From c095a7929efba8f737180d0e8987f34b461df5fd Mon Sep 17 00:00:00 2001 From: Dariusz Michaluk Date: Tue, 11 Oct 2016 13:02:21 +0200 Subject: [PATCH 01/16] Remove outdated TODO's Change-Id: I2a0d00923ffa4f105461a7ee2bc6bb025c6bdb82 --- src/key.c | 2 +- todo.txt | 7 ------- 2 files changed, 1 insertion(+), 8 deletions(-) delete mode 100644 todo.txt diff --git a/src/key.c b/src/key.c index 0c04179..404840a 100644 --- a/src/key.c +++ b/src/key.c @@ -1926,7 +1926,7 @@ API int yaca_key_derive_pbkdf2(const char *password, return ret; nk->bit_len = key_bit_len; - nk->key.type = YACA_KEY_TYPE_SYMMETRIC; // TODO: how to handle other keys? + nk->key.type = YACA_KEY_TYPE_SYMMETRIC; ret = PKCS5_PBKDF2_HMAC(password, -1, (const unsigned char*)salt, salt_len, iterations, md, key_byte_len, diff --git a/todo.txt b/todo.txt deleted file mode 100644 index 78272ad..0000000 --- a/todo.txt +++ /dev/null @@ -1,7 +0,0 @@ -Global: -- Rethink and possibly add verification of output buffer lengths. - In other words check whether the user won't cause a buffer overflow. -- Support for OCB mode was added in OpenSSL 1.1.0 -- We need a way to import keys encrypted with hw (or other) keys. New - function like yaca_key_load or sth? -- Add extended description and examples in documentation. -- 2.7.4 From a2b610b035f732233e5fbdc8ed55ea134d9f007c Mon Sep 17 00:00:00 2001 From: Dariusz Michaluk Date: Tue, 18 Oct 2016 09:24:32 +0200 Subject: [PATCH 02/16] Release 0.0.2 Change-Id: I62a0ff6fff1b3a3b4cdfa611c59a310555b9e001 --- CMakeLists.txt | 2 +- packaging/yaca.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 606c9fc..653daef 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -23,7 +23,7 @@ CMAKE_MINIMUM_REQUIRED (VERSION 2.6.2) PROJECT(yaca) -SET(VERSION "0.0.1") +SET(VERSION "0.0.2") ## pkgconfig ################################################################### INCLUDE(FindPkgConfig) diff --git a/packaging/yaca.spec b/packaging/yaca.spec index 8e81aa4..2b43c19 100644 --- a/packaging/yaca.spec +++ b/packaging/yaca.spec @@ -1,5 +1,5 @@ Name: yaca -Version: 0.0.1 +Version: 0.0.2 Release: 0 Source0: %{name}-%{version}.tar.gz License: Apache-2.0 -- 2.7.4 From 52d9fac96f1db8eb862f2622bb2abfb01b92312b Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Mon, 7 Nov 2016 09:21:36 +0100 Subject: [PATCH 03/16] Replace spaces with tabs Tab policy [IDT_M_TAB] have changed from optional to mandatory and whole code has to be adjusted. doc/coding_rules.txt updated. File access rights fixed Change-Id: I7b855be9560e9b4f134294a1f97a70a50af578c1 --- api/yaca/yaca_crypto.h | 16 +-- api/yaca/yaca_digest.h | 0 api/yaca/yaca_encrypt.h | 46 ++++----- api/yaca/yaca_error.h | 0 api/yaca/yaca_key.h | 54 +++++----- api/yaca/yaca_rsa.h | 40 +++---- api/yaca/yaca_seal.h | 48 ++++----- api/yaca/yaca_sign.h | 32 +++--- api/yaca/yaca_simple.h | 76 +++++++------- api/yaca/yaca_types.h | 0 doc/coding-rules.txt | 64 ++++++------ doc/yaca_doc.h | 0 doc/yaca_encryption_doc.h | 0 doc/yaca_integrity_doc.h | 0 doc/yaca_key_doc.h | 0 doc/yaca_rsa_doc.h | 0 doc/yaca_simple_doc.h | 0 examples/digest_simple.c | 2 +- examples/encrypt_simple.c | 8 +- examples/key_exchange.c | 2 +- examples/key_import_export_asym.c | 8 +- examples/key_import_export_sym.c | 8 +- examples/key_password.c | 4 +- examples/key_wrap.c | 14 +-- examples/rsa_private.c | 4 +- examples/rsa_public.c | 4 +- examples/seal.c | 4 +- examples/sign_simple.c | 8 +- examples/sign_simple_cmac.c | 8 +- src/crypto.c | 10 +- src/debug.c | 8 +- src/digest.c | 4 +- src/encrypt.c | 212 +++++++++++++++++++------------------- src/internal.h | 32 +++--- src/key.c | 162 ++++++++++++++--------------- src/rsa.c | 110 ++++++++++---------- src/seal.c | 80 +++++++------- src/sign.c | 64 ++++++------ src/simple.c | 104 +++++++++---------- 39 files changed, 618 insertions(+), 618 deletions(-) mode change 100755 => 100644 api/yaca/yaca_crypto.h mode change 100755 => 100644 api/yaca/yaca_digest.h mode change 100755 => 100644 api/yaca/yaca_encrypt.h mode change 100755 => 100644 api/yaca/yaca_error.h mode change 100755 => 100644 api/yaca/yaca_key.h mode change 100755 => 100644 api/yaca/yaca_rsa.h mode change 100755 => 100644 api/yaca/yaca_seal.h mode change 100755 => 100644 api/yaca/yaca_sign.h mode change 100755 => 100644 api/yaca/yaca_simple.h mode change 100755 => 100644 api/yaca/yaca_types.h mode change 100755 => 100644 doc/yaca_doc.h mode change 100755 => 100644 doc/yaca_encryption_doc.h mode change 100755 => 100644 doc/yaca_integrity_doc.h mode change 100755 => 100644 doc/yaca_key_doc.h mode change 100755 => 100644 doc/yaca_rsa_doc.h mode change 100755 => 100644 doc/yaca_simple_doc.h diff --git a/api/yaca/yaca_crypto.h b/api/yaca/yaca_crypto.h old mode 100755 new mode 100644 index e2b2d5a..56425eb --- a/api/yaca/yaca_crypto.h +++ b/api/yaca/yaca_crypto.h @@ -206,9 +206,9 @@ int yaca_randomize_bytes(char *data, size_t data_len); * @see yaca_context_get_property() */ int yaca_context_set_property(yaca_context_h ctx, - yaca_property_e property, - const void *value, - size_t value_len); + yaca_property_e property, + const void *value, + size_t value_len); /** * @brief Returns the non-standard context properties. Can only be called on an @@ -241,9 +241,9 @@ int yaca_context_set_property(yaca_context_h ctx, * @see yaca_free() */ int yaca_context_get_property(const yaca_context_h ctx, - yaca_property_e property, - void **value, - size_t *value_len); + yaca_property_e property, + void **value, + size_t *value_len); /** * @brief Returns the minimum required size of the output buffer for a single crypto function call. @@ -271,8 +271,8 @@ int yaca_context_get_property(const yaca_context_h ctx, * @retval #YACA_ERROR_INTERNAL Internal error */ int yaca_context_get_output_length(const yaca_context_h ctx, - size_t input_len, - size_t *output_len); + size_t input_len, + size_t *output_len); /** * @brief Destroys the crypto context. Must be called on all contexts that are diff --git a/api/yaca/yaca_digest.h b/api/yaca/yaca_digest.h old mode 100755 new mode 100644 diff --git a/api/yaca/yaca_encrypt.h b/api/yaca/yaca_encrypt.h old mode 100755 new mode 100644 index 3395013..4031f2c --- a/api/yaca/yaca_encrypt.h +++ b/api/yaca/yaca_encrypt.h @@ -58,9 +58,9 @@ extern "C" { * */ int yaca_encrypt_get_iv_bit_length(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t key_bit_len, - size_t *iv_bit_len); + yaca_block_cipher_mode_e bcm, + size_t key_bit_len, + size_t *iv_bit_len); /** * @brief Initializes an encryption context. @@ -89,10 +89,10 @@ int yaca_encrypt_get_iv_bit_length(yaca_encrypt_algorithm_e algo, * @see yaca_context_destroy() */ int yaca_encrypt_initialize(yaca_context_h *ctx, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv); + yaca_encrypt_algorithm_e algo, + yaca_block_cipher_mode_e bcm, + const yaca_key_h sym_key, + const yaca_key_h iv); /** * @brief Encrypts chunk of the data. @@ -118,10 +118,10 @@ int yaca_encrypt_initialize(yaca_context_h *ctx, * @see yaca_context_get_output_length() */ int yaca_encrypt_update(yaca_context_h ctx, - const char *plaintext, - size_t plaintext_len, - char *ciphertext, - size_t *ciphertext_len); + const char *plaintext, + size_t plaintext_len, + char *ciphertext, + size_t *ciphertext_len); /** * @brief Encrypts the final chunk of the data. @@ -148,8 +148,8 @@ int yaca_encrypt_update(yaca_context_h ctx, * @see yaca_context_get_output_length() */ int yaca_encrypt_finalize(yaca_context_h ctx, - char *ciphertext, - size_t *ciphertext_len); + char *ciphertext, + size_t *ciphertext_len); /** * @brief Initializes an decryption context. @@ -178,10 +178,10 @@ int yaca_encrypt_finalize(yaca_context_h ctx, * @see yaca_context_destroy() */ int yaca_decrypt_initialize(yaca_context_h *ctx, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv); + yaca_encrypt_algorithm_e algo, + yaca_block_cipher_mode_e bcm, + const yaca_key_h sym_key, + const yaca_key_h iv); /** * @brief Decrypts chunk of the data. @@ -208,10 +208,10 @@ int yaca_decrypt_initialize(yaca_context_h *ctx, * @see yaca_context_get_output_length() */ int yaca_decrypt_update(yaca_context_h ctx, - const char *ciphertext, - size_t ciphertext_len, - char *plaintext, - size_t *plaintext_len); + const char *ciphertext, + size_t ciphertext_len, + char *plaintext, + size_t *plaintext_len); /** * @brief Decrypts the final chunk of the data. @@ -239,8 +239,8 @@ int yaca_decrypt_update(yaca_context_h ctx, * @see yaca_context_get_output_length() */ int yaca_decrypt_finalize(yaca_context_h ctx, - char *plaintext, - size_t *plaintext_len); + char *plaintext, + size_t *plaintext_len); /** * @} diff --git a/api/yaca/yaca_error.h b/api/yaca/yaca_error.h old mode 100755 new mode 100644 diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h old mode 100755 new mode 100644 index 4f50550..5c87944 --- a/api/yaca/yaca_key.h +++ b/api/yaca/yaca_key.h @@ -138,10 +138,10 @@ int yaca_key_get_bit_length(const yaca_key_h key, size_t *key_bit_len); * @see yaca_key_destroy() */ int yaca_key_import(yaca_key_type_e key_type, - const char *password, - const char *data, - size_t data_len, - yaca_key_h *key); + const char *password, + const char *data, + size_t data_len, + yaca_key_h *key); /** * @brief Exports a key or key generation parameters to arbitrary format. @@ -201,11 +201,11 @@ int yaca_key_import(yaca_key_type_e key_type, * @see yaca_key_destroy() */ int yaca_key_export(const yaca_key_h key, - yaca_key_format_e key_fmt, - yaca_key_file_format_e key_file_fmt, - const char *password, - char **data, - size_t *data_len); + yaca_key_format_e key_fmt, + yaca_key_file_format_e key_file_fmt, + const char *password, + char **data, + size_t *data_len); /** * @brief Generates a secure key or key generation parameters (or an Initialization Vector). @@ -245,8 +245,8 @@ int yaca_key_export(const yaca_key_h key, * @see yaca_key_destroy() */ int yaca_key_generate(yaca_key_type_e key_type, - size_t key_bit_len, - yaca_key_h *key); + size_t key_bit_len, + yaca_key_h *key); /** * @brief Generates a secure private asymmetric key from parameters. @@ -346,9 +346,9 @@ int yaca_key_extract_parameters(const yaca_key_h key, yaca_key_h *params); * @see yaca_free() */ int yaca_key_derive_dh(const yaca_key_h prv_key, - const yaca_key_h pub_key, - char **secret, - size_t *secret_len); + const yaca_key_h pub_key, + char **secret, + size_t *secret_len); /** * @brief Derives a key material from shared secret. @@ -386,13 +386,13 @@ int yaca_key_derive_dh(const yaca_key_h prv_key, * @see yaca_free() */ int yaca_key_derive_kdf(yaca_kdf_e kdf, - yaca_digest_algorithm_e algo, - const char *secret, - size_t secret_len, - const char *info, - size_t info_len, - size_t key_material_len, - char **key_material); + yaca_digest_algorithm_e algo, + const char *secret, + size_t secret_len, + const char *info, + size_t info_len, + size_t key_material_len, + char **key_material); /** * @brief Derives a key from user password (PKCS #5 a.k.a. pbkdf2 algorithm). @@ -420,12 +420,12 @@ int yaca_key_derive_kdf(yaca_kdf_e kdf, * @see yaca_key_destroy() */ int yaca_key_derive_pbkdf2(const char *password, - const char *salt, - size_t salt_len, - size_t iterations, - yaca_digest_algorithm_e algo, - size_t key_bit_len, - yaca_key_h *key); + const char *salt, + size_t salt_len, + size_t iterations, + yaca_digest_algorithm_e algo, + size_t key_bit_len, + yaca_key_h *key); /** * @brief Release the key created by the library. Passing YACA_KEY_NULL is allowed. diff --git a/api/yaca/yaca_rsa.h b/api/yaca/yaca_rsa.h old mode 100755 new mode 100644 index 20b1b4d..a57bfd7 --- a/api/yaca/yaca_rsa.h +++ b/api/yaca/yaca_rsa.h @@ -70,11 +70,11 @@ extern "C" { * @see yaca_free() */ int yaca_rsa_public_encrypt(yaca_padding_e padding, - const yaca_key_h pub_key, - const char *plaintext, - size_t plaintext_len, - char **ciphertext, - size_t *ciphertext_len); + const yaca_key_h pub_key, + const char *plaintext, + size_t plaintext_len, + char **ciphertext, + size_t *ciphertext_len); /** * @brief Decrypts data using a RSA private key (low-level decrypt equivalent). @@ -105,11 +105,11 @@ int yaca_rsa_public_encrypt(yaca_padding_e padding, * @see yaca_free() */ int yaca_rsa_private_decrypt(yaca_padding_e padding, - const yaca_key_h prv_key, - const char *ciphertext, - size_t ciphertext_len, - char **plaintext, - size_t *plaintext_len); + const yaca_key_h prv_key, + const char *ciphertext, + size_t ciphertext_len, + char **plaintext, + size_t *plaintext_len); /** * @brief Encrypts data using a RSA private key (low-level sign equivalent). @@ -145,11 +145,11 @@ int yaca_rsa_private_decrypt(yaca_padding_e padding, * @see yaca_free() */ int yaca_rsa_private_encrypt(yaca_padding_e padding, - const yaca_key_h prv_key, - const char *plaintext, - size_t plaintext_len, - char **ciphertext, - size_t *ciphertext_len); + const yaca_key_h prv_key, + const char *plaintext, + size_t plaintext_len, + char **ciphertext, + size_t *ciphertext_len); /** * @brief Decrypts data using a RSA public key (low-level verify equivalent). @@ -180,11 +180,11 @@ int yaca_rsa_private_encrypt(yaca_padding_e padding, * @see yaca_free() */ int yaca_rsa_public_decrypt(yaca_padding_e padding, - const yaca_key_h pub_key, - const char *ciphertext, - size_t ciphertext_len, - char **plaintext, - size_t *plaintext_len); + const yaca_key_h pub_key, + const char *ciphertext, + size_t ciphertext_len, + char **plaintext, + size_t *plaintext_len); /** * @} diff --git a/api/yaca/yaca_seal.h b/api/yaca/yaca_seal.h old mode 100755 new mode 100644 index 7fab958..5db810e --- a/api/yaca/yaca_seal.h +++ b/api/yaca/yaca_seal.h @@ -87,12 +87,12 @@ extern "C" { * @see yaca_context_destroy() */ int yaca_seal_initialize(yaca_context_h *ctx, - const yaca_key_h pub_key, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t sym_key_bit_len, - yaca_key_h *sym_key, - yaca_key_h *iv); + const yaca_key_h pub_key, + yaca_encrypt_algorithm_e algo, + yaca_block_cipher_mode_e bcm, + size_t sym_key_bit_len, + yaca_key_h *sym_key, + yaca_key_h *iv); /** * @brief Encrypts piece of the data. @@ -118,10 +118,10 @@ int yaca_seal_initialize(yaca_context_h *ctx, * @see yaca_context_get_output_length() */ int yaca_seal_update(yaca_context_h ctx, - const char *plaintext, - size_t plaintext_len, - char *ciphertext, - size_t *ciphertext_len); + const char *plaintext, + size_t plaintext_len, + char *ciphertext, + size_t *ciphertext_len); /** * @brief Encrypts the final piece of the data. @@ -148,8 +148,8 @@ int yaca_seal_update(yaca_context_h ctx, * @see yaca_context_get_output_length() */ int yaca_seal_finalize(yaca_context_h ctx, - char *ciphertext, - size_t *ciphertext_len); + char *ciphertext, + size_t *ciphertext_len); /** * @brief Initializes an asymmetric decryption context. @@ -185,12 +185,12 @@ int yaca_seal_finalize(yaca_context_h ctx, * @see yaca_context_destroy() */ int yaca_open_initialize(yaca_context_h *ctx, - const yaca_key_h prv_key, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t sym_key_bit_len, - const yaca_key_h sym_key, - const yaca_key_h iv); + const yaca_key_h prv_key, + yaca_encrypt_algorithm_e algo, + yaca_block_cipher_mode_e bcm, + size_t sym_key_bit_len, + const yaca_key_h sym_key, + const yaca_key_h iv); /** * @brief Decrypts piece of the data. @@ -217,10 +217,10 @@ int yaca_open_initialize(yaca_context_h *ctx, * @see yaca_context_get_output_length() */ int yaca_open_update(yaca_context_h ctx, - const char *ciphertext, - size_t ciphertext_len, - char *plaintext, - size_t *plaintext_len); + const char *ciphertext, + size_t ciphertext_len, + char *plaintext, + size_t *plaintext_len); /** * @brief Decrypts last chunk of sealed message. @@ -248,8 +248,8 @@ int yaca_open_update(yaca_context_h ctx, * @see yaca_context_get_output_length() */ int yaca_open_finalize(yaca_context_h ctx, - char *plaintext, - size_t *plaintext_len); + char *plaintext, + size_t *plaintext_len); /** * @} diff --git a/api/yaca/yaca_sign.h b/api/yaca/yaca_sign.h old mode 100755 new mode 100644 index e627262..0fcbec3 --- a/api/yaca/yaca_sign.h +++ b/api/yaca/yaca_sign.h @@ -83,8 +83,8 @@ extern "C" { * @see yaca_context_destroy() */ int yaca_sign_initialize(yaca_context_h *ctx, - yaca_digest_algorithm_e algo, - const yaca_key_h prv_key); + yaca_digest_algorithm_e algo, + const yaca_key_h prv_key); /** * @brief Initializes a signature context for HMAC. @@ -117,8 +117,8 @@ int yaca_sign_initialize(yaca_context_h *ctx, * @see yaca_context_destroy() */ int yaca_sign_initialize_hmac(yaca_context_h *ctx, - yaca_digest_algorithm_e algo, - const yaca_key_h sym_key); + yaca_digest_algorithm_e algo, + const yaca_key_h sym_key); /** * @brief Initializes a signature context for CMAC. @@ -151,8 +151,8 @@ int yaca_sign_initialize_hmac(yaca_context_h *ctx, * @see yaca_context_destroy() */ int yaca_sign_initialize_cmac(yaca_context_h *ctx, - yaca_encrypt_algorithm_e algo, - const yaca_key_h sym_key); + yaca_encrypt_algorithm_e algo, + const yaca_key_h sym_key); /** * @brief Feeds the message into the digital signature or MAC algorithm. @@ -176,8 +176,8 @@ int yaca_sign_initialize_cmac(yaca_context_h *ctx, * @see yaca_sign_initialize_cmac() */ int yaca_sign_update(yaca_context_h ctx, - const char *message, - size_t message_len); + const char *message, + size_t message_len); /** * @brief Calculates the final signature or MAC. @@ -206,8 +206,8 @@ int yaca_sign_update(yaca_context_h ctx, * @see yaca_context_get_output_length() */ int yaca_sign_finalize(yaca_context_h ctx, - char *signature, - size_t *signature_len); + char *signature, + size_t *signature_len); /** * @brief Initializes a signature verification context for asymmetric signatures. @@ -244,8 +244,8 @@ int yaca_sign_finalize(yaca_context_h ctx, * @see yaca_context_destroy() */ int yaca_verify_initialize(yaca_context_h *ctx, - yaca_digest_algorithm_e algo, - const yaca_key_h pub_key); + yaca_digest_algorithm_e algo, + const yaca_key_h pub_key); /** * @brief Feeds the message into the digital signature verification algorithm. @@ -266,8 +266,8 @@ int yaca_verify_initialize(yaca_context_h *ctx, * @see yaca_verify_finalize() */ int yaca_verify_update(yaca_context_h ctx, - const char *message, - size_t message_len); + const char *message, + size_t message_len); /** * @brief Performs the verification. @@ -293,8 +293,8 @@ int yaca_verify_update(yaca_context_h ctx, * @see yaca_sign_finalize() */ int yaca_verify_finalize(yaca_context_h ctx, - const char *signature, - size_t signature_len); + const char *signature, + size_t signature_len); /** * @} diff --git a/api/yaca/yaca_simple.h b/api/yaca/yaca_simple.h old mode 100755 new mode 100644 index b77e9bc..97a9826 --- a/api/yaca/yaca_simple.h +++ b/api/yaca/yaca_simple.h @@ -80,13 +80,13 @@ extern "C" { * @see yaca_free() */ int yaca_simple_encrypt(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv, - const char *plaintext, - size_t plaintext_len, - char **ciphertext, - size_t *ciphertext_len); + yaca_block_cipher_mode_e bcm, + const yaca_key_h sym_key, + const yaca_key_h iv, + const char *plaintext, + size_t plaintext_len, + char **ciphertext, + size_t *ciphertext_len); /** * @brief Decrypts data using a symmetric cipher. @@ -121,13 +121,13 @@ int yaca_simple_encrypt(yaca_encrypt_algorithm_e algo, * @see yaca_free() */ int yaca_simple_decrypt(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv, - const char *ciphertext, - size_t ciphertext_len, - char **plaintext, - size_t *plaintext_len); + yaca_block_cipher_mode_e bcm, + const yaca_key_h sym_key, + const yaca_key_h iv, + const char *ciphertext, + size_t ciphertext_len, + char **plaintext, + size_t *plaintext_len); /** * @brief Calculates a digest of a message. @@ -155,10 +155,10 @@ int yaca_simple_decrypt(yaca_encrypt_algorithm_e algo, * @see yaca_free() */ int yaca_simple_calculate_digest(yaca_digest_algorithm_e algo, - const char *message, - size_t message_len, - char **digest, - size_t *digest_len); + const char *message, + size_t message_len, + char **digest, + size_t *digest_len); /** * @brief Creates a signature using asymmetric private key. @@ -198,11 +198,11 @@ int yaca_simple_calculate_digest(yaca_digest_algorithm_e algo, * @see yaca_free() */ int yaca_simple_calculate_signature(yaca_digest_algorithm_e algo, - const yaca_key_h prv_key, - const char *message, - size_t message_len, - char **signature, - size_t *signature_len); + const yaca_key_h prv_key, + const char *message, + size_t message_len, + char **signature, + size_t *signature_len); /** * @brief Verifies a signature using asymmetric public key. @@ -235,11 +235,11 @@ int yaca_simple_calculate_signature(yaca_digest_algorithm_e algo, * @see yaca_simple_calculate_signature() */ int yaca_simple_verify_signature(yaca_digest_algorithm_e algo, - const yaca_key_h pub_key, - const char *message, - size_t message_len, - const char *signature, - size_t signature_len); + const yaca_key_h pub_key, + const char *message, + size_t message_len, + const char *signature, + size_t signature_len); /** * @brief Calculates a HMAC of given message using symmetric key. @@ -275,11 +275,11 @@ int yaca_simple_verify_signature(yaca_digest_algorithm_e algo, * @see yaca_free() */ int yaca_simple_calculate_hmac(yaca_digest_algorithm_e algo, - const yaca_key_h sym_key, - const char *message, - size_t message_len, - char **mac, - size_t *mac_len); + const yaca_key_h sym_key, + const char *message, + size_t message_len, + char **mac, + size_t *mac_len); /** * @brief Calculates a CMAC of given message using symmetric key. @@ -315,11 +315,11 @@ int yaca_simple_calculate_hmac(yaca_digest_algorithm_e algo, * @see yaca_free() */ int yaca_simple_calculate_cmac(yaca_encrypt_algorithm_e algo, - const yaca_key_h sym_key, - const char *message, - size_t message_len, - char **mac, - size_t *mac_len); + const yaca_key_h sym_key, + const char *message, + size_t message_len, + char **mac, + size_t *mac_len); /** * @} diff --git a/api/yaca/yaca_types.h b/api/yaca/yaca_types.h old mode 100755 new mode 100644 diff --git a/doc/coding-rules.txt b/doc/coding-rules.txt index 4f55843..9f8b70e 100644 --- a/doc/coding-rules.txt +++ b/doc/coding-rules.txt @@ -4,24 +4,24 @@ Differences from Tizen rules are included as "Notes". For full description of each rule - please refer to Tizen documentation. -[R01] [CMT_M_C89] Style for comment is the C89 "/* … */" style. +[R01] [CMT_M_C89] Both comment styles are allowed : C89 "/* ... */" style & C99 "//" style Note: Temporary comments may use C99 style (TODO, FIXME etc.) [R02] [DEC_R_INL] inline keyword should sit between storage class and type. -[R03] [IDT_R_TAB] Use tabs. All tabs are 4 characters. Indentation use only tab (No space key). -Note: If possible use Smart Tabs, if not - 4-character tabs + alignment spaces +[M01] [IDT_M_TAB] Use tabs. All tabs are 4 characters. Indentation use only tab (No space key). +Note: If necessary use 4-character tabs + alignment spaces -[R04] [IDT_R_SCH] Switch and case should be at the same indent. +[M02] [IDT_M_SCH] Switch and case should be at the same indent. -[R05] [IDT_R_LBL] goto labels aren't indented, allow a single space however. +[R03] [IDT_R_LBL] goto labels aren't indented, allow a single space however. Note: No single space allowed -[M01] [SPC_M_KWD] Keywords have following space rules +[M03] [SPC_M_KWD] Keywords have following space rules -Put a space after (most) keywords (ex: if, switch, case, for, do, while). -Exception: Do not put a space after function like keywords, such as sizeof, typeof, alignof, __attribute__. - -[M02] [SPC_M_OPR] Operators have following space rules +[M04] [SPC_M_OPR] Operators have following space rules -Put a space around(on each side of) most binary and ternary operators -Example: = + -< > * / % | & ^ <= >= == != ? : -Do not put a space after unary operators @@ -30,7 +30,7 @@ Note: No single space allowed -Do not put a space after cast operator -Do not put a space around the "." and "->" structure member operators. -[M03] [SPC_M_SEP] Seperators have following space rules +[M05] [SPC_M_SEP] Seperators have following space rules -Put a space after closing brace when it has anything on the line. -Exception : comma after closing brace '},' -Put a space after comma @@ -38,50 +38,50 @@ Note: No single space allowed -Do not put a space after the function name in function calls. -Do not put space before open square bracket '['; and inside square bracket '[', ']'. -[M04] [BRC_M_FTN] functions have the opening brace at the beginning of the next line. +[M06] [BRC_M_FTN] functions have the opening brace at the beginning of the next line. -[M05] [BRC_M_SMT] Statement brace: Open brace last on the line. The closing brace is empty on a line of its own. +[M07] [BRC_M_SMT] Statement brace: Open brace last on the line. The closing brace is empty on a line of its own. -Exception: Where the closing race is followed by a continuation of the same statement, else should follow close brace '}', while should follow close brace '}' -[M06] [BRC_M_EUS] Open braces for enum, union and struct go on the same line. +[M08] [BRC_M_EUS] Open braces for enum, union and struct go on the same line. -[R06] [BRC_R_SST] Do not unnecessarily use braces where a single statement will do. +[R04] [BRC_R_SST] Do not unnecessarily use braces where a single statement will do. -Exception: if one branch of a conditional statement is a single statement, use braces in both branches. -[R07] [LNE_R_TWS] No trailing whitespaces at the ends of lines. +[R05] [LNE_R_TWS] No trailing whitespaces at the ends of lines. -[R08] [LNE_R_EOF] Check for adding lines without a newline at end of file. -Notes: File should end with '\n' (single newline at the end of file) +[R06] [LNE_R_EOF] Check for adding lines without a newline at end of file. +Note: File should end with '\n' (single newline at the end of file) -[R09] In source file, the sequence of the code organization : Copyright File comments Header files Define constant and macros Declare static (private) functions Define exported (public) functions Define static (private) functions Define protected functions. -Notes: Static (private) function code first, then functions used by other objects in library; API (public) functions at the end +[R07] In source file, the sequence of the code organization : Copyright, File comments, Header files, Define constant and macros, Declare static (private) functions, Define exported (public) functions, Define static (private) functions, Define protected functions. +Note: Static (private) function code first, then functions used by other objects in library; API (public) functions at the end ******** Public API should use 'API' macro - other functions are not visible outside of library -[M07] Separate external public header(API) and internal header(declare protected functions that are not exported but use for many files) +[M09] Separate external public header(API) and internal header(declare protected functions that are not exported but use for many files) -[M08] External public headers include the Doxygen style for comment. ex) Variable, Function, Struct. +[M10] External public headers include the Doxygen style for comment. ex) Variable, Function, Struct. -[M09] In function prototypes, include parameter names with their data types and return type. +[M11] In function prototypes, include parameter names with their data types and return type. -[R10] Macros with multiple statements should be enclosed in a "do -while" block. +[R08] Macros with multiple statements should be enclosed in a "do -while" block. -[R11] ''#' symbol for macro shall be located at the first column. +[R09] ''#' symbol for macro shall be located at the first column. -[R12] In macro definition, every expression and the arguments in the expressions shall be enclosed by '(' and ')' for each. +[R10] In macro definition, every expression and the arguments in the expressions shall be enclosed by '(' and ')' for each. -[R13] Don’t declare both a structure tag and variables or typedefs in the same declaration. +[R11] Don’t declare both a structure tag and variables or typedefs in the same declaration. Note: Avoid use of typedefs for structures/enums unless it's needed (for handles in API etc.) -[R14] Each variable shall be declared in the new line. +[R12] Each variable shall be declared in the new line. Notes: except for counters (like i, j, k, etc.). -[M10] No mixed-case, Use underscores('_') to separate words in a name. +[M12] No mixed-case, Use underscores('_') to separate words in a name. -[R15] Names of macros defining constants and labels in enums are composed of capital letters, numbers and '_' character. +[R13] Names of macros defining constants and labels in enums are composed of capital letters, numbers and '_' character. -[R16] Name of functions are Verb + Noun to have a good representation of features. +[R14] Name of functions are Verb + Noun to have a good representation of features. Note: this is rule of thumb except for Public API. Public API has prefix (__fcn). -------------------------------------------------------------------------------- @@ -98,8 +98,8 @@ Note: this is rule of thumb except for Public API. Public API has prefix ( 0) { ret = yaca_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t), - (void**)&mutexes); + (void**)&mutexes); if (ret != YACA_ERROR_NONE) goto exit; @@ -393,7 +393,7 @@ API int yaca_randomize_bytes(char *data, size_t data_len) } API int yaca_context_set_property(yaca_context_h ctx, yaca_property_e property, - const void *value, size_t value_len) + const void *value, size_t value_len) { if (ctx == YACA_CONTEXT_NULL || ctx->set_property == NULL) return YACA_ERROR_INVALID_PARAMETER; @@ -402,7 +402,7 @@ API int yaca_context_set_property(yaca_context_h ctx, yaca_property_e property, } API int yaca_context_get_property(const yaca_context_h ctx, yaca_property_e property, - void **value, size_t *value_len) + void **value, size_t *value_len) { if (ctx == YACA_CONTEXT_NULL || ctx->get_property == NULL) return YACA_ERROR_INVALID_PARAMETER; @@ -420,10 +420,10 @@ API void yaca_context_destroy(yaca_context_h ctx) } API int yaca_context_get_output_length(const yaca_context_h ctx, - size_t input_len, size_t *output_len) + size_t input_len, size_t *output_len) { if (ctx == YACA_CONTEXT_NULL || output_len == NULL || - ctx->get_output_length == NULL) + ctx->get_output_length == NULL) return YACA_ERROR_INVALID_PARAMETER; return ctx->get_output_length(ctx, input_len, output_len); diff --git a/src/debug.c b/src/debug.c index 80edb1d..e49a4ca 100644 --- a/src/debug.c +++ b/src/debug.c @@ -81,7 +81,7 @@ void error_dump(const char *file, int line, const char *function, int code) } written = snprintf(buf, BUF_SIZE, "%s:%d %s() API error: %s0x%02X (%s)\n", file, - line, function, sign, code, err_str); + line, function, sign, code, err_str); while ((err = ERR_get_error()) != 0 && written < BUF_SIZE - 1) { if (!error_strings_loaded) { @@ -151,9 +151,9 @@ int error_handle(const char *file, int line, const char *function) while ((err = ERR_get_error()) != 0) if (err == ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, PKCS12_R_DECODE_ERROR) || - err == ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PBE_CRYPT, PKCS12_R_PKCS12_CIPHERFINAL_ERROR) || - err == ERR_PACK(ERR_LIB_DSA, DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB) || - err == ERR_PACK(ERR_LIB_RSA, RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB)) { + err == ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PBE_CRYPT, PKCS12_R_PKCS12_CIPHERFINAL_ERROR) || + err == ERR_PACK(ERR_LIB_DSA, DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB) || + err == ERR_PACK(ERR_LIB_RSA, RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB)) { found_crypto_error = true; break; } diff --git a/src/digest.c b/src/digest.c index 7b14ad2..1d7cbad 100644 --- a/src/digest.c +++ b/src/digest.c @@ -80,8 +80,8 @@ static struct yaca_digest_context_s *get_digest_context(const yaca_context_h ctx } static int get_digest_output_length(const yaca_context_h ctx, - size_t input_len, - size_t *output_len) + size_t input_len, + size_t *output_len) { assert(output_len != NULL); diff --git a/src/encrypt.c b/src/encrypt.c index 5b0e9f5..f4a21f3 100644 --- a/src/encrypt.c +++ b/src/encrypt.c @@ -320,8 +320,8 @@ int get_wrap_output_length(const yaca_context_h ctx, size_t input_len, size_t *o } static int encrypt_ctx_create(struct yaca_encrypt_context_s **c, - enum encrypt_op_type_e op_type, - const EVP_CIPHER *cipher) + enum encrypt_op_type_e op_type, + const EVP_CIPHER *cipher) { int ret; int mode; @@ -340,8 +340,8 @@ static int encrypt_ctx_create(struct yaca_encrypt_context_s **c, nc->backup_ctx = NULL; nc->ctx.context_destroy = destroy_encrypt_context; nc->ctx.get_output_length = (mode == EVP_CIPH_WRAP_MODE) ? - get_wrap_output_length : - get_encrypt_output_length; + get_wrap_output_length : + get_encrypt_output_length; nc->ctx.set_property = set_encrypt_property; nc->ctx.get_property = get_encrypt_property; nc->op_type = op_type; @@ -374,8 +374,8 @@ exit: } static int encrypt_ctx_init(struct yaca_encrypt_context_s *c, - const EVP_CIPHER *cipher, - size_t key_bit_len) + const EVP_CIPHER *cipher, + size_t key_bit_len) { int ret; @@ -386,11 +386,11 @@ static int encrypt_ctx_init(struct yaca_encrypt_context_s *c, return YACA_ERROR_INVALID_PARAMETER; ret = EVP_CipherInit_ex(c->cipher_ctx, - cipher, - NULL, - NULL, - NULL, - is_encryption_op(c->op_type) ? 1 : 0); + cipher, + NULL, + NULL, + NULL, + is_encryption_op(c->op_type) ? 1 : 0); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); @@ -409,8 +409,8 @@ static int encrypt_ctx_init(struct yaca_encrypt_context_s *c, } static int encrypt_ctx_setup_iv(struct yaca_encrypt_context_s *c, - const EVP_CIPHER *cipher, - const struct yaca_key_simple_s *iv) + const EVP_CIPHER *cipher, + const struct yaca_key_simple_s *iv) { int ret; size_t default_iv_bit_len; @@ -445,10 +445,10 @@ static int encrypt_ctx_setup_iv(struct yaca_encrypt_context_s *c, if (mode == EVP_CIPH_GCM_MODE) { ret = EVP_CIPHER_CTX_ctrl(c->cipher_ctx, EVP_CTRL_GCM_SET_IVLEN, - iv->bit_len / 8, NULL); + iv->bit_len / 8, NULL); } else if (mode == EVP_CIPH_CCM_MODE) { ret = EVP_CIPHER_CTX_ctrl(c->cipher_ctx, EVP_CTRL_CCM_SET_IVLEN, - iv->bit_len / 8, NULL); + iv->bit_len / 8, NULL); } else { return YACA_ERROR_INVALID_PARAMETER; } @@ -462,8 +462,8 @@ static int encrypt_ctx_setup_iv(struct yaca_encrypt_context_s *c, } static int encrypt_ctx_setup(struct yaca_encrypt_context_s *c, - const yaca_key_h key, - const yaca_key_h iv) + const yaca_key_h key, + const yaca_key_h iv) { int ret; unsigned char *iv_data = NULL; @@ -499,11 +499,11 @@ static int encrypt_ctx_setup(struct yaca_encrypt_context_s *c, iv_data = (unsigned char*)liv->d; ret = EVP_CipherInit_ex(c->cipher_ctx, - NULL, - NULL, - (unsigned char*)lkey->d, - iv_data, - is_encryption_op(c->op_type) ? 1 : 0); + NULL, + NULL, + (unsigned char*)lkey->d, + iv_data, + is_encryption_op(c->op_type) ? 1 : 0); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); @@ -514,9 +514,9 @@ static int encrypt_ctx_setup(struct yaca_encrypt_context_s *c, } static int encrypt_ctx_backup(struct yaca_encrypt_context_s *c, - const EVP_CIPHER *cipher, - const yaca_key_h sym_key, - const yaca_key_h iv) + const EVP_CIPHER *cipher, + const yaca_key_h sym_key, + const yaca_key_h iv) { int ret; struct yaca_backup_context_s *bc; @@ -562,7 +562,7 @@ static int encrypt_ctx_restore(struct yaca_encrypt_context_s *c) assert(ret != YACA_ERROR_INVALID_PARAMETER); if (c->backup_ctx->padding == YACA_PADDING_NONE && - EVP_CIPHER_CTX_set_padding(c->cipher_ctx, 0) != 1) { + EVP_CIPHER_CTX_set_padding(c->cipher_ctx, 0) != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); return ret; @@ -648,9 +648,9 @@ static int encrypt_ctx_set_rc2_effective_key_bits(struct yaca_encrypt_context_s } int set_encrypt_property(yaca_context_h ctx, - yaca_property_e property, - const void *value, - size_t value_len) + yaca_property_e property, + const void *value, + size_t value_len) { struct yaca_encrypt_context_s *c = get_encrypt_context(ctx); int len; @@ -666,7 +666,7 @@ int set_encrypt_property(yaca_context_h ctx, switch (property) { case YACA_PROPERTY_GCM_AAD: if (mode != EVP_CIPH_GCM_MODE || - !verify_state_change(c, ENC_CTX_AAD_UPDATED)) + !verify_state_change(c, ENC_CTX_AAD_UPDATED)) return YACA_ERROR_INVALID_PARAMETER; if (EVP_CipherUpdate(c->cipher_ctx, NULL, &len, value, value_len) != 1) { @@ -677,7 +677,7 @@ int set_encrypt_property(yaca_context_h ctx, break; case YACA_PROPERTY_CCM_AAD: if (mode != EVP_CIPH_CCM_MODE || - !verify_state_change(c, ENC_CTX_AAD_UPDATED)) + !verify_state_change(c, ENC_CTX_AAD_UPDATED)) return YACA_ERROR_INVALID_PARAMETER; if (EVP_CipherUpdate(c->cipher_ctx, NULL, &len, value, value_len) != 1) { @@ -688,8 +688,8 @@ int set_encrypt_property(yaca_context_h ctx, break; case YACA_PROPERTY_GCM_TAG: if (mode != EVP_CIPH_GCM_MODE || is_encryption_op(c->op_type) || - !is_valid_tag_len(mode, value_len) || - !verify_state_change(c, ENC_CTX_TAG_SET)) + !is_valid_tag_len(mode, value_len) || + !verify_state_change(c, ENC_CTX_TAG_SET)) return YACA_ERROR_INVALID_PARAMETER; if (EVP_CIPHER_CTX_ctrl(c->cipher_ctx, EVP_CTRL_GCM_SET_TAG, value_len, (void*)value) != 1) { @@ -700,9 +700,9 @@ int set_encrypt_property(yaca_context_h ctx, break; case YACA_PROPERTY_GCM_TAG_LEN: if (value_len != sizeof(size_t) || mode != EVP_CIPH_GCM_MODE || - !is_encryption_op(c->op_type) || - !is_valid_tag_len(mode, *(size_t*)value) || - !verify_state_change(c, ENC_CTX_TAG_LENGTH_SET)) + !is_encryption_op(c->op_type) || + !is_valid_tag_len(mode, *(size_t*)value) || + !verify_state_change(c, ENC_CTX_TAG_LENGTH_SET)) return YACA_ERROR_INVALID_PARAMETER; c->tag_len = *(size_t*)value; @@ -710,8 +710,8 @@ int set_encrypt_property(yaca_context_h ctx, break; case YACA_PROPERTY_CCM_TAG: if (mode != EVP_CIPH_CCM_MODE || is_encryption_op(c->op_type) || - !is_valid_tag_len(mode, value_len) || - !verify_state_change(c, ENC_CTX_TAG_SET)) + !is_valid_tag_len(mode, value_len) || + !verify_state_change(c, ENC_CTX_TAG_SET)) return YACA_ERROR_INVALID_PARAMETER; ret = encrypt_ctx_set_ccm_tag(c, (char*)value, value_len); @@ -722,9 +722,9 @@ int set_encrypt_property(yaca_context_h ctx, break; case YACA_PROPERTY_CCM_TAG_LEN: if (value_len != sizeof(size_t) || mode != EVP_CIPH_CCM_MODE || - !is_encryption_op(c->op_type) || - !is_valid_tag_len(mode, *(size_t*)value) || - !verify_state_change(c, ENC_CTX_TAG_LENGTH_SET)) + !is_encryption_op(c->op_type) || + !is_valid_tag_len(mode, *(size_t*)value) || + !verify_state_change(c, ENC_CTX_TAG_LENGTH_SET)) return YACA_ERROR_INVALID_PARAMETER; ret = encrypt_ctx_set_ccm_tag_len(c, *(size_t*)value); @@ -735,10 +735,10 @@ int set_encrypt_property(yaca_context_h ctx, break; case YACA_PROPERTY_PADDING: if ((mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE) || - value_len != sizeof(yaca_padding_e) || - (*(yaca_padding_e*)value != YACA_PADDING_NONE && - *(yaca_padding_e*)value != YACA_PADDING_PKCS7) || - c->state == ENC_CTX_FINALIZED) + value_len != sizeof(yaca_padding_e) || + (*(yaca_padding_e*)value != YACA_PADDING_NONE && + *(yaca_padding_e*)value != YACA_PADDING_PKCS7) || + c->state == ENC_CTX_FINALIZED) return YACA_ERROR_INVALID_PARAMETER; int padding = *(yaca_padding_e*)value == YACA_PADDING_NONE ? 0 : 1; @@ -751,8 +751,8 @@ int set_encrypt_property(yaca_context_h ctx, break; case YACA_PROPERTY_RC2_EFFECTIVE_KEY_BITS: if (value_len != sizeof(size_t) || - (nid != NID_rc2_cbc && nid != NID_rc2_ecb && nid != NID_rc2_cfb64 && nid != NID_rc2_ofb64) || - c->state != ENC_CTX_INITIALIZED) + (nid != NID_rc2_cbc && nid != NID_rc2_ecb && nid != NID_rc2_cfb64 && nid != NID_rc2_ofb64) || + c->state != ENC_CTX_INITIALIZED) return YACA_ERROR_INVALID_PARAMETER; ret = encrypt_ctx_set_rc2_effective_key_bits(c, *(size_t*)value); @@ -765,7 +765,7 @@ int set_encrypt_property(yaca_context_h ctx, } int get_encrypt_property(const yaca_context_h ctx, yaca_property_e property, - void **value, size_t *value_len) + void **value, size_t *value_len) { struct yaca_encrypt_context_s *c = get_encrypt_context(ctx); int mode; @@ -779,17 +779,17 @@ int get_encrypt_property(const yaca_context_h ctx, yaca_property_e property, switch (property) { case YACA_PROPERTY_GCM_TAG: if (value_len == NULL || - !is_encryption_op(c->op_type) || - mode != EVP_CIPH_GCM_MODE || - (c->state != ENC_CTX_TAG_LENGTH_SET && c->state != ENC_CTX_FINALIZED)) + !is_encryption_op(c->op_type) || + mode != EVP_CIPH_GCM_MODE || + (c->state != ENC_CTX_TAG_LENGTH_SET && c->state != ENC_CTX_FINALIZED)) return YACA_ERROR_INVALID_PARAMETER; assert(c->tag_len <= INT_MAX); if (EVP_CIPHER_CTX_ctrl(c->cipher_ctx, - EVP_CTRL_GCM_GET_TAG, - c->tag_len, - value) != 1) { + EVP_CTRL_GCM_GET_TAG, + c->tag_len, + value) != 1) { ERROR_DUMP(YACA_ERROR_INTERNAL); return YACA_ERROR_INTERNAL; } @@ -797,17 +797,17 @@ int get_encrypt_property(const yaca_context_h ctx, yaca_property_e property, break; case YACA_PROPERTY_CCM_TAG: if (value_len == NULL || - !is_encryption_op(c->op_type) || - mode != EVP_CIPH_CCM_MODE || - c->state != ENC_CTX_FINALIZED) + !is_encryption_op(c->op_type) || + mode != EVP_CIPH_CCM_MODE || + c->state != ENC_CTX_FINALIZED) return YACA_ERROR_INVALID_PARAMETER; assert(c->tag_len <= INT_MAX); if (EVP_CIPHER_CTX_ctrl(c->cipher_ctx, - EVP_CTRL_CCM_GET_TAG, - c->tag_len, - value) != 1) { + EVP_CTRL_CCM_GET_TAG, + c->tag_len, + value) != 1) { ERROR_DUMP(YACA_ERROR_INTERNAL); return YACA_ERROR_INTERNAL; } @@ -829,8 +829,8 @@ static int check_key_bit_length_for_algo(yaca_encrypt_algorithm_e algo, size_t k switch (algo) { case YACA_ENCRYPT_AES: if (key_bit_len != YACA_KEY_LENGTH_UNSAFE_128BIT && - key_bit_len != YACA_KEY_LENGTH_192BIT && - key_bit_len != YACA_KEY_LENGTH_256BIT) + key_bit_len != YACA_KEY_LENGTH_192BIT && + key_bit_len != YACA_KEY_LENGTH_256BIT) ret = YACA_ERROR_INVALID_PARAMETER; break; case YACA_ENCRYPT_UNSAFE_DES: @@ -866,9 +866,9 @@ static int check_key_bit_length_for_algo(yaca_encrypt_algorithm_e algo, size_t k } int encrypt_get_algorithm(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t key_bit_len, - const EVP_CIPHER **cipher) + yaca_block_cipher_mode_e bcm, + size_t key_bit_len, + const EVP_CIPHER **cipher) { int ret; size_t i; @@ -884,9 +884,9 @@ int encrypt_get_algorithm(yaca_encrypt_algorithm_e algo, for (i = 0; i < ENCRYPTION_CIPHERS_SIZE; ++i) if (ENCRYPTION_CIPHERS[i].algo == algo && - ENCRYPTION_CIPHERS[i].bcm == bcm && - (ENCRYPTION_CIPHERS[i].key_bit_len == key_bit_len || - ENCRYPTION_CIPHERS[i].key_bit_len == (size_t)-1)) { + ENCRYPTION_CIPHERS[i].bcm == bcm && + (ENCRYPTION_CIPHERS[i].key_bit_len == key_bit_len || + ENCRYPTION_CIPHERS[i].key_bit_len == (size_t)-1)) { *cipher = ENCRYPTION_CIPHERS[i].cipher(); ret = YACA_ERROR_NONE; break; @@ -901,10 +901,10 @@ int encrypt_get_algorithm(yaca_encrypt_algorithm_e algo, } int encrypt_initialize(yaca_context_h *ctx, - const EVP_CIPHER *cipher, - const yaca_key_h sym_key, - const yaca_key_h iv, - enum encrypt_op_type_e op_type) + const EVP_CIPHER *cipher, + const yaca_key_h sym_key, + const yaca_key_h iv, + enum encrypt_op_type_e op_type) { struct yaca_encrypt_context_s *nc; struct yaca_key_simple_s *lsym_key; @@ -918,7 +918,7 @@ int encrypt_initialize(yaca_context_h *ctx, return YACA_ERROR_INVALID_PARAMETER; if (lsym_key->key.type != YACA_KEY_TYPE_DES && - lsym_key->key.type != YACA_KEY_TYPE_SYMMETRIC) + lsym_key->key.type != YACA_KEY_TYPE_SYMMETRIC) return YACA_ERROR_INVALID_PARAMETER; ret = encrypt_ctx_create(&nc, op_type, cipher); @@ -936,7 +936,7 @@ int encrypt_initialize(yaca_context_h *ctx, int mode = EVP_CIPHER_CTX_mode(nc->cipher_ctx); int nid = EVP_CIPHER_CTX_nid(nc->cipher_ctx); if (mode == EVP_CIPH_CCM_MODE || - nid == NID_rc2_cbc || nid == NID_rc2_ecb || nid == NID_rc2_cfb64 || nid == NID_rc2_ofb64) { + nid == NID_rc2_cbc || nid == NID_rc2_ecb || nid == NID_rc2_cfb64 || nid == NID_rc2_ofb64) { ret = encrypt_ctx_backup(nc, cipher, sym_key, iv); if (ret != YACA_ERROR_NONE) goto exit; @@ -955,9 +955,9 @@ exit: } int encrypt_update(yaca_context_h ctx, - const unsigned char *input, size_t input_len, - unsigned char *output, size_t *output_len, - enum encrypt_op_type_e op_type) + const unsigned char *input, size_t input_len, + unsigned char *output, size_t *output_len, + enum encrypt_op_type_e op_type) { struct yaca_encrypt_context_s *c = get_encrypt_context(ctx); int ret; @@ -989,7 +989,7 @@ int encrypt_update(yaca_context_h ctx, return YACA_ERROR_INVALID_PARAMETER; } else if (nid == NID_id_smime_alg_CMS3DESwrap) { if (input_len != (YACA_KEY_LENGTH_UNSAFE_128BIT / 8) && - input_len != (YACA_KEY_LENGTH_192BIT / 8)) + input_len != (YACA_KEY_LENGTH_192BIT / 8)) return YACA_ERROR_INVALID_PARAMETER; } else { assert(false); @@ -1001,7 +1001,7 @@ int encrypt_update(yaca_context_h ctx, return YACA_ERROR_INVALID_PARAMETER; } else if (nid == NID_id_smime_alg_CMS3DESwrap) { if (input_len != (YACA_KEY_LENGTH_UNSAFE_128BIT / 8 + 16) && - input_len != (YACA_KEY_LENGTH_192BIT / 8 + 16)) + input_len != (YACA_KEY_LENGTH_192BIT / 8 + 16)) return YACA_ERROR_INVALID_PARAMETER; } else { assert(false); @@ -1048,8 +1048,8 @@ int encrypt_update(yaca_context_h ctx, } int encrypt_finalize(yaca_context_h ctx, - unsigned char *output, size_t *output_len, - enum encrypt_op_type_e op_type) + unsigned char *output, size_t *output_len, + enum encrypt_op_type_e op_type) { struct yaca_encrypt_context_s *c = get_encrypt_context(ctx); int ret; @@ -1088,9 +1088,9 @@ int encrypt_finalize(yaca_context_h ctx, } API int yaca_encrypt_get_iv_bit_length(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t key_bit_len, - size_t *iv_bit_len) + yaca_block_cipher_mode_e bcm, + size_t key_bit_len, + size_t *iv_bit_len) { const EVP_CIPHER *cipher; int ret; @@ -1113,10 +1113,10 @@ API int yaca_encrypt_get_iv_bit_length(yaca_encrypt_algorithm_e algo, } API int yaca_encrypt_initialize(yaca_context_h *ctx, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv) + yaca_encrypt_algorithm_e algo, + yaca_block_cipher_mode_e bcm, + const yaca_key_h sym_key, + const yaca_key_h iv) { int ret; const EVP_CIPHER *cipher; @@ -1133,27 +1133,27 @@ API int yaca_encrypt_initialize(yaca_context_h *ctx, } API int yaca_encrypt_update(yaca_context_h ctx, - const char *plaintext, - size_t plaintext_len, - char *ciphertext, - size_t *ciphertext_len) + const char *plaintext, + size_t plaintext_len, + char *ciphertext, + size_t *ciphertext_len) { return encrypt_update(ctx, (const unsigned char*)plaintext, plaintext_len, - (unsigned char*)ciphertext, ciphertext_len, OP_ENCRYPT); + (unsigned char*)ciphertext, ciphertext_len, OP_ENCRYPT); } API int yaca_encrypt_finalize(yaca_context_h ctx, - char *ciphertext, - size_t *ciphertext_len) + char *ciphertext, + size_t *ciphertext_len) { return encrypt_finalize(ctx, (unsigned char*)ciphertext, ciphertext_len, OP_ENCRYPT); } API int yaca_decrypt_initialize(yaca_context_h *ctx, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv) + yaca_encrypt_algorithm_e algo, + yaca_block_cipher_mode_e bcm, + const yaca_key_h sym_key, + const yaca_key_h iv) { int ret; const EVP_CIPHER *cipher; @@ -1170,18 +1170,18 @@ API int yaca_decrypt_initialize(yaca_context_h *ctx, } API int yaca_decrypt_update(yaca_context_h ctx, - const char *ciphertext, - size_t ciphertext_len, - char *plaintext, - size_t *plaintext_len) + const char *ciphertext, + size_t ciphertext_len, + char *plaintext, + size_t *plaintext_len) { return encrypt_update(ctx, (const unsigned char*)ciphertext, ciphertext_len, - (unsigned char*)plaintext, plaintext_len, OP_DECRYPT); + (unsigned char*)plaintext, plaintext_len, OP_DECRYPT); } API int yaca_decrypt_finalize(yaca_context_h ctx, - char *plaintext, - size_t *plaintext_len) + char *plaintext, + size_t *plaintext_len) { return encrypt_finalize(ctx, (unsigned char*)plaintext, plaintext_len, OP_DECRYPT); } diff --git a/src/internal.h b/src/internal.h index 4bae2aa..ac8062b 100644 --- a/src/internal.h +++ b/src/internal.h @@ -85,9 +85,9 @@ struct yaca_context_s { void (*context_destroy)(const yaca_context_h ctx); int (*get_output_length)(const yaca_context_h ctx, size_t input_len, size_t *output_len); int (*set_property)(yaca_context_h ctx, yaca_property_e property, - const void *value, size_t value_len); + const void *value, size_t value_len); int (*get_property)(const yaca_context_h ctx, yaca_property_e property, - void **value, size_t *value_len); + void **value, size_t *value_len); }; struct yaca_backup_context_s { @@ -172,30 +172,30 @@ void destroy_encrypt_context(const yaca_context_h ctx); int get_encrypt_output_length(const yaca_context_h ctx, size_t input_len, size_t *output_len); int set_encrypt_property(yaca_context_h ctx, yaca_property_e property, - const void *value, size_t value_len); + const void *value, size_t value_len); int get_encrypt_property(const yaca_context_h ctx, yaca_property_e property, - void **value, size_t *value_len); + void **value, size_t *value_len); int encrypt_get_algorithm(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t key_bit_len, - const EVP_CIPHER **cipher); + yaca_block_cipher_mode_e bcm, + size_t key_bit_len, + const EVP_CIPHER **cipher); int encrypt_initialize(yaca_context_h *ctx, - const EVP_CIPHER *cipher, - const yaca_key_h sym_key, - const yaca_key_h iv, - enum encrypt_op_type_e op_type); + const EVP_CIPHER *cipher, + const yaca_key_h sym_key, + const yaca_key_h iv, + enum encrypt_op_type_e op_type); int encrypt_update(yaca_context_h ctx, - const unsigned char *input, size_t input_len, - unsigned char *output, size_t *output_len, - enum encrypt_op_type_e op_type); + const unsigned char *input, size_t input_len, + unsigned char *output, size_t *output_len, + enum encrypt_op_type_e op_type); int encrypt_finalize(yaca_context_h ctx, - unsigned char *output, size_t *output_len, - enum encrypt_op_type_e op_type); + unsigned char *output, size_t *output_len, + enum encrypt_op_type_e op_type); struct yaca_key_simple_s *key_get_simple(const yaca_key_h key); struct yaca_key_evp_s *key_get_evp(const yaca_key_h key); diff --git a/src/key.c b/src/key.c index 404840a..a9fdfef 100644 --- a/src/key.c +++ b/src/key.c @@ -246,9 +246,9 @@ exit: } static int import_simple(yaca_key_h *key, - yaca_key_type_e key_type, - const char *data, - size_t data_len) + yaca_key_type_e key_type, + const char *data, + size_t data_len) { assert(key != NULL); assert(data != NULL); @@ -289,8 +289,8 @@ static int import_simple(yaca_key_h *key, if (key_type == YACA_KEY_TYPE_DES) { size_t key_bit_len = key_data_len * 8; if (key_bit_len != YACA_KEY_LENGTH_UNSAFE_64BIT && - key_bit_len != YACA_KEY_LENGTH_UNSAFE_128BIT && - key_bit_len != YACA_KEY_LENGTH_192BIT) { + key_bit_len != YACA_KEY_LENGTH_UNSAFE_128BIT && + key_bit_len != YACA_KEY_LENGTH_192BIT) { ret = YACA_ERROR_INVALID_PARAMETER; goto exit; } @@ -405,10 +405,10 @@ exit: } static int import_evp(yaca_key_h *key, - yaca_key_type_e key_type, - const char *password, - const char *data, - size_t data_len) + yaca_key_type_e key_type, + const char *password, + const char *data, + size_t data_len) { assert(key != NULL); assert(password == NULL || password[0] != '\0'); @@ -594,7 +594,7 @@ static int import_evp(yaca_key_h *key, } if ((key_type == YACA_KEY_TYPE_RSA_PRIV || key_type == YACA_KEY_TYPE_RSA_PUB) && - (EVP_PKEY_size(pkey) < YACA_KEY_LENGTH_512BIT / 8)) { + (EVP_PKEY_size(pkey) < YACA_KEY_LENGTH_512BIT / 8)) { ret = YACA_ERROR_INVALID_PARAMETER; goto exit; } @@ -617,8 +617,8 @@ exit: } static int export_simple_raw(struct yaca_key_simple_s *simple_key, - char **data, - size_t *data_len) + char **data, + size_t *data_len) { int ret; assert(simple_key != NULL); @@ -640,8 +640,8 @@ static int export_simple_raw(struct yaca_key_simple_s *simple_key, } static int export_simple_base64(struct yaca_key_simple_s *simple_key, - char **data, - size_t *data_len) + char **data, + size_t *data_len) { assert(simple_key != NULL); assert(data != NULL); @@ -707,9 +707,9 @@ exit: } static int export_evp_default_bio(struct yaca_key_evp_s *evp_key, - yaca_key_file_format_e key_file_fmt, - const char *password, - BIO *mem) + yaca_key_file_format_e key_file_fmt, + const char *password, + BIO *mem) { assert(evp_key != NULL); assert(password == NULL || password[0] != '\0'); @@ -731,7 +731,7 @@ static int export_evp_default_bio(struct yaca_key_evp_s *evp_key, case YACA_KEY_TYPE_DH_PRIV: case YACA_KEY_TYPE_EC_PRIV: ret = PEM_write_bio_PrivateKey(mem, evp_key->evp, enc, - NULL, 0, NULL, (void*)password); + NULL, 0, NULL, (void*)password); break; case YACA_KEY_TYPE_RSA_PUB: @@ -811,9 +811,9 @@ static int export_evp_default_bio(struct yaca_key_evp_s *evp_key, } static int export_evp_pkcs8_bio(struct yaca_key_evp_s *evp_key, - yaca_key_file_format_e key_file_fmt, - const char *password, - BIO *mem) + yaca_key_file_format_e key_file_fmt, + const char *password, + BIO *mem) { assert(evp_key != NULL); assert(password == NULL || password[0] != '\0'); @@ -836,7 +836,7 @@ static int export_evp_pkcs8_bio(struct yaca_key_evp_s *evp_key, case YACA_KEY_TYPE_DH_PRIV: case YACA_KEY_TYPE_EC_PRIV: ret = PEM_write_bio_PKCS8PrivateKey(mem, evp_key->evp, enc, - NULL, 0, NULL, (void*)password); + NULL, 0, NULL, (void*)password); break; default: @@ -853,7 +853,7 @@ static int export_evp_pkcs8_bio(struct yaca_key_evp_s *evp_key, case YACA_KEY_TYPE_DH_PRIV: case YACA_KEY_TYPE_EC_PRIV: ret = i2d_PKCS8PrivateKey_bio(mem, evp_key->evp, enc, - NULL, 0, NULL, (void*)password); + NULL, 0, NULL, (void*)password); break; default: @@ -876,11 +876,11 @@ static int export_evp_pkcs8_bio(struct yaca_key_evp_s *evp_key, } static int export_evp(struct yaca_key_evp_s *evp_key, - yaca_key_format_e key_fmt, - yaca_key_file_format_e key_file_fmt, - const char *password, - char **data, - size_t *data_len) + yaca_key_format_e key_fmt, + yaca_key_file_format_e key_file_fmt, + const char *password, + char **data, + size_t *data_len) { assert(evp_key != NULL); assert(password == NULL || password[0] != '\0'); @@ -972,8 +972,8 @@ static int generate_simple_des(struct yaca_key_simple_s **out, size_t key_bit_le assert(out != NULL); if (key_bit_len != YACA_KEY_LENGTH_UNSAFE_64BIT && - key_bit_len != YACA_KEY_LENGTH_UNSAFE_128BIT && - key_bit_len != YACA_KEY_LENGTH_192BIT) + key_bit_len != YACA_KEY_LENGTH_UNSAFE_128BIT && + key_bit_len != YACA_KEY_LENGTH_192BIT) return YACA_ERROR_INVALID_PARAMETER; int ret; @@ -1037,7 +1037,7 @@ static int generate_evp_pkey_params(int evp_id, size_t key_bit_len, EVP_PKEY **p switch (evp_id) { case EVP_PKEY_DSA: if ((key_bit_len & YACA_KEYLEN_COMPONENT_TYPE_MASK) != YACA_KEYLEN_COMPONENT_TYPE_BITS || - key_bit_len > INT_MAX || key_bit_len < 512 || key_bit_len % 64 != 0) + key_bit_len > INT_MAX || key_bit_len < 512 || key_bit_len % 64 != 0) return YACA_ERROR_INVALID_PARAMETER; bit_len = key_bit_len; @@ -1113,7 +1113,7 @@ static int generate_evp_pkey_params(int evp_id, size_t key_bit_len, EVP_PKEY **p * fact that the _set_dh_ variant actually passes EVP_PKEY_DHX: * ret = EVP_PKEY_CTX_set_dh_rfc5114(pctx, dh_rfc5114); */ ret = EVP_PKEY_CTX_ctrl(pctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DH_RFC5114, dh_rfc5114, NULL); + EVP_PKEY_CTRL_DH_RFC5114, dh_rfc5114, NULL); } else { ret = EVP_PKEY_CTX_set_dh_paramgen_prime_len(pctx, dh_prime_len); if (ret == 1) @@ -1191,7 +1191,7 @@ static int generate_evp_pkey_key(int evp_id, size_t key_bit_len, EVP_PKEY *param if (evp_id == EVP_PKEY_RSA) { if ((key_bit_len & YACA_KEYLEN_COMPONENT_TYPE_MASK) != YACA_KEYLEN_COMPONENT_TYPE_BITS || - key_bit_len > INT_MAX || key_bit_len < 512 || key_bit_len % 8 != 0) { + key_bit_len > INT_MAX || key_bit_len < 512 || key_bit_len % 8 != 0) { ret = YACA_ERROR_INVALID_PARAMETER; goto exit; } @@ -1219,7 +1219,7 @@ exit: } static int generate_evp(yaca_key_type_e out_type, size_t key_bit_len, - struct yaca_key_evp_s *params, struct yaca_key_evp_s **out) + struct yaca_key_evp_s *params, struct yaca_key_evp_s **out) { assert(out != NULL); assert(key_bit_len > 0 || params != NULL); @@ -1459,10 +1459,10 @@ API int yaca_key_get_bit_length(const yaca_key_h key, size_t *key_bit_len) } API int yaca_key_import(yaca_key_type_e key_type, - const char *password, - const char *data, - size_t data_len, - yaca_key_h *key) + const char *password, + const char *data, + size_t data_len, + yaca_key_h *key) { if (key == NULL || data == NULL || data_len == 0) return YACA_ERROR_INVALID_PARAMETER; @@ -1496,11 +1496,11 @@ API int yaca_key_import(yaca_key_type_e key_type, } API int yaca_key_export(const yaca_key_h key, - yaca_key_format_e key_fmt, - yaca_key_file_format_e key_file_fmt, - const char *password, - char **data, - size_t *data_len) + yaca_key_format_e key_fmt, + yaca_key_file_format_e key_file_fmt, + const char *password, + char **data, + size_t *data_len) { struct yaca_key_simple_s *simple_key = key_get_simple(key); struct yaca_key_evp_s *evp_key = key_get_evp(key); @@ -1516,25 +1516,25 @@ API int yaca_key_export(const yaca_key_h key, return YACA_ERROR_INVALID_PARAMETER; if (key_fmt == YACA_KEY_FORMAT_DEFAULT && - key_file_fmt == YACA_KEY_FILE_FORMAT_RAW && - simple_key != NULL) + key_file_fmt == YACA_KEY_FILE_FORMAT_RAW && + simple_key != NULL) return export_simple_raw(simple_key, data, data_len); if (key_fmt == YACA_KEY_FORMAT_DEFAULT && - key_file_fmt == YACA_KEY_FILE_FORMAT_BASE64 && - simple_key != NULL) + key_file_fmt == YACA_KEY_FILE_FORMAT_BASE64 && + simple_key != NULL) return export_simple_base64(simple_key, data, data_len); if (evp_key != NULL) return export_evp(evp_key, key_fmt, key_file_fmt, - password, data, data_len); + password, data, data_len); return YACA_ERROR_INVALID_PARAMETER; } API int yaca_key_generate(yaca_key_type_e key_type, - size_t key_bit_len, - yaca_key_h *key) + size_t key_bit_len, + yaca_key_h *key) { int ret; struct yaca_key_simple_s *nk_simple = NULL; @@ -1758,9 +1758,9 @@ API void yaca_key_destroy(yaca_key_h key) } API int yaca_key_derive_dh(const yaca_key_h prv_key, - const yaca_key_h pub_key, - char **secret, - size_t *secret_len) + const yaca_key_h pub_key, + char **secret, + size_t *secret_len) { int ret; struct yaca_key_evp_s *lprv_key = key_get_evp(prv_key); @@ -1770,11 +1770,11 @@ API int yaca_key_derive_dh(const yaca_key_h prv_key, size_t data_len; if (lprv_key == NULL || lpub_key == NULL || secret == NULL || secret_len == NULL || - (!(lprv_key->key.type == YACA_KEY_TYPE_DH_PRIV && - lpub_key->key.type == YACA_KEY_TYPE_DH_PUB) - && - !(lprv_key->key.type == YACA_KEY_TYPE_EC_PRIV && - lpub_key->key.type == YACA_KEY_TYPE_EC_PUB))) + (!(lprv_key->key.type == YACA_KEY_TYPE_DH_PRIV && + lpub_key->key.type == YACA_KEY_TYPE_DH_PUB) + && + !(lprv_key->key.type == YACA_KEY_TYPE_EC_PRIV && + lpub_key->key.type == YACA_KEY_TYPE_EC_PUB))) return YACA_ERROR_INVALID_PARAMETER; ctx = EVP_PKEY_CTX_new(lprv_key->evp, NULL); @@ -1833,21 +1833,21 @@ exit: } API int yaca_key_derive_kdf(yaca_kdf_e kdf, - yaca_digest_algorithm_e algo, - const char *secret, - size_t secret_len, - const char *info, - size_t info_len, - size_t key_material_len, - char **key_material) + yaca_digest_algorithm_e algo, + const char *secret, + size_t secret_len, + const char *info, + size_t info_len, + size_t key_material_len, + char **key_material) { int ret; char *out = NULL; const EVP_MD *md; if (secret == NULL || secret_len == 0 || - (info == NULL && info_len > 0) || (info != NULL && info_len == 0) || - key_material_len == 0 || key_material == NULL) + (info == NULL && info_len > 0) || (info != NULL && info_len == 0) || + key_material_len == 0 || key_material == NULL) return YACA_ERROR_INVALID_PARAMETER; ret = yaca_zalloc(key_material_len, (void**)&out); @@ -1861,8 +1861,8 @@ API int yaca_key_derive_kdf(yaca_kdf_e kdf, switch (kdf) { case YACA_KDF_X942: ret = DH_KDF_X9_42((unsigned char*)out, key_material_len, - (unsigned char*)secret, secret_len, - OBJ_nid2obj(NID_id_smime_alg_ESDH), (unsigned char*)info, info_len, md); + (unsigned char*)secret, secret_len, + OBJ_nid2obj(NID_id_smime_alg_ESDH), (unsigned char*)info, info_len, md); if (ret != 1 || out == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); @@ -1871,8 +1871,8 @@ API int yaca_key_derive_kdf(yaca_kdf_e kdf, break; case YACA_KDF_X962: ret = ECDH_KDF_X9_62((unsigned char*)out, key_material_len, - (unsigned char*)secret, secret_len, - (unsigned char*)info, info_len, md); + (unsigned char*)secret, secret_len, + (unsigned char*)info, info_len, md); if (ret != 1 || out == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); @@ -1894,12 +1894,12 @@ exit: } API int yaca_key_derive_pbkdf2(const char *password, - const char *salt, - size_t salt_len, - size_t iterations, - yaca_digest_algorithm_e algo, - size_t key_bit_len, - yaca_key_h *key) + const char *salt, + size_t salt_len, + size_t iterations, + yaca_digest_algorithm_e algo, + size_t key_bit_len, + yaca_key_h *key) { const EVP_MD *md; struct yaca_key_simple_s *nk; @@ -1907,8 +1907,8 @@ API int yaca_key_derive_pbkdf2(const char *password, int ret; if (password == NULL || - (salt == NULL && salt_len > 0) || (salt != NULL && salt_len == 0) || - iterations == 0 || key_bit_len == 0 || key == NULL) + (salt == NULL && salt_len > 0) || (salt != NULL && salt_len == 0) || + iterations == 0 || key_bit_len == 0 || key == NULL) return YACA_ERROR_INVALID_PARAMETER; if (key_bit_len % 8) /* Key length must be multiple of 8-bit_len */ @@ -1929,8 +1929,8 @@ API int yaca_key_derive_pbkdf2(const char *password, nk->key.type = YACA_KEY_TYPE_SYMMETRIC; ret = PKCS5_PBKDF2_HMAC(password, -1, (const unsigned char*)salt, - salt_len, iterations, md, key_byte_len, - (unsigned char*)nk->d); + salt_len, iterations, md, key_byte_len, + (unsigned char*)nk->d); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); diff --git a/src/rsa.c b/src/rsa.c index 436c3b9..7fbb6e4 100644 --- a/src/rsa.c +++ b/src/rsa.c @@ -57,12 +57,12 @@ int rsa_padding2openssl(yaca_padding_e padding) typedef int (*encrypt_decrypt_fn)(int, const unsigned char*, unsigned char*, RSA*, int); static int encrypt_decrypt(yaca_padding_e padding, - const yaca_key_h key, - const char *input, - size_t input_len, - char **output, - size_t *output_len, - encrypt_decrypt_fn fn) + const yaca_key_h key, + const char *input, + size_t input_len, + char **output, + size_t *output_len, + encrypt_decrypt_fn fn) { int ret; size_t max_len; @@ -71,7 +71,7 @@ static int encrypt_decrypt(yaca_padding_e padding, int lpadding; if ((input == NULL && input_len > 0) || (input != NULL && input_len == 0) || - output == NULL || output_len == NULL) + output == NULL || output_len == NULL) return YACA_ERROR_INVALID_PARAMETER; lpadding = rsa_padding2openssl(padding); @@ -94,10 +94,10 @@ static int encrypt_decrypt(yaca_padding_e padding, return ret; ret = fn(input_len, - (const unsigned char*)input, - (unsigned char*)loutput, - EVP_PKEY_get0_RSA(lasym_key->evp), - lpadding); + (const unsigned char*)input, + (unsigned char*)loutput, + EVP_PKEY_get0_RSA(lasym_key->evp), + lpadding); if (ret < 0) { ret = ERROR_HANDLE(); @@ -121,11 +121,11 @@ exit: API int yaca_rsa_public_encrypt(yaca_padding_e padding, - const yaca_key_h pub_key, - const char *plaintext, - size_t plaintext_len, - char **ciphertext, - size_t *ciphertext_len) + const yaca_key_h pub_key, + const char *plaintext, + size_t plaintext_len, + char **ciphertext, + size_t *ciphertext_len) { if (pub_key == YACA_KEY_NULL || pub_key->type != YACA_KEY_TYPE_RSA_PUB) return YACA_ERROR_INVALID_PARAMETER; @@ -141,20 +141,20 @@ API int yaca_rsa_public_encrypt(yaca_padding_e padding, } return encrypt_decrypt(padding, - pub_key, - plaintext, - plaintext_len, - ciphertext, - ciphertext_len, - RSA_public_encrypt); + pub_key, + plaintext, + plaintext_len, + ciphertext, + ciphertext_len, + RSA_public_encrypt); } API int yaca_rsa_private_decrypt(yaca_padding_e padding, - const yaca_key_h prv_key, - const char *ciphertext, - size_t ciphertext_len, - char **plaintext, - size_t *plaintext_len) + const yaca_key_h prv_key, + const char *ciphertext, + size_t ciphertext_len, + char **plaintext, + size_t *plaintext_len) { if (prv_key == YACA_KEY_NULL || prv_key->type != YACA_KEY_TYPE_RSA_PRIV) return YACA_ERROR_INVALID_PARAMETER; @@ -170,20 +170,20 @@ API int yaca_rsa_private_decrypt(yaca_padding_e padding, } return encrypt_decrypt(padding, - prv_key, - ciphertext, - ciphertext_len, - plaintext, - plaintext_len, - RSA_private_decrypt); + prv_key, + ciphertext, + ciphertext_len, + plaintext, + plaintext_len, + RSA_private_decrypt); } API int yaca_rsa_private_encrypt(yaca_padding_e padding, - const yaca_key_h prv_key, - const char *plaintext, - size_t plaintext_len, - char **ciphertext, - size_t *ciphertext_len) + const yaca_key_h prv_key, + const char *plaintext, + size_t plaintext_len, + char **ciphertext, + size_t *ciphertext_len) { if (prv_key == YACA_KEY_NULL || prv_key->type != YACA_KEY_TYPE_RSA_PRIV) return YACA_ERROR_INVALID_PARAMETER; @@ -197,20 +197,20 @@ API int yaca_rsa_private_encrypt(yaca_padding_e padding, } return encrypt_decrypt(padding, - prv_key, - plaintext, - plaintext_len, - ciphertext, - ciphertext_len, - RSA_private_encrypt); + prv_key, + plaintext, + plaintext_len, + ciphertext, + ciphertext_len, + RSA_private_encrypt); } API int yaca_rsa_public_decrypt(yaca_padding_e padding, - const yaca_key_h pub_key, - const char *ciphertext, - size_t ciphertext_len, - char **plaintext, - size_t *plaintext_len) + const yaca_key_h pub_key, + const char *ciphertext, + size_t ciphertext_len, + char **plaintext, + size_t *plaintext_len) { if (pub_key == YACA_KEY_NULL || pub_key->type != YACA_KEY_TYPE_RSA_PUB) return YACA_ERROR_INVALID_PARAMETER; @@ -224,10 +224,10 @@ API int yaca_rsa_public_decrypt(yaca_padding_e padding, } return encrypt_decrypt(padding, - pub_key, - ciphertext, - ciphertext_len, - plaintext, - plaintext_len, - RSA_public_decrypt); + pub_key, + ciphertext, + ciphertext_len, + plaintext, + plaintext_len, + RSA_public_decrypt); } diff --git a/src/seal.c b/src/seal.c index f9b16a4..a7c3b50 100644 --- a/src/seal.c +++ b/src/seal.c @@ -35,14 +35,14 @@ #include "internal.h" static int seal_generate_sym_key(yaca_encrypt_algorithm_e algo, - size_t sym_key_bit_len, - yaca_key_h *sym_key) + size_t sym_key_bit_len, + yaca_key_h *sym_key) { assert(sym_key != NULL); if (algo == YACA_ENCRYPT_3DES_3TDEA || - algo == YACA_ENCRYPT_UNSAFE_3DES_2TDEA || - algo == YACA_ENCRYPT_UNSAFE_DES) + algo == YACA_ENCRYPT_UNSAFE_3DES_2TDEA || + algo == YACA_ENCRYPT_UNSAFE_DES) return yaca_key_generate(YACA_KEY_TYPE_DES, sym_key_bit_len, sym_key); else return yaca_key_generate(YACA_KEY_TYPE_SYMMETRIC, sym_key_bit_len, sym_key); @@ -74,8 +74,8 @@ static int seal_generate_iv(const EVP_CIPHER *cipher, yaca_key_h *iv) /* used for asymmetric encryption and decryption */ static int seal_encrypt_decrypt_key(const yaca_key_h asym_key, - const yaca_key_h in_key, - yaca_key_h *out_key) + const yaca_key_h in_key, + yaca_key_h *out_key) { int ret; const struct yaca_key_evp_s *lasym_key; @@ -112,14 +112,14 @@ static int seal_encrypt_decrypt_key(const yaca_key_h asym_key, if (asym_key->type == YACA_KEY_TYPE_RSA_PRIV) ret = EVP_PKEY_decrypt_old((unsigned char*)lout_key->d, - (unsigned char*)lin_key->d, - lin_key->bit_len / 8, - lasym_key->evp); + (unsigned char*)lin_key->d, + lin_key->bit_len / 8, + lasym_key->evp); else ret = EVP_PKEY_encrypt_old((unsigned char*)lout_key->d, - (unsigned char*)lin_key->d, - lin_key->bit_len / 8, - lasym_key->evp); + (unsigned char*)lin_key->d, + lin_key->bit_len / 8, + lasym_key->evp); if (ret <= 0) { ret = ERROR_HANDLE(); @@ -143,12 +143,12 @@ exit: } API int yaca_seal_initialize(yaca_context_h *ctx, - const yaca_key_h pub_key, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t sym_key_bit_len, - yaca_key_h *sym_key, - yaca_key_h *iv) + const yaca_key_h pub_key, + yaca_encrypt_algorithm_e algo, + yaca_block_cipher_mode_e bcm, + size_t sym_key_bit_len, + yaca_key_h *sym_key, + yaca_key_h *iv) { int ret; const EVP_CIPHER *cipher; @@ -157,7 +157,7 @@ API int yaca_seal_initialize(yaca_context_h *ctx, yaca_key_h lenc_sym_key = YACA_KEY_NULL; if (pub_key == YACA_KEY_NULL || pub_key->type != YACA_KEY_TYPE_RSA_PUB || - sym_key == NULL || bcm == YACA_BCM_WRAP || sym_key_bit_len % 8 != 0) + sym_key == NULL || bcm == YACA_BCM_WRAP || sym_key_bit_len % 8 != 0) return YACA_ERROR_INVALID_PARAMETER; ret = encrypt_get_algorithm(algo, bcm, sym_key_bit_len, &cipher); @@ -201,36 +201,36 @@ exit: } API int yaca_seal_update(yaca_context_h ctx, - const char *plaintext, - size_t plaintext_len, - char *ciphertext, - size_t *ciphertext_len) + const char *plaintext, + size_t plaintext_len, + char *ciphertext, + size_t *ciphertext_len) { return encrypt_update(ctx, (const unsigned char*)plaintext, plaintext_len, - (unsigned char*)ciphertext, ciphertext_len, OP_SEAL); + (unsigned char*)ciphertext, ciphertext_len, OP_SEAL); } API int yaca_seal_finalize(yaca_context_h ctx, - char *ciphertext, - size_t *ciphertext_len) + char *ciphertext, + size_t *ciphertext_len) { return encrypt_finalize(ctx, (unsigned char*)ciphertext, ciphertext_len, OP_SEAL); } API int yaca_open_initialize(yaca_context_h *ctx, - const yaca_key_h prv_key, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t sym_key_bit_len, - const yaca_key_h sym_key, - const yaca_key_h iv) + const yaca_key_h prv_key, + yaca_encrypt_algorithm_e algo, + yaca_block_cipher_mode_e bcm, + size_t sym_key_bit_len, + const yaca_key_h sym_key, + const yaca_key_h iv) { int ret; const EVP_CIPHER *cipher; yaca_key_h lsym_key = YACA_KEY_NULL; if (prv_key == YACA_KEY_NULL || prv_key->type != YACA_KEY_TYPE_RSA_PRIV || - sym_key == YACA_KEY_NULL || bcm == YACA_BCM_WRAP || sym_key_bit_len % 8 != 0) + sym_key == YACA_KEY_NULL || bcm == YACA_BCM_WRAP || sym_key_bit_len % 8 != 0) return YACA_ERROR_INVALID_PARAMETER; ret = encrypt_get_algorithm(algo, bcm, sym_key_bit_len, &cipher); @@ -254,18 +254,18 @@ exit: } API int yaca_open_update(yaca_context_h ctx, - const char *ciphertext, - size_t ciphertext_len, - char *plaintext, - size_t *plaintext_len) + const char *ciphertext, + size_t ciphertext_len, + char *plaintext, + size_t *plaintext_len) { return encrypt_update(ctx, (const unsigned char*)ciphertext, ciphertext_len, - (unsigned char*)plaintext, plaintext_len, OP_OPEN); + (unsigned char*)plaintext, plaintext_len, OP_OPEN); } API int yaca_open_finalize(yaca_context_h ctx, - char *plaintext, - size_t *plaintext_len) + char *plaintext, + size_t *plaintext_len) { return encrypt_finalize(ctx, (unsigned char*)plaintext, plaintext_len, OP_OPEN); } diff --git a/src/sign.c b/src/sign.c index 6ef23df..23c9fa0 100644 --- a/src/sign.c +++ b/src/sign.c @@ -79,8 +79,8 @@ static struct yaca_sign_context_s *get_sign_context(const yaca_context_h ctx) } static int get_sign_output_length(const yaca_context_h ctx, - size_t input_len, - size_t *output_len) + size_t input_len, + size_t *output_len) { assert(output_len != NULL); @@ -124,9 +124,9 @@ static void destroy_sign_context(yaca_context_h ctx) } int set_sign_property(yaca_context_h ctx, - yaca_property_e property, - const void *value, - size_t value_len) + yaca_property_e property, + const void *value, + size_t value_len) { int ret; struct yaca_sign_context_s *c = get_sign_context(ctx); @@ -183,8 +183,8 @@ int set_sign_property(yaca_context_h ctx, } API int yaca_sign_initialize(yaca_context_h *ctx, - yaca_digest_algorithm_e algo, - const yaca_key_h prv_key) + yaca_digest_algorithm_e algo, + const yaca_key_h prv_key) { struct yaca_sign_context_s *nc = NULL; const EVP_MD *md = NULL; @@ -201,7 +201,7 @@ API int yaca_sign_initialize(yaca_context_h *ctx, switch (prv_key->type) { case YACA_KEY_TYPE_RSA_PRIV: if (EVP_MD_size(md) >= EVP_PKEY_size(evp_key->evp) || - (algo == YACA_DIGEST_SHA384 && (EVP_PKEY_size(evp_key->evp) <= YACA_KEY_LENGTH_512BIT / 8))) + (algo == YACA_DIGEST_SHA384 && (EVP_PKEY_size(evp_key->evp) <= YACA_KEY_LENGTH_512BIT / 8))) return YACA_ERROR_INVALID_PARAMETER; break; case YACA_KEY_TYPE_DSA_PRIV: @@ -247,8 +247,8 @@ exit: } API int yaca_sign_initialize_hmac(yaca_context_h *ctx, - yaca_digest_algorithm_e algo, - const yaca_key_h sym_key) + yaca_digest_algorithm_e algo, + const yaca_key_h sym_key) { struct yaca_sign_context_s *nc = NULL; EVP_PKEY *pkey = NULL; @@ -257,7 +257,7 @@ API int yaca_sign_initialize_hmac(yaca_context_h *ctx, const struct yaca_key_simple_s *simple_key = key_get_simple(sym_key); if (ctx == NULL || simple_key == NULL || - (sym_key->type != YACA_KEY_TYPE_SYMMETRIC && sym_key->type != YACA_KEY_TYPE_DES)) + (sym_key->type != YACA_KEY_TYPE_SYMMETRIC && sym_key->type != YACA_KEY_TYPE_DES)) return YACA_ERROR_INVALID_PARAMETER; ret = yaca_zalloc(sizeof(struct yaca_sign_context_s), (void**)&nc); @@ -272,9 +272,9 @@ API int yaca_sign_initialize_hmac(yaca_context_h *ctx, nc->ctx.get_property = NULL; pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, - NULL, - (unsigned char *)simple_key->d, - simple_key->bit_len / 8); + NULL, + (unsigned char *)simple_key->d, + simple_key->bit_len / 8); if (pkey == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); @@ -312,8 +312,8 @@ exit: } API int yaca_sign_initialize_cmac(yaca_context_h *ctx, - yaca_encrypt_algorithm_e algo, - const yaca_key_h sym_key) + yaca_encrypt_algorithm_e algo, + const yaca_key_h sym_key) { struct yaca_sign_context_s *nc = NULL; CMAC_CTX* cmac_ctx = NULL; @@ -323,7 +323,7 @@ API int yaca_sign_initialize_cmac(yaca_context_h *ctx, const struct yaca_key_simple_s *simple_key = key_get_simple(sym_key); if (ctx == NULL || simple_key == NULL || - (sym_key->type != YACA_KEY_TYPE_SYMMETRIC && sym_key->type != YACA_KEY_TYPE_DES)) + (sym_key->type != YACA_KEY_TYPE_SYMMETRIC && sym_key->type != YACA_KEY_TYPE_DES)) return YACA_ERROR_INVALID_PARAMETER; ret = yaca_zalloc(sizeof(struct yaca_sign_context_s), (void**)&nc); @@ -398,14 +398,14 @@ exit: } API int yaca_sign_update(yaca_context_h ctx, - const char *message, - size_t message_len) + const char *message, + size_t message_len) { struct yaca_sign_context_s *c = get_sign_context(ctx); int ret; if (c == NULL || c->op_type != OP_SIGN || - message == NULL || message_len == 0) + message == NULL || message_len == 0) return YACA_ERROR_INVALID_PARAMETER; if (!verify_state_change(c, CTX_MSG_UPDATED)) @@ -423,14 +423,14 @@ API int yaca_sign_update(yaca_context_h ctx, } API int yaca_sign_finalize(yaca_context_h ctx, - char *signature, - size_t *signature_len) + char *signature, + size_t *signature_len) { struct yaca_sign_context_s *c = get_sign_context(ctx); int ret; if (c == NULL || c->op_type != OP_SIGN || - signature == NULL || signature_len == NULL || *signature_len == 0) + signature == NULL || signature_len == NULL || *signature_len == 0) return YACA_ERROR_INVALID_PARAMETER; if (!verify_state_change(c, CTX_FINALIZED)) @@ -448,8 +448,8 @@ API int yaca_sign_finalize(yaca_context_h ctx, } API int yaca_verify_initialize(yaca_context_h *ctx, - yaca_digest_algorithm_e algo, - const yaca_key_h pub_key) + yaca_digest_algorithm_e algo, + const yaca_key_h pub_key) { struct yaca_sign_context_s *nc = NULL; const EVP_MD *md = NULL; @@ -466,7 +466,7 @@ API int yaca_verify_initialize(yaca_context_h *ctx, switch (pub_key->type) { case YACA_KEY_TYPE_RSA_PUB: if (EVP_MD_size(md) >= EVP_PKEY_size(evp_key->evp) || - (algo == YACA_DIGEST_SHA384 && (EVP_PKEY_size(evp_key->evp) <= YACA_KEY_LENGTH_512BIT / 8))) + (algo == YACA_DIGEST_SHA384 && (EVP_PKEY_size(evp_key->evp) <= YACA_KEY_LENGTH_512BIT / 8))) return YACA_ERROR_INVALID_PARAMETER; break; case YACA_KEY_TYPE_DSA_PUB: @@ -512,8 +512,8 @@ exit: } API int yaca_verify_update(yaca_context_h ctx, - const char *message, - size_t message_len) + const char *message, + size_t message_len) { struct yaca_sign_context_s *c = get_sign_context(ctx); int ret; @@ -536,8 +536,8 @@ API int yaca_verify_update(yaca_context_h ctx, } API int yaca_verify_finalize(yaca_context_h ctx, - const char *signature, - size_t signature_len) + const char *signature, + size_t signature_len) { struct yaca_sign_context_s *c = get_sign_context(ctx); int ret; @@ -549,8 +549,8 @@ API int yaca_verify_finalize(yaca_context_h ctx, return YACA_ERROR_INVALID_PARAMETER; ret = EVP_DigestVerifyFinal(c->md_ctx, - (unsigned char *)signature, - signature_len); + (unsigned char *)signature, + signature_len); if (ret == 1) { c->state = CTX_FINALIZED; diff --git a/src/simple.c b/src/simple.c index 00d9b3c..e4c7a38 100644 --- a/src/simple.c +++ b/src/simple.c @@ -34,10 +34,10 @@ #include "internal.h" API int yaca_simple_calculate_digest(yaca_digest_algorithm_e algo, - const char *data, - size_t data_len, - char **digest, - size_t *digest_len) + const char *data, + size_t data_len, + char **digest, + size_t *digest_len) { yaca_context_h ctx; int ret; @@ -45,7 +45,7 @@ API int yaca_simple_calculate_digest(yaca_digest_algorithm_e algo, size_t ldigest_len; if ((data == NULL && data_len > 0) || (data != NULL && data_len == 0) || - digest == NULL || digest_len == NULL) + digest == NULL || digest_len == NULL) return YACA_ERROR_INVALID_PARAMETER; ret = yaca_digest_initialize(&ctx, algo); @@ -84,13 +84,13 @@ exit: } API int yaca_simple_encrypt(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv, - const char *plaintext, - size_t plaintext_len, - char **ciphertext, - size_t *ciphertext_len) + yaca_block_cipher_mode_e bcm, + const yaca_key_h sym_key, + const yaca_key_h iv, + const char *plaintext, + size_t plaintext_len, + char **ciphertext, + size_t *ciphertext_len) { yaca_context_h ctx; int ret; @@ -100,9 +100,9 @@ API int yaca_simple_encrypt(yaca_encrypt_algorithm_e algo, size_t written = 0; if ((plaintext == NULL && plaintext_len > 0) || (plaintext != NULL && plaintext_len == 0) || - ciphertext == NULL || ciphertext_len == NULL || - sym_key == YACA_KEY_NULL || - bcm == YACA_BCM_CCM || bcm == YACA_BCM_GCM) + ciphertext == NULL || ciphertext_len == NULL || + sym_key == YACA_KEY_NULL || + bcm == YACA_BCM_CCM || bcm == YACA_BCM_GCM) return YACA_ERROR_INVALID_PARAMETER; ret = yaca_encrypt_initialize(&ctx, algo, bcm, sym_key, iv); @@ -148,7 +148,7 @@ API int yaca_simple_encrypt(yaca_encrypt_algorithm_e algo, assert(written <= lciphertext_len); if (((bcm == YACA_BCM_CBC || bcm == YACA_BCM_ECB) && written == 0) || - (bcm != YACA_BCM_CBC && bcm != YACA_BCM_ECB && plaintext_len == 0 && written > 0)) { + (bcm != YACA_BCM_CBC && bcm != YACA_BCM_ECB && plaintext_len == 0 && written > 0)) { ret = YACA_ERROR_INTERNAL; goto exit; } @@ -175,13 +175,13 @@ exit: } API int yaca_simple_decrypt(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv, - const char *ciphertext, - size_t ciphertext_len, - char **plaintext, - size_t *plaintext_len) + yaca_block_cipher_mode_e bcm, + const yaca_key_h sym_key, + const yaca_key_h iv, + const char *ciphertext, + size_t ciphertext_len, + char **plaintext, + size_t *plaintext_len) { yaca_context_h ctx; int ret; @@ -191,10 +191,10 @@ API int yaca_simple_decrypt(yaca_encrypt_algorithm_e algo, size_t written = 0; if ((ciphertext == NULL && ciphertext_len > 0) || (ciphertext != NULL && ciphertext_len == 0) || - ((bcm == YACA_BCM_ECB || bcm == YACA_BCM_CBC) && ciphertext == NULL && ciphertext_len == 0) || - plaintext == NULL || plaintext_len == NULL || - sym_key == YACA_KEY_NULL || - bcm == YACA_BCM_CCM || bcm == YACA_BCM_GCM) + ((bcm == YACA_BCM_ECB || bcm == YACA_BCM_CBC) && ciphertext == NULL && ciphertext_len == 0) || + plaintext == NULL || plaintext_len == NULL || + sym_key == YACA_KEY_NULL || + bcm == YACA_BCM_CCM || bcm == YACA_BCM_GCM) return YACA_ERROR_INVALID_PARAMETER; ret = yaca_decrypt_initialize(&ctx, algo, bcm, sym_key, iv); @@ -266,7 +266,7 @@ exit: } static int sign(const yaca_context_h ctx, const char *data, size_t data_len, - char **signature, size_t *signature_len) + char **signature, size_t *signature_len) { int ret; @@ -299,17 +299,17 @@ static int sign(const yaca_context_h ctx, const char *data, size_t data_len, } API int yaca_simple_calculate_signature(yaca_digest_algorithm_e algo, - const yaca_key_h prv_key, - const char *data, - size_t data_len, - char **signature, - size_t *signature_len) + const yaca_key_h prv_key, + const char *data, + size_t data_len, + char **signature, + size_t *signature_len) { int ret; yaca_context_h ctx = YACA_CONTEXT_NULL; if ((data == NULL && data_len > 0) || (data != NULL && data_len == 0) || - signature == NULL || signature_len == NULL) + signature == NULL || signature_len == NULL) return YACA_ERROR_INVALID_PARAMETER; ret = yaca_sign_initialize(&ctx, algo, prv_key); @@ -324,17 +324,17 @@ API int yaca_simple_calculate_signature(yaca_digest_algorithm_e algo, } API int yaca_simple_verify_signature(yaca_digest_algorithm_e algo, - const yaca_key_h pub_key, - const char *data, - size_t data_len, - const char *signature, - size_t signature_len) + const yaca_key_h pub_key, + const char *data, + size_t data_len, + const char *signature, + size_t signature_len) { int ret; yaca_context_h ctx = YACA_CONTEXT_NULL; if ((data == NULL && data_len > 0) || (data != NULL && data_len == 0) || - signature == NULL || signature_len == 0) + signature == NULL || signature_len == 0) return YACA_ERROR_INVALID_PARAMETER; ret = yaca_verify_initialize(&ctx, algo, pub_key); @@ -356,17 +356,17 @@ exit: } API int yaca_simple_calculate_hmac(yaca_digest_algorithm_e algo, - const yaca_key_h sym_key, - const char *data, - size_t data_len, - char **mac, - size_t *mac_len) + const yaca_key_h sym_key, + const char *data, + size_t data_len, + char **mac, + size_t *mac_len) { int ret; yaca_context_h ctx = YACA_CONTEXT_NULL; if ((data == NULL && data_len > 0) || (data != NULL && data_len == 0) || - mac == NULL || mac_len == NULL) + mac == NULL || mac_len == NULL) return YACA_ERROR_INVALID_PARAMETER; ret = yaca_sign_initialize_hmac(&ctx, algo, sym_key); @@ -381,17 +381,17 @@ API int yaca_simple_calculate_hmac(yaca_digest_algorithm_e algo, } API int yaca_simple_calculate_cmac(yaca_encrypt_algorithm_e algo, - const yaca_key_h sym_key, - const char *data, - size_t data_len, - char **mac, - size_t *mac_len) + const yaca_key_h sym_key, + const char *data, + size_t data_len, + char **mac, + size_t *mac_len) { int ret; yaca_context_h ctx = YACA_CONTEXT_NULL; if ((data == NULL && data_len > 0) || (data != NULL && data_len == 0) || - mac == NULL || mac_len == NULL) + mac == NULL || mac_len == NULL) return YACA_ERROR_INVALID_PARAMETER; ret = yaca_sign_initialize_cmac(&ctx, algo, sym_key); -- 2.7.4 From a32e8b8b168bc497cdacd139e555a6bc77e695d1 Mon Sep 17 00:00:00 2001 From: Mateusz Forc Date: Wed, 23 Nov 2016 13:04:57 +0100 Subject: [PATCH 04/16] YACA : Make capi-base-common an optional dependency Change-Id: I6cc9995fecc7a5bf9849fb4d0e2d5e2c26058fa1 --- api/yaca/yaca_error.h | 11 +++++++++-- src/CMakeLists.txt | 8 +++++++- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/api/yaca/yaca_error.h b/api/yaca/yaca_error.h index f062812..c571485 100644 --- a/api/yaca/yaca_error.h +++ b/api/yaca/yaca_error.h @@ -21,11 +21,18 @@ * @brief Error enums and defines. */ +#ifdef CAPI_BASE_COMMON_PRESENT +#include +#else +#include +#define TIZEN_ERROR_NONE 0 +#define TIZEN_ERROR_INVALID_PARAMETER -EINVAL +#define TIZEN_ERROR_OUT_OF_MEMORY -ENOMEM +#endif + #ifndef YACA_ERROR_H #define YACA_ERROR_H -#include - #ifdef __cplusplus extern "C" { #endif diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index ae4168b..8d8badd 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -45,7 +45,13 @@ SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES VERSION ${_LIB_VERSION_}) ## Link libraries ############################################################## -PKG_CHECK_MODULES(YACA_DEPS REQUIRED openssl capi-base-common) +PKG_CHECK_MODULES(YACA_DEPS REQUIRED openssl) + +PKG_CHECK_MODULES(CAPI_BASE_COMMON capi-base-common) +IF (CAPI_BASE_COMMON_FOUND) + ADD_DEFINITIONS(-DCAPI_BASE_COMMON_PRESENT) + INCLUDE_DIRECTORIES(SYSTEM ${CAPI_BASE_COMMON_INCLUDE_DIRS}) +ENDIF() FIND_PACKAGE (Threads) -- 2.7.4 From 6a9daa80f2d8aa268f7f6613e6bcbf42d48379d9 Mon Sep 17 00:00:00 2001 From: "sangwan.kwon" Date: Fri, 3 Feb 2017 15:33:14 +0900 Subject: [PATCH 05/16] Apply the reviewed API documentation Change-Id: I071343de3d70cf0bcc4b1bf10b53ea878ff3da5d Signed-off-by: sangwan.kwon --- api/yaca/yaca_crypto.h | 237 +++++++++++--------------- api/yaca/yaca_digest.h | 69 ++++---- api/yaca/yaca_encrypt.h | 215 ++++++++++------------- api/yaca/yaca_error.h | 38 +++-- api/yaca/yaca_key.h | 441 ++++++++++++++++++++---------------------------- api/yaca/yaca_rsa.h | 168 ++++++++---------- api/yaca/yaca_seal.h | 238 +++++++++++--------------- api/yaca/yaca_sign.h | 260 ++++++++++++---------------- api/yaca/yaca_simple.h | 332 +++++++++++++++--------------------- api/yaca/yaca_types.h | 171 +++++++++---------- 10 files changed, 916 insertions(+), 1253 deletions(-) diff --git a/api/yaca/yaca_crypto.h b/api/yaca/yaca_crypto.h index 56425eb..6108336 100644 --- a/api/yaca/yaca_crypto.h +++ b/api/yaca/yaca_crypto.h @@ -16,283 +16,246 @@ * limitations under the License */ + /** - * @file yaca_crypto.h - * @brief Non crypto related functions. + * @file yaca_crypto.h + * @brief Non crypto related functions. */ + #ifndef YACA_CRYPTO_H #define YACA_CRYPTO_H + #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_ENCRYPTION_MODULE * @{ */ + /** - * @brief NULL value for the crypto context. - * + * @brief Definition for NULL value for the crypto context. * @since_tizen 3.0 */ #define YACA_CONTEXT_NULL ((yaca_context_h) NULL) + /** - * @brief Initializes the library. Must be called before any other crypto - * function. Should be called once in each thread that uses yaca. - * + * @brief Initializes the library. Must be called before any other crypto + * function. Should be called once in each thread that uses yaca. * @since_tizen 3.0 - * - * @return #YACA_ERROR_NONE on success, negative on error + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_cleanup() */ int yaca_initialize(void); + /** - * @brief Cleans up the library. Must be called before exiting the thread that - * called yaca_initialize(). - * + * @brief Cleans up the library. Must be called before exiting the thread that called yaca_initialize(). * @since_tizen 3.0 - * * @see yaca_initialize() */ void yaca_cleanup(void); + /** - * @brief Allocates the memory. - * + * @brief Allocates the memory. * @since_tizen 3.0 - * - * @remarks The @a memory should be freed using yaca_free(). - * - * @param[in] size Size of the allocation (bytes) + * @remarks The @a memory should be freed using yaca_free(). + * @param[in] size Size of the allocation (bytes) * @param[out] memory Allocated memory - * - * @return #YACA_ERROR_NONE on success, negative on error + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error - * * @see yaca_zalloc() * @see yaca_realloc() * @see yaca_free() */ int yaca_malloc(size_t size, void **memory); + /** - * @brief Allocates the zeroed memory. - * + * @brief Allocates the zeroed memory. * @since_tizen 3.0 - * - * @remarks The @a memory should be freed using yaca_free(). - * - * @param[in] size Size of the allocation (bytes) - * @param[out] memory Allocated memory - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a memory should be freed using yaca_free(). + * @param[in] size Size of the allocation (bytes) + * @param[out] memory Allocated memory + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error - * * @see yaca_malloc() * @see yaca_realloc() * @see yaca_free() */ int yaca_zalloc(size_t size, void **memory); + /** - * @brief Re-allocates the memory. - * + * @brief Re-allocates the memory. * @since_tizen 3.0 - * - * @remarks In case of failure the function doesn't free the memory pointed by @a memory. - * - * @remarks If @a memory is NULL then the call is equivalent to yaca_malloc(). - * - * @remarks If the function fails the contents of @a memory will be left unchanged. - * - * @remarks The @a memory should be freed using yaca_free(). - * - * @param[in] size Size of the new allocation (bytes) + * @remarks In case of failure the function doesn't free the memory pointed by @a memory. + * @remarks If @a memory is NULL then the call is equivalent to yaca_malloc(). + * @remarks If the function fails the contents of @a memory will be left unchanged. + * @remarks The @a memory should be freed using yaca_free(). + * @param[in] size Size of the new allocation (bytes) * @param[in,out] memory Memory to be reallocated - * - * @return #YACA_ERROR_NONE on success, negative on error + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error - * * @see yaca_malloc() * @see yaca_zalloc() * @see yaca_free() */ int yaca_realloc(size_t size, void **memory); + /** - * @brief Frees the memory allocated by yaca_malloc(), yaca_zalloc(), - * yaca_realloc() or one of the cryptographic operations. - * + * @brief Frees the memory allocated by yaca_malloc(), yaca_zalloc(), + * yaca_realloc() or one of the cryptographic operations. * @since_tizen 3.0 - * - * @param[in] memory Pointer to the memory to be freed - * + * @param[in] memory Pointer to the memory to be freed * @see yaca_malloc() * @see yaca_zalloc() * @see yaca_realloc() */ void yaca_free(void *memory); + /** - * @brief Safely compares first @a len bytes of two buffers. - * + * @brief Safely compares first @a len bytes of two buffers. * @since_tizen 3.0 - * - * @param[in] first Pointer to the first buffer - * @param[in] second Pointer to the second buffer - * @param[in] len Length to compare - * - * @return #YACA_ERROR_NONE when buffers are equal otherwise #YACA_ERROR_DATA_MISMATCH + * @param[in] first Pointer to the first buffer + * @param[in] second Pointer to the second buffer + * @param[in] len Length to compare + * @return #YACA_ERROR_NONE when buffers are equal, + * otherwise #YACA_ERROR_DATA_MISMATCH * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0) * @retval #YACA_ERROR_DATA_MISMATCH Buffers are different */ int yaca_memcmp(const void *first, const void *second, size_t len); + /** - * @brief Generates random data. - * + * @brief Generates random data. * @since_tizen 3.0 - * - * @param[in,out] data Pointer to the memory to be randomized - * @param[in] data_len Length of the memory to be randomized - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in,out] data Pointer to the memory to be randomized + * @param[in] data_len Length of the memory to be randomized + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0) * @retval #YACA_ERROR_INTERNAL Internal error */ int yaca_randomize_bytes(char *data, size_t data_len); + /** - * @brief Sets the non-standard context properties. Can only be called on an - * initialized context. - * - * @remarks The @a value has to be of type appropriate for given property. See #yaca_property_e - * for details on corresponding types. - * + * @brief Sets the non-standard context properties. Can only be called on an initialized context. * @since_tizen 3.0 - * - * @param[in,out] ctx Previously initialized crypto context - * @param[in] property Property to be set - * @param[in] value Property value - * @param[in] value_len Length of the property value - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a value has to be of type appropriate for given property. See #yaca_property_e + * for details on corresponding types. + * @param[in,out] ctx Previously initialized crypto context + * @param[in] property Property to be set + * @param[in] value Property value + * @param[in] value_len Length of the property value + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a ctx or @a property) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_property_e * @see yaca_context_get_property() */ -int yaca_context_set_property(yaca_context_h ctx, - yaca_property_e property, - const void *value, - size_t value_len); +int yaca_context_set_property(yaca_context_h ctx, yaca_property_e property, const void *value, size_t value_len); + /** - * @brief Returns the non-standard context properties. Can only be called on an - * initialized context. - * + * @brief Returns the non-standard context properties. Can only be called on an initialized context. * @since_tizen 3.0 - * - * @remarks The @a value should be freed using yaca_free(). - * - * @remarks The @a value has to be of type appropriate for given property. See #yaca_property_e - * for details on corresponding types. - * - * @remarks The @a value_len can be NULL if returned @a value is a single object - * (i.e. not an array/buffer). - * - * @param[in] ctx Previously initialized crypto context - * @param[in] property Property to be read - * @param[out] value Copy of the property value - * @param[out] value_len Length of the property value will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a value should be freed using yaca_free(). + * @remarks The @a value has to be of type appropriate for given property. See #yaca_property_e + * for details on corresponding types. + * @remarks The @a value_len can be NULL if returned @a value is a single object (i.e. not an array/buffer). + * @param[in] ctx Previously initialized crypto context + * @param[in] property Property to be read + * @param[out] value Copy of the property value + * @param[out] value_len Length of the property value will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx or @a property) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_property_e * @see yaca_context_set_property() * @see yaca_free() */ -int yaca_context_get_property(const yaca_context_h ctx, - yaca_property_e property, - void **value, - size_t *value_len); +int yaca_context_get_property(const yaca_context_h ctx, yaca_property_e property, void **value, size_t *value_len); + /** - * @brief Returns the minimum required size of the output buffer for a single crypto function call. - * + * @brief Returns the minimum required size of the output buffer for a single crypto function call. * @since_tizen 3.0 - * - * @remarks This function should be used to learn the required size of the output buffer - * for a single function call (eg. *_update or *_finalize). The actual output length - * (number of bytes that has been used) will be returned by the function call itself. - * - * @remarks In case the function call has no output (e.g. yaca_sign_update(), - * yaca_digest_update()), there is no need to use this function. - * - * @remarks In case the function call has no input (eg. *_finalize), the value of - * @a input_len has to be set to 0. - * - * @param[in] ctx Previously initialized crypto context - * @param[in] input_len Length of the input data to be processed - * @param[out] output_len Required length of the output - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks This function should be used to learn the required size of the output buffer + * for a single function call (eg. *_update or *_finalize). The actual output length + * (number of bytes that has been used) will be returned by the function call itself. + * @remarks In case the function call has no output (e.g. yaca_sign_update(), + * yaca_digest_update()), there is no need to use this function. + * @remarks In case the function call has no input (eg. *_finalize), the value of + * @a input_len has to be set to 0. + * @param[in] ctx Previously initialized crypto context + * @param[in] input_len Length of the input data to be processed + * @param[out] output_len Required length of the output + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx or too big @a input_len) * @retval #YACA_ERROR_INTERNAL Internal error */ -int yaca_context_get_output_length(const yaca_context_h ctx, - size_t input_len, - size_t *output_len); +int yaca_context_get_output_length(const yaca_context_h ctx, size_t input_len, size_t *output_len); + /** - * @brief Destroys the crypto context. Must be called on all contexts that are - * no longer used. Passing #YACA_CONTEXT_NULL is allowed. - * + * @brief Destroys the crypto context. Must be called on all contexts that are no longer used. + * Passing #YACA_CONTEXT_NULL is allowed. * @since_tizen 3.0 - * * @param[in,out] ctx Crypto context - * * @see #yaca_context_h - * */ void yaca_context_destroy(yaca_context_h ctx); + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_CRYPTO_H */ diff --git a/api/yaca/yaca_digest.h b/api/yaca/yaca_digest.h index 8d3bd02..377f85b 100644 --- a/api/yaca/yaca_digest.h +++ b/api/yaca/yaca_digest.h @@ -16,43 +16,45 @@ * limitations under the License */ + /** - * @file yaca_digest.h - * @brief Advanced API for the message digests. + * @file yaca_digest.h + * @brief Advanced API for the message digests. */ + #ifndef YACA_DIGEST_H #define YACA_DIGEST_H + #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_INTEGRITY_MODULE * @{ */ + /** - * @brief Initializes a digest context. - * + * @brief Initializes a digest context. * @since_tizen 3.0 - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @param[out] ctx Newly created context - * @param[in] algo Digest algorithm that will be used - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @param[out] ctx Newly created context + * @param[in] algo Digest algorithm that will be used + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_digest_algorithm_e * @see yaca_digest_update() * @see yaca_digest_finalize() @@ -60,58 +62,55 @@ extern "C" { */ int yaca_digest_initialize(yaca_context_h *ctx, yaca_digest_algorithm_e algo); + /** - * @brief Feeds the message into the message digest algorithm. - * + * @brief Feeds the message into the message digest algorithm. * @since_tizen 3.0 - * - * @param[in,out] ctx Context created by yaca_digest_initialize() - * @param[in] message Message from which the digest is to be calculated - * @param[in] message_len Length of the message - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in,out] ctx Context created by yaca_digest_initialize() + * @param[in] message Message from which the digest is to be calculated + * @param[in] message_len Length of the message + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_digest_initialize() * @see yaca_digest_finalize() */ int yaca_digest_update(yaca_context_h ctx, const char *message, size_t message_len); + /** - * @brief Calculates the final digest. - * + * @brief Calculates the final digest. * @since_tizen 3.0 - * - * @remarks Skipping yaca_digest_update() and calling only yaca_digest_finalize() will produce an - * empty message digest. - * - * @param[in,out] ctx A valid digest context - * @param[out] digest Buffer for the message digest - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] digest_len Length of the digest, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Skipping yaca_digest_update() and calling only yaca_digest_finalize() will produce an empty message digest. + * @param[in,out] ctx A valid digest context + * @param[out] digest Buffer for the message digest + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] digest_len Length of the digest, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_digest_initialize() * @see yaca_digest_update() * @see yaca_context_get_output_length() */ int yaca_digest_finalize(yaca_context_h ctx, char *digest, size_t *digest_len); + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_DIGEST_H */ diff --git a/api/yaca/yaca_encrypt.h b/api/yaca/yaca_encrypt.h index 4031f2c..ba2de37 100644 --- a/api/yaca/yaca_encrypt.h +++ b/api/yaca/yaca_encrypt.h @@ -16,238 +16,201 @@ * limitations under the License */ + /** - * @file yaca_encrypt.h - * @brief Advanced API for the symmetric encryption. + * @file yaca_encrypt.h + * @brief Advanced API for the symmetric encryption. */ + #ifndef YACA_ENCRYPT_H #define YACA_ENCRYPT_H + #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_ENCRYPTION_MODULE * @{ */ + /** - * @brief Returns the recommended/default length of the Initialization Vector - * for a given encryption configuration. - * + * @brief Returns the recommended/default length of the Initialization Vector for a given encryption configuration. * @since_tizen 3.0 - * - * @remarks If returned @a iv_bit_len equals 0 that means that for this - * specific algorithm and its parameters Initialization Vector is not used. - * - * @param[in] algo Encryption algorithm - * @param[in] bcm Chain mode - * @param[in] key_bit_len Key length in bits - * @param[out] iv_bit_len Recommended Initialization Vector length in bits - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks If returned @a iv_bit_len equals 0 that means that for this + * specific algorithm and its parameters Initialization Vector is not used. + * @param[in] algo Encryption algorithm + * @param[in] bcm Chain mode + * @param[in] key_bit_len Key length in bits + * @param[out] iv_bit_len Recommended Initialization Vector length in bits + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo, @a bcm or @a key_bit_len) * @retval #YACA_ERROR_INTERNAL Internal error - * */ -int yaca_encrypt_get_iv_bit_length(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t key_bit_len, - size_t *iv_bit_len); +int yaca_encrypt_get_iv_bit_length(yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, size_t key_bit_len, size_t *iv_bit_len); + /** - * @brief Initializes an encryption context. - * + * @brief Initializes an encryption context. * @since_tizen 3.0 - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @param[out] ctx Newly created context - * @param[in] algo Encryption algorithm that will be used - * @param[in] bcm Chaining mode that will be used - * @param[in] sym_key Symmetric key that will be used - * @param[in] iv Initialization Vector that will be used - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @param[out] ctx Newly created context + * @param[in] algo Encryption algorithm that will be used + * @param[in] bcm Chaining mode that will be used + * @param[in] sym_key Symmetric key that will be used + * @param[in] iv Initialization Vector that will be used + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo, @a bcm, @a sym_key or @a iv) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_encrypt_algorithm_e * @see #yaca_block_cipher_mode_e * @see yaca_encrypt_update() * @see yaca_encrypt_finalize() * @see yaca_context_destroy() */ -int yaca_encrypt_initialize(yaca_context_h *ctx, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv); +int yaca_encrypt_initialize(yaca_context_h *ctx, yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, const yaca_key_h sym_key, const yaca_key_h iv); + /** - * @brief Encrypts chunk of the data. - * + * @brief Encrypts chunk of the data. * @since_tizen 3.0 - * - * @param[in,out] ctx Context created by yaca_encrypt_initialize() - * @param[in] plaintext Plaintext to be encrypted - * @param[in] plaintext_len Length of the plaintext - * @param[out] ciphertext Buffer for the encrypted data - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] ciphertext_len Length of the encrypted data, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in,out] ctx Context created by yaca_encrypt_initialize() + * @param[in] plaintext Plaintext to be encrypted + * @param[in] plaintext_len Length of the plaintext + * @param[out] ciphertext Buffer for the encrypted data + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] ciphertext_len Length of the encrypted data, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_encrypt_initialize() * @see yaca_encrypt_finalize() * @see yaca_context_get_output_length() */ -int yaca_encrypt_update(yaca_context_h ctx, - const char *plaintext, - size_t plaintext_len, - char *ciphertext, - size_t *ciphertext_len); +int yaca_encrypt_update(yaca_context_h ctx, const char *plaintext, size_t plaintext_len, char *ciphertext, size_t *ciphertext_len); + /** - * @brief Encrypts the final chunk of the data. - * - * @remarks Skipping yaca_encrypt_update() and calling only yaca_encrypt_finalize() will produce an - * encryption of an empty message. - * + * @brief Encrypts the final chunk of the data. * @since_tizen 3.0 - * - * @param[in,out] ctx A valid encrypt context - * @param[out] ciphertext Final piece of the encrypted data - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] ciphertext_len Length of the final piece, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Skipping yaca_encrypt_update() and calling only yaca_encrypt_finalize() will produce an encryption of an empty message. + * @param[in,out] ctx A valid encrypt context + * @param[out] ciphertext Final piece of the encrypted data + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] ciphertext_len Length of the final piece, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_encrypt_initialize() * @see yaca_encrypt_update() * @see yaca_context_get_output_length() */ -int yaca_encrypt_finalize(yaca_context_h ctx, - char *ciphertext, - size_t *ciphertext_len); +int yaca_encrypt_finalize(yaca_context_h ctx, char *ciphertext, size_t *ciphertext_len); + /** - * @brief Initializes an decryption context. - * + * @brief Initializes an decryption context. * @since_tizen 3.0 - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @param[out] ctx Newly created context - * @param[in] algo Encryption algorithm that was used to encrypt the data - * @param[in] bcm Chaining mode that was used to encrypt the data - * @param[in] sym_key Symmetric key that was used to encrypt the data - * @param[in] iv Initialization Vector that was used to encrypt the data - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @param[out] ctx Newly created context + * @param[in] algo Encryption algorithm that was used to encrypt the data + * @param[in] bcm Chaining mode that was used to encrypt the data + * @param[in] sym_key Symmetric key that was used to encrypt the data + * @param[in] iv Initialization Vector that was used to encrypt the data + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo, @a bcm, @a sym_key or @a iv) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_encrypt_algorithm_e * @see #yaca_block_cipher_mode_e * @see yaca_decrypt_update() * @see yaca_decrypt_finalize() * @see yaca_context_destroy() */ -int yaca_decrypt_initialize(yaca_context_h *ctx, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv); +int yaca_decrypt_initialize(yaca_context_h *ctx, yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, const yaca_key_h sym_key, const yaca_key_h iv); + /** - * @brief Decrypts chunk of the data. - * + * @brief Decrypts chunk of the data. * @since_tizen 3.0 - * - * @param[in,out] ctx Context created by yaca_decrypt_initialize() - * @param[in] ciphertext Ciphertext to be decrypted - * @param[in] ciphertext_len Length of the ciphertext - * @param[out] plaintext Buffer for the decrypted data - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] plaintext_len Length of the decrypted data, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in,out] ctx Context created by yaca_decrypt_initialize() + * @param[in] ciphertext Ciphertext to be decrypted + * @param[in] ciphertext_len Length of the ciphertext + * @param[out] plaintext Buffer for the decrypted data + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] plaintext_len Length of the decrypted data, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a ctx), wrong #YACA_PROPERTY_CCM_AAD or * wrong #YACA_PROPERTY_CCM_TAG was used * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_decrypt_initialize() * @see yaca_decrypt_finalize() * @see yaca_context_get_output_length() */ -int yaca_decrypt_update(yaca_context_h ctx, - const char *ciphertext, - size_t ciphertext_len, - char *plaintext, - size_t *plaintext_len); +int yaca_decrypt_update(yaca_context_h ctx, const char *ciphertext, size_t ciphertext_len, char *plaintext, size_t *plaintext_len); + /** - * @brief Decrypts the final chunk of the data. - * - * @remarks Skipping yaca_decrypt_update() and calling only yaca_decrypt_finalize() will produce a - * decryption of an empty ciphertext. - * + * @brief Decrypts the final chunk of the data. * @since_tizen 3.0 - * - * @param[in,out] ctx A valid decrypt context - * @param[out] plaintext Final piece of the decrypted data - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] plaintext_len Length of the final piece, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Skipping yaca_decrypt_update() and calling only yaca_decrypt_finalize() will produce a decryption of an empty ciphertext. + * @param[in,out] ctx A valid decrypt context + * @param[out] plaintext Final piece of the decrypted data + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] plaintext_len Length of the final piece, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx), wrong #YACA_PROPERTY_GCM_AAD or * wrong #YACA_PROPERTY_GCM_TAG was used * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_decrypt_initialize() * @see yaca_decrypt_update() * @see yaca_context_get_output_length() */ -int yaca_decrypt_finalize(yaca_context_h ctx, - char *plaintext, - size_t *plaintext_len); +int yaca_decrypt_finalize(yaca_context_h ctx, char *plaintext, size_t *plaintext_len); + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_ENCRYPT_H */ diff --git a/api/yaca/yaca_error.h b/api/yaca/yaca_error.h index c571485..d8909ec 100644 --- a/api/yaca/yaca_error.h +++ b/api/yaca/yaca_error.h @@ -16,65 +16,67 @@ * limitations under the License */ + /** - * @file yaca_error.h - * @brief Error enums and defines. + * @file yaca_error.h + * @brief Error enums and defines. */ -#ifdef CAPI_BASE_COMMON_PRESENT -#include -#else -#include -#define TIZEN_ERROR_NONE 0 -#define TIZEN_ERROR_INVALID_PARAMETER -EINVAL -#define TIZEN_ERROR_OUT_OF_MEMORY -ENOMEM -#endif #ifndef YACA_ERROR_H #define YACA_ERROR_H + +#include + + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_ENCRYPTION_MODULE * @{ */ + /* @cond Define it temporarily until this code goes into capi-base-common package */ #ifndef TIZEN_ERROR_YACA #define TIZEN_ERROR_YACA -0x01E30000 #endif /* @endcond */ + /** - * @brief Enumeration of YACA error values. - * + * @brief Enumeration for YACA error values. * @since_tizen 3.0 */ typedef enum { /** Successful */ - YACA_ERROR_NONE = TIZEN_ERROR_NONE, + YACA_ERROR_NONE = TIZEN_ERROR_NONE, /** Invalid function parameter */ - YACA_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, + YACA_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, /** Out of memory */ - YACA_ERROR_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, + YACA_ERROR_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, /** Internal error */ - YACA_ERROR_INTERNAL = TIZEN_ERROR_YACA | 0x01, + YACA_ERROR_INTERNAL = TIZEN_ERROR_YACA | 0x01, /** Data mismatch */ - YACA_ERROR_DATA_MISMATCH = TIZEN_ERROR_YACA | 0x02, + YACA_ERROR_DATA_MISMATCH = TIZEN_ERROR_YACA | 0x02, /** Invalid password */ - YACA_ERROR_INVALID_PASSWORD = TIZEN_ERROR_YACA | 0x03 + YACA_ERROR_INVALID_PASSWORD = TIZEN_ERROR_YACA | 0x03 } yaca_error_e; + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_ERROR_H */ diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h index 5c87944..f946534 100644 --- a/api/yaca/yaca_key.h +++ b/api/yaca/yaca_key.h @@ -16,115 +16,105 @@ * limitations under the License */ + /** - * @file yaca_key.h - * @brief Advanced API for the key and Initialization Vector handling. + * @file yaca_key.h + * @brief Advanced API for the key and Initialization Vector handling. */ + #ifndef YACA_KEY_H #define YACA_KEY_H + #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_KEY_MODULE * @{ */ + /** - * @brief NULL value for yaca_key_h type. - * + * @brief Definition for NULL value for yaca_key_h type. * @since_tizen 3.0 */ #define YACA_KEY_NULL ((yaca_key_h) NULL) + /** - * @brief Gets key's type. - * + * @brief Gets key's type. * @since_tizen 3.0 - * - * @param[in] key Key which type we return - * @param[out] key_type Key type - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in] key Key which type we return + * @param[out] key_type Key type + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Either of the params is NULL - * * @see #yaca_key_type_e */ int yaca_key_get_type(const yaca_key_h key, yaca_key_type_e *key_type); + /** - * @brief Gets key's length (in bits). - * + * @brief Gets key's length (in bits). * @since_tizen 3.0 - * - * @remarks The @a key can be any symmetric (including an Initialization Vector) or - * asymmetric key (including key generation parameters). - * - * @remarks For Diffie-Helmann @a key_bit_len returns prime length in bits. Values - * used to generate the key/parameters in yaca_key_generate() are not - * restored. Neither generator number nor values from #yaca_key_bit_length_dh_rfc_e. - * - * @remarks For Elliptic Curves @a key_bit_len returns values from #yaca_key_bit_length_ec_e. - * - * @param[in] key Key which length we return - * @param[out] key_bit_len Key length in bits - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a key can be any symmetric (including an Initialization Vector) or + * asymmetric key (including key generation parameters). + * @remarks For Diffie-Helmann @a key_bit_len returns prime length in bits. Values + * used to generate the key/parameters in yaca_key_generate() are not + * restored. Neither generator number nor values from #yaca_key_bit_length_dh_rfc_e. + * @remarks For Elliptic Curves @a key_bit_len returns values from #yaca_key_bit_length_ec_e. + * @param[in] key Key which length we return + * @param[out] key_bit_len Key length in bits + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Either of the params is NULL * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_bit_length_e * @see #yaca_key_bit_length_dh_rfc_e * @see #yaca_key_bit_length_ec_e */ int yaca_key_get_bit_length(const yaca_key_h key, size_t *key_bit_len); + /** - * @brief Imports a key or key generation parameters. - * + * @brief Imports a key or key generation parameters. * @since_tizen 3.0 - * - * @remarks Everywhere where either a key (of any type) or an asymmetric key is referred - * in the documentation of this function key generator parameters are also included. - * - * @remarks This function imports a key trying to match it to the @a key_type specified. - * It should autodetect both the key format and the file format. - * - * @remarks For symmetric, Initialization Vector and DES keys RAW binary format and BASE64 encoded - * binary format are supported. - * For asymmetric keys PEM and DER file formats are supported. - * - * @remarks Asymmetric keys can be in their default ASN1 structure formats (like - * PKCS#1, SSleay or PKCS#3). Private asymmetric keys can also be in - * PKCS#8 format. Additionally it is possible to import public RSA/DSA/EC - * keys from X509 certificate. - * - * @remarks If the key is encrypted the algorithm will be autodetected and password - * used. If it's not known if the key is encrypted one should pass NULL as - * password and check for the #YACA_ERROR_INVALID_PASSWORD return code. - * - * @remarks If the imported key will be detected as a format that does not support - * encryption and password was passed #YACA_ERROR_INVALID_PARAMETER will - * be returned. For a list of keys and formats that do support encryption - * see yaca_key_export() documentation. - * - * @remarks The @a key should be released using yaca_key_destroy(). - * - * @param[in] key_type Type of the key - * @param[in] password Null-terminated password for the key (can be NULL) - * @param[in] data Blob containing the key - * @param[in] data_len Size of the blob - * @param[out] key Returned key - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Everywhere where either a key (of any type) or an asymmetric key is referred + * in the documentation of this function key generator parameters are also included. + * @remarks This function imports a key trying to match it to the @a key_type specified. + * It should autodetect both the key format and the file format. + * @remarks For symmetric, Initialization Vector and DES keys RAW binary format and BASE64 encoded + * binary format are supported. + * For asymmetric keys PEM and DER file formats are supported. + * @remarks Asymmetric keys can be in their default ASN1 structure formats (like + * PKCS#1, SSleay or PKCS#3). Private asymmetric keys can also be in + * PKCS#8 format. Additionally it is possible to import public RSA/DSA/EC + * keys from X509 certificate. + * @remarks If the key is encrypted the algorithm will be autodetected and password + * used. If it's not known if the key is encrypted one should pass NULL as + * password and check for the #YACA_ERROR_INVALID_PASSWORD return code. + * @remarks If the imported key will be detected as a format that does not support + * encryption and password was passed #YACA_ERROR_INVALID_PARAMETER will + * be returned. For a list of keys and formats that do support encryption + * see yaca_key_export() documentation. + * @remarks The @a key should be released using yaca_key_destroy(). + * @param[in] key_type Type of the key + * @param[in] password Null-terminated password for the key (can be NULL) + * @param[in] data Blob containing the key + * @param[in] data_len Size of the blob + * @param[out] key Returned key + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a key_type or @a data_len too big) @@ -132,110 +122,86 @@ int yaca_key_get_bit_length(const yaca_key_h key, size_t *key_bit_len); * @retval #YACA_ERROR_INTERNAL Internal error * @retval #YACA_ERROR_INVALID_PASSWORD Invalid @a password given or @a password was required * and none was given - * * @see #yaca_key_type_e * @see yaca_key_export() * @see yaca_key_destroy() */ -int yaca_key_import(yaca_key_type_e key_type, - const char *password, - const char *data, - size_t data_len, - yaca_key_h *key); +int yaca_key_import(yaca_key_type_e key_type, const char *password, const char *data, size_t data_len, yaca_key_h *key); + /** - * @brief Exports a key or key generation parameters to arbitrary format. - * + * @brief Exports a key or key generation parameters to arbitrary format. * @since_tizen 3.0 - * - * @remarks Everywhere where either a key (of any type) or an asymmetric key is referred - * in the documentation of this function key generator parameters are also included. - * - * @remarks This function exports the key to an arbitrary key format and key file format. - * - * @remarks For key formats two values are allowed: - * - #YACA_KEY_FORMAT_DEFAULT: this is the only option possible in case of symmetric keys - * (or Initialization Vector), for asymmetric keys it will - * export to their default ASN1 structure format - * (e.g. PKCS#1, SSLeay, PKCS#3). - * - #YACA_KEY_FORMAT_PKCS8: this will only work for private asymmetric keys. - * - * @remarks The following file formats are supported: - * - #YACA_KEY_FILE_FORMAT_RAW: used only for symmetric, raw binary format - * - #YACA_KEY_FILE_FORMAT_BASE64: used only for symmetric, BASE64 encoded binary form - * - #YACA_KEY_FILE_FORMAT_PEM: used only for asymmetric, PEM file format - * - #YACA_KEY_FILE_FORMAT_DER: used only for asymmetric, DER file format - * - * @remarks Encryption is supported and optional for RSA/DSA private keys in the - * #YACA_KEY_FORMAT_DEFAULT with #YACA_KEY_FILE_FORMAT_PEM format. If no password is - * provided the exported key will be unencrypted. The encryption algorithm used - * in this case is AES-256-CBC. - * - * @remarks Encryption is obligatory for #YACA_KEY_FORMAT_PKCS8 format (for both, PEM and DER - * file formats). If no password is provided the #YACA_ERROR_INVALID_PARAMETER will - * be returned. The encryption algorithm used in this case is AES-256-CBC. The key is - * generated from password using PBKDF2 with HMAC-SHA1 function and 2048 iterations. - * - * @remarks Encryption is not supported for the symmetric, public keys and key generation - * parameters in all their supported formats. If a password is provided in such - * case the #YACA_ERROR_INVALID_PARAMETER will be returned. - * - * @param[in] key Key to be exported - * @param[in] key_fmt Format of the key - * @param[in] key_file_fmt Format of the key file - * @param[in] password Password used for the encryption (can be NULL) - * @param[out] data Data, allocated by the library, containing exported key - * (must be freed with yaca_free()) - * @param[out] data_len Size of the output data - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Everywhere where either a key (of any type) or an asymmetric key is referred + * in the documentation of this function key generator parameters are also included. + * @remarks This function exports the key to an arbitrary key format and key file format. + * @remarks For key formats two values are allowed: + * - #YACA_KEY_FORMAT_DEFAULT: this is the only option possible in case of symmetric keys + * (or Initialization Vector), for asymmetric keys it will + * export to their default ASN1 structure format + * (e.g. PKCS#1, SSLeay, PKCS#3). + * - #YACA_KEY_FORMAT_PKCS8: this will only work for private asymmetric keys. + * @remarks The following file formats are supported: + * - #YACA_KEY_FILE_FORMAT_RAW: used only for symmetric, raw binary format + * - #YACA_KEY_FILE_FORMAT_BASE64: used only for symmetric, BASE64 encoded binary form + * - #YACA_KEY_FILE_FORMAT_PEM: used only for asymmetric, PEM file format + * - #YACA_KEY_FILE_FORMAT_DER: used only for asymmetric, DER file format + * @remarks Encryption is supported and optional for RSA/DSA private keys in the + * #YACA_KEY_FORMAT_DEFAULT with #YACA_KEY_FILE_FORMAT_PEM format. If no password is + * provided the exported key will be unencrypted. The encryption algorithm used + * in this case is AES-256-CBC. + * @remarks Encryption is obligatory for #YACA_KEY_FORMAT_PKCS8 format (for both, PEM and DER + * file formats). If no password is provided the #YACA_ERROR_INVALID_PARAMETER will + * be returned. The encryption algorithm used in this case is AES-256-CBC. The key is + * generated from password using PBKDF2 with HMAC-SHA1 function and 2048 iterations. + * @remarks Encryption is not supported for the symmetric, public keys and key generation + * parameters in all their supported formats. If a password is provided in such + * case the #YACA_ERROR_INVALID_PARAMETER will be returned. + * @param[in] key Key to be exported + * @param[in] key_fmt Format of the key + * @param[in] key_file_fmt Format of the key file + * @param[in] password Password used for the encryption (can be NULL) + * @param[out] data Data, allocated by the library, containing exported key + * (must be freed with yaca_free()) + * @param[out] data_len Size of the output data + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a key_fmt, @a key_file_fmt or @a data_len too big) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_format_e * @see #yaca_key_file_format_e * @see yaca_key_import() * @see yaca_key_destroy() */ -int yaca_key_export(const yaca_key_h key, - yaca_key_format_e key_fmt, - yaca_key_file_format_e key_file_fmt, - const char *password, - char **data, - size_t *data_len); +int yaca_key_export(const yaca_key_h key, yaca_key_format_e key_fmt, yaca_key_file_format_e key_file_fmt, const char *password, char **data, size_t *data_len); + /** - * @brief Generates a secure key or key generation parameters (or an Initialization Vector). - * + * @brief Generates a secure key or key generation parameters (or an Initialization Vector). * @since_tizen 3.0 - * - * @remarks This function is used to generate symmetric keys, private asymmetric keys - * or key generation parameters for key types that support them (DSA, DH and EC). - * - * @remarks Supported key lengths: - * - RSA: length >= 512bits - * - DSA: length >= 512bits, multiple of 64 - * - DH: a value taken from #yaca_key_bit_length_dh_rfc_e or - * (YACA_KEY_LENGTH_DH_GENERATOR_* | prime_length_in_bits), - * where prime_length_in_bits can be any positive number - * - EC: a value taken from #yaca_key_bit_length_ec_e - * - * @remarks The @a key should be released using yaca_key_destroy(). - * - * @param[in] key_type Type of the key to be generated - * @param[in] key_bit_len Length of the key (in bits) to be generated - * @param[out] key Newly generated key - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks This function is used to generate symmetric keys, private asymmetric keys + * or key generation parameters for key types that support them (DSA, DH and EC). + * @remarks Supported key lengths: + * - RSA: length >= 512bits + * - DSA: length >= 512bits, multiple of 64 + * - DH: a value taken from #yaca_key_bit_length_dh_rfc_e or + * (YACA_KEY_LENGTH_DH_GENERATOR_* | prime_length_in_bits), + * where prime_length_in_bits can be any positive number + * - EC: a value taken from #yaca_key_bit_length_ec_e + * @remarks The @a key should be released using yaca_key_destroy(). + * @param[in] key_type Type of the key to be generated + * @param[in] key_bit_len Length of the key (in bits) to be generated + * @param[out] key Newly generated key + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER @a key is NULL, incorrect @a key_type or * @a key_bit_len is not dividable by 8 * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_key_bit_length_e * @see #yaca_key_bit_length_dh_rfc_e @@ -244,73 +210,61 @@ int yaca_key_export(const yaca_key_h key, * @see #yaca_key_bit_length_ec_e * @see yaca_key_destroy() */ -int yaca_key_generate(yaca_key_type_e key_type, - size_t key_bit_len, - yaca_key_h *key); +int yaca_key_generate(yaca_key_type_e key_type, size_t key_bit_len, yaca_key_h *key); + /** - * @brief Generates a secure private asymmetric key from parameters. - * + * @brief Generates a secure private asymmetric key from parameters. * @since_tizen 3.0 - * - * @remarks This function is used to generate private asymmetric keys - * based on pre-generated parameters. - * - * @remarks The @a key should be released using yaca_key_destroy(). - * - * @param[in] params Pre-generated parameters - * @param[out] prv_key Newly generated private key - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks This function is used to generate private asymmetric keys + * based on pre-generated parameters. + * @remarks The @a key should be released using yaca_key_destroy(). + * @param[in] params Pre-generated parameters + * @param[out] prv_key Newly generated private key + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER @a prv_key is NULL or incorrect @a params * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_key_destroy() * @see yaca_key_generate() * @see yaca_key_extract_parameters() */ int yaca_key_generate_from_parameters(const yaca_key_h params, yaca_key_h *prv_key); + /** - * @brief Extracts public key from a private one. - * + * @brief Extracts public key from a private one. * @since_tizen 3.0 - * - * @remarks The @a pub_key should be released using yaca_key_destroy(). - * - * @param[in] prv_key Private key to extract the public one from - * @param[out] pub_key Extracted public key - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a pub_key should be released using yaca_key_destroy(). + * @param[in] prv_key Private key to extract the public one from + * @param[out] pub_key Extracted public key + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER @a prv_key is of invalid type or @a pub_key is NULL * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_key_generate() * @see yaca_key_import() * @see yaca_key_destroy() */ int yaca_key_extract_public(const yaca_key_h prv_key, yaca_key_h *pub_key); + /** - * @brief Extracts parameters from a private or a public key. - * + * @brief Extracts parameters from a private or a public key. * @since_tizen 3.0 - * - * @remarks The @a params should be released using yaca_key_destroy(). - * - * @param[in] key A key to extract the parameters from - * @param[out] params Extracted parameters - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a params should be released using yaca_key_destroy(). + * @param[in] key A key to extract the parameters from + * @param[out] params Extracted parameters + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER @a key is of invalid type or @a params is NULL * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_key_generate() * @see yaca_key_generate_from_parameters() * @see yaca_key_import() @@ -318,134 +272,107 @@ int yaca_key_extract_public(const yaca_key_h prv_key, yaca_key_h *pub_key); */ int yaca_key_extract_parameters(const yaca_key_h key, yaca_key_h *params); + /** - * @brief Derives a shared secret using Diffie-Helmann or EC Diffie-Helmann key exchange protocol. - * + * @brief Derives a shared secret using Diffie-Helmann or EC Diffie-Helmann key exchange protocol. * @since_tizen 3.0 - * - * @remarks The @a secret should not be used as a symmetric key, - * to produce a symmetric key pass the secret to a key derivation function (KDF) - * or a message digest function. - * - * @remarks The @a secret should be freed with yaca_free(). - * - * @param[in] prv_key Our private key - * @param[in] pub_key Peer public key - * @param[out] secret Generated shared secret - * @param[out] secret_len Size of the shared secret - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a secret should not be used as a symmetric key, + * to produce a symmetric key pass the secret to a key derivation function (KDF) + * or a message digest function. + * @remarks The @a secret should be freed with yaca_free(). + * @param[in] prv_key Our private key + * @param[in] pub_key Peer public key + * @param[out] secret Generated shared secret + * @param[out] secret_len Size of the shared secret + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values * (invalid @a prv_key or @a pub_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_key_derive_kdf() * @see yaca_simple_calculate_digest() * @see yaca_free() */ -int yaca_key_derive_dh(const yaca_key_h prv_key, - const yaca_key_h pub_key, - char **secret, - size_t *secret_len); +int yaca_key_derive_dh(const yaca_key_h prv_key, const yaca_key_h pub_key, char **secret, size_t *secret_len); + /** - * @brief Derives a key material from shared secret. - * + * @brief Derives a key material from shared secret. * @since_tizen 3.0 - * - * @remarks The @a info parameter is ANSI X9.42 OtherInfo or ANSI X9.62 SharedInfo structure, - * more information can be found in ANSI X9.42/62 standard specification. - * - * @remarks The @a key_material or separate parts of it can be used to import a symmetric key - * with yaca_key_import(). - * - * @remarks The @a key_material should be freed using yaca_free(). - * - * @param[in] kdf Key derivation function - * @param[in] algo Digest algorithm that should be used in key derivation - * @param[in] secret Shared secret - * @param[in] secret_len Size of the shared secret - * @param[in] info Optional additional info, use NULL if not appending extra info - * @param[in] info_len Length of additional info, use 0 if not using additional info - * @param[in] key_material_len Length of a key material to be generated - * @param[out] key_material Newly generated key material - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a info parameter is ANSI X9.42 OtherInfo or ANSI X9.62 SharedInfo structure, + * more information can be found in ANSI X9.42/62 standard specification. + * @remarks The @a key_material or separate parts of it can be used to import a symmetric key + * with yaca_key_import(). + * @remarks The @a key_material should be freed using yaca_free(). + * @param[in] kdf Key derivation function + * @param[in] algo Digest algorithm that should be used in key derivation + * @param[in] secret Shared secret + * @param[in] secret_len Size of the shared secret + * @param[in] info Optional additional info, use NULL if not appending extra info + * @param[in] info_len Length of additional info, use 0 if not using additional info + * @param[in] key_material_len Length of a key material to be generated + * @param[out] key_material Newly generated key material + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a algo or @a kdf) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_kdf_e * @see #yaca_digest_algorithm_e * @see yaca_key_derive_dh() * @see yaca_key_import() * @see yaca_free() */ -int yaca_key_derive_kdf(yaca_kdf_e kdf, - yaca_digest_algorithm_e algo, - const char *secret, - size_t secret_len, - const char *info, - size_t info_len, - size_t key_material_len, - char **key_material); +int yaca_key_derive_kdf(yaca_kdf_e kdf, yaca_digest_algorithm_e algo, const char *secret, size_t secret_len, const char *info, size_t info_len, size_t key_material_len, char **key_material); + /** - * @brief Derives a key from user password (PKCS #5 a.k.a. pbkdf2 algorithm). - * + * @brief Derives a key from user password (PKCS #5 a.k.a. pbkdf2 algorithm). * @since_tizen 3.0 - * - * @remarks The @a key should be released using yaca_key_destroy(). - * - * @param[in] password User password as a null-terminated string - * @param[in] salt Salt, should be a non-empty string - * @param[in] salt_len Length of the salt - * @param[in] iterations Number of iterations - * @param[in] algo Digest algorithm that should be used in key generation - * @param[in] key_bit_len Length of a key (in bits) to be generated - * @param[out] key Newly generated key - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a key should be released using yaca_key_destroy(). + * @param[in] password User password as a null-terminated string + * @param[in] salt Salt, should be a non-empty string + * @param[in] salt_len Length of the salt + * @param[in] iterations Number of iterations + * @param[in] algo Digest algorithm that should be used in key generation + * @param[in] key_bit_len Length of a key (in bits) to be generated + * @param[out] key Newly generated key + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a algo or @a key_bit_len not dividable by 8) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_digest_algorithm_e * @see yaca_key_destroy() */ -int yaca_key_derive_pbkdf2(const char *password, - const char *salt, - size_t salt_len, - size_t iterations, - yaca_digest_algorithm_e algo, - size_t key_bit_len, - yaca_key_h *key); +int yaca_key_derive_pbkdf2(const char *password, const char *salt, size_t salt_len, size_t iterations, yaca_digest_algorithm_e algo, size_t key_bit_len, yaca_key_h *key); + /** - * @brief Release the key created by the library. Passing YACA_KEY_NULL is allowed. - * + * @brief Releases the key created by the library. Passing YACA_KEY_NULL is allowed. * @since_tizen 3.0 - * - * @param[in,out] key Key to be released - * + * @param[in,out] key Key to be released * @see yaca_key_import() * @see yaca_key_export() * @see yaca_key_generate() */ void yaca_key_destroy(yaca_key_h key); + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_KEY_H */ diff --git a/api/yaca/yaca_rsa.h b/api/yaca/yaca_rsa.h index a57bfd7..4c226a8 100644 --- a/api/yaca/yaca_rsa.h +++ b/api/yaca/yaca_rsa.h @@ -16,182 +16,150 @@ * limitations under the License */ + /** - * @file yaca_rsa.h - * @brief Advanced API for low-level RSA operations + * @file yaca_rsa.h + * @brief Advanced API for low-level RSA operations. */ + #ifndef YACA_RSA_H #define YACA_RSA_H + #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_RSA_MODULE * @{ */ + /** - * @brief Encrypts data using a RSA public key (low-level encrypt equivalent). - * + * @brief Encrypts data using a RSA public key (low-level encrypt equivalent). * @since_tizen 3.0 - * - * @remarks The @a ciphertext should be freed using yaca_free(). - * - * @remarks The @a pub_key used has to be of a #YACA_KEY_TYPE_RSA_PUB type. - * - * @remarks The maximum length of plaintext depends on the key length and padding method. - * See #yaca_padding_e for details. - * - * @remarks The @a plaintext can be NULL but then the @a plaintext_len must be 0. - * - * @param[in] padding Padding method - * @param[in] pub_key Public RSA key (see yaca_key.h for key generation functions) - * @param[in] plaintext Plaintext to be encrypted - * @param[in] plaintext_len Length of the plaintext - * @param[out] ciphertext Encrypted data, will be allocated by the library - * @param[out] ciphertext_len Length of the encrypted data (may be larger than decrypted) - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a ciphertext should be freed using yaca_free(). + * @remarks The @a pub_key used has to be of a #YACA_KEY_TYPE_RSA_PUB type. + * @remarks The maximum length of plaintext depends on the key length and padding method. + * See #yaca_padding_e for details. + * @remarks The @a plaintext can be NULL but then the @a plaintext_len must be 0. + * @param[in] padding Padding method + * @param[in] pub_key Public RSA key (see yaca_key.h for key generation functions) + * @param[in] plaintext Plaintext to be encrypted + * @param[in] plaintext_len Length of the plaintext + * @param[out] ciphertext Encrypted data, will be allocated by the library + * @param[out] ciphertext_len Length of the encrypted data (may be larger than decrypted) + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a padding, @a pub_key or @a plaintext_len) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_padding_e * @see yaca_rsa_private_decrypt() * @see yaca_free() */ -int yaca_rsa_public_encrypt(yaca_padding_e padding, - const yaca_key_h pub_key, - const char *plaintext, - size_t plaintext_len, - char **ciphertext, - size_t *ciphertext_len); +int yaca_rsa_public_encrypt(yaca_padding_e padding, const yaca_key_h pub_key, const char *plaintext, size_t plaintext_len, char **ciphertext, size_t *ciphertext_len); + /** - * @brief Decrypts data using a RSA private key (low-level decrypt equivalent). - * + * @brief Decrypts data using a RSA private key (low-level decrypt equivalent). * @since_tizen 3.0 - * - * @remarks The @a plaintext should be freed using yaca_free(). - * - * @remarks The @a prv_key used has to be of a #YACA_KEY_TYPE_RSA_PRIV type. - * - * @param[in] padding Padding method - * @param[in] prv_key Private RSA key matching the public one used to encrypt the data - * @param[in] ciphertext Ciphertext to be decrypted - * @param[in] ciphertext_len Length of ciphertext - * @param[out] plaintext Decrypted data, will be allocated by the library - * @param[out] plaintext_len Length of the decrypted data - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a plaintext should be freed using yaca_free(). + * @remarks The @a prv_key used has to be of a #YACA_KEY_TYPE_RSA_PRIV type. + * @param[in] padding Padding method + * @param[in] prv_key Private RSA key matching the public one used to encrypt the data + * @param[in] ciphertext Ciphertext to be decrypted + * @param[in] ciphertext_len Length of ciphertext + * @param[out] plaintext Decrypted data, will be allocated by the library + * @param[out] plaintext_len Length of the decrypted data + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a padding or @a prv_key), padding check failed * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_padding_e * @see yaca_rsa_public_encrypt() * @see yaca_free() */ -int yaca_rsa_private_decrypt(yaca_padding_e padding, - const yaca_key_h prv_key, - const char *ciphertext, - size_t ciphertext_len, - char **plaintext, - size_t *plaintext_len); +int yaca_rsa_private_decrypt(yaca_padding_e padding, const yaca_key_h prv_key, const char *ciphertext, size_t ciphertext_len, char **plaintext, size_t *plaintext_len); + /** - * @brief Encrypts data using a RSA private key (low-level sign equivalent). - * + * @brief Encrypts data using a RSA private key (low-level sign equivalent). * @since_tizen 3.0 - * - * @remarks The @a ciphertext should be freed using yaca_free(). - * - * @remarks The @a prv_key used has to be of a #YACA_KEY_TYPE_RSA_PRIV type. - * - * @remarks The maximum length of plaintext depends on the key length and padding method, - * see #yaca_padding_e for details. - * - * @remarks The @a plaintext can be NULL but then the @a plaintext_len must be 0. - * - * @param[in] padding Padding method - * @param[in] prv_key Private RSA key (see yaca_key.h for key generation functions) - * @param[in] plaintext Plaintext to be encrypted - * @param[in] plaintext_len Length of the plaintext - * @param[out] ciphertext Encrypted data, will be allocated by the library - * @param[out] ciphertext_len Length of the encrypted data (may be larger than decrypted) - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a ciphertext should be freed using yaca_free(). + * @remarks The @a prv_key used has to be of a #YACA_KEY_TYPE_RSA_PRIV type. + * @remarks The maximum length of plaintext depends on the key length and padding method, + * see #yaca_padding_e for details. + * @remarks The @a plaintext can be NULL but then the @a plaintext_len must be 0. + * @param[in] padding Padding method + * @param[in] prv_key Private RSA key (see yaca_key.h for key generation functions) + * @param[in] plaintext Plaintext to be encrypted + * @param[in] plaintext_len Length of the plaintext + * @param[out] ciphertext Encrypted data, will be allocated by the library + * @param[out] ciphertext_len Length of the encrypted data (may be larger than decrypted) + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a padding, @a prv_key or @a plaintext_len) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_padding_e * @see yaca_rsa_public_decrypt() * @see yaca_free() */ -int yaca_rsa_private_encrypt(yaca_padding_e padding, - const yaca_key_h prv_key, - const char *plaintext, - size_t plaintext_len, - char **ciphertext, - size_t *ciphertext_len); +int yaca_rsa_private_encrypt(yaca_padding_e padding, const yaca_key_h prv_key, const char *plaintext, size_t plaintext_len, char **ciphertext, size_t *ciphertext_len); + /** - * @brief Decrypts data using a RSA public key (low-level verify equivalent). - * + * @brief Decrypts data using a RSA public key (low-level verify equivalent). * @since_tizen 3.0 - * - * @remarks The @a plaintext should be freed using yaca_free(). - * - * @remarks The @a pub_key used has to be of a #YACA_KEY_TYPE_RSA_PUB type. - * - * @param[in] padding Padding method - * @param[in] pub_key Public RSA key matching the private one used to encrypt the data - * @param[in] ciphertext Ciphertext to be decrypted - * @param[in] ciphertext_len Length of ciphertext - * @param[out] plaintext Decrypted data, will be allocated by the library - * @param[out] plaintext_len Length of the decrypted data - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a plaintext should be freed using yaca_free(). + * @remarks The @a pub_key used has to be of a #YACA_KEY_TYPE_RSA_PUB type. + * @param[in] padding Padding method + * @param[in] pub_key Public RSA key matching the private one used to encrypt the data + * @param[in] ciphertext Ciphertext to be decrypted + * @param[in] ciphertext_len Length of ciphertext + * @param[out] plaintext Decrypted data, will be allocated by the library + * @param[out] plaintext_len Length of the decrypted data + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a padding or @a pub_key), padding check failed * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_padding_e * @see yaca_rsa_private_encrypt() * @see yaca_free() */ -int yaca_rsa_public_decrypt(yaca_padding_e padding, - const yaca_key_h pub_key, - const char *ciphertext, - size_t ciphertext_len, - char **plaintext, - size_t *plaintext_len); +int yaca_rsa_public_decrypt(yaca_padding_e padding, const yaca_key_h pub_key, const char *ciphertext, size_t ciphertext_len, char **plaintext, size_t *plaintext_len); + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_RSA_H */ diff --git a/api/yaca/yaca_seal.h b/api/yaca/yaca_seal.h index 5db810e..1e08345 100644 --- a/api/yaca/yaca_seal.h +++ b/api/yaca/yaca_seal.h @@ -16,67 +16,62 @@ * limitations under the License */ + /** - * @file yaca_seal.h - * @brief Advanced API for the asymmetric encryption. - * - * @details Seal does more than just encrypt. It first generates the encryption key and - * Initialization Vector, then encrypts whole message using this key - * (and selected symmetric algorithm). - * Finally it encrypts symmetric key with public key. + * @file yaca_seal.h + * @brief Advanced API for the asymmetric encryption. + * @details Seal does more than just encrypt. It first generates the encryption key and + * Initialization Vector, then encrypts whole message using this key + * (and selected symmetric algorithm). + * Finally it encrypts symmetric key with public key. */ + #ifndef YACA_SEAL_H #define YACA_SEAL_H + #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_ENCRYPTION_MODULE * @{ */ + /** - * @brief Initializes an asymmetric encryption context and generates - * symmetric key and Initialization Vector. - * - * @remarks Generated symmetric key is encrypted with public key, - * so can be only used with yaca_open_initialize(). It can be exported, - * but after import it can be only used with yaca_open_initialize() as well. - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @remarks The @a pub_key must be #YACA_KEY_TYPE_RSA_PUB. - * - * @remarks The @a sym_key_bit_len must be at least 88 bits shorter than the @a pub_key bit length. - * - * @remarks The @a sym_key should be released using yaca_key_destroy(). - * - * @remarks The @a iv should be released using yaca_key_destroy(). - * + * @brief Initializes an asymmetric encryption context and generates symmetric key and Initialization Vector. * @since_tizen 3.0 - * - * @param[out] ctx Newly created context - * @param[in] pub_key Public key of the peer that will receive the encrypted data - * @param[in] algo Symmetric algorithm that will be used - * @param[in] bcm Block chaining mode for the symmetric algorithm - * @param[in] sym_key_bit_len Symmetric key length (in bits) that will be generated - * @param[out] sym_key Generated symmetric key that will be used, - * it is encrypted with peer's public key - * @param[out] iv Generated Initialization Vector that will be used - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Generated symmetric key is encrypted with public key, + * so can be only used with yaca_open_initialize(). It can be exported, + * but after import it can be only used with yaca_open_initialize() as well. + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @remarks The @a pub_key must be #YACA_KEY_TYPE_RSA_PUB. + * @remarks The @a sym_key_bit_len must be at least 88 bits shorter than the @a pub_key bit length. + * @remarks The @a sym_key should be released using yaca_key_destroy(). + * @remarks The @a iv should be released using yaca_key_destroy(). + * @param[out] ctx Newly created context + * @param[in] pub_key Public key of the peer that will receive the encrypted data + * @param[in] algo Symmetric algorithm that will be used + * @param[in] bcm Block chaining mode for the symmetric algorithm + * @param[in] sym_key_bit_len Symmetric key length (in bits) that will be generated + * @param[out] sym_key Generated symmetric key that will be used, + * it is encrypted with peer's public key + * @param[out] iv Generated Initialization Vector that will be used + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo, @a bcm, @a sym_key_bit_len or @a pub_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_encrypt_algorithm_e * @see #yaca_block_cipher_mode_e * @see #yaca_key_bit_length_e @@ -86,97 +81,77 @@ extern "C" { * @see yaca_key_destroy() * @see yaca_context_destroy() */ -int yaca_seal_initialize(yaca_context_h *ctx, - const yaca_key_h pub_key, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t sym_key_bit_len, - yaca_key_h *sym_key, - yaca_key_h *iv); +int yaca_seal_initialize(yaca_context_h *ctx, const yaca_key_h pub_key, yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, size_t sym_key_bit_len, + yaca_key_h *sym_key, yaca_key_h *iv); + /** - * @brief Encrypts piece of the data. - * + * @brief Encrypts piece of the data. * @since_tizen 3.0 - * - * @param[in,out] ctx Context created by yaca_seal_initialize() - * @param[in] plaintext Plaintext to be encrypted - * @param[in] plaintext_len Length of the plaintext - * @param[out] ciphertext Buffer for the encrypted data - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] ciphertext_len Length of the encrypted data, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in,out] ctx Context created by yaca_seal_initialize() + * @param[in] plaintext Plaintext to be encrypted + * @param[in] plaintext_len Length of the plaintext + * @param[out] ciphertext Buffer for the encrypted data + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] ciphertext_len Length of the encrypted data, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_seal_initialize() * @see yaca_seal_finalize() * @see yaca_context_get_output_length() */ -int yaca_seal_update(yaca_context_h ctx, - const char *plaintext, - size_t plaintext_len, - char *ciphertext, - size_t *ciphertext_len); +int yaca_seal_update(yaca_context_h ctx, const char *plaintext, size_t plaintext_len, char *ciphertext, size_t *ciphertext_len); + /** - * @brief Encrypts the final piece of the data. - * - * @remarks Skipping yaca_seal_update() and calling only yaca_seal_finalize() will produce an - * encryption of an empty message. - * + * @brief Encrypts the final piece of the data. * @since_tizen 3.0 - * - * @param[in,out] ctx A valid seal context - * @param[out] ciphertext Final piece of the encrypted data - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] ciphertext_len Length of the final piece, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Skipping yaca_seal_update() and calling only yaca_seal_finalize() will produce an + * encryption of an empty message. + * @param[in,out] ctx A valid seal context + * @param[out] ciphertext Final piece of the encrypted data + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] ciphertext_len Length of the final piece, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_seal_initialize() * @see yaca_seal_update() * @see yaca_context_get_output_length() */ -int yaca_seal_finalize(yaca_context_h ctx, - char *ciphertext, - size_t *ciphertext_len); +int yaca_seal_finalize(yaca_context_h ctx, char *ciphertext, size_t *ciphertext_len); + /** - * @brief Initializes an asymmetric decryption context. - * + * @brief Initializes an asymmetric decryption context. * @since_tizen 3.0 - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @remarks The @a prv_key must be #YACA_KEY_TYPE_RSA_PRIV. - * - * @param[out] ctx Newly created context - * @param[in] prv_key Private key, part of the pair that was used for the encryption - * @param[in] algo Symmetric algorithm that was used for the encryption - * @param[in] bcm Block chaining mode for the symmetric algorithm - * @param[in] sym_key_bit_len Symmetric key length (in bits) that was used for the encryption - * @param[in] sym_key Symmetric key, encrypted with the public key, - * that was used to encrypt the data - * @param[in] iv Initialization Vector that was used for the encryption - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @remarks The @a prv_key must be #YACA_KEY_TYPE_RSA_PRIV. + * @param[out] ctx Newly created context + * @param[in] prv_key Private key, part of the pair that was used for the encryption + * @param[in] algo Symmetric algorithm that was used for the encryption + * @param[in] bcm Block chaining mode for the symmetric algorithm + * @param[in] sym_key_bit_len Symmetric key length (in bits) that was used for the encryption + * @param[in] sym_key Symmetric key, encrypted with the public key, + * that was used to encrypt the data + * @param[in] iv Initialization Vector that was used for the encryption + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, invalid * @a algo, @a bcm, @a sym_key_bit_len, @a prv_key, * @a sym_key or @a iv) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_encrypt_algorithm_e * @see #yaca_block_cipher_mode_e * @see #yaca_key_bit_length_e @@ -184,79 +159,66 @@ int yaca_seal_finalize(yaca_context_h ctx, * @see yaca_open_finalize() * @see yaca_context_destroy() */ -int yaca_open_initialize(yaca_context_h *ctx, - const yaca_key_h prv_key, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t sym_key_bit_len, - const yaca_key_h sym_key, - const yaca_key_h iv); +int yaca_open_initialize(yaca_context_h *ctx, const yaca_key_h prv_key, yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, size_t sym_key_bit_len, + const yaca_key_h sym_key, const yaca_key_h iv); + /** - * @brief Decrypts piece of the data. - * + * @brief Decrypts piece of the data. * @since_tizen 3.0 - * - * @param[in,out] ctx Context created by yaca_open_initialize() - * @param[in] ciphertext Ciphertext to be decrypted - * @param[in] ciphertext_len Length of the ciphertext - * @param[out] plaintext Buffer for the decrypted data - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] plaintext_len Length of the decrypted data, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in,out] ctx Context created by yaca_open_initialize() + * @param[in] ciphertext Ciphertext to be decrypted + * @param[in] ciphertext_len Length of the ciphertext + * @param[out] plaintext Buffer for the decrypted data + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] plaintext_len Length of the decrypted data, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a ctx), wrong #YACA_PROPERTY_CCM_AAD or * wrong #YACA_PROPERTY_CCM_TAG was used * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_open_initialize() * @see yaca_open_finalize() * @see yaca_context_get_output_length() */ -int yaca_open_update(yaca_context_h ctx, - const char *ciphertext, - size_t ciphertext_len, - char *plaintext, - size_t *plaintext_len); +int yaca_open_update(yaca_context_h ctx, const char *ciphertext, size_t ciphertext_len, char *plaintext, size_t *plaintext_len); + /** - * @brief Decrypts last chunk of sealed message. - * - * @remarks Skipping yaca_open_update() and calling only yaca_open_finalize() will produce a - * decryption of an empty ciphertext. - * + * @brief Decrypts last chunk of sealed message. * @since_tizen 3.0 - * - * @param[in,out] ctx A valid open context - * @param[out] plaintext Final piece of the decrypted data - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] plaintext_len Length of the final piece, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Skipping yaca_open_update() and calling only yaca_open_finalize() will produce a + * decryption of an empty ciphertext. + * @param[in,out] ctx A valid open context + * @param[out] plaintext Final piece of the decrypted data + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] plaintext_len Length of the final piece, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx), wrong #YACA_PROPERTY_GCM_AAD or * wrong #YACA_PROPERTY_GCM_TAG was used * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_open_initialize() * @see yaca_open_update() * @see yaca_context_get_output_length() */ -int yaca_open_finalize(yaca_context_h ctx, - char *plaintext, - size_t *plaintext_len); +int yaca_open_finalize(yaca_context_h ctx, char *plaintext, size_t *plaintext_len); + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_SEAL_H */ diff --git a/api/yaca/yaca_sign.h b/api/yaca/yaca_sign.h index 0fcbec3..3ac545e 100644 --- a/api/yaca/yaca_sign.h +++ b/api/yaca/yaca_sign.h @@ -16,61 +16,58 @@ * limitations under the License */ + /** - * @file yaca_sign.h - * @brief Advanced API for the integrity handling - HMAC, CMAC and digital signature. + * @file yaca_sign.h + * @brief Advanced API for the integrity handling - HMAC, CMAC and digital signature. */ + #ifndef YACA_SIGN_H #define YACA_SIGN_H + #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_INTEGRITY_MODULE * @{ */ + /** - * @brief Initializes a signature context for asymmetric signatures. - * + * @brief Initializes a signature context for asymmetric signatures. * @since_tizen 3.0 - * - * @remarks For verification use yaca_verify_initialize(), yaca_verify_update() and - * yaca_verify_finalize() functions with matching public key. - * - * @remarks For RSA operations the default padding used is #YACA_PADDING_PKCS1. It can be - * changed using yaca_context_set_property() with #YACA_PROPERTY_PADDING. - * - * @remarks For #YACA_DIGEST_SHA384 and #YACA_DIGEST_SHA512 the RSA key size must be bigger than - * #YACA_KEY_LENGTH_512BIT. - * - * @remarks Using of #YACA_DIGEST_MD5 algorithm for DSA and ECDSA operations is prohibited. - * - * @remarks Using of #YACA_DIGEST_MD5 or #YACA_DIGEST_SHA224 with #YACA_PADDING_X931 is prohibited. - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @param[out] ctx Newly created context - * @param[in] algo Digest algorithm that will be used - * @param[in] prv_key Private key that will be used, algorithm is deduced based - * on key type, supported key types: - * - #YACA_KEY_TYPE_RSA_PRIV, - * - #YACA_KEY_TYPE_DSA_PRIV, - * - #YACA_KEY_TYPE_EC_PRIV - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks For verification use yaca_verify_initialize(), yaca_verify_update() and + * yaca_verify_finalize() functions with matching public key. + * @remarks For RSA operations the default padding used is #YACA_PADDING_PKCS1. It can be + * changed using yaca_context_set_property() with #YACA_PROPERTY_PADDING. + * @remarks For #YACA_DIGEST_SHA384 and #YACA_DIGEST_SHA512 the RSA key size must be bigger than + * #YACA_KEY_LENGTH_512BIT. + * @remarks Using of #YACA_DIGEST_MD5 algorithm for DSA and ECDSA operations is prohibited. + * @remarks Using of #YACA_DIGEST_MD5 or #YACA_DIGEST_SHA224 with #YACA_PADDING_X931 is prohibited. + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @param[out] ctx Newly created context + * @param[in] algo Digest algorithm that will be used + * @param[in] prv_key Private key that will be used, algorithm is deduced based + * on key type, supported key types: + * - #YACA_KEY_TYPE_RSA_PRIV, + * - #YACA_KEY_TYPE_DSA_PRIV, + * - #YACA_KEY_TYPE_EC_PRIV + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo or @a prv_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_digest_algorithm_e * @see #yaca_padding_e @@ -82,33 +79,26 @@ extern "C" { * @see yaca_verify_finalize() * @see yaca_context_destroy() */ -int yaca_sign_initialize(yaca_context_h *ctx, - yaca_digest_algorithm_e algo, - const yaca_key_h prv_key); +int yaca_sign_initialize(yaca_context_h *ctx, yaca_digest_algorithm_e algo, const yaca_key_h prv_key); + /** - * @brief Initializes a signature context for HMAC. - * + * @brief Initializes a signature context for HMAC. * @since_tizen 3.0 - * - * @remarks For verification, calculate message HMAC and compare with received MAC using - * yaca_memcmp(). - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @param[out] ctx Newly created context - * @param[in] algo Digest algorithm that will be used - * @param[in] sym_key Symmetric key that will be used, supported key types: - * - #YACA_KEY_TYPE_SYMMETRIC, - * - #YACA_KEY_TYPE_DES - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks For verification, calculate message HMAC and compare with received MAC using yaca_memcmp(). + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @param[out] ctx Newly created context + * @param[in] algo Digest algorithm that will be used + * @param[in] sym_key Symmetric key that will be used, supported key types: + * - #YACA_KEY_TYPE_SYMMETRIC, + * - #YACA_KEY_TYPE_DES + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo or @a sym_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_digest_algorithm_e * @see yaca_sign_update() @@ -116,33 +106,26 @@ int yaca_sign_initialize(yaca_context_h *ctx, * @see yaca_memcmp() * @see yaca_context_destroy() */ -int yaca_sign_initialize_hmac(yaca_context_h *ctx, - yaca_digest_algorithm_e algo, - const yaca_key_h sym_key); +int yaca_sign_initialize_hmac(yaca_context_h *ctx, yaca_digest_algorithm_e algo, const yaca_key_h sym_key); + /** - * @brief Initializes a signature context for CMAC. - * + * @brief Initializes a signature context for CMAC. * @since_tizen 3.0 - * - * @remarks For verification, calculate message CMAC and compare with received MAC using - * yaca_memcmp(). - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @param[out] ctx Newly created context - * @param[in] algo Encryption algorithm that will be used - * @param[in] sym_key Symmetric key that will be used, supported key types: - * - #YACA_KEY_TYPE_SYMMETRIC, - * - #YACA_KEY_TYPE_DES - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks For verification, calculate message CMAC and compare with received MAC using yaca_memcmp(). + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @param[out] ctx Newly created context + * @param[in] algo Encryption algorithm that will be used + * @param[in] sym_key Symmetric key that will be used, supported key types: + * - #YACA_KEY_TYPE_SYMMETRIC, + * - #YACA_KEY_TYPE_DES + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo or @a sym_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_encrypt_algorithm_e * @see yaca_sign_update() @@ -150,91 +133,76 @@ int yaca_sign_initialize_hmac(yaca_context_h *ctx, * @see yaca_memcmp() * @see yaca_context_destroy() */ -int yaca_sign_initialize_cmac(yaca_context_h *ctx, - yaca_encrypt_algorithm_e algo, - const yaca_key_h sym_key); +int yaca_sign_initialize_cmac(yaca_context_h *ctx, yaca_encrypt_algorithm_e algo, const yaca_key_h sym_key); + /** - * @brief Feeds the message into the digital signature or MAC algorithm. - * + * @brief Feeds the message into the digital signature or MAC algorithm. * @since_tizen 3.0 - * - * @param[in,out] ctx Context created by yaca_sign_initialize(), - * yaca_sign_initialize_hmac() or yaca_sign_initialize_cmac() - * @param[in] message Message to be signed - * @param[in] message_len Length of the message - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in,out] ctx Context created by yaca_sign_initialize(), + * yaca_sign_initialize_hmac() or yaca_sign_initialize_cmac() + * @param[in] message Message to be signed + * @param[in] message_len Length of the message + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_sign_initialize() * @see yaca_sign_finalize() * @see yaca_sign_initialize_hmac() * @see yaca_sign_initialize_cmac() */ -int yaca_sign_update(yaca_context_h ctx, - const char *message, - size_t message_len); +int yaca_sign_update(yaca_context_h ctx, const char *message, size_t message_len); + /** - * @brief Calculates the final signature or MAC. - * + * @brief Calculates the final signature or MAC. * @since_tizen 3.0 - * - * @remarks Skipping yaca_sign_update() and calling only yaca_sign_finalize() will produce a - * signature or MAC of an empty message. - * - * @param[in,out] ctx A valid sign context - * @param[out] signature Buffer for the MAC or the message signature - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] signature_len Length of the MAC or the signature, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Skipping yaca_sign_update() and calling only yaca_sign_finalize() will produce a + * signature or MAC of an empty message. + * @param[in,out] ctx A valid sign context + * @param[out] signature Buffer for the MAC or the message signature + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] signature_len Length of the MAC or the signature, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_sign_initialize() * @see yaca_sign_update() * @see yaca_sign_initialize_hmac() * @see yaca_sign_initialize_cmac() * @see yaca_context_get_output_length() */ -int yaca_sign_finalize(yaca_context_h ctx, - char *signature, - size_t *signature_len); +int yaca_sign_finalize(yaca_context_h ctx, char *signature, size_t *signature_len); + /** - * @brief Initializes a signature verification context for asymmetric signatures. - * + * @brief Initializes a signature verification context for asymmetric signatures. * @since_tizen 3.0 - * - * @remarks For RSA operations the default padding used is #YACA_PADDING_PKCS1. It can be - * changed using yaca_context_set_property() with #YACA_PROPERTY_PADDING. - * For verify to succeed it has to be set to the same value it was signed with. - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @param[out] ctx Newly created context - * @param[in] algo Digest algorithm that will be used - * @param[in] pub_key Public key that will be used, algorithm is deduced based on - * key type, supported key types: - * - #YACA_KEY_TYPE_RSA_PUB, - * - #YACA_KEY_TYPE_DSA_PUB, - * - #YACA_KEY_TYPE_EC_PUB - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks For RSA operations the default padding used is #YACA_PADDING_PKCS1. It can be + * changed using yaca_context_set_property() with #YACA_PROPERTY_PADDING. + * For verify to succeed it has to be set to the same value it was signed with. + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @param[out] ctx Newly created context + * @param[in] algo Digest algorithm that will be used + * @param[in] pub_key Public key that will be used, algorithm is deduced based on + * key type, supported key types: + * - #YACA_KEY_TYPE_RSA_PUB, + * - #YACA_KEY_TYPE_DSA_PUB, + * - #YACA_KEY_TYPE_EC_PUB + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo or @a pub_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_digest_algorithm_e * @see #yaca_padding_e @@ -243,65 +211,57 @@ int yaca_sign_finalize(yaca_context_h ctx, * @see yaca_verify_finalize() * @see yaca_context_destroy() */ -int yaca_verify_initialize(yaca_context_h *ctx, - yaca_digest_algorithm_e algo, - const yaca_key_h pub_key); +int yaca_verify_initialize(yaca_context_h *ctx, yaca_digest_algorithm_e algo, const yaca_key_h pub_key); + /** - * @brief Feeds the message into the digital signature verification algorithm. - * + * @brief Feeds the message into the digital signature verification algorithm. * @since_tizen 3.0 - * - * @param[in,out] ctx Context created by yaca_verify_initialize() - * @param[in] message Message - * @param[in] message_len Length of the message - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in,out] ctx Context created by yaca_verify_initialize() + * @param[in] message Message + * @param[in] message_len Length of the message + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_verify_initialize() * @see yaca_verify_finalize() */ -int yaca_verify_update(yaca_context_h ctx, - const char *message, - size_t message_len); +int yaca_verify_update(yaca_context_h ctx, const char *message, size_t message_len); + /** - * @brief Performs the verification. - * + * @brief Performs the verification. * @since_tizen 3.0 - * - * @remarks Skipping yaca_verify_update() and calling only yaca_verify_finalize() will verify - * the signature of an empty message. - * - * @param[in,out] ctx A valid verify context - * @param[in] signature Message signature to be verified - * @param[in] signature_len Length of the signature - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Skipping yaca_verify_update() and calling only yaca_verify_finalize() will verify + * the signature of an empty message. + * @param[in,out] ctx A valid verify context + * @param[in] signature Message signature to be verified + * @param[in] signature_len Length of the signature + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error * @retval #YACA_ERROR_DATA_MISMATCH The verification failed - * * @see yaca_verify_initialize() * @see yaca_verify_update() * @see yaca_sign_finalize() */ -int yaca_verify_finalize(yaca_context_h ctx, - const char *signature, - size_t signature_len); +int yaca_verify_finalize(yaca_context_h ctx, const char *signature, size_t signature_len); + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_SIGN_H */ diff --git a/api/yaca/yaca_simple.h b/api/yaca/yaca_simple.h index 97a9826..7328c7c 100644 --- a/api/yaca/yaca_simple.h +++ b/api/yaca/yaca_simple.h @@ -16,317 +16,253 @@ * limitations under the License */ + /** - * @file yaca_simple.h - * @brief Simple API. - * - * @details This is simple API. - * Design constraints: - * - All operations are single-shot (no streaming possible) - * - Context is not used - * - Only digest, signatures and symmetric ciphers are supported - * - Disabling PKCS#7 padding for ECB and CBC chaining is not supported - * - Changing the default PKCS#1 padding for sign/verify is not supported - * - GCM and CCM chaining is not supported - * - RC2 effective key bits property is not supported - * - All outputs are allocated by the library + * @file yaca_simple.h + * @brief Simple API. + * @details This is simple API. + * Design constraints: + * - All operations are single-shot (no streaming possible) + * - Context is not used + * - Only digest, signatures and symmetric ciphers are supported + * - Disabling PKCS#7 padding for ECB and CBC chaining is not supported + * - Changing the default PKCS#1 padding for sign/verify is not supported + * - GCM and CCM chaining is not supported + * - RC2 effective key bits property is not supported + * - All outputs are allocated by the library */ + #ifndef YACA_SIMPLE_H #define YACA_SIMPLE_H + #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_SIMPLE_MODULE * @{ */ + /** - * @brief Encrypts data using a symmetric cipher. - * + * @brief Encrypts data using a symmetric cipher. * @since_tizen 3.0 - * - * @remarks yaca_simple_encrypt() doesn't support #YACA_BCM_GCM and #YACA_BCM_CCM. - * - * @remarks The @a ciphertext should be freed using yaca_free(). - * - * @remarks The @a plaintext can be NULL but then @a plaintext_len must be 0. - * - * @param[in] algo Encryption algorithm (select #YACA_ENCRYPT_AES if unsure) - * @param[in] bcm Chaining mode (select #YACA_BCM_CBC if unsure) - * @param[in] sym_key Symmetric encryption key (see yaca_key.h for key generation functions) - * @param[in] iv Initialization Vector - * @param[in] plaintext Plaintext to be encrypted - * @param[in] plaintext_len Length of the plaintext - * @param[out] ciphertext Encrypted data, will be allocated by the library - * @param[out] ciphertext_len Length of the encrypted data (may be larger than decrypted) - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks yaca_simple_encrypt() doesn't support #YACA_BCM_GCM and #YACA_BCM_CCM. + * @remarks The @a ciphertext should be freed using yaca_free(). + * @remarks The @a plaintext can be NULL but then @a plaintext_len must be 0. + * @param[in] algo Encryption algorithm (select #YACA_ENCRYPT_AES if unsure) + * @param[in] bcm Chaining mode (select #YACA_BCM_CBC if unsure) + * @param[in] sym_key Symmetric encryption key (see yaca_key.h for key generation functions) + * @param[in] iv Initialization Vector + * @param[in] plaintext Plaintext to be encrypted + * @param[in] plaintext_len Length of the plaintext + * @param[out] ciphertext Encrypted data, will be allocated by the library + * @param[out] ciphertext_len Length of the encrypted data (may be larger than decrypted) + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a algo, @a bcm, @a sym_key or @a iv) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_encrypt_algorithm_e * @see #yaca_block_cipher_mode_e * @see yaca_simple_decrypt() * @see yaca_free() */ -int yaca_simple_encrypt(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv, - const char *plaintext, - size_t plaintext_len, - char **ciphertext, - size_t *ciphertext_len); +int yaca_simple_encrypt(yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, const yaca_key_h sym_key, const yaca_key_h iv, const char *plaintext, + size_t plaintext_len, char **ciphertext, size_t *ciphertext_len); + /** - * @brief Decrypts data using a symmetric cipher. - * + * @brief Decrypts data using a symmetric cipher. * @since_tizen 3.0 - * - * @remarks yaca_simple_decrypt() doesn't support #YACA_BCM_GCM and #YACA_BCM_CCM. - * - * @remarks The @a plaintext should be freed using yaca_free(). - * - * @remarks The @a ciphertext can be NULL but then @a ciphertext_len must be 0. - * - * @param[in] algo Decryption algorithm that was used to encrypt the data - * @param[in] bcm Chaining mode that was used to encrypt the data - * @param[in] sym_key Symmetric encryption key that was used to encrypt the data - * @param[in] iv Initialization Vector that was used to encrypt the data - * @param[in] ciphertext Ciphertext to be decrypted - * @param[in] ciphertext_len Length of ciphertext - * @param[out] plaintext Decrypted data, will be allocated by the library - * @param[out] plaintext_len Length of the decrypted data - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks yaca_simple_decrypt() doesn't support #YACA_BCM_GCM and #YACA_BCM_CCM. + * @remarks The @a plaintext should be freed using yaca_free(). + * @remarks The @a ciphertext can be NULL but then @a ciphertext_len must be 0. + * @param[in] algo Decryption algorithm that was used to encrypt the data + * @param[in] bcm Chaining mode that was used to encrypt the data + * @param[in] sym_key Symmetric encryption key that was used to encrypt the data + * @param[in] iv Initialization Vector that was used to encrypt the data + * @param[in] ciphertext Ciphertext to be decrypted + * @param[in] ciphertext_len Length of ciphertext + * @param[out] plaintext Decrypted data, will be allocated by the library + * @param[out] plaintext_len Length of the decrypted data + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a algo, @a bcm, @a sym_key or @a iv) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_encrypt_algorithm_e * @see #yaca_block_cipher_mode_e * @see yaca_simple_encrypt() * @see yaca_free() */ -int yaca_simple_decrypt(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv, - const char *ciphertext, - size_t ciphertext_len, - char **plaintext, - size_t *plaintext_len); +int yaca_simple_decrypt(yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, const yaca_key_h sym_key, const yaca_key_h iv, const char *ciphertext, + size_t ciphertext_len, char **plaintext, size_t *plaintext_len); + /** - * @brief Calculates a digest of a message. - * + * @brief Calculates a digest of a message. * @since_tizen 3.0 - * - * @remarks The @a digest should be freed using yaca_free(). - * - * @remarks The @a message can be NULL but then @a message_len must be 0. - * - * @param[in] algo Digest algorithm (select #YACA_DIGEST_SHA256 if unsure) - * @param[in] message Message from which the digest is to be calculated - * @param[in] message_len Length of the message - * @param[out] digest Message digest, will be allocated by the library - * @param[out] digest_len Length of message digest (depends on algorithm) - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a digest should be freed using yaca_free(). + * @remarks The @a message can be NULL but then @a message_len must be 0. + * @param[in] algo Digest algorithm (select #YACA_DIGEST_SHA256 if unsure) + * @param[in] message Message from which the digest is to be calculated + * @param[in] message_len Length of the message + * @param[out] digest Message digest, will be allocated by the library + * @param[out] digest_len Length of message digest (depends on algorithm) + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_digest_algorithm_e * @see yaca_free() */ -int yaca_simple_calculate_digest(yaca_digest_algorithm_e algo, - const char *message, - size_t message_len, - char **digest, - size_t *digest_len); +int yaca_simple_calculate_digest(yaca_digest_algorithm_e algo, const char *message, size_t message_len, char **digest, size_t *digest_len); + /** - * @brief Creates a signature using asymmetric private key. - * + * @brief Creates a signature using asymmetric private key. * @since_tizen 3.0 - * - * @remarks For #YACA_DIGEST_SHA384 and #YACA_DIGEST_SHA512 the RSA key size must be bigger than - * #YACA_KEY_LENGTH_512BIT. - * - * @remarks Using of #YACA_DIGEST_MD5 algorithm for DSA and ECDSA operations is prohibited. - * - * @remarks The @a signature should be freed using yaca_free(). - * - * @remarks The @a message can be NULL but then @a message_len must be 0. - * - * @param[in] algo Digest algorithm that will be used - * @param[in] prv_key Private key that will be used, algorithm is - * deduced based on key type, supported key types: - * - #YACA_KEY_TYPE_RSA_PRIV, - * - #YACA_KEY_TYPE_DSA_PRIV, - * - #YACA_KEY_TYPE_EC_PRIV - * @param[in] message Message to be signed - * @param[in] message_len Length of the message - * @param[out] signature Message signature, will be allocated by the library - * @param[out] signature_len Length of the signature - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks For #YACA_DIGEST_SHA384 and #YACA_DIGEST_SHA512 the RSA key size must be bigger than + * #YACA_KEY_LENGTH_512BIT. + * @remarks Using of #YACA_DIGEST_MD5 algorithm for DSA and ECDSA operations is prohibited. + * @remarks The @a signature should be freed using yaca_free(). + * @remarks The @a message can be NULL but then @a message_len must be 0. + * @param[in] algo Digest algorithm that will be used + * @param[in] prv_key Private key that will be used, algorithm is + * deduced based on key type, supported key types: + * - #YACA_KEY_TYPE_RSA_PRIV, + * - #YACA_KEY_TYPE_DSA_PRIV, + * - #YACA_KEY_TYPE_EC_PRIV + * @param[in] message Message to be signed + * @param[in] message_len Length of the message + * @param[out] signature Message signature, will be allocated by the library + * @param[out] signature_len Length of the signature + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a algo or @a prv_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_digest_algorithm_e * @see yaca_simple_verify_signature() * @see yaca_free() */ -int yaca_simple_calculate_signature(yaca_digest_algorithm_e algo, - const yaca_key_h prv_key, - const char *message, - size_t message_len, - char **signature, - size_t *signature_len); +int yaca_simple_calculate_signature(yaca_digest_algorithm_e algo, const yaca_key_h prv_key, const char *message, size_t message_len, char **signature, size_t *signature_len); + /** - * @brief Verifies a signature using asymmetric public key. - * + * @brief Verifies a signature using asymmetric public key. * @since_tizen 3.0 - * - * @remarks The @a message can be NULL but then @a message_len must be 0. - * - * @param[in] algo Digest algorithm that will be used - * @param[in] pub_key Public key that will be used, algorithm is - * deduced based on key type, supported key types: - * - #YACA_KEY_TYPE_RSA_PUB, - * - #YACA_KEY_TYPE_DSA_PUB, - * - #YACA_KEY_TYPE_EC_PUB - * @param[in] message Message - * @param[in] message_len Length of the message - * @param[in] signature Message signature to be verified - * @param[in] signature_len Length of the signature - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a message can be NULL but then @a message_len must be 0. + * @param[in] algo Digest algorithm that will be used + * @param[in] pub_key Public key that will be used, algorithm is + * deduced based on key type, supported key types: + * - #YACA_KEY_TYPE_RSA_PUB, + * - #YACA_KEY_TYPE_DSA_PUB, + * - #YACA_KEY_TYPE_EC_PUB + * @param[in] message Message + * @param[in] message_len Length of the message + * @param[in] signature Message signature to be verified + * @param[in] signature_len Length of the signature + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a algo or @a pub_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error * @retval #YACA_ERROR_DATA_MISMATCH The verification failed - * * @see #yaca_key_type_e * @see #yaca_digest_algorithm_e * @see yaca_simple_calculate_signature() */ -int yaca_simple_verify_signature(yaca_digest_algorithm_e algo, - const yaca_key_h pub_key, - const char *message, - size_t message_len, - const char *signature, - size_t signature_len); +int yaca_simple_verify_signature(yaca_digest_algorithm_e algo, const yaca_key_h pub_key, const char *message, size_t message_len, const char *signature, size_t signature_len); + /** - * @brief Calculates a HMAC of given message using symmetric key. - * + * @brief Calculates a HMAC of given message using symmetric key. * @since_tizen 3.0 - * - * @remarks For verification, calculate message HMAC and compare with received MAC using - * yaca_memcmp(). - * - * @remarks The @a mac should be freed using yaca_free(). - * - * @remarks The @a message can be NULL but then @a message_len must be 0. - * - * @param[in] algo Digest algorithm that will be used - * @param[in] sym_key Key that will be used, supported key types: - * - #YACA_KEY_TYPE_SYMMETRIC, - * - #YACA_KEY_TYPE_DES - * @param[in] message Message to calculate HMAC from - * @param[in] message_len Length of the message - * @param[out] mac MAC, will be allocated by the library - * @param[out] mac_len Length of the MAC - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks For verification, calculate message HMAC and compare with received MAC using yaca_memcmp(). + * @remarks The @a mac should be freed using yaca_free(). + * @remarks The @a message can be NULL but then @a message_len must be 0. + * @param[in] algo Digest algorithm that will be used + * @param[in] sym_key Key that will be used, supported key types: + * - #YACA_KEY_TYPE_SYMMETRIC, + * - #YACA_KEY_TYPE_DES + * @param[in] message Message to calculate HMAC from + * @param[in] message_len Length of the message + * @param[out] mac MAC, will be allocated by the library + * @param[out] mac_len Length of the MAC + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a algo or @a sym_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_digest_algorithm_e * @see yaca_memcmp() * @see yaca_free() */ -int yaca_simple_calculate_hmac(yaca_digest_algorithm_e algo, - const yaca_key_h sym_key, - const char *message, - size_t message_len, - char **mac, - size_t *mac_len); +int yaca_simple_calculate_hmac(yaca_digest_algorithm_e algo, const yaca_key_h sym_key, const char *message, size_t message_len, char **mac, size_t *mac_len); + /** - * @brief Calculates a CMAC of given message using symmetric key. - * + * @brief Calculates a CMAC of given message using symmetric key. * @since_tizen 3.0 - * - * @remarks For verification, calculate message CMAC and compare with received MAC using - * yaca_memcmp(). - * - * @remarks The @a mac should be freed using yaca_free(). - * - * @remarks The @a message can be NULL but then @a message_len must be 0. - * - * @param[in] algo Encryption algorithm that will be used - * @param[in] sym_key Key that will be used, supported key types: - * - #YACA_KEY_TYPE_SYMMETRIC, - * - #YACA_KEY_TYPE_DES - * @param[in] message Message to calculate CMAC from - * @param[in] message_len Length of the message - * @param[out] mac MAC, will be allocated by the library - * @param[out] mac_len Length of the MAC - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks For verification, calculate message CMAC and compare with received MAC using yaca_memcmp(). + * @remarks The @a mac should be freed using yaca_free(). + * @remarks The @a message can be NULL but then @a message_len must be 0. + * @param[in] algo Encryption algorithm that will be used + * @param[in] sym_key Key that will be used, supported key types: + * - #YACA_KEY_TYPE_SYMMETRIC, + * - #YACA_KEY_TYPE_DES + * @param[in] message Message to calculate CMAC from + * @param[in] message_len Length of the message + * @param[out] mac MAC, will be allocated by the library + * @param[out] mac_len Length of the MAC + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a algo or @a sym_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_encrypt_algorithm_e * @see yaca_memcmp() * @see yaca_free() */ -int yaca_simple_calculate_cmac(yaca_encrypt_algorithm_e algo, - const yaca_key_h sym_key, - const char *message, - size_t message_len, - char **mac, - size_t *mac_len); +int yaca_simple_calculate_cmac(yaca_encrypt_algorithm_e algo, const yaca_key_h sym_key, const char *message, size_t message_len, char **mac, size_t *mac_len); + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_SIMPLE_H */ diff --git a/api/yaca/yaca_types.h b/api/yaca/yaca_types.h index c6b1cb3..a4ae309 100644 --- a/api/yaca/yaca_types.h +++ b/api/yaca/yaca_types.h @@ -16,25 +16,29 @@ * limitations under the License */ + /** - * @file yaca_types.h - * @brief Types enums and defines. + * @file yaca_types.h + * @brief Types enums and defines. */ + #ifndef YACA_TYPES_H #define YACA_TYPES_H + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_ENCRYPTION_MODULE * @{ */ + /* The format of the unsigned int used to indicate key_bit_len is as follows: - * * Bits indicating a type: * bits 31-28 (4 bits) indicate key_length type: * 0000(0) - regular type for RSA, DSA @@ -42,10 +46,8 @@ extern "C" { * 0010(2) - DH with RFC 5114 * 0011(3) - elliptic curve * remaining combinations reserved - * * Bits for a regular type: * bits 27-0 (28 bits) indicate length of the key in bits - * * Bits for a DH with specified generator number: * bits 27-24 (4 bits) indicate DH generator * 0000(0) - generator 2 @@ -53,7 +55,6 @@ extern "C" { * remaining combinations reserved * bits 23-16 (8 bits) reserved * bits 15-0 (16 bits) length of the safe prime in bits - * * Bits for a DH with RFC 5114: * bits 27-24 (4 bits) indicate a bit subgroup: * 0000(0) - 160 @@ -62,7 +63,6 @@ extern "C" { * remaining combinations reserved * bits 23-16 (8 bits) reserved * bits 15-0 (16 bits) length of the safe prime in bits - * * Bits for an elliptic curve type: * bits 27-24 (4 bits) indicate type of an elliptic curve: * 0000(0) - X9.62 Prime @@ -83,75 +83,79 @@ extern "C" { * 0011(3) - 4 * remaining combinations reserved * bits 15-0 (16 bits) - length of the prime field in bits - * * Those bits are used for DH and EC. For any other keys key_bit_len can be passed just * as a number of bits (4 most significant bits set to 0000, 28 bits for bit length). - * * In any case those defines are not be used directly. - * * For DH keys use YACA_KEY_LENGTH_DH_GENERATOR_* or'ed with safe prime length. * Alternatively one can use values from yaca_key_bit_length_dh_rfc_e enum to use * RFC 5114 parameters. - * * For elliptic curves use values from yaca_key_bit_length_ec_e enum. */ + /** @cond Don't include those defines in doxygen, they are not to be used directly */ + /* types */ -#define YACA_KEYLEN_COMPONENT_TYPE_MASK (0xF << 28) -#define YACA_KEYLEN_COMPONENT_TYPE_BITS (0U << 28) -#define YACA_KEYLEN_COMPONENT_TYPE_DH (1U << 28) -#define YACA_KEYLEN_COMPONENT_TYPE_DH_RFC (2U << 28) -#define YACA_KEYLEN_COMPONENT_TYPE_EC (3U << 28) +#define YACA_KEYLEN_COMPONENT_TYPE_MASK (0xF << 28) +#define YACA_KEYLEN_COMPONENT_TYPE_BITS (0U << 28) +#define YACA_KEYLEN_COMPONENT_TYPE_DH (1U << 28) +#define YACA_KEYLEN_COMPONENT_TYPE_DH_RFC (2U << 28) +#define YACA_KEYLEN_COMPONENT_TYPE_EC (3U << 28) + /* DH type */ -#define YACA_KEYLEN_COMPONENT_DH_GEN_MASK (0xF << 24) -#define YACA_KEYLEN_COMPONENT_DH_GEN_2 (0U << 24) -#define YACA_KEYLEN_COMPONENT_DH_GEN_5 (1U << 24) +#define YACA_KEYLEN_COMPONENT_DH_GEN_MASK (0xF << 24) +#define YACA_KEYLEN_COMPONENT_DH_GEN_2 (0U << 24) +#define YACA_KEYLEN_COMPONENT_DH_GEN_5 (1U << 24) + #define YACA_KEYLEN_COMPONENT_DH_PRIME_MASK (0xFFFF << 0) + /* DH_RFC type */ -#define YACA_KEYLEN_COMPONENT_DH_RFC_MASK (0xF << 24) -#define YACA_KEYLEN_COMPONENT_DH_RFC_160 (0U << 24) -#define YACA_KEYLEN_COMPONENT_DH_RFC_224 (1U << 24) -#define YACA_KEYLEN_COMPONENT_DH_RFC_256 (2U << 24) +#define YACA_KEYLEN_COMPONENT_DH_RFC_MASK (0xF << 24) +#define YACA_KEYLEN_COMPONENT_DH_RFC_160 (0U << 24) +#define YACA_KEYLEN_COMPONENT_DH_RFC_224 (1U << 24) +#define YACA_KEYLEN_COMPONENT_DH_RFC_256 (2U << 24) + /* EC type */ -#define YACA_KEYLEN_COMPONENT_EC_PRIME (0U << 24) -#define YACA_KEYLEN_COMPONENT_EC_SECP (1U << 24) -#define YACA_KEYLEN_COMPONENT_EC_SECT (2U << 24) -#define YACA_KEYLEN_COMPONENT_EC_BRAINPOOL (3U << 24) - -#define YACA_KEYLEN_COMPONENT_EC_V (0U << 20) -#define YACA_KEYLEN_COMPONENT_EC_R (1U << 20) -#define YACA_KEYLEN_COMPONENT_EC_K (2U << 20) -#define YACA_KEYLEN_COMPONENT_EC_T (3U << 20) - -#define YACA_KEYLEN_COMPONENT_EC_1 (0U << 16) -#define YACA_KEYLEN_COMPONENT_EC_2 (1U << 16) -#define YACA_KEYLEN_COMPONENT_EC_3 (2U << 16) -#define YACA_KEYLEN_COMPONENT_EC_4 (3U << 16) +#define YACA_KEYLEN_COMPONENT_EC_PRIME (0U << 24) +#define YACA_KEYLEN_COMPONENT_EC_SECP (1U << 24) +#define YACA_KEYLEN_COMPONENT_EC_SECT (2U << 24) +#define YACA_KEYLEN_COMPONENT_EC_BRAINPOOL (3U << 24) + + +#define YACA_KEYLEN_COMPONENT_EC_V (0U << 20) +#define YACA_KEYLEN_COMPONENT_EC_R (1U << 20) +#define YACA_KEYLEN_COMPONENT_EC_K (2U << 20) +#define YACA_KEYLEN_COMPONENT_EC_T (3U << 20) + + +#define YACA_KEYLEN_COMPONENT_EC_1 (0U << 16) +#define YACA_KEYLEN_COMPONENT_EC_2 (1U << 16) +#define YACA_KEYLEN_COMPONENT_EC_3 (2U << 16) +#define YACA_KEYLEN_COMPONENT_EC_4 (3U << 16) /** @endcond */ + /** * @brief The context handle. - * * @since_tizen 3.0 */ typedef struct yaca_context_s *yaca_context_h; + /** - * @brief The handle of a key, an Initialization Vector or a key generation parameters. - * + * @brief An Initialization Vector or a key generation parameters by the key handle. * @since_tizen 3.0 */ typedef struct yaca_key_s *yaca_key_h; + /** - * @brief Enumeration of YACA key formats. - * + * @brief Enumeration for formats YACA key. * @since_tizen 3.0 */ typedef enum { @@ -161,9 +165,9 @@ typedef enum { YACA_KEY_FORMAT_PKCS8 } yaca_key_format_e; + /** - * @brief Enumeration of YACA key file formats. - * + * @brief Enumeration for formats YACA key file. * @since_tizen 3.0 */ typedef enum { @@ -177,9 +181,9 @@ typedef enum { YACA_KEY_FILE_FORMAT_DER } yaca_key_file_format_e; + /** - * @brief Enumeration of YACA key types, Initialization Vector is considered as key. - * + * @brief Enumeration for YACA key types, Initialization Vector is considered as key. * @since_tizen 3.0 */ typedef enum { @@ -218,11 +222,11 @@ typedef enum { YACA_KEY_TYPE_EC_PARAMS } yaca_key_type_e; + /** - * @brief Enumeration of YACA key lengths. + * @brief Enumeration for YACA key lengths. * It is possible to use arbitrary integer instead, * this enum values are placed here to avoid magic numbers. - * * @since_tizen 3.0 */ typedef enum { @@ -257,10 +261,9 @@ typedef enum { } yaca_key_bit_length_e; /** - * @brief Enumeration of YACA elliptic curve types with their bit lengths. + * @brief Enumeration for YACA elliptic curve types with their bit lengths. * It's meant to be passed or returned as a @a key_bit_len param * in appropriate functions when dealing with elliptic curves. - * * @since_tizen 3.0 */ typedef enum { @@ -277,24 +280,23 @@ typedef enum { } yaca_key_bit_length_ec_e; /** - * @brief A value indicating generator equal 2 for DH parameters. + * @brief Definition for the value indicating generator equal 2 for DH parameters. * To be or'ed with safe prime length in bits. Prime length is recommended * to be 2048 bits or higher. */ #define YACA_KEY_LENGTH_DH_GENERATOR_2 (YACA_KEYLEN_COMPONENT_TYPE_DH | YACA_KEYLEN_COMPONENT_DH_GEN_2) /** - * @brief A value indicating generator equal 5 for DH parameters. + * @brief Definition for the value indicating generator equal 5 for DH parameters. * To be or'ed with safe prime length in bits. Prime length is recommended * to be 2048 bits or higher. */ #define YACA_KEY_LENGTH_DH_GENERATOR_5 (YACA_KEYLEN_COMPONENT_TYPE_DH | YACA_KEYLEN_COMPONENT_DH_GEN_5) /** - * @brief Enumeration of YACA DH parameters taken from RFC 5114. + * @brief Enumeration for YACA DH parameters taken from RFC 5114. * It's meant to be passed or returned as a @a key_bit_len param * in appropriate functions when dealing with DH and wanting to * use RFC 5114 values. - * * @since_tizen 3.0 */ typedef enum { @@ -306,9 +308,9 @@ typedef enum { YACA_KEY_LENGTH_DH_RFC_2048_256 = YACA_KEYLEN_COMPONENT_TYPE_DH_RFC | YACA_KEYLEN_COMPONENT_DH_RFC_256 | 2048U } yaca_key_bit_length_dh_rfc_e; + /** - * @brief Enumeration of YACA message digest algorithms. - * + * @brief Enumeration for YACA message digest algorithms. * @since_tizen 3.0 */ typedef enum { @@ -326,9 +328,9 @@ typedef enum { YACA_DIGEST_SHA512, } yaca_digest_algorithm_e; + /** - * @brief Enumeration of YACA symmetric encryption algorithms. - * + * @brief Enumeration for YACA symmetric encryption algorithms. * @since_tizen 3.0 */ typedef enum { @@ -435,9 +437,9 @@ typedef enum { YACA_ENCRYPT_CAST5, } yaca_encrypt_algorithm_e; + /** - * @brief Enumeration of YACA chaining modes for block ciphers. - * + * @brief Enumeration for YACA chaining modes for block ciphers. * @since_tizen 3.0 */ typedef enum { @@ -450,7 +452,6 @@ typedef enum { /** * ECB block cipher mode. * Initialization Vector is not used. - * * By default the input data is padded using standard block padding (#YACA_PADDING_PKCS7). * Padding can be disabled using yaca_context_set_property() and * #YACA_PROPERTY_PADDING,#YACA_PADDING_NONE, @@ -470,7 +471,6 @@ typedef enum { * CBC block cipher mode. * 128-bit Initialization Vector for AES, * 64-bit for other algorithms is mandatory. - * * By default the input data is padded using standard block padding (#YACA_PADDING_PKCS7). * Padding can be disabled using yaca_context_set_property() and * #YACA_PROPERTY_PADDING, #YACA_PADDING_NONE, @@ -482,7 +482,6 @@ typedef enum { /** * GCM block cipher mode. * This is a variable Initialization Vector length mode (recommended 96-bits). - * * Supported properties: * - #YACA_PROPERTY_GCM_TAG_LEN = GCM tag length (optional)\n * Supported tag lengths: @c 4, @c 8, @c 12, @c 13, @c 14, @c 15, @c 16 @@ -490,22 +489,18 @@ typedef enum { * Set after yaca_encrypt_finalize() / yaca_seal_finalize() and before * yaca_context_get_property(#YACA_PROPERTY_GCM_TAG) in encryption / seal operation.\n * The @a value should be a size_t variable.\n - * In decryption / open operation tag length is not set.\n\n - * + * In decryption / open operation tag length is not set.\n * - #YACA_PROPERTY_GCM_TAG = GCM tag\n * Get after yaca_encrypt_finalize() / yaca_seal_finalize() in encryption / seal operation.\n * Set after yaca_decrypt_update() / yaca_open_update() and before - * yaca_decrypt_finalize() / yaca_open_finalize() in decryption / open operation.\n\n - * + * yaca_decrypt_finalize() / yaca_open_finalize() in decryption / open operation.\n * - #YACA_PROPERTY_GCM_AAD = additional authentication data (optional)\n * Set after yaca_encrypt_initialize() / yaca_seal_initialize() and before * yaca_encrypt_update() / yaca_seal_update() in encryption / seal operation.\n * Set after yaca_decrypt_initialize() / yaca_open_initialize() and before - * yaca_decrypt_update() / yaca_open_update() in decryption / open operation.\n\n - * + * yaca_decrypt_update() / yaca_open_update() in decryption / open operation.\n * @see yaca_context_set_property() * @see yaca_context_get_property() - * */ YACA_BCM_GCM, @@ -541,61 +536,50 @@ typedef enum { * CBC-MAC Mode (AES). * This is a variable Initialization Vector length mode.\n * Supported Initialization Vector lengths: 56-104 bits in steps of 8 bits - * (recommended 56-bits).\n\n - * + * (recommended 56-bits).\n * Supported properties: * - #YACA_PROPERTY_CCM_TAG_LEN = CCM tag length (optional)\n * Supported tag lengths: 4-16 bytes in steps of 2 bytes (12 bytes tag by default).\n * Set after yaca_encrypt_initialize() / yaca_seal_initialize() and before * yaca_encrypt_update() / yaca_seal_update() in encryption / seal operation.\n * The @a value should be a size_t variable.\n - * In decryption / open operation tag length is not set.\n\n - * + * In decryption / open operation tag length is not set.\n * - #YACA_PROPERTY_CCM_TAG = CCM tag\n * Get after yaca_encrypt_finalize() / yaca_seal_finalize() in encryption / seal operation.\n * Set after yaca_decrypt_initialize() / yaca_open_initialize() and before - * yaca_decrypt_update() / yaca_open_update() in decryption / open operation.\n\n - * + * yaca_decrypt_update() / yaca_open_update() in decryption / open operation.\n * - #YACA_PROPERTY_CCM_AAD = additional authentication data (optional)\n * The total plaintext length must be passed to yaca_encrypt_update() / yaca_seal_update() * if AAD is used.\n * Set after yaca_encrypt_initialize() / yaca_seal_initialize() and before * yaca_encrypt_update() / yaca_seal_update() in encryption / seal operation.\n * You can only call yaca_encrypt_update() / yaca_seal_update() once for AAD - * and once for the plaintext.\n\n - * + * and once for the plaintext.\n * The total encrypted text length must be passed to yaca_decrypt_update() / * yaca_open_update() if AAD is used.\n * Set after yaca_decrypt_initialize() / yaca_open_initialize() and before * yaca_decrypt_update() / yaca_open_update() in decryption / open operation.\n * You can only call yaca_decrypt_update() / yaca_open_update() once for AAD - * and once for the encrypted text.\n\n - * + * and once for the encrypted text.\n * @see yaca_context_set_property() * @see yaca_context_get_property() - * */ YACA_BCM_CCM, /** * Used with #YACA_ENCRYPT_AES or #YACA_ENCRYPT_3DES_3TDEA to perform a key wrapping * (key material symmetric encryption). - * * Only a single yaca_encrypt_update() / yaca_decrypt_update() is allowed. - * * Usage in yaca_seal_initialize() / yaca_open_finalize() is forbidden. - * * Key used to do the wrapping with #YACA_ENCRYPT_AES can be a 128-bit key, a 192-bit key, * or a 256-bit key.\n * 64-bit Initialization Vector is used.\n * Wrapped key can be a 128-bit key, a 192-bit key, or a 256-bit key.\n * #YACA_ENCRYPT_AES allows wrapping multiple keys together. - * * Key used to do the wrapping with #YACA_ENCRYPT_3DES_3TDEA can be a 192-bit DES key only.\n * Initialization Vector is not used.\n * Wrapped key can be a 128-bit DES key (two-key), or a 192-bit DES key (three-key).\n * #YACA_ENCRYPT_3DES_3TDEA allows wrapping only one key. - * */ YACA_BCM_WRAP @@ -603,16 +587,13 @@ typedef enum { /** - * @brief Enumeration of YACA non-standard properties for algorithms. - * + * @brief Enumeration for YACA non-standard properties for algorithms. * @since_tizen 3.0 - * * @see #yaca_padding_e */ typedef enum { /** * Padding for the encrypt/decrypt or sign/verify operation. Property type is #yaca_padding_e. - * * This property can be set at the latest before the *_finalize() call. */ YACA_PROPERTY_PADDING, @@ -636,8 +617,7 @@ typedef enum { } yaca_property_e; /** - * @brief Enumeration of YACA paddings. - * + * @brief Enumeration for YACA paddings. * @since_tizen 3.0 */ typedef enum { @@ -689,9 +669,9 @@ typedef enum { YACA_PADDING_PKCS7 } yaca_padding_e; + /** - * @brief Enumeration of YACA key derivation functions. - * + * @brief Enumeration for YACA key derivation functions. * @since_tizen 3.0 */ typedef enum { @@ -708,12 +688,15 @@ typedef enum { YACA_KDF_X962, } yaca_kdf_e; + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_TYPES_H */ -- 2.7.4 From 9d3c70918fb0041a89d821f7a5246b59f5f33a8c Mon Sep 17 00:00:00 2001 From: Piotr Sawicki Date: Tue, 7 Feb 2017 10:15:56 +0100 Subject: [PATCH 06/16] Remove unused code in CMakeLists Change-Id: I31210f92e62e5fce7035b4e5693c58fda8b29e5a --- src/CMakeLists.txt | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 8d8badd..2e022fc 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -1,5 +1,5 @@ # -# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved +# Copyright (c) 2016 - 2017 Samsung Electronics Co., Ltd All Rights Reserved # # Contact: Krzysztof Jackiewicz # @@ -45,13 +45,7 @@ SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES VERSION ${_LIB_VERSION_}) ## Link libraries ############################################################## -PKG_CHECK_MODULES(YACA_DEPS REQUIRED openssl) - -PKG_CHECK_MODULES(CAPI_BASE_COMMON capi-base-common) -IF (CAPI_BASE_COMMON_FOUND) - ADD_DEFINITIONS(-DCAPI_BASE_COMMON_PRESENT) - INCLUDE_DIRECTORIES(SYSTEM ${CAPI_BASE_COMMON_INCLUDE_DIRS}) -ENDIF() +PKG_CHECK_MODULES(YACA_DEPS REQUIRED openssl capi-base-common) FIND_PACKAGE (Threads) -- 2.7.4 From f28c538271df98283601b407577a7462d08fe5eb Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Mon, 20 Mar 2017 09:47:05 +0100 Subject: [PATCH 07/16] Install license file Change-Id: I1e80b2686d46e369084d062f2b0ef3c0e9e1d76d --- packaging/yaca.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/packaging/yaca.spec b/packaging/yaca.spec index 2b43c19..d22d931 100644 --- a/packaging/yaca.spec +++ b/packaging/yaca.spec @@ -19,6 +19,7 @@ The package provides Yet Another Crypto API. %postun -p /sbin/ldconfig %files +%license LICENSE %manifest yaca.manifest %{_libdir}/libyaca.so.0 %{_libdir}/libyaca.so.%{version} -- 2.7.4 From 6bae0c382ac2570a168094788a5dd86f986058dd Mon Sep 17 00:00:00 2001 From: Dariusz Michaluk Date: Tue, 14 Nov 2017 16:27:57 +0100 Subject: [PATCH 08/16] Fix: yaca_context_get_property() implementation unconsistent with documentation Change-Id: I5ffd12d68b2bc2764da50d7e7bc5dd1b92eb5ebb --- examples/encrypt_ccm.c | 7 +------ examples/encrypt_gcm.c | 7 +------ src/encrypt.c | 18 ++++++++++++++++-- 3 files changed, 18 insertions(+), 14 deletions(-) diff --git a/examples/encrypt_ccm.c b/examples/encrypt_ccm.c index 3bc11f8..572882c 100644 --- a/examples/encrypt_ccm.c +++ b/examples/encrypt_ccm.c @@ -78,11 +78,6 @@ int main() if (ret != YACA_ERROR_NONE) goto exit; - /* Allocate memory for tag */ - ret = yaca_zalloc(tag_len, (void**)&tag); - if (ret != YACA_ERROR_NONE) - goto exit; - /* Encryption */ { /* Initialize encryption context */ @@ -140,7 +135,7 @@ int main() goto exit; /* Get the tag after final encryption */ - ret = yaca_context_get_property(ctx, YACA_PROPERTY_CCM_TAG, (void**)tag, &tag_len); + ret = yaca_context_get_property(ctx, YACA_PROPERTY_CCM_TAG, (void**)&tag, &tag_len); if (ret != YACA_ERROR_NONE) goto exit; diff --git a/examples/encrypt_gcm.c b/examples/encrypt_gcm.c index 9778acb..7e1125b 100644 --- a/examples/encrypt_gcm.c +++ b/examples/encrypt_gcm.c @@ -78,11 +78,6 @@ int main() if (ret != YACA_ERROR_NONE) goto exit; - /* Allocate memory for tag */ - ret = yaca_zalloc(tag_len, (void**)&tag); - if (ret != YACA_ERROR_NONE) - goto exit; - /* Encryption */ { /* Initialize encryption context */ @@ -134,7 +129,7 @@ int main() if (ret != YACA_ERROR_NONE) goto exit; - ret = yaca_context_get_property(ctx, YACA_PROPERTY_GCM_TAG, (void**)tag, &tag_len); + ret = yaca_context_get_property(ctx, YACA_PROPERTY_GCM_TAG, (void**)&tag, &tag_len); if (ret != YACA_ERROR_NONE) goto exit; diff --git a/src/encrypt.c b/src/encrypt.c index f4a21f3..1fd935c 100644 --- a/src/encrypt.c +++ b/src/encrypt.c @@ -767,6 +767,8 @@ int set_encrypt_property(yaca_context_h ctx, int get_encrypt_property(const yaca_context_h ctx, yaca_property_e property, void **value, size_t *value_len) { + int ret; + void *tag = NULL; struct yaca_encrypt_context_s *c = get_encrypt_context(ctx); int mode; @@ -786,13 +788,19 @@ int get_encrypt_property(const yaca_context_h ctx, yaca_property_e property, assert(c->tag_len <= INT_MAX); + ret = yaca_malloc(c->tag_len, &tag); + if (ret != YACA_ERROR_NONE) + return ret; + if (EVP_CIPHER_CTX_ctrl(c->cipher_ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, - value) != 1) { + tag) != 1) { + yaca_free(tag); ERROR_DUMP(YACA_ERROR_INTERNAL); return YACA_ERROR_INTERNAL; } + *value = tag; *value_len = c->tag_len; break; case YACA_PROPERTY_CCM_TAG: @@ -804,13 +812,19 @@ int get_encrypt_property(const yaca_context_h ctx, yaca_property_e property, assert(c->tag_len <= INT_MAX); + ret = yaca_malloc(c->tag_len, &tag); + if (ret != YACA_ERROR_NONE) + return ret; + if (EVP_CIPHER_CTX_ctrl(c->cipher_ctx, EVP_CTRL_CCM_GET_TAG, c->tag_len, - value) != 1) { + tag) != 1) { + yaca_free(tag); ERROR_DUMP(YACA_ERROR_INTERNAL); return YACA_ERROR_INTERNAL; } + *value = tag; *value_len = c->tag_len; break; default: -- 2.7.4 From fd14778d5a704845c34f5add789c221abde2f594 Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Fri, 17 Nov 2017 11:31:23 +0100 Subject: [PATCH 09/16] Some additional API usage clarifications regarding keys Change-Id: I375ff08deedfdc4669f40dbf6a7473d216e531ed --- api/yaca/yaca_key.h | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h index f946534..bf871f6 100644 --- a/api/yaca/yaca_key.h +++ b/api/yaca/yaca_key.h @@ -218,6 +218,8 @@ int yaca_key_generate(yaca_key_type_e key_type, size_t key_bit_len, yaca_key_h * * @since_tizen 3.0 * @remarks This function is used to generate private asymmetric keys * based on pre-generated parameters. + * @remarks This function does not support RSA keys, as it's not possible + * to extract parameters from them. * @remarks The @a key should be released using yaca_key_destroy(). * @param[in] params Pre-generated parameters * @param[out] prv_key Newly generated private key @@ -257,6 +259,7 @@ int yaca_key_extract_public(const yaca_key_h prv_key, yaca_key_h *pub_key); * @brief Extracts parameters from a private or a public key. * @since_tizen 3.0 * @remarks The @a params should be released using yaca_key_destroy(). + * @remarks This function does not support RSA keys. * @param[in] key A key to extract the parameters from * @param[out] params Extracted parameters * @return #YACA_ERROR_NONE on success, @@ -276,9 +279,10 @@ int yaca_key_extract_parameters(const yaca_key_h key, yaca_key_h *params); /** * @brief Derives a shared secret using Diffie-Helmann or EC Diffie-Helmann key exchange protocol. * @since_tizen 3.0 - * @remarks The @a secret should not be used as a symmetric key, - * to produce a symmetric key pass the secret to a key derivation function (KDF) + * @remarks The @a secret should not be used as a symmetric key. + * To produce a symmetric key pass the secret to a key derivation function (KDF) * or a message digest function. + * @remarks Both the keys passed should be of DH type. * @remarks The @a secret should be freed with yaca_free(). * @param[in] prv_key Our private key * @param[in] pub_key Peer public key -- 2.7.4 From 56f96a8307f1b4dc771de32bdaf5fb8b561687ba Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Fri, 17 Nov 2017 11:32:26 +0100 Subject: [PATCH 10/16] Fix possible segfault in seal_initialize The iv is not mandatory. It depends on bcm mode and is already checked in this function. Don't blindly write to *iv because in some cases it might be NULL. Change-Id: Ieddf81b77482d2aec49d1cde3291c08d702b7c43 --- src/seal.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/seal.c b/src/seal.c index a7c3b50..24188e4 100644 --- a/src/seal.c +++ b/src/seal.c @@ -188,8 +188,11 @@ API int yaca_seal_initialize(yaca_context_h *ctx, *sym_key = lenc_sym_key; lenc_sym_key = YACA_KEY_NULL; - *iv = liv; - liv = YACA_KEY_NULL; + if (iv != NULL) { + *iv = liv; + liv = YACA_KEY_NULL; + } + ret = YACA_ERROR_NONE; exit: -- 2.7.4 From 5d1d5270ff1a668130932373a2a4be58be97ab4e Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Fri, 17 Nov 2017 11:34:07 +0100 Subject: [PATCH 11/16] Handle special use case of EVP_DigestSignFinal() EVP_DigestSignFinal() does not behave the same as other OpenSSL *Final functions in regards to its length param. Handle this use case so its different behaviour is not propagated onto YACA. Change-Id: Iac9338e00a39a986049d1504791ff5e409da96f1 --- src/sign.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/sign.c b/src/sign.c index 23c9fa0..03f1cb0 100644 --- a/src/sign.c +++ b/src/sign.c @@ -430,12 +430,20 @@ API int yaca_sign_finalize(yaca_context_h ctx, int ret; if (c == NULL || c->op_type != OP_SIGN || - signature == NULL || signature_len == NULL || *signature_len == 0) + signature == NULL || signature_len == NULL) return YACA_ERROR_INVALID_PARAMETER; if (!verify_state_change(c, CTX_FINALIZED)) return YACA_ERROR_INVALID_PARAMETER; + /* EVP_DigestSignFinal() is the only *Final that requires buffer + * length as the [in,out], don't break the symmetry in our API, + * don't require it from the user, get the apropriate length here. + */ + ret = ctx->get_output_length(ctx, 0, signature_len); + if (ret != YACA_ERROR_NONE) + return ret; + ret = EVP_DigestSignFinal(c->md_ctx, (unsigned char *)signature, signature_len); if (ret != 1) { ret = YACA_ERROR_INTERNAL; -- 2.7.4 From d13ea7e43f5fec4d1930feca73141485abcbbd9d Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Fri, 17 Nov 2017 15:20:36 +0100 Subject: [PATCH 12/16] Clarification for key_derive_dh, EC keys are also accepted Change-Id: I763712bb97de47267ebd1303bc3718c573edb164 --- api/yaca/yaca_key.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h index bf871f6..4f82cd9 100644 --- a/api/yaca/yaca_key.h +++ b/api/yaca/yaca_key.h @@ -282,7 +282,7 @@ int yaca_key_extract_parameters(const yaca_key_h key, yaca_key_h *params); * @remarks The @a secret should not be used as a symmetric key. * To produce a symmetric key pass the secret to a key derivation function (KDF) * or a message digest function. - * @remarks Both the keys passed should be of DH type. + * @remarks Both the keys passed should be of DH or EC type. * @remarks The @a secret should be freed with yaca_free(). * @param[in] prv_key Our private key * @param[in] pub_key Peer public key -- 2.7.4 From 750418075d3e913b8733520d82bfebd4323c64fd Mon Sep 17 00:00:00 2001 From: Dariusz Michaluk Date: Wed, 14 Mar 2018 12:22:32 +0100 Subject: [PATCH 13/16] Release 0.0.3 Change-Id: Ibafba8ab1f73392aa7a27483c468fafb33245dca --- CMakeLists.txt | 2 +- packaging/yaca.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 653daef..8596ea7 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -23,7 +23,7 @@ CMAKE_MINIMUM_REQUIRED (VERSION 2.6.2) PROJECT(yaca) -SET(VERSION "0.0.2") +SET(VERSION "0.0.3") ## pkgconfig ################################################################### INCLUDE(FindPkgConfig) diff --git a/packaging/yaca.spec b/packaging/yaca.spec index d22d931..a1484d1 100644 --- a/packaging/yaca.spec +++ b/packaging/yaca.spec @@ -1,5 +1,5 @@ Name: yaca -Version: 0.0.2 +Version: 0.0.3 Release: 0 Source0: %{name}-%{version}.tar.gz License: Apache-2.0 -- 2.7.4 From 932ca550e4b56fec34f2ad4045c0b148b7890aa1 Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Fri, 17 Nov 2017 14:51:46 +0100 Subject: [PATCH 14/16] Python3 bindings for YACA Change-Id: Ia7e7bf329d6b2e87c6587481dfe5c870ef482e54 --- CMakeLists.txt | 4 + packaging/yaca.spec | 14 + python/CMakeLists.txt | 8 + python/run_all_tests.py | 23 ++ python/yaca/__init__.py | 817 ++++++++++++++++++++++++++++++++++++++++++++++++ python/yaca/error.py | 48 +++ python/yaca/library.py | 298 ++++++++++++++++++ python/yaca/tests.py | 473 ++++++++++++++++++++++++++++ 8 files changed, 1685 insertions(+) create mode 100644 python/CMakeLists.txt create mode 100755 python/run_all_tests.py create mode 100755 python/yaca/__init__.py create mode 100644 python/yaca/error.py create mode 100644 python/yaca/library.py create mode 100644 python/yaca/tests.py diff --git a/CMakeLists.txt b/CMakeLists.txt index 8596ea7..51d28e7 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -74,6 +74,7 @@ ENDIF() SET(API_FOLDER ${PROJECT_SOURCE_DIR}/api/yaca) SET(EXAMPLES_FOLDER ${PROJECT_SOURCE_DIR}/examples) SET(SRC_FOLDER ${PROJECT_SOURCE_DIR}/src) +SET(PYTHON_FOLDER ${PROJECT_SOURCE_DIR}/python) IF(NOT DEFINED LIB_INSTALL_DIR) SET(LIB_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}") @@ -99,3 +100,6 @@ CONFIGURE_FILE(packaging/yaca.manifest.in yaca.manifest @ONLY) ADD_SUBDIRECTORY(${SRC_FOLDER}) ADD_SUBDIRECTORY(${EXAMPLES_FOLDER}) +IF(NOT WITHOUT_PYTHON) + ADD_SUBDIRECTORY(${PYTHON_FOLDER}) +ENDIF(NOT WITHOUT_PYTHON) diff --git a/packaging/yaca.spec b/packaging/yaca.spec index a1484d1..5135774 100644 --- a/packaging/yaca.spec +++ b/packaging/yaca.spec @@ -6,6 +6,7 @@ License: Apache-2.0 Group: Security/Other Summary: Yet Another Crypto API BuildRequires: cmake +BuildRequires: python3 >= 3.4 BuildRequires: pkgconfig(capi-base-common) BuildRequires: pkgconfig(openssl) Requires(post): /sbin/ldconfig @@ -35,6 +36,7 @@ make -k %{?jobs:-j%jobs} %install %make_install +%py3_compile %{buildroot}/%{python3_sitelib} %clean rm -rf %{buildroot} @@ -65,3 +67,15 @@ The package provides Yet Another Crypto API example files. %files examples %{_bindir}/yaca-example* %{_datadir}/%{name}/examples + +## Python3 Package ############################################################ +%package -n python3-yaca +Summary: Yet Another Crypto API Python3 bindings +Group: Security/Other +Requires: yaca = %{version}-%{release} + +%description -n python3-yaca +The package provides Yet Another Crypto API bindings for Python3. + +%files -n python3-yaca +%{python3_sitelib}/%{name} diff --git a/python/CMakeLists.txt b/python/CMakeLists.txt new file mode 100644 index 0000000..bb65b0c --- /dev/null +++ b/python/CMakeLists.txt @@ -0,0 +1,8 @@ +FIND_PACKAGE(PythonInterp 3.4 REQUIRED) + +EXECUTE_PROCESS(COMMAND ${PYTHON_EXECUTABLE} -c "from sys import stdout; from distutils import sysconfig; stdout.write(sysconfig.get_python_lib())" OUTPUT_VARIABLE PYTHON_INSTALL_DIR) +MESSAGE(STATUS "Python install dir is ${PYTHON_INSTALL_DIR}") +MESSAGE(STATUS "Python version is ${PYTHON_VERSION_STRING}") + +FILE(GLOB yaca_SRCS yaca/*.py) +INSTALL (FILES ${yaca_SRCS} DESTINATION ${PYTHON_INSTALL_DIR}/${PROJECT_NAME}) diff --git a/python/run_all_tests.py b/python/run_all_tests.py new file mode 100755 index 0000000..4877820 --- /dev/null +++ b/python/run_all_tests.py @@ -0,0 +1,23 @@ +#!/usr/bin/env python3 + +# Copyright (c) 2017-2018 Samsung Electronics Co., Ltd All Rights Reserved +# +# Contact: Lukasz Pawelczyk +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License + + +import yaca +import yaca.tests + +yaca.tests.run_all_tests() diff --git a/python/yaca/__init__.py b/python/yaca/__init__.py new file mode 100755 index 0000000..38e8648 --- /dev/null +++ b/python/yaca/__init__.py @@ -0,0 +1,817 @@ +#!/usr/bin/env python3 + +# Copyright (c) 2017-2018 Samsung Electronics Co., Ltd All Rights Reserved +# +# Contact: Lukasz Pawelczyk +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License + + +""" +Python3 bindings for YACA. + +Usage is almost the same as in the C API. All the functions that made +sense in Python were implemented. Memory allocations and functions for +getting length of the buffers were ommited as all those things are +handled automatically for both input and output. + +All the parameters for strings/data expect python's bytes type. All +the parameters are named the same as in the C API and their meaning is +exactly the same. + +The major exception being encrypt/decrypt update where second +parameter can have 2 meanings. This is only used for CCM_AAD. See +examples. + +Some parameters now have default values for ease of use. + +For details please refer to the C API doxygen documentation. + +For examples see tests/examples in yaca.tests module. +""" + +import enum as _enum +import ctypes as _ctypes +import yaca.library +from yaca.error import * +del yaca.error + +# Initialization + +_lib = yaca.library.get_yaca() +del yaca.library + + +# Helpers + +def _get_char_param_nullify_if_zero(param): + return None if len(param) == 0 else param + + +def _context_get_output_length(ctx, input_length): + output_length = _ctypes.c_size_t() + _lib.yaca_context_get_output_length(ctx, + input_length, + _ctypes.byref(output_length)) + return output_length.value + + +# Types + +class Context(): + def __init__(self, ptr): + if not isinstance(ptr, _ctypes.c_void_p): + raise TypeError('Invalid type') + self._as_parameter_ = ptr + + def __del__(self): + _lib.yaca_context_destroy(self._as_parameter_) + + +class Key(): + def __init__(self, ptr): + if not isinstance(ptr, _ctypes.c_void_p): + raise TypeError('Invalid type') + self._as_parameter_ = ptr + + def __del__(self): + _lib.yaca_key_destroy(self._as_parameter_) + + def __repr__(self): + if self._as_parameter_.value is None: + return '' + return '' + + def get_type(self): + return key_get_type(self) + + def get_bit_length(self): + return key_get_bit_length(self) + + +KEY_NULL = Key(_ctypes.c_void_p()) + + +# Enums + +@_enum.unique +class KEY_FORMAT(_enum.Enum): + DEFAULT = 0 + PKCS8 = 1 + + +@_enum.unique +class KEY_FILE_FORMAT(_enum.Enum): + RAW = 0 + BASE64 = 1 + PEM = 2 + DER = 3 + + +@_enum.unique +class KEY_TYPE(_enum.Enum): + SYMMETRIC = 0 + DES = 1 + IV = 2 + RSA_PUB = 3 + RSA_PRIV = 4 + DSA_PUB = 5 + DSA_PRIV = 6 + DH_PUB = 7 + DH_PRIV = 8 + EC_PUB = 9 + EC_PRIV = 10 + DSA_PARAMS = 11 + DH_PARAMS = 12 + EC_PARAMS = 13 + + +class KEY_BIT_LENGTH(_enum.IntEnum): + IV_64BIT = 64 + IV_128BIT = 128 + UNSAFE_8BIT = 8 + UNSAFE_40BIT = 40 + UNSAFE_64BIT = 64 + UNSAFE_80BIT = 80 + UNSAFE_128BIT = 128 + L192BIT = 192 + L256BIT = 256 + L512BIT = 512 + L1024BIT = 1024 + L2048BIT = 2048 + L3072BIT = 3072 + L4096BIT = 4096 + + +@_enum.unique +class KEY_BIT_LENGTH_EC(_enum.IntEnum): + PRIME192V1 = 0x300000C0 + PRIME256V1 = 0x30000100 + SECP256K1 = 0x31200100 + SECP384R1 = 0x31100180 + SECP521R1 = 0x31100209 + + +KEY_LENGTH_DH_GENERATOR_2 = 0x10000000 +KEY_LENGTH_DH_GENERATOR_5 = 0x11000000 + + +@_enum.unique +class KEY_BIT_LENGTH_DH_RFC(_enum.IntEnum): + L1024_160 = 0x20000400 + L2048_224 = 0x21000800 + L2048_256 = 0x22000800 + + +@_enum.unique +class DIGEST_ALGORITHM(_enum.Enum): + MD5 = 0 + SHA1 = 1 + SHA224 = 2 + SHA256 = 3 + SHA384 = 4 + SHA512 = 5 + + +@_enum.unique +class ENCRYPT_ALGORITHM(_enum.Enum): + AES = 0 + UNSAFE_DES = 1 + UNSAFE_TRIPPLE_DES_2TDEA = 2 + TRIPPLE_DES_3TDEA = 3 + UNSAFE_RC2 = 4 + UNSAFE_RC4 = 5 + CAST5 = 6 + + +@_enum.unique +class BLOCK_CIPHER_MODE(_enum.Enum): + NONE = 0 + ECB = 1 + CTR = 2 + CBC = 3 + GCM = 4 + CFB = 5 + CFB1 = 6 + CFB8 = 7 + OFB = 8 + CCM = 9 + WRAP = 10 + + +@_enum.unique +class PROPERTY(_enum.Enum): + PADDING = 0 + GCM_AAD = 1 + GCM_TAG = 2 + GCM_TAG_LEN = 3 + CCM_AAD = 4 + CCM_TAG = 5 + CCM_TAG_LEN = 6 + RC2_EFFECTIVE_KEY_BITS = 7 + + +@_enum.unique +class PADDING(_enum.Enum): + NONE = 0 + X931 = 1 + PKCS1 = 2 + PKCS1_PSS = 3 + PKCS1_OAEP = 4 + PKCS1_SSLV23 = 5 + PKCS7 = 6 + + +@_enum.unique +class KDF(_enum.Enum): + X942 = 0 + X962 = 1 + + +# Implementation crypto + +def initialize(): + """Initializes the library. Must be called before any other crypto + function. Should be called once in each thread that uses yaca.""" + _lib.yaca_initialize() + + +def cleanup(): + """Cleans up the library. + Must be called before exiting the thread that called yaca_initialize().""" + _lib.yaca_cleanup() + + +def memcmp(first, second, length): + """Safely compares first length bytes of two buffers.""" + l = _ctypes.c_size_t(length) + return _lib.yaca_memcmp(first, second, l) + + +def random_bytes(length): + """Generates random data.""" + data = _ctypes.create_string_buffer(length) + _lib.yaca_randomize_bytes(data, length) + return bytes(data) + + +def context_set_property(ctx, prop, prop_val): + """Sets the non-standard context properties. + Can only be called on an initialized context.""" + if prop == PROPERTY.PADDING: + value = _ctypes.c_int(prop_val.value) + value_length = _ctypes.sizeof(value) + _lib.yaca_context_set_property(ctx, + prop.value, + _ctypes.byref(value), + value_length) + elif (prop == PROPERTY.GCM_AAD) or (prop == PROPERTY.CCM_AAD) or \ + (prop == PROPERTY.GCM_TAG) or (prop == PROPERTY.CCM_TAG): + value = prop_val + value_length = len(prop_val) + _lib.yaca_context_set_property(ctx, prop.value, + value, value_length) + elif (prop == PROPERTY.GCM_TAG_LEN) or (prop == PROPERTY.CCM_TAG_LEN) or \ + (prop == PROPERTY.RC2_EFFECTIVE_KEY_BITS): + value = _ctypes.c_size_t(prop_val) + value_length = _ctypes.sizeof(value) + _lib.yaca_context_set_property( + ctx, prop.value, _ctypes.byref(value), value_length) + else: + raise InvalidParameterError('Wrong property passed') + + +def context_get_property(ctx, prop): + """Returns the non-standard context properties. + Can only be called on an initialized context.""" + value = _ctypes.c_void_p() + value_length = _ctypes.c_size_t() + _lib.yaca_context_get_property(ctx, prop.value, _ctypes.byref(value), + _ctypes.byref(value_length)) + if prop == PROPERTY.PADDING: + value_cast = _ctypes.cast(value, _ctypes.POINTER(_ctypes.c_int)) + value_proper = value_cast.contents.value + assert value_length.value == _ctypes.sizeof(value_cast.contents) + elif (prop == PROPERTY.GCM_AAD) or (prop == PROPERTY.CCM_AAD) or \ + (prop == PROPERTY.GCM_TAG) or (prop == PROPERTY.CCM_TAG): + value_cast = _ctypes.cast(value, _ctypes.POINTER(_ctypes.c_char)) + value_proper = value_cast[:value_length.value] + assert value_length.value == len(value_proper) + elif (prop == PROPERTY.GCM_TAG_LEN) or \ + (prop == PROPERTY.CCM_TAG_LEN) or \ + (prop == PROPERTY.RC2_EFFECTIVE_KEY_BITS): + value_cast = _ctypes.cast(value, _ctypes.POINTER(_ctypes.c_size_t)) + value_proper = value_cast.contents.value + assert value_length.value == _ctypes.sizeof(value_cast.contents) + else: + raise InvalidParameterError('Wrong property passed') + _lib.yaca_free(value) + return value_proper + + +# Implementation key + +def key_get_type(key): + """Gets key's type""" + key_type = _ctypes.c_int() + _lib.yaca_key_get_type(key, _ctypes.byref(key_type)) + return KEY_TYPE(key_type.value) + + +def key_get_bit_length(key): + """Gets key's length (in bits).""" + key_bit_length = _ctypes.c_size_t() + _lib.yaca_key_get_bit_length(key, _ctypes.byref(key_bit_length)) + return key_bit_length.value + + +def key_import(data, key_type=KEY_TYPE.SYMMETRIC, password=b''): + """Imports a key or key generation parameters.""" + key = _ctypes.c_void_p() + _lib.yaca_key_import(key_type.value, _ctypes.c_char_p(password), + data, len(data), _ctypes.byref(key)) + return Key(key) + + +def key_export(key, key_file_fmt=KEY_FILE_FORMAT.BASE64, + key_fmt=KEY_FORMAT.DEFAULT, password=b''): + """Exports a key or key generation parameters to arbitrary format.""" + data = _ctypes.POINTER(_ctypes.c_char)() + data_length = _ctypes.c_size_t() + _lib.yaca_key_export(key, key_fmt.value, key_file_fmt.value, + _ctypes.c_char_p(password), _ctypes.byref(data), + _ctypes.byref(data_length)) + data_bytes = data[:data_length.value] + _lib.yaca_free(data) + return data_bytes + + +def key_generate(key_type=KEY_TYPE.SYMMETRIC, + key_bit_length=KEY_BIT_LENGTH.L256BIT): + """Generates a secure key or key generation parameters + (or an Initialization Vector).""" + key = _ctypes.c_void_p() + _lib.yaca_key_generate(key_type.value, key_bit_length, + _ctypes.byref(key)) + return Key(key) + + +def key_generate_from_parameters(params): + """Generates a secure private asymmetric key from parameters.""" + prv_key = _ctypes.c_void_p() + _lib.yaca_key_generate_from_parameters(params, + _ctypes.byref(prv_key)) + return Key(prv_key) + + +def key_extract_public(prv_key): + """Extracts public key from a private one.""" + pub_key = _ctypes.c_void_p() + _lib.yaca_key_extract_public(prv_key, _ctypes.byref(pub_key)) + return Key(pub_key) + + +def key_extract_parameters(key): + """Extracts parameters from a private or a public key.""" + params = _ctypes.c_void_p() + _lib.yaca_key_extract_parameters(key, _ctypes.byref(params)) + return Key(params) + + +def key_derive_dh(prv_key, pub_key): + """Derives a shared secret using Diffie-Helmann or EC Diffie-Helmann + key exchange protocol.""" + secret = _ctypes.POINTER(_ctypes.c_char)() + secret_length = _ctypes.c_size_t() + _lib.yaca_key_derive_dh(prv_key, pub_key, _ctypes.byref(secret), + _ctypes.byref(secret_length)) + secret_bytes = secret[:secret_length.value] + _lib.yaca_free(secret) + return secret_bytes + + +def key_derive_kdf(secret, key_material_length, info=b'', + kdf=KDF.X942, digest_algo=DIGEST_ALGORITHM.SHA256): + """Derives a key material from shared secret.""" + info_param = _get_char_param_nullify_if_zero(info) + key_material = _ctypes.POINTER(_ctypes.c_char)() + _lib.yaca_key_derive_kdf(kdf.value, digest_algo.value, + secret, len(secret), + info_param, len(info), key_material_length, + _ctypes.byref(key_material)) + key_material_bytes = key_material[:key_material_length] + _lib.yaca_free(key_material) + return key_material_bytes + + +def key_derive_pbkdf2(password, key_bit_length=KEY_BIT_LENGTH.L256BIT, + salt=b'', digest_algo=DIGEST_ALGORITHM.SHA256, + iterations=50000): + """Derives a key from user password (PKCS #5 a.k.a. pbkdf2 algorithm).""" + salt_param = _get_char_param_nullify_if_zero(salt) + key = _ctypes.c_void_p() + _lib.yaca_key_derive_pbkdf2(_ctypes.c_char_p(password), salt_param, + len(salt), iterations, digest_algo.value, + key_bit_length, _ctypes.byref(key)) + return Key(key) + + +# Implementation simple + +def simple_encrypt(sym_key, plaintext, encrypt_algo=ENCRYPT_ALGORITHM.AES, + bcm=BLOCK_CIPHER_MODE.ECB, iv=KEY_NULL): + """Encrypts data using a symmetric cipher.""" + plaintext_param = _get_char_param_nullify_if_zero(plaintext) + ciphertext = _ctypes.POINTER(_ctypes.c_char)() + ciphertext_length = _ctypes.c_size_t() + _lib.yaca_simple_encrypt(encrypt_algo.value, bcm.value, sym_key, iv, + plaintext_param, len(plaintext), + _ctypes.byref(ciphertext), + _ctypes.byref(ciphertext_length)) + ciphertext_bytes = ciphertext[:ciphertext_length.value] + _lib.yaca_free(ciphertext) + return ciphertext_bytes + + +def simple_decrypt(sym_key, ciphertext, encrypt_algo=ENCRYPT_ALGORITHM.AES, + bcm=BLOCK_CIPHER_MODE.ECB, iv=KEY_NULL): + """Decrypts data using a symmetric cipher.""" + ciphertext_param = _get_char_param_nullify_if_zero(ciphertext) + plaintext = _ctypes.POINTER(_ctypes.c_char)() + plaintext_length = _ctypes.c_size_t() + _lib.yaca_simple_decrypt(encrypt_algo.value, bcm.value, sym_key, iv, + ciphertext_param, len(ciphertext), + _ctypes.byref(plaintext), + _ctypes.byref(plaintext_length)) + plaintext_bytes = plaintext[:plaintext_length.value] + _lib.yaca_free(plaintext) + return plaintext_bytes + + +def simple_calculate_digest(message, digest_algo=DIGEST_ALGORITHM.SHA256): + """Calculates a digest of a message.""" + message_param = _get_char_param_nullify_if_zero(message) + digest = _ctypes.POINTER(_ctypes.c_char)() + digest_length = _ctypes.c_size_t() + _lib.yaca_simple_calculate_digest(digest_algo.value, message_param, + len(message), + _ctypes.byref(digest), + _ctypes.byref(digest_length)) + digest_bytes = digest[:digest_length.value] + _lib.yaca_free(digest) + return digest_bytes + + +def simple_calculate_signature(prv_key, message, + digest_algo=DIGEST_ALGORITHM.SHA256): + """Creates a signature using asymmetric private key.""" + message_param = _get_char_param_nullify_if_zero(message) + signature = _ctypes.POINTER(_ctypes.c_char)() + signature_length = _ctypes.c_size_t() + _lib.yaca_simple_calculate_signature(digest_algo.value, prv_key, + message_param, len(message), + _ctypes.byref(signature), + _ctypes.byref(signature_length)) + signature_bytes = signature[:signature_length.value] + _lib.yaca_free(signature) + return signature_bytes + + +def simple_verify_signature(pub_key, message, signature, + digest_algo=DIGEST_ALGORITHM.SHA256): + """Verifies a signature using asymmetric public key.""" + return _lib.yaca_simple_verify_signature(digest_algo.value, pub_key, + message, len(message), + signature, len(signature)) + + +def simple_calculate_hmac(sym_key, message, + digest_algo=DIGEST_ALGORITHM.SHA256): + """Calculates a HMAC of given message using symmetric key.""" + message_param = _get_char_param_nullify_if_zero(message) + mac = _ctypes.POINTER(_ctypes.c_char)() + mac_length = _ctypes.c_size_t() + _lib.yaca_simple_calculate_hmac(digest_algo.value, sym_key, + message_param, len(message), + _ctypes.byref(mac), + _ctypes.byref(mac_length)) + mac_bytes = mac[:mac_length.value] + _lib.yaca_free(mac) + return mac_bytes + + +def simple_calculate_cmac(sym_key, message, + encrypt_algo=ENCRYPT_ALGORITHM.AES): + """Calculates a CMAC of given message using symmetric key.""" + message_param = _get_char_param_nullify_if_zero(message) + mac = _ctypes.POINTER(_ctypes.c_char)() + mac_length = _ctypes.c_size_t() + _lib.yaca_simple_calculate_cmac(encrypt_algo.value, sym_key, + message_param, len(message), + _ctypes.byref(mac), + _ctypes.byref(mac_length)) + mac_bytes = mac[:mac_length.value] + _lib.yaca_free(mac) + return mac_bytes + + +# Implementation digest + +def digest_initialize(digest_algo=DIGEST_ALGORITHM.SHA256): + """Initializes a digest context.""" + ctx = _ctypes.c_void_p() + _lib.yaca_digest_initialize(_ctypes.byref(ctx), digest_algo.value) + return Context(ctx) + + +def digest_update(ctx, message): + """Feeds the message into the message digest algorithm.""" + _lib.yaca_digest_update(ctx, message, len(message)) + + +def digest_finalize(ctx): + """Calculates the final digest.""" + output_length = _context_get_output_length(ctx, 0) + digest = _ctypes.create_string_buffer(output_length) + digest_length = _ctypes.c_size_t() + _lib.yaca_digest_finalize(ctx, digest, _ctypes.byref(digest_length)) + return bytes(digest[:digest_length.value]) + + +# Implementation encrypt + +def encrypt_get_iv_bit_length(encrypt_algo, bcm, key_bin_length): + """Returns the recommended/default length of the Initialization Vector + for a given encryption configuration.""" + iv_bit_length = _ctypes.c_size_t() + _lib.yaca_encrypt_get_iv_bit_length(encrypt_algo.value, bcm.value, + key_bin_length, + _ctypes.byref(iv_bit_length)) + return iv_bit_length.value + + +def encrypt_initialize(sym_key, encrypt_algo=ENCRYPT_ALGORITHM.AES, + bcm=BLOCK_CIPHER_MODE.ECB, iv=KEY_NULL): + """Initializes an encryption context.""" + ctx = _ctypes.c_void_p() + _lib.yaca_encrypt_initialize(_ctypes.byref(ctx), encrypt_algo.value, + bcm.value, sym_key, iv) + return Context(ctx) + + +def encrypt_update(ctx, plaintext): + """Encrypts chunk of the data. + Alternatively plaintext can be the total length of the input (int). + This is used for CCM_AAD.""" + if isinstance(plaintext, int): # the case of using AAD in CCM + _lib.yaca_encrypt_update(ctx, None, plaintext, None, + _ctypes.byref(_ctypes.c_size_t())) + return + + output_length = _context_get_output_length(ctx, len(plaintext)) + ciphertext = _ctypes.create_string_buffer(output_length) + ciphertext_length = _ctypes.c_size_t() + _lib.yaca_encrypt_update(ctx, plaintext, len(plaintext), + ciphertext, _ctypes.byref(ciphertext_length)) + return bytes(ciphertext[:ciphertext_length.value]) + + +def encrypt_finalize(ctx): + """Encrypts the final chunk of the data.""" + output_length = _context_get_output_length(ctx, 0) + ciphertext = _ctypes.create_string_buffer(output_length) + ciphertext_length = _ctypes.c_size_t() + _lib.yaca_encrypt_finalize(ctx, ciphertext, + _ctypes.byref(ciphertext_length)) + return bytes(ciphertext[:ciphertext_length.value]) + + +def decrypt_initialize(sym_key, encrypt_algo=ENCRYPT_ALGORITHM.AES, + bcm=BLOCK_CIPHER_MODE.ECB, iv=KEY_NULL): + """Initializes an decryption context.""" + ctx = _ctypes.c_void_p() + _lib.yaca_decrypt_initialize(_ctypes.byref(ctx), encrypt_algo.value, + bcm.value, sym_key, iv) + return Context(ctx) + + +def decrypt_update(ctx, ciphertext): + """Decrypts chunk of the data. + Alternatively ciphertext can be the total length of the input (int). + This is used for CCM_AAD.""" + if isinstance(ciphertext, int): # the case of using AAD in CCM + _lib.yaca_decrypt_update(ctx, None, ciphertext, None, + _ctypes.byref(_ctypes.c_size_t())) + return + + output_length = _context_get_output_length(ctx, len(ciphertext)) + plaintext = _ctypes.create_string_buffer(output_length) + plaintext_length = _ctypes.c_size_t() + _lib.yaca_decrypt_update(ctx, ciphertext, len(ciphertext), + plaintext, _ctypes.byref(plaintext_length)) + return bytes(plaintext[:plaintext_length.value]) + + +def decrypt_finalize(ctx): + """Encrypts the final chunk of the data.""" + output_length = _context_get_output_length(ctx, 0) + plaintext = _ctypes.create_string_buffer(output_length) + plaintext_length = _ctypes.c_size_t() + _lib.yaca_decrypt_finalize(ctx, plaintext, + _ctypes.byref(plaintext_length)) + return bytes(plaintext[:plaintext_length.value]) + + +# Implementation sign + +def sign_initialize(prv_key, digest_algo=DIGEST_ALGORITHM.SHA256): + """Initializes a signature context for asymmetric signatures.""" + ctx = _ctypes.c_void_p() + _lib.yaca_sign_initialize(_ctypes.byref(ctx), digest_algo.value, + prv_key) + return Context(ctx) + + +def sign_initialize_hmac(sym_key, digest_algo=DIGEST_ALGORITHM.SHA256): + """Initializes a signature context for HMAC.""" + ctx = _ctypes.c_void_p() + _lib.yaca_sign_initialize_hmac(_ctypes.byref(ctx), + digest_algo.value, sym_key) + return Context(ctx) + + +def sign_initialize_cmac(sym_key, encrypt_algo=ENCRYPT_ALGORITHM.AES): + """Initializes a signature context for CMAC.""" + ctx = _ctypes.c_void_p() + _lib.yaca_sign_initialize_cmac(_ctypes.byref(ctx), + encrypt_algo.value, sym_key) + return Context(ctx) + + +def sign_update(ctx, message): + """Feeds the message into the digital signature or MAC algorithm.""" + _lib.yaca_sign_update(ctx, message, len(message)) + + +def sign_finalize(ctx): + """Calculates the final signature or MAC.""" + output_length = _context_get_output_length(ctx, 0) + signature = _ctypes.create_string_buffer(output_length) + signature_len = _ctypes.c_size_t() + _lib.yaca_sign_finalize(ctx, signature, _ctypes.byref(signature_len)) + return bytes(signature[:signature_len.value]) + + +def verify_initialize(pub_key, digest_algo=DIGEST_ALGORITHM.SHA256): + """Initializes a signature verification context for asymmetric signatures. + """ + ctx = _ctypes.c_void_p() + _lib.yaca_verify_initialize(_ctypes.byref(ctx), digest_algo.value, + pub_key) + return Context(ctx) + + +def verify_update(ctx, message): + """Feeds the message into the digital signature verification algorithm.""" + _lib.yaca_verify_update(ctx, message, len(message)) + + +def verify_finalize(ctx, signature): + """Performs the verification.""" + return _lib.yaca_verify_finalize(ctx, signature, len(signature)) + + +# Implementation seal + +def seal_initialize(pub_key, sym_key_bit_length=KEY_BIT_LENGTH.L256BIT, + encrypt_algo=ENCRYPT_ALGORITHM.AES, + bcm=BLOCK_CIPHER_MODE.ECB): + ctx = _ctypes.c_void_p() + sym_key = _ctypes.c_void_p() + iv = _ctypes.c_void_p() + _lib.yaca_seal_initialize(_ctypes.byref(ctx), pub_key, + encrypt_algo.value, bcm.value, + sym_key_bit_length, _ctypes.byref(sym_key), + _ctypes.byref(iv)) + return Context(ctx), Key(sym_key), Key(iv) + + +def seal_update(ctx, plaintext): + """Encrypts piece of the data.""" + output_length = _context_get_output_length(ctx, len(plaintext)) + ciphertext = _ctypes.create_string_buffer(output_length) + ciphertext_length = _ctypes.c_size_t() + _lib.yaca_seal_update(ctx, plaintext, len(plaintext), + ciphertext, _ctypes.byref(ciphertext_length)) + return bytes(ciphertext[:ciphertext_length.value]) + + +def seal_finalize(ctx): + """Encrypts the final piece of the data.""" + output_length = _context_get_output_length(ctx, 0) + ciphertext = _ctypes.create_string_buffer(output_length) + ciphertext_length = _ctypes.c_size_t() + _lib.yaca_seal_finalize(ctx, ciphertext, + _ctypes.byref(ciphertext_length)) + return bytes(ciphertext[:ciphertext_length.value]) + + +def open_initialize(prv_key, sym_key, iv=KEY_NULL, + sym_key_bit_length=KEY_BIT_LENGTH.L256BIT, + encrypt_algo=ENCRYPT_ALGORITHM.AES, + bcm=BLOCK_CIPHER_MODE.ECB): + """Initializes an asymmetric decryption context.""" + ctx = _ctypes.c_void_p() + _lib.yaca_open_initialize(_ctypes.byref(ctx), prv_key, + encrypt_algo.value, bcm.value, + sym_key_bit_length, sym_key, iv) + return Context(ctx) + + +def open_update(ctx, ciphertext): + """Decrypts piece of the data.""" + output_length = _context_get_output_length(ctx, len(ciphertext)) + plaintext = _ctypes.create_string_buffer(output_length) + plaintext_length = _ctypes.c_size_t() + _lib.yaca_open_update(ctx, ciphertext, len(ciphertext), + plaintext, _ctypes.byref(plaintext_length)) + return bytes(plaintext[:plaintext_length.value]) + + +def open_finalize(ctx): + """Decrypts last chunk of sealed message.""" + output_length = _context_get_output_length(ctx, 0) + plaintext = _ctypes.create_string_buffer(output_length) + plaintext_length = _ctypes.c_size_t() + _lib.yaca_open_finalize(ctx, plaintext, + _ctypes.byref(plaintext_length)) + return bytes(plaintext[:plaintext_length.value]) + + +# Implementation rsa + +def rsa_public_encrypt(pub_key, plaintext, padding=PADDING.PKCS1): + """Encrypts data using a RSA public key (low-level encrypt equivalent).""" + ciphertext = _ctypes.POINTER(_ctypes.c_char)() + ciphertext_length = _ctypes.c_size_t() + plaintext_param = _get_char_param_nullify_if_zero(plaintext) + _lib.yaca_rsa_public_encrypt(padding.value, pub_key, plaintext_param, + len(plaintext), + _ctypes.byref(ciphertext), + _ctypes.byref(ciphertext_length)) + ciphertext_bytes = ciphertext[:ciphertext_length.value] + _lib.yaca_free(ciphertext) + return ciphertext_bytes + + +def rsa_private_decrypt(prv_key, ciphertext, padding=PADDING.PKCS1): + """Decrypts data using a RSA private key (low-level decrypt equivalent).""" + plaintext = _ctypes.POINTER(_ctypes.c_char)() + plaintext_length = _ctypes.c_size_t() + ciphertext_param = _get_char_param_nullify_if_zero(ciphertext) + _lib.yaca_rsa_private_decrypt(padding.value, prv_key, + ciphertext_param, len(ciphertext), + _ctypes.byref(plaintext), + _ctypes.byref(plaintext_length)) + plaintext_bytes = plaintext[:plaintext_length.value] + _lib.yaca_free(plaintext) + return plaintext_bytes + + +def rsa_private_encrypt(prv_key, plaintext, padding=PADDING.PKCS1): + """Encrypts data using a RSA private key (low-level sign equivalent).""" + ciphertext = _ctypes.POINTER(_ctypes.c_char)() + ciphertext_length = _ctypes.c_size_t() + plaintext_param = _get_char_param_nullify_if_zero(plaintext) + _lib.yaca_rsa_private_encrypt(padding.value, prv_key, + plaintext_param, len(plaintext), + _ctypes.byref(ciphertext), + _ctypes.byref(ciphertext_length)) + ciphertext_bytes = ciphertext[:ciphertext_length.value] + _lib.yaca_free(ciphertext) + return ciphertext_bytes + + +def rsa_public_decrypt(pub_key, ciphertext, padding=PADDING.PKCS1): + """Decrypts data using a RSA public key (low-level verify equivalent).""" + plaintext = _ctypes.POINTER(_ctypes.c_char)() + plaintext_length = _ctypes.c_size_t() + ciphertext_param = _get_char_param_nullify_if_zero(ciphertext) + _lib.yaca_rsa_public_decrypt(padding.value, pub_key, + ciphertext_param, len(ciphertext), + _ctypes.byref(plaintext), + _ctypes.byref(plaintext_length)) + plaintext_bytes = plaintext[:plaintext_length.value] + _lib.yaca_free(plaintext) + return plaintext_bytes diff --git a/python/yaca/error.py b/python/yaca/error.py new file mode 100644 index 0000000..8d691a8 --- /dev/null +++ b/python/yaca/error.py @@ -0,0 +1,48 @@ +# Copyright (c) 2017-2018 Samsung Electronics Co., Ltd All Rights Reserved +# +# Contact: Lukasz Pawelczyk +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License + + +class YacaError(Exception): + """Base class for YACA exceptions.""" + pass + + +class InvalidParameterError(YacaError): + """Invalid parameter exception""" + def __init__(self, message): + YacaError.__init__(self, message) + self.message = message + + +class OutOfMemoryError(YacaError): + """Out of memory exception""" + def __init__(self, message): + YacaError.__init__(self, message) + self.message = message + + +class InternalError(YacaError): + """Internal exception""" + def __init__(self, message): + YacaError.__init__(self, message) + self.message = message + + +class InvalidPasswordError(YacaError): + """Invalid password exception""" + def __init__(self, message): + YacaError.__init__(self, message) + self.message = message diff --git a/python/yaca/library.py b/python/yaca/library.py new file mode 100644 index 0000000..5f68d64 --- /dev/null +++ b/python/yaca/library.py @@ -0,0 +1,298 @@ +# Copyright (c) 2017-2018 Samsung Electronics Co., Ltd All Rights Reserved + +# Contact: Lukasz Pawelczyk +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License + + +import ctypes as _ctypes +import enum as _enum +import yaca.error as _err + + +@_enum.unique +class _Error(_enum.Enum): + __TIZEN_YACA_BASE = -0x01E30000 + NONE = 0 + INVALID_PARAMETER = -22 + OUT_OF_MEMORY = -12 + INTERNAL = __TIZEN_YACA_BASE | 0x01 + DATA_MISMATCH = __TIZEN_YACA_BASE | 0x02 + INVALID_PASSWORD = __TIZEN_YACA_BASE | 0x03 + + +def _errcheck(ret, func, arguments): + if ret == _Error.NONE.value: + return True + elif ret == _Error.DATA_MISMATCH.value: + return False + elif ret == _Error.INVALID_PARAMETER.value: + raise _err.InvalidParameterError( + 'Invalid Parameter error returned from YACA') + elif ret == _Error.OUT_OF_MEMORY.value: + raise _err.OutOfMemoryError('Out Of Memory error returned from YACA') + elif ret == _Error.INTERNAL.value: + raise _err.InternalError('Internal error returned from YACA') + elif ret == _Error.INVALID_PASSWORD.value: + raise _err.InvalidPasswordError( + 'Invalid Password error returned from YACA') + else: + raise RuntimeError('Unknown error returned from YACA') + + +def get_yaca(): + """Get C library and set argtypes""" + + lib = _ctypes.CDLL("libyaca.so.0") + + # crypto + lib.yaca_initialize.argtypes = [] + lib.yaca_initialize.errcheck = _errcheck + lib.yaca_cleanup.argtypes = [] + lib.yaca_cleanup.restype = None + lib.yaca_malloc.argtypes = \ + [_ctypes.c_size_t, _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_malloc.errcheck = _errcheck + lib.yaca_zalloc.argtypes = \ + [_ctypes.c_size_t, _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_zalloc.errcheck = _errcheck + lib.yaca_realloc.argtypes = \ + [_ctypes.c_size_t, _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_realloc.errcheck = _errcheck + lib.yaca_free.argtypes = [_ctypes.c_void_p] + lib.yaca_free.restype = None + lib.yaca_memcmp.argtypes = \ + [_ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_char), + _ctypes.c_size_t] + lib.yaca_memcmp.errcheck = _errcheck + lib.yaca_randomize_bytes.argtypes = \ + [_ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t] + lib.yaca_randomize_bytes.errcheck = _errcheck + lib.yaca_context_set_property.argtypes = \ + [_ctypes.c_void_p, _ctypes.c_int, _ctypes.c_void_p, _ctypes.c_size_t] + lib.yaca_context_set_property.errcheck = _errcheck + lib.yaca_context_get_property.argtypes = \ + [_ctypes.c_void_p, _ctypes.c_int, _ctypes.POINTER(_ctypes.c_void_p), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_context_get_property.errcheck = _errcheck + lib.yaca_context_get_output_length.argtypes = \ + [_ctypes.c_void_p, _ctypes.c_size_t, _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_context_get_output_length.errcheck = _errcheck + lib.yaca_context_destroy.argtypes = [_ctypes.c_void_p] + lib.yaca_context_destroy.restype = None + + # simple + lib.yaca_simple_encrypt.argtypes = \ + [_ctypes.c_int, _ctypes.c_int, _ctypes.c_void_p, _ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_simple_encrypt.errcheck = _errcheck + lib.yaca_simple_decrypt.argtypes = \ + [_ctypes.c_int, _ctypes.c_int, _ctypes.c_void_p, _ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_simple_decrypt.errcheck = _errcheck + lib.yaca_simple_calculate_digest.argtypes = \ + [_ctypes.c_int, _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_simple_calculate_digest.errcheck = _errcheck + lib.yaca_simple_calculate_signature.argtypes = \ + [_ctypes.c_int, _ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_simple_calculate_signature.errcheck = _errcheck + lib.yaca_simple_verify_signature.argtypes = \ + [_ctypes.c_int, _ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t] + lib.yaca_simple_verify_signature.errcheck = _errcheck + lib.yaca_simple_calculate_hmac.argtypes = \ + [_ctypes.c_int, _ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_simple_calculate_hmac.errcheck = _errcheck + lib.yaca_simple_calculate_cmac.argtypes = \ + [_ctypes.c_int, _ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_simple_calculate_cmac.errcheck = _errcheck + + # key + lib.yaca_key_get_type.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_int)] + lib.yaca_key_get_type.errcheck = _errcheck + lib.yaca_key_get_bit_length.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_key_get_bit_length.errcheck = _errcheck + lib.yaca_key_import.argtypes = \ + [_ctypes.c_int, _ctypes.c_char_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_key_import.errcheck = _errcheck + lib.yaca_key_export.argtypes = \ + [_ctypes.c_void_p, _ctypes.c_int, _ctypes.c_int, _ctypes.c_char_p, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_key_export.errcheck = _errcheck + lib.yaca_key_generate.argtypes = \ + [_ctypes.c_void_p, _ctypes.c_size_t, _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_key_generate.errcheck = _errcheck + lib.yaca_key_generate_from_parameters.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_key_generate_from_parameters.errcheck = _errcheck + lib.yaca_key_extract_public.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_key_extract_public.errcheck = _errcheck + lib.yaca_key_extract_parameters.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_key_extract_parameters.errcheck = _errcheck + lib.yaca_key_derive_dh.argtypes = \ + [_ctypes.c_void_p, _ctypes.c_void_p, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_key_derive_dh.errcheck = _errcheck + lib.yaca_key_derive_kdf.argtypes = \ + [_ctypes.c_int, _ctypes.c_int, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.c_size_t, _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char))] + lib.yaca_key_derive_kdf.errcheck = _errcheck + lib.yaca_key_derive_pbkdf2.argtypes = \ + [_ctypes.c_char_p, _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.c_size_t, _ctypes.c_int, + _ctypes.c_size_t, _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_key_derive_pbkdf2.errcheck = _errcheck + lib.yaca_key_destroy.argtypes = [_ctypes.c_void_p] + lib.yaca_key_destroy.restype = None + + # digest + lib.yaca_digest_initialize.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_int] + lib.yaca_digest_initialize.errcheck = _errcheck + lib.yaca_digest_update.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t] + lib.yaca_digest_update.errcheck = _errcheck + lib.yaca_digest_finalize.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_digest_finalize.errcheck = _errcheck + + # encrypt + lib.yaca_encrypt_get_iv_bit_length.argtypes = \ + [_ctypes.c_int, _ctypes.c_int, _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_encrypt_get_iv_bit_length.errcheck = _errcheck + lib.yaca_encrypt_initialize.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_int, _ctypes.c_int, + _ctypes.c_void_p, _ctypes.c_void_p] + lib.yaca_encrypt_initialize.errcheck = _errcheck + lib.yaca_encrypt_update.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_encrypt_update.errcheck = _errcheck + lib.yaca_encrypt_finalize.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_encrypt_finalize.errcheck = _errcheck + lib.yaca_decrypt_initialize.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_int, _ctypes.c_int, + _ctypes.c_void_p, _ctypes.c_void_p] + lib.yaca_decrypt_initialize.errcheck = _errcheck + lib.yaca_decrypt_update.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_decrypt_update.errcheck = _errcheck + lib.yaca_decrypt_finalize.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_decrypt_finalize.errcheck = _errcheck + + # sign + lib.yaca_sign_initialize.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_int, _ctypes.c_void_p] + lib.yaca_sign_initialize.errcheck = _errcheck + lib.yaca_sign_initialize_hmac.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_int, _ctypes.c_void_p] + lib.yaca_sign_initialize_hmac.errcheck = _errcheck + lib.yaca_sign_initialize_cmac.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_int, _ctypes.c_void_p] + lib.yaca_sign_initialize_cmac.errcheck = _errcheck + lib.yaca_sign_update.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t] + lib.yaca_sign_update.errcheck = _errcheck + lib.yaca_sign_finalize.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_sign_finalize.errcheck = _errcheck + lib.yaca_verify_initialize.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_int, _ctypes.c_void_p] + lib.yaca_verify_initialize.errcheck = _errcheck + lib.yaca_verify_update.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t] + lib.yaca_verify_update.errcheck = _errcheck + lib.yaca_verify_finalize.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t] + lib.yaca_verify_finalize.errcheck = _errcheck + + # seal + lib.yaca_seal_initialize.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_void_p, _ctypes.c_int, + _ctypes.c_int, _ctypes.c_size_t, _ctypes.POINTER(_ctypes.c_void_p), + _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_seal_initialize.errcheck = _errcheck + lib.yaca_seal_update.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_seal_update.errcheck = _errcheck + lib.yaca_seal_finalize.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_seal_finalize.errcheck = _errcheck + lib.yaca_open_initialize.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_void_p, _ctypes.c_int, + _ctypes.c_int, _ctypes.c_size_t, _ctypes.c_void_p, _ctypes.c_void_p] + lib.yaca_open_initialize.errcheck = _errcheck + lib.yaca_open_update.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_open_update.errcheck = _errcheck + lib.yaca_open_finalize.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_open_finalize.errcheck = _errcheck + + # rsa + rsa_argtypes = \ + [_ctypes.c_int, _ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_rsa_public_encrypt.argtypes = rsa_argtypes + lib.yaca_rsa_public_encrypt.errcheck = _errcheck + lib.yaca_rsa_private_decrypt.argtypes = rsa_argtypes + lib.yaca_rsa_private_decrypt.errcheck = _errcheck + lib.yaca_rsa_private_encrypt.argtypes = rsa_argtypes + lib.yaca_rsa_private_encrypt.errcheck = _errcheck + lib.yaca_rsa_public_decrypt.argtypes = rsa_argtypes + lib.yaca_rsa_public_decrypt.errcheck = _errcheck + + return lib diff --git a/python/yaca/tests.py b/python/yaca/tests.py new file mode 100644 index 0000000..a256419 --- /dev/null +++ b/python/yaca/tests.py @@ -0,0 +1,473 @@ +# Copyright (c) 2017-2018 Samsung Electronics Co., Ltd All Rights Reserved + +# Contact: Lukasz Pawelczyk +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License + + +""" +These tests are not to test yaca itself. They are more of a +syntax test to see that no stupid mistakes has been made in the +python binding. To check whether the code runs properly and +returns expected things. + +They can also be used as examples. +""" + +import yaca + + +def split_into_parts(data, l): + return [data[i:i + l] for i in range(0, len(data), l)] + + +msg = b'Lorem ipsum dolor sit amet, consectetuer adipiscing elit. \ +Donec hendrerit tempor tellus. Donec pretium posuere tellus. Proin \ +quam nisl, tincidunt et, mattis eget, convallis nec, purus. Cum \ +sociis natoque penatibus et magnis dis parturient montes, nascetur \ +ridiculus mus. Nulla posuere. Donec vitae dolor. Nullam tristique \ +diam non turpis. Cras placerat accumsan nulla. Nullam rutrum. Nam \ +vestibulum accumsan nisl.' + +msg_parts = split_into_parts(msg, 5) + + +def run_all_tests(): + """Runs all YACA tests/examples. No exceptions means success.""" + + yaca.initialize() + + crypto() + key_gen() + key_exp_imp() + key_derive() + simple() + digest() + encrypt_basic() + encrypt_rc2_property() + encrypt_gcm_property() + encrypt_ccm_property() + sign() + seal() + rsa() + + yaca.cleanup() + + +def crypto(): + + msg_whole = b'' + for part in msg_parts: + msg_whole += part + + assert yaca.memcmp(msg, msg_whole, len(msg)) + + rand_bytes = yaca.random_bytes(50) + assert len(rand_bytes) == 50 + + +def key_gen(): + + key_iv_64 = yaca.key_generate(yaca.KEY_TYPE.IV, + yaca.KEY_BIT_LENGTH.IV_64BIT) + assert key_iv_64.get_type() == yaca.KEY_TYPE.IV + assert key_iv_64.get_bit_length() == yaca.KEY_BIT_LENGTH.IV_64BIT + + key_iv_128 = yaca.key_generate(yaca.KEY_TYPE.IV, + yaca.KEY_BIT_LENGTH.IV_128BIT) + assert key_iv_128.get_type() == yaca.KEY_TYPE.IV + assert key_iv_128.get_bit_length() == yaca.KEY_BIT_LENGTH.IV_128BIT + + key_sym = yaca.key_generate() + assert key_sym.get_type() == yaca.KEY_TYPE.SYMMETRIC + assert key_sym.get_bit_length() == yaca.KEY_BIT_LENGTH.L256BIT + + key_rsa_prv = yaca.key_generate(yaca.KEY_TYPE.RSA_PRIV, + yaca.KEY_BIT_LENGTH.L2048BIT) + assert key_rsa_prv.get_type() == yaca.KEY_TYPE.RSA_PRIV + assert key_rsa_prv.get_bit_length() == yaca.KEY_BIT_LENGTH.L2048BIT + + key_rsa_pub = yaca.key_extract_public(key_rsa_prv) + assert key_rsa_pub.get_type() == yaca.KEY_TYPE.RSA_PUB + assert key_rsa_pub.get_bit_length() == yaca.KEY_BIT_LENGTH.L2048BIT + + key_dsa_prv = yaca.key_generate(yaca.KEY_TYPE.DSA_PRIV, + yaca.KEY_BIT_LENGTH.L2048BIT) + assert key_dsa_prv.get_type() == yaca.KEY_TYPE.DSA_PRIV + assert key_dsa_prv.get_bit_length() == yaca.KEY_BIT_LENGTH.L2048BIT + + key_dsa_pub = yaca.key_extract_public(key_dsa_prv) + assert key_dsa_pub.get_type() == yaca.KEY_TYPE.DSA_PUB + assert key_dsa_pub.get_bit_length() == yaca.KEY_BIT_LENGTH.L2048BIT + + key_dh_prv = yaca.key_generate(yaca.KEY_TYPE.DH_PRIV, + yaca.KEY_BIT_LENGTH_DH_RFC.L2048_256) + assert key_dh_prv.get_type() == yaca.KEY_TYPE.DH_PRIV + assert key_dh_prv.get_bit_length() == 2048 + + key_dh_pub = yaca.key_extract_public(key_dh_prv) + assert key_dh_pub.get_type() == yaca.KEY_TYPE.DH_PUB + assert key_dh_pub.get_bit_length() == 2048 + + key_dh_params = yaca.key_extract_parameters(key_dh_prv) + key_dh_prv_2 = yaca.key_generate_from_parameters(key_dh_params) + assert key_dh_prv_2.get_type() == key_dh_prv.get_type() + assert key_dh_prv_2.get_bit_length() == key_dh_prv.get_bit_length() + + key_dh_prv_3 = yaca.key_generate(yaca.KEY_TYPE.DH_PRIV, + yaca.KEY_LENGTH_DH_GENERATOR_5 | 256) + assert key_dh_prv_3.get_type() == yaca.KEY_TYPE.DH_PRIV + assert key_dh_prv_3.get_bit_length() == 256 + + key_ec_prv = yaca.key_generate(yaca.KEY_TYPE.EC_PRIV, + yaca.KEY_BIT_LENGTH_EC.PRIME256V1) + assert key_ec_prv.get_type() == yaca.KEY_TYPE.EC_PRIV + assert key_ec_prv.get_bit_length() == yaca.KEY_BIT_LENGTH_EC.PRIME256V1 + + key_ec_pub = yaca.key_extract_public(key_ec_prv) + assert key_ec_pub.get_type() == yaca.KEY_TYPE.EC_PUB + assert key_ec_pub.get_bit_length() == yaca.KEY_BIT_LENGTH_EC.PRIME256V1 + + +def key_exp_imp(): + # prepare: + key_sym = yaca.key_generate() + key_rsa_prv = yaca.key_generate(yaca.KEY_TYPE.RSA_PRIV, + yaca.KEY_BIT_LENGTH.L2048BIT) + # end prepare + + key_sym_exp = yaca.key_export(key_sym) + key_sym_imp = yaca.key_import(key_sym_exp) + assert key_sym.get_type() == key_sym_imp.get_type() + assert key_sym.get_bit_length() == key_sym_imp.get_bit_length() + + key_rsa_prv_exp = yaca.key_export(key_rsa_prv, yaca.KEY_FILE_FORMAT.PEM) + key_rsa_prv_imp = yaca.key_import(key_rsa_prv_exp, yaca.KEY_TYPE.RSA_PRIV) + assert key_rsa_prv.get_type() == key_rsa_prv_imp.get_type() + assert key_rsa_prv.get_bit_length() == key_rsa_prv_imp.get_bit_length() + + key_rsa_prv_exp = yaca.key_export(key_rsa_prv, yaca.KEY_FILE_FORMAT.PEM, + yaca.KEY_FORMAT.PKCS8, b"password") + key_rsa_prv_imp = yaca.key_import(key_rsa_prv_exp, yaca.KEY_TYPE.RSA_PRIV, + b"password") + assert key_rsa_prv.get_type() == key_rsa_prv_imp.get_type() + assert key_rsa_prv.get_bit_length() == key_rsa_prv_imp.get_bit_length() + + +def key_derive(): + # prepare: + key_dh_prv = yaca.key_generate(yaca.KEY_TYPE.DH_PRIV, + yaca.KEY_BIT_LENGTH_DH_RFC.L2048_256) + key_dh_pub = yaca.key_extract_public(key_dh_prv) + key_dh_params = yaca.key_extract_parameters(key_dh_prv) + key_dh_prv_2 = yaca.key_generate_from_parameters(key_dh_params) + key_dh_pub_2 = yaca.key_extract_public(key_dh_prv_2) + # end prepare + + secret = yaca.key_derive_dh(key_dh_prv_2, key_dh_pub) + assert len(secret) == 256 + + secret_2 = yaca.key_derive_dh(key_dh_prv, key_dh_pub_2) + assert secret == secret_2 + + key_material = yaca.key_derive_kdf(secret, 128) + assert len(key_material) == 128 + + key_derived = yaca.key_derive_pbkdf2(b'password') + assert key_derived.get_type() == yaca.KEY_TYPE.SYMMETRIC + assert key_derived.get_bit_length() == yaca.KEY_BIT_LENGTH.L256BIT + + +def simple(): + # prepare: + key_sym = yaca.key_generate() + key_iv_128 = yaca.key_generate(yaca.KEY_TYPE.IV, + yaca.KEY_BIT_LENGTH.IV_128BIT) + key_rsa_prv = yaca.key_generate(yaca.KEY_TYPE.RSA_PRIV, + yaca.KEY_BIT_LENGTH.L2048BIT) + key_rsa_pub = yaca.key_extract_public(key_rsa_prv) + # end prepare + + enc_simple = yaca.simple_encrypt(key_sym, msg, + yaca.ENCRYPT_ALGORITHM.AES, + yaca.BLOCK_CIPHER_MODE.CBC, key_iv_128) + dec_simple = yaca.simple_decrypt(key_sym, enc_simple, + yaca.ENCRYPT_ALGORITHM.AES, + yaca.BLOCK_CIPHER_MODE.CBC, key_iv_128) + assert msg == dec_simple + + dgst_simple = yaca.simple_calculate_digest(msg, + yaca.DIGEST_ALGORITHM.SHA512) + assert len(dgst_simple) == 64 + + hmac_simple = yaca.simple_calculate_hmac(key_sym, msg, + yaca.DIGEST_ALGORITHM.SHA512) + assert len(hmac_simple) == 64 + + cmac_simple = yaca.simple_calculate_cmac(key_sym, msg, + yaca.ENCRYPT_ALGORITHM.AES) + assert len(cmac_simple) == 16 + + sig_simple = yaca.simple_calculate_signature(key_rsa_prv, msg, + yaca.DIGEST_ALGORITHM.SHA512) + assert yaca.simple_verify_signature(key_rsa_pub, msg, sig_simple, + yaca.DIGEST_ALGORITHM.SHA512) + + +def digest(): + # prepare: + dgst_simple = yaca.simple_calculate_digest(msg, + yaca.DIGEST_ALGORITHM.SHA512) + # end prepare + + ctx = yaca.digest_initialize(yaca.DIGEST_ALGORITHM.SHA512) + for part in msg_parts: + yaca.digest_update(ctx, part) + dgst = yaca.digest_finalize(ctx) + + assert dgst == dgst_simple + + +def encrypt_basic(): + # prepare: + key_sym = yaca.key_generate() + key_iv_128 = yaca.key_generate(yaca.KEY_TYPE.IV, + yaca.KEY_BIT_LENGTH.IV_128BIT) + enc_simple = yaca.simple_encrypt(key_sym, msg, + yaca.ENCRYPT_ALGORITHM.AES, + yaca.BLOCK_CIPHER_MODE.CBC, key_iv_128) + # end prepare + + len_iv = yaca.encrypt_get_iv_bit_length(yaca.ENCRYPT_ALGORITHM.AES, + yaca.BLOCK_CIPHER_MODE.CBC, + yaca.KEY_BIT_LENGTH.L256BIT) + assert len_iv == 128 + + ctx = yaca.encrypt_initialize(key_sym, bcm=yaca.BLOCK_CIPHER_MODE.CBC, + iv=key_iv_128) + enc = b'' + for part in msg_parts: + enc += yaca.encrypt_update(ctx, part) + enc += yaca.encrypt_finalize(ctx) + + assert enc == enc_simple + + enc_parts = split_into_parts(enc, 5) + + ctx = yaca.decrypt_initialize(key_sym, bcm=yaca.BLOCK_CIPHER_MODE.CBC, + iv=key_iv_128) + dec = b'' + for part in enc_parts: + dec += yaca.decrypt_update(ctx, part) + dec += yaca.decrypt_finalize(ctx) + + assert msg == dec + + +def encrypt_rc2_property(): + # prepare: + key_sym = yaca.key_generate() + # end prepare + + len_iv = yaca.encrypt_get_iv_bit_length(yaca.ENCRYPT_ALGORITHM.UNSAFE_RC2, + yaca.BLOCK_CIPHER_MODE.ECB, + yaca.KEY_BIT_LENGTH.L256BIT) + assert len_iv == 0 + + ctx = yaca.encrypt_initialize(key_sym, yaca.ENCRYPT_ALGORITHM.UNSAFE_RC2, + yaca.BLOCK_CIPHER_MODE.ECB) + yaca.context_set_property(ctx, yaca.PROPERTY.RC2_EFFECTIVE_KEY_BITS, 192) + enc = b'' + for part in msg_parts: + enc += yaca.encrypt_update(ctx, part) + enc += yaca.encrypt_finalize(ctx) + + enc_parts = split_into_parts(enc, 5) + + ctx = yaca.decrypt_initialize(key_sym, yaca.ENCRYPT_ALGORITHM.UNSAFE_RC2, + yaca.BLOCK_CIPHER_MODE.ECB) + yaca.context_set_property(ctx, yaca.PROPERTY.RC2_EFFECTIVE_KEY_BITS, 192) + dec = b'' + for part in enc_parts: + dec += yaca.decrypt_update(ctx, part) + dec += yaca.decrypt_finalize(ctx) + + assert msg == dec + + +def encrypt_gcm_property(): + # prepare: + key_sym = yaca.key_generate() + key_iv_128 = yaca.key_generate(yaca.KEY_TYPE.IV, + yaca.KEY_BIT_LENGTH.IV_128BIT) + # end prepare + + tag_len = 16 + aad = yaca.random_bytes(16) + ctx = yaca.encrypt_initialize(key_sym, bcm=yaca.BLOCK_CIPHER_MODE.GCM, + iv=key_iv_128) + yaca.context_set_property(ctx, yaca.PROPERTY.GCM_AAD, aad) + enc = b'' + for part in msg_parts: + enc += yaca.encrypt_update(ctx, part) + enc += yaca.encrypt_finalize(ctx) + yaca.context_set_property(ctx, yaca.PROPERTY.GCM_TAG_LEN, tag_len) + tag = yaca.context_get_property(ctx, yaca.PROPERTY.GCM_TAG) + assert len(tag) == tag_len + + enc_parts = split_into_parts(enc, 5) + + ctx = yaca.decrypt_initialize(key_sym, bcm=yaca.BLOCK_CIPHER_MODE.GCM, + iv=key_iv_128) + yaca.context_set_property(ctx, yaca.PROPERTY.GCM_AAD, aad) + dec = b'' + for part in enc_parts: + dec += yaca.decrypt_update(ctx, part) + yaca.context_set_property(ctx, yaca.PROPERTY.GCM_TAG, tag) + dec += yaca.decrypt_finalize(ctx) + + assert msg == dec + + +def encrypt_ccm_property(): + # prepare: + key_sym = yaca.key_generate() + key_iv_64 = yaca.key_generate(yaca.KEY_TYPE.IV, + yaca.KEY_BIT_LENGTH.IV_64BIT) + # end prepare + + tag_len = 12 + aad = yaca.random_bytes(16) + ctx = yaca.encrypt_initialize(key_sym, bcm=yaca.BLOCK_CIPHER_MODE.CCM, + iv=key_iv_64) + yaca.context_set_property(ctx, yaca.PROPERTY.CCM_TAG_LEN, tag_len) + yaca.encrypt_update(ctx, len(msg)) # encrypt_update second type of usage + yaca.context_set_property(ctx, yaca.PROPERTY.CCM_AAD, aad) + enc = yaca.encrypt_update(ctx, msg) + enc += yaca.encrypt_finalize(ctx) + tag = yaca.context_get_property(ctx, yaca.PROPERTY.CCM_TAG) + assert len(tag) == tag_len + + ctx = yaca.decrypt_initialize(key_sym, bcm=yaca.BLOCK_CIPHER_MODE.CCM, + iv=key_iv_64) + yaca.context_set_property(ctx, yaca.PROPERTY.CCM_TAG, tag) + yaca.decrypt_update(ctx, len(enc)) # decrypt_update second type of usage + yaca.context_set_property(ctx, yaca.PROPERTY.CCM_AAD, aad) + dec = yaca.decrypt_update(ctx, enc) + dec += yaca.decrypt_finalize(ctx) + + assert msg == dec + + +def sign(): + # prepare: + key_sym = yaca.key_generate() + key_rsa_prv = yaca.key_generate(yaca.KEY_TYPE.RSA_PRIV, + yaca.KEY_BIT_LENGTH.L2048BIT) + key_rsa_pub = yaca.key_extract_public(key_rsa_prv) + hmac_simple = yaca.simple_calculate_hmac(key_sym, msg, + yaca.DIGEST_ALGORITHM.SHA512) + cmac_simple = yaca.simple_calculate_cmac(key_sym, msg, + yaca.ENCRYPT_ALGORITHM.AES) + sign_simple = yaca.simple_calculate_signature(key_rsa_prv, msg, + yaca.DIGEST_ALGORITHM.SHA512) + # end prepare + + ctx = yaca.sign_initialize_hmac(key_sym, yaca.DIGEST_ALGORITHM.SHA512) + for part in msg_parts: + yaca.sign_update(ctx, part) + hmac = yaca.sign_finalize(ctx) + + assert hmac == hmac_simple + + ctx = yaca.sign_initialize_cmac(key_sym, yaca.ENCRYPT_ALGORITHM.AES) + for part in msg_parts: + yaca.sign_update(ctx, part) + cmac = yaca.sign_finalize(ctx) + + assert cmac == cmac_simple + + ctx = yaca.sign_initialize(key_rsa_prv, yaca.DIGEST_ALGORITHM.SHA512) + for part in msg_parts: + yaca.sign_update(ctx, part) + sig = yaca.sign_finalize(ctx) + + assert sig == sign_simple # won't work for DSA + + ctx = yaca.verify_initialize(key_rsa_pub, yaca.DIGEST_ALGORITHM.SHA512) + for part in msg_parts: + yaca.verify_update(ctx, part) + assert yaca.verify_finalize(ctx, sig) + + # SIGN + SET PADDING + + ctx = yaca.sign_initialize(key_rsa_prv) + for part in msg_parts: + yaca.sign_update(ctx, part) + yaca.context_set_property(ctx, yaca.PROPERTY.PADDING, + yaca.PADDING.PKCS1_PSS) + sig = yaca.sign_finalize(ctx) + + ctx = yaca.verify_initialize(key_rsa_pub) + for part in msg_parts: + yaca.verify_update(ctx, part) + yaca.context_set_property(ctx, yaca.PROPERTY.PADDING, + yaca.PADDING.PKCS1_PSS) + assert yaca.verify_finalize(ctx, sig) + + +def seal(): + # prepare: + key_rsa_prv = yaca.key_generate(yaca.KEY_TYPE.RSA_PRIV, + yaca.KEY_BIT_LENGTH.L2048BIT) + key_rsa_pub = yaca.key_extract_public(key_rsa_prv) + # end prepare + + ctx, key_seal, iv = yaca.seal_initialize(key_rsa_pub, + bcm=yaca.BLOCK_CIPHER_MODE.CBC) + sealed = b'' + for part in msg_parts: + sealed += yaca.seal_update(ctx, part) + sealed += yaca.seal_finalize(ctx) + + sealed_parts = split_into_parts(sealed, 5) + + ctx = yaca.open_initialize(key_rsa_prv, key_seal, iv, + bcm=yaca.BLOCK_CIPHER_MODE.CBC) + opened = b'' + for part in sealed_parts: + opened += yaca.open_update(ctx, part) + opened += yaca.open_finalize(ctx) + + assert opened == msg + + +def rsa(): + # prepare: + key_rsa_prv = yaca.key_generate(yaca.KEY_TYPE.RSA_PRIV, + yaca.KEY_BIT_LENGTH.L2048BIT) + key_rsa_pub = yaca.key_extract_public(key_rsa_prv) + # end prepare + + msg_short_max = int(2048 / 8 - 11) + msg_short = msg[:msg_short_max] + + enc_rsa = yaca.rsa_public_encrypt(key_rsa_pub, msg_short) + dec_rsa = yaca.rsa_private_decrypt(key_rsa_prv, enc_rsa) + + assert dec_rsa == msg_short + + enc_rsa = yaca.rsa_private_encrypt(key_rsa_prv, msg_short) + dec_rsa = yaca.rsa_public_decrypt(key_rsa_pub, enc_rsa) + + assert dec_rsa == msg_short -- 2.7.4 From 3b3c32e1d0a8414676b37dac83371e0f44173d50 Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Wed, 30 May 2018 14:30:56 +0200 Subject: [PATCH 15/16] Fix some pylint issues - not using len(seq) as a condition - too wide wildcard import Change-Id: I546ccc68729f2ba831dd0f73714aa234cc7254d1 --- python/yaca/__init__.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/python/yaca/__init__.py b/python/yaca/__init__.py index 38e8648..ab0e283 100755 --- a/python/yaca/__init__.py +++ b/python/yaca/__init__.py @@ -43,7 +43,7 @@ For examples see tests/examples in yaca.tests module. import enum as _enum import ctypes as _ctypes import yaca.library -from yaca.error import * +from yaca.error import InvalidParameterError del yaca.error # Initialization @@ -55,7 +55,7 @@ del yaca.library # Helpers def _get_char_param_nullify_if_zero(param): - return None if len(param) == 0 else param + return None if not param else param def _context_get_output_length(ctx, input_length): -- 2.7.4 From ee23e2882718f8a7642e0303325612fe06865e61 Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Mon, 18 Jun 2018 13:41:52 +0200 Subject: [PATCH 16/16] Fix pycodestyle issue pycodestyle: E741 ambiguous variable name 'l' Change-Id: Id70e425e51da8bcd10afd579080d20b2cc9c9d4c --- python/yaca/__init__.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/python/yaca/__init__.py b/python/yaca/__init__.py index ab0e283..3efd0bd 100755 --- a/python/yaca/__init__.py +++ b/python/yaca/__init__.py @@ -255,8 +255,8 @@ def cleanup(): def memcmp(first, second, length): """Safely compares first length bytes of two buffers.""" - l = _ctypes.c_size_t(length) - return _lib.yaca_memcmp(first, second, l) + length = _ctypes.c_size_t(length) + return _lib.yaca_memcmp(first, second, length) def random_bytes(length): -- 2.7.4