple_calculate_cmac.errcheck = _errcheck + + # key + lib.yaca_key_get_type.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_int)] + lib.yaca_key_get_type.errcheck = _errcheck + lib.yaca_key_get_bit_length.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_key_get_bit_length.errcheck = _errcheck + lib.yaca_key_import.argtypes = \ + [_ctypes.c_int, _ctypes.c_char_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_key_import.errcheck = _errcheck + lib.yaca_key_export.argtypes = \ + [_ctypes.c_void_p, _ctypes.c_int, _ctypes.c_int, _ctypes.c_char_p, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_key_export.errcheck = _errcheck + lib.yaca_key_generate.argtypes = \ + [_ctypes.c_void_p, _ctypes.c_size_t, _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_key_generate.errcheck = _errcheck + lib.yaca_key_generate_from_parameters.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_key_generate_from_parameters.errcheck = _errcheck + lib.yaca_key_extract_public.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_key_extract_public.errcheck = _errcheck + lib.yaca_key_extract_parameters.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_key_extract_parameters.errcheck = _errcheck + lib.yaca_key_derive_dh.argtypes = \ + [_ctypes.c_void_p, _ctypes.c_void_p, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_key_derive_dh.errcheck = _errcheck + lib.yaca_key_derive_kdf.argtypes = \ + [_ctypes.c_int, _ctypes.c_int, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.c_size_t, _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char))] + lib.yaca_key_derive_kdf.errcheck = _errcheck + lib.yaca_key_derive_pbkdf2.argtypes = \ + [_ctypes.c_char_p, _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.c_size_t, _ctypes.c_int, + _ctypes.c_size_t, _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_key_derive_pbkdf2.errcheck = _errcheck + lib.yaca_key_destroy.argtypes = [_ctypes.c_void_p] + lib.yaca_key_destroy.restype = None + + # digest + lib.yaca_digest_initialize.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_int] + lib.yaca_digest_initialize.errcheck = _errcheck + lib.yaca_digest_update.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t] + lib.yaca_digest_update.errcheck = _errcheck + lib.yaca_digest_finalize.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_digest_finalize.errcheck = _errcheck + + # encrypt + lib.yaca_encrypt_get_iv_bit_length.argtypes = \ + [_ctypes.c_int, _ctypes.c_int, _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_encrypt_get_iv_bit_length.errcheck = _errcheck + lib.yaca_encrypt_initialize.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_int, _ctypes.c_int, + _ctypes.c_void_p, _ctypes.c_void_p] + lib.yaca_encrypt_initialize.errcheck = _errcheck + lib.yaca_encrypt_update.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_encrypt_update.errcheck = _errcheck + lib.yaca_encrypt_finalize.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_encrypt_finalize.errcheck = _errcheck + lib.yaca_decrypt_initialize.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_int, _ctypes.c_int, + _ctypes.c_void_p, _ctypes.c_void_p] + lib.yaca_decrypt_initialize.errcheck = _errcheck + lib.yaca_decrypt_update.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_decrypt_update.errcheck = _errcheck + lib.yaca_decrypt_finalize.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_decrypt_finalize.errcheck = _errcheck + + # sign + lib.yaca_sign_initialize.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_int, _ctypes.c_void_p] + lib.yaca_sign_initialize.errcheck = _errcheck + lib.yaca_sign_initialize_hmac.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_int, _ctypes.c_void_p] + lib.yaca_sign_initialize_hmac.errcheck = _errcheck + lib.yaca_sign_initialize_cmac.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_int, _ctypes.c_void_p] + lib.yaca_sign_initialize_cmac.errcheck = _errcheck + lib.yaca_sign_update.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t] + lib.yaca_sign_update.errcheck = _errcheck + lib.yaca_sign_finalize.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_sign_finalize.errcheck = _errcheck + lib.yaca_verify_initialize.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_int, _ctypes.c_void_p] + lib.yaca_verify_initialize.errcheck = _errcheck + lib.yaca_verify_update.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t] + lib.yaca_verify_update.errcheck = _errcheck + lib.yaca_verify_finalize.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t] + lib.yaca_verify_finalize.errcheck = _errcheck + + # seal + lib.yaca_seal_initialize.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_void_p, _ctypes.c_int, + _ctypes.c_int, _ctypes.c_size_t, _ctypes.POINTER(_ctypes.c_void_p), + _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_seal_initialize.errcheck = _errcheck + lib.yaca_seal_update.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_seal_update.errcheck = _errcheck + lib.yaca_seal_finalize.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_seal_finalize.errcheck = _errcheck + lib.yaca_open_initialize.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_void_p, _ctypes.c_int, + _ctypes.c_int, _ctypes.c_size_t, _ctypes.c_void_p, _ctypes.c_void_p] + lib.yaca_open_initialize.errcheck = _errcheck + lib.yaca_open_update.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_open_update.errcheck = _errcheck + lib.yaca_open_finalize.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_open_finalize.errcheck = _errcheck + + # rsa + rsa_argtypes = \ + [_ctypes.c_int, _ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_rsa_public_encrypt.argtypes = rsa_argtypes + lib.yaca_rsa_public_encrypt.errcheck = _errcheck + lib.yaca_rsa_private_decrypt.argtypes = rsa_argtypes + lib.yaca_rsa_private_decrypt.errcheck = _errcheck + lib.yaca_rsa_private_encrypt.argtypes = rsa_argtypes + lib.yaca_rsa_private_encrypt.errcheck = _errcheck + lib.yaca_rsa_public_decrypt.argtypes = rsa_argtypes + lib.yaca_rsa_public_decrypt.errcheck = _errcheck + + return lib diff --git a/python/yaca/tests.py b/python/yaca/tests.py new file mode 100644 index 0000000..a256419 --- /dev/null +++ b/python/yaca/tests.py @@ -0,0 +1,473 @@ +# Copyright (c) 2017-2018 Samsung Electronics Co., Ltd All Rights Reserved + +# Contact: Lukasz Pawelczyk +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License + + +""" +These tests are not to test yaca itself. They are more of a +syntax test to see that no stupid mistakes has been made in the +python binding. To check whether the code runs properly and +returns expected things. + +They can also be used as examples. +""" + +import yaca + + +def split_into_parts(data, l): + return [data[i:i + l] for i in range(0, len(data), l)] + + +msg = b'Lorem ipsum dolor sit amet, consectetuer adipiscing elit. \ +Donec hendrerit tempor tellus. Donec pretium posuere tellus. Proin \ +quam nisl, tincidunt et, mattis eget, convallis nec, purus. Cum \ +sociis natoque penatibus et magnis dis parturient montes, nascetur \ +ridiculus mus. Nulla posuere. Donec vitae dolor. Nullam tristique \ +diam non turpis. Cras placerat accumsan nulla. Nullam rutrum. Nam \ +vestibulum accumsan nisl.' + +msg_parts = split_into_parts(msg, 5) + + +def run_all_tests(): + """Runs all YACA tests/examples. No exceptions means success.""" + + yaca.initialize() + + crypto() + key_gen() + key_exp_imp() + key_derive() + simple() + digest() + encrypt_basic() + encrypt_rc2_property() + encrypt_gcm_property() + encrypt_ccm_property() + sign() + seal() + rsa() + + yaca.cleanup() + + +def crypto(): + + msg_whole = b'' + for part in msg_parts: + msg_whole += part + + assert yaca.memcmp(msg, msg_whole, len(msg)) + + rand_bytes = yaca.random_bytes(50) + assert len(rand_bytes) == 50 + + +def key_gen(): + + key_iv_64 = yaca.key_generate(yaca.KEY_TYPE.IV, + yaca.KEY_BIT_LENGTH.IV_64BIT) + assert key_iv_64.get_type() == yaca.KEY_TYPE.IV + assert key_iv_64.get_bit_length() == yaca.KEY_BIT_LENGTH.IV_64BIT + + key_iv_128 = yaca.key_generate(yaca.KEY_TYPE.IV, + yaca.KEY_BIT_LENGTH.IV_128BIT) + assert key_iv_128.get_type() == yaca.KEY_TYPE.IV + assert key_iv_128.get_bit_length() == yaca.KEY_BIT_LENGTH.IV_128BIT + + key_sym = yaca.key_generate() + assert key_sym.get_type() == yaca.KEY_TYPE.SYMMETRIC + assert key_sym.get_bit_length() == yaca.KEY_BIT_LENGTH.L256BIT + + key_rsa_prv = yaca.key_generate(yaca.KEY_TYPE.RSA_PRIV, + yaca.KEY_BIT_LENGTH.L2048BIT) + assert key_rsa_prv.get_type() == yaca.KEY_TYPE.RSA_PRIV + assert key_rsa_prv.get_bit_length() == yaca.KEY_BIT_LENGTH.L2048BIT + + key_rsa_pub = yaca.key_extract_public(key_rsa_prv) + assert key_rsa_pub.get_type() == yaca.KEY_TYPE.RSA_PUB + assert key_rsa_pub.get_bit_length() == yaca.KEY_BIT_LENGTH.L2048BIT + + key_dsa_prv = yaca.key_generate(yaca.KEY_TYPE.DSA_PRIV, + yaca.KEY_BIT_LENGTH.L2048BIT) + assert key_dsa_prv.get_type() == yaca.KEY_TYPE.DSA_PRIV + assert key_dsa_prv.get_bit_length() == yaca.KEY_BIT_LENGTH.L2048BIT + + key_dsa_pub = yaca.key_extract_public(key_dsa_prv) + assert key_dsa_pub.get_type() == yaca.KEY_TYPE.DSA_PUB + assert key_dsa_pub.get_bit_length() == yaca.KEY_BIT_LENGTH.L2048BIT + + key_dh_prv = yaca.key_generate(yaca.KEY_TYPE.DH_PRIV, + yaca.KEY_BIT_LENGTH_DH_RFC.L2048_256) + assert key_dh_prv.get_type() == yaca.KEY_TYPE.DH_PRIV + assert key_dh_prv.get_bit_length() == 2048 + + key_dh_pub = yaca.key_extract_public(key_dh_prv) + assert key_dh_pub.get_type() == yaca.KEY_TYPE.DH_PUB + assert key_dh_pub.get_bit_length() == 2048 + + key_dh_params = yaca.key_extract_parameters(key_dh_prv) + key_dh_prv_2 = yaca.key_generate_from_parameters(key_dh_params) + assert key_dh_prv_2.get_type() == key_dh_prv.get_type() + assert key_dh_prv_2.get_bit_length() == key_dh_prv.get_bit_length() + + key_dh_prv_3 = yaca.key_generate(yaca.KEY_TYPE.DH_PRIV, + yaca.KEY_LENGTH_DH_GENERATOR_5 | 256) + assert key_dh_prv_3.get_type() == yaca.KEY_TYPE.DH_PRIV + assert key_dh_prv_3.get_bit_length() == 256 + + key_ec_prv = yaca.key_generate(yaca.KEY_TYPE.EC_PRIV, + yaca.KEY_BIT_LENGTH_EC.PRIME256V1) + assert key_ec_prv.get_type() == yaca.KEY_TYPE.EC_PRIV + assert key_ec_prv.get_bit_length() == yaca.KEY_BIT_LENGTH_EC.PRIME256V1 + + key_ec_pub = yaca.key_extract_public(key_ec_prv) + assert key_ec_pub.get_type() == yaca.KEY_TYPE.EC_PUB + assert key_ec_pub.get_bit_length() == yaca.KEY_BIT_LENGTH_EC.PRIME256V1 + + +def key_exp_imp(): + # prepare: + key_sym = yaca.key_generate() + key_rsa_prv = yaca.key_generate(yaca.KEY_TYPE.RSA_PRIV, + yaca.KEY_BIT_LENGTH.L2048BIT) + # end prepare + + key_sym_exp = yaca.key_export(key_sym) + key_sym_imp = yaca.key_import(key_sym_exp) + assert key_sym.get_type() == key_sym_imp.get_type() + assert key_sym.get_bit_length() == key_sym_imp.get_bit_length() + + key_rsa_prv_exp = yaca.key_export(key_rsa_prv, yaca.KEY_FILE_FORMAT.PEM) + key_rsa_prv_imp = yaca.key_import(key_rsa_prv_exp, yaca.KEY_TYPE.RSA_PRIV) + assert key_rsa_prv.get_type() == key_rsa_prv_imp.get_type() + assert key_rsa_prv.get_bit_length() == key_rsa_prv_imp.get_bit_length() + + key_rsa_prv_exp = yaca.key_export(key_rsa_prv, yaca.KEY_FILE_FORMAT.PEM, + yaca.KEY_FORMAT.PKCS8, b"password") + key_rsa_prv_imp = yaca.key_import(key_rsa_prv_exp, yaca.KEY_TYPE.RSA_PRIV, + b"password") + assert key_rsa_prv.get_type() == key_rsa_prv_imp.get_type() + assert key_rsa_prv.get_bit_length() == key_rsa_prv_imp.get_bit_length() + + +def key_derive(): + # prepare: + key_dh_prv = yaca.key_generate(yaca.KEY_TYPE.DH_PRIV, + yaca.KEY_BIT_LENGTH_DH_RFC.L2048_256) + key_dh_pub = yaca.key_extract_public(key_dh_prv) + key_dh_params = yaca.key_extract_parameters(key_dh_prv) + key_dh_prv_2 = yaca.key_generate_from_parameters(key_dh_params) + key_dh_pub_2 = yaca.key_extract_public(key_dh_prv_2) + # end prepare + + secret = yaca.key_derive_dh(key_dh_prv_2, key_dh_pub) + assert len(secret) == 256 + + secret_2 = yaca.key_derive_dh(key_dh_prv, key_dh_pub_2) + assert secret == secret_2 + + key_material = yaca.key_derive_kdf(secret, 128) + assert len(key_material) == 128 + + key_derived = yaca.key_derive_pbkdf2(b'password') + assert key_derived.get_type() == yaca.KEY_TYPE.SYMMETRIC + assert key_derived.get_bit_length() == yaca.KEY_BIT_LENGTH.L256BIT + + +def simple(): + # prepare: + key_sym = yaca.key_generate() + key_iv_128 = yaca.key_generate(yaca.KEY_TYPE.IV, + yaca.KEY_BIT_LENGTH.IV_128BIT) + key_rsa_prv = yaca.key_generate(yaca.KEY_TYPE.RSA_PRIV, + yaca.KEY_BIT_LENGTH.L2048BIT) + key_rsa_pub = yaca.key_extract_public(key_rsa_prv) + # end prepare + + enc_simple = yaca.simple_encrypt(key_sym, msg, + yaca.ENCRYPT_ALGORITHM.AES, + yaca.BLOCK_CIPHER_MODE.CBC, key_iv_128) + dec_simple = yaca.simple_decrypt(key_sym, enc_simple, + yaca.ENCRYPT_ALGORITHM.AES, + yaca.BLOCK_CIPHER_MODE.CBC, key_iv_128) + assert msg == dec_simple + + dgst_simple = yaca.simple_calculate_digest(msg, + yaca.DIGEST_ALGORITHM.SHA512) + assert len(dgst_simple) == 64 + + hmac_simple = yaca.simple_calculate_hmac(key_sym, msg, + yaca.DIGEST_ALGORITHM.SHA512) + assert len(hmac_simple) == 64 + + cmac_simple = yaca.simple_calculate_cmac(key_sym, msg, + yaca.ENCRYPT_ALGORITHM.AES) + assert len(cmac_simple) == 16 + + sig_simple = yaca.simple_calculate_signature(key_rsa_prv, msg, + yaca.DIGEST_ALGORITHM.SHA512) + assert yaca.simple_verify_signature(key_rsa_pub, msg, sig_simple, + yaca.DIGEST_ALGORITHM.SHA512) + + +def digest(): + # prepare: + dgst_simple = yaca.simple_calculate_digest(msg, + yaca.DIGEST_ALGORITHM.SHA512) + # end prepare + + ctx = yaca.digest_initialize(yaca.DIGEST_ALGORITHM.SHA512) + for part in msg_parts: + yaca.digest_update(ctx, part) + dgst = yaca.digest_finalize(ctx) + + assert dgst == dgst_simple + + +def encrypt_basic(): + # prepare: + key_sym = yaca.key_generate() + key_iv_128 = yaca.key_generate(yaca.KEY_TYPE.IV, + yaca.KEY_BIT_LENGTH.IV_128BIT) + enc_simple = yaca.simple_encrypt(key_sym, msg, + yaca.ENCRYPT_ALGORITHM.AES, + yaca.BLOCK_CIPHER_MODE.CBC, key_iv_128) + # end prepare + + len_iv = yaca.encrypt_get_iv_bit_length(yaca.ENCRYPT_ALGORITHM.AES, + yaca.BLOCK_CIPHER_MODE.CBC, + yaca.KEY_BIT_LENGTH.L256BIT) + assert len_iv == 128 + + ctx = yaca.encrypt_initialize(key_sym, bcm=yaca.BLOCK_CIPHER_MODE.CBC, + iv=key_iv_128) + enc = b'' + for part in msg_parts: + enc += yaca.encrypt_update(ctx, part) + enc += yaca.encrypt_finalize(ctx) + + assert enc == enc_simple + + enc_parts = split_into_parts(enc, 5) + + ctx = yaca.decrypt_initialize(key_sym, bcm=yaca.BLOCK_CIPHER_MODE.CBC, + iv=key_iv_128) + dec = b'' + for part in enc_parts: + dec += yaca.decrypt_update(ctx, part) + dec += yaca.decrypt_finalize(ctx) + + assert msg == dec + + +def encrypt_rc2_property(): + # prepare: + key_sym = yaca.key_generate() + # end prepare + + len_iv = yaca.encrypt_get_iv_bit_length(yaca.ENCRYPT_ALGORITHM.UNSAFE_RC2, + yaca.BLOCK_CIPHER_MODE.ECB, + yaca.KEY_BIT_LENGTH.L256BIT) + assert len_iv == 0 + + ctx = yaca.encrypt_initialize(key_sym, yaca.ENCRYPT_ALGORITHM.UNSAFE_RC2, + yaca.BLOCK_CIPHER_MODE.ECB) + yaca.context_set_property(ctx, yaca.PROPERTY.RC2_EFFECTIVE_KEY_BITS, 192) + enc = b'' + for part in msg_parts: + enc += yaca.encrypt_update(ctx, part) + enc += yaca.encrypt_finalize(ctx) + + enc_parts = split_into_parts(enc, 5) + + ctx = yaca.decrypt_initialize(key_sym, yaca.ENCRYPT_ALGORITHM.UNSAFE_RC2, + yaca.BLOCK_CIPHER_MODE.ECB) + yaca.context_set_property(ctx, yaca.PROPERTY.RC2_EFFECTIVE_KEY_BITS, 192) + dec = b'' + for part in enc_parts: + dec += yaca.decrypt_update(ctx, part) + dec += yaca.decrypt_finalize(ctx) + + assert msg == dec + + +def encrypt_gcm_property(): + # prepare: + key_sym = yaca.key_generate() + key_iv_128 = yaca.key_generate(yaca.KEY_TYPE.IV, + yaca.KEY_BIT_LENGTH.IV_128BIT) + # end prepare + + tag_len = 16 + aad = yaca.random_bytes(16) + ctx = yaca.encrypt_initialize(key_sym, bcm=yaca.BLOCK_CIPHER_MODE.GCM, + iv=key_iv_128) + yaca.context_set_property(ctx, yaca.PROPERTY.GCM_AAD, aad) + enc = b'' + for part in msg_parts: + enc += yaca.encrypt_update(ctx, part) + enc += yaca.encrypt_finalize(ctx) + yaca.context_set_property(ctx, yaca.PROPERTY.GCM_TAG_LEN, tag_len) + tag = yaca.context_get_property(ctx, yaca.PROPERTY.GCM_TAG) + assert len(tag) == tag_len + + enc_parts = split_into_parts(enc, 5) + + ctx = yaca.decrypt_initialize(key_sym, bcm=yaca.BLOCK_CIPHER_MODE.GCM, + iv=key_iv_128) + yaca.context_set_property(ctx, yaca.PROPERTY.GCM_AAD, aad) + dec = b'' + for part in enc_parts: + dec += yaca.decrypt_update(ctx, part) + yaca.context_set_property(ctx, yaca.PROPERTY.GCM_TAG, tag) + dec += yaca.decrypt_finalize(ctx) + + assert msg == dec + + +def encrypt_ccm_property(): + # prepare: + key_sym = yaca.key_generate() + key_iv_64 = yaca.key_generate(yaca.KEY_TYPE.IV, + yaca.KEY_BIT_LENGTH.IV_64BIT) + # end prepare + + tag_len = 12 + aad = yaca.random_bytes(16) + ctx = yaca.encrypt_initialize(key_sym, bcm=yaca.BLOCK_CIPHER_MODE.CCM, + iv=key_iv_64) + yaca.context_set_property(ctx, yaca.PROPERTY.CCM_TAG_LEN, tag_len) + yaca.encrypt_update(ctx, len(msg)) # encrypt_update second type of usage + yaca.context_set_property(ctx, yaca.PROPERTY.CCM_AAD, aad) + enc = yaca.encrypt_update(ctx, msg) + enc += yaca.encrypt_finalize(ctx) + tag = yaca.context_get_property(ctx, yaca.PROPERTY.CCM_TAG) + assert len(tag) == tag_len + + ctx = yaca.decrypt_initialize(key_sym, bcm=yaca.BLOCK_CIPHER_MODE.CCM, + iv=key_iv_64) + yaca.context_set_property(ctx, yaca.PROPERTY.CCM_TAG, tag) + yaca.decrypt_update(ctx, len(enc)) # decrypt_update second type of usage + yaca.context_set_property(ctx, yaca.PROPERTY.CCM_AAD, aad) + dec = yaca.decrypt_update(ctx, enc) + dec += yaca.decrypt_finalize(ctx) + + assert msg == dec + + +def sign(): + # prepare: + key_sym = yaca.key_generate() + key_rsa_prv = yaca.key_generate(yaca.KEY_TYPE.RSA_PRIV, + yaca.KEY_BIT_LENGTH.L2048BIT) + key_rsa_pub = yaca.key_extract_public(key_rsa_prv) + hmac_simple = yaca.simple_calculate_hmac(key_sym, msg, + yaca.DIGEST_ALGORITHM.SHA512) + cmac_simple = yaca.simple_calculate_cmac(key_sym, msg, + yaca.ENCRYPT_ALGORITHM.AES) + sign_simple = yaca.simple_calculate_signature(key_rsa_prv, msg, + yaca.DIGEST_ALGORITHM.SHA512) + # end prepare + + ctx = yaca.sign_initialize_hmac(key_sym, yaca.DIGEST_ALGORITHM.SHA512) + for part in msg_parts: + yaca.sign_update(ctx, part) + hmac = yaca.sign_finalize(ctx) + + assert hmac == hmac_simple + + ctx = yaca.sign_initialize_cmac(key_sym, yaca.ENCRYPT_ALGORITHM.AES) + for part in msg_parts: + yaca.sign_update(ctx, part) + cmac = yaca.sign_finalize(ctx) + + assert cmac == cmac_simple + + ctx = yaca.sign_initialize(key_rsa_prv, yaca.DIGEST_ALGORITHM.SHA512) + for part in msg_parts: + yaca.sign_update(ctx, part) + sig = yaca.sign_finalize(ctx) + + assert sig == sign_simple # won't work for DSA + + ctx = yaca.verify_initialize(key_rsa_pub, yaca.DIGEST_ALGORITHM.SHA512) + for part in msg_parts: + yaca.verify_update(ctx, part) + assert yaca.verify_finalize(ctx, sig) + + # SIGN + SET PADDING + + ctx = yaca.sign_initialize(key_rsa_prv) + for part in msg_parts: + yaca.sign_update(ctx, part) + yaca.context_set_property(ctx, yaca.PROPERTY.PADDING, + yaca.PADDING.PKCS1_PSS) + sig = yaca.sign_finalize(ctx) + + ctx = yaca.verify_initialize(key_rsa_pub) + for part in msg_parts: + yaca.verify_update(ctx, part) + yaca.context_set_property(ctx, yaca.PROPERTY.PADDING, + yaca.PADDING.PKCS1_PSS) + assert yaca.verify_finalize(ctx, sig) + + +def seal(): + # prepare: + key_rsa_prv = yaca.key_generate(yaca.KEY_TYPE.RSA_PRIV, + yaca.KEY_BIT_LENGTH.L2048BIT) + key_rsa_pub = yaca.key_extract_public(key_rsa_prv) + # end prepare + + ctx, key_seal, iv = yaca.seal_initialize(key_rsa_pub, + bcm=yaca.BLOCK_CIPHER_MODE.CBC) + sealed = b'' + for part in msg_parts: + sealed += yaca.seal_update(ctx, part) + sealed += yaca.seal_finalize(ctx) + + sealed_parts = split_into_parts(sealed, 5) + + ctx = yaca.open_initialize(key_rsa_prv, key_seal, iv, + bcm=yaca.BLOCK_CIPHER_MODE.CBC) + opened = b'' + for part in sealed_parts: + opened += yaca.open_update(ctx, part) + opened += yaca.open_finalize(ctx) + + assert opened == msg + + +def rsa(): + # prepare: + key_rsa_prv = yaca.key_generate(yaca.KEY_TYPE.RSA_PRIV, + yaca.KEY_BIT_LENGTH.L2048BIT) + key_rsa_pub = yaca.key_extract_public(key_rsa_prv) + # end prepare + + msg_short_max = int(2048 / 8 - 11) + msg_short = msg[:msg_short_max] + + enc_rsa = yaca.rsa_public_encrypt(key_rsa_pub, msg_short) + dec_rsa = yaca.rsa_private_decrypt(key_rsa_prv, enc_rsa) + + assert dec_rsa == msg_short + + enc_rsa = yaca.rsa_private_encrypt(key_rsa_prv, msg_short) + dec_rsa = yaca.rsa_public_decrypt(key_rsa_pub, enc_rsa) + + assert dec_rsa == msg_short -- 2.7.4