From f7315c8ef73915ea64a86f91371724d65257cb5b Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Tue, 28 Jun 2016 11:33:57 +0200 Subject: [PATCH 01/16] Drop reusability of digest context Adding reusability to sign/encrypt contexts proved to be too difficult and prone to errors for the feature to be worth altogether. Change-Id: I5aaf1db54c482950cb00079e488433c35b5e1b1b --- api/yaca/yaca_digest.h | 4 ---- src/digest.c | 8 -------- 2 files changed, 12 deletions(-) diff --git a/api/yaca/yaca_digest.h b/api/yaca/yaca_digest.h index f45f25b..0aac56c 100644 --- a/api/yaca/yaca_digest.h +++ b/api/yaca/yaca_digest.h @@ -87,10 +87,6 @@ int yaca_digest_update(yaca_context_h ctx, const char *data, size_t data_len); * * @since_tizen 3.0 * - * @remarks After returning from this function the context is ready to be reused for another - * message digest calculation. There's no need to initialize it again with - * yaca_digest_initialize(). - * * @remarks Skipping yaca_digest_update() and calling only yaca_digest_finalize() will produce an * empty message digest. * diff --git a/src/digest.c b/src/digest.c index 6062a2b..b003e97 100644 --- a/src/digest.c +++ b/src/digest.c @@ -204,14 +204,6 @@ API int yaca_digest_finalize(yaca_context_h ctx, char *digest, size_t *digest_le return ret; } - /* Make it reusable */ - ret = c->mdctx->digest->init(c->mdctx); - if (ret != 1) { - ret = YACA_ERROR_INTERNAL; - ERROR_DUMP(ret); - return ret; - } - *digest_len = len; return YACA_ERROR_NONE; -- 2.7.4 From 87db6df29c3dd37d75cb3d059944a701b4c7f588 Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Wed, 29 Jun 2016 13:43:09 +0200 Subject: [PATCH 02/16] Handle invalid params properly for simple sign/verify/cmac/hmac Change-Id: I86f0c4d3d1e7766b064fdba3822432569db1283c --- src/simple.c | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/src/simple.c b/src/simple.c index f8f5537..f1ee20a 100644 --- a/src/simple.c +++ b/src/simple.c @@ -242,9 +242,11 @@ static int sign(const yaca_context_h ctx, const char *data, size_t data_len, assert(signature != NULL); assert(signature_len != NULL); - ret = yaca_sign_update(ctx, data, data_len); - if (ret != YACA_ERROR_NONE) - return ret; + if (data_len > 0) { + ret = yaca_sign_update(ctx, data, data_len); + if (ret != YACA_ERROR_NONE) + return ret; + } ret = yaca_context_get_output_length(ctx, 0, signature_len); if (ret != YACA_ERROR_NONE) @@ -275,6 +277,10 @@ API int yaca_simple_calculate_signature(yaca_digest_algorithm_e algo, int ret; yaca_context_h ctx = YACA_CONTEXT_NULL; + if ((data == NULL && data_len > 0) || (data != NULL && data_len == 0) || + signature == NULL || signature_len == NULL) + return YACA_ERROR_INVALID_PARAMETER; + ret = yaca_sign_initialize(&ctx, algo, key); if (ret != YACA_ERROR_NONE) return ret; @@ -296,13 +302,19 @@ API int yaca_simple_verify_signature(yaca_digest_algorithm_e algo, int ret; yaca_context_h ctx = YACA_CONTEXT_NULL; + if ((data == NULL && data_len > 0) || (data != NULL && data_len == 0) || + signature == NULL || signature_len == 0) + return YACA_ERROR_INVALID_PARAMETER; + ret = yaca_verify_initialize(&ctx, algo, key); if (ret != YACA_ERROR_NONE) return ret; - ret = yaca_verify_update(ctx, data, data_len); - if (ret != YACA_ERROR_NONE) - goto exit; + if (data_len > 0) { + ret = yaca_verify_update(ctx, data, data_len); + if (ret != YACA_ERROR_NONE) + goto exit; + } ret = yaca_verify_finalize(ctx, signature, signature_len); @@ -322,6 +334,10 @@ API int yaca_simple_calculate_hmac(yaca_digest_algorithm_e algo, int ret; yaca_context_h ctx = YACA_CONTEXT_NULL; + if ((data == NULL && data_len > 0) || (data != NULL && data_len == 0) || + mac == NULL || mac_len == NULL) + return YACA_ERROR_INVALID_PARAMETER; + ret = yaca_sign_initialize_hmac(&ctx, algo, key); if (ret != YACA_ERROR_NONE) return ret; @@ -343,6 +359,10 @@ API int yaca_simple_calculate_cmac(yaca_encrypt_algorithm_e algo, int ret; yaca_context_h ctx = YACA_CONTEXT_NULL; + if ((data == NULL && data_len > 0) || (data != NULL && data_len == 0) || + mac == NULL || mac_len == NULL) + return YACA_ERROR_INVALID_PARAMETER; + ret = yaca_sign_initialize_cmac(&ctx, algo, key); if (ret != YACA_ERROR_NONE) return ret; -- 2.7.4 From 58f6edf6b2707d54b27aa60ff12e921559e6a97a Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Fri, 1 Jul 2016 18:41:25 +0200 Subject: [PATCH 03/16] Missing const in write_file() Change-Id: I31ee04a3643fb85627e533807d6780a86f24447c --- examples/misc.c | 2 +- examples/misc.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/misc.c b/examples/misc.c index 693044d..fe3711f 100644 --- a/examples/misc.c +++ b/examples/misc.c @@ -50,7 +50,7 @@ void debug_func(const char *buf) puts(buf); } -int write_file(const char *path, char *data, size_t data_len) +int write_file(const char *path, const char *data, size_t data_len) { size_t written = 0; FILE *f; diff --git a/examples/misc.h b/examples/misc.h index 843aba2..bf8a8e0 100644 --- a/examples/misc.h +++ b/examples/misc.h @@ -30,7 +30,7 @@ void dump_hex(const char *buf, size_t dump_size, const char *fmt, ...); void debug_func(const char *buf); -int write_file(const char *path, char *data, size_t data_len); +int write_file(const char *path, const char *data, size_t data_len); int read_file(const char *path, char **data, size_t *data_len); -- 2.7.4 From 840b872095e3c856ee8987f6cbc7d52796c3cbc9 Mon Sep 17 00:00:00 2001 From: Mateusz Forc Date: Mon, 4 Jul 2016 16:54:19 +0200 Subject: [PATCH 04/16] Changed return type to void Changed yaca_free, yaca_key_destroy, yaca_context_destroy ret type: int->void and respectievely doxygen comments Change-Id: Idfe8e1a17574c66990d81e95c3caed3799595b3f --- api/yaca/yaca_crypto.h | 10 ++-------- api/yaca/yaca_key.h | 5 +---- src/crypto.c | 8 ++------ src/key.c | 4 +--- 4 files changed, 6 insertions(+), 21 deletions(-) diff --git a/api/yaca/yaca_crypto.h b/api/yaca/yaca_crypto.h index 17ad90b..baf0315 100644 --- a/api/yaca/yaca_crypto.h +++ b/api/yaca/yaca_crypto.h @@ -150,14 +150,11 @@ int yaca_realloc(size_t size, void **memory); * * @param[in] memory Pointer to the memory to be freed * - * @return #YACA_ERROR_NONE on success - * @retval #YACA_ERROR_NONE Successful - * * @see yaca_malloc() * @see yaca_zalloc() * @see yaca_realloc() */ -int yaca_free(void *memory); +void yaca_free(void *memory); /** * @brief Safely compares first @a len bytes of two buffers. @@ -251,13 +248,10 @@ int yaca_context_get_property(const yaca_context_h ctx, * * @param[in,out] ctx Crypto context * - * @return #YACA_ERROR_NONE on success - * @retval #YACA_ERROR_NONE Successful - * * @see #yaca_context_h * */ -int yaca_context_destroy(yaca_context_h ctx); +void yaca_context_destroy(yaca_context_h ctx); /** * @brief Returns the output length for a given algorithm. Can only be called diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h index 4ad7ff4..75fb2ca 100644 --- a/api/yaca/yaca_key.h +++ b/api/yaca/yaca_key.h @@ -235,14 +235,11 @@ int yaca_key_extract_public(const yaca_key_h prv_key, yaca_key_h *pub_key); * * @param[in,out] key Key to be freed * - * @return #YACA_ERROR_NONE on success - * @retval #YACA_ERROR_NONE Successful - * * @see yaca_key_import() * @see yaca_key_export() * @see yaca_key_generate() */ -int yaca_key_destroy(yaca_key_h key); +void yaca_key_destroy(yaca_key_h key); /**@}*/ diff --git a/src/crypto.c b/src/crypto.c index e4c1f29..158bcf8 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -235,11 +235,9 @@ API int yaca_realloc(size_t size, void **memory) return YACA_ERROR_NONE; } -API int yaca_free(void *memory) +API void yaca_free(void *memory) { OPENSSL_free(memory); - - return YACA_ERROR_NONE; } API int yaca_randomize_bytes(char *data, size_t data_len) @@ -277,15 +275,13 @@ API int yaca_context_get_property(const yaca_context_h ctx, yaca_property_e prop return ctx->get_param(ctx, property, value, value_len); } -API int yaca_context_destroy(yaca_context_h ctx) +API void yaca_context_destroy(yaca_context_h ctx) { if (ctx != YACA_CONTEXT_NULL) { assert(ctx->ctx_destroy != NULL); ctx->ctx_destroy(ctx); yaca_free(ctx); } - - return YACA_ERROR_NONE; } API int yaca_context_get_output_length(const yaca_context_h ctx, diff --git a/src/key.c b/src/key.c index a368488..2511437 100644 --- a/src/key.c +++ b/src/key.c @@ -1186,7 +1186,7 @@ exit: return ret; } -API int yaca_key_destroy(yaca_key_h key) +API void yaca_key_destroy(yaca_key_h key) { struct yaca_key_simple_s *simple_key = key_get_simple(key); struct yaca_key_evp_s *evp_key = key_get_evp(key); @@ -1198,8 +1198,6 @@ API int yaca_key_destroy(yaca_key_h key) EVP_PKEY_free(evp_key->evp); yaca_free(evp_key); } - - return YACA_ERROR_NONE; } API int yaca_key_derive_pbkdf2(const char *password, -- 2.7.4 From 15d4e181e6f671604ba2a8fe4678ec70e3c79a38 Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Thu, 30 Jun 2016 16:32:22 +0200 Subject: [PATCH 05/16] Reworked password handling for import/export - Always use callback. - Return INVALID_PASSWORD for combinations that do support password, it was not required for import but was given in params. - Return INVALID_PARAM for combinations that do not support password while it was given in params. For both, import and export. - PKCS8 always requires a password. - Added few special cases to differentiate INV_PARAM and INV_PASSWORD. Change-Id: I171e89125600151e33178eadc3df6b6004987f3c --- api/yaca/yaca_key.h | 22 ++++++++--- examples/key_password.c | 22 ++++++----- src/debug.c | 28 ++++++++++++- src/key.c | 103 +++++++++++++++++++++++++++++++----------------- todo.txt | 3 +- 5 files changed, 125 insertions(+), 53 deletions(-) diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h index 75fb2ca..89801ba 100644 --- a/api/yaca/yaca_key.h +++ b/api/yaca/yaca_key.h @@ -95,6 +95,11 @@ int yaca_key_get_bit_length(const yaca_key_h key, size_t *key_bit_len); * used. If it's not known if the key is encrypted one should pass NULL as * password and check for the #YACA_ERROR_INVALID_PASSWORD return code. * + * @remarks If the imported key will be detected as a format that does not support + * encryption and password was passed #YACA_ERROR_INVALID_PARAMETER will + * be returned. For a list of keys and formats that do support encryption + * see yaca_key_export() documentation. + * * @remarks The @a key should be released using yaca_key_destroy() * * @param[in] key_type Type of the key @@ -132,7 +137,7 @@ int yaca_key_import(yaca_key_type_e key_type, * @remarks For key formats two values are allowed: * - #YACA_KEY_FORMAT_DEFAULT: this is the only option possible in case of symmetric * keys (or IV), for asymmetric keys it will choose PKCS#1 - * for RSA and SSLeay for DSA. + * for RSA keys and SSLeay for DSA keys. * - #YACA_KEY_FORMAT_PKCS8: this will only work for private asymmetric keys. * * @remarks The following file formats are supported: @@ -141,11 +146,18 @@ int yaca_key_import(yaca_key_type_e key_type, * - #YACA_KEY_FILE_FORMAT_PEM: used only for asymmetric, PEM file format * - #YACA_KEY_FILE_FORMAT_DER: used only for asymmetric, DER file format * - * @remarks If no password is provided the exported key will be unencrypted. Only private - * RSA/DSA exported as PEM can be encrypted. + * @remarks Encryption is supported and optional for RSA/DSA private keys in the + * #YACA_KEY_FORMAT_DEFAULT with #YACA_KEY_FILE_FORMAT_PEM format. If no password is + * provided the exported key will be unencrypted. The encryption algorithm used + * in this case is AES-256-CBC. + * + * @remarks Encryption is obligatory for #YACA_KEY_FORMAT_PKCS8 format (for both, PEM and DER + * file formats). If no password is provided the #YACA_ERROR_INVALID_PARAMETER will + * be returned. The encryption algorithm used in this case is PBE with DES-CBC. * - * @remarks TODO:document the default encryption algorithm (AES256 for FORMAT_DEFAULT, - * unknown yet for the FORMAT_PKCS8). + * @remakrs Encryption is not supported for the symmetric and public keys in all their + * supported formats. If a password is provided in such case the + * #YACA_ERROR_INVALID_PARAMETER will be returned. * * @param[in] key Key to be exported * @param[in] key_fmt Format of the key diff --git a/examples/key_password.c b/examples/key_password.c index ef40fa2..724e472 100644 --- a/examples/key_password.c +++ b/examples/key_password.c @@ -25,7 +25,8 @@ #include "misc.h" #include "../src/debug.h" -void example_password(const yaca_key_h key, yaca_key_format_e key_fmt) +void example_password(const yaca_key_h key, yaca_key_format_e key_fmt, + yaca_key_file_format_e key_file_fmt) { char *k = NULL; size_t kl; @@ -37,7 +38,9 @@ void example_password(const yaca_key_h key, yaca_key_format_e key_fmt) if (ret != YACA_ERROR_NONE) goto exit; - ret = yaca_key_export(key, key_fmt, YACA_KEY_FILE_FORMAT_PEM, password, &k, &kl); + ret = yaca_key_export(key, key_fmt, key_file_fmt, password, &k, &kl); + if (ret == YACA_ERROR_INVALID_PARAMETER) + printf("invalid parameter, probably a missing password for PKCS8\n"); if (ret != YACA_ERROR_NONE) goto exit; @@ -53,9 +56,6 @@ void example_password(const yaca_key_h key, yaca_key_format_e key_fmt) ret = yaca_key_import(YACA_KEY_TYPE_RSA_PRIV, password, k, kl, &lkey); if (ret == YACA_ERROR_INVALID_PASSWORD) printf("invalid password\n"); - - yaca_free(password); - password = NULL; } if (ret != YACA_ERROR_NONE) @@ -64,7 +64,7 @@ void example_password(const yaca_key_h key, yaca_key_format_e key_fmt) yaca_free(k); k = NULL; - ret = yaca_key_export(lkey, key_fmt, YACA_KEY_FILE_FORMAT_PEM, NULL, &k, &kl); + ret = yaca_key_export(lkey, key_fmt, YACA_KEY_FILE_FORMAT_PEM, password, &k, &kl); if (ret != YACA_ERROR_NONE) goto exit; @@ -91,10 +91,12 @@ int main() if (ret != YACA_ERROR_NONE) goto exit; - printf("Default format:\n"); - example_password(key, YACA_KEY_FORMAT_DEFAULT); - printf("\nPKCS8 format:\n"); - example_password(key, YACA_KEY_FORMAT_PKCS8); + printf("Default format with PEM:\n"); + example_password(key, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_PEM); + printf("\nPKCS8 format with PEM:\n"); + example_password(key, YACA_KEY_FORMAT_PKCS8, YACA_KEY_FILE_FORMAT_PEM); + printf("\nPKCS8 format with DER:\n"); + example_password(key, YACA_KEY_FORMAT_PKCS8, YACA_KEY_FILE_FORMAT_DER); exit: yaca_key_destroy(key); diff --git a/src/debug.c b/src/debug.c index 6babb5f..f510ef3 100644 --- a/src/debug.c +++ b/src/debug.c @@ -26,6 +26,8 @@ #include #include +#include +#include #include @@ -124,12 +126,36 @@ int error_handle(const char *file, int line, const char *function) case ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS): case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED): case ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO, PEM_R_NO_START_LINE): - case ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG): case ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA): ret = YACA_ERROR_INVALID_PARAMETER; break; + case ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG): + case ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_OBJECT, ASN1_R_HEADER_TOO_LONG): + case ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG): + { + bool found_crypto_error = false; + + while ((err = ERR_get_error()) != 0) + if (err == ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, PKCS12_R_DECODE_ERROR) || + err == ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PBE_CRYPT, PKCS12_R_PKCS12_CIPHERFINAL_ERROR) || + err == ERR_PACK(ERR_LIB_DSA, DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB) || + err == ERR_PACK(ERR_LIB_RSA, RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB)) { + found_crypto_error = true; + break; + } + + if (found_crypto_error) + ret = YACA_ERROR_INVALID_PASSWORD; + else + ret = YACA_ERROR_INVALID_PARAMETER; + + break; + } case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT): case ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT): + case ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ): + case ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ): + case ERR_PACK(ERR_LIB_PEM, PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ): ret = YACA_ERROR_INVALID_PASSWORD; break; } diff --git a/src/key.c b/src/key.c index 2511437..1a02ce5 100644 --- a/src/key.c +++ b/src/key.c @@ -39,16 +39,32 @@ #include "internal.h" -/* This callback only exists to block the default OpenSSL one and - * allow us to check for a proper error code when the key is encrypted - */ -int password_dummy_cb(char *buf, UNUSED int size, UNUSED int rwflag, UNUSED void *u) +struct openssl_password_data { + bool password_requested; + const char *password; +}; + +int openssl_password_cb(char *buf, int size, UNUSED int rwflag, void *u) { - const char empty[] = ""; + struct openssl_password_data *cb_data = u; + + if (cb_data->password == NULL) + return 0; - memcpy(buf, empty, sizeof(empty)); + size_t pass_len = strlen(cb_data->password); - return sizeof(empty); + if (pass_len > INT_MAX || (int)pass_len > size) + return 0; + + memcpy(buf, cb_data->password, pass_len); + cb_data->password_requested = true; + + return pass_len; +} + +int openssl_password_cb_error(UNUSED char *buf, UNUSED int size, UNUSED int rwflag, UNUSED void *u) +{ + return 0; } int base64_decode_length(const char *data, size_t data_len, size_t *len) @@ -251,9 +267,10 @@ int import_evp(yaca_key_h *key, int ret; BIO *src = NULL; EVP_PKEY *pkey = NULL; - bool wrong_pass = false; - pem_password_cb *cb = NULL; + pem_password_cb *cb = openssl_password_cb; + struct openssl_password_data cb_data = {false, password}; bool private; + bool password_supported; yaca_key_type_e type; struct yaca_key_evp_s *nk = NULL; @@ -274,74 +291,79 @@ int import_evp(yaca_key_h *key, return YACA_ERROR_INTERNAL; } - /* Block the default OpenSSL password callback */ - if (password == NULL) - cb = password_dummy_cb; - /* Possible PEM */ if (strncmp("----", data, 4) == 0) { - if (pkey == NULL && !wrong_pass) { + if (pkey == NULL) { BIO_reset(src); - pkey = PEM_read_bio_PrivateKey(src, NULL, cb, (void*)password); + pkey = PEM_read_bio_PrivateKey(src, NULL, cb, (void*)&cb_data); if (ERROR_HANDLE() == YACA_ERROR_INVALID_PASSWORD) - wrong_pass = true; + return YACA_ERROR_INVALID_PASSWORD; private = true; + password_supported = true; } - if (pkey == NULL && !wrong_pass) { + if (pkey == NULL) { BIO_reset(src); - pkey = PEM_read_bio_PUBKEY(src, NULL, cb, (void*)password); - if (ERROR_HANDLE() == YACA_ERROR_INVALID_PASSWORD) - wrong_pass = true; + pkey = PEM_read_bio_PUBKEY(src, NULL, openssl_password_cb_error, NULL); + ERROR_CLEAR(); private = false; + password_supported = false; } - if (pkey == NULL && !wrong_pass) { + if (pkey == NULL) { BIO_reset(src); - X509 *x509 = PEM_read_bio_X509(src, NULL, cb, (void*)password); - if (ERROR_HANDLE() == YACA_ERROR_INVALID_PASSWORD) - wrong_pass = true; + X509 *x509 = PEM_read_bio_X509(src, NULL, openssl_password_cb_error, NULL); if (x509 != NULL) { pkey = X509_get_pubkey(x509); X509_free(x509); - ERROR_CLEAR(); } + ERROR_CLEAR(); private = false; + password_supported = false; } } /* Possible DER */ else { - if (pkey == NULL && !wrong_pass) { + if (pkey == NULL) { BIO_reset(src); - pkey = d2i_PKCS8PrivateKey_bio(src, NULL, cb, (void*)password); + pkey = d2i_PKCS8PrivateKey_bio(src, NULL, cb, (void*)&cb_data); if (ERROR_HANDLE() == YACA_ERROR_INVALID_PASSWORD) - wrong_pass = true; + return YACA_ERROR_INVALID_PASSWORD; private = true; + password_supported = true; } - if (pkey == NULL && !wrong_pass) { + if (pkey == NULL) { BIO_reset(src); pkey = d2i_PrivateKey_bio(src, NULL); ERROR_CLEAR(); private = true; + password_supported = false; } - if (pkey == NULL && !wrong_pass) { + if (pkey == NULL) { BIO_reset(src); pkey = d2i_PUBKEY_bio(src, NULL); ERROR_CLEAR(); private = false; + password_supported = false; } } BIO_free(src); - if (wrong_pass) - return YACA_ERROR_INVALID_PASSWORD; - if (pkey == NULL) return YACA_ERROR_INVALID_PARAMETER; + /* password was given, but it was not required to perform import */ + if (password != NULL && !cb_data.password_requested) { + if (password_supported) + ret = YACA_ERROR_INVALID_PASSWORD; + else + ret = YACA_ERROR_INVALID_PARAMETER; + goto exit; + } + switch (EVP_PKEY_type(pkey->type)) { case EVP_PKEY_RSA: type = private ? YACA_KEY_TYPE_RSA_PRIV : YACA_KEY_TYPE_RSA_PUB; @@ -503,6 +525,8 @@ int export_evp_default_bio(struct yaca_key_evp_s *evp_key, case YACA_KEY_TYPE_RSA_PUB: case YACA_KEY_TYPE_DSA_PUB: + if (password != NULL) + return YACA_ERROR_INVALID_PARAMETER; ret = PEM_write_bio_PUBKEY(mem, evp_key->evp); break; @@ -521,15 +545,21 @@ int export_evp_default_bio(struct yaca_key_evp_s *evp_key, switch (evp_key->key.type) { case YACA_KEY_TYPE_RSA_PRIV: + if (password != NULL) + return YACA_ERROR_INVALID_PARAMETER; ret = i2d_RSAPrivateKey_bio(mem, EVP_PKEY_get0(evp_key->evp)); break; case YACA_KEY_TYPE_DSA_PRIV: + if (password != NULL) + return YACA_ERROR_INVALID_PARAMETER; ret = i2d_DSAPrivateKey_bio(mem, EVP_PKEY_get0(evp_key->evp)); break; case YACA_KEY_TYPE_RSA_PUB: case YACA_KEY_TYPE_DSA_PUB: + if (password != NULL) + return YACA_ERROR_INVALID_PARAMETER; ret = i2d_PUBKEY_bio(mem, evp_key->evp); break; @@ -567,10 +597,11 @@ int export_evp_pkcs8_bio(struct yaca_key_evp_s *evp_key, assert(mem != NULL); int ret; - int nid = -1; + int nid = NID_pbeWithMD5AndDES_CBC; - if (password != NULL) - nid = NID_pbeWithMD5AndDES_CBC; + /* PKCS8 export requires a password */ + if (password == NULL) + return YACA_ERROR_INVALID_PARAMETER; switch (key_file_fmt) { diff --git a/todo.txt b/todo.txt index e2ef626..c33b5d7 100644 --- a/todo.txt +++ b/todo.txt @@ -7,4 +7,5 @@ Global: - yaca_key_wrap(), yaca_key_unwrap() - We need a way to import keys encrypted with hw (or other) keys. New function like yaca_key_load or sth? -- Add extended description and examples in documentation. \ No newline at end of file +- Add extended description and examples in documentation. +- Check PKCS8 with PKCS5 2.0 (EVP cipher instead of PBE) -- 2.7.4 From ca3d931be6f66d4e1856c39053552daa9b1bf422 Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Fri, 1 Jul 2016 19:35:58 +0200 Subject: [PATCH 06/16] Make it possible to import DER based X509 certificates Change-Id: I86442c8faa6244d2d71ed1e0396464c580844166 --- src/key.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/key.c b/src/key.c index 1a02ce5..cd87042 100644 --- a/src/key.c +++ b/src/key.c @@ -348,6 +348,18 @@ int import_evp(yaca_key_h *key, private = false; password_supported = false; } + + if (pkey == NULL) { + BIO_reset(src); + X509 *x509 = d2i_X509_bio(src, NULL); + if (x509 != NULL) { + pkey = X509_get_pubkey(x509); + X509_free(x509); + } + ERROR_CLEAR(); + private = false; + password_supported = false; + } } BIO_free(src); -- 2.7.4 From bab9f8b5eba65c99f351faad1cbbee05798361de Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Tue, 5 Jul 2016 13:08:10 +0200 Subject: [PATCH 07/16] Use size_t for PBKDF2 iterations param Also fix salt invalid param check. Change-Id: Ib756041545a3aa606f9f44dc256a0ad70824ba3b --- api/yaca/yaca_key.h | 2 +- src/key.c | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h index 89801ba..b6294ad 100644 --- a/api/yaca/yaca_key.h +++ b/api/yaca/yaca_key.h @@ -290,7 +290,7 @@ void yaca_key_destroy(yaca_key_h key); int yaca_key_derive_pbkdf2(const char *password, const char *salt, size_t salt_len, - int iterations, + size_t iterations, yaca_digest_algorithm_e algo, size_t key_bit_len, yaca_key_h *key); diff --git a/src/key.c b/src/key.c index cd87042..b54f1c9 100644 --- a/src/key.c +++ b/src/key.c @@ -1246,7 +1246,7 @@ API void yaca_key_destroy(yaca_key_h key) API int yaca_key_derive_pbkdf2(const char *password, const char *salt, size_t salt_len, - int iterations, + size_t iterations, yaca_digest_algorithm_e algo, size_t key_bit_len, yaca_key_h *key) @@ -1256,13 +1256,17 @@ API int yaca_key_derive_pbkdf2(const char *password, size_t key_byte_len = key_bit_len / 8; int ret; - if (password == NULL || salt == NULL || salt_len == 0 || + if (password == NULL || + (salt == NULL && salt_len > 0) || (salt != NULL && salt_len == 0) || iterations == 0 || key_bit_len == 0 || key == NULL) return YACA_ERROR_INVALID_PARAMETER; if (key_bit_len % 8) /* Key length must be multiple of 8-bits */ return YACA_ERROR_INVALID_PARAMETER; + if (iterations > INT_MAX) /* OpenSSL limitation */ + return YACA_ERROR_INVALID_PARAMETER; + ret = digest_get_algorithm(algo, &md); if (ret != YACA_ERROR_NONE) return ret; -- 2.7.4 From d621e392393ea55f220b6a7a05957a903b120aae Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Thu, 30 Jun 2016 12:25:09 +0200 Subject: [PATCH 08/16] Key copying function Change-Id: I372b7fd9c01f4eb104fc953c7995fa63dba0cba6 --- src/internal.h | 2 ++ src/key.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+) diff --git a/src/internal.h b/src/internal.h index 5a6285e..dce0a61 100644 --- a/src/internal.h +++ b/src/internal.h @@ -131,6 +131,8 @@ int encrypt_finalize(yaca_context_h ctx, struct yaca_key_simple_s *key_get_simple(const yaca_key_h key); struct yaca_key_evp_s *key_get_evp(const yaca_key_h key); +yaca_key_h key_copy(const yaca_key_h key); + void error_dump(const char *file, int line, const char *function, int code); #define ERROR_DUMP(code) error_dump(__FILE__, __LINE__, __func__, (code)) #define ERROR_CLEAR() ERR_clear_error() diff --git a/src/key.c b/src/key.c index b54f1c9..4153434 100644 --- a/src/key.c +++ b/src/key.c @@ -32,6 +32,7 @@ #include #include #include +#include #include #include @@ -1000,6 +1001,53 @@ struct yaca_key_evp_s *key_get_evp(const yaca_key_h key) } } +static yaca_key_h key_copy_simple(const struct yaca_key_simple_s *key) +{ + int ret; + assert(key != NULL); + + struct yaca_key_simple_s *copy; + size_t size = sizeof(struct yaca_key_simple_s) + key->bits / 8; + + ret = yaca_zalloc(size, (void**)©); + if (ret != YACA_ERROR_NONE) + return YACA_KEY_NULL; + + memcpy(copy, key, size); + return (yaca_key_h)copy; +} + +static yaca_key_h key_copy_evp(const struct yaca_key_evp_s *key) +{ + int ret; + assert(key != NULL); + + struct yaca_key_evp_s *copy = NULL; + ret = yaca_zalloc(sizeof(struct yaca_key_evp_s), (void**)©); + if (ret != YACA_ERROR_NONE) + return YACA_KEY_NULL; + + /* raise the refcount */ + CRYPTO_add(&key->evp->references, 1, CRYPTO_LOCK_EVP_PKEY); + + copy->key.type = key->key.type; + copy->evp = key->evp; + return (yaca_key_h)copy; +} + +yaca_key_h key_copy(const yaca_key_h key) +{ + struct yaca_key_simple_s *simple = key_get_simple(key); + struct yaca_key_evp_s *evp = key_get_evp(key); + + if (simple != NULL) + return key_copy_simple(simple); + else if (evp != NULL) + return key_copy_evp(evp); + + return YACA_KEY_NULL; +} + API int yaca_key_get_type(const yaca_key_h key, yaca_key_type_e *key_type) { const struct yaca_key_s *lkey = (const struct yaca_key_s *)key; -- 2.7.4 From f38dab94e6bcf01d7e1ed35608fac813e9f66606 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Thu, 30 Jun 2016 15:10:17 +0200 Subject: [PATCH 09/16] Allow NULL value_len in yaca_context_get_property(). Fix documentation. In cases where a property is a single object of a known type theres no point in passing value_len to yaca_context_get_property(). The documentation related to property getting/setting has been updated. Change-Id: Idf908e87b87b5fe5239f651fe8546a7bd5a89850 --- api/yaca/yaca_crypto.h | 8 ++++++++ api/yaca/yaca_types.h | 16 +++++++++------- src/encrypt.c | 6 +++--- src/sign.c | 5 +++-- 4 files changed, 23 insertions(+), 12 deletions(-) diff --git a/api/yaca/yaca_crypto.h b/api/yaca/yaca_crypto.h index baf0315..20cae17 100644 --- a/api/yaca/yaca_crypto.h +++ b/api/yaca/yaca_crypto.h @@ -190,6 +190,9 @@ int yaca_randomize_bytes(char *data, size_t data_len); * @brief Sets the non-standard context properties. Can only be called on an * initialized context. * + * @remarks The @a value has to be of type appropriate for given property. See #yaca_property_e + * for details on corresponding types. + * * @since_tizen 3.0 * * @param[in,out] ctx Previously initialized crypto context @@ -219,6 +222,11 @@ int yaca_context_set_property(yaca_context_h ctx, * * @remarks The @a value should be freed using yaca_free() * + * @remarks The @a value has to be of type appropriate for given property. See #yaca_property_e + * for details on corresponding types. + * + * @remarks @a value_len can be NULL if returned @a value is a single object (i.e. not an array/buffer) + * * @param[in] ctx Previously initialized crypto context * @param[in] property Property to be read * @param[out] value Copy of the property value diff --git a/api/yaca/yaca_types.h b/api/yaca/yaca_types.h index 2d5edc9..4508c8d 100644 --- a/api/yaca/yaca_types.h +++ b/api/yaca/yaca_types.h @@ -385,23 +385,25 @@ typedef enum { * @brief Enumeration of YACA non-standard properties for algorithms. * * @since_tizen 3.0 + * + * @see #yaca_padding_e */ typedef enum { - /** Padding */ + /** Padding. Property type is #yaca_padding_e. */ YACA_PROPERTY_PADDING, - /** GCM Additional Authentication Data */ + /** GCM Additional Authentication Data. Property type is a buffer (e.g. char*) */ YACA_PROPERTY_GCM_AAD, - /** GCM Tag bits */ + /** GCM Tag. Property type is a buffer (e.g. char*) */ YACA_PROPERTY_GCM_TAG, - /** GCM Tag length */ + /** GCM Tag length. Property type is size_t. */ YACA_PROPERTY_GCM_TAG_LEN, - /** CCM Additional Authentication Data */ + /** CCM Additional Authentication Data. Property type is a buffer (e.g. char*) */ YACA_PROPERTY_CCM_AAD, - /** CCM Tag bits */ + /** CCM Tag. Property type is a buffer (e.g. char*) */ YACA_PROPERTY_CCM_TAG, - /** CCM Tag length */ + /** CCM Tag length. Property type is size_t. */ YACA_PROPERTY_CCM_TAG_LEN } yaca_property_e; diff --git a/src/encrypt.c b/src/encrypt.c index 5942e2e..b248896 100644 --- a/src/encrypt.c +++ b/src/encrypt.c @@ -168,13 +168,13 @@ int get_encrypt_property(const yaca_context_h ctx, yaca_property_e property, { struct yaca_encrypt_context_s *c = get_encrypt_context(ctx); - if (c == NULL || value == NULL || value_len == NULL) + if (c == NULL || value == NULL) return YACA_ERROR_INVALID_PARAMETER; assert(c->cipher_ctx != NULL); switch (property) { case YACA_PROPERTY_GCM_TAG: - if (c->tag_len == 0) + if (c->tag_len == 0 || value_len == 0) return YACA_ERROR_INVALID_PARAMETER; if (EVP_CIPHER_CTX_ctrl(c->cipher_ctx, @@ -186,7 +186,7 @@ int get_encrypt_property(const yaca_context_h ctx, yaca_property_e property, *value_len = c->tag_len; break; case YACA_PROPERTY_CCM_TAG: - if (c->tag_len == 0) + if (c->tag_len == 0 || value_len == 0) return YACA_ERROR_INVALID_PARAMETER; if (EVP_CIPHER_CTX_ctrl(c->cipher_ctx, diff --git a/src/sign.c b/src/sign.c index 5dd261c..acb0392 100644 --- a/src/sign.c +++ b/src/sign.c @@ -179,7 +179,7 @@ int get_sign_param(const yaca_context_h ctx, int pad; yaca_padding_e padding; - if (c == NULL || value == NULL || value_len == NULL) + if (c == NULL || value == NULL) return YACA_ERROR_INVALID_PARAMETER; assert(c->mdctx != NULL); @@ -230,7 +230,8 @@ int get_sign_param(const yaca_context_h ctx, return ret; memcpy(*value, &padding, sizeof(yaca_padding_e)); - *value_len = sizeof(yaca_padding_e); + if (value_len != NULL) + *value_len = sizeof(yaca_padding_e); return YACA_ERROR_NONE; } -- 2.7.4 From 8b450c78247d700c8d255b4135e0a785b474a524 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Thu, 7 Jul 2016 12:36:38 +0200 Subject: [PATCH 10/16] Make yaca_cleanup return void Change-Id: I325703541385d064f9f3ba36fc9aeebb1e0e7bde --- api/yaca/yaca_crypto.h | 5 +---- src/crypto.c | 6 ++---- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/api/yaca/yaca_crypto.h b/api/yaca/yaca_crypto.h index 20cae17..9ee5ed7 100644 --- a/api/yaca/yaca_crypto.h +++ b/api/yaca/yaca_crypto.h @@ -66,12 +66,9 @@ int yaca_initialize(void); * * @since_tizen 3.0 * - * @return #YACA_ERROR_NONE on success - * @retval #YACA_ERROR_NONE Successful - * * @see yaca_initialize() */ -int yaca_cleanup(void); +void yaca_cleanup(void); /** * @brief Allocates the memory. diff --git a/src/crypto.c b/src/crypto.c index 158bcf8..5218aba 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -157,11 +157,11 @@ exit: return ret; } -API int yaca_cleanup(void) +API void yaca_cleanup(void) { /* calling cleanup twice on the same thread is a NOP */ if (!current_thread_initialized) - return YACA_ERROR_NONE; + return; /* per thread cleanup */ ERR_remove_thread_state(NULL); @@ -190,8 +190,6 @@ API int yaca_cleanup(void) current_thread_initialized = false; } pthread_mutex_unlock(&init_mutex); - - return YACA_ERROR_NONE; } API int yaca_malloc(size_t size, void **memory) -- 2.7.4 From bb6ffe776a45090a6540e8e64aba923f9e3f9cde Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Tue, 5 Jul 2016 18:49:22 +0200 Subject: [PATCH 11/16] Add a comment describing padding usage Change-Id: I915d829086b10a1718f5499f56dfc604a8e5e525 --- api/yaca/yaca_types.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/api/yaca/yaca_types.h b/api/yaca/yaca_types.h index 4508c8d..655879e 100644 --- a/api/yaca/yaca_types.h +++ b/api/yaca/yaca_types.h @@ -389,7 +389,11 @@ typedef enum { * @see #yaca_padding_e */ typedef enum { - /** Padding. Property type is #yaca_padding_e. */ + /** + * Padding for the sign/verify operation. Property type is #yaca_padding_e. + * + * This property can be set at the latest before the *_finalize() call. + */ YACA_PROPERTY_PADDING, /** GCM Additional Authentication Data. Property type is a buffer (e.g. char*) */ -- 2.7.4 From aa4e575aaff9fb9db341223b499f6a430ea70eff Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Thu, 7 Jul 2016 14:33:25 +0200 Subject: [PATCH 12/16] Change ERROR_NONE to 0 where we don't check yaca function Change-Id: Id1e4a26365610e1e26d1f95b67834e2ad1d0e4df --- src/sign.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sign.c b/src/sign.c index acb0392..6d39a13 100644 --- a/src/sign.c +++ b/src/sign.c @@ -586,7 +586,7 @@ API int yaca_verify_finalize(yaca_context_h ctx, if (ret == 1) return YACA_ERROR_NONE; - if (ret == YACA_ERROR_NONE) { + if (ret == 0) { ERROR_CLEAR(); return YACA_ERROR_DATA_MISMATCH; } -- 2.7.4 From 11bdbcbf460fc5067e4eb8d244ef84654bc5fc63 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Tue, 5 Jul 2016 09:20:41 +0200 Subject: [PATCH 13/16] Adjust naming convention to API. Change-Id: I096c1df2007832e52bc797de88df3dd8c46e67aa --- api/yaca/yaca_key.h | 4 +- examples/encrypt.c | 98 +++++++++++++-------------- examples/encrypt_aes_gcm_ccm.c | 130 +++++++++++++++++------------------ examples/misc.c | 4 +- examples/misc.h | 2 +- examples/seal.c | 100 +++++++++++++-------------- readme.txt | 2 +- src/crypto.c | 16 ++--- src/digest.c | 42 ++++++------ src/encrypt.c | 51 +++++++------- src/internal.h | 34 +++++----- src/key.c | 75 ++++++++++----------- src/seal.c | 34 +++++----- src/sign.c | 150 ++++++++++++++++++++--------------------- src/simple.c | 68 +++++++++---------- 15 files changed, 404 insertions(+), 406 deletions(-) diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h index b6294ad..288e6ce 100644 --- a/api/yaca/yaca_key.h +++ b/api/yaca/yaca_key.h @@ -241,11 +241,11 @@ int yaca_key_generate(yaca_key_type_e key_type, int yaca_key_extract_public(const yaca_key_h prv_key, yaca_key_h *pub_key); /** - * @brief Frees the key created by the library. Passing YACA_KEY_NULL is allowed. + * @brief Release the key created by the library. Passing YACA_KEY_NULL is allowed. * * @since_tizen 3.0 * - * @param[in,out] key Key to be freed + * @param[in,out] key Key to be released * * @see yaca_key_import() * @see yaca_key_export() diff --git a/examples/encrypt.c b/examples/encrypt.c index 426c391..31c8806 100644 --- a/examples/encrypt.c +++ b/examples/encrypt.c @@ -35,39 +35,39 @@ void encrypt_simple(const yaca_encrypt_algorithm_e algo, const yaca_block_cipher_mode_e bcm, - const size_t key_bits) + const size_t key_bit_len) { yaca_key_h key = YACA_KEY_NULL; yaca_key_h iv = YACA_KEY_NULL; char *enc = NULL; char *dec = NULL; - size_t enc_size; - size_t dec_size; - size_t iv_bits; + size_t enc_len; + size_t dec_len; + size_t iv_bit_len; printf("Plain data (16 of %zu bytes): %.16s\n", LOREM4096_SIZE, lorem4096); /* Key generation */ if (yaca_key_derive_pbkdf2("foo bar", "123456789", 10, 1000, - YACA_DIGEST_SHA256, key_bits, &key) != YACA_ERROR_NONE) + YACA_DIGEST_SHA256, key_bit_len, &key) != YACA_ERROR_NONE) return; - if (yaca_encrypt_get_iv_bit_length(algo, bcm, key_bits, &iv_bits) != YACA_ERROR_NONE) + if (yaca_encrypt_get_iv_bit_length(algo, bcm, key_bit_len, &iv_bit_len) != YACA_ERROR_NONE) goto exit; - if (iv_bits > 0 && yaca_key_generate(YACA_KEY_TYPE_IV, iv_bits, &iv) != YACA_ERROR_NONE) + if (iv_bit_len > 0 && yaca_key_generate(YACA_KEY_TYPE_IV, iv_bit_len, &iv) != YACA_ERROR_NONE) goto exit; - if (yaca_simple_encrypt(algo, bcm, key, iv, lorem4096, LOREM4096_SIZE, &enc, &enc_size) != YACA_ERROR_NONE) + if (yaca_simple_encrypt(algo, bcm, key, iv, lorem4096, LOREM4096_SIZE, &enc, &enc_len) != YACA_ERROR_NONE) goto exit; - dump_hex(enc, 16, "Encrypted data (16 of %zu bytes): ", enc_size); + dump_hex(enc, 16, "Encrypted data (16 of %zu bytes): ", enc_len); - if (yaca_simple_decrypt(algo, bcm, key, iv, enc, enc_size, &dec, &dec_size) != YACA_ERROR_NONE) + if (yaca_simple_decrypt(algo, bcm, key, iv, enc, enc_len, &dec, &dec_len) != YACA_ERROR_NONE) goto exit; - printf("Decrypted data (16 of %zu bytes): %.16s\n\n", dec_size, dec); + printf("Decrypted data (16 of %zu bytes): %.16s\n\n", dec_len, dec); exit: yaca_free(enc); @@ -79,33 +79,33 @@ exit: void encrypt_advanced(const yaca_encrypt_algorithm_e algo, const yaca_block_cipher_mode_e bcm, const yaca_key_type_e key_type, - const size_t key_bits) + const size_t key_bit_len) { yaca_context_h ctx = YACA_CONTEXT_NULL; yaca_key_h key = YACA_KEY_NULL; yaca_key_h iv = YACA_KEY_NULL; - size_t iv_bits; + size_t iv_bit_len; char *enc = NULL; char *dec = NULL; - size_t enc_size; - size_t dec_size; + size_t enc_len; + size_t dec_len; size_t block_len; size_t output_len; - size_t out_size; + size_t written_len; size_t rem; printf("Plain data (16 of %zu bytes): %.16s\n", LOREM4096_SIZE, lorem4096); /* Key generation */ - if (yaca_key_generate(key_type, key_bits, &key) != YACA_ERROR_NONE) + if (yaca_key_generate(key_type, key_bit_len, &key) != YACA_ERROR_NONE) return; - if (yaca_encrypt_get_iv_bit_length(algo, bcm, key_bits, &iv_bits) != YACA_ERROR_NONE) + if (yaca_encrypt_get_iv_bit_length(algo, bcm, key_bit_len, &iv_bit_len) != YACA_ERROR_NONE) goto exit; - if (iv_bits > 0 && yaca_key_generate(YACA_KEY_TYPE_IV, iv_bits, &iv) != YACA_ERROR_NONE) + if (iv_bit_len > 0 && yaca_key_generate(YACA_KEY_TYPE_IV, iv_bit_len, &iv) != YACA_ERROR_NONE) goto exit; /* Encryption */ @@ -122,21 +122,21 @@ void encrypt_advanced(const yaca_encrypt_algorithm_e algo, goto exit; /* Calculate max output: size of update + final chunks */ - enc_size = output_len + block_len; - if (yaca_malloc(enc_size, (void**)&enc) != YACA_ERROR_NONE) + enc_len = output_len + block_len; + if (yaca_malloc(enc_len, (void**)&enc) != YACA_ERROR_NONE) goto exit; - out_size = enc_size; - if (yaca_encrypt_update(ctx, lorem4096, LOREM4096_SIZE, enc, &out_size) != YACA_ERROR_NONE) + written_len = enc_len; + if (yaca_encrypt_update(ctx, lorem4096, LOREM4096_SIZE, enc, &written_len) != YACA_ERROR_NONE) goto exit; - rem = enc_size - out_size; - if (yaca_encrypt_finalize(ctx, enc + out_size, &rem) != YACA_ERROR_NONE) + rem = enc_len - written_len; + if (yaca_encrypt_finalize(ctx, enc + written_len, &rem) != YACA_ERROR_NONE) goto exit; - enc_size = rem + out_size; + enc_len = rem + written_len; - dump_hex(enc, 16, "Encrypted data (16 of %zu bytes): ", enc_size); + dump_hex(enc, 16, "Encrypted data (16 of %zu bytes): ", enc_len); yaca_context_destroy(ctx); ctx = YACA_CONTEXT_NULL; @@ -156,21 +156,21 @@ void encrypt_advanced(const yaca_encrypt_algorithm_e algo, goto exit; /* Calculate max output: size of update + final chunks */ - dec_size = output_len + block_len; - if (yaca_malloc(dec_size, (void**)&dec) != YACA_ERROR_NONE) + dec_len = output_len + block_len; + if (yaca_malloc(dec_len, (void**)&dec) != YACA_ERROR_NONE) goto exit; - out_size = dec_size; - if (yaca_decrypt_update(ctx, enc, enc_size, dec, &out_size) != YACA_ERROR_NONE) + written_len = dec_len; + if (yaca_decrypt_update(ctx, enc, enc_len, dec, &written_len) != YACA_ERROR_NONE) goto exit; - rem = dec_size - out_size; - if (yaca_decrypt_finalize(ctx, dec + out_size, &rem) != YACA_ERROR_NONE) + rem = dec_len - written_len; + if (yaca_decrypt_finalize(ctx, dec + written_len, &rem) != YACA_ERROR_NONE) goto exit; - dec_size = rem + out_size; + dec_len = rem + written_len; - printf("Decrypted data (16 of %zu bytes): %.16s\n\n", dec_size, dec); + printf("Decrypted data (16 of %zu bytes): %.16s\n\n", dec_len, dec); } exit: @@ -192,41 +192,41 @@ int main() yaca_encrypt_algorithm_e algo = YACA_ENCRYPT_AES; yaca_block_cipher_mode_e bcm = YACA_BCM_ECB; yaca_key_type_e key_type = YACA_KEY_TYPE_SYMMETRIC; - size_t key_bits = YACA_KEY_LENGTH_256BIT; + size_t key_bit_len = YACA_KEY_LENGTH_256BIT; - encrypt_simple(algo, bcm, key_bits); - encrypt_advanced(algo, bcm, key_type, key_bits); + encrypt_simple(algo, bcm, key_bit_len); + encrypt_advanced(algo, bcm, key_type, key_bit_len); algo = YACA_ENCRYPT_3DES_3TDEA; bcm = YACA_BCM_OFB; key_type = YACA_KEY_TYPE_DES; - key_bits = YACA_KEY_LENGTH_192BIT; + key_bit_len = YACA_KEY_LENGTH_192BIT; - encrypt_advanced(algo, bcm, key_type, key_bits); + encrypt_advanced(algo, bcm, key_type, key_bit_len); algo = YACA_ENCRYPT_CAST5; bcm = YACA_BCM_CFB; key_type = YACA_KEY_TYPE_SYMMETRIC; - key_bits = YACA_KEY_LENGTH_UNSAFE_40BIT; + key_bit_len = YACA_KEY_LENGTH_UNSAFE_40BIT; - encrypt_simple(algo, bcm, key_bits); - encrypt_advanced(algo, bcm, key_type, key_bits); + encrypt_simple(algo, bcm, key_bit_len); + encrypt_advanced(algo, bcm, key_type, key_bit_len); algo = YACA_ENCRYPT_UNSAFE_RC2; bcm = YACA_BCM_CBC; key_type = YACA_KEY_TYPE_SYMMETRIC; - key_bits = YACA_KEY_LENGTH_UNSAFE_8BIT; + key_bit_len = YACA_KEY_LENGTH_UNSAFE_8BIT; - encrypt_simple(algo, bcm, key_bits); - encrypt_advanced(algo, bcm, key_type, key_bits); + encrypt_simple(algo, bcm, key_bit_len); + encrypt_advanced(algo, bcm, key_type, key_bit_len); algo = YACA_ENCRYPT_UNSAFE_RC4; bcm = YACA_BCM_NONE; key_type = YACA_KEY_TYPE_SYMMETRIC; - key_bits = YACA_KEY_LENGTH_2048BIT; + key_bit_len = YACA_KEY_LENGTH_2048BIT; - encrypt_simple(algo, bcm, key_bits); - encrypt_advanced(algo, bcm, key_type, key_bits); + encrypt_simple(algo, bcm, key_bit_len); + encrypt_advanced(algo, bcm, key_type, key_bit_len); yaca_cleanup(); diff --git a/examples/encrypt_aes_gcm_ccm.c b/examples/encrypt_aes_gcm_ccm.c index d635ded..7ac3534 100644 --- a/examples/encrypt_aes_gcm_ccm.c +++ b/examples/encrypt_aes_gcm_ccm.c @@ -37,8 +37,8 @@ void encrypt_decrypt_aes_gcm(void) yaca_encrypt_algorithm_e algo = YACA_ENCRYPT_AES; yaca_block_cipher_mode_e bcm = YACA_BCM_GCM; yaca_key_type_e key_type = YACA_KEY_TYPE_SYMMETRIC; - size_t key_bits = YACA_KEY_LENGTH_256BIT; - size_t iv_bits = YACA_KEY_LENGTH_IV_128BIT; + size_t key_bit_len = YACA_KEY_LENGTH_256BIT; + size_t iv_bit_len = YACA_KEY_LENGTH_IV_128BIT; yaca_context_h ctx = YACA_CONTEXT_NULL; yaca_key_h key = YACA_KEY_NULL; @@ -46,37 +46,37 @@ void encrypt_decrypt_aes_gcm(void) char *enc = NULL; char *dec = NULL; - size_t enc_size; - size_t dec_size; + size_t enc_len; + size_t dec_len; char *aad = NULL; char *tag = NULL; - size_t aad_size = 16; - size_t tag_size = 16; + size_t aad_len = 16; + size_t tag_len = 16; size_t block_len; size_t output_len; - size_t out_size; + size_t written_len; size_t rem; printf("AES GCM 256bit key encryption/decryption\n"); printf("Plain data (16 of %zu bytes): %.16s\n", LOREM4096_SIZE, lorem4096); /* Key generation */ - if (yaca_key_generate(key_type, key_bits, &key) != YACA_ERROR_NONE) + if (yaca_key_generate(key_type, key_bit_len, &key) != YACA_ERROR_NONE) return; /* IV generation */ - if (yaca_key_generate(YACA_KEY_TYPE_IV, iv_bits, &iv) != YACA_ERROR_NONE) + if (yaca_key_generate(YACA_KEY_TYPE_IV, iv_bit_len, &iv) != YACA_ERROR_NONE) goto exit; - if (yaca_zalloc(aad_size, (void**)&aad) != YACA_ERROR_NONE) + if (yaca_zalloc(aad_len, (void**)&aad) != YACA_ERROR_NONE) goto exit; - if (yaca_randomize_bytes(aad, aad_size) != YACA_ERROR_NONE) + if (yaca_randomize_bytes(aad, aad_len) != YACA_ERROR_NONE) goto exit; - if (yaca_zalloc(tag_size, (void**)&tag) != YACA_ERROR_NONE) + if (yaca_zalloc(tag_len, (void**)&tag) != YACA_ERROR_NONE) goto exit; /* Encryption */ @@ -85,7 +85,7 @@ void encrypt_decrypt_aes_gcm(void) goto exit; /* Provide any AAD data */ - if (yaca_context_set_property(ctx, YACA_PROPERTY_GCM_AAD, aad, aad_size) != YACA_ERROR_NONE) + if (yaca_context_set_property(ctx, YACA_PROPERTY_GCM_AAD, aad, aad_len) != YACA_ERROR_NONE) goto exit; /* For the update */ @@ -97,29 +97,29 @@ void encrypt_decrypt_aes_gcm(void) goto exit; /* Calculate max output: size of update + final chunks */ - enc_size = output_len + block_len; - if (yaca_malloc(enc_size, (void**)&enc) != YACA_ERROR_NONE) + enc_len = output_len + block_len; + if (yaca_malloc(enc_len, (void**)&enc) != YACA_ERROR_NONE) goto exit; - out_size = enc_size; - if (yaca_encrypt_update(ctx, lorem4096, LOREM4096_SIZE, enc, &out_size) != YACA_ERROR_NONE) + written_len = enc_len; + if (yaca_encrypt_update(ctx, lorem4096, LOREM4096_SIZE, enc, &written_len) != YACA_ERROR_NONE) goto exit; - rem = enc_size - out_size; - if (yaca_encrypt_finalize(ctx, enc + out_size, &rem) != YACA_ERROR_NONE) + rem = enc_len - written_len; + if (yaca_encrypt_finalize(ctx, enc + written_len, &rem) != YACA_ERROR_NONE) goto exit; - enc_size = rem + out_size; + enc_len = rem + written_len; /* Set the tag length and get the tag after final encryption */ if (yaca_context_set_property(ctx, YACA_PROPERTY_GCM_TAG_LEN, - (void*)&tag_size, sizeof(tag_size)) != YACA_ERROR_NONE) + (void*)&tag_len, sizeof(tag_len)) != YACA_ERROR_NONE) goto exit; - if (yaca_context_get_property(ctx, YACA_PROPERTY_GCM_TAG, (void**)tag, &tag_size) != YACA_ERROR_NONE) + if (yaca_context_get_property(ctx, YACA_PROPERTY_GCM_TAG, (void**)tag, &tag_len) != YACA_ERROR_NONE) goto exit; - dump_hex(enc, 16, "Encrypted data (16 of %zu bytes): ", enc_size); + dump_hex(enc, 16, "Encrypted data (16 of %zu bytes): ", enc_len); yaca_context_destroy(ctx); ctx = YACA_CONTEXT_NULL; @@ -131,7 +131,7 @@ void encrypt_decrypt_aes_gcm(void) goto exit; /* Provide any AAD data */ - if (yaca_context_set_property(ctx, YACA_PROPERTY_GCM_AAD, aad, aad_size) != YACA_ERROR_NONE) + if (yaca_context_set_property(ctx, YACA_PROPERTY_GCM_AAD, aad, aad_len) != YACA_ERROR_NONE) goto exit; /* For the update */ @@ -143,26 +143,26 @@ void encrypt_decrypt_aes_gcm(void) goto exit; /* Calculate max output: size of update + final chunks */ - dec_size = output_len + block_len; - if (yaca_malloc(dec_size, (void**)&dec) != YACA_ERROR_NONE) + dec_len = output_len + block_len; + if (yaca_malloc(dec_len, (void**)&dec) != YACA_ERROR_NONE) goto exit; - out_size = dec_size; - if (yaca_decrypt_update(ctx, enc, enc_size, dec, &out_size) != YACA_ERROR_NONE) + written_len = dec_len; + if (yaca_decrypt_update(ctx, enc, enc_len, dec, &written_len) != YACA_ERROR_NONE) goto exit; - rem = dec_size - out_size; + rem = dec_len - written_len; /* Set expected tag value before final decryption */ - if (yaca_context_set_property(ctx, YACA_PROPERTY_GCM_TAG, tag, tag_size) != YACA_ERROR_NONE) + if (yaca_context_set_property(ctx, YACA_PROPERTY_GCM_TAG, tag, tag_len) != YACA_ERROR_NONE) goto exit; - if (yaca_decrypt_finalize(ctx, dec + out_size, &rem) != YACA_ERROR_NONE) + if (yaca_decrypt_finalize(ctx, dec + written_len, &rem) != YACA_ERROR_NONE) goto exit; - dec_size = rem + out_size; + dec_len = rem + written_len; - printf("Decrypted data (16 of %zu bytes): %.16s\n\n", dec_size, dec); + printf("Decrypted data (16 of %zu bytes): %.16s\n\n", dec_len, dec); } exit: @@ -180,8 +180,8 @@ void encrypt_decrypt_aes_ccm(void) yaca_encrypt_algorithm_e algo = YACA_ENCRYPT_AES; yaca_block_cipher_mode_e bcm = YACA_BCM_CCM; yaca_key_type_e key_type = YACA_KEY_TYPE_SYMMETRIC; - size_t key_bits = YACA_KEY_LENGTH_256BIT; - size_t iv_bits = YACA_KEY_LENGTH_IV_64BIT; + size_t key_bit_len = YACA_KEY_LENGTH_256BIT; + size_t iv_bit_len = YACA_KEY_LENGTH_IV_64BIT; yaca_context_h ctx = YACA_CONTEXT_NULL; yaca_key_h key = YACA_KEY_NULL; @@ -189,17 +189,17 @@ void encrypt_decrypt_aes_ccm(void) char *enc = NULL; char *dec = NULL; - size_t enc_size; - size_t dec_size; + size_t enc_len; + size_t dec_len; char *aad = NULL; char *tag = NULL; - size_t aad_size = 16; - size_t tag_size = 12; + size_t aad_len = 16; + size_t tag_len = 12; size_t block_len; size_t output_len; - size_t out_size; + size_t written_len; size_t rem; size_t len; @@ -207,20 +207,20 @@ void encrypt_decrypt_aes_ccm(void) printf("Plain data (16 of %zu bytes): %.16s\n", LOREM4096_SIZE, lorem4096); /* Key generation */ - if (yaca_key_generate(key_type, key_bits, &key) != YACA_ERROR_NONE) + if (yaca_key_generate(key_type, key_bit_len, &key) != YACA_ERROR_NONE) return; /* IV generation */ - if (yaca_key_generate(YACA_KEY_TYPE_IV, iv_bits, &iv) != YACA_ERROR_NONE) + if (yaca_key_generate(YACA_KEY_TYPE_IV, iv_bit_len, &iv) != YACA_ERROR_NONE) goto exit; - if (yaca_zalloc(aad_size, (void**)&aad) != YACA_ERROR_NONE) + if (yaca_zalloc(aad_len, (void**)&aad) != YACA_ERROR_NONE) goto exit; - if (yaca_randomize_bytes(aad, aad_size) != YACA_ERROR_NONE) + if (yaca_randomize_bytes(aad, aad_len) != YACA_ERROR_NONE) goto exit; - if (yaca_zalloc(tag_size, (void**)&tag) != YACA_ERROR_NONE) + if (yaca_zalloc(tag_len, (void**)&tag) != YACA_ERROR_NONE) goto exit; /* Encryption */ @@ -230,14 +230,14 @@ void encrypt_decrypt_aes_ccm(void) /* Set tag length (optionally) */ if (yaca_context_set_property(ctx, YACA_PROPERTY_CCM_TAG_LEN, - (void*)&tag_size, sizeof(tag_size)) != YACA_ERROR_NONE) + (void*)&tag_len, sizeof(tag_len)) != YACA_ERROR_NONE) goto exit; /* The total plain text length must be passed (only needed if AAD is passed) */ if (yaca_encrypt_update(ctx, NULL, LOREM4096_SIZE , NULL, &len) != YACA_ERROR_NONE) goto exit; - if (yaca_context_set_property(ctx, YACA_PROPERTY_CCM_AAD, aad, aad_size) != YACA_ERROR_NONE) + if (yaca_context_set_property(ctx, YACA_PROPERTY_CCM_AAD, aad, aad_len) != YACA_ERROR_NONE) goto exit; /* For the update */ @@ -249,25 +249,25 @@ void encrypt_decrypt_aes_ccm(void) goto exit; /* Calculate max output: size of update + final chunks */ - enc_size = output_len + block_len; - if (yaca_malloc(enc_size, (void**)&enc) != YACA_ERROR_NONE) + enc_len = output_len + block_len; + if (yaca_malloc(enc_len, (void**)&enc) != YACA_ERROR_NONE) goto exit; - out_size = enc_size; - if (yaca_encrypt_update(ctx, lorem4096, LOREM4096_SIZE, enc, &out_size) != YACA_ERROR_NONE) + written_len = enc_len; + if (yaca_encrypt_update(ctx, lorem4096, LOREM4096_SIZE, enc, &written_len) != YACA_ERROR_NONE) goto exit; - rem = enc_size - out_size; - if (yaca_encrypt_finalize(ctx, enc + out_size, &rem) != YACA_ERROR_NONE) + rem = enc_len - written_len; + if (yaca_encrypt_finalize(ctx, enc + written_len, &rem) != YACA_ERROR_NONE) goto exit; - enc_size = rem + out_size; + enc_len = rem + written_len; /* Get the tag after final encryption */ - if (yaca_context_get_property(ctx, YACA_PROPERTY_CCM_TAG, (void**)tag, &tag_size) != YACA_ERROR_NONE) + if (yaca_context_get_property(ctx, YACA_PROPERTY_CCM_TAG, (void**)tag, &tag_len) != YACA_ERROR_NONE) goto exit; - dump_hex(enc, 16, "Encrypted data (16 of %zu bytes): ", enc_size); + dump_hex(enc, 16, "Encrypted data (16 of %zu bytes): ", enc_len); yaca_context_destroy(ctx); ctx = YACA_CONTEXT_NULL; @@ -279,14 +279,14 @@ void encrypt_decrypt_aes_ccm(void) goto exit; /* Set expected tag value */ - if (yaca_context_set_property(ctx, YACA_PROPERTY_CCM_TAG, tag, tag_size) != YACA_ERROR_NONE) + if (yaca_context_set_property(ctx, YACA_PROPERTY_CCM_TAG, tag, tag_len) != YACA_ERROR_NONE) goto exit; /* The total encrypted text length must be passed (only needed if AAD is passed) */ - if (yaca_decrypt_update(ctx, NULL, enc_size , NULL, &len) != YACA_ERROR_NONE) + if (yaca_decrypt_update(ctx, NULL, enc_len , NULL, &len) != YACA_ERROR_NONE) goto exit; - if (yaca_context_set_property(ctx, YACA_PROPERTY_CCM_AAD, aad, aad_size) != YACA_ERROR_NONE) + if (yaca_context_set_property(ctx, YACA_PROPERTY_CCM_AAD, aad, aad_len) != YACA_ERROR_NONE) goto exit; /* For the update */ @@ -298,19 +298,19 @@ void encrypt_decrypt_aes_ccm(void) goto exit; /* Calculate max output: size of update + final chunks */ - dec_size = output_len + block_len; - if (yaca_malloc(dec_size, (void**)&dec) != YACA_ERROR_NONE) + dec_len = output_len + block_len; + if (yaca_malloc(dec_len, (void**)&dec) != YACA_ERROR_NONE) goto exit; - out_size = dec_size; + written_len = dec_len; /* The tag verify is performed when you call the final yaca_decrypt_update(), * there is no call to yaca_decrypt_finalize() */ - if (yaca_decrypt_update(ctx, enc, enc_size, dec, &out_size) != YACA_ERROR_NONE) + if (yaca_decrypt_update(ctx, enc, enc_len, dec, &written_len) != YACA_ERROR_NONE) goto exit; - dec_size = out_size; + dec_len = written_len; - printf("Decrypted data (16 of %zu bytes): %.16s\n\n", dec_size, dec); + printf("Decrypted data (16 of %zu bytes): %.16s\n\n", dec_len, dec); } exit: diff --git a/examples/misc.c b/examples/misc.c index fe3711f..07784d7 100644 --- a/examples/misc.c +++ b/examples/misc.c @@ -34,7 +34,7 @@ #include "misc.h" -void dump_hex(const char *buf, size_t dump_size, const char *fmt, ...) +void dump_hex(const char *buf, size_t dump_len, const char *fmt, ...) { va_list ap; @@ -42,7 +42,7 @@ void dump_hex(const char *buf, size_t dump_size, const char *fmt, ...) vprintf(fmt, ap); va_end(ap); putchar('\n'); - BIO_dump_fp(stdout, buf, dump_size); + BIO_dump_fp(stdout, buf, dump_len); } void debug_func(const char *buf) diff --git a/examples/misc.h b/examples/misc.h index bf8a8e0..33c50bb 100644 --- a/examples/misc.h +++ b/examples/misc.h @@ -26,7 +26,7 @@ #include -void dump_hex(const char *buf, size_t dump_size, const char *fmt, ...); +void dump_hex(const char *buf, size_t dump_len, const char *fmt, ...); void debug_func(const char *buf); diff --git a/examples/seal.c b/examples/seal.c index 96e5888..a7774eb 100644 --- a/examples/seal.c +++ b/examples/seal.c @@ -34,7 +34,7 @@ void encrypt_seal(const yaca_encrypt_algorithm_e algo, const yaca_block_cipher_mode_e bcm, - const size_t key_bits) + const size_t key_bit_len) { yaca_context_h ctx = YACA_CONTEXT_NULL; yaca_key_h key_pub = YACA_KEY_NULL; @@ -49,7 +49,7 @@ void encrypt_seal(const yaca_encrypt_algorithm_e algo, size_t block_len; size_t output_len; - size_t out_len; + size_t written_len; size_t rem; printf("Plain data (16 of %zu bytes): %.16s\n", LOREM4096_SIZE, lorem4096); @@ -63,7 +63,7 @@ void encrypt_seal(const yaca_encrypt_algorithm_e algo, /* Encrypt a.k.a. seal */ { - if (yaca_seal_initialize(&ctx, key_pub, algo, bcm, key_bits, &sym_key, &iv) != YACA_ERROR_NONE) + if (yaca_seal_initialize(&ctx, key_pub, algo, bcm, key_bit_len, &sym_key, &iv) != YACA_ERROR_NONE) goto exit; /* For the update */ @@ -80,15 +80,15 @@ void encrypt_seal(const yaca_encrypt_algorithm_e algo, goto exit; /* Seal and finalize */ - out_len = enc_len; - if (yaca_seal_update(ctx, lorem4096, LOREM4096_SIZE, enc, &out_len) != YACA_ERROR_NONE) + written_len = enc_len; + if (yaca_seal_update(ctx, lorem4096, LOREM4096_SIZE, enc, &written_len) != YACA_ERROR_NONE) goto exit; - rem = enc_len - out_len; - if (yaca_seal_finalize(ctx, enc + out_len, &rem) != YACA_ERROR_NONE) + rem = enc_len - written_len; + if (yaca_seal_finalize(ctx, enc + written_len, &rem) != YACA_ERROR_NONE) goto exit; - enc_len = rem + out_len; + enc_len = rem + written_len; dump_hex(enc, 16, "Encrypted data (16 of %zu bytes): ", enc_len); @@ -98,7 +98,7 @@ void encrypt_seal(const yaca_encrypt_algorithm_e algo, /* Decrypt a.k.a. open */ { - if (yaca_open_initialize(&ctx, key_priv, algo, bcm, key_bits, sym_key, iv) != YACA_ERROR_NONE) + if (yaca_open_initialize(&ctx, key_priv, algo, bcm, key_bit_len, sym_key, iv) != YACA_ERROR_NONE) goto exit; /* For the update */ @@ -115,15 +115,15 @@ void encrypt_seal(const yaca_encrypt_algorithm_e algo, goto exit; /* Open and finalize */ - out_len = dec_len; - if (yaca_open_update(ctx, enc, enc_len, dec, &out_len) != YACA_ERROR_NONE) + written_len = dec_len; + if (yaca_open_update(ctx, enc, enc_len, dec, &written_len) != YACA_ERROR_NONE) goto exit; - rem = dec_len - out_len; - if (yaca_open_finalize(ctx, dec + out_len, &rem) != YACA_ERROR_NONE) + rem = dec_len - written_len; + if (yaca_open_finalize(ctx, dec + written_len, &rem) != YACA_ERROR_NONE) goto exit; - dec_len = rem + out_len; + dec_len = rem + written_len; printf("Decrypted data (16 of %zu bytes): %.16s\n\n", dec_len, dec); } @@ -142,7 +142,7 @@ void encrypt_seal_aes_gcm(void) { yaca_encrypt_algorithm_e algo = YACA_ENCRYPT_AES; yaca_block_cipher_mode_e bcm = YACA_BCM_GCM; - size_t key_bits = YACA_KEY_LENGTH_256BIT; + size_t key_bit_len = YACA_KEY_LENGTH_256BIT; yaca_context_h ctx = YACA_CONTEXT_NULL; yaca_key_h key_pub = YACA_KEY_NULL; @@ -162,7 +162,7 @@ void encrypt_seal_aes_gcm(void) size_t block_len; size_t output_len; - size_t out_len; + size_t written_len; size_t rem; printf("Plain data (16 of %zu bytes): %.16s\n", LOREM4096_SIZE, lorem4096); @@ -185,7 +185,7 @@ void encrypt_seal_aes_gcm(void) /* Encryption */ { - if (yaca_seal_initialize(&ctx, key_pub, algo, bcm, key_bits, &sym_key, &iv) != YACA_ERROR_NONE) + if (yaca_seal_initialize(&ctx, key_pub, algo, bcm, key_bit_len, &sym_key, &iv) != YACA_ERROR_NONE) goto exit; /* Provide any AAD data */ @@ -205,15 +205,15 @@ void encrypt_seal_aes_gcm(void) if (yaca_malloc(enc_len, (void**)&enc) != YACA_ERROR_NONE) goto exit; - out_len = enc_len; - if (yaca_seal_update(ctx, lorem4096, LOREM4096_SIZE, enc, &out_len) != YACA_ERROR_NONE) + written_len = enc_len; + if (yaca_seal_update(ctx, lorem4096, LOREM4096_SIZE, enc, &written_len) != YACA_ERROR_NONE) goto exit; - rem = enc_len - out_len; - if (yaca_seal_finalize(ctx, enc + out_len, &rem) != YACA_ERROR_NONE) + rem = enc_len - written_len; + if (yaca_seal_finalize(ctx, enc + written_len, &rem) != YACA_ERROR_NONE) goto exit; - enc_len = rem + out_len; + enc_len = rem + written_len; /* Set the tag length and get the tag after final encryption */ if (yaca_context_set_property(ctx, YACA_PROPERTY_GCM_TAG_LEN, @@ -231,7 +231,7 @@ void encrypt_seal_aes_gcm(void) /* Decryption */ { - if (yaca_open_initialize(&ctx, key_priv, algo, bcm, key_bits, sym_key, iv) != YACA_ERROR_NONE) + if (yaca_open_initialize(&ctx, key_priv, algo, bcm, key_bit_len, sym_key, iv) != YACA_ERROR_NONE) goto exit; /* Provide any AAD data */ @@ -251,20 +251,20 @@ void encrypt_seal_aes_gcm(void) if (yaca_malloc(dec_len, (void**)&dec) != YACA_ERROR_NONE) goto exit; - out_len = dec_len; - if (yaca_open_update(ctx, enc, enc_len, dec, &out_len) != YACA_ERROR_NONE) + written_len = dec_len; + if (yaca_open_update(ctx, enc, enc_len, dec, &written_len) != YACA_ERROR_NONE) goto exit; - rem = dec_len - out_len; + rem = dec_len - written_len; /* Set expected tag value before final decryption */ if (yaca_context_set_property(ctx, YACA_PROPERTY_GCM_TAG, tag, tag_len) != YACA_ERROR_NONE) goto exit; - if (yaca_open_finalize(ctx, dec + out_len, &rem) != YACA_ERROR_NONE) + if (yaca_open_finalize(ctx, dec + written_len, &rem) != YACA_ERROR_NONE) goto exit; - dec_len = rem + out_len; + dec_len = rem + written_len; printf("Decrypted data (16 of %zu bytes): %.16s\n\n", dec_len, dec); } @@ -283,7 +283,7 @@ void encrypt_seal_aes_ccm(void) { yaca_encrypt_algorithm_e algo = YACA_ENCRYPT_AES; yaca_block_cipher_mode_e bcm = YACA_BCM_CCM; - size_t key_bits = YACA_KEY_LENGTH_192BIT; + size_t key_bit_len = YACA_KEY_LENGTH_192BIT; yaca_context_h ctx = YACA_CONTEXT_NULL; yaca_key_h key_pub = YACA_KEY_NULL; @@ -303,7 +303,7 @@ void encrypt_seal_aes_ccm(void) size_t block_len; size_t output_len; - size_t out_len; + size_t written_len; size_t rem; size_t len; @@ -327,7 +327,7 @@ void encrypt_seal_aes_ccm(void) /* Encryption */ { - if (yaca_seal_initialize(&ctx, key_pub, algo, bcm, key_bits, &sym_key, &iv) != YACA_ERROR_NONE) + if (yaca_seal_initialize(&ctx, key_pub, algo, bcm, key_bit_len, &sym_key, &iv) != YACA_ERROR_NONE) goto exit; /* Set tag length (optionally) */ @@ -356,15 +356,15 @@ void encrypt_seal_aes_ccm(void) if (yaca_malloc(enc_len, (void**)&enc) != YACA_ERROR_NONE) goto exit; - out_len = enc_len; - if (yaca_seal_update(ctx, lorem4096, LOREM4096_SIZE, enc, &out_len) != YACA_ERROR_NONE) + written_len = enc_len; + if (yaca_seal_update(ctx, lorem4096, LOREM4096_SIZE, enc, &written_len) != YACA_ERROR_NONE) goto exit; - rem = enc_len - out_len; - if (yaca_seal_finalize(ctx, enc + out_len, &rem) != YACA_ERROR_NONE) + rem = enc_len - written_len; + if (yaca_seal_finalize(ctx, enc + written_len, &rem) != YACA_ERROR_NONE) goto exit; - enc_len = rem + out_len; + enc_len = rem + written_len; /* Get the tag after final encryption */ if (yaca_context_get_property(ctx, YACA_PROPERTY_CCM_TAG, (void**)tag, &tag_len) != YACA_ERROR_NONE) @@ -378,7 +378,7 @@ void encrypt_seal_aes_ccm(void) /* Decryption */ { - if (yaca_open_initialize(&ctx, key_priv, algo, bcm, key_bits, sym_key, iv) != YACA_ERROR_NONE) + if (yaca_open_initialize(&ctx, key_priv, algo, bcm, key_bit_len, sym_key, iv) != YACA_ERROR_NONE) goto exit; /* Set expected tag value */ @@ -406,13 +406,13 @@ void encrypt_seal_aes_ccm(void) if (yaca_malloc(dec_len, (void**)&dec) != YACA_ERROR_NONE) goto exit; - out_len = dec_len; + written_len = dec_len; /* The tag verify is performed when you call the final yaca_open_update(), * there is no call to yaca_open_finalize() */ - if (yaca_open_update(ctx, enc, enc_len, dec, &out_len) != YACA_ERROR_NONE) + if (yaca_open_update(ctx, enc, enc_len, dec, &written_len) != YACA_ERROR_NONE) goto exit; - dec_len = out_len; + dec_len = written_len; printf("Decrypted data (16 of %zu bytes): %.16s\n\n", dec_len, dec); } @@ -438,20 +438,20 @@ int main() printf("AES CBC 256bit key seal/open\n"); yaca_encrypt_algorithm_e algo = YACA_ENCRYPT_AES; yaca_block_cipher_mode_e bcm = YACA_BCM_CBC; - size_t key_bits = YACA_KEY_LENGTH_256BIT; - encrypt_seal(algo, bcm, key_bits); + size_t key_bit_len = YACA_KEY_LENGTH_256BIT; + encrypt_seal(algo, bcm, key_bit_len); printf("3DES 192bit key seal/open\n"); algo = YACA_ENCRYPT_3DES_3TDEA; bcm = YACA_BCM_CFB; - key_bits = YACA_KEY_LENGTH_192BIT; - encrypt_seal(algo, bcm, key_bits); - - printf("RC4 40bit key seal/open\n"); - algo = YACA_ENCRYPT_UNSAFE_RC4; - bcm = YACA_BCM_NONE; - key_bits = YACA_KEY_LENGTH_UNSAFE_40BIT; - encrypt_seal(algo, bcm, key_bits); + key_bit_len = YACA_KEY_LENGTH_192BIT; + encrypt_seal(algo, bcm, key_bit_len); + + printf("RC2 40bit key seal/open\n"); + algo = YACA_ENCRYPT_UNSAFE_RC2; + bcm = YACA_BCM_OFB; + key_bit_len = YACA_KEY_LENGTH_UNSAFE_40BIT; + encrypt_seal(algo, bcm, key_bit_len); printf("AES GCM 256bit key seal/open\n"); encrypt_seal_aes_gcm(); diff --git a/readme.txt b/readme.txt index 664632f..26518b2 100644 --- a/readme.txt +++ b/readme.txt @@ -14,7 +14,7 @@ Project structure: General design: - All memory allocated by API should be freed with yaca_free() - - Contexts and keys should be freed with yaca_context_destroy()/yaca_key_destroy() + - Contexts and keys should be released with yaca_context_destroy()/yaca_key_destroy() - Function names: yaca__; Ex: yaca_verify_initialize() - Simplified/Simple functions don't have part, but have prefix - Enums: YACA__; Ex: YACA_KEY_LENGTH_256BIT diff --git a/src/crypto.c b/src/crypto.c index 158bcf8..2714120 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -77,7 +77,7 @@ API int yaca_initialize(void) { int ret = YACA_ERROR_NONE; - /* no calling yaca_initalize() twice on the same thread */ + /* no calling yaca_initialize() twice on the same thread */ if (current_thread_initialized) return YACA_ERROR_INTERNAL; @@ -142,7 +142,7 @@ API int yaca_initialize(void) /* * TODO: * - We should also decide on Openssl config. - * - Here's a good tutorial for initalization and cleanup: + * - Here's a good tutorial for initialization and cleanup: * https://wiki.openssl.org/index.php/Library_Initialization * - We should also initialize the entropy for random number generator: * https://wiki.openssl.org/index.php/Random_Numbers#Initialization @@ -260,26 +260,26 @@ API int yaca_randomize_bytes(char *data, size_t data_len) API int yaca_context_set_property(yaca_context_h ctx, yaca_property_e property, const void *value, size_t value_len) { - if (ctx == YACA_CONTEXT_NULL || ctx->set_param == NULL) + if (ctx == YACA_CONTEXT_NULL || ctx->set_property == NULL) return YACA_ERROR_INVALID_PARAMETER; - return ctx->set_param(ctx, property, value, value_len); + return ctx->set_property(ctx, property, value, value_len); } API int yaca_context_get_property(const yaca_context_h ctx, yaca_property_e property, void **value, size_t *value_len) { - if (ctx == YACA_CONTEXT_NULL || ctx->get_param == NULL) + if (ctx == YACA_CONTEXT_NULL || ctx->get_property == NULL) return YACA_ERROR_INVALID_PARAMETER; - return ctx->get_param(ctx, property, value, value_len); + return ctx->get_property(ctx, property, value, value_len); } API void yaca_context_destroy(yaca_context_h ctx) { if (ctx != YACA_CONTEXT_NULL) { - assert(ctx->ctx_destroy != NULL); - ctx->ctx_destroy(ctx); + assert(ctx->context_destroy != NULL); + ctx->context_destroy(ctx); yaca_free(ctx); } } diff --git a/src/digest.c b/src/digest.c index b003e97..fa342bb 100644 --- a/src/digest.c +++ b/src/digest.c @@ -31,20 +31,20 @@ #include "internal.h" -struct yaca_digest_ctx_s { +struct yaca_digest_context_s { struct yaca_context_s ctx; - EVP_MD_CTX *mdctx; + EVP_MD_CTX *md_ctx; }; -static struct yaca_digest_ctx_s *get_digest_ctx(const yaca_context_h ctx) +static struct yaca_digest_context_s *get_digest_context(const yaca_context_h ctx) { if (ctx == YACA_CONTEXT_NULL) return NULL; switch (ctx->type) { - case YACA_CTX_DIGEST: - return (struct yaca_digest_ctx_s *)ctx; + case YACA_CONTEXT_DIGEST: + return (struct yaca_digest_context_s *)ctx; default: return NULL; } @@ -56,12 +56,12 @@ static int get_digest_output_length(const yaca_context_h ctx, { assert(output_len != NULL); - struct yaca_digest_ctx_s *c = get_digest_ctx(ctx); + struct yaca_digest_context_s *c = get_digest_context(ctx); if (c == NULL || input_len != 0) return YACA_ERROR_INVALID_PARAMETER; - int md_size = EVP_MD_CTX_size(c->mdctx); + int md_size = EVP_MD_CTX_size(c->md_ctx); if (md_size <= 0) return YACA_ERROR_INTERNAL; @@ -72,13 +72,13 @@ static int get_digest_output_length(const yaca_context_h ctx, static void destroy_digest_context(yaca_context_h ctx) { - struct yaca_digest_ctx_s *c = get_digest_ctx(ctx); + struct yaca_digest_context_s *c = get_digest_context(ctx); if (c == NULL) return; - EVP_MD_CTX_destroy(c->mdctx); - c->mdctx = NULL; + EVP_MD_CTX_destroy(c->md_ctx); + c->md_ctx = NULL; } int digest_get_algorithm(yaca_digest_algorithm_e algo, const EVP_MD **md) @@ -125,32 +125,32 @@ int digest_get_algorithm(yaca_digest_algorithm_e algo, const EVP_MD **md) API int yaca_digest_initialize(yaca_context_h *ctx, yaca_digest_algorithm_e algo) { int ret; - struct yaca_digest_ctx_s *nc = NULL; + struct yaca_digest_context_s *nc = NULL; const EVP_MD *md; if (ctx == NULL) return YACA_ERROR_INVALID_PARAMETER; - ret = yaca_zalloc(sizeof(struct yaca_digest_ctx_s), (void**)&nc); + ret = yaca_zalloc(sizeof(struct yaca_digest_context_s), (void**)&nc); if (ret != YACA_ERROR_NONE) return ret; - nc->ctx.type = YACA_CTX_DIGEST; - nc->ctx.ctx_destroy = destroy_digest_context; + nc->ctx.type = YACA_CONTEXT_DIGEST; + nc->ctx.context_destroy = destroy_digest_context; nc->ctx.get_output_length = get_digest_output_length; ret = digest_get_algorithm(algo, &md); if (ret != YACA_ERROR_NONE) goto exit; - nc->mdctx = EVP_MD_CTX_create(); - if (nc->mdctx == NULL) { + nc->md_ctx = EVP_MD_CTX_create(); + if (nc->md_ctx == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); goto exit; } - ret = EVP_DigestInit(nc->mdctx, md); + ret = EVP_DigestInit(nc->md_ctx, md); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); @@ -169,13 +169,13 @@ exit: API int yaca_digest_update(yaca_context_h ctx, const char *data, size_t data_len) { - struct yaca_digest_ctx_s *c = get_digest_ctx(ctx); + struct yaca_digest_context_s *c = get_digest_context(ctx); int ret; if (c == NULL || data == NULL || data_len == 0) return YACA_ERROR_INVALID_PARAMETER; - ret = EVP_DigestUpdate(c->mdctx, data, data_len); + ret = EVP_DigestUpdate(c->md_ctx, data, data_len); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); @@ -187,7 +187,7 @@ API int yaca_digest_update(yaca_context_h ctx, const char *data, size_t data_len API int yaca_digest_finalize(yaca_context_h ctx, char *digest, size_t *digest_len) { - struct yaca_digest_ctx_s *c = get_digest_ctx(ctx); + struct yaca_digest_context_s *c = get_digest_context(ctx); int ret; unsigned len = 0; @@ -197,7 +197,7 @@ API int yaca_digest_finalize(yaca_context_h ctx, char *digest, size_t *digest_le if (*digest_len == 0 || *digest_len > UINT_MAX) /* DigestFinal accepts UINT */ return YACA_ERROR_INVALID_PARAMETER; - ret = EVP_DigestFinal_ex(c->mdctx, (unsigned char*)digest, &len); + ret = EVP_DigestFinal_ex(c->md_ctx, (unsigned char*)digest, &len); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); diff --git a/src/encrypt.c b/src/encrypt.c index b248896..6dc4527 100644 --- a/src/encrypt.c +++ b/src/encrypt.c @@ -39,7 +39,7 @@ struct yaca_encrypt_context_s *get_encrypt_context(const yaca_context_h ctx) return NULL; switch (ctx->type) { - case YACA_CTX_ENCRYPT: + case YACA_CONTEXT_ENCRYPT: return (struct yaca_encrypt_context_s *)ctx; default: return NULL; @@ -257,7 +257,7 @@ static const char *bcm_to_str(yaca_block_cipher_mode_e bcm) int encrypt_get_algorithm(yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, - size_t key_bits, + size_t key_bit_len, const EVP_CIPHER **cipher) { char cipher_name[32]; @@ -266,14 +266,13 @@ int encrypt_get_algorithm(yaca_encrypt_algorithm_e algo, const EVP_CIPHER *lcipher; int ret; - if (algo_name == NULL || bcm_name == NULL || key_bits == 0 || - cipher == NULL) + if (algo_name == NULL || bcm_name == NULL || key_bit_len == 0 || cipher == NULL) return YACA_ERROR_INVALID_PARAMETER; switch (algo) { case YACA_ENCRYPT_AES: ret = snprintf(cipher_name, sizeof(cipher_name), "%s-%zu-%s", - algo_name, key_bits, bcm_name); + algo_name, key_bit_len, bcm_name); break; case YACA_ENCRYPT_UNSAFE_DES: case YACA_ENCRYPT_UNSAFE_RC2: @@ -317,16 +316,16 @@ static int encrypt_initialize(yaca_context_h *ctx, yaca_block_cipher_mode_e bcm, const yaca_key_h sym_key, const yaca_key_h iv, - enum encrypt_op_type op_type) + enum encrypt_op_type_e op_type) { const struct yaca_key_simple_s *lkey; const struct yaca_key_simple_s *liv; struct yaca_encrypt_context_s *nc; const EVP_CIPHER *cipher; - size_t key_bits; + size_t key_bit_len; unsigned char *iv_data = NULL; - size_t iv_bits; - size_t iv_bits_check; + size_t iv_bit_len; + size_t iv_bit_len_check; int ret; if (ctx == NULL || sym_key == YACA_KEY_NULL) @@ -340,19 +339,19 @@ static int encrypt_initialize(yaca_context_h *ctx, if (ret != YACA_ERROR_NONE) return ret; - nc->ctx.type = YACA_CTX_ENCRYPT; - nc->ctx.ctx_destroy = destroy_encrypt_context; + nc->ctx.type = YACA_CONTEXT_ENCRYPT; + nc->ctx.context_destroy = destroy_encrypt_context; nc->ctx.get_output_length = get_encrypt_output_length; - nc->ctx.set_param = set_encrypt_property; - nc->ctx.get_param = get_encrypt_property; + nc->ctx.set_property = set_encrypt_property; + nc->ctx.get_property = get_encrypt_property; nc->op_type = op_type; nc->tag_len = 0; - ret = yaca_key_get_bit_length(sym_key, &key_bits); + ret = yaca_key_get_bit_length(sym_key, &key_bit_len); if (ret != YACA_ERROR_NONE) goto exit; - ret = encrypt_get_algorithm(algo, bcm, key_bits, &cipher); + ret = encrypt_get_algorithm(algo, bcm, key_bit_len, &cipher); if (ret != YACA_ERROR_NONE) goto exit; @@ -363,25 +362,25 @@ static int encrypt_initialize(yaca_context_h *ctx, goto exit; } - iv_bits = ret * 8; - if (iv_bits == 0 && iv != NULL) { /* 0 -> cipher doesn't use iv, but it was provided */ + iv_bit_len = ret * 8; + if (iv_bit_len == 0 && iv != NULL) { /* 0 -> cipher doesn't use iv, but it was provided */ ret = YACA_ERROR_INVALID_PARAMETER; goto exit; } - if (iv_bits != 0) { /* cipher requires iv*/ + if (iv_bit_len != 0) { /* cipher requires iv*/ liv = key_get_simple(iv); if (liv == NULL) { /* iv was not provided */ ret = YACA_ERROR_INVALID_PARAMETER; goto exit; } - ret = yaca_key_get_bit_length(iv, &iv_bits_check); + ret = yaca_key_get_bit_length(iv, &iv_bit_len_check); if (ret != YACA_ERROR_NONE) { ret = YACA_ERROR_INVALID_PARAMETER; goto exit; } /* IV length doesn't match cipher (GCM & CCM supports variable IV length) */ - if (iv_bits != iv_bits_check && + if (iv_bit_len != iv_bit_len_check && bcm != YACA_BCM_GCM && bcm != YACA_BCM_CCM) { ret = YACA_ERROR_INVALID_PARAMETER; @@ -416,7 +415,7 @@ static int encrypt_initialize(yaca_context_h *ctx, } /* Handling of algorithms with variable key length */ - ret = EVP_CIPHER_CTX_set_key_length(nc->cipher_ctx, key_bits / 8); + ret = EVP_CIPHER_CTX_set_key_length(nc->cipher_ctx, key_bit_len / 8); if (ret != 1) { ret = YACA_ERROR_INVALID_PARAMETER; ERROR_DUMP(ret); @@ -424,14 +423,14 @@ static int encrypt_initialize(yaca_context_h *ctx, } /* Handling of algorithms with variable IV length */ - if (iv_bits != iv_bits_check) { + if (iv_bit_len != iv_bit_len_check) { if (bcm == YACA_BCM_GCM) ret = EVP_CIPHER_CTX_ctrl(nc->cipher_ctx, EVP_CTRL_GCM_SET_IVLEN, - iv_bits_check / 8, NULL); + iv_bit_len_check / 8, NULL); if (bcm == YACA_BCM_CCM) ret = EVP_CIPHER_CTX_ctrl(nc->cipher_ctx, EVP_CTRL_CCM_SET_IVLEN, - iv_bits_check / 8, NULL); + iv_bit_len_check / 8, NULL); if (ret != 1) { ret = YACA_ERROR_INVALID_PARAMETER; @@ -475,7 +474,7 @@ exit: int encrypt_update(yaca_context_h ctx, const unsigned char *input, size_t input_len, unsigned char *output, size_t *output_len, - enum encrypt_op_type op_type) + enum encrypt_op_type_e op_type) { struct yaca_encrypt_context_s *c = get_encrypt_context(ctx); int ret; @@ -513,7 +512,7 @@ int encrypt_update(yaca_context_h ctx, int encrypt_finalize(yaca_context_h ctx, unsigned char *output, size_t *output_len, - enum encrypt_op_type op_type) + enum encrypt_op_type_e op_type) { struct yaca_encrypt_context_s *c = get_encrypt_context(ctx); int ret; diff --git a/src/internal.h b/src/internal.h index dce0a61..762c019 100644 --- a/src/internal.h +++ b/src/internal.h @@ -34,14 +34,14 @@ #define API __attribute__ ((visibility("default"))) #define UNUSED __attribute__((unused)) -enum yaca_ctx_type_e { - YACA_CTX_INVALID = 0, - YACA_CTX_DIGEST, - YACA_CTX_SIGN, - YACA_CTX_ENCRYPT +enum yaca_context_type_e { + YACA_CONTEXT_INVALID = 0, + YACA_CONTEXT_DIGEST, + YACA_CONTEXT_SIGN, + YACA_CONTEXT_ENCRYPT }; -enum encrypt_op_type { +enum encrypt_op_type_e { OP_ENCRYPT = 0, OP_DECRYPT = 1, OP_SEAL = 2, @@ -50,21 +50,21 @@ enum encrypt_op_type { /* Base structure for crypto contexts - to be inherited */ struct yaca_context_s { - enum yaca_ctx_type_e type; + enum yaca_context_type_e type; - void (*ctx_destroy)(const yaca_context_h ctx); + void (*context_destroy)(const yaca_context_h ctx); int (*get_output_length)(const yaca_context_h ctx, size_t input_len, size_t *output_len); - int (*set_param)(yaca_context_h ctx, yaca_property_e param, - const void *value, size_t value_len); - int (*get_param)(const yaca_context_h ctx, yaca_property_e param, - void **value, size_t *value_len); + int (*set_property)(yaca_context_h ctx, yaca_property_e property, + const void *value, size_t value_len); + int (*get_property)(const yaca_context_h ctx, yaca_property_e property, + void **value, size_t *value_len); }; struct yaca_encrypt_context_s { struct yaca_context_s ctx; EVP_CIPHER_CTX *cipher_ctx; - enum encrypt_op_type op_type; /* Operation context was created for */ + enum encrypt_op_type_e op_type; /* Operation context was created for */ size_t tag_len; }; @@ -82,7 +82,7 @@ struct yaca_key_s { struct yaca_key_simple_s { struct yaca_key_s key; - size_t bits; + size_t bit_len; char d[]; }; @@ -116,17 +116,17 @@ int get_encrypt_property(const yaca_context_h ctx, yaca_property_e property, int encrypt_get_algorithm(yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, - size_t key_bits, + size_t key_bit_len, const EVP_CIPHER **cipher); int encrypt_update(yaca_context_h ctx, const unsigned char *input, size_t input_len, unsigned char *output, size_t *output_len, - enum encrypt_op_type op_type); + enum encrypt_op_type_e op_type); int encrypt_finalize(yaca_context_h ctx, unsigned char *output, size_t *output_len, - enum encrypt_op_type op_type); + enum encrypt_op_type_e op_type); struct yaca_key_simple_s *key_get_simple(const yaca_key_h key); struct yaca_key_evp_s *key_get_evp(const yaca_key_h key); diff --git a/src/key.c b/src/key.c index 4153434..e018d14 100644 --- a/src/key.c +++ b/src/key.c @@ -32,7 +32,6 @@ #include #include #include -#include #include #include @@ -219,7 +218,7 @@ int import_simple(yaca_key_h *key, return ret; } - /* key_bits has to fit in size_t */ + /* key_bit_len has to fit in size_t */ if (key_data_len > SIZE_MAX / 8) { ret = YACA_ERROR_INVALID_PARAMETER; goto exit; @@ -227,10 +226,10 @@ int import_simple(yaca_key_h *key, /* DES key length verification */ if (key_type == YACA_KEY_TYPE_DES) { - size_t key_bits = key_data_len * 8; - if (key_bits != YACA_KEY_LENGTH_UNSAFE_64BIT && - key_bits != YACA_KEY_LENGTH_UNSAFE_128BIT && - key_bits != YACA_KEY_LENGTH_192BIT) { + size_t key_bit_len = key_data_len * 8; + if (key_bit_len != YACA_KEY_LENGTH_UNSAFE_64BIT && + key_bit_len != YACA_KEY_LENGTH_UNSAFE_128BIT && + key_bit_len != YACA_KEY_LENGTH_192BIT) { ret = YACA_ERROR_INVALID_PARAMETER; goto exit; } @@ -241,7 +240,7 @@ int import_simple(yaca_key_h *key, goto exit; memcpy(nk->d, key_data, key_data_len); - nk->bits = key_data_len * 8; + nk->bit_len = key_data_len * 8; nk->key.type = key_type; *key = (yaca_key_h)nk; @@ -426,7 +425,7 @@ int export_simple_raw(struct yaca_key_simple_s *simple_key, assert(data != NULL); assert(data_len != NULL); - size_t key_len = simple_key->bits / 8; + size_t key_len = simple_key->bit_len / 8; assert(key_len > 0); @@ -449,7 +448,7 @@ int export_simple_base64(struct yaca_key_simple_s *simple_key, assert(data_len != NULL); int ret; - size_t key_len = simple_key->bits / 8; + size_t key_len = simple_key->bit_len / 8; BIO *b64; BIO *mem; char *bio_data; @@ -735,19 +734,19 @@ exit: return ret; } -int gen_simple(struct yaca_key_simple_s **out, size_t key_bits) +int generate_simple(struct yaca_key_simple_s **out, size_t key_bit_len) { assert(out != NULL); int ret; struct yaca_key_simple_s *nk; - size_t key_byte_len = key_bits / 8; + size_t key_byte_len = key_bit_len / 8; ret = yaca_zalloc(sizeof(struct yaca_key_simple_s) + key_byte_len, (void**)&nk); if (ret != YACA_ERROR_NONE) return ret; - nk->bits = key_bits; + nk->bit_len = key_bit_len; ret = yaca_randomize_bytes(nk->d, key_byte_len); if (ret != YACA_ERROR_NONE) @@ -757,18 +756,18 @@ int gen_simple(struct yaca_key_simple_s **out, size_t key_bits) return YACA_ERROR_NONE; } -int gen_simple_des(struct yaca_key_simple_s **out, size_t key_bits) +int generate_simple_des(struct yaca_key_simple_s **out, size_t key_bit_len) { assert(out != NULL); - if (key_bits != YACA_KEY_LENGTH_UNSAFE_64BIT && - key_bits != YACA_KEY_LENGTH_UNSAFE_128BIT && - key_bits != YACA_KEY_LENGTH_192BIT) + if (key_bit_len != YACA_KEY_LENGTH_UNSAFE_64BIT && + key_bit_len != YACA_KEY_LENGTH_UNSAFE_128BIT && + key_bit_len != YACA_KEY_LENGTH_192BIT) return YACA_ERROR_INVALID_PARAMETER; int ret; struct yaca_key_simple_s *nk; - size_t key_byte_len = key_bits / 8; + size_t key_byte_len = key_bit_len / 8; ret = yaca_zalloc(sizeof(struct yaca_key_simple_s) + key_byte_len, (void**)&nk); if (ret != YACA_ERROR_NONE) @@ -800,7 +799,7 @@ int gen_simple_des(struct yaca_key_simple_s **out, size_t key_bits) } } - nk->bits = key_bits; + nk->bit_len = key_bit_len; *out = nk; nk = NULL; ret = YACA_ERROR_NONE; @@ -811,12 +810,12 @@ exit: return ret; } -// TODO: consider merging gen_evp_*, they share awful lot of common code -int gen_evp_rsa(struct yaca_key_evp_s **out, size_t key_bits) +// TODO: consider merging generate_evp_*, they share awful lot of common code +int generate_evp_rsa(struct yaca_key_evp_s **out, size_t key_bit_len) { assert(out != NULL); - assert(key_bits > 0); - assert(key_bits % 8 == 0); + assert(key_bit_len > 0); + assert(key_bit_len % 8 == 0); int ret; struct yaca_key_evp_s *nk; @@ -841,7 +840,7 @@ int gen_evp_rsa(struct yaca_key_evp_s **out, size_t key_bits) goto exit; } - ret = EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, key_bits); + ret = EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, key_bit_len); if (ret != 1) { ret = ERROR_HANDLE(); goto exit; @@ -868,15 +867,15 @@ exit: return ret; } -int gen_evp_dsa(struct yaca_key_evp_s **out, size_t key_bits) +int generate_evp_dsa(struct yaca_key_evp_s **out, size_t key_bit_len) { assert(out != NULL); - assert(key_bits > 0); - assert(key_bits % 8 == 0); + assert(key_bit_len > 0); + assert(key_bit_len % 8 == 0); /* Openssl generates 512-bit key for key lengths smaller than 512. It also * rounds key size to multiplication of 64. */ - if (key_bits < 512 || key_bits % 64 != 0) + if (key_bit_len < 512 || key_bit_len % 64 != 0) return YACA_ERROR_INVALID_PARAMETER; int ret; @@ -904,7 +903,7 @@ int gen_evp_dsa(struct yaca_key_evp_s **out, size_t key_bits) goto exit; } - ret = EVP_PKEY_CTX_set_dsa_paramgen_bits(pctx, key_bits); + ret = EVP_PKEY_CTX_set_dsa_paramgen_bits(pctx, key_bit_len); if (ret != 1) { ret = ERROR_HANDLE(); goto exit; @@ -968,8 +967,8 @@ struct yaca_key_simple_s *key_get_simple(const yaca_key_h key) k = (struct yaca_key_simple_s *)key; /* sanity check */ - assert(k->bits != 0); - assert(k->bits % 8 == 0); + assert(k->bit_len != 0); + assert(k->bit_len % 8 == 0); assert(k->d != NULL); return k; @@ -1007,7 +1006,7 @@ static yaca_key_h key_copy_simple(const struct yaca_key_simple_s *key) assert(key != NULL); struct yaca_key_simple_s *copy; - size_t size = sizeof(struct yaca_key_simple_s) + key->bits / 8; + size_t size = sizeof(struct yaca_key_simple_s) + key->bit_len / 8; ret = yaca_zalloc(size, (void**)©); if (ret != YACA_ERROR_NONE) @@ -1068,7 +1067,7 @@ API int yaca_key_get_bit_length(const yaca_key_h key, size_t *key_bit_len) return YACA_ERROR_INVALID_PARAMETER; if (simple_key != NULL) { - *key_bit_len = simple_key->bits; + *key_bit_len = simple_key->bit_len; return YACA_ERROR_NONE; } @@ -1176,16 +1175,16 @@ API int yaca_key_generate(yaca_key_type_e key_type, switch (key_type) { case YACA_KEY_TYPE_SYMMETRIC: case YACA_KEY_TYPE_IV: - ret = gen_simple(&nk_simple, key_bit_len); + ret = generate_simple(&nk_simple, key_bit_len); break; case YACA_KEY_TYPE_DES: - ret = gen_simple_des(&nk_simple, key_bit_len); + ret = generate_simple_des(&nk_simple, key_bit_len); break; case YACA_KEY_TYPE_RSA_PRIV: - ret = gen_evp_rsa(&nk_evp, key_bit_len); + ret = generate_evp_rsa(&nk_evp, key_bit_len); break; case YACA_KEY_TYPE_DSA_PRIV: - ret = gen_evp_dsa(&nk_evp, key_bit_len); + ret = generate_evp_dsa(&nk_evp, key_bit_len); break; // case YACA_KEY_TYPE_DH_PRIV: // case YACA_KEY_TYPE_EC_PRIV: @@ -1309,7 +1308,7 @@ API int yaca_key_derive_pbkdf2(const char *password, iterations == 0 || key_bit_len == 0 || key == NULL) return YACA_ERROR_INVALID_PARAMETER; - if (key_bit_len % 8) /* Key length must be multiple of 8-bits */ + if (key_bit_len % 8) /* Key length must be multiple of 8-bit_len */ return YACA_ERROR_INVALID_PARAMETER; if (iterations > INT_MAX) /* OpenSSL limitation */ @@ -1323,7 +1322,7 @@ API int yaca_key_derive_pbkdf2(const char *password, if (ret != YACA_ERROR_NONE) return ret; - nk->bits = key_bit_len; + nk->bit_len = key_bit_len; nk->key.type = YACA_KEY_TYPE_SYMMETRIC; // TODO: how to handle other keys? ret = PKCS5_PBKDF2_HMAC(password, -1, (const unsigned char*)salt, diff --git a/src/seal.c b/src/seal.c index 9f30bd8..7ff74d1 100644 --- a/src/seal.c +++ b/src/seal.c @@ -65,11 +65,11 @@ API int yaca_seal_initialize(yaca_context_h *ctx, if (ret != YACA_ERROR_NONE) return ret; - nc->ctx.type = YACA_CTX_ENCRYPT; - nc->ctx.ctx_destroy = destroy_encrypt_context; + nc->ctx.type = YACA_CONTEXT_ENCRYPT; + nc->ctx.context_destroy = destroy_encrypt_context; nc->ctx.get_output_length = get_encrypt_output_length; - nc->ctx.set_param = set_encrypt_property; - nc->ctx.get_param = get_encrypt_property; + nc->ctx.set_property = set_encrypt_property; + nc->ctx.get_property = get_encrypt_property; nc->op_type = OP_SEAL; nc->tag_len = 0; @@ -126,13 +126,13 @@ API int yaca_seal_initialize(yaca_context_h *ctx, goto exit; } - lkey->bits = key_data_length * 8; + lkey->bit_len = key_data_length * 8; lkey->key.type = YACA_KEY_TYPE_SYMMETRIC; *sym_key = (yaca_key_h)lkey; lkey = NULL; if (iv_length > 0) { - liv->bits = iv_length * 8; + liv->bit_len = iv_length * 8; liv->key.type = YACA_KEY_TYPE_IV; *iv = (yaca_key_h)liv; liv = NULL; @@ -182,8 +182,8 @@ API int yaca_open_initialize(yaca_context_h *ctx, struct yaca_encrypt_context_s *nc; const EVP_CIPHER *cipher; unsigned char *iv_data = NULL; - size_t iv_bits; - size_t iv_bits_check; + size_t iv_bit_len; + size_t iv_bit_len_check; int ret; if (ctx == NULL || prv_key == YACA_KEY_NULL || sym_key == YACA_KEY_NULL) @@ -202,11 +202,11 @@ API int yaca_open_initialize(yaca_context_h *ctx, if (ret != YACA_ERROR_NONE) return ret; - nc->ctx.type = YACA_CTX_ENCRYPT; - nc->ctx.ctx_destroy = destroy_encrypt_context; + nc->ctx.type = YACA_CONTEXT_ENCRYPT; + nc->ctx.context_destroy = destroy_encrypt_context; nc->ctx.get_output_length = get_encrypt_output_length; - nc->ctx.set_param = set_encrypt_property; - nc->ctx.get_param = get_encrypt_property; + nc->ctx.set_property = set_encrypt_property; + nc->ctx.get_property = get_encrypt_property; nc->op_type = OP_OPEN; nc->tag_len = 0; @@ -221,25 +221,25 @@ API int yaca_open_initialize(yaca_context_h *ctx, goto exit; } - iv_bits = ret * 8; - if (iv_bits == 0 && iv != NULL) { /* 0 -> cipher doesn't use iv, but it was provided */ + iv_bit_len = ret * 8; + if (iv_bit_len == 0 && iv != NULL) { /* 0 -> cipher doesn't use iv, but it was provided */ ret = YACA_ERROR_INVALID_PARAMETER; goto exit; } - if (iv_bits > 0) { /* cipher requires iv*/ + if (iv_bit_len > 0) { /* cipher requires iv*/ liv = key_get_simple(iv); if (liv == NULL || liv->key.type != YACA_KEY_TYPE_IV) { /* iv was not provided */ ret = YACA_ERROR_INVALID_PARAMETER; goto exit; } - ret = yaca_key_get_bit_length(iv, &iv_bits_check); + ret = yaca_key_get_bit_length(iv, &iv_bit_len_check); if (ret != YACA_ERROR_NONE) { ret = YACA_ERROR_INVALID_PARAMETER; goto exit; } /* IV length doesn't match cipher */ - if (iv_bits != iv_bits_check) { + if (iv_bit_len != iv_bit_len_check) { ret = YACA_ERROR_INVALID_PARAMETER; goto exit; } diff --git a/src/sign.c b/src/sign.c index acb0392..a159e50 100644 --- a/src/sign.c +++ b/src/sign.c @@ -43,21 +43,21 @@ enum sign_op_type { OP_VERIFY = 1 }; -struct yaca_sign_ctx_s { +struct yaca_sign_context_s { struct yaca_context_s ctx; - EVP_MD_CTX *mdctx; + EVP_MD_CTX *md_ctx; enum sign_op_type op_type; }; -static struct yaca_sign_ctx_s *get_sign_ctx(const yaca_context_h ctx) +static struct yaca_sign_context_s *get_sign_context(const yaca_context_h ctx) { if (ctx == YACA_CONTEXT_NULL) return NULL; switch (ctx->type) { - case YACA_CTX_SIGN: - return (struct yaca_sign_ctx_s *)ctx; + case YACA_CONTEXT_SIGN: + return (struct yaca_sign_context_s *)ctx; default: return NULL; } @@ -69,17 +69,17 @@ static int get_sign_output_length(const yaca_context_h ctx, { assert(output_len != NULL); - struct yaca_sign_ctx_s *c = get_sign_ctx(ctx); + struct yaca_sign_context_s *c = get_sign_context(ctx); if (c == NULL || input_len != 0) return YACA_ERROR_INVALID_PARAMETER; - assert(c->mdctx != NULL); + assert(c->md_ctx != NULL); - if (c->mdctx->pctx == NULL) + if (c->md_ctx->pctx == NULL) return YACA_ERROR_INTERNAL; - EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(c->mdctx->pctx); + EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(c->md_ctx->pctx); if (pkey == NULL) { ERROR_DUMP(YACA_ERROR_INTERNAL); return YACA_ERROR_INTERNAL; @@ -97,22 +97,22 @@ static int get_sign_output_length(const yaca_context_h ctx, static void destroy_sign_context(yaca_context_h ctx) { - struct yaca_sign_ctx_s *c = get_sign_ctx(ctx); + struct yaca_sign_context_s *c = get_sign_context(ctx); if (c == NULL) return; - EVP_MD_CTX_destroy(c->mdctx); - c->mdctx = NULL; + EVP_MD_CTX_destroy(c->md_ctx); + c->md_ctx = NULL; } -int set_sign_param(yaca_context_h ctx, - yaca_property_e param, - const void *value, - size_t value_len) +int set_sign_property(yaca_context_h ctx, + yaca_property_e property, + const void *value, + size_t value_len) { int ret; - struct yaca_sign_ctx_s *c = get_sign_ctx(ctx); + struct yaca_sign_context_s *c = get_sign_context(ctx); yaca_padding_e padding; int pad; EVP_PKEY *pkey; @@ -120,13 +120,13 @@ int set_sign_param(yaca_context_h ctx, if (c == NULL || value == NULL) return YACA_ERROR_INVALID_PARAMETER; - assert(c->mdctx != NULL); + assert(c->md_ctx != NULL); - if (c->mdctx->pctx == NULL) + if (c->md_ctx->pctx == NULL) return YACA_ERROR_INTERNAL; /* this function only supports padding */ - if (param != YACA_PROPERTY_PADDING || value_len != sizeof(yaca_padding_e)) + if (property != YACA_PROPERTY_PADDING || value_len != sizeof(yaca_padding_e)) return YACA_ERROR_INVALID_PARAMETER; padding = *(yaca_padding_e *)(value); @@ -147,7 +147,7 @@ int set_sign_param(yaca_context_h ctx, return YACA_ERROR_INVALID_PARAMETER; } - pkey = EVP_PKEY_CTX_get0_pkey(c->mdctx->pctx); + pkey = EVP_PKEY_CTX_get0_pkey(c->md_ctx->pctx); if (pkey == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); @@ -158,7 +158,7 @@ int set_sign_param(yaca_context_h ctx, if (pkey->type != EVP_PKEY_RSA) return YACA_ERROR_INVALID_PARAMETER; - ret = EVP_PKEY_CTX_set_rsa_padding(c->mdctx->pctx, pad); + ret = EVP_PKEY_CTX_set_rsa_padding(c->md_ctx->pctx, pad); if (ret <= 0) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); @@ -168,13 +168,13 @@ int set_sign_param(yaca_context_h ctx, return YACA_ERROR_NONE; } -int get_sign_param(const yaca_context_h ctx, - yaca_property_e param, - void **value, - size_t *value_len) +int get_sign_property(const yaca_context_h ctx, + yaca_property_e property, + void **value, + size_t *value_len) { int ret; - struct yaca_sign_ctx_s *c = get_sign_ctx(ctx); + struct yaca_sign_context_s *c = get_sign_context(ctx); EVP_PKEY *pkey; int pad; yaca_padding_e padding; @@ -182,16 +182,16 @@ int get_sign_param(const yaca_context_h ctx, if (c == NULL || value == NULL) return YACA_ERROR_INVALID_PARAMETER; - assert(c->mdctx != NULL); + assert(c->md_ctx != NULL); - if (c->mdctx->pctx == NULL) + if (c->md_ctx->pctx == NULL) return YACA_ERROR_INTERNAL; /* this function only supports padding */ - if (param != YACA_PROPERTY_PADDING) + if (property != YACA_PROPERTY_PADDING) return YACA_ERROR_INVALID_PARAMETER; - pkey = EVP_PKEY_CTX_get0_pkey(c->mdctx->pctx); + pkey = EVP_PKEY_CTX_get0_pkey(c->md_ctx->pctx); if (pkey == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); @@ -202,7 +202,7 @@ int get_sign_param(const yaca_context_h ctx, if (pkey->type != EVP_PKEY_RSA) return YACA_ERROR_INVALID_PARAMETER; - ret = EVP_PKEY_CTX_get_rsa_padding(c->mdctx->pctx, &pad); + ret = EVP_PKEY_CTX_get_rsa_padding(c->md_ctx->pctx, &pad); if (ret <= 0) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); @@ -240,7 +240,7 @@ API int yaca_sign_initialize(yaca_context_h *ctx, yaca_digest_algorithm_e algo, const yaca_key_h key) { - struct yaca_sign_ctx_s *nc = NULL; + struct yaca_sign_context_s *nc = NULL; const EVP_MD *md = NULL; int ret; const struct yaca_key_evp_s *evp_key = key_get_evp(key); @@ -258,29 +258,29 @@ API int yaca_sign_initialize(yaca_context_h *ctx, return YACA_ERROR_INVALID_PARAMETER; } - ret = yaca_zalloc(sizeof(struct yaca_sign_ctx_s), (void**)&nc); + ret = yaca_zalloc(sizeof(struct yaca_sign_context_s), (void**)&nc); if (ret != YACA_ERROR_NONE) return ret; nc->op_type = OP_SIGN; - nc->ctx.type = YACA_CTX_SIGN; - nc->ctx.ctx_destroy = destroy_sign_context; + nc->ctx.type = YACA_CONTEXT_SIGN; + nc->ctx.context_destroy = destroy_sign_context; nc->ctx.get_output_length = get_sign_output_length; - nc->ctx.set_param = set_sign_param; - nc->ctx.get_param = get_sign_param; + nc->ctx.set_property = set_sign_property; + nc->ctx.get_property = get_sign_property; ret = digest_get_algorithm(algo, &md); if (ret != YACA_ERROR_NONE) goto exit; - nc->mdctx = EVP_MD_CTX_create(); - if (nc->mdctx == NULL) { + nc->md_ctx = EVP_MD_CTX_create(); + if (nc->md_ctx == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); goto exit; } - ret = EVP_DigestSignInit(nc->mdctx, NULL, md, NULL, evp_key->evp); + ret = EVP_DigestSignInit(nc->md_ctx, NULL, md, NULL, evp_key->evp); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); @@ -301,7 +301,7 @@ API int yaca_sign_initialize_hmac(yaca_context_h *ctx, yaca_digest_algorithm_e algo, const yaca_key_h key) { - struct yaca_sign_ctx_s *nc = NULL; + struct yaca_sign_context_s *nc = NULL; EVP_PKEY *pkey = NULL; const EVP_MD *md; int ret; @@ -311,19 +311,19 @@ API int yaca_sign_initialize_hmac(yaca_context_h *ctx, (key->type != YACA_KEY_TYPE_SYMMETRIC && key->type != YACA_KEY_TYPE_DES)) return YACA_ERROR_INVALID_PARAMETER; - ret = yaca_zalloc(sizeof(struct yaca_sign_ctx_s), (void**)&nc); + ret = yaca_zalloc(sizeof(struct yaca_sign_context_s), (void**)&nc); if (ret != YACA_ERROR_NONE) return ret; nc->op_type = OP_SIGN; - nc->ctx.type = YACA_CTX_SIGN; - nc->ctx.ctx_destroy = destroy_sign_context; + nc->ctx.type = YACA_CONTEXT_SIGN; + nc->ctx.context_destroy = destroy_sign_context; nc->ctx.get_output_length = get_sign_output_length; pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, (unsigned char *)simple_key->d, - simple_key->bits / 8); + simple_key->bit_len / 8); if (pkey == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); @@ -334,14 +334,14 @@ API int yaca_sign_initialize_hmac(yaca_context_h *ctx, if (ret != YACA_ERROR_NONE) goto exit; - nc->mdctx = EVP_MD_CTX_create(); - if (nc->mdctx == NULL) { + nc->md_ctx = EVP_MD_CTX_create(); + if (nc->md_ctx == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); goto exit; } - ret = EVP_DigestSignInit(nc->mdctx, NULL, md, NULL, pkey); + ret = EVP_DigestSignInit(nc->md_ctx, NULL, md, NULL, pkey); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); @@ -365,7 +365,7 @@ API int yaca_sign_initialize_cmac(yaca_context_h *ctx, yaca_encrypt_algorithm_e algo, const yaca_key_h key) { - struct yaca_sign_ctx_s *nc = NULL; + struct yaca_sign_context_s *nc = NULL; CMAC_CTX* cmac_ctx = NULL; const EVP_CIPHER* cipher = NULL; EVP_PKEY *pkey = NULL; @@ -376,16 +376,16 @@ API int yaca_sign_initialize_cmac(yaca_context_h *ctx, (key->type != YACA_KEY_TYPE_SYMMETRIC && key->type != YACA_KEY_TYPE_DES)) return YACA_ERROR_INVALID_PARAMETER; - ret = yaca_zalloc(sizeof(struct yaca_sign_ctx_s), (void**)&nc); + ret = yaca_zalloc(sizeof(struct yaca_sign_context_s), (void**)&nc); if (ret != YACA_ERROR_NONE) return ret; nc->op_type = OP_SIGN; - nc->ctx.type = YACA_CTX_SIGN; - nc->ctx.ctx_destroy = destroy_sign_context; + nc->ctx.type = YACA_CONTEXT_SIGN; + nc->ctx.context_destroy = destroy_sign_context; nc->ctx.get_output_length = get_sign_output_length; - ret = encrypt_get_algorithm(algo, YACA_BCM_CBC, simple_key->bits, &cipher); + ret = encrypt_get_algorithm(algo, YACA_BCM_CBC, simple_key->bit_len, &cipher); if (ret != YACA_ERROR_NONE) goto exit; @@ -397,7 +397,7 @@ API int yaca_sign_initialize_cmac(yaca_context_h *ctx, goto exit; } - if (CMAC_Init(cmac_ctx, simple_key->d, simple_key->bits / 8, cipher, NULL) != 1) { + if (CMAC_Init(cmac_ctx, simple_key->d, simple_key->bit_len / 8, cipher, NULL) != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); goto exit; @@ -419,14 +419,14 @@ API int yaca_sign_initialize_cmac(yaca_context_h *ctx, cmac_ctx = NULL; - nc->mdctx = EVP_MD_CTX_create(); - if (nc->mdctx == NULL) { + nc->md_ctx = EVP_MD_CTX_create(); + if (nc->md_ctx == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); goto exit; } - if (EVP_DigestSignInit(nc->mdctx, NULL, NULL, NULL, pkey) != 1) { + if (EVP_DigestSignInit(nc->md_ctx, NULL, NULL, NULL, pkey) != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); goto exit; @@ -450,14 +450,14 @@ API int yaca_sign_update(yaca_context_h ctx, const char *data, size_t data_len) { - struct yaca_sign_ctx_s *c = get_sign_ctx(ctx); + struct yaca_sign_context_s *c = get_sign_context(ctx); int ret; if (c == NULL || c->op_type != OP_SIGN || data == NULL || data_len == 0) return YACA_ERROR_INVALID_PARAMETER; - ret = EVP_DigestSignUpdate(c->mdctx, data, data_len); + ret = EVP_DigestSignUpdate(c->md_ctx, data, data_len); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); @@ -471,14 +471,14 @@ API int yaca_sign_finalize(yaca_context_h ctx, char *signature, size_t *signature_len) { - struct yaca_sign_ctx_s *c = get_sign_ctx(ctx); + struct yaca_sign_context_s *c = get_sign_context(ctx); int ret; if (c == NULL || c->op_type != OP_SIGN || signature == NULL || signature_len == NULL || *signature_len == 0) return YACA_ERROR_INVALID_PARAMETER; - ret = EVP_DigestSignFinal(c->mdctx, (unsigned char *)signature, signature_len); + ret = EVP_DigestSignFinal(c->md_ctx, (unsigned char *)signature, signature_len); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); @@ -492,7 +492,7 @@ API int yaca_verify_initialize(yaca_context_h *ctx, yaca_digest_algorithm_e algo, const yaca_key_h key) { - struct yaca_sign_ctx_s *nc = NULL; + struct yaca_sign_context_s *nc = NULL; const EVP_MD *md = NULL; int ret; const struct yaca_key_evp_s *evp_key = key_get_evp(key); @@ -510,29 +510,29 @@ API int yaca_verify_initialize(yaca_context_h *ctx, return YACA_ERROR_INVALID_PARAMETER; } - ret = yaca_zalloc(sizeof(struct yaca_sign_ctx_s), (void**)&nc); + ret = yaca_zalloc(sizeof(struct yaca_sign_context_s), (void**)&nc); if (ret != YACA_ERROR_NONE) return ret; nc->op_type = OP_VERIFY; - nc->ctx.type = YACA_CTX_SIGN; - nc->ctx.ctx_destroy = destroy_sign_context; + nc->ctx.type = YACA_CONTEXT_SIGN; + nc->ctx.context_destroy = destroy_sign_context; nc->ctx.get_output_length = NULL; - nc->ctx.set_param = set_sign_param; - nc->ctx.get_param = get_sign_param; + nc->ctx.set_property = set_sign_property; + nc->ctx.get_property = get_sign_property; ret = digest_get_algorithm(algo, &md); if (ret != YACA_ERROR_NONE) goto exit; - nc->mdctx = EVP_MD_CTX_create(); - if (nc->mdctx == NULL) { + nc->md_ctx = EVP_MD_CTX_create(); + if (nc->md_ctx == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); goto exit; } - ret = EVP_DigestVerifyInit(nc->mdctx, NULL, md, NULL, evp_key->evp); + ret = EVP_DigestVerifyInit(nc->md_ctx, NULL, md, NULL, evp_key->evp); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); @@ -553,13 +553,13 @@ API int yaca_verify_update(yaca_context_h ctx, const char *data, size_t data_len) { - struct yaca_sign_ctx_s *c = get_sign_ctx(ctx); + struct yaca_sign_context_s *c = get_sign_context(ctx); int ret; if (c == NULL || data == NULL || data_len == 0 || c->op_type != OP_VERIFY) return YACA_ERROR_INVALID_PARAMETER; - ret = EVP_DigestVerifyUpdate(c->mdctx, data, data_len); + ret = EVP_DigestVerifyUpdate(c->md_ctx, data, data_len); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); @@ -573,13 +573,13 @@ API int yaca_verify_finalize(yaca_context_h ctx, const char *signature, size_t signature_len) { - struct yaca_sign_ctx_s *c = get_sign_ctx(ctx); + struct yaca_sign_context_s *c = get_sign_context(ctx); int ret; if (c == NULL || signature == NULL || signature_len == 0 || c->op_type != OP_VERIFY) return YACA_ERROR_INVALID_PARAMETER; - ret = EVP_DigestVerifyFinal(c->mdctx, + ret = EVP_DigestVerifyFinal(c->md_ctx, (unsigned char *)signature, signature_len); diff --git a/src/simple.c b/src/simple.c index f1ee20a..101822d 100644 --- a/src/simple.c +++ b/src/simple.c @@ -94,8 +94,8 @@ API int yaca_simple_encrypt(yaca_encrypt_algorithm_e algo, { yaca_context_h ctx; int ret; - char *lcipher = NULL; - size_t out_len, lcipher_len, written; + char *lciphertext = NULL; + size_t out_len, lciphertext_len, written; if (plaintext == NULL || plaintext_len == 0 || ciphertext == NULL || ciphertext_len == NULL || @@ -110,50 +110,50 @@ API int yaca_simple_encrypt(yaca_encrypt_algorithm_e algo, if (ret != YACA_ERROR_NONE) goto exit; - ret = yaca_context_get_output_length(ctx, 0, &lcipher_len); + ret = yaca_context_get_output_length(ctx, 0, &lciphertext_len); if (ret != YACA_ERROR_NONE) goto exit; - if (out_len > SIZE_MAX - lcipher_len) { + if (out_len > SIZE_MAX - lciphertext_len) { ret = YACA_ERROR_INVALID_PARAMETER; goto exit; } - lcipher_len += out_len; + lciphertext_len += out_len; - assert(lcipher_len > 0); + assert(lciphertext_len > 0); - ret = yaca_malloc(lcipher_len, (void**)&lcipher); + ret = yaca_malloc(lciphertext_len, (void**)&lciphertext); if (ret != YACA_ERROR_NONE) goto exit; - out_len = lcipher_len; - ret = yaca_encrypt_update(ctx, plaintext, plaintext_len, lcipher, &out_len); + out_len = lciphertext_len; + ret = yaca_encrypt_update(ctx, plaintext, plaintext_len, lciphertext, &out_len); if (ret != YACA_ERROR_NONE) goto exit; - assert(out_len <= lcipher_len); + assert(out_len <= lciphertext_len); written = out_len; - out_len = lcipher_len - written; - ret = yaca_encrypt_finalize(ctx, lcipher + written, &out_len); + out_len = lciphertext_len - written; + ret = yaca_encrypt_finalize(ctx, lciphertext + written, &out_len); if (ret != YACA_ERROR_NONE) goto exit; written += out_len; - assert(written <= lcipher_len && written > 0); + assert(written <= lciphertext_len && written > 0); - ret = yaca_realloc(written, (void**)&lcipher); + ret = yaca_realloc(written, (void**)&lciphertext); if (ret != YACA_ERROR_NONE) goto exit; - *ciphertext = lcipher; + *ciphertext = lciphertext; *ciphertext_len = written; - lcipher = NULL; + lciphertext = NULL; ret = YACA_ERROR_NONE; exit: - yaca_free(lcipher); + yaca_free(lciphertext); yaca_context_destroy(ctx); return ret; @@ -170,8 +170,8 @@ API int yaca_simple_decrypt(yaca_encrypt_algorithm_e algo, { yaca_context_h ctx; int ret; - char *lplain = NULL; - size_t out_len, lplain_len, written; + char *lplaintext = NULL; + size_t out_len, lplaintext_len, written; if (ciphertext == NULL || ciphertext_len == 0 || plaintext == NULL || plaintext_len == NULL || @@ -186,49 +186,49 @@ API int yaca_simple_decrypt(yaca_encrypt_algorithm_e algo, if (ret != YACA_ERROR_NONE) goto exit; - ret = yaca_context_get_output_length(ctx, 0, &lplain_len); + ret = yaca_context_get_output_length(ctx, 0, &lplaintext_len); if (ret != YACA_ERROR_NONE) goto exit; - if (out_len > SIZE_MAX - lplain_len) { + if (out_len > SIZE_MAX - lplaintext_len) { ret = YACA_ERROR_INVALID_PARAMETER; goto exit; } - lplain_len += out_len; - assert(lplain_len > 0); + lplaintext_len += out_len; + assert(lplaintext_len > 0); - ret = yaca_malloc(lplain_len, (void**)&lplain); + ret = yaca_malloc(lplaintext_len, (void**)&lplaintext); if (ret != YACA_ERROR_NONE) goto exit; - out_len = lplain_len; - ret = yaca_decrypt_update(ctx, ciphertext, ciphertext_len, lplain, &out_len); + out_len = lplaintext_len; + ret = yaca_decrypt_update(ctx, ciphertext, ciphertext_len, lplaintext, &out_len); if (ret != YACA_ERROR_NONE) goto exit; - assert(out_len <= lplain_len); + assert(out_len <= lplaintext_len); written = out_len; - out_len = lplain_len - written; - ret = yaca_decrypt_finalize(ctx, lplain + written, &out_len); + out_len = lplaintext_len - written; + ret = yaca_decrypt_finalize(ctx, lplaintext + written, &out_len); if (ret != YACA_ERROR_NONE) goto exit; written += out_len; - assert(written <= lplain_len && written > 0); + assert(written <= lplaintext_len && written > 0); - ret = yaca_realloc(written, (void**)&lplain); + ret = yaca_realloc(written, (void**)&lplaintext); if (ret != YACA_ERROR_NONE) goto exit; - *plaintext = lplain; + *plaintext = lplaintext; *plaintext_len = written; - lplain = NULL; + lplaintext = NULL; ret = YACA_ERROR_NONE; exit: - yaca_free(lplain); + yaca_free(lplaintext); yaca_context_destroy(ctx); return ret; -- 2.7.4 From 3dc010a09c3b4e4dd63f52cc1ced23c2ae7cb610 Mon Sep 17 00:00:00 2001 From: Dariusz Michaluk Date: Thu, 7 Jul 2016 16:27:30 +0200 Subject: [PATCH 14/16] Allow NULL input/output only in CCM mode. Change-Id: I0758a1f2d8fa7accf8517aec6c93f79cf5f369d5 --- src/encrypt.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/encrypt.c b/src/encrypt.c index 6dc4527..5cdbeab 100644 --- a/src/encrypt.c +++ b/src/encrypt.c @@ -483,6 +483,10 @@ int encrypt_update(yaca_context_h ctx, if (c == NULL || input_len == 0 || output_len == NULL || op_type != c->op_type) return YACA_ERROR_INVALID_PARAMETER; + if (EVP_CIPHER_CTX_mode(c->cipher_ctx) != EVP_CIPH_CCM_MODE) + if (input == NULL || output == NULL) + return YACA_ERROR_INVALID_PARAMETER; + switch (op_type) { case OP_ENCRYPT: ret = EVP_EncryptUpdate(c->cipher_ctx, output, &loutput_len, input, input_len); -- 2.7.4 From 0b739952ba229c34ae72aeb83e598c15b8dc1c0c Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Tue, 5 Jul 2016 09:24:23 +0200 Subject: [PATCH 15/16] Specify property type for tag lengths Change-Id: I3fa756c74bd0797d070913020fd0f38588fe7403 --- api/yaca/yaca_types.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/api/yaca/yaca_types.h b/api/yaca/yaca_types.h index 655879e..c1a6430 100644 --- a/api/yaca/yaca_types.h +++ b/api/yaca/yaca_types.h @@ -303,7 +303,7 @@ typedef enum { * (recommended 128 bits tag).\n * Set after yaca_encrypt_finalize() / yaca_seal_finalize() and before * yaca_context_get_property(#YACA_PROPERTY_GCM_TAG) - * in encryption / seal operation.\n\n + * in encryption / seal operation. The @a value should be a size_t variable.\n\n * * - #YACA_PROPERTY_GCM_TAG = GCM tag\n * Get after yaca_encrypt_finalize() / yaca_seal_finalize() in encryption / seal operation.\n @@ -315,6 +315,7 @@ typedef enum { * Set after yaca_decrypt_initialize() / yaca_open_initialize() and before * yaca_decrypt_update() / yaca_open_update() in decryption / open operation.\n\n * + * @see yaca_context_set_property() * @see examples/encrypt_aes_gcm_ccm.c * @see examples/seal.c */ @@ -353,7 +354,8 @@ typedef enum { * - #YACA_PROPERTY_CCM_TAG_LEN = CCM tag length\n * Supported tag lengths: 32-128 bits in step of 16 bits (recommended 96 bits tag).\n * Set after yaca_encrypt_initialize() / yaca_seal_initialize() and before - * yaca_encrypt_update() / yaca_seal_update() in encryption / seal operation.\n\n + * yaca_encrypt_update() / yaca_seal_update() in encryption / seal operation. + * The @a value should be a size_t variable. \n\n * * - #YACA_PROPERTY_CCM_TAG = CCM tag\n * Get after yaca_encrypt_finalize() / yaca_seal_finalize() in encryption / seal operation.\n -- 2.7.4 From 61cd5fd6718113049e508a32b682a60606436ba0 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Fri, 1 Jul 2016 15:44:57 +0200 Subject: [PATCH 16/16] Update GCM/CCM examples Use nonstandard tag. Fix formatting. Add missing cleanup. Change-Id: Iec6f358ff3d05ae17ab072a72ef95401c777eb5a --- examples/encrypt_aes_gcm_ccm.c | 6 +++--- examples/seal.c | 6 +++++- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/examples/encrypt_aes_gcm_ccm.c b/examples/encrypt_aes_gcm_ccm.c index 7ac3534..c990d79 100644 --- a/examples/encrypt_aes_gcm_ccm.c +++ b/examples/encrypt_aes_gcm_ccm.c @@ -113,7 +113,7 @@ void encrypt_decrypt_aes_gcm(void) /* Set the tag length and get the tag after final encryption */ if (yaca_context_set_property(ctx, YACA_PROPERTY_GCM_TAG_LEN, - (void*)&tag_len, sizeof(tag_len)) != YACA_ERROR_NONE) + (void*)&tag_len, sizeof(tag_len)) != YACA_ERROR_NONE) goto exit; if (yaca_context_get_property(ctx, YACA_PROPERTY_GCM_TAG, (void**)tag, &tag_len) != YACA_ERROR_NONE) @@ -195,7 +195,7 @@ void encrypt_decrypt_aes_ccm(void) char *aad = NULL; char *tag = NULL; size_t aad_len = 16; - size_t tag_len = 12; + size_t tag_len = 14; size_t block_len; size_t output_len; @@ -230,7 +230,7 @@ void encrypt_decrypt_aes_ccm(void) /* Set tag length (optionally) */ if (yaca_context_set_property(ctx, YACA_PROPERTY_CCM_TAG_LEN, - (void*)&tag_len, sizeof(tag_len)) != YACA_ERROR_NONE) + (void*)&tag_len, sizeof(tag_len)) != YACA_ERROR_NONE) goto exit; /* The total plain text length must be passed (only needed if AAD is passed) */ diff --git a/examples/seal.c b/examples/seal.c index a7774eb..64b70f7 100644 --- a/examples/seal.c +++ b/examples/seal.c @@ -275,6 +275,8 @@ exit: yaca_context_destroy(ctx); yaca_key_destroy(sym_key); yaca_key_destroy(iv); + yaca_free(aad); + yaca_free(tag); yaca_key_destroy(key_pub); yaca_key_destroy(key_priv); } @@ -299,7 +301,7 @@ void encrypt_seal_aes_ccm(void) char *aad = NULL; char *tag = NULL; size_t aad_len = 16; - size_t tag_len = 12; + size_t tag_len = 8; size_t block_len; size_t output_len; @@ -423,6 +425,8 @@ exit: yaca_context_destroy(ctx); yaca_key_destroy(sym_key); yaca_key_destroy(iv); + yaca_free(aad); + yaca_free(tag); yaca_key_destroy(key_pub); yaca_key_destroy(key_priv); } -- 2.7.4