From a32e8b8b168bc497cdacd139e555a6bc77e695d1 Mon Sep 17 00:00:00 2001 From: Mateusz Forc Date: Wed, 23 Nov 2016 13:04:57 +0100 Subject: [PATCH 01/16] YACA : Make capi-base-common an optional dependency Change-Id: I6cc9995fecc7a5bf9849fb4d0e2d5e2c26058fa1 --- api/yaca/yaca_error.h | 11 +++++++++-- src/CMakeLists.txt | 8 +++++++- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/api/yaca/yaca_error.h b/api/yaca/yaca_error.h index f062812..c571485 100644 --- a/api/yaca/yaca_error.h +++ b/api/yaca/yaca_error.h @@ -21,11 +21,18 @@ * @brief Error enums and defines. */ +#ifdef CAPI_BASE_COMMON_PRESENT +#include +#else +#include +#define TIZEN_ERROR_NONE 0 +#define TIZEN_ERROR_INVALID_PARAMETER -EINVAL +#define TIZEN_ERROR_OUT_OF_MEMORY -ENOMEM +#endif + #ifndef YACA_ERROR_H #define YACA_ERROR_H -#include - #ifdef __cplusplus extern "C" { #endif diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index ae4168b..8d8badd 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -45,7 +45,13 @@ SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES VERSION ${_LIB_VERSION_}) ## Link libraries ############################################################## -PKG_CHECK_MODULES(YACA_DEPS REQUIRED openssl capi-base-common) +PKG_CHECK_MODULES(YACA_DEPS REQUIRED openssl) + +PKG_CHECK_MODULES(CAPI_BASE_COMMON capi-base-common) +IF (CAPI_BASE_COMMON_FOUND) + ADD_DEFINITIONS(-DCAPI_BASE_COMMON_PRESENT) + INCLUDE_DIRECTORIES(SYSTEM ${CAPI_BASE_COMMON_INCLUDE_DIRS}) +ENDIF() FIND_PACKAGE (Threads) -- 2.7.4 From 6a9daa80f2d8aa268f7f6613e6bcbf42d48379d9 Mon Sep 17 00:00:00 2001 From: "sangwan.kwon" Date: Fri, 3 Feb 2017 15:33:14 +0900 Subject: [PATCH 02/16] Apply the reviewed API documentation Change-Id: I071343de3d70cf0bcc4b1bf10b53ea878ff3da5d Signed-off-by: sangwan.kwon --- api/yaca/yaca_crypto.h | 237 +++++++++++--------------- api/yaca/yaca_digest.h | 69 ++++---- api/yaca/yaca_encrypt.h | 215 ++++++++++------------- api/yaca/yaca_error.h | 38 +++-- api/yaca/yaca_key.h | 441 ++++++++++++++++++++---------------------------- api/yaca/yaca_rsa.h | 168 ++++++++---------- api/yaca/yaca_seal.h | 238 +++++++++++--------------- api/yaca/yaca_sign.h | 260 ++++++++++++---------------- api/yaca/yaca_simple.h | 332 +++++++++++++++--------------------- api/yaca/yaca_types.h | 171 +++++++++---------- 10 files changed, 916 insertions(+), 1253 deletions(-) diff --git a/api/yaca/yaca_crypto.h b/api/yaca/yaca_crypto.h index 56425eb..6108336 100644 --- a/api/yaca/yaca_crypto.h +++ b/api/yaca/yaca_crypto.h @@ -16,283 +16,246 @@ * limitations under the License */ + /** - * @file yaca_crypto.h - * @brief Non crypto related functions. + * @file yaca_crypto.h + * @brief Non crypto related functions. */ + #ifndef YACA_CRYPTO_H #define YACA_CRYPTO_H + #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_ENCRYPTION_MODULE * @{ */ + /** - * @brief NULL value for the crypto context. - * + * @brief Definition for NULL value for the crypto context. * @since_tizen 3.0 */ #define YACA_CONTEXT_NULL ((yaca_context_h) NULL) + /** - * @brief Initializes the library. Must be called before any other crypto - * function. Should be called once in each thread that uses yaca. - * + * @brief Initializes the library. Must be called before any other crypto + * function. Should be called once in each thread that uses yaca. * @since_tizen 3.0 - * - * @return #YACA_ERROR_NONE on success, negative on error + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_cleanup() */ int yaca_initialize(void); + /** - * @brief Cleans up the library. Must be called before exiting the thread that - * called yaca_initialize(). - * + * @brief Cleans up the library. Must be called before exiting the thread that called yaca_initialize(). * @since_tizen 3.0 - * * @see yaca_initialize() */ void yaca_cleanup(void); + /** - * @brief Allocates the memory. - * + * @brief Allocates the memory. * @since_tizen 3.0 - * - * @remarks The @a memory should be freed using yaca_free(). - * - * @param[in] size Size of the allocation (bytes) + * @remarks The @a memory should be freed using yaca_free(). + * @param[in] size Size of the allocation (bytes) * @param[out] memory Allocated memory - * - * @return #YACA_ERROR_NONE on success, negative on error + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error - * * @see yaca_zalloc() * @see yaca_realloc() * @see yaca_free() */ int yaca_malloc(size_t size, void **memory); + /** - * @brief Allocates the zeroed memory. - * + * @brief Allocates the zeroed memory. * @since_tizen 3.0 - * - * @remarks The @a memory should be freed using yaca_free(). - * - * @param[in] size Size of the allocation (bytes) - * @param[out] memory Allocated memory - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a memory should be freed using yaca_free(). + * @param[in] size Size of the allocation (bytes) + * @param[out] memory Allocated memory + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error - * * @see yaca_malloc() * @see yaca_realloc() * @see yaca_free() */ int yaca_zalloc(size_t size, void **memory); + /** - * @brief Re-allocates the memory. - * + * @brief Re-allocates the memory. * @since_tizen 3.0 - * - * @remarks In case of failure the function doesn't free the memory pointed by @a memory. - * - * @remarks If @a memory is NULL then the call is equivalent to yaca_malloc(). - * - * @remarks If the function fails the contents of @a memory will be left unchanged. - * - * @remarks The @a memory should be freed using yaca_free(). - * - * @param[in] size Size of the new allocation (bytes) + * @remarks In case of failure the function doesn't free the memory pointed by @a memory. + * @remarks If @a memory is NULL then the call is equivalent to yaca_malloc(). + * @remarks If the function fails the contents of @a memory will be left unchanged. + * @remarks The @a memory should be freed using yaca_free(). + * @param[in] size Size of the new allocation (bytes) * @param[in,out] memory Memory to be reallocated - * - * @return #YACA_ERROR_NONE on success, negative on error + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error - * * @see yaca_malloc() * @see yaca_zalloc() * @see yaca_free() */ int yaca_realloc(size_t size, void **memory); + /** - * @brief Frees the memory allocated by yaca_malloc(), yaca_zalloc(), - * yaca_realloc() or one of the cryptographic operations. - * + * @brief Frees the memory allocated by yaca_malloc(), yaca_zalloc(), + * yaca_realloc() or one of the cryptographic operations. * @since_tizen 3.0 - * - * @param[in] memory Pointer to the memory to be freed - * + * @param[in] memory Pointer to the memory to be freed * @see yaca_malloc() * @see yaca_zalloc() * @see yaca_realloc() */ void yaca_free(void *memory); + /** - * @brief Safely compares first @a len bytes of two buffers. - * + * @brief Safely compares first @a len bytes of two buffers. * @since_tizen 3.0 - * - * @param[in] first Pointer to the first buffer - * @param[in] second Pointer to the second buffer - * @param[in] len Length to compare - * - * @return #YACA_ERROR_NONE when buffers are equal otherwise #YACA_ERROR_DATA_MISMATCH + * @param[in] first Pointer to the first buffer + * @param[in] second Pointer to the second buffer + * @param[in] len Length to compare + * @return #YACA_ERROR_NONE when buffers are equal, + * otherwise #YACA_ERROR_DATA_MISMATCH * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0) * @retval #YACA_ERROR_DATA_MISMATCH Buffers are different */ int yaca_memcmp(const void *first, const void *second, size_t len); + /** - * @brief Generates random data. - * + * @brief Generates random data. * @since_tizen 3.0 - * - * @param[in,out] data Pointer to the memory to be randomized - * @param[in] data_len Length of the memory to be randomized - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in,out] data Pointer to the memory to be randomized + * @param[in] data_len Length of the memory to be randomized + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0) * @retval #YACA_ERROR_INTERNAL Internal error */ int yaca_randomize_bytes(char *data, size_t data_len); + /** - * @brief Sets the non-standard context properties. Can only be called on an - * initialized context. - * - * @remarks The @a value has to be of type appropriate for given property. See #yaca_property_e - * for details on corresponding types. - * + * @brief Sets the non-standard context properties. Can only be called on an initialized context. * @since_tizen 3.0 - * - * @param[in,out] ctx Previously initialized crypto context - * @param[in] property Property to be set - * @param[in] value Property value - * @param[in] value_len Length of the property value - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a value has to be of type appropriate for given property. See #yaca_property_e + * for details on corresponding types. + * @param[in,out] ctx Previously initialized crypto context + * @param[in] property Property to be set + * @param[in] value Property value + * @param[in] value_len Length of the property value + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a ctx or @a property) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_property_e * @see yaca_context_get_property() */ -int yaca_context_set_property(yaca_context_h ctx, - yaca_property_e property, - const void *value, - size_t value_len); +int yaca_context_set_property(yaca_context_h ctx, yaca_property_e property, const void *value, size_t value_len); + /** - * @brief Returns the non-standard context properties. Can only be called on an - * initialized context. - * + * @brief Returns the non-standard context properties. Can only be called on an initialized context. * @since_tizen 3.0 - * - * @remarks The @a value should be freed using yaca_free(). - * - * @remarks The @a value has to be of type appropriate for given property. See #yaca_property_e - * for details on corresponding types. - * - * @remarks The @a value_len can be NULL if returned @a value is a single object - * (i.e. not an array/buffer). - * - * @param[in] ctx Previously initialized crypto context - * @param[in] property Property to be read - * @param[out] value Copy of the property value - * @param[out] value_len Length of the property value will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a value should be freed using yaca_free(). + * @remarks The @a value has to be of type appropriate for given property. See #yaca_property_e + * for details on corresponding types. + * @remarks The @a value_len can be NULL if returned @a value is a single object (i.e. not an array/buffer). + * @param[in] ctx Previously initialized crypto context + * @param[in] property Property to be read + * @param[out] value Copy of the property value + * @param[out] value_len Length of the property value will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx or @a property) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_property_e * @see yaca_context_set_property() * @see yaca_free() */ -int yaca_context_get_property(const yaca_context_h ctx, - yaca_property_e property, - void **value, - size_t *value_len); +int yaca_context_get_property(const yaca_context_h ctx, yaca_property_e property, void **value, size_t *value_len); + /** - * @brief Returns the minimum required size of the output buffer for a single crypto function call. - * + * @brief Returns the minimum required size of the output buffer for a single crypto function call. * @since_tizen 3.0 - * - * @remarks This function should be used to learn the required size of the output buffer - * for a single function call (eg. *_update or *_finalize). The actual output length - * (number of bytes that has been used) will be returned by the function call itself. - * - * @remarks In case the function call has no output (e.g. yaca_sign_update(), - * yaca_digest_update()), there is no need to use this function. - * - * @remarks In case the function call has no input (eg. *_finalize), the value of - * @a input_len has to be set to 0. - * - * @param[in] ctx Previously initialized crypto context - * @param[in] input_len Length of the input data to be processed - * @param[out] output_len Required length of the output - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks This function should be used to learn the required size of the output buffer + * for a single function call (eg. *_update or *_finalize). The actual output length + * (number of bytes that has been used) will be returned by the function call itself. + * @remarks In case the function call has no output (e.g. yaca_sign_update(), + * yaca_digest_update()), there is no need to use this function. + * @remarks In case the function call has no input (eg. *_finalize), the value of + * @a input_len has to be set to 0. + * @param[in] ctx Previously initialized crypto context + * @param[in] input_len Length of the input data to be processed + * @param[out] output_len Required length of the output + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx or too big @a input_len) * @retval #YACA_ERROR_INTERNAL Internal error */ -int yaca_context_get_output_length(const yaca_context_h ctx, - size_t input_len, - size_t *output_len); +int yaca_context_get_output_length(const yaca_context_h ctx, size_t input_len, size_t *output_len); + /** - * @brief Destroys the crypto context. Must be called on all contexts that are - * no longer used. Passing #YACA_CONTEXT_NULL is allowed. - * + * @brief Destroys the crypto context. Must be called on all contexts that are no longer used. + * Passing #YACA_CONTEXT_NULL is allowed. * @since_tizen 3.0 - * * @param[in,out] ctx Crypto context - * * @see #yaca_context_h - * */ void yaca_context_destroy(yaca_context_h ctx); + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_CRYPTO_H */ diff --git a/api/yaca/yaca_digest.h b/api/yaca/yaca_digest.h index 8d3bd02..377f85b 100644 --- a/api/yaca/yaca_digest.h +++ b/api/yaca/yaca_digest.h @@ -16,43 +16,45 @@ * limitations under the License */ + /** - * @file yaca_digest.h - * @brief Advanced API for the message digests. + * @file yaca_digest.h + * @brief Advanced API for the message digests. */ + #ifndef YACA_DIGEST_H #define YACA_DIGEST_H + #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_INTEGRITY_MODULE * @{ */ + /** - * @brief Initializes a digest context. - * + * @brief Initializes a digest context. * @since_tizen 3.0 - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @param[out] ctx Newly created context - * @param[in] algo Digest algorithm that will be used - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @param[out] ctx Newly created context + * @param[in] algo Digest algorithm that will be used + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_digest_algorithm_e * @see yaca_digest_update() * @see yaca_digest_finalize() @@ -60,58 +62,55 @@ extern "C" { */ int yaca_digest_initialize(yaca_context_h *ctx, yaca_digest_algorithm_e algo); + /** - * @brief Feeds the message into the message digest algorithm. - * + * @brief Feeds the message into the message digest algorithm. * @since_tizen 3.0 - * - * @param[in,out] ctx Context created by yaca_digest_initialize() - * @param[in] message Message from which the digest is to be calculated - * @param[in] message_len Length of the message - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in,out] ctx Context created by yaca_digest_initialize() + * @param[in] message Message from which the digest is to be calculated + * @param[in] message_len Length of the message + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_digest_initialize() * @see yaca_digest_finalize() */ int yaca_digest_update(yaca_context_h ctx, const char *message, size_t message_len); + /** - * @brief Calculates the final digest. - * + * @brief Calculates the final digest. * @since_tizen 3.0 - * - * @remarks Skipping yaca_digest_update() and calling only yaca_digest_finalize() will produce an - * empty message digest. - * - * @param[in,out] ctx A valid digest context - * @param[out] digest Buffer for the message digest - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] digest_len Length of the digest, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Skipping yaca_digest_update() and calling only yaca_digest_finalize() will produce an empty message digest. + * @param[in,out] ctx A valid digest context + * @param[out] digest Buffer for the message digest + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] digest_len Length of the digest, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_digest_initialize() * @see yaca_digest_update() * @see yaca_context_get_output_length() */ int yaca_digest_finalize(yaca_context_h ctx, char *digest, size_t *digest_len); + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_DIGEST_H */ diff --git a/api/yaca/yaca_encrypt.h b/api/yaca/yaca_encrypt.h index 4031f2c..ba2de37 100644 --- a/api/yaca/yaca_encrypt.h +++ b/api/yaca/yaca_encrypt.h @@ -16,238 +16,201 @@ * limitations under the License */ + /** - * @file yaca_encrypt.h - * @brief Advanced API for the symmetric encryption. + * @file yaca_encrypt.h + * @brief Advanced API for the symmetric encryption. */ + #ifndef YACA_ENCRYPT_H #define YACA_ENCRYPT_H + #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_ENCRYPTION_MODULE * @{ */ + /** - * @brief Returns the recommended/default length of the Initialization Vector - * for a given encryption configuration. - * + * @brief Returns the recommended/default length of the Initialization Vector for a given encryption configuration. * @since_tizen 3.0 - * - * @remarks If returned @a iv_bit_len equals 0 that means that for this - * specific algorithm and its parameters Initialization Vector is not used. - * - * @param[in] algo Encryption algorithm - * @param[in] bcm Chain mode - * @param[in] key_bit_len Key length in bits - * @param[out] iv_bit_len Recommended Initialization Vector length in bits - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks If returned @a iv_bit_len equals 0 that means that for this + * specific algorithm and its parameters Initialization Vector is not used. + * @param[in] algo Encryption algorithm + * @param[in] bcm Chain mode + * @param[in] key_bit_len Key length in bits + * @param[out] iv_bit_len Recommended Initialization Vector length in bits + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo, @a bcm or @a key_bit_len) * @retval #YACA_ERROR_INTERNAL Internal error - * */ -int yaca_encrypt_get_iv_bit_length(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t key_bit_len, - size_t *iv_bit_len); +int yaca_encrypt_get_iv_bit_length(yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, size_t key_bit_len, size_t *iv_bit_len); + /** - * @brief Initializes an encryption context. - * + * @brief Initializes an encryption context. * @since_tizen 3.0 - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @param[out] ctx Newly created context - * @param[in] algo Encryption algorithm that will be used - * @param[in] bcm Chaining mode that will be used - * @param[in] sym_key Symmetric key that will be used - * @param[in] iv Initialization Vector that will be used - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @param[out] ctx Newly created context + * @param[in] algo Encryption algorithm that will be used + * @param[in] bcm Chaining mode that will be used + * @param[in] sym_key Symmetric key that will be used + * @param[in] iv Initialization Vector that will be used + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo, @a bcm, @a sym_key or @a iv) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_encrypt_algorithm_e * @see #yaca_block_cipher_mode_e * @see yaca_encrypt_update() * @see yaca_encrypt_finalize() * @see yaca_context_destroy() */ -int yaca_encrypt_initialize(yaca_context_h *ctx, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv); +int yaca_encrypt_initialize(yaca_context_h *ctx, yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, const yaca_key_h sym_key, const yaca_key_h iv); + /** - * @brief Encrypts chunk of the data. - * + * @brief Encrypts chunk of the data. * @since_tizen 3.0 - * - * @param[in,out] ctx Context created by yaca_encrypt_initialize() - * @param[in] plaintext Plaintext to be encrypted - * @param[in] plaintext_len Length of the plaintext - * @param[out] ciphertext Buffer for the encrypted data - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] ciphertext_len Length of the encrypted data, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in,out] ctx Context created by yaca_encrypt_initialize() + * @param[in] plaintext Plaintext to be encrypted + * @param[in] plaintext_len Length of the plaintext + * @param[out] ciphertext Buffer for the encrypted data + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] ciphertext_len Length of the encrypted data, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_encrypt_initialize() * @see yaca_encrypt_finalize() * @see yaca_context_get_output_length() */ -int yaca_encrypt_update(yaca_context_h ctx, - const char *plaintext, - size_t plaintext_len, - char *ciphertext, - size_t *ciphertext_len); +int yaca_encrypt_update(yaca_context_h ctx, const char *plaintext, size_t plaintext_len, char *ciphertext, size_t *ciphertext_len); + /** - * @brief Encrypts the final chunk of the data. - * - * @remarks Skipping yaca_encrypt_update() and calling only yaca_encrypt_finalize() will produce an - * encryption of an empty message. - * + * @brief Encrypts the final chunk of the data. * @since_tizen 3.0 - * - * @param[in,out] ctx A valid encrypt context - * @param[out] ciphertext Final piece of the encrypted data - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] ciphertext_len Length of the final piece, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Skipping yaca_encrypt_update() and calling only yaca_encrypt_finalize() will produce an encryption of an empty message. + * @param[in,out] ctx A valid encrypt context + * @param[out] ciphertext Final piece of the encrypted data + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] ciphertext_len Length of the final piece, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_encrypt_initialize() * @see yaca_encrypt_update() * @see yaca_context_get_output_length() */ -int yaca_encrypt_finalize(yaca_context_h ctx, - char *ciphertext, - size_t *ciphertext_len); +int yaca_encrypt_finalize(yaca_context_h ctx, char *ciphertext, size_t *ciphertext_len); + /** - * @brief Initializes an decryption context. - * + * @brief Initializes an decryption context. * @since_tizen 3.0 - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @param[out] ctx Newly created context - * @param[in] algo Encryption algorithm that was used to encrypt the data - * @param[in] bcm Chaining mode that was used to encrypt the data - * @param[in] sym_key Symmetric key that was used to encrypt the data - * @param[in] iv Initialization Vector that was used to encrypt the data - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @param[out] ctx Newly created context + * @param[in] algo Encryption algorithm that was used to encrypt the data + * @param[in] bcm Chaining mode that was used to encrypt the data + * @param[in] sym_key Symmetric key that was used to encrypt the data + * @param[in] iv Initialization Vector that was used to encrypt the data + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo, @a bcm, @a sym_key or @a iv) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_encrypt_algorithm_e * @see #yaca_block_cipher_mode_e * @see yaca_decrypt_update() * @see yaca_decrypt_finalize() * @see yaca_context_destroy() */ -int yaca_decrypt_initialize(yaca_context_h *ctx, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv); +int yaca_decrypt_initialize(yaca_context_h *ctx, yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, const yaca_key_h sym_key, const yaca_key_h iv); + /** - * @brief Decrypts chunk of the data. - * + * @brief Decrypts chunk of the data. * @since_tizen 3.0 - * - * @param[in,out] ctx Context created by yaca_decrypt_initialize() - * @param[in] ciphertext Ciphertext to be decrypted - * @param[in] ciphertext_len Length of the ciphertext - * @param[out] plaintext Buffer for the decrypted data - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] plaintext_len Length of the decrypted data, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in,out] ctx Context created by yaca_decrypt_initialize() + * @param[in] ciphertext Ciphertext to be decrypted + * @param[in] ciphertext_len Length of the ciphertext + * @param[out] plaintext Buffer for the decrypted data + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] plaintext_len Length of the decrypted data, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a ctx), wrong #YACA_PROPERTY_CCM_AAD or * wrong #YACA_PROPERTY_CCM_TAG was used * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_decrypt_initialize() * @see yaca_decrypt_finalize() * @see yaca_context_get_output_length() */ -int yaca_decrypt_update(yaca_context_h ctx, - const char *ciphertext, - size_t ciphertext_len, - char *plaintext, - size_t *plaintext_len); +int yaca_decrypt_update(yaca_context_h ctx, const char *ciphertext, size_t ciphertext_len, char *plaintext, size_t *plaintext_len); + /** - * @brief Decrypts the final chunk of the data. - * - * @remarks Skipping yaca_decrypt_update() and calling only yaca_decrypt_finalize() will produce a - * decryption of an empty ciphertext. - * + * @brief Decrypts the final chunk of the data. * @since_tizen 3.0 - * - * @param[in,out] ctx A valid decrypt context - * @param[out] plaintext Final piece of the decrypted data - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] plaintext_len Length of the final piece, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Skipping yaca_decrypt_update() and calling only yaca_decrypt_finalize() will produce a decryption of an empty ciphertext. + * @param[in,out] ctx A valid decrypt context + * @param[out] plaintext Final piece of the decrypted data + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] plaintext_len Length of the final piece, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx), wrong #YACA_PROPERTY_GCM_AAD or * wrong #YACA_PROPERTY_GCM_TAG was used * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_decrypt_initialize() * @see yaca_decrypt_update() * @see yaca_context_get_output_length() */ -int yaca_decrypt_finalize(yaca_context_h ctx, - char *plaintext, - size_t *plaintext_len); +int yaca_decrypt_finalize(yaca_context_h ctx, char *plaintext, size_t *plaintext_len); + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_ENCRYPT_H */ diff --git a/api/yaca/yaca_error.h b/api/yaca/yaca_error.h index c571485..d8909ec 100644 --- a/api/yaca/yaca_error.h +++ b/api/yaca/yaca_error.h @@ -16,65 +16,67 @@ * limitations under the License */ + /** - * @file yaca_error.h - * @brief Error enums and defines. + * @file yaca_error.h + * @brief Error enums and defines. */ -#ifdef CAPI_BASE_COMMON_PRESENT -#include -#else -#include -#define TIZEN_ERROR_NONE 0 -#define TIZEN_ERROR_INVALID_PARAMETER -EINVAL -#define TIZEN_ERROR_OUT_OF_MEMORY -ENOMEM -#endif #ifndef YACA_ERROR_H #define YACA_ERROR_H + +#include + + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_ENCRYPTION_MODULE * @{ */ + /* @cond Define it temporarily until this code goes into capi-base-common package */ #ifndef TIZEN_ERROR_YACA #define TIZEN_ERROR_YACA -0x01E30000 #endif /* @endcond */ + /** - * @brief Enumeration of YACA error values. - * + * @brief Enumeration for YACA error values. * @since_tizen 3.0 */ typedef enum { /** Successful */ - YACA_ERROR_NONE = TIZEN_ERROR_NONE, + YACA_ERROR_NONE = TIZEN_ERROR_NONE, /** Invalid function parameter */ - YACA_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, + YACA_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, /** Out of memory */ - YACA_ERROR_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, + YACA_ERROR_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, /** Internal error */ - YACA_ERROR_INTERNAL = TIZEN_ERROR_YACA | 0x01, + YACA_ERROR_INTERNAL = TIZEN_ERROR_YACA | 0x01, /** Data mismatch */ - YACA_ERROR_DATA_MISMATCH = TIZEN_ERROR_YACA | 0x02, + YACA_ERROR_DATA_MISMATCH = TIZEN_ERROR_YACA | 0x02, /** Invalid password */ - YACA_ERROR_INVALID_PASSWORD = TIZEN_ERROR_YACA | 0x03 + YACA_ERROR_INVALID_PASSWORD = TIZEN_ERROR_YACA | 0x03 } yaca_error_e; + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_ERROR_H */ diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h index 5c87944..f946534 100644 --- a/api/yaca/yaca_key.h +++ b/api/yaca/yaca_key.h @@ -16,115 +16,105 @@ * limitations under the License */ + /** - * @file yaca_key.h - * @brief Advanced API for the key and Initialization Vector handling. + * @file yaca_key.h + * @brief Advanced API for the key and Initialization Vector handling. */ + #ifndef YACA_KEY_H #define YACA_KEY_H + #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_KEY_MODULE * @{ */ + /** - * @brief NULL value for yaca_key_h type. - * + * @brief Definition for NULL value for yaca_key_h type. * @since_tizen 3.0 */ #define YACA_KEY_NULL ((yaca_key_h) NULL) + /** - * @brief Gets key's type. - * + * @brief Gets key's type. * @since_tizen 3.0 - * - * @param[in] key Key which type we return - * @param[out] key_type Key type - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in] key Key which type we return + * @param[out] key_type Key type + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Either of the params is NULL - * * @see #yaca_key_type_e */ int yaca_key_get_type(const yaca_key_h key, yaca_key_type_e *key_type); + /** - * @brief Gets key's length (in bits). - * + * @brief Gets key's length (in bits). * @since_tizen 3.0 - * - * @remarks The @a key can be any symmetric (including an Initialization Vector) or - * asymmetric key (including key generation parameters). - * - * @remarks For Diffie-Helmann @a key_bit_len returns prime length in bits. Values - * used to generate the key/parameters in yaca_key_generate() are not - * restored. Neither generator number nor values from #yaca_key_bit_length_dh_rfc_e. - * - * @remarks For Elliptic Curves @a key_bit_len returns values from #yaca_key_bit_length_ec_e. - * - * @param[in] key Key which length we return - * @param[out] key_bit_len Key length in bits - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a key can be any symmetric (including an Initialization Vector) or + * asymmetric key (including key generation parameters). + * @remarks For Diffie-Helmann @a key_bit_len returns prime length in bits. Values + * used to generate the key/parameters in yaca_key_generate() are not + * restored. Neither generator number nor values from #yaca_key_bit_length_dh_rfc_e. + * @remarks For Elliptic Curves @a key_bit_len returns values from #yaca_key_bit_length_ec_e. + * @param[in] key Key which length we return + * @param[out] key_bit_len Key length in bits + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Either of the params is NULL * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_bit_length_e * @see #yaca_key_bit_length_dh_rfc_e * @see #yaca_key_bit_length_ec_e */ int yaca_key_get_bit_length(const yaca_key_h key, size_t *key_bit_len); + /** - * @brief Imports a key or key generation parameters. - * + * @brief Imports a key or key generation parameters. * @since_tizen 3.0 - * - * @remarks Everywhere where either a key (of any type) or an asymmetric key is referred - * in the documentation of this function key generator parameters are also included. - * - * @remarks This function imports a key trying to match it to the @a key_type specified. - * It should autodetect both the key format and the file format. - * - * @remarks For symmetric, Initialization Vector and DES keys RAW binary format and BASE64 encoded - * binary format are supported. - * For asymmetric keys PEM and DER file formats are supported. - * - * @remarks Asymmetric keys can be in their default ASN1 structure formats (like - * PKCS#1, SSleay or PKCS#3). Private asymmetric keys can also be in - * PKCS#8 format. Additionally it is possible to import public RSA/DSA/EC - * keys from X509 certificate. - * - * @remarks If the key is encrypted the algorithm will be autodetected and password - * used. If it's not known if the key is encrypted one should pass NULL as - * password and check for the #YACA_ERROR_INVALID_PASSWORD return code. - * - * @remarks If the imported key will be detected as a format that does not support - * encryption and password was passed #YACA_ERROR_INVALID_PARAMETER will - * be returned. For a list of keys and formats that do support encryption - * see yaca_key_export() documentation. - * - * @remarks The @a key should be released using yaca_key_destroy(). - * - * @param[in] key_type Type of the key - * @param[in] password Null-terminated password for the key (can be NULL) - * @param[in] data Blob containing the key - * @param[in] data_len Size of the blob - * @param[out] key Returned key - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Everywhere where either a key (of any type) or an asymmetric key is referred + * in the documentation of this function key generator parameters are also included. + * @remarks This function imports a key trying to match it to the @a key_type specified. + * It should autodetect both the key format and the file format. + * @remarks For symmetric, Initialization Vector and DES keys RAW binary format and BASE64 encoded + * binary format are supported. + * For asymmetric keys PEM and DER file formats are supported. + * @remarks Asymmetric keys can be in their default ASN1 structure formats (like + * PKCS#1, SSleay or PKCS#3). Private asymmetric keys can also be in + * PKCS#8 format. Additionally it is possible to import public RSA/DSA/EC + * keys from X509 certificate. + * @remarks If the key is encrypted the algorithm will be autodetected and password + * used. If it's not known if the key is encrypted one should pass NULL as + * password and check for the #YACA_ERROR_INVALID_PASSWORD return code. + * @remarks If the imported key will be detected as a format that does not support + * encryption and password was passed #YACA_ERROR_INVALID_PARAMETER will + * be returned. For a list of keys and formats that do support encryption + * see yaca_key_export() documentation. + * @remarks The @a key should be released using yaca_key_destroy(). + * @param[in] key_type Type of the key + * @param[in] password Null-terminated password for the key (can be NULL) + * @param[in] data Blob containing the key + * @param[in] data_len Size of the blob + * @param[out] key Returned key + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a key_type or @a data_len too big) @@ -132,110 +122,86 @@ int yaca_key_get_bit_length(const yaca_key_h key, size_t *key_bit_len); * @retval #YACA_ERROR_INTERNAL Internal error * @retval #YACA_ERROR_INVALID_PASSWORD Invalid @a password given or @a password was required * and none was given - * * @see #yaca_key_type_e * @see yaca_key_export() * @see yaca_key_destroy() */ -int yaca_key_import(yaca_key_type_e key_type, - const char *password, - const char *data, - size_t data_len, - yaca_key_h *key); +int yaca_key_import(yaca_key_type_e key_type, const char *password, const char *data, size_t data_len, yaca_key_h *key); + /** - * @brief Exports a key or key generation parameters to arbitrary format. - * + * @brief Exports a key or key generation parameters to arbitrary format. * @since_tizen 3.0 - * - * @remarks Everywhere where either a key (of any type) or an asymmetric key is referred - * in the documentation of this function key generator parameters are also included. - * - * @remarks This function exports the key to an arbitrary key format and key file format. - * - * @remarks For key formats two values are allowed: - * - #YACA_KEY_FORMAT_DEFAULT: this is the only option possible in case of symmetric keys - * (or Initialization Vector), for asymmetric keys it will - * export to their default ASN1 structure format - * (e.g. PKCS#1, SSLeay, PKCS#3). - * - #YACA_KEY_FORMAT_PKCS8: this will only work for private asymmetric keys. - * - * @remarks The following file formats are supported: - * - #YACA_KEY_FILE_FORMAT_RAW: used only for symmetric, raw binary format - * - #YACA_KEY_FILE_FORMAT_BASE64: used only for symmetric, BASE64 encoded binary form - * - #YACA_KEY_FILE_FORMAT_PEM: used only for asymmetric, PEM file format - * - #YACA_KEY_FILE_FORMAT_DER: used only for asymmetric, DER file format - * - * @remarks Encryption is supported and optional for RSA/DSA private keys in the - * #YACA_KEY_FORMAT_DEFAULT with #YACA_KEY_FILE_FORMAT_PEM format. If no password is - * provided the exported key will be unencrypted. The encryption algorithm used - * in this case is AES-256-CBC. - * - * @remarks Encryption is obligatory for #YACA_KEY_FORMAT_PKCS8 format (for both, PEM and DER - * file formats). If no password is provided the #YACA_ERROR_INVALID_PARAMETER will - * be returned. The encryption algorithm used in this case is AES-256-CBC. The key is - * generated from password using PBKDF2 with HMAC-SHA1 function and 2048 iterations. - * - * @remarks Encryption is not supported for the symmetric, public keys and key generation - * parameters in all their supported formats. If a password is provided in such - * case the #YACA_ERROR_INVALID_PARAMETER will be returned. - * - * @param[in] key Key to be exported - * @param[in] key_fmt Format of the key - * @param[in] key_file_fmt Format of the key file - * @param[in] password Password used for the encryption (can be NULL) - * @param[out] data Data, allocated by the library, containing exported key - * (must be freed with yaca_free()) - * @param[out] data_len Size of the output data - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Everywhere where either a key (of any type) or an asymmetric key is referred + * in the documentation of this function key generator parameters are also included. + * @remarks This function exports the key to an arbitrary key format and key file format. + * @remarks For key formats two values are allowed: + * - #YACA_KEY_FORMAT_DEFAULT: this is the only option possible in case of symmetric keys + * (or Initialization Vector), for asymmetric keys it will + * export to their default ASN1 structure format + * (e.g. PKCS#1, SSLeay, PKCS#3). + * - #YACA_KEY_FORMAT_PKCS8: this will only work for private asymmetric keys. + * @remarks The following file formats are supported: + * - #YACA_KEY_FILE_FORMAT_RAW: used only for symmetric, raw binary format + * - #YACA_KEY_FILE_FORMAT_BASE64: used only for symmetric, BASE64 encoded binary form + * - #YACA_KEY_FILE_FORMAT_PEM: used only for asymmetric, PEM file format + * - #YACA_KEY_FILE_FORMAT_DER: used only for asymmetric, DER file format + * @remarks Encryption is supported and optional for RSA/DSA private keys in the + * #YACA_KEY_FORMAT_DEFAULT with #YACA_KEY_FILE_FORMAT_PEM format. If no password is + * provided the exported key will be unencrypted. The encryption algorithm used + * in this case is AES-256-CBC. + * @remarks Encryption is obligatory for #YACA_KEY_FORMAT_PKCS8 format (for both, PEM and DER + * file formats). If no password is provided the #YACA_ERROR_INVALID_PARAMETER will + * be returned. The encryption algorithm used in this case is AES-256-CBC. The key is + * generated from password using PBKDF2 with HMAC-SHA1 function and 2048 iterations. + * @remarks Encryption is not supported for the symmetric, public keys and key generation + * parameters in all their supported formats. If a password is provided in such + * case the #YACA_ERROR_INVALID_PARAMETER will be returned. + * @param[in] key Key to be exported + * @param[in] key_fmt Format of the key + * @param[in] key_file_fmt Format of the key file + * @param[in] password Password used for the encryption (can be NULL) + * @param[out] data Data, allocated by the library, containing exported key + * (must be freed with yaca_free()) + * @param[out] data_len Size of the output data + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a key_fmt, @a key_file_fmt or @a data_len too big) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_format_e * @see #yaca_key_file_format_e * @see yaca_key_import() * @see yaca_key_destroy() */ -int yaca_key_export(const yaca_key_h key, - yaca_key_format_e key_fmt, - yaca_key_file_format_e key_file_fmt, - const char *password, - char **data, - size_t *data_len); +int yaca_key_export(const yaca_key_h key, yaca_key_format_e key_fmt, yaca_key_file_format_e key_file_fmt, const char *password, char **data, size_t *data_len); + /** - * @brief Generates a secure key or key generation parameters (or an Initialization Vector). - * + * @brief Generates a secure key or key generation parameters (or an Initialization Vector). * @since_tizen 3.0 - * - * @remarks This function is used to generate symmetric keys, private asymmetric keys - * or key generation parameters for key types that support them (DSA, DH and EC). - * - * @remarks Supported key lengths: - * - RSA: length >= 512bits - * - DSA: length >= 512bits, multiple of 64 - * - DH: a value taken from #yaca_key_bit_length_dh_rfc_e or - * (YACA_KEY_LENGTH_DH_GENERATOR_* | prime_length_in_bits), - * where prime_length_in_bits can be any positive number - * - EC: a value taken from #yaca_key_bit_length_ec_e - * - * @remarks The @a key should be released using yaca_key_destroy(). - * - * @param[in] key_type Type of the key to be generated - * @param[in] key_bit_len Length of the key (in bits) to be generated - * @param[out] key Newly generated key - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks This function is used to generate symmetric keys, private asymmetric keys + * or key generation parameters for key types that support them (DSA, DH and EC). + * @remarks Supported key lengths: + * - RSA: length >= 512bits + * - DSA: length >= 512bits, multiple of 64 + * - DH: a value taken from #yaca_key_bit_length_dh_rfc_e or + * (YACA_KEY_LENGTH_DH_GENERATOR_* | prime_length_in_bits), + * where prime_length_in_bits can be any positive number + * - EC: a value taken from #yaca_key_bit_length_ec_e + * @remarks The @a key should be released using yaca_key_destroy(). + * @param[in] key_type Type of the key to be generated + * @param[in] key_bit_len Length of the key (in bits) to be generated + * @param[out] key Newly generated key + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER @a key is NULL, incorrect @a key_type or * @a key_bit_len is not dividable by 8 * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_key_bit_length_e * @see #yaca_key_bit_length_dh_rfc_e @@ -244,73 +210,61 @@ int yaca_key_export(const yaca_key_h key, * @see #yaca_key_bit_length_ec_e * @see yaca_key_destroy() */ -int yaca_key_generate(yaca_key_type_e key_type, - size_t key_bit_len, - yaca_key_h *key); +int yaca_key_generate(yaca_key_type_e key_type, size_t key_bit_len, yaca_key_h *key); + /** - * @brief Generates a secure private asymmetric key from parameters. - * + * @brief Generates a secure private asymmetric key from parameters. * @since_tizen 3.0 - * - * @remarks This function is used to generate private asymmetric keys - * based on pre-generated parameters. - * - * @remarks The @a key should be released using yaca_key_destroy(). - * - * @param[in] params Pre-generated parameters - * @param[out] prv_key Newly generated private key - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks This function is used to generate private asymmetric keys + * based on pre-generated parameters. + * @remarks The @a key should be released using yaca_key_destroy(). + * @param[in] params Pre-generated parameters + * @param[out] prv_key Newly generated private key + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER @a prv_key is NULL or incorrect @a params * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_key_destroy() * @see yaca_key_generate() * @see yaca_key_extract_parameters() */ int yaca_key_generate_from_parameters(const yaca_key_h params, yaca_key_h *prv_key); + /** - * @brief Extracts public key from a private one. - * + * @brief Extracts public key from a private one. * @since_tizen 3.0 - * - * @remarks The @a pub_key should be released using yaca_key_destroy(). - * - * @param[in] prv_key Private key to extract the public one from - * @param[out] pub_key Extracted public key - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a pub_key should be released using yaca_key_destroy(). + * @param[in] prv_key Private key to extract the public one from + * @param[out] pub_key Extracted public key + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER @a prv_key is of invalid type or @a pub_key is NULL * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_key_generate() * @see yaca_key_import() * @see yaca_key_destroy() */ int yaca_key_extract_public(const yaca_key_h prv_key, yaca_key_h *pub_key); + /** - * @brief Extracts parameters from a private or a public key. - * + * @brief Extracts parameters from a private or a public key. * @since_tizen 3.0 - * - * @remarks The @a params should be released using yaca_key_destroy(). - * - * @param[in] key A key to extract the parameters from - * @param[out] params Extracted parameters - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a params should be released using yaca_key_destroy(). + * @param[in] key A key to extract the parameters from + * @param[out] params Extracted parameters + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER @a key is of invalid type or @a params is NULL * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_key_generate() * @see yaca_key_generate_from_parameters() * @see yaca_key_import() @@ -318,134 +272,107 @@ int yaca_key_extract_public(const yaca_key_h prv_key, yaca_key_h *pub_key); */ int yaca_key_extract_parameters(const yaca_key_h key, yaca_key_h *params); + /** - * @brief Derives a shared secret using Diffie-Helmann or EC Diffie-Helmann key exchange protocol. - * + * @brief Derives a shared secret using Diffie-Helmann or EC Diffie-Helmann key exchange protocol. * @since_tizen 3.0 - * - * @remarks The @a secret should not be used as a symmetric key, - * to produce a symmetric key pass the secret to a key derivation function (KDF) - * or a message digest function. - * - * @remarks The @a secret should be freed with yaca_free(). - * - * @param[in] prv_key Our private key - * @param[in] pub_key Peer public key - * @param[out] secret Generated shared secret - * @param[out] secret_len Size of the shared secret - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a secret should not be used as a symmetric key, + * to produce a symmetric key pass the secret to a key derivation function (KDF) + * or a message digest function. + * @remarks The @a secret should be freed with yaca_free(). + * @param[in] prv_key Our private key + * @param[in] pub_key Peer public key + * @param[out] secret Generated shared secret + * @param[out] secret_len Size of the shared secret + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values * (invalid @a prv_key or @a pub_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_key_derive_kdf() * @see yaca_simple_calculate_digest() * @see yaca_free() */ -int yaca_key_derive_dh(const yaca_key_h prv_key, - const yaca_key_h pub_key, - char **secret, - size_t *secret_len); +int yaca_key_derive_dh(const yaca_key_h prv_key, const yaca_key_h pub_key, char **secret, size_t *secret_len); + /** - * @brief Derives a key material from shared secret. - * + * @brief Derives a key material from shared secret. * @since_tizen 3.0 - * - * @remarks The @a info parameter is ANSI X9.42 OtherInfo or ANSI X9.62 SharedInfo structure, - * more information can be found in ANSI X9.42/62 standard specification. - * - * @remarks The @a key_material or separate parts of it can be used to import a symmetric key - * with yaca_key_import(). - * - * @remarks The @a key_material should be freed using yaca_free(). - * - * @param[in] kdf Key derivation function - * @param[in] algo Digest algorithm that should be used in key derivation - * @param[in] secret Shared secret - * @param[in] secret_len Size of the shared secret - * @param[in] info Optional additional info, use NULL if not appending extra info - * @param[in] info_len Length of additional info, use 0 if not using additional info - * @param[in] key_material_len Length of a key material to be generated - * @param[out] key_material Newly generated key material - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a info parameter is ANSI X9.42 OtherInfo or ANSI X9.62 SharedInfo structure, + * more information can be found in ANSI X9.42/62 standard specification. + * @remarks The @a key_material or separate parts of it can be used to import a symmetric key + * with yaca_key_import(). + * @remarks The @a key_material should be freed using yaca_free(). + * @param[in] kdf Key derivation function + * @param[in] algo Digest algorithm that should be used in key derivation + * @param[in] secret Shared secret + * @param[in] secret_len Size of the shared secret + * @param[in] info Optional additional info, use NULL if not appending extra info + * @param[in] info_len Length of additional info, use 0 if not using additional info + * @param[in] key_material_len Length of a key material to be generated + * @param[out] key_material Newly generated key material + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a algo or @a kdf) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_kdf_e * @see #yaca_digest_algorithm_e * @see yaca_key_derive_dh() * @see yaca_key_import() * @see yaca_free() */ -int yaca_key_derive_kdf(yaca_kdf_e kdf, - yaca_digest_algorithm_e algo, - const char *secret, - size_t secret_len, - const char *info, - size_t info_len, - size_t key_material_len, - char **key_material); +int yaca_key_derive_kdf(yaca_kdf_e kdf, yaca_digest_algorithm_e algo, const char *secret, size_t secret_len, const char *info, size_t info_len, size_t key_material_len, char **key_material); + /** - * @brief Derives a key from user password (PKCS #5 a.k.a. pbkdf2 algorithm). - * + * @brief Derives a key from user password (PKCS #5 a.k.a. pbkdf2 algorithm). * @since_tizen 3.0 - * - * @remarks The @a key should be released using yaca_key_destroy(). - * - * @param[in] password User password as a null-terminated string - * @param[in] salt Salt, should be a non-empty string - * @param[in] salt_len Length of the salt - * @param[in] iterations Number of iterations - * @param[in] algo Digest algorithm that should be used in key generation - * @param[in] key_bit_len Length of a key (in bits) to be generated - * @param[out] key Newly generated key - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a key should be released using yaca_key_destroy(). + * @param[in] password User password as a null-terminated string + * @param[in] salt Salt, should be a non-empty string + * @param[in] salt_len Length of the salt + * @param[in] iterations Number of iterations + * @param[in] algo Digest algorithm that should be used in key generation + * @param[in] key_bit_len Length of a key (in bits) to be generated + * @param[out] key Newly generated key + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a algo or @a key_bit_len not dividable by 8) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_digest_algorithm_e * @see yaca_key_destroy() */ -int yaca_key_derive_pbkdf2(const char *password, - const char *salt, - size_t salt_len, - size_t iterations, - yaca_digest_algorithm_e algo, - size_t key_bit_len, - yaca_key_h *key); +int yaca_key_derive_pbkdf2(const char *password, const char *salt, size_t salt_len, size_t iterations, yaca_digest_algorithm_e algo, size_t key_bit_len, yaca_key_h *key); + /** - * @brief Release the key created by the library. Passing YACA_KEY_NULL is allowed. - * + * @brief Releases the key created by the library. Passing YACA_KEY_NULL is allowed. * @since_tizen 3.0 - * - * @param[in,out] key Key to be released - * + * @param[in,out] key Key to be released * @see yaca_key_import() * @see yaca_key_export() * @see yaca_key_generate() */ void yaca_key_destroy(yaca_key_h key); + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_KEY_H */ diff --git a/api/yaca/yaca_rsa.h b/api/yaca/yaca_rsa.h index a57bfd7..4c226a8 100644 --- a/api/yaca/yaca_rsa.h +++ b/api/yaca/yaca_rsa.h @@ -16,182 +16,150 @@ * limitations under the License */ + /** - * @file yaca_rsa.h - * @brief Advanced API for low-level RSA operations + * @file yaca_rsa.h + * @brief Advanced API for low-level RSA operations. */ + #ifndef YACA_RSA_H #define YACA_RSA_H + #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_RSA_MODULE * @{ */ + /** - * @brief Encrypts data using a RSA public key (low-level encrypt equivalent). - * + * @brief Encrypts data using a RSA public key (low-level encrypt equivalent). * @since_tizen 3.0 - * - * @remarks The @a ciphertext should be freed using yaca_free(). - * - * @remarks The @a pub_key used has to be of a #YACA_KEY_TYPE_RSA_PUB type. - * - * @remarks The maximum length of plaintext depends on the key length and padding method. - * See #yaca_padding_e for details. - * - * @remarks The @a plaintext can be NULL but then the @a plaintext_len must be 0. - * - * @param[in] padding Padding method - * @param[in] pub_key Public RSA key (see yaca_key.h for key generation functions) - * @param[in] plaintext Plaintext to be encrypted - * @param[in] plaintext_len Length of the plaintext - * @param[out] ciphertext Encrypted data, will be allocated by the library - * @param[out] ciphertext_len Length of the encrypted data (may be larger than decrypted) - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a ciphertext should be freed using yaca_free(). + * @remarks The @a pub_key used has to be of a #YACA_KEY_TYPE_RSA_PUB type. + * @remarks The maximum length of plaintext depends on the key length and padding method. + * See #yaca_padding_e for details. + * @remarks The @a plaintext can be NULL but then the @a plaintext_len must be 0. + * @param[in] padding Padding method + * @param[in] pub_key Public RSA key (see yaca_key.h for key generation functions) + * @param[in] plaintext Plaintext to be encrypted + * @param[in] plaintext_len Length of the plaintext + * @param[out] ciphertext Encrypted data, will be allocated by the library + * @param[out] ciphertext_len Length of the encrypted data (may be larger than decrypted) + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a padding, @a pub_key or @a plaintext_len) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_padding_e * @see yaca_rsa_private_decrypt() * @see yaca_free() */ -int yaca_rsa_public_encrypt(yaca_padding_e padding, - const yaca_key_h pub_key, - const char *plaintext, - size_t plaintext_len, - char **ciphertext, - size_t *ciphertext_len); +int yaca_rsa_public_encrypt(yaca_padding_e padding, const yaca_key_h pub_key, const char *plaintext, size_t plaintext_len, char **ciphertext, size_t *ciphertext_len); + /** - * @brief Decrypts data using a RSA private key (low-level decrypt equivalent). - * + * @brief Decrypts data using a RSA private key (low-level decrypt equivalent). * @since_tizen 3.0 - * - * @remarks The @a plaintext should be freed using yaca_free(). - * - * @remarks The @a prv_key used has to be of a #YACA_KEY_TYPE_RSA_PRIV type. - * - * @param[in] padding Padding method - * @param[in] prv_key Private RSA key matching the public one used to encrypt the data - * @param[in] ciphertext Ciphertext to be decrypted - * @param[in] ciphertext_len Length of ciphertext - * @param[out] plaintext Decrypted data, will be allocated by the library - * @param[out] plaintext_len Length of the decrypted data - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a plaintext should be freed using yaca_free(). + * @remarks The @a prv_key used has to be of a #YACA_KEY_TYPE_RSA_PRIV type. + * @param[in] padding Padding method + * @param[in] prv_key Private RSA key matching the public one used to encrypt the data + * @param[in] ciphertext Ciphertext to be decrypted + * @param[in] ciphertext_len Length of ciphertext + * @param[out] plaintext Decrypted data, will be allocated by the library + * @param[out] plaintext_len Length of the decrypted data + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a padding or @a prv_key), padding check failed * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_padding_e * @see yaca_rsa_public_encrypt() * @see yaca_free() */ -int yaca_rsa_private_decrypt(yaca_padding_e padding, - const yaca_key_h prv_key, - const char *ciphertext, - size_t ciphertext_len, - char **plaintext, - size_t *plaintext_len); +int yaca_rsa_private_decrypt(yaca_padding_e padding, const yaca_key_h prv_key, const char *ciphertext, size_t ciphertext_len, char **plaintext, size_t *plaintext_len); + /** - * @brief Encrypts data using a RSA private key (low-level sign equivalent). - * + * @brief Encrypts data using a RSA private key (low-level sign equivalent). * @since_tizen 3.0 - * - * @remarks The @a ciphertext should be freed using yaca_free(). - * - * @remarks The @a prv_key used has to be of a #YACA_KEY_TYPE_RSA_PRIV type. - * - * @remarks The maximum length of plaintext depends on the key length and padding method, - * see #yaca_padding_e for details. - * - * @remarks The @a plaintext can be NULL but then the @a plaintext_len must be 0. - * - * @param[in] padding Padding method - * @param[in] prv_key Private RSA key (see yaca_key.h for key generation functions) - * @param[in] plaintext Plaintext to be encrypted - * @param[in] plaintext_len Length of the plaintext - * @param[out] ciphertext Encrypted data, will be allocated by the library - * @param[out] ciphertext_len Length of the encrypted data (may be larger than decrypted) - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a ciphertext should be freed using yaca_free(). + * @remarks The @a prv_key used has to be of a #YACA_KEY_TYPE_RSA_PRIV type. + * @remarks The maximum length of plaintext depends on the key length and padding method, + * see #yaca_padding_e for details. + * @remarks The @a plaintext can be NULL but then the @a plaintext_len must be 0. + * @param[in] padding Padding method + * @param[in] prv_key Private RSA key (see yaca_key.h for key generation functions) + * @param[in] plaintext Plaintext to be encrypted + * @param[in] plaintext_len Length of the plaintext + * @param[out] ciphertext Encrypted data, will be allocated by the library + * @param[out] ciphertext_len Length of the encrypted data (may be larger than decrypted) + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a padding, @a prv_key or @a plaintext_len) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_padding_e * @see yaca_rsa_public_decrypt() * @see yaca_free() */ -int yaca_rsa_private_encrypt(yaca_padding_e padding, - const yaca_key_h prv_key, - const char *plaintext, - size_t plaintext_len, - char **ciphertext, - size_t *ciphertext_len); +int yaca_rsa_private_encrypt(yaca_padding_e padding, const yaca_key_h prv_key, const char *plaintext, size_t plaintext_len, char **ciphertext, size_t *ciphertext_len); + /** - * @brief Decrypts data using a RSA public key (low-level verify equivalent). - * + * @brief Decrypts data using a RSA public key (low-level verify equivalent). * @since_tizen 3.0 - * - * @remarks The @a plaintext should be freed using yaca_free(). - * - * @remarks The @a pub_key used has to be of a #YACA_KEY_TYPE_RSA_PUB type. - * - * @param[in] padding Padding method - * @param[in] pub_key Public RSA key matching the private one used to encrypt the data - * @param[in] ciphertext Ciphertext to be decrypted - * @param[in] ciphertext_len Length of ciphertext - * @param[out] plaintext Decrypted data, will be allocated by the library - * @param[out] plaintext_len Length of the decrypted data - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a plaintext should be freed using yaca_free(). + * @remarks The @a pub_key used has to be of a #YACA_KEY_TYPE_RSA_PUB type. + * @param[in] padding Padding method + * @param[in] pub_key Public RSA key matching the private one used to encrypt the data + * @param[in] ciphertext Ciphertext to be decrypted + * @param[in] ciphertext_len Length of ciphertext + * @param[out] plaintext Decrypted data, will be allocated by the library + * @param[out] plaintext_len Length of the decrypted data + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a padding or @a pub_key), padding check failed * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_padding_e * @see yaca_rsa_private_encrypt() * @see yaca_free() */ -int yaca_rsa_public_decrypt(yaca_padding_e padding, - const yaca_key_h pub_key, - const char *ciphertext, - size_t ciphertext_len, - char **plaintext, - size_t *plaintext_len); +int yaca_rsa_public_decrypt(yaca_padding_e padding, const yaca_key_h pub_key, const char *ciphertext, size_t ciphertext_len, char **plaintext, size_t *plaintext_len); + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_RSA_H */ diff --git a/api/yaca/yaca_seal.h b/api/yaca/yaca_seal.h index 5db810e..1e08345 100644 --- a/api/yaca/yaca_seal.h +++ b/api/yaca/yaca_seal.h @@ -16,67 +16,62 @@ * limitations under the License */ + /** - * @file yaca_seal.h - * @brief Advanced API for the asymmetric encryption. - * - * @details Seal does more than just encrypt. It first generates the encryption key and - * Initialization Vector, then encrypts whole message using this key - * (and selected symmetric algorithm). - * Finally it encrypts symmetric key with public key. + * @file yaca_seal.h + * @brief Advanced API for the asymmetric encryption. + * @details Seal does more than just encrypt. It first generates the encryption key and + * Initialization Vector, then encrypts whole message using this key + * (and selected symmetric algorithm). + * Finally it encrypts symmetric key with public key. */ + #ifndef YACA_SEAL_H #define YACA_SEAL_H + #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_ENCRYPTION_MODULE * @{ */ + /** - * @brief Initializes an asymmetric encryption context and generates - * symmetric key and Initialization Vector. - * - * @remarks Generated symmetric key is encrypted with public key, - * so can be only used with yaca_open_initialize(). It can be exported, - * but after import it can be only used with yaca_open_initialize() as well. - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @remarks The @a pub_key must be #YACA_KEY_TYPE_RSA_PUB. - * - * @remarks The @a sym_key_bit_len must be at least 88 bits shorter than the @a pub_key bit length. - * - * @remarks The @a sym_key should be released using yaca_key_destroy(). - * - * @remarks The @a iv should be released using yaca_key_destroy(). - * + * @brief Initializes an asymmetric encryption context and generates symmetric key and Initialization Vector. * @since_tizen 3.0 - * - * @param[out] ctx Newly created context - * @param[in] pub_key Public key of the peer that will receive the encrypted data - * @param[in] algo Symmetric algorithm that will be used - * @param[in] bcm Block chaining mode for the symmetric algorithm - * @param[in] sym_key_bit_len Symmetric key length (in bits) that will be generated - * @param[out] sym_key Generated symmetric key that will be used, - * it is encrypted with peer's public key - * @param[out] iv Generated Initialization Vector that will be used - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Generated symmetric key is encrypted with public key, + * so can be only used with yaca_open_initialize(). It can be exported, + * but after import it can be only used with yaca_open_initialize() as well. + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @remarks The @a pub_key must be #YACA_KEY_TYPE_RSA_PUB. + * @remarks The @a sym_key_bit_len must be at least 88 bits shorter than the @a pub_key bit length. + * @remarks The @a sym_key should be released using yaca_key_destroy(). + * @remarks The @a iv should be released using yaca_key_destroy(). + * @param[out] ctx Newly created context + * @param[in] pub_key Public key of the peer that will receive the encrypted data + * @param[in] algo Symmetric algorithm that will be used + * @param[in] bcm Block chaining mode for the symmetric algorithm + * @param[in] sym_key_bit_len Symmetric key length (in bits) that will be generated + * @param[out] sym_key Generated symmetric key that will be used, + * it is encrypted with peer's public key + * @param[out] iv Generated Initialization Vector that will be used + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo, @a bcm, @a sym_key_bit_len or @a pub_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_encrypt_algorithm_e * @see #yaca_block_cipher_mode_e * @see #yaca_key_bit_length_e @@ -86,97 +81,77 @@ extern "C" { * @see yaca_key_destroy() * @see yaca_context_destroy() */ -int yaca_seal_initialize(yaca_context_h *ctx, - const yaca_key_h pub_key, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t sym_key_bit_len, - yaca_key_h *sym_key, - yaca_key_h *iv); +int yaca_seal_initialize(yaca_context_h *ctx, const yaca_key_h pub_key, yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, size_t sym_key_bit_len, + yaca_key_h *sym_key, yaca_key_h *iv); + /** - * @brief Encrypts piece of the data. - * + * @brief Encrypts piece of the data. * @since_tizen 3.0 - * - * @param[in,out] ctx Context created by yaca_seal_initialize() - * @param[in] plaintext Plaintext to be encrypted - * @param[in] plaintext_len Length of the plaintext - * @param[out] ciphertext Buffer for the encrypted data - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] ciphertext_len Length of the encrypted data, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in,out] ctx Context created by yaca_seal_initialize() + * @param[in] plaintext Plaintext to be encrypted + * @param[in] plaintext_len Length of the plaintext + * @param[out] ciphertext Buffer for the encrypted data + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] ciphertext_len Length of the encrypted data, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_seal_initialize() * @see yaca_seal_finalize() * @see yaca_context_get_output_length() */ -int yaca_seal_update(yaca_context_h ctx, - const char *plaintext, - size_t plaintext_len, - char *ciphertext, - size_t *ciphertext_len); +int yaca_seal_update(yaca_context_h ctx, const char *plaintext, size_t plaintext_len, char *ciphertext, size_t *ciphertext_len); + /** - * @brief Encrypts the final piece of the data. - * - * @remarks Skipping yaca_seal_update() and calling only yaca_seal_finalize() will produce an - * encryption of an empty message. - * + * @brief Encrypts the final piece of the data. * @since_tizen 3.0 - * - * @param[in,out] ctx A valid seal context - * @param[out] ciphertext Final piece of the encrypted data - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] ciphertext_len Length of the final piece, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Skipping yaca_seal_update() and calling only yaca_seal_finalize() will produce an + * encryption of an empty message. + * @param[in,out] ctx A valid seal context + * @param[out] ciphertext Final piece of the encrypted data + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] ciphertext_len Length of the final piece, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_seal_initialize() * @see yaca_seal_update() * @see yaca_context_get_output_length() */ -int yaca_seal_finalize(yaca_context_h ctx, - char *ciphertext, - size_t *ciphertext_len); +int yaca_seal_finalize(yaca_context_h ctx, char *ciphertext, size_t *ciphertext_len); + /** - * @brief Initializes an asymmetric decryption context. - * + * @brief Initializes an asymmetric decryption context. * @since_tizen 3.0 - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @remarks The @a prv_key must be #YACA_KEY_TYPE_RSA_PRIV. - * - * @param[out] ctx Newly created context - * @param[in] prv_key Private key, part of the pair that was used for the encryption - * @param[in] algo Symmetric algorithm that was used for the encryption - * @param[in] bcm Block chaining mode for the symmetric algorithm - * @param[in] sym_key_bit_len Symmetric key length (in bits) that was used for the encryption - * @param[in] sym_key Symmetric key, encrypted with the public key, - * that was used to encrypt the data - * @param[in] iv Initialization Vector that was used for the encryption - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @remarks The @a prv_key must be #YACA_KEY_TYPE_RSA_PRIV. + * @param[out] ctx Newly created context + * @param[in] prv_key Private key, part of the pair that was used for the encryption + * @param[in] algo Symmetric algorithm that was used for the encryption + * @param[in] bcm Block chaining mode for the symmetric algorithm + * @param[in] sym_key_bit_len Symmetric key length (in bits) that was used for the encryption + * @param[in] sym_key Symmetric key, encrypted with the public key, + * that was used to encrypt the data + * @param[in] iv Initialization Vector that was used for the encryption + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, invalid * @a algo, @a bcm, @a sym_key_bit_len, @a prv_key, * @a sym_key or @a iv) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_encrypt_algorithm_e * @see #yaca_block_cipher_mode_e * @see #yaca_key_bit_length_e @@ -184,79 +159,66 @@ int yaca_seal_finalize(yaca_context_h ctx, * @see yaca_open_finalize() * @see yaca_context_destroy() */ -int yaca_open_initialize(yaca_context_h *ctx, - const yaca_key_h prv_key, - yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - size_t sym_key_bit_len, - const yaca_key_h sym_key, - const yaca_key_h iv); +int yaca_open_initialize(yaca_context_h *ctx, const yaca_key_h prv_key, yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, size_t sym_key_bit_len, + const yaca_key_h sym_key, const yaca_key_h iv); + /** - * @brief Decrypts piece of the data. - * + * @brief Decrypts piece of the data. * @since_tizen 3.0 - * - * @param[in,out] ctx Context created by yaca_open_initialize() - * @param[in] ciphertext Ciphertext to be decrypted - * @param[in] ciphertext_len Length of the ciphertext - * @param[out] plaintext Buffer for the decrypted data - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] plaintext_len Length of the decrypted data, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in,out] ctx Context created by yaca_open_initialize() + * @param[in] ciphertext Ciphertext to be decrypted + * @param[in] ciphertext_len Length of the ciphertext + * @param[out] plaintext Buffer for the decrypted data + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] plaintext_len Length of the decrypted data, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a ctx), wrong #YACA_PROPERTY_CCM_AAD or * wrong #YACA_PROPERTY_CCM_TAG was used * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_open_initialize() * @see yaca_open_finalize() * @see yaca_context_get_output_length() */ -int yaca_open_update(yaca_context_h ctx, - const char *ciphertext, - size_t ciphertext_len, - char *plaintext, - size_t *plaintext_len); +int yaca_open_update(yaca_context_h ctx, const char *ciphertext, size_t ciphertext_len, char *plaintext, size_t *plaintext_len); + /** - * @brief Decrypts last chunk of sealed message. - * - * @remarks Skipping yaca_open_update() and calling only yaca_open_finalize() will produce a - * decryption of an empty ciphertext. - * + * @brief Decrypts last chunk of sealed message. * @since_tizen 3.0 - * - * @param[in,out] ctx A valid open context - * @param[out] plaintext Final piece of the decrypted data - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] plaintext_len Length of the final piece, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Skipping yaca_open_update() and calling only yaca_open_finalize() will produce a + * decryption of an empty ciphertext. + * @param[in,out] ctx A valid open context + * @param[out] plaintext Final piece of the decrypted data + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] plaintext_len Length of the final piece, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx), wrong #YACA_PROPERTY_GCM_AAD or * wrong #YACA_PROPERTY_GCM_TAG was used * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_open_initialize() * @see yaca_open_update() * @see yaca_context_get_output_length() */ -int yaca_open_finalize(yaca_context_h ctx, - char *plaintext, - size_t *plaintext_len); +int yaca_open_finalize(yaca_context_h ctx, char *plaintext, size_t *plaintext_len); + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_SEAL_H */ diff --git a/api/yaca/yaca_sign.h b/api/yaca/yaca_sign.h index 0fcbec3..3ac545e 100644 --- a/api/yaca/yaca_sign.h +++ b/api/yaca/yaca_sign.h @@ -16,61 +16,58 @@ * limitations under the License */ + /** - * @file yaca_sign.h - * @brief Advanced API for the integrity handling - HMAC, CMAC and digital signature. + * @file yaca_sign.h + * @brief Advanced API for the integrity handling - HMAC, CMAC and digital signature. */ + #ifndef YACA_SIGN_H #define YACA_SIGN_H + #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_INTEGRITY_MODULE * @{ */ + /** - * @brief Initializes a signature context for asymmetric signatures. - * + * @brief Initializes a signature context for asymmetric signatures. * @since_tizen 3.0 - * - * @remarks For verification use yaca_verify_initialize(), yaca_verify_update() and - * yaca_verify_finalize() functions with matching public key. - * - * @remarks For RSA operations the default padding used is #YACA_PADDING_PKCS1. It can be - * changed using yaca_context_set_property() with #YACA_PROPERTY_PADDING. - * - * @remarks For #YACA_DIGEST_SHA384 and #YACA_DIGEST_SHA512 the RSA key size must be bigger than - * #YACA_KEY_LENGTH_512BIT. - * - * @remarks Using of #YACA_DIGEST_MD5 algorithm for DSA and ECDSA operations is prohibited. - * - * @remarks Using of #YACA_DIGEST_MD5 or #YACA_DIGEST_SHA224 with #YACA_PADDING_X931 is prohibited. - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @param[out] ctx Newly created context - * @param[in] algo Digest algorithm that will be used - * @param[in] prv_key Private key that will be used, algorithm is deduced based - * on key type, supported key types: - * - #YACA_KEY_TYPE_RSA_PRIV, - * - #YACA_KEY_TYPE_DSA_PRIV, - * - #YACA_KEY_TYPE_EC_PRIV - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks For verification use yaca_verify_initialize(), yaca_verify_update() and + * yaca_verify_finalize() functions with matching public key. + * @remarks For RSA operations the default padding used is #YACA_PADDING_PKCS1. It can be + * changed using yaca_context_set_property() with #YACA_PROPERTY_PADDING. + * @remarks For #YACA_DIGEST_SHA384 and #YACA_DIGEST_SHA512 the RSA key size must be bigger than + * #YACA_KEY_LENGTH_512BIT. + * @remarks Using of #YACA_DIGEST_MD5 algorithm for DSA and ECDSA operations is prohibited. + * @remarks Using of #YACA_DIGEST_MD5 or #YACA_DIGEST_SHA224 with #YACA_PADDING_X931 is prohibited. + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @param[out] ctx Newly created context + * @param[in] algo Digest algorithm that will be used + * @param[in] prv_key Private key that will be used, algorithm is deduced based + * on key type, supported key types: + * - #YACA_KEY_TYPE_RSA_PRIV, + * - #YACA_KEY_TYPE_DSA_PRIV, + * - #YACA_KEY_TYPE_EC_PRIV + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo or @a prv_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_digest_algorithm_e * @see #yaca_padding_e @@ -82,33 +79,26 @@ extern "C" { * @see yaca_verify_finalize() * @see yaca_context_destroy() */ -int yaca_sign_initialize(yaca_context_h *ctx, - yaca_digest_algorithm_e algo, - const yaca_key_h prv_key); +int yaca_sign_initialize(yaca_context_h *ctx, yaca_digest_algorithm_e algo, const yaca_key_h prv_key); + /** - * @brief Initializes a signature context for HMAC. - * + * @brief Initializes a signature context for HMAC. * @since_tizen 3.0 - * - * @remarks For verification, calculate message HMAC and compare with received MAC using - * yaca_memcmp(). - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @param[out] ctx Newly created context - * @param[in] algo Digest algorithm that will be used - * @param[in] sym_key Symmetric key that will be used, supported key types: - * - #YACA_KEY_TYPE_SYMMETRIC, - * - #YACA_KEY_TYPE_DES - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks For verification, calculate message HMAC and compare with received MAC using yaca_memcmp(). + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @param[out] ctx Newly created context + * @param[in] algo Digest algorithm that will be used + * @param[in] sym_key Symmetric key that will be used, supported key types: + * - #YACA_KEY_TYPE_SYMMETRIC, + * - #YACA_KEY_TYPE_DES + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo or @a sym_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_digest_algorithm_e * @see yaca_sign_update() @@ -116,33 +106,26 @@ int yaca_sign_initialize(yaca_context_h *ctx, * @see yaca_memcmp() * @see yaca_context_destroy() */ -int yaca_sign_initialize_hmac(yaca_context_h *ctx, - yaca_digest_algorithm_e algo, - const yaca_key_h sym_key); +int yaca_sign_initialize_hmac(yaca_context_h *ctx, yaca_digest_algorithm_e algo, const yaca_key_h sym_key); + /** - * @brief Initializes a signature context for CMAC. - * + * @brief Initializes a signature context for CMAC. * @since_tizen 3.0 - * - * @remarks For verification, calculate message CMAC and compare with received MAC using - * yaca_memcmp(). - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @param[out] ctx Newly created context - * @param[in] algo Encryption algorithm that will be used - * @param[in] sym_key Symmetric key that will be used, supported key types: - * - #YACA_KEY_TYPE_SYMMETRIC, - * - #YACA_KEY_TYPE_DES - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks For verification, calculate message CMAC and compare with received MAC using yaca_memcmp(). + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @param[out] ctx Newly created context + * @param[in] algo Encryption algorithm that will be used + * @param[in] sym_key Symmetric key that will be used, supported key types: + * - #YACA_KEY_TYPE_SYMMETRIC, + * - #YACA_KEY_TYPE_DES + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo or @a sym_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_encrypt_algorithm_e * @see yaca_sign_update() @@ -150,91 +133,76 @@ int yaca_sign_initialize_hmac(yaca_context_h *ctx, * @see yaca_memcmp() * @see yaca_context_destroy() */ -int yaca_sign_initialize_cmac(yaca_context_h *ctx, - yaca_encrypt_algorithm_e algo, - const yaca_key_h sym_key); +int yaca_sign_initialize_cmac(yaca_context_h *ctx, yaca_encrypt_algorithm_e algo, const yaca_key_h sym_key); + /** - * @brief Feeds the message into the digital signature or MAC algorithm. - * + * @brief Feeds the message into the digital signature or MAC algorithm. * @since_tizen 3.0 - * - * @param[in,out] ctx Context created by yaca_sign_initialize(), - * yaca_sign_initialize_hmac() or yaca_sign_initialize_cmac() - * @param[in] message Message to be signed - * @param[in] message_len Length of the message - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in,out] ctx Context created by yaca_sign_initialize(), + * yaca_sign_initialize_hmac() or yaca_sign_initialize_cmac() + * @param[in] message Message to be signed + * @param[in] message_len Length of the message + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_sign_initialize() * @see yaca_sign_finalize() * @see yaca_sign_initialize_hmac() * @see yaca_sign_initialize_cmac() */ -int yaca_sign_update(yaca_context_h ctx, - const char *message, - size_t message_len); +int yaca_sign_update(yaca_context_h ctx, const char *message, size_t message_len); + /** - * @brief Calculates the final signature or MAC. - * + * @brief Calculates the final signature or MAC. * @since_tizen 3.0 - * - * @remarks Skipping yaca_sign_update() and calling only yaca_sign_finalize() will produce a - * signature or MAC of an empty message. - * - * @param[in,out] ctx A valid sign context - * @param[out] signature Buffer for the MAC or the message signature - * (must be allocated by client, see yaca_context_get_output_length()) - * @param[out] signature_len Length of the MAC or the signature, - * actual number of bytes written will be returned here - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Skipping yaca_sign_update() and calling only yaca_sign_finalize() will produce a + * signature or MAC of an empty message. + * @param[in,out] ctx A valid sign context + * @param[out] signature Buffer for the MAC or the message signature + * (must be allocated by client, see yaca_context_get_output_length()) + * @param[out] signature_len Length of the MAC or the signature, + * actual number of bytes written will be returned here + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_sign_initialize() * @see yaca_sign_update() * @see yaca_sign_initialize_hmac() * @see yaca_sign_initialize_cmac() * @see yaca_context_get_output_length() */ -int yaca_sign_finalize(yaca_context_h ctx, - char *signature, - size_t *signature_len); +int yaca_sign_finalize(yaca_context_h ctx, char *signature, size_t *signature_len); + /** - * @brief Initializes a signature verification context for asymmetric signatures. - * + * @brief Initializes a signature verification context for asymmetric signatures. * @since_tizen 3.0 - * - * @remarks For RSA operations the default padding used is #YACA_PADDING_PKCS1. It can be - * changed using yaca_context_set_property() with #YACA_PROPERTY_PADDING. - * For verify to succeed it has to be set to the same value it was signed with. - * - * @remarks The @a ctx should be released using yaca_context_destroy(). - * - * @param[out] ctx Newly created context - * @param[in] algo Digest algorithm that will be used - * @param[in] pub_key Public key that will be used, algorithm is deduced based on - * key type, supported key types: - * - #YACA_KEY_TYPE_RSA_PUB, - * - #YACA_KEY_TYPE_DSA_PUB, - * - #YACA_KEY_TYPE_EC_PUB - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks For RSA operations the default padding used is #YACA_PADDING_PKCS1. It can be + * changed using yaca_context_set_property() with #YACA_PROPERTY_PADDING. + * For verify to succeed it has to be set to the same value it was signed with. + * @remarks The @a ctx should be released using yaca_context_destroy(). + * @param[out] ctx Newly created context + * @param[in] algo Digest algorithm that will be used + * @param[in] pub_key Public key that will be used, algorithm is deduced based on + * key type, supported key types: + * - #YACA_KEY_TYPE_RSA_PUB, + * - #YACA_KEY_TYPE_DSA_PUB, + * - #YACA_KEY_TYPE_EC_PUB + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo or @a pub_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_digest_algorithm_e * @see #yaca_padding_e @@ -243,65 +211,57 @@ int yaca_sign_finalize(yaca_context_h ctx, * @see yaca_verify_finalize() * @see yaca_context_destroy() */ -int yaca_verify_initialize(yaca_context_h *ctx, - yaca_digest_algorithm_e algo, - const yaca_key_h pub_key); +int yaca_verify_initialize(yaca_context_h *ctx, yaca_digest_algorithm_e algo, const yaca_key_h pub_key); + /** - * @brief Feeds the message into the digital signature verification algorithm. - * + * @brief Feeds the message into the digital signature verification algorithm. * @since_tizen 3.0 - * - * @param[in,out] ctx Context created by yaca_verify_initialize() - * @param[in] message Message - * @param[in] message_len Length of the message - * - * @return #YACA_ERROR_NONE on success, negative on error + * @param[in,out] ctx Context created by yaca_verify_initialize() + * @param[in] message Message + * @param[in] message_len Length of the message + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error - * * @see yaca_verify_initialize() * @see yaca_verify_finalize() */ -int yaca_verify_update(yaca_context_h ctx, - const char *message, - size_t message_len); +int yaca_verify_update(yaca_context_h ctx, const char *message, size_t message_len); + /** - * @brief Performs the verification. - * + * @brief Performs the verification. * @since_tizen 3.0 - * - * @remarks Skipping yaca_verify_update() and calling only yaca_verify_finalize() will verify - * the signature of an empty message. - * - * @param[in,out] ctx A valid verify context - * @param[in] signature Message signature to be verified - * @param[in] signature_len Length of the signature - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks Skipping yaca_verify_update() and calling only yaca_verify_finalize() will verify + * the signature of an empty message. + * @param[in,out] ctx A valid verify context + * @param[in] signature Message signature to be verified + * @param[in] signature_len Length of the signature + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a ctx) * @retval #YACA_ERROR_INTERNAL Internal error * @retval #YACA_ERROR_DATA_MISMATCH The verification failed - * * @see yaca_verify_initialize() * @see yaca_verify_update() * @see yaca_sign_finalize() */ -int yaca_verify_finalize(yaca_context_h ctx, - const char *signature, - size_t signature_len); +int yaca_verify_finalize(yaca_context_h ctx, const char *signature, size_t signature_len); + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_SIGN_H */ diff --git a/api/yaca/yaca_simple.h b/api/yaca/yaca_simple.h index 97a9826..7328c7c 100644 --- a/api/yaca/yaca_simple.h +++ b/api/yaca/yaca_simple.h @@ -16,317 +16,253 @@ * limitations under the License */ + /** - * @file yaca_simple.h - * @brief Simple API. - * - * @details This is simple API. - * Design constraints: - * - All operations are single-shot (no streaming possible) - * - Context is not used - * - Only digest, signatures and symmetric ciphers are supported - * - Disabling PKCS#7 padding for ECB and CBC chaining is not supported - * - Changing the default PKCS#1 padding for sign/verify is not supported - * - GCM and CCM chaining is not supported - * - RC2 effective key bits property is not supported - * - All outputs are allocated by the library + * @file yaca_simple.h + * @brief Simple API. + * @details This is simple API. + * Design constraints: + * - All operations are single-shot (no streaming possible) + * - Context is not used + * - Only digest, signatures and symmetric ciphers are supported + * - Disabling PKCS#7 padding for ECB and CBC chaining is not supported + * - Changing the default PKCS#1 padding for sign/verify is not supported + * - GCM and CCM chaining is not supported + * - RC2 effective key bits property is not supported + * - All outputs are allocated by the library */ + #ifndef YACA_SIMPLE_H #define YACA_SIMPLE_H + #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_SIMPLE_MODULE * @{ */ + /** - * @brief Encrypts data using a symmetric cipher. - * + * @brief Encrypts data using a symmetric cipher. * @since_tizen 3.0 - * - * @remarks yaca_simple_encrypt() doesn't support #YACA_BCM_GCM and #YACA_BCM_CCM. - * - * @remarks The @a ciphertext should be freed using yaca_free(). - * - * @remarks The @a plaintext can be NULL but then @a plaintext_len must be 0. - * - * @param[in] algo Encryption algorithm (select #YACA_ENCRYPT_AES if unsure) - * @param[in] bcm Chaining mode (select #YACA_BCM_CBC if unsure) - * @param[in] sym_key Symmetric encryption key (see yaca_key.h for key generation functions) - * @param[in] iv Initialization Vector - * @param[in] plaintext Plaintext to be encrypted - * @param[in] plaintext_len Length of the plaintext - * @param[out] ciphertext Encrypted data, will be allocated by the library - * @param[out] ciphertext_len Length of the encrypted data (may be larger than decrypted) - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks yaca_simple_encrypt() doesn't support #YACA_BCM_GCM and #YACA_BCM_CCM. + * @remarks The @a ciphertext should be freed using yaca_free(). + * @remarks The @a plaintext can be NULL but then @a plaintext_len must be 0. + * @param[in] algo Encryption algorithm (select #YACA_ENCRYPT_AES if unsure) + * @param[in] bcm Chaining mode (select #YACA_BCM_CBC if unsure) + * @param[in] sym_key Symmetric encryption key (see yaca_key.h for key generation functions) + * @param[in] iv Initialization Vector + * @param[in] plaintext Plaintext to be encrypted + * @param[in] plaintext_len Length of the plaintext + * @param[out] ciphertext Encrypted data, will be allocated by the library + * @param[out] ciphertext_len Length of the encrypted data (may be larger than decrypted) + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a algo, @a bcm, @a sym_key or @a iv) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_encrypt_algorithm_e * @see #yaca_block_cipher_mode_e * @see yaca_simple_decrypt() * @see yaca_free() */ -int yaca_simple_encrypt(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv, - const char *plaintext, - size_t plaintext_len, - char **ciphertext, - size_t *ciphertext_len); +int yaca_simple_encrypt(yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, const yaca_key_h sym_key, const yaca_key_h iv, const char *plaintext, + size_t plaintext_len, char **ciphertext, size_t *ciphertext_len); + /** - * @brief Decrypts data using a symmetric cipher. - * + * @brief Decrypts data using a symmetric cipher. * @since_tizen 3.0 - * - * @remarks yaca_simple_decrypt() doesn't support #YACA_BCM_GCM and #YACA_BCM_CCM. - * - * @remarks The @a plaintext should be freed using yaca_free(). - * - * @remarks The @a ciphertext can be NULL but then @a ciphertext_len must be 0. - * - * @param[in] algo Decryption algorithm that was used to encrypt the data - * @param[in] bcm Chaining mode that was used to encrypt the data - * @param[in] sym_key Symmetric encryption key that was used to encrypt the data - * @param[in] iv Initialization Vector that was used to encrypt the data - * @param[in] ciphertext Ciphertext to be decrypted - * @param[in] ciphertext_len Length of ciphertext - * @param[out] plaintext Decrypted data, will be allocated by the library - * @param[out] plaintext_len Length of the decrypted data - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks yaca_simple_decrypt() doesn't support #YACA_BCM_GCM and #YACA_BCM_CCM. + * @remarks The @a plaintext should be freed using yaca_free(). + * @remarks The @a ciphertext can be NULL but then @a ciphertext_len must be 0. + * @param[in] algo Decryption algorithm that was used to encrypt the data + * @param[in] bcm Chaining mode that was used to encrypt the data + * @param[in] sym_key Symmetric encryption key that was used to encrypt the data + * @param[in] iv Initialization Vector that was used to encrypt the data + * @param[in] ciphertext Ciphertext to be decrypted + * @param[in] ciphertext_len Length of ciphertext + * @param[out] plaintext Decrypted data, will be allocated by the library + * @param[out] plaintext_len Length of the decrypted data + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a algo, @a bcm, @a sym_key or @a iv) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_encrypt_algorithm_e * @see #yaca_block_cipher_mode_e * @see yaca_simple_encrypt() * @see yaca_free() */ -int yaca_simple_decrypt(yaca_encrypt_algorithm_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv, - const char *ciphertext, - size_t ciphertext_len, - char **plaintext, - size_t *plaintext_len); +int yaca_simple_decrypt(yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, const yaca_key_h sym_key, const yaca_key_h iv, const char *ciphertext, + size_t ciphertext_len, char **plaintext, size_t *plaintext_len); + /** - * @brief Calculates a digest of a message. - * + * @brief Calculates a digest of a message. * @since_tizen 3.0 - * - * @remarks The @a digest should be freed using yaca_free(). - * - * @remarks The @a message can be NULL but then @a message_len must be 0. - * - * @param[in] algo Digest algorithm (select #YACA_DIGEST_SHA256 if unsure) - * @param[in] message Message from which the digest is to be calculated - * @param[in] message_len Length of the message - * @param[out] digest Message digest, will be allocated by the library - * @param[out] digest_len Length of message digest (depends on algorithm) - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a digest should be freed using yaca_free(). + * @remarks The @a message can be NULL but then @a message_len must be 0. + * @param[in] algo Digest algorithm (select #YACA_DIGEST_SHA256 if unsure) + * @param[in] message Message from which the digest is to be calculated + * @param[in] message_len Length of the message + * @param[out] digest Message digest, will be allocated by the library + * @param[out] digest_len Length of message digest (depends on algorithm) + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, * invalid @a algo) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_digest_algorithm_e * @see yaca_free() */ -int yaca_simple_calculate_digest(yaca_digest_algorithm_e algo, - const char *message, - size_t message_len, - char **digest, - size_t *digest_len); +int yaca_simple_calculate_digest(yaca_digest_algorithm_e algo, const char *message, size_t message_len, char **digest, size_t *digest_len); + /** - * @brief Creates a signature using asymmetric private key. - * + * @brief Creates a signature using asymmetric private key. * @since_tizen 3.0 - * - * @remarks For #YACA_DIGEST_SHA384 and #YACA_DIGEST_SHA512 the RSA key size must be bigger than - * #YACA_KEY_LENGTH_512BIT. - * - * @remarks Using of #YACA_DIGEST_MD5 algorithm for DSA and ECDSA operations is prohibited. - * - * @remarks The @a signature should be freed using yaca_free(). - * - * @remarks The @a message can be NULL but then @a message_len must be 0. - * - * @param[in] algo Digest algorithm that will be used - * @param[in] prv_key Private key that will be used, algorithm is - * deduced based on key type, supported key types: - * - #YACA_KEY_TYPE_RSA_PRIV, - * - #YACA_KEY_TYPE_DSA_PRIV, - * - #YACA_KEY_TYPE_EC_PRIV - * @param[in] message Message to be signed - * @param[in] message_len Length of the message - * @param[out] signature Message signature, will be allocated by the library - * @param[out] signature_len Length of the signature - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks For #YACA_DIGEST_SHA384 and #YACA_DIGEST_SHA512 the RSA key size must be bigger than + * #YACA_KEY_LENGTH_512BIT. + * @remarks Using of #YACA_DIGEST_MD5 algorithm for DSA and ECDSA operations is prohibited. + * @remarks The @a signature should be freed using yaca_free(). + * @remarks The @a message can be NULL but then @a message_len must be 0. + * @param[in] algo Digest algorithm that will be used + * @param[in] prv_key Private key that will be used, algorithm is + * deduced based on key type, supported key types: + * - #YACA_KEY_TYPE_RSA_PRIV, + * - #YACA_KEY_TYPE_DSA_PRIV, + * - #YACA_KEY_TYPE_EC_PRIV + * @param[in] message Message to be signed + * @param[in] message_len Length of the message + * @param[out] signature Message signature, will be allocated by the library + * @param[out] signature_len Length of the signature + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a algo or @a prv_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_digest_algorithm_e * @see yaca_simple_verify_signature() * @see yaca_free() */ -int yaca_simple_calculate_signature(yaca_digest_algorithm_e algo, - const yaca_key_h prv_key, - const char *message, - size_t message_len, - char **signature, - size_t *signature_len); +int yaca_simple_calculate_signature(yaca_digest_algorithm_e algo, const yaca_key_h prv_key, const char *message, size_t message_len, char **signature, size_t *signature_len); + /** - * @brief Verifies a signature using asymmetric public key. - * + * @brief Verifies a signature using asymmetric public key. * @since_tizen 3.0 - * - * @remarks The @a message can be NULL but then @a message_len must be 0. - * - * @param[in] algo Digest algorithm that will be used - * @param[in] pub_key Public key that will be used, algorithm is - * deduced based on key type, supported key types: - * - #YACA_KEY_TYPE_RSA_PUB, - * - #YACA_KEY_TYPE_DSA_PUB, - * - #YACA_KEY_TYPE_EC_PUB - * @param[in] message Message - * @param[in] message_len Length of the message - * @param[in] signature Message signature to be verified - * @param[in] signature_len Length of the signature - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks The @a message can be NULL but then @a message_len must be 0. + * @param[in] algo Digest algorithm that will be used + * @param[in] pub_key Public key that will be used, algorithm is + * deduced based on key type, supported key types: + * - #YACA_KEY_TYPE_RSA_PUB, + * - #YACA_KEY_TYPE_DSA_PUB, + * - #YACA_KEY_TYPE_EC_PUB + * @param[in] message Message + * @param[in] message_len Length of the message + * @param[in] signature Message signature to be verified + * @param[in] signature_len Length of the signature + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a algo or @a pub_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error * @retval #YACA_ERROR_DATA_MISMATCH The verification failed - * * @see #yaca_key_type_e * @see #yaca_digest_algorithm_e * @see yaca_simple_calculate_signature() */ -int yaca_simple_verify_signature(yaca_digest_algorithm_e algo, - const yaca_key_h pub_key, - const char *message, - size_t message_len, - const char *signature, - size_t signature_len); +int yaca_simple_verify_signature(yaca_digest_algorithm_e algo, const yaca_key_h pub_key, const char *message, size_t message_len, const char *signature, size_t signature_len); + /** - * @brief Calculates a HMAC of given message using symmetric key. - * + * @brief Calculates a HMAC of given message using symmetric key. * @since_tizen 3.0 - * - * @remarks For verification, calculate message HMAC and compare with received MAC using - * yaca_memcmp(). - * - * @remarks The @a mac should be freed using yaca_free(). - * - * @remarks The @a message can be NULL but then @a message_len must be 0. - * - * @param[in] algo Digest algorithm that will be used - * @param[in] sym_key Key that will be used, supported key types: - * - #YACA_KEY_TYPE_SYMMETRIC, - * - #YACA_KEY_TYPE_DES - * @param[in] message Message to calculate HMAC from - * @param[in] message_len Length of the message - * @param[out] mac MAC, will be allocated by the library - * @param[out] mac_len Length of the MAC - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks For verification, calculate message HMAC and compare with received MAC using yaca_memcmp(). + * @remarks The @a mac should be freed using yaca_free(). + * @remarks The @a message can be NULL but then @a message_len must be 0. + * @param[in] algo Digest algorithm that will be used + * @param[in] sym_key Key that will be used, supported key types: + * - #YACA_KEY_TYPE_SYMMETRIC, + * - #YACA_KEY_TYPE_DES + * @param[in] message Message to calculate HMAC from + * @param[in] message_len Length of the message + * @param[out] mac MAC, will be allocated by the library + * @param[out] mac_len Length of the MAC + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a algo or @a sym_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_digest_algorithm_e * @see yaca_memcmp() * @see yaca_free() */ -int yaca_simple_calculate_hmac(yaca_digest_algorithm_e algo, - const yaca_key_h sym_key, - const char *message, - size_t message_len, - char **mac, - size_t *mac_len); +int yaca_simple_calculate_hmac(yaca_digest_algorithm_e algo, const yaca_key_h sym_key, const char *message, size_t message_len, char **mac, size_t *mac_len); + /** - * @brief Calculates a CMAC of given message using symmetric key. - * + * @brief Calculates a CMAC of given message using symmetric key. * @since_tizen 3.0 - * - * @remarks For verification, calculate message CMAC and compare with received MAC using - * yaca_memcmp(). - * - * @remarks The @a mac should be freed using yaca_free(). - * - * @remarks The @a message can be NULL but then @a message_len must be 0. - * - * @param[in] algo Encryption algorithm that will be used - * @param[in] sym_key Key that will be used, supported key types: - * - #YACA_KEY_TYPE_SYMMETRIC, - * - #YACA_KEY_TYPE_DES - * @param[in] message Message to calculate CMAC from - * @param[in] message_len Length of the message - * @param[out] mac MAC, will be allocated by the library - * @param[out] mac_len Length of the MAC - * - * @return #YACA_ERROR_NONE on success, negative on error + * @remarks For verification, calculate message CMAC and compare with received MAC using yaca_memcmp(). + * @remarks The @a mac should be freed using yaca_free(). + * @remarks The @a message can be NULL but then @a message_len must be 0. + * @param[in] algo Encryption algorithm that will be used + * @param[in] sym_key Key that will be used, supported key types: + * - #YACA_KEY_TYPE_SYMMETRIC, + * - #YACA_KEY_TYPE_DES + * @param[in] message Message to calculate CMAC from + * @param[in] message_len Length of the message + * @param[out] mac MAC, will be allocated by the library + * @param[out] mac_len Length of the MAC + * @return #YACA_ERROR_NONE on success, + * negative on error * @retval #YACA_ERROR_NONE Successful * @retval #YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0 * invalid @a algo or @a sym_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error - * * @see #yaca_key_type_e * @see #yaca_encrypt_algorithm_e * @see yaca_memcmp() * @see yaca_free() */ -int yaca_simple_calculate_cmac(yaca_encrypt_algorithm_e algo, - const yaca_key_h sym_key, - const char *message, - size_t message_len, - char **mac, - size_t *mac_len); +int yaca_simple_calculate_cmac(yaca_encrypt_algorithm_e algo, const yaca_key_h sym_key, const char *message, size_t message_len, char **mac, size_t *mac_len); + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_SIMPLE_H */ diff --git a/api/yaca/yaca_types.h b/api/yaca/yaca_types.h index c6b1cb3..a4ae309 100644 --- a/api/yaca/yaca_types.h +++ b/api/yaca/yaca_types.h @@ -16,25 +16,29 @@ * limitations under the License */ + /** - * @file yaca_types.h - * @brief Types enums and defines. + * @file yaca_types.h + * @brief Types enums and defines. */ + #ifndef YACA_TYPES_H #define YACA_TYPES_H + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_YACA_ENCRYPTION_MODULE * @{ */ + /* The format of the unsigned int used to indicate key_bit_len is as follows: - * * Bits indicating a type: * bits 31-28 (4 bits) indicate key_length type: * 0000(0) - regular type for RSA, DSA @@ -42,10 +46,8 @@ extern "C" { * 0010(2) - DH with RFC 5114 * 0011(3) - elliptic curve * remaining combinations reserved - * * Bits for a regular type: * bits 27-0 (28 bits) indicate length of the key in bits - * * Bits for a DH with specified generator number: * bits 27-24 (4 bits) indicate DH generator * 0000(0) - generator 2 @@ -53,7 +55,6 @@ extern "C" { * remaining combinations reserved * bits 23-16 (8 bits) reserved * bits 15-0 (16 bits) length of the safe prime in bits - * * Bits for a DH with RFC 5114: * bits 27-24 (4 bits) indicate a bit subgroup: * 0000(0) - 160 @@ -62,7 +63,6 @@ extern "C" { * remaining combinations reserved * bits 23-16 (8 bits) reserved * bits 15-0 (16 bits) length of the safe prime in bits - * * Bits for an elliptic curve type: * bits 27-24 (4 bits) indicate type of an elliptic curve: * 0000(0) - X9.62 Prime @@ -83,75 +83,79 @@ extern "C" { * 0011(3) - 4 * remaining combinations reserved * bits 15-0 (16 bits) - length of the prime field in bits - * * Those bits are used for DH and EC. For any other keys key_bit_len can be passed just * as a number of bits (4 most significant bits set to 0000, 28 bits for bit length). - * * In any case those defines are not be used directly. - * * For DH keys use YACA_KEY_LENGTH_DH_GENERATOR_* or'ed with safe prime length. * Alternatively one can use values from yaca_key_bit_length_dh_rfc_e enum to use * RFC 5114 parameters. - * * For elliptic curves use values from yaca_key_bit_length_ec_e enum. */ + /** @cond Don't include those defines in doxygen, they are not to be used directly */ + /* types */ -#define YACA_KEYLEN_COMPONENT_TYPE_MASK (0xF << 28) -#define YACA_KEYLEN_COMPONENT_TYPE_BITS (0U << 28) -#define YACA_KEYLEN_COMPONENT_TYPE_DH (1U << 28) -#define YACA_KEYLEN_COMPONENT_TYPE_DH_RFC (2U << 28) -#define YACA_KEYLEN_COMPONENT_TYPE_EC (3U << 28) +#define YACA_KEYLEN_COMPONENT_TYPE_MASK (0xF << 28) +#define YACA_KEYLEN_COMPONENT_TYPE_BITS (0U << 28) +#define YACA_KEYLEN_COMPONENT_TYPE_DH (1U << 28) +#define YACA_KEYLEN_COMPONENT_TYPE_DH_RFC (2U << 28) +#define YACA_KEYLEN_COMPONENT_TYPE_EC (3U << 28) + /* DH type */ -#define YACA_KEYLEN_COMPONENT_DH_GEN_MASK (0xF << 24) -#define YACA_KEYLEN_COMPONENT_DH_GEN_2 (0U << 24) -#define YACA_KEYLEN_COMPONENT_DH_GEN_5 (1U << 24) +#define YACA_KEYLEN_COMPONENT_DH_GEN_MASK (0xF << 24) +#define YACA_KEYLEN_COMPONENT_DH_GEN_2 (0U << 24) +#define YACA_KEYLEN_COMPONENT_DH_GEN_5 (1U << 24) + #define YACA_KEYLEN_COMPONENT_DH_PRIME_MASK (0xFFFF << 0) + /* DH_RFC type */ -#define YACA_KEYLEN_COMPONENT_DH_RFC_MASK (0xF << 24) -#define YACA_KEYLEN_COMPONENT_DH_RFC_160 (0U << 24) -#define YACA_KEYLEN_COMPONENT_DH_RFC_224 (1U << 24) -#define YACA_KEYLEN_COMPONENT_DH_RFC_256 (2U << 24) +#define YACA_KEYLEN_COMPONENT_DH_RFC_MASK (0xF << 24) +#define YACA_KEYLEN_COMPONENT_DH_RFC_160 (0U << 24) +#define YACA_KEYLEN_COMPONENT_DH_RFC_224 (1U << 24) +#define YACA_KEYLEN_COMPONENT_DH_RFC_256 (2U << 24) + /* EC type */ -#define YACA_KEYLEN_COMPONENT_EC_PRIME (0U << 24) -#define YACA_KEYLEN_COMPONENT_EC_SECP (1U << 24) -#define YACA_KEYLEN_COMPONENT_EC_SECT (2U << 24) -#define YACA_KEYLEN_COMPONENT_EC_BRAINPOOL (3U << 24) - -#define YACA_KEYLEN_COMPONENT_EC_V (0U << 20) -#define YACA_KEYLEN_COMPONENT_EC_R (1U << 20) -#define YACA_KEYLEN_COMPONENT_EC_K (2U << 20) -#define YACA_KEYLEN_COMPONENT_EC_T (3U << 20) - -#define YACA_KEYLEN_COMPONENT_EC_1 (0U << 16) -#define YACA_KEYLEN_COMPONENT_EC_2 (1U << 16) -#define YACA_KEYLEN_COMPONENT_EC_3 (2U << 16) -#define YACA_KEYLEN_COMPONENT_EC_4 (3U << 16) +#define YACA_KEYLEN_COMPONENT_EC_PRIME (0U << 24) +#define YACA_KEYLEN_COMPONENT_EC_SECP (1U << 24) +#define YACA_KEYLEN_COMPONENT_EC_SECT (2U << 24) +#define YACA_KEYLEN_COMPONENT_EC_BRAINPOOL (3U << 24) + + +#define YACA_KEYLEN_COMPONENT_EC_V (0U << 20) +#define YACA_KEYLEN_COMPONENT_EC_R (1U << 20) +#define YACA_KEYLEN_COMPONENT_EC_K (2U << 20) +#define YACA_KEYLEN_COMPONENT_EC_T (3U << 20) + + +#define YACA_KEYLEN_COMPONENT_EC_1 (0U << 16) +#define YACA_KEYLEN_COMPONENT_EC_2 (1U << 16) +#define YACA_KEYLEN_COMPONENT_EC_3 (2U << 16) +#define YACA_KEYLEN_COMPONENT_EC_4 (3U << 16) /** @endcond */ + /** * @brief The context handle. - * * @since_tizen 3.0 */ typedef struct yaca_context_s *yaca_context_h; + /** - * @brief The handle of a key, an Initialization Vector or a key generation parameters. - * + * @brief An Initialization Vector or a key generation parameters by the key handle. * @since_tizen 3.0 */ typedef struct yaca_key_s *yaca_key_h; + /** - * @brief Enumeration of YACA key formats. - * + * @brief Enumeration for formats YACA key. * @since_tizen 3.0 */ typedef enum { @@ -161,9 +165,9 @@ typedef enum { YACA_KEY_FORMAT_PKCS8 } yaca_key_format_e; + /** - * @brief Enumeration of YACA key file formats. - * + * @brief Enumeration for formats YACA key file. * @since_tizen 3.0 */ typedef enum { @@ -177,9 +181,9 @@ typedef enum { YACA_KEY_FILE_FORMAT_DER } yaca_key_file_format_e; + /** - * @brief Enumeration of YACA key types, Initialization Vector is considered as key. - * + * @brief Enumeration for YACA key types, Initialization Vector is considered as key. * @since_tizen 3.0 */ typedef enum { @@ -218,11 +222,11 @@ typedef enum { YACA_KEY_TYPE_EC_PARAMS } yaca_key_type_e; + /** - * @brief Enumeration of YACA key lengths. + * @brief Enumeration for YACA key lengths. * It is possible to use arbitrary integer instead, * this enum values are placed here to avoid magic numbers. - * * @since_tizen 3.0 */ typedef enum { @@ -257,10 +261,9 @@ typedef enum { } yaca_key_bit_length_e; /** - * @brief Enumeration of YACA elliptic curve types with their bit lengths. + * @brief Enumeration for YACA elliptic curve types with their bit lengths. * It's meant to be passed or returned as a @a key_bit_len param * in appropriate functions when dealing with elliptic curves. - * * @since_tizen 3.0 */ typedef enum { @@ -277,24 +280,23 @@ typedef enum { } yaca_key_bit_length_ec_e; /** - * @brief A value indicating generator equal 2 for DH parameters. + * @brief Definition for the value indicating generator equal 2 for DH parameters. * To be or'ed with safe prime length in bits. Prime length is recommended * to be 2048 bits or higher. */ #define YACA_KEY_LENGTH_DH_GENERATOR_2 (YACA_KEYLEN_COMPONENT_TYPE_DH | YACA_KEYLEN_COMPONENT_DH_GEN_2) /** - * @brief A value indicating generator equal 5 for DH parameters. + * @brief Definition for the value indicating generator equal 5 for DH parameters. * To be or'ed with safe prime length in bits. Prime length is recommended * to be 2048 bits or higher. */ #define YACA_KEY_LENGTH_DH_GENERATOR_5 (YACA_KEYLEN_COMPONENT_TYPE_DH | YACA_KEYLEN_COMPONENT_DH_GEN_5) /** - * @brief Enumeration of YACA DH parameters taken from RFC 5114. + * @brief Enumeration for YACA DH parameters taken from RFC 5114. * It's meant to be passed or returned as a @a key_bit_len param * in appropriate functions when dealing with DH and wanting to * use RFC 5114 values. - * * @since_tizen 3.0 */ typedef enum { @@ -306,9 +308,9 @@ typedef enum { YACA_KEY_LENGTH_DH_RFC_2048_256 = YACA_KEYLEN_COMPONENT_TYPE_DH_RFC | YACA_KEYLEN_COMPONENT_DH_RFC_256 | 2048U } yaca_key_bit_length_dh_rfc_e; + /** - * @brief Enumeration of YACA message digest algorithms. - * + * @brief Enumeration for YACA message digest algorithms. * @since_tizen 3.0 */ typedef enum { @@ -326,9 +328,9 @@ typedef enum { YACA_DIGEST_SHA512, } yaca_digest_algorithm_e; + /** - * @brief Enumeration of YACA symmetric encryption algorithms. - * + * @brief Enumeration for YACA symmetric encryption algorithms. * @since_tizen 3.0 */ typedef enum { @@ -435,9 +437,9 @@ typedef enum { YACA_ENCRYPT_CAST5, } yaca_encrypt_algorithm_e; + /** - * @brief Enumeration of YACA chaining modes for block ciphers. - * + * @brief Enumeration for YACA chaining modes for block ciphers. * @since_tizen 3.0 */ typedef enum { @@ -450,7 +452,6 @@ typedef enum { /** * ECB block cipher mode. * Initialization Vector is not used. - * * By default the input data is padded using standard block padding (#YACA_PADDING_PKCS7). * Padding can be disabled using yaca_context_set_property() and * #YACA_PROPERTY_PADDING,#YACA_PADDING_NONE, @@ -470,7 +471,6 @@ typedef enum { * CBC block cipher mode. * 128-bit Initialization Vector for AES, * 64-bit for other algorithms is mandatory. - * * By default the input data is padded using standard block padding (#YACA_PADDING_PKCS7). * Padding can be disabled using yaca_context_set_property() and * #YACA_PROPERTY_PADDING, #YACA_PADDING_NONE, @@ -482,7 +482,6 @@ typedef enum { /** * GCM block cipher mode. * This is a variable Initialization Vector length mode (recommended 96-bits). - * * Supported properties: * - #YACA_PROPERTY_GCM_TAG_LEN = GCM tag length (optional)\n * Supported tag lengths: @c 4, @c 8, @c 12, @c 13, @c 14, @c 15, @c 16 @@ -490,22 +489,18 @@ typedef enum { * Set after yaca_encrypt_finalize() / yaca_seal_finalize() and before * yaca_context_get_property(#YACA_PROPERTY_GCM_TAG) in encryption / seal operation.\n * The @a value should be a size_t variable.\n - * In decryption / open operation tag length is not set.\n\n - * + * In decryption / open operation tag length is not set.\n * - #YACA_PROPERTY_GCM_TAG = GCM tag\n * Get after yaca_encrypt_finalize() / yaca_seal_finalize() in encryption / seal operation.\n * Set after yaca_decrypt_update() / yaca_open_update() and before - * yaca_decrypt_finalize() / yaca_open_finalize() in decryption / open operation.\n\n - * + * yaca_decrypt_finalize() / yaca_open_finalize() in decryption / open operation.\n * - #YACA_PROPERTY_GCM_AAD = additional authentication data (optional)\n * Set after yaca_encrypt_initialize() / yaca_seal_initialize() and before * yaca_encrypt_update() / yaca_seal_update() in encryption / seal operation.\n * Set after yaca_decrypt_initialize() / yaca_open_initialize() and before - * yaca_decrypt_update() / yaca_open_update() in decryption / open operation.\n\n - * + * yaca_decrypt_update() / yaca_open_update() in decryption / open operation.\n * @see yaca_context_set_property() * @see yaca_context_get_property() - * */ YACA_BCM_GCM, @@ -541,61 +536,50 @@ typedef enum { * CBC-MAC Mode (AES). * This is a variable Initialization Vector length mode.\n * Supported Initialization Vector lengths: 56-104 bits in steps of 8 bits - * (recommended 56-bits).\n\n - * + * (recommended 56-bits).\n * Supported properties: * - #YACA_PROPERTY_CCM_TAG_LEN = CCM tag length (optional)\n * Supported tag lengths: 4-16 bytes in steps of 2 bytes (12 bytes tag by default).\n * Set after yaca_encrypt_initialize() / yaca_seal_initialize() and before * yaca_encrypt_update() / yaca_seal_update() in encryption / seal operation.\n * The @a value should be a size_t variable.\n - * In decryption / open operation tag length is not set.\n\n - * + * In decryption / open operation tag length is not set.\n * - #YACA_PROPERTY_CCM_TAG = CCM tag\n * Get after yaca_encrypt_finalize() / yaca_seal_finalize() in encryption / seal operation.\n * Set after yaca_decrypt_initialize() / yaca_open_initialize() and before - * yaca_decrypt_update() / yaca_open_update() in decryption / open operation.\n\n - * + * yaca_decrypt_update() / yaca_open_update() in decryption / open operation.\n * - #YACA_PROPERTY_CCM_AAD = additional authentication data (optional)\n * The total plaintext length must be passed to yaca_encrypt_update() / yaca_seal_update() * if AAD is used.\n * Set after yaca_encrypt_initialize() / yaca_seal_initialize() and before * yaca_encrypt_update() / yaca_seal_update() in encryption / seal operation.\n * You can only call yaca_encrypt_update() / yaca_seal_update() once for AAD - * and once for the plaintext.\n\n - * + * and once for the plaintext.\n * The total encrypted text length must be passed to yaca_decrypt_update() / * yaca_open_update() if AAD is used.\n * Set after yaca_decrypt_initialize() / yaca_open_initialize() and before * yaca_decrypt_update() / yaca_open_update() in decryption / open operation.\n * You can only call yaca_decrypt_update() / yaca_open_update() once for AAD - * and once for the encrypted text.\n\n - * + * and once for the encrypted text.\n * @see yaca_context_set_property() * @see yaca_context_get_property() - * */ YACA_BCM_CCM, /** * Used with #YACA_ENCRYPT_AES or #YACA_ENCRYPT_3DES_3TDEA to perform a key wrapping * (key material symmetric encryption). - * * Only a single yaca_encrypt_update() / yaca_decrypt_update() is allowed. - * * Usage in yaca_seal_initialize() / yaca_open_finalize() is forbidden. - * * Key used to do the wrapping with #YACA_ENCRYPT_AES can be a 128-bit key, a 192-bit key, * or a 256-bit key.\n * 64-bit Initialization Vector is used.\n * Wrapped key can be a 128-bit key, a 192-bit key, or a 256-bit key.\n * #YACA_ENCRYPT_AES allows wrapping multiple keys together. - * * Key used to do the wrapping with #YACA_ENCRYPT_3DES_3TDEA can be a 192-bit DES key only.\n * Initialization Vector is not used.\n * Wrapped key can be a 128-bit DES key (two-key), or a 192-bit DES key (three-key).\n * #YACA_ENCRYPT_3DES_3TDEA allows wrapping only one key. - * */ YACA_BCM_WRAP @@ -603,16 +587,13 @@ typedef enum { /** - * @brief Enumeration of YACA non-standard properties for algorithms. - * + * @brief Enumeration for YACA non-standard properties for algorithms. * @since_tizen 3.0 - * * @see #yaca_padding_e */ typedef enum { /** * Padding for the encrypt/decrypt or sign/verify operation. Property type is #yaca_padding_e. - * * This property can be set at the latest before the *_finalize() call. */ YACA_PROPERTY_PADDING, @@ -636,8 +617,7 @@ typedef enum { } yaca_property_e; /** - * @brief Enumeration of YACA paddings. - * + * @brief Enumeration for YACA paddings. * @since_tizen 3.0 */ typedef enum { @@ -689,9 +669,9 @@ typedef enum { YACA_PADDING_PKCS7 } yaca_padding_e; + /** - * @brief Enumeration of YACA key derivation functions. - * + * @brief Enumeration for YACA key derivation functions. * @since_tizen 3.0 */ typedef enum { @@ -708,12 +688,15 @@ typedef enum { YACA_KDF_X962, } yaca_kdf_e; + /** * @} */ + #ifdef __cplusplus } /* extern */ #endif + #endif /* YACA_TYPES_H */ -- 2.7.4 From 9d3c70918fb0041a89d821f7a5246b59f5f33a8c Mon Sep 17 00:00:00 2001 From: Piotr Sawicki Date: Tue, 7 Feb 2017 10:15:56 +0100 Subject: [PATCH 03/16] Remove unused code in CMakeLists Change-Id: I31210f92e62e5fce7035b4e5693c58fda8b29e5a --- src/CMakeLists.txt | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 8d8badd..2e022fc 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -1,5 +1,5 @@ # -# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved +# Copyright (c) 2016 - 2017 Samsung Electronics Co., Ltd All Rights Reserved # # Contact: Krzysztof Jackiewicz # @@ -45,13 +45,7 @@ SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES VERSION ${_LIB_VERSION_}) ## Link libraries ############################################################## -PKG_CHECK_MODULES(YACA_DEPS REQUIRED openssl) - -PKG_CHECK_MODULES(CAPI_BASE_COMMON capi-base-common) -IF (CAPI_BASE_COMMON_FOUND) - ADD_DEFINITIONS(-DCAPI_BASE_COMMON_PRESENT) - INCLUDE_DIRECTORIES(SYSTEM ${CAPI_BASE_COMMON_INCLUDE_DIRS}) -ENDIF() +PKG_CHECK_MODULES(YACA_DEPS REQUIRED openssl capi-base-common) FIND_PACKAGE (Threads) -- 2.7.4 From f28c538271df98283601b407577a7462d08fe5eb Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Mon, 20 Mar 2017 09:47:05 +0100 Subject: [PATCH 04/16] Install license file Change-Id: I1e80b2686d46e369084d062f2b0ef3c0e9e1d76d --- packaging/yaca.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/packaging/yaca.spec b/packaging/yaca.spec index 2b43c19..d22d931 100644 --- a/packaging/yaca.spec +++ b/packaging/yaca.spec @@ -19,6 +19,7 @@ The package provides Yet Another Crypto API. %postun -p /sbin/ldconfig %files +%license LICENSE %manifest yaca.manifest %{_libdir}/libyaca.so.0 %{_libdir}/libyaca.so.%{version} -- 2.7.4 From 6bae0c382ac2570a168094788a5dd86f986058dd Mon Sep 17 00:00:00 2001 From: Dariusz Michaluk Date: Tue, 14 Nov 2017 16:27:57 +0100 Subject: [PATCH 05/16] Fix: yaca_context_get_property() implementation unconsistent with documentation Change-Id: I5ffd12d68b2bc2764da50d7e7bc5dd1b92eb5ebb --- examples/encrypt_ccm.c | 7 +------ examples/encrypt_gcm.c | 7 +------ src/encrypt.c | 18 ++++++++++++++++-- 3 files changed, 18 insertions(+), 14 deletions(-) diff --git a/examples/encrypt_ccm.c b/examples/encrypt_ccm.c index 3bc11f8..572882c 100644 --- a/examples/encrypt_ccm.c +++ b/examples/encrypt_ccm.c @@ -78,11 +78,6 @@ int main() if (ret != YACA_ERROR_NONE) goto exit; - /* Allocate memory for tag */ - ret = yaca_zalloc(tag_len, (void**)&tag); - if (ret != YACA_ERROR_NONE) - goto exit; - /* Encryption */ { /* Initialize encryption context */ @@ -140,7 +135,7 @@ int main() goto exit; /* Get the tag after final encryption */ - ret = yaca_context_get_property(ctx, YACA_PROPERTY_CCM_TAG, (void**)tag, &tag_len); + ret = yaca_context_get_property(ctx, YACA_PROPERTY_CCM_TAG, (void**)&tag, &tag_len); if (ret != YACA_ERROR_NONE) goto exit; diff --git a/examples/encrypt_gcm.c b/examples/encrypt_gcm.c index 9778acb..7e1125b 100644 --- a/examples/encrypt_gcm.c +++ b/examples/encrypt_gcm.c @@ -78,11 +78,6 @@ int main() if (ret != YACA_ERROR_NONE) goto exit; - /* Allocate memory for tag */ - ret = yaca_zalloc(tag_len, (void**)&tag); - if (ret != YACA_ERROR_NONE) - goto exit; - /* Encryption */ { /* Initialize encryption context */ @@ -134,7 +129,7 @@ int main() if (ret != YACA_ERROR_NONE) goto exit; - ret = yaca_context_get_property(ctx, YACA_PROPERTY_GCM_TAG, (void**)tag, &tag_len); + ret = yaca_context_get_property(ctx, YACA_PROPERTY_GCM_TAG, (void**)&tag, &tag_len); if (ret != YACA_ERROR_NONE) goto exit; diff --git a/src/encrypt.c b/src/encrypt.c index f4a21f3..1fd935c 100644 --- a/src/encrypt.c +++ b/src/encrypt.c @@ -767,6 +767,8 @@ int set_encrypt_property(yaca_context_h ctx, int get_encrypt_property(const yaca_context_h ctx, yaca_property_e property, void **value, size_t *value_len) { + int ret; + void *tag = NULL; struct yaca_encrypt_context_s *c = get_encrypt_context(ctx); int mode; @@ -786,13 +788,19 @@ int get_encrypt_property(const yaca_context_h ctx, yaca_property_e property, assert(c->tag_len <= INT_MAX); + ret = yaca_malloc(c->tag_len, &tag); + if (ret != YACA_ERROR_NONE) + return ret; + if (EVP_CIPHER_CTX_ctrl(c->cipher_ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, - value) != 1) { + tag) != 1) { + yaca_free(tag); ERROR_DUMP(YACA_ERROR_INTERNAL); return YACA_ERROR_INTERNAL; } + *value = tag; *value_len = c->tag_len; break; case YACA_PROPERTY_CCM_TAG: @@ -804,13 +812,19 @@ int get_encrypt_property(const yaca_context_h ctx, yaca_property_e property, assert(c->tag_len <= INT_MAX); + ret = yaca_malloc(c->tag_len, &tag); + if (ret != YACA_ERROR_NONE) + return ret; + if (EVP_CIPHER_CTX_ctrl(c->cipher_ctx, EVP_CTRL_CCM_GET_TAG, c->tag_len, - value) != 1) { + tag) != 1) { + yaca_free(tag); ERROR_DUMP(YACA_ERROR_INTERNAL); return YACA_ERROR_INTERNAL; } + *value = tag; *value_len = c->tag_len; break; default: -- 2.7.4 From fd14778d5a704845c34f5add789c221abde2f594 Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Fri, 17 Nov 2017 11:31:23 +0100 Subject: [PATCH 06/16] Some additional API usage clarifications regarding keys Change-Id: I375ff08deedfdc4669f40dbf6a7473d216e531ed --- api/yaca/yaca_key.h | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h index f946534..bf871f6 100644 --- a/api/yaca/yaca_key.h +++ b/api/yaca/yaca_key.h @@ -218,6 +218,8 @@ int yaca_key_generate(yaca_key_type_e key_type, size_t key_bit_len, yaca_key_h * * @since_tizen 3.0 * @remarks This function is used to generate private asymmetric keys * based on pre-generated parameters. + * @remarks This function does not support RSA keys, as it's not possible + * to extract parameters from them. * @remarks The @a key should be released using yaca_key_destroy(). * @param[in] params Pre-generated parameters * @param[out] prv_key Newly generated private key @@ -257,6 +259,7 @@ int yaca_key_extract_public(const yaca_key_h prv_key, yaca_key_h *pub_key); * @brief Extracts parameters from a private or a public key. * @since_tizen 3.0 * @remarks The @a params should be released using yaca_key_destroy(). + * @remarks This function does not support RSA keys. * @param[in] key A key to extract the parameters from * @param[out] params Extracted parameters * @return #YACA_ERROR_NONE on success, @@ -276,9 +279,10 @@ int yaca_key_extract_parameters(const yaca_key_h key, yaca_key_h *params); /** * @brief Derives a shared secret using Diffie-Helmann or EC Diffie-Helmann key exchange protocol. * @since_tizen 3.0 - * @remarks The @a secret should not be used as a symmetric key, - * to produce a symmetric key pass the secret to a key derivation function (KDF) + * @remarks The @a secret should not be used as a symmetric key. + * To produce a symmetric key pass the secret to a key derivation function (KDF) * or a message digest function. + * @remarks Both the keys passed should be of DH type. * @remarks The @a secret should be freed with yaca_free(). * @param[in] prv_key Our private key * @param[in] pub_key Peer public key -- 2.7.4 From 56f96a8307f1b4dc771de32bdaf5fb8b561687ba Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Fri, 17 Nov 2017 11:32:26 +0100 Subject: [PATCH 07/16] Fix possible segfault in seal_initialize The iv is not mandatory. It depends on bcm mode and is already checked in this function. Don't blindly write to *iv because in some cases it might be NULL. Change-Id: Ieddf81b77482d2aec49d1cde3291c08d702b7c43 --- src/seal.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/seal.c b/src/seal.c index a7c3b50..24188e4 100644 --- a/src/seal.c +++ b/src/seal.c @@ -188,8 +188,11 @@ API int yaca_seal_initialize(yaca_context_h *ctx, *sym_key = lenc_sym_key; lenc_sym_key = YACA_KEY_NULL; - *iv = liv; - liv = YACA_KEY_NULL; + if (iv != NULL) { + *iv = liv; + liv = YACA_KEY_NULL; + } + ret = YACA_ERROR_NONE; exit: -- 2.7.4 From 5d1d5270ff1a668130932373a2a4be58be97ab4e Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Fri, 17 Nov 2017 11:34:07 +0100 Subject: [PATCH 08/16] Handle special use case of EVP_DigestSignFinal() EVP_DigestSignFinal() does not behave the same as other OpenSSL *Final functions in regards to its length param. Handle this use case so its different behaviour is not propagated onto YACA. Change-Id: Iac9338e00a39a986049d1504791ff5e409da96f1 --- src/sign.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/sign.c b/src/sign.c index 23c9fa0..03f1cb0 100644 --- a/src/sign.c +++ b/src/sign.c @@ -430,12 +430,20 @@ API int yaca_sign_finalize(yaca_context_h ctx, int ret; if (c == NULL || c->op_type != OP_SIGN || - signature == NULL || signature_len == NULL || *signature_len == 0) + signature == NULL || signature_len == NULL) return YACA_ERROR_INVALID_PARAMETER; if (!verify_state_change(c, CTX_FINALIZED)) return YACA_ERROR_INVALID_PARAMETER; + /* EVP_DigestSignFinal() is the only *Final that requires buffer + * length as the [in,out], don't break the symmetry in our API, + * don't require it from the user, get the apropriate length here. + */ + ret = ctx->get_output_length(ctx, 0, signature_len); + if (ret != YACA_ERROR_NONE) + return ret; + ret = EVP_DigestSignFinal(c->md_ctx, (unsigned char *)signature, signature_len); if (ret != 1) { ret = YACA_ERROR_INTERNAL; -- 2.7.4 From d13ea7e43f5fec4d1930feca73141485abcbbd9d Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Fri, 17 Nov 2017 15:20:36 +0100 Subject: [PATCH 09/16] Clarification for key_derive_dh, EC keys are also accepted Change-Id: I763712bb97de47267ebd1303bc3718c573edb164 --- api/yaca/yaca_key.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h index bf871f6..4f82cd9 100644 --- a/api/yaca/yaca_key.h +++ b/api/yaca/yaca_key.h @@ -282,7 +282,7 @@ int yaca_key_extract_parameters(const yaca_key_h key, yaca_key_h *params); * @remarks The @a secret should not be used as a symmetric key. * To produce a symmetric key pass the secret to a key derivation function (KDF) * or a message digest function. - * @remarks Both the keys passed should be of DH type. + * @remarks Both the keys passed should be of DH or EC type. * @remarks The @a secret should be freed with yaca_free(). * @param[in] prv_key Our private key * @param[in] pub_key Peer public key -- 2.7.4 From 750418075d3e913b8733520d82bfebd4323c64fd Mon Sep 17 00:00:00 2001 From: Dariusz Michaluk Date: Wed, 14 Mar 2018 12:22:32 +0100 Subject: [PATCH 10/16] Release 0.0.3 Change-Id: Ibafba8ab1f73392aa7a27483c468fafb33245dca --- CMakeLists.txt | 2 +- packaging/yaca.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 653daef..8596ea7 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -23,7 +23,7 @@ CMAKE_MINIMUM_REQUIRED (VERSION 2.6.2) PROJECT(yaca) -SET(VERSION "0.0.2") +SET(VERSION "0.0.3") ## pkgconfig ################################################################### INCLUDE(FindPkgConfig) diff --git a/packaging/yaca.spec b/packaging/yaca.spec index d22d931..a1484d1 100644 --- a/packaging/yaca.spec +++ b/packaging/yaca.spec @@ -1,5 +1,5 @@ Name: yaca -Version: 0.0.2 +Version: 0.0.3 Release: 0 Source0: %{name}-%{version}.tar.gz License: Apache-2.0 -- 2.7.4 From 932ca550e4b56fec34f2ad4045c0b148b7890aa1 Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Fri, 17 Nov 2017 14:51:46 +0100 Subject: [PATCH 11/16] Python3 bindings for YACA Change-Id: Ia7e7bf329d6b2e87c6587481dfe5c870ef482e54 --- CMakeLists.txt | 4 + packaging/yaca.spec | 14 + python/CMakeLists.txt | 8 + python/run_all_tests.py | 23 ++ python/yaca/__init__.py | 817 ++++++++++++++++++++++++++++++++++++++++++++++++ python/yaca/error.py | 48 +++ python/yaca/library.py | 298 ++++++++++++++++++ python/yaca/tests.py | 473 ++++++++++++++++++++++++++++ 8 files changed, 1685 insertions(+) create mode 100644 python/CMakeLists.txt create mode 100755 python/run_all_tests.py create mode 100755 python/yaca/__init__.py create mode 100644 python/yaca/error.py create mode 100644 python/yaca/library.py create mode 100644 python/yaca/tests.py diff --git a/CMakeLists.txt b/CMakeLists.txt index 8596ea7..51d28e7 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -74,6 +74,7 @@ ENDIF() SET(API_FOLDER ${PROJECT_SOURCE_DIR}/api/yaca) SET(EXAMPLES_FOLDER ${PROJECT_SOURCE_DIR}/examples) SET(SRC_FOLDER ${PROJECT_SOURCE_DIR}/src) +SET(PYTHON_FOLDER ${PROJECT_SOURCE_DIR}/python) IF(NOT DEFINED LIB_INSTALL_DIR) SET(LIB_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}") @@ -99,3 +100,6 @@ CONFIGURE_FILE(packaging/yaca.manifest.in yaca.manifest @ONLY) ADD_SUBDIRECTORY(${SRC_FOLDER}) ADD_SUBDIRECTORY(${EXAMPLES_FOLDER}) +IF(NOT WITHOUT_PYTHON) + ADD_SUBDIRECTORY(${PYTHON_FOLDER}) +ENDIF(NOT WITHOUT_PYTHON) diff --git a/packaging/yaca.spec b/packaging/yaca.spec index a1484d1..5135774 100644 --- a/packaging/yaca.spec +++ b/packaging/yaca.spec @@ -6,6 +6,7 @@ License: Apache-2.0 Group: Security/Other Summary: Yet Another Crypto API BuildRequires: cmake +BuildRequires: python3 >= 3.4 BuildRequires: pkgconfig(capi-base-common) BuildRequires: pkgconfig(openssl) Requires(post): /sbin/ldconfig @@ -35,6 +36,7 @@ make -k %{?jobs:-j%jobs} %install %make_install +%py3_compile %{buildroot}/%{python3_sitelib} %clean rm -rf %{buildroot} @@ -65,3 +67,15 @@ The package provides Yet Another Crypto API example files. %files examples %{_bindir}/yaca-example* %{_datadir}/%{name}/examples + +## Python3 Package ############################################################ +%package -n python3-yaca +Summary: Yet Another Crypto API Python3 bindings +Group: Security/Other +Requires: yaca = %{version}-%{release} + +%description -n python3-yaca +The package provides Yet Another Crypto API bindings for Python3. + +%files -n python3-yaca +%{python3_sitelib}/%{name} diff --git a/python/CMakeLists.txt b/python/CMakeLists.txt new file mode 100644 index 0000000..bb65b0c --- /dev/null +++ b/python/CMakeLists.txt @@ -0,0 +1,8 @@ +FIND_PACKAGE(PythonInterp 3.4 REQUIRED) + +EXECUTE_PROCESS(COMMAND ${PYTHON_EXECUTABLE} -c "from sys import stdout; from distutils import sysconfig; stdout.write(sysconfig.get_python_lib())" OUTPUT_VARIABLE PYTHON_INSTALL_DIR) +MESSAGE(STATUS "Python install dir is ${PYTHON_INSTALL_DIR}") +MESSAGE(STATUS "Python version is ${PYTHON_VERSION_STRING}") + +FILE(GLOB yaca_SRCS yaca/*.py) +INSTALL (FILES ${yaca_SRCS} DESTINATION ${PYTHON_INSTALL_DIR}/${PROJECT_NAME}) diff --git a/python/run_all_tests.py b/python/run_all_tests.py new file mode 100755 index 0000000..4877820 --- /dev/null +++ b/python/run_all_tests.py @@ -0,0 +1,23 @@ +#!/usr/bin/env python3 + +# Copyright (c) 2017-2018 Samsung Electronics Co., Ltd All Rights Reserved +# +# Contact: Lukasz Pawelczyk +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License + + +import yaca +import yaca.tests + +yaca.tests.run_all_tests() diff --git a/python/yaca/__init__.py b/python/yaca/__init__.py new file mode 100755 index 0000000..38e8648 --- /dev/null +++ b/python/yaca/__init__.py @@ -0,0 +1,817 @@ +#!/usr/bin/env python3 + +# Copyright (c) 2017-2018 Samsung Electronics Co., Ltd All Rights Reserved +# +# Contact: Lukasz Pawelczyk +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License + + +""" +Python3 bindings for YACA. + +Usage is almost the same as in the C API. All the functions that made +sense in Python were implemented. Memory allocations and functions for +getting length of the buffers were ommited as all those things are +handled automatically for both input and output. + +All the parameters for strings/data expect python's bytes type. All +the parameters are named the same as in the C API and their meaning is +exactly the same. + +The major exception being encrypt/decrypt update where second +parameter can have 2 meanings. This is only used for CCM_AAD. See +examples. + +Some parameters now have default values for ease of use. + +For details please refer to the C API doxygen documentation. + +For examples see tests/examples in yaca.tests module. +""" + +import enum as _enum +import ctypes as _ctypes +import yaca.library +from yaca.error import * +del yaca.error + +# Initialization + +_lib = yaca.library.get_yaca() +del yaca.library + + +# Helpers + +def _get_char_param_nullify_if_zero(param): + return None if len(param) == 0 else param + + +def _context_get_output_length(ctx, input_length): + output_length = _ctypes.c_size_t() + _lib.yaca_context_get_output_length(ctx, + input_length, + _ctypes.byref(output_length)) + return output_length.value + + +# Types + +class Context(): + def __init__(self, ptr): + if not isinstance(ptr, _ctypes.c_void_p): + raise TypeError('Invalid type') + self._as_parameter_ = ptr + + def __del__(self): + _lib.yaca_context_destroy(self._as_parameter_) + + +class Key(): + def __init__(self, ptr): + if not isinstance(ptr, _ctypes.c_void_p): + raise TypeError('Invalid type') + self._as_parameter_ = ptr + + def __del__(self): + _lib.yaca_key_destroy(self._as_parameter_) + + def __repr__(self): + if self._as_parameter_.value is None: + return '' + return '' + + def get_type(self): + return key_get_type(self) + + def get_bit_length(self): + return key_get_bit_length(self) + + +KEY_NULL = Key(_ctypes.c_void_p()) + + +# Enums + +@_enum.unique +class KEY_FORMAT(_enum.Enum): + DEFAULT = 0 + PKCS8 = 1 + + +@_enum.unique +class KEY_FILE_FORMAT(_enum.Enum): + RAW = 0 + BASE64 = 1 + PEM = 2 + DER = 3 + + +@_enum.unique +class KEY_TYPE(_enum.Enum): + SYMMETRIC = 0 + DES = 1 + IV = 2 + RSA_PUB = 3 + RSA_PRIV = 4 + DSA_PUB = 5 + DSA_PRIV = 6 + DH_PUB = 7 + DH_PRIV = 8 + EC_PUB = 9 + EC_PRIV = 10 + DSA_PARAMS = 11 + DH_PARAMS = 12 + EC_PARAMS = 13 + + +class KEY_BIT_LENGTH(_enum.IntEnum): + IV_64BIT = 64 + IV_128BIT = 128 + UNSAFE_8BIT = 8 + UNSAFE_40BIT = 40 + UNSAFE_64BIT = 64 + UNSAFE_80BIT = 80 + UNSAFE_128BIT = 128 + L192BIT = 192 + L256BIT = 256 + L512BIT = 512 + L1024BIT = 1024 + L2048BIT = 2048 + L3072BIT = 3072 + L4096BIT = 4096 + + +@_enum.unique +class KEY_BIT_LENGTH_EC(_enum.IntEnum): + PRIME192V1 = 0x300000C0 + PRIME256V1 = 0x30000100 + SECP256K1 = 0x31200100 + SECP384R1 = 0x31100180 + SECP521R1 = 0x31100209 + + +KEY_LENGTH_DH_GENERATOR_2 = 0x10000000 +KEY_LENGTH_DH_GENERATOR_5 = 0x11000000 + + +@_enum.unique +class KEY_BIT_LENGTH_DH_RFC(_enum.IntEnum): + L1024_160 = 0x20000400 + L2048_224 = 0x21000800 + L2048_256 = 0x22000800 + + +@_enum.unique +class DIGEST_ALGORITHM(_enum.Enum): + MD5 = 0 + SHA1 = 1 + SHA224 = 2 + SHA256 = 3 + SHA384 = 4 + SHA512 = 5 + + +@_enum.unique +class ENCRYPT_ALGORITHM(_enum.Enum): + AES = 0 + UNSAFE_DES = 1 + UNSAFE_TRIPPLE_DES_2TDEA = 2 + TRIPPLE_DES_3TDEA = 3 + UNSAFE_RC2 = 4 + UNSAFE_RC4 = 5 + CAST5 = 6 + + +@_enum.unique +class BLOCK_CIPHER_MODE(_enum.Enum): + NONE = 0 + ECB = 1 + CTR = 2 + CBC = 3 + GCM = 4 + CFB = 5 + CFB1 = 6 + CFB8 = 7 + OFB = 8 + CCM = 9 + WRAP = 10 + + +@_enum.unique +class PROPERTY(_enum.Enum): + PADDING = 0 + GCM_AAD = 1 + GCM_TAG = 2 + GCM_TAG_LEN = 3 + CCM_AAD = 4 + CCM_TAG = 5 + CCM_TAG_LEN = 6 + RC2_EFFECTIVE_KEY_BITS = 7 + + +@_enum.unique +class PADDING(_enum.Enum): + NONE = 0 + X931 = 1 + PKCS1 = 2 + PKCS1_PSS = 3 + PKCS1_OAEP = 4 + PKCS1_SSLV23 = 5 + PKCS7 = 6 + + +@_enum.unique +class KDF(_enum.Enum): + X942 = 0 + X962 = 1 + + +# Implementation crypto + +def initialize(): + """Initializes the library. Must be called before any other crypto + function. Should be called once in each thread that uses yaca.""" + _lib.yaca_initialize() + + +def cleanup(): + """Cleans up the library. + Must be called before exiting the thread that called yaca_initialize().""" + _lib.yaca_cleanup() + + +def memcmp(first, second, length): + """Safely compares first length bytes of two buffers.""" + l = _ctypes.c_size_t(length) + return _lib.yaca_memcmp(first, second, l) + + +def random_bytes(length): + """Generates random data.""" + data = _ctypes.create_string_buffer(length) + _lib.yaca_randomize_bytes(data, length) + return bytes(data) + + +def context_set_property(ctx, prop, prop_val): + """Sets the non-standard context properties. + Can only be called on an initialized context.""" + if prop == PROPERTY.PADDING: + value = _ctypes.c_int(prop_val.value) + value_length = _ctypes.sizeof(value) + _lib.yaca_context_set_property(ctx, + prop.value, + _ctypes.byref(value), + value_length) + elif (prop == PROPERTY.GCM_AAD) or (prop == PROPERTY.CCM_AAD) or \ + (prop == PROPERTY.GCM_TAG) or (prop == PROPERTY.CCM_TAG): + value = prop_val + value_length = len(prop_val) + _lib.yaca_context_set_property(ctx, prop.value, + value, value_length) + elif (prop == PROPERTY.GCM_TAG_LEN) or (prop == PROPERTY.CCM_TAG_LEN) or \ + (prop == PROPERTY.RC2_EFFECTIVE_KEY_BITS): + value = _ctypes.c_size_t(prop_val) + value_length = _ctypes.sizeof(value) + _lib.yaca_context_set_property( + ctx, prop.value, _ctypes.byref(value), value_length) + else: + raise InvalidParameterError('Wrong property passed') + + +def context_get_property(ctx, prop): + """Returns the non-standard context properties. + Can only be called on an initialized context.""" + value = _ctypes.c_void_p() + value_length = _ctypes.c_size_t() + _lib.yaca_context_get_property(ctx, prop.value, _ctypes.byref(value), + _ctypes.byref(value_length)) + if prop == PROPERTY.PADDING: + value_cast = _ctypes.cast(value, _ctypes.POINTER(_ctypes.c_int)) + value_proper = value_cast.contents.value + assert value_length.value == _ctypes.sizeof(value_cast.contents) + elif (prop == PROPERTY.GCM_AAD) or (prop == PROPERTY.CCM_AAD) or \ + (prop == PROPERTY.GCM_TAG) or (prop == PROPERTY.CCM_TAG): + value_cast = _ctypes.cast(value, _ctypes.POINTER(_ctypes.c_char)) + value_proper = value_cast[:value_length.value] + assert value_length.value == len(value_proper) + elif (prop == PROPERTY.GCM_TAG_LEN) or \ + (prop == PROPERTY.CCM_TAG_LEN) or \ + (prop == PROPERTY.RC2_EFFECTIVE_KEY_BITS): + value_cast = _ctypes.cast(value, _ctypes.POINTER(_ctypes.c_size_t)) + value_proper = value_cast.contents.value + assert value_length.value == _ctypes.sizeof(value_cast.contents) + else: + raise InvalidParameterError('Wrong property passed') + _lib.yaca_free(value) + return value_proper + + +# Implementation key + +def key_get_type(key): + """Gets key's type""" + key_type = _ctypes.c_int() + _lib.yaca_key_get_type(key, _ctypes.byref(key_type)) + return KEY_TYPE(key_type.value) + + +def key_get_bit_length(key): + """Gets key's length (in bits).""" + key_bit_length = _ctypes.c_size_t() + _lib.yaca_key_get_bit_length(key, _ctypes.byref(key_bit_length)) + return key_bit_length.value + + +def key_import(data, key_type=KEY_TYPE.SYMMETRIC, password=b''): + """Imports a key or key generation parameters.""" + key = _ctypes.c_void_p() + _lib.yaca_key_import(key_type.value, _ctypes.c_char_p(password), + data, len(data), _ctypes.byref(key)) + return Key(key) + + +def key_export(key, key_file_fmt=KEY_FILE_FORMAT.BASE64, + key_fmt=KEY_FORMAT.DEFAULT, password=b''): + """Exports a key or key generation parameters to arbitrary format.""" + data = _ctypes.POINTER(_ctypes.c_char)() + data_length = _ctypes.c_size_t() + _lib.yaca_key_export(key, key_fmt.value, key_file_fmt.value, + _ctypes.c_char_p(password), _ctypes.byref(data), + _ctypes.byref(data_length)) + data_bytes = data[:data_length.value] + _lib.yaca_free(data) + return data_bytes + + +def key_generate(key_type=KEY_TYPE.SYMMETRIC, + key_bit_length=KEY_BIT_LENGTH.L256BIT): + """Generates a secure key or key generation parameters + (or an Initialization Vector).""" + key = _ctypes.c_void_p() + _lib.yaca_key_generate(key_type.value, key_bit_length, + _ctypes.byref(key)) + return Key(key) + + +def key_generate_from_parameters(params): + """Generates a secure private asymmetric key from parameters.""" + prv_key = _ctypes.c_void_p() + _lib.yaca_key_generate_from_parameters(params, + _ctypes.byref(prv_key)) + return Key(prv_key) + + +def key_extract_public(prv_key): + """Extracts public key from a private one.""" + pub_key = _ctypes.c_void_p() + _lib.yaca_key_extract_public(prv_key, _ctypes.byref(pub_key)) + return Key(pub_key) + + +def key_extract_parameters(key): + """Extracts parameters from a private or a public key.""" + params = _ctypes.c_void_p() + _lib.yaca_key_extract_parameters(key, _ctypes.byref(params)) + return Key(params) + + +def key_derive_dh(prv_key, pub_key): + """Derives a shared secret using Diffie-Helmann or EC Diffie-Helmann + key exchange protocol.""" + secret = _ctypes.POINTER(_ctypes.c_char)() + secret_length = _ctypes.c_size_t() + _lib.yaca_key_derive_dh(prv_key, pub_key, _ctypes.byref(secret), + _ctypes.byref(secret_length)) + secret_bytes = secret[:secret_length.value] + _lib.yaca_free(secret) + return secret_bytes + + +def key_derive_kdf(secret, key_material_length, info=b'', + kdf=KDF.X942, digest_algo=DIGEST_ALGORITHM.SHA256): + """Derives a key material from shared secret.""" + info_param = _get_char_param_nullify_if_zero(info) + key_material = _ctypes.POINTER(_ctypes.c_char)() + _lib.yaca_key_derive_kdf(kdf.value, digest_algo.value, + secret, len(secret), + info_param, len(info), key_material_length, + _ctypes.byref(key_material)) + key_material_bytes = key_material[:key_material_length] + _lib.yaca_free(key_material) + return key_material_bytes + + +def key_derive_pbkdf2(password, key_bit_length=KEY_BIT_LENGTH.L256BIT, + salt=b'', digest_algo=DIGEST_ALGORITHM.SHA256, + iterations=50000): + """Derives a key from user password (PKCS #5 a.k.a. pbkdf2 algorithm).""" + salt_param = _get_char_param_nullify_if_zero(salt) + key = _ctypes.c_void_p() + _lib.yaca_key_derive_pbkdf2(_ctypes.c_char_p(password), salt_param, + len(salt), iterations, digest_algo.value, + key_bit_length, _ctypes.byref(key)) + return Key(key) + + +# Implementation simple + +def simple_encrypt(sym_key, plaintext, encrypt_algo=ENCRYPT_ALGORITHM.AES, + bcm=BLOCK_CIPHER_MODE.ECB, iv=KEY_NULL): + """Encrypts data using a symmetric cipher.""" + plaintext_param = _get_char_param_nullify_if_zero(plaintext) + ciphertext = _ctypes.POINTER(_ctypes.c_char)() + ciphertext_length = _ctypes.c_size_t() + _lib.yaca_simple_encrypt(encrypt_algo.value, bcm.value, sym_key, iv, + plaintext_param, len(plaintext), + _ctypes.byref(ciphertext), + _ctypes.byref(ciphertext_length)) + ciphertext_bytes = ciphertext[:ciphertext_length.value] + _lib.yaca_free(ciphertext) + return ciphertext_bytes + + +def simple_decrypt(sym_key, ciphertext, encrypt_algo=ENCRYPT_ALGORITHM.AES, + bcm=BLOCK_CIPHER_MODE.ECB, iv=KEY_NULL): + """Decrypts data using a symmetric cipher.""" + ciphertext_param = _get_char_param_nullify_if_zero(ciphertext) + plaintext = _ctypes.POINTER(_ctypes.c_char)() + plaintext_length = _ctypes.c_size_t() + _lib.yaca_simple_decrypt(encrypt_algo.value, bcm.value, sym_key, iv, + ciphertext_param, len(ciphertext), + _ctypes.byref(plaintext), + _ctypes.byref(plaintext_length)) + plaintext_bytes = plaintext[:plaintext_length.value] + _lib.yaca_free(plaintext) + return plaintext_bytes + + +def simple_calculate_digest(message, digest_algo=DIGEST_ALGORITHM.SHA256): + """Calculates a digest of a message.""" + message_param = _get_char_param_nullify_if_zero(message) + digest = _ctypes.POINTER(_ctypes.c_char)() + digest_length = _ctypes.c_size_t() + _lib.yaca_simple_calculate_digest(digest_algo.value, message_param, + len(message), + _ctypes.byref(digest), + _ctypes.byref(digest_length)) + digest_bytes = digest[:digest_length.value] + _lib.yaca_free(digest) + return digest_bytes + + +def simple_calculate_signature(prv_key, message, + digest_algo=DIGEST_ALGORITHM.SHA256): + """Creates a signature using asymmetric private key.""" + message_param = _get_char_param_nullify_if_zero(message) + signature = _ctypes.POINTER(_ctypes.c_char)() + signature_length = _ctypes.c_size_t() + _lib.yaca_simple_calculate_signature(digest_algo.value, prv_key, + message_param, len(message), + _ctypes.byref(signature), + _ctypes.byref(signature_length)) + signature_bytes = signature[:signature_length.value] + _lib.yaca_free(signature) + return signature_bytes + + +def simple_verify_signature(pub_key, message, signature, + digest_algo=DIGEST_ALGORITHM.SHA256): + """Verifies a signature using asymmetric public key.""" + return _lib.yaca_simple_verify_signature(digest_algo.value, pub_key, + message, len(message), + signature, len(signature)) + + +def simple_calculate_hmac(sym_key, message, + digest_algo=DIGEST_ALGORITHM.SHA256): + """Calculates a HMAC of given message using symmetric key.""" + message_param = _get_char_param_nullify_if_zero(message) + mac = _ctypes.POINTER(_ctypes.c_char)() + mac_length = _ctypes.c_size_t() + _lib.yaca_simple_calculate_hmac(digest_algo.value, sym_key, + message_param, len(message), + _ctypes.byref(mac), + _ctypes.byref(mac_length)) + mac_bytes = mac[:mac_length.value] + _lib.yaca_free(mac) + return mac_bytes + + +def simple_calculate_cmac(sym_key, message, + encrypt_algo=ENCRYPT_ALGORITHM.AES): + """Calculates a CMAC of given message using symmetric key.""" + message_param = _get_char_param_nullify_if_zero(message) + mac = _ctypes.POINTER(_ctypes.c_char)() + mac_length = _ctypes.c_size_t() + _lib.yaca_simple_calculate_cmac(encrypt_algo.value, sym_key, + message_param, len(message), + _ctypes.byref(mac), + _ctypes.byref(mac_length)) + mac_bytes = mac[:mac_length.value] + _lib.yaca_free(mac) + return mac_bytes + + +# Implementation digest + +def digest_initialize(digest_algo=DIGEST_ALGORITHM.SHA256): + """Initializes a digest context.""" + ctx = _ctypes.c_void_p() + _lib.yaca_digest_initialize(_ctypes.byref(ctx), digest_algo.value) + return Context(ctx) + + +def digest_update(ctx, message): + """Feeds the message into the message digest algorithm.""" + _lib.yaca_digest_update(ctx, message, len(message)) + + +def digest_finalize(ctx): + """Calculates the final digest.""" + output_length = _context_get_output_length(ctx, 0) + digest = _ctypes.create_string_buffer(output_length) + digest_length = _ctypes.c_size_t() + _lib.yaca_digest_finalize(ctx, digest, _ctypes.byref(digest_length)) + return bytes(digest[:digest_length.value]) + + +# Implementation encrypt + +def encrypt_get_iv_bit_length(encrypt_algo, bcm, key_bin_length): + """Returns the recommended/default length of the Initialization Vector + for a given encryption configuration.""" + iv_bit_length = _ctypes.c_size_t() + _lib.yaca_encrypt_get_iv_bit_length(encrypt_algo.value, bcm.value, + key_bin_length, + _ctypes.byref(iv_bit_length)) + return iv_bit_length.value + + +def encrypt_initialize(sym_key, encrypt_algo=ENCRYPT_ALGORITHM.AES, + bcm=BLOCK_CIPHER_MODE.ECB, iv=KEY_NULL): + """Initializes an encryption context.""" + ctx = _ctypes.c_void_p() + _lib.yaca_encrypt_initialize(_ctypes.byref(ctx), encrypt_algo.value, + bcm.value, sym_key, iv) + return Context(ctx) + + +def encrypt_update(ctx, plaintext): + """Encrypts chunk of the data. + Alternatively plaintext can be the total length of the input (int). + This is used for CCM_AAD.""" + if isinstance(plaintext, int): # the case of using AAD in CCM + _lib.yaca_encrypt_update(ctx, None, plaintext, None, + _ctypes.byref(_ctypes.c_size_t())) + return + + output_length = _context_get_output_length(ctx, len(plaintext)) + ciphertext = _ctypes.create_string_buffer(output_length) + ciphertext_length = _ctypes.c_size_t() + _lib.yaca_encrypt_update(ctx, plaintext, len(plaintext), + ciphertext, _ctypes.byref(ciphertext_length)) + return bytes(ciphertext[:ciphertext_length.value]) + + +def encrypt_finalize(ctx): + """Encrypts the final chunk of the data.""" + output_length = _context_get_output_length(ctx, 0) + ciphertext = _ctypes.create_string_buffer(output_length) + ciphertext_length = _ctypes.c_size_t() + _lib.yaca_encrypt_finalize(ctx, ciphertext, + _ctypes.byref(ciphertext_length)) + return bytes(ciphertext[:ciphertext_length.value]) + + +def decrypt_initialize(sym_key, encrypt_algo=ENCRYPT_ALGORITHM.AES, + bcm=BLOCK_CIPHER_MODE.ECB, iv=KEY_NULL): + """Initializes an decryption context.""" + ctx = _ctypes.c_void_p() + _lib.yaca_decrypt_initialize(_ctypes.byref(ctx), encrypt_algo.value, + bcm.value, sym_key, iv) + return Context(ctx) + + +def decrypt_update(ctx, ciphertext): + """Decrypts chunk of the data. + Alternatively ciphertext can be the total length of the input (int). + This is used for CCM_AAD.""" + if isinstance(ciphertext, int): # the case of using AAD in CCM + _lib.yaca_decrypt_update(ctx, None, ciphertext, None, + _ctypes.byref(_ctypes.c_size_t())) + return + + output_length = _context_get_output_length(ctx, len(ciphertext)) + plaintext = _ctypes.create_string_buffer(output_length) + plaintext_length = _ctypes.c_size_t() + _lib.yaca_decrypt_update(ctx, ciphertext, len(ciphertext), + plaintext, _ctypes.byref(plaintext_length)) + return bytes(plaintext[:plaintext_length.value]) + + +def decrypt_finalize(ctx): + """Encrypts the final chunk of the data.""" + output_length = _context_get_output_length(ctx, 0) + plaintext = _ctypes.create_string_buffer(output_length) + plaintext_length = _ctypes.c_size_t() + _lib.yaca_decrypt_finalize(ctx, plaintext, + _ctypes.byref(plaintext_length)) + return bytes(plaintext[:plaintext_length.value]) + + +# Implementation sign + +def sign_initialize(prv_key, digest_algo=DIGEST_ALGORITHM.SHA256): + """Initializes a signature context for asymmetric signatures.""" + ctx = _ctypes.c_void_p() + _lib.yaca_sign_initialize(_ctypes.byref(ctx), digest_algo.value, + prv_key) + return Context(ctx) + + +def sign_initialize_hmac(sym_key, digest_algo=DIGEST_ALGORITHM.SHA256): + """Initializes a signature context for HMAC.""" + ctx = _ctypes.c_void_p() + _lib.yaca_sign_initialize_hmac(_ctypes.byref(ctx), + digest_algo.value, sym_key) + return Context(ctx) + + +def sign_initialize_cmac(sym_key, encrypt_algo=ENCRYPT_ALGORITHM.AES): + """Initializes a signature context for CMAC.""" + ctx = _ctypes.c_void_p() + _lib.yaca_sign_initialize_cmac(_ctypes.byref(ctx), + encrypt_algo.value, sym_key) + return Context(ctx) + + +def sign_update(ctx, message): + """Feeds the message into the digital signature or MAC algorithm.""" + _lib.yaca_sign_update(ctx, message, len(message)) + + +def sign_finalize(ctx): + """Calculates the final signature or MAC.""" + output_length = _context_get_output_length(ctx, 0) + signature = _ctypes.create_string_buffer(output_length) + signature_len = _ctypes.c_size_t() + _lib.yaca_sign_finalize(ctx, signature, _ctypes.byref(signature_len)) + return bytes(signature[:signature_len.value]) + + +def verify_initialize(pub_key, digest_algo=DIGEST_ALGORITHM.SHA256): + """Initializes a signature verification context for asymmetric signatures. + """ + ctx = _ctypes.c_void_p() + _lib.yaca_verify_initialize(_ctypes.byref(ctx), digest_algo.value, + pub_key) + return Context(ctx) + + +def verify_update(ctx, message): + """Feeds the message into the digital signature verification algorithm.""" + _lib.yaca_verify_update(ctx, message, len(message)) + + +def verify_finalize(ctx, signature): + """Performs the verification.""" + return _lib.yaca_verify_finalize(ctx, signature, len(signature)) + + +# Implementation seal + +def seal_initialize(pub_key, sym_key_bit_length=KEY_BIT_LENGTH.L256BIT, + encrypt_algo=ENCRYPT_ALGORITHM.AES, + bcm=BLOCK_CIPHER_MODE.ECB): + ctx = _ctypes.c_void_p() + sym_key = _ctypes.c_void_p() + iv = _ctypes.c_void_p() + _lib.yaca_seal_initialize(_ctypes.byref(ctx), pub_key, + encrypt_algo.value, bcm.value, + sym_key_bit_length, _ctypes.byref(sym_key), + _ctypes.byref(iv)) + return Context(ctx), Key(sym_key), Key(iv) + + +def seal_update(ctx, plaintext): + """Encrypts piece of the data.""" + output_length = _context_get_output_length(ctx, len(plaintext)) + ciphertext = _ctypes.create_string_buffer(output_length) + ciphertext_length = _ctypes.c_size_t() + _lib.yaca_seal_update(ctx, plaintext, len(plaintext), + ciphertext, _ctypes.byref(ciphertext_length)) + return bytes(ciphertext[:ciphertext_length.value]) + + +def seal_finalize(ctx): + """Encrypts the final piece of the data.""" + output_length = _context_get_output_length(ctx, 0) + ciphertext = _ctypes.create_string_buffer(output_length) + ciphertext_length = _ctypes.c_size_t() + _lib.yaca_seal_finalize(ctx, ciphertext, + _ctypes.byref(ciphertext_length)) + return bytes(ciphertext[:ciphertext_length.value]) + + +def open_initialize(prv_key, sym_key, iv=KEY_NULL, + sym_key_bit_length=KEY_BIT_LENGTH.L256BIT, + encrypt_algo=ENCRYPT_ALGORITHM.AES, + bcm=BLOCK_CIPHER_MODE.ECB): + """Initializes an asymmetric decryption context.""" + ctx = _ctypes.c_void_p() + _lib.yaca_open_initialize(_ctypes.byref(ctx), prv_key, + encrypt_algo.value, bcm.value, + sym_key_bit_length, sym_key, iv) + return Context(ctx) + + +def open_update(ctx, ciphertext): + """Decrypts piece of the data.""" + output_length = _context_get_output_length(ctx, len(ciphertext)) + plaintext = _ctypes.create_string_buffer(output_length) + plaintext_length = _ctypes.c_size_t() + _lib.yaca_open_update(ctx, ciphertext, len(ciphertext), + plaintext, _ctypes.byref(plaintext_length)) + return bytes(plaintext[:plaintext_length.value]) + + +def open_finalize(ctx): + """Decrypts last chunk of sealed message.""" + output_length = _context_get_output_length(ctx, 0) + plaintext = _ctypes.create_string_buffer(output_length) + plaintext_length = _ctypes.c_size_t() + _lib.yaca_open_finalize(ctx, plaintext, + _ctypes.byref(plaintext_length)) + return bytes(plaintext[:plaintext_length.value]) + + +# Implementation rsa + +def rsa_public_encrypt(pub_key, plaintext, padding=PADDING.PKCS1): + """Encrypts data using a RSA public key (low-level encrypt equivalent).""" + ciphertext = _ctypes.POINTER(_ctypes.c_char)() + ciphertext_length = _ctypes.c_size_t() + plaintext_param = _get_char_param_nullify_if_zero(plaintext) + _lib.yaca_rsa_public_encrypt(padding.value, pub_key, plaintext_param, + len(plaintext), + _ctypes.byref(ciphertext), + _ctypes.byref(ciphertext_length)) + ciphertext_bytes = ciphertext[:ciphertext_length.value] + _lib.yaca_free(ciphertext) + return ciphertext_bytes + + +def rsa_private_decrypt(prv_key, ciphertext, padding=PADDING.PKCS1): + """Decrypts data using a RSA private key (low-level decrypt equivalent).""" + plaintext = _ctypes.POINTER(_ctypes.c_char)() + plaintext_length = _ctypes.c_size_t() + ciphertext_param = _get_char_param_nullify_if_zero(ciphertext) + _lib.yaca_rsa_private_decrypt(padding.value, prv_key, + ciphertext_param, len(ciphertext), + _ctypes.byref(plaintext), + _ctypes.byref(plaintext_length)) + plaintext_bytes = plaintext[:plaintext_length.value] + _lib.yaca_free(plaintext) + return plaintext_bytes + + +def rsa_private_encrypt(prv_key, plaintext, padding=PADDING.PKCS1): + """Encrypts data using a RSA private key (low-level sign equivalent).""" + ciphertext = _ctypes.POINTER(_ctypes.c_char)() + ciphertext_length = _ctypes.c_size_t() + plaintext_param = _get_char_param_nullify_if_zero(plaintext) + _lib.yaca_rsa_private_encrypt(padding.value, prv_key, + plaintext_param, len(plaintext), + _ctypes.byref(ciphertext), + _ctypes.byref(ciphertext_length)) + ciphertext_bytes = ciphertext[:ciphertext_length.value] + _lib.yaca_free(ciphertext) + return ciphertext_bytes + + +def rsa_public_decrypt(pub_key, ciphertext, padding=PADDING.PKCS1): + """Decrypts data using a RSA public key (low-level verify equivalent).""" + plaintext = _ctypes.POINTER(_ctypes.c_char)() + plaintext_length = _ctypes.c_size_t() + ciphertext_param = _get_char_param_nullify_if_zero(ciphertext) + _lib.yaca_rsa_public_decrypt(padding.value, pub_key, + ciphertext_param, len(ciphertext), + _ctypes.byref(plaintext), + _ctypes.byref(plaintext_length)) + plaintext_bytes = plaintext[:plaintext_length.value] + _lib.yaca_free(plaintext) + return plaintext_bytes diff --git a/python/yaca/error.py b/python/yaca/error.py new file mode 100644 index 0000000..8d691a8 --- /dev/null +++ b/python/yaca/error.py @@ -0,0 +1,48 @@ +# Copyright (c) 2017-2018 Samsung Electronics Co., Ltd All Rights Reserved +# +# Contact: Lukasz Pawelczyk +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License + + +class YacaError(Exception): + """Base class for YACA exceptions.""" + pass + + +class InvalidParameterError(YacaError): + """Invalid parameter exception""" + def __init__(self, message): + YacaError.__init__(self, message) + self.message = message + + +class OutOfMemoryError(YacaError): + """Out of memory exception""" + def __init__(self, message): + YacaError.__init__(self, message) + self.message = message + + +class InternalError(YacaError): + """Internal exception""" + def __init__(self, message): + YacaError.__init__(self, message) + self.message = message + + +class InvalidPasswordError(YacaError): + """Invalid password exception""" + def __init__(self, message): + YacaError.__init__(self, message) + self.message = message diff --git a/python/yaca/library.py b/python/yaca/library.py new file mode 100644 index 0000000..5f68d64 --- /dev/null +++ b/python/yaca/library.py @@ -0,0 +1,298 @@ +# Copyright (c) 2017-2018 Samsung Electronics Co., Ltd All Rights Reserved + +# Contact: Lukasz Pawelczyk +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License + + +import ctypes as _ctypes +import enum as _enum +import yaca.error as _err + + +@_enum.unique +class _Error(_enum.Enum): + __TIZEN_YACA_BASE = -0x01E30000 + NONE = 0 + INVALID_PARAMETER = -22 + OUT_OF_MEMORY = -12 + INTERNAL = __TIZEN_YACA_BASE | 0x01 + DATA_MISMATCH = __TIZEN_YACA_BASE | 0x02 + INVALID_PASSWORD = __TIZEN_YACA_BASE | 0x03 + + +def _errcheck(ret, func, arguments): + if ret == _Error.NONE.value: + return True + elif ret == _Error.DATA_MISMATCH.value: + return False + elif ret == _Error.INVALID_PARAMETER.value: + raise _err.InvalidParameterError( + 'Invalid Parameter error returned from YACA') + elif ret == _Error.OUT_OF_MEMORY.value: + raise _err.OutOfMemoryError('Out Of Memory error returned from YACA') + elif ret == _Error.INTERNAL.value: + raise _err.InternalError('Internal error returned from YACA') + elif ret == _Error.INVALID_PASSWORD.value: + raise _err.InvalidPasswordError( + 'Invalid Password error returned from YACA') + else: + raise RuntimeError('Unknown error returned from YACA') + + +def get_yaca(): + """Get C library and set argtypes""" + + lib = _ctypes.CDLL("libyaca.so.0") + + # crypto + lib.yaca_initialize.argtypes = [] + lib.yaca_initialize.errcheck = _errcheck + lib.yaca_cleanup.argtypes = [] + lib.yaca_cleanup.restype = None + lib.yaca_malloc.argtypes = \ + [_ctypes.c_size_t, _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_malloc.errcheck = _errcheck + lib.yaca_zalloc.argtypes = \ + [_ctypes.c_size_t, _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_zalloc.errcheck = _errcheck + lib.yaca_realloc.argtypes = \ + [_ctypes.c_size_t, _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_realloc.errcheck = _errcheck + lib.yaca_free.argtypes = [_ctypes.c_void_p] + lib.yaca_free.restype = None + lib.yaca_memcmp.argtypes = \ + [_ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_char), + _ctypes.c_size_t] + lib.yaca_memcmp.errcheck = _errcheck + lib.yaca_randomize_bytes.argtypes = \ + [_ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t] + lib.yaca_randomize_bytes.errcheck = _errcheck + lib.yaca_context_set_property.argtypes = \ + [_ctypes.c_void_p, _ctypes.c_int, _ctypes.c_void_p, _ctypes.c_size_t] + lib.yaca_context_set_property.errcheck = _errcheck + lib.yaca_context_get_property.argtypes = \ + [_ctypes.c_void_p, _ctypes.c_int, _ctypes.POINTER(_ctypes.c_void_p), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_context_get_property.errcheck = _errcheck + lib.yaca_context_get_output_length.argtypes = \ + [_ctypes.c_void_p, _ctypes.c_size_t, _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_context_get_output_length.errcheck = _errcheck + lib.yaca_context_destroy.argtypes = [_ctypes.c_void_p] + lib.yaca_context_destroy.restype = None + + # simple + lib.yaca_simple_encrypt.argtypes = \ + [_ctypes.c_int, _ctypes.c_int, _ctypes.c_void_p, _ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_simple_encrypt.errcheck = _errcheck + lib.yaca_simple_decrypt.argtypes = \ + [_ctypes.c_int, _ctypes.c_int, _ctypes.c_void_p, _ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_simple_decrypt.errcheck = _errcheck + lib.yaca_simple_calculate_digest.argtypes = \ + [_ctypes.c_int, _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_simple_calculate_digest.errcheck = _errcheck + lib.yaca_simple_calculate_signature.argtypes = \ + [_ctypes.c_int, _ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_simple_calculate_signature.errcheck = _errcheck + lib.yaca_simple_verify_signature.argtypes = \ + [_ctypes.c_int, _ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t] + lib.yaca_simple_verify_signature.errcheck = _errcheck + lib.yaca_simple_calculate_hmac.argtypes = \ + [_ctypes.c_int, _ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_simple_calculate_hmac.errcheck = _errcheck + lib.yaca_simple_calculate_cmac.argtypes = \ + [_ctypes.c_int, _ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_simple_calculate_cmac.errcheck = _errcheck + + # key + lib.yaca_key_get_type.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_int)] + lib.yaca_key_get_type.errcheck = _errcheck + lib.yaca_key_get_bit_length.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_key_get_bit_length.errcheck = _errcheck + lib.yaca_key_import.argtypes = \ + [_ctypes.c_int, _ctypes.c_char_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_key_import.errcheck = _errcheck + lib.yaca_key_export.argtypes = \ + [_ctypes.c_void_p, _ctypes.c_int, _ctypes.c_int, _ctypes.c_char_p, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_key_export.errcheck = _errcheck + lib.yaca_key_generate.argtypes = \ + [_ctypes.c_void_p, _ctypes.c_size_t, _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_key_generate.errcheck = _errcheck + lib.yaca_key_generate_from_parameters.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_key_generate_from_parameters.errcheck = _errcheck + lib.yaca_key_extract_public.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_key_extract_public.errcheck = _errcheck + lib.yaca_key_extract_parameters.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_key_extract_parameters.errcheck = _errcheck + lib.yaca_key_derive_dh.argtypes = \ + [_ctypes.c_void_p, _ctypes.c_void_p, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_key_derive_dh.errcheck = _errcheck + lib.yaca_key_derive_kdf.argtypes = \ + [_ctypes.c_int, _ctypes.c_int, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.c_size_t, _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char))] + lib.yaca_key_derive_kdf.errcheck = _errcheck + lib.yaca_key_derive_pbkdf2.argtypes = \ + [_ctypes.c_char_p, _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.c_size_t, _ctypes.c_int, + _ctypes.c_size_t, _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_key_derive_pbkdf2.errcheck = _errcheck + lib.yaca_key_destroy.argtypes = [_ctypes.c_void_p] + lib.yaca_key_destroy.restype = None + + # digest + lib.yaca_digest_initialize.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_int] + lib.yaca_digest_initialize.errcheck = _errcheck + lib.yaca_digest_update.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t] + lib.yaca_digest_update.errcheck = _errcheck + lib.yaca_digest_finalize.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_digest_finalize.errcheck = _errcheck + + # encrypt + lib.yaca_encrypt_get_iv_bit_length.argtypes = \ + [_ctypes.c_int, _ctypes.c_int, _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_encrypt_get_iv_bit_length.errcheck = _errcheck + lib.yaca_encrypt_initialize.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_int, _ctypes.c_int, + _ctypes.c_void_p, _ctypes.c_void_p] + lib.yaca_encrypt_initialize.errcheck = _errcheck + lib.yaca_encrypt_update.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_encrypt_update.errcheck = _errcheck + lib.yaca_encrypt_finalize.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_encrypt_finalize.errcheck = _errcheck + lib.yaca_decrypt_initialize.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_int, _ctypes.c_int, + _ctypes.c_void_p, _ctypes.c_void_p] + lib.yaca_decrypt_initialize.errcheck = _errcheck + lib.yaca_decrypt_update.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_decrypt_update.errcheck = _errcheck + lib.yaca_decrypt_finalize.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_decrypt_finalize.errcheck = _errcheck + + # sign + lib.yaca_sign_initialize.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_int, _ctypes.c_void_p] + lib.yaca_sign_initialize.errcheck = _errcheck + lib.yaca_sign_initialize_hmac.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_int, _ctypes.c_void_p] + lib.yaca_sign_initialize_hmac.errcheck = _errcheck + lib.yaca_sign_initialize_cmac.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_int, _ctypes.c_void_p] + lib.yaca_sign_initialize_cmac.errcheck = _errcheck + lib.yaca_sign_update.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t] + lib.yaca_sign_update.errcheck = _errcheck + lib.yaca_sign_finalize.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_sign_finalize.errcheck = _errcheck + lib.yaca_verify_initialize.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_int, _ctypes.c_void_p] + lib.yaca_verify_initialize.errcheck = _errcheck + lib.yaca_verify_update.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t] + lib.yaca_verify_update.errcheck = _errcheck + lib.yaca_verify_finalize.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t] + lib.yaca_verify_finalize.errcheck = _errcheck + + # seal + lib.yaca_seal_initialize.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_void_p, _ctypes.c_int, + _ctypes.c_int, _ctypes.c_size_t, _ctypes.POINTER(_ctypes.c_void_p), + _ctypes.POINTER(_ctypes.c_void_p)] + lib.yaca_seal_initialize.errcheck = _errcheck + lib.yaca_seal_update.argtypes = \ + [_ctypes.c_void_p, _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_seal_update.errcheck = _errcheck + lib.yaca_seal_finalize.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_seal_finalize.errcheck = _errcheck + lib.yaca_open_initialize.argtypes = \ + [_ctypes.POINTER(_ctypes.c_void_p), _ctypes.c_void_p, _ctypes.c_int, + _ctypes.c_int, _ctypes.c_size_t, _ctypes.c_void_p, _ctypes.c_void_p] + lib.yaca_open_initialize.errcheck = _errcheck + lib.yaca_open_update.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_open_update.errcheck = _errcheck + lib.yaca_open_finalize.argtypes = \ + [_ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_open_finalize.errcheck = _errcheck + + # rsa + rsa_argtypes = \ + [_ctypes.c_int, _ctypes.c_void_p, + _ctypes.POINTER(_ctypes.c_char), _ctypes.c_size_t, + _ctypes.POINTER(_ctypes.POINTER(_ctypes.c_char)), + _ctypes.POINTER(_ctypes.c_size_t)] + lib.yaca_rsa_public_encrypt.argtypes = rsa_argtypes + lib.yaca_rsa_public_encrypt.errcheck = _errcheck + lib.yaca_rsa_private_decrypt.argtypes = rsa_argtypes + lib.yaca_rsa_private_decrypt.errcheck = _errcheck + lib.yaca_rsa_private_encrypt.argtypes = rsa_argtypes + lib.yaca_rsa_private_encrypt.errcheck = _errcheck + lib.yaca_rsa_public_decrypt.argtypes = rsa_argtypes + lib.yaca_rsa_public_decrypt.errcheck = _errcheck + + return lib diff --git a/python/yaca/tests.py b/python/yaca/tests.py new file mode 100644 index 0000000..a256419 --- /dev/null +++ b/python/yaca/tests.py @@ -0,0 +1,473 @@ +# Copyright (c) 2017-2018 Samsung Electronics Co., Ltd All Rights Reserved + +# Contact: Lukasz Pawelczyk +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License + + +""" +These tests are not to test yaca itself. They are more of a +syntax test to see that no stupid mistakes has been made in the +python binding. To check whether the code runs properly and +returns expected things. + +They can also be used as examples. +""" + +import yaca + + +def split_into_parts(data, l): + return [data[i:i + l] for i in range(0, len(data), l)] + + +msg = b'Lorem ipsum dolor sit amet, consectetuer adipiscing elit. \ +Donec hendrerit tempor tellus. Donec pretium posuere tellus. Proin \ +quam nisl, tincidunt et, mattis eget, convallis nec, purus. Cum \ +sociis natoque penatibus et magnis dis parturient montes, nascetur \ +ridiculus mus. Nulla posuere. Donec vitae dolor. Nullam tristique \ +diam non turpis. Cras placerat accumsan nulla. Nullam rutrum. Nam \ +vestibulum accumsan nisl.' + +msg_parts = split_into_parts(msg, 5) + + +def run_all_tests(): + """Runs all YACA tests/examples. No exceptions means success.""" + + yaca.initialize() + + crypto() + key_gen() + key_exp_imp() + key_derive() + simple() + digest() + encrypt_basic() + encrypt_rc2_property() + encrypt_gcm_property() + encrypt_ccm_property() + sign() + seal() + rsa() + + yaca.cleanup() + + +def crypto(): + + msg_whole = b'' + for part in msg_parts: + msg_whole += part + + assert yaca.memcmp(msg, msg_whole, len(msg)) + + rand_bytes = yaca.random_bytes(50) + assert len(rand_bytes) == 50 + + +def key_gen(): + + key_iv_64 = yaca.key_generate(yaca.KEY_TYPE.IV, + yaca.KEY_BIT_LENGTH.IV_64BIT) + assert key_iv_64.get_type() == yaca.KEY_TYPE.IV + assert key_iv_64.get_bit_length() == yaca.KEY_BIT_LENGTH.IV_64BIT + + key_iv_128 = yaca.key_generate(yaca.KEY_TYPE.IV, + yaca.KEY_BIT_LENGTH.IV_128BIT) + assert key_iv_128.get_type() == yaca.KEY_TYPE.IV + assert key_iv_128.get_bit_length() == yaca.KEY_BIT_LENGTH.IV_128BIT + + key_sym = yaca.key_generate() + assert key_sym.get_type() == yaca.KEY_TYPE.SYMMETRIC + assert key_sym.get_bit_length() == yaca.KEY_BIT_LENGTH.L256BIT + + key_rsa_prv = yaca.key_generate(yaca.KEY_TYPE.RSA_PRIV, + yaca.KEY_BIT_LENGTH.L2048BIT) + assert key_rsa_prv.get_type() == yaca.KEY_TYPE.RSA_PRIV + assert key_rsa_prv.get_bit_length() == yaca.KEY_BIT_LENGTH.L2048BIT + + key_rsa_pub = yaca.key_extract_public(key_rsa_prv) + assert key_rsa_pub.get_type() == yaca.KEY_TYPE.RSA_PUB + assert key_rsa_pub.get_bit_length() == yaca.KEY_BIT_LENGTH.L2048BIT + + key_dsa_prv = yaca.key_generate(yaca.KEY_TYPE.DSA_PRIV, + yaca.KEY_BIT_LENGTH.L2048BIT) + assert key_dsa_prv.get_type() == yaca.KEY_TYPE.DSA_PRIV + assert key_dsa_prv.get_bit_length() == yaca.KEY_BIT_LENGTH.L2048BIT + + key_dsa_pub = yaca.key_extract_public(key_dsa_prv) + assert key_dsa_pub.get_type() == yaca.KEY_TYPE.DSA_PUB + assert key_dsa_pub.get_bit_length() == yaca.KEY_BIT_LENGTH.L2048BIT + + key_dh_prv = yaca.key_generate(yaca.KEY_TYPE.DH_PRIV, + yaca.KEY_BIT_LENGTH_DH_RFC.L2048_256) + assert key_dh_prv.get_type() == yaca.KEY_TYPE.DH_PRIV + assert key_dh_prv.get_bit_length() == 2048 + + key_dh_pub = yaca.key_extract_public(key_dh_prv) + assert key_dh_pub.get_type() == yaca.KEY_TYPE.DH_PUB + assert key_dh_pub.get_bit_length() == 2048 + + key_dh_params = yaca.key_extract_parameters(key_dh_prv) + key_dh_prv_2 = yaca.key_generate_from_parameters(key_dh_params) + assert key_dh_prv_2.get_type() == key_dh_prv.get_type() + assert key_dh_prv_2.get_bit_length() == key_dh_prv.get_bit_length() + + key_dh_prv_3 = yaca.key_generate(yaca.KEY_TYPE.DH_PRIV, + yaca.KEY_LENGTH_DH_GENERATOR_5 | 256) + assert key_dh_prv_3.get_type() == yaca.KEY_TYPE.DH_PRIV + assert key_dh_prv_3.get_bit_length() == 256 + + key_ec_prv = yaca.key_generate(yaca.KEY_TYPE.EC_PRIV, + yaca.KEY_BIT_LENGTH_EC.PRIME256V1) + assert key_ec_prv.get_type() == yaca.KEY_TYPE.EC_PRIV + assert key_ec_prv.get_bit_length() == yaca.KEY_BIT_LENGTH_EC.PRIME256V1 + + key_ec_pub = yaca.key_extract_public(key_ec_prv) + assert key_ec_pub.get_type() == yaca.KEY_TYPE.EC_PUB + assert key_ec_pub.get_bit_length() == yaca.KEY_BIT_LENGTH_EC.PRIME256V1 + + +def key_exp_imp(): + # prepare: + key_sym = yaca.key_generate() + key_rsa_prv = yaca.key_generate(yaca.KEY_TYPE.RSA_PRIV, + yaca.KEY_BIT_LENGTH.L2048BIT) + # end prepare + + key_sym_exp = yaca.key_export(key_sym) + key_sym_imp = yaca.key_import(key_sym_exp) + assert key_sym.get_type() == key_sym_imp.get_type() + assert key_sym.get_bit_length() == key_sym_imp.get_bit_length() + + key_rsa_prv_exp = yaca.key_export(key_rsa_prv, yaca.KEY_FILE_FORMAT.PEM) + key_rsa_prv_imp = yaca.key_import(key_rsa_prv_exp, yaca.KEY_TYPE.RSA_PRIV) + assert key_rsa_prv.get_type() == key_rsa_prv_imp.get_type() + assert key_rsa_prv.get_bit_length() == key_rsa_prv_imp.get_bit_length() + + key_rsa_prv_exp = yaca.key_export(key_rsa_prv, yaca.KEY_FILE_FORMAT.PEM, + yaca.KEY_FORMAT.PKCS8, b"password") + key_rsa_prv_imp = yaca.key_import(key_rsa_prv_exp, yaca.KEY_TYPE.RSA_PRIV, + b"password") + assert key_rsa_prv.get_type() == key_rsa_prv_imp.get_type() + assert key_rsa_prv.get_bit_length() == key_rsa_prv_imp.get_bit_length() + + +def key_derive(): + # prepare: + key_dh_prv = yaca.key_generate(yaca.KEY_TYPE.DH_PRIV, + yaca.KEY_BIT_LENGTH_DH_RFC.L2048_256) + key_dh_pub = yaca.key_extract_public(key_dh_prv) + key_dh_params = yaca.key_extract_parameters(key_dh_prv) + key_dh_prv_2 = yaca.key_generate_from_parameters(key_dh_params) + key_dh_pub_2 = yaca.key_extract_public(key_dh_prv_2) + # end prepare + + secret = yaca.key_derive_dh(key_dh_prv_2, key_dh_pub) + assert len(secret) == 256 + + secret_2 = yaca.key_derive_dh(key_dh_prv, key_dh_pub_2) + assert secret == secret_2 + + key_material = yaca.key_derive_kdf(secret, 128) + assert len(key_material) == 128 + + key_derived = yaca.key_derive_pbkdf2(b'password') + assert key_derived.get_type() == yaca.KEY_TYPE.SYMMETRIC + assert key_derived.get_bit_length() == yaca.KEY_BIT_LENGTH.L256BIT + + +def simple(): + # prepare: + key_sym = yaca.key_generate() + key_iv_128 = yaca.key_generate(yaca.KEY_TYPE.IV, + yaca.KEY_BIT_LENGTH.IV_128BIT) + key_rsa_prv = yaca.key_generate(yaca.KEY_TYPE.RSA_PRIV, + yaca.KEY_BIT_LENGTH.L2048BIT) + key_rsa_pub = yaca.key_extract_public(key_rsa_prv) + # end prepare + + enc_simple = yaca.simple_encrypt(key_sym, msg, + yaca.ENCRYPT_ALGORITHM.AES, + yaca.BLOCK_CIPHER_MODE.CBC, key_iv_128) + dec_simple = yaca.simple_decrypt(key_sym, enc_simple, + yaca.ENCRYPT_ALGORITHM.AES, + yaca.BLOCK_CIPHER_MODE.CBC, key_iv_128) + assert msg == dec_simple + + dgst_simple = yaca.simple_calculate_digest(msg, + yaca.DIGEST_ALGORITHM.SHA512) + assert len(dgst_simple) == 64 + + hmac_simple = yaca.simple_calculate_hmac(key_sym, msg, + yaca.DIGEST_ALGORITHM.SHA512) + assert len(hmac_simple) == 64 + + cmac_simple = yaca.simple_calculate_cmac(key_sym, msg, + yaca.ENCRYPT_ALGORITHM.AES) + assert len(cmac_simple) == 16 + + sig_simple = yaca.simple_calculate_signature(key_rsa_prv, msg, + yaca.DIGEST_ALGORITHM.SHA512) + assert yaca.simple_verify_signature(key_rsa_pub, msg, sig_simple, + yaca.DIGEST_ALGORITHM.SHA512) + + +def digest(): + # prepare: + dgst_simple = yaca.simple_calculate_digest(msg, + yaca.DIGEST_ALGORITHM.SHA512) + # end prepare + + ctx = yaca.digest_initialize(yaca.DIGEST_ALGORITHM.SHA512) + for part in msg_parts: + yaca.digest_update(ctx, part) + dgst = yaca.digest_finalize(ctx) + + assert dgst == dgst_simple + + +def encrypt_basic(): + # prepare: + key_sym = yaca.key_generate() + key_iv_128 = yaca.key_generate(yaca.KEY_TYPE.IV, + yaca.KEY_BIT_LENGTH.IV_128BIT) + enc_simple = yaca.simple_encrypt(key_sym, msg, + yaca.ENCRYPT_ALGORITHM.AES, + yaca.BLOCK_CIPHER_MODE.CBC, key_iv_128) + # end prepare + + len_iv = yaca.encrypt_get_iv_bit_length(yaca.ENCRYPT_ALGORITHM.AES, + yaca.BLOCK_CIPHER_MODE.CBC, + yaca.KEY_BIT_LENGTH.L256BIT) + assert len_iv == 128 + + ctx = yaca.encrypt_initialize(key_sym, bcm=yaca.BLOCK_CIPHER_MODE.CBC, + iv=key_iv_128) + enc = b'' + for part in msg_parts: + enc += yaca.encrypt_update(ctx, part) + enc += yaca.encrypt_finalize(ctx) + + assert enc == enc_simple + + enc_parts = split_into_parts(enc, 5) + + ctx = yaca.decrypt_initialize(key_sym, bcm=yaca.BLOCK_CIPHER_MODE.CBC, + iv=key_iv_128) + dec = b'' + for part in enc_parts: + dec += yaca.decrypt_update(ctx, part) + dec += yaca.decrypt_finalize(ctx) + + assert msg == dec + + +def encrypt_rc2_property(): + # prepare: + key_sym = yaca.key_generate() + # end prepare + + len_iv = yaca.encrypt_get_iv_bit_length(yaca.ENCRYPT_ALGORITHM.UNSAFE_RC2, + yaca.BLOCK_CIPHER_MODE.ECB, + yaca.KEY_BIT_LENGTH.L256BIT) + assert len_iv == 0 + + ctx = yaca.encrypt_initialize(key_sym, yaca.ENCRYPT_ALGORITHM.UNSAFE_RC2, + yaca.BLOCK_CIPHER_MODE.ECB) + yaca.context_set_property(ctx, yaca.PROPERTY.RC2_EFFECTIVE_KEY_BITS, 192) + enc = b'' + for part in msg_parts: + enc += yaca.encrypt_update(ctx, part) + enc += yaca.encrypt_finalize(ctx) + + enc_parts = split_into_parts(enc, 5) + + ctx = yaca.decrypt_initialize(key_sym, yaca.ENCRYPT_ALGORITHM.UNSAFE_RC2, + yaca.BLOCK_CIPHER_MODE.ECB) + yaca.context_set_property(ctx, yaca.PROPERTY.RC2_EFFECTIVE_KEY_BITS, 192) + dec = b'' + for part in enc_parts: + dec += yaca.decrypt_update(ctx, part) + dec += yaca.decrypt_finalize(ctx) + + assert msg == dec + + +def encrypt_gcm_property(): + # prepare: + key_sym = yaca.key_generate() + key_iv_128 = yaca.key_generate(yaca.KEY_TYPE.IV, + yaca.KEY_BIT_LENGTH.IV_128BIT) + # end prepare + + tag_len = 16 + aad = yaca.random_bytes(16) + ctx = yaca.encrypt_initialize(key_sym, bcm=yaca.BLOCK_CIPHER_MODE.GCM, + iv=key_iv_128) + yaca.context_set_property(ctx, yaca.PROPERTY.GCM_AAD, aad) + enc = b'' + for part in msg_parts: + enc += yaca.encrypt_update(ctx, part) + enc += yaca.encrypt_finalize(ctx) + yaca.context_set_property(ctx, yaca.PROPERTY.GCM_TAG_LEN, tag_len) + tag = yaca.context_get_property(ctx, yaca.PROPERTY.GCM_TAG) + assert len(tag) == tag_len + + enc_parts = split_into_parts(enc, 5) + + ctx = yaca.decrypt_initialize(key_sym, bcm=yaca.BLOCK_CIPHER_MODE.GCM, + iv=key_iv_128) + yaca.context_set_property(ctx, yaca.PROPERTY.GCM_AAD, aad) + dec = b'' + for part in enc_parts: + dec += yaca.decrypt_update(ctx, part) + yaca.context_set_property(ctx, yaca.PROPERTY.GCM_TAG, tag) + dec += yaca.decrypt_finalize(ctx) + + assert msg == dec + + +def encrypt_ccm_property(): + # prepare: + key_sym = yaca.key_generate() + key_iv_64 = yaca.key_generate(yaca.KEY_TYPE.IV, + yaca.KEY_BIT_LENGTH.IV_64BIT) + # end prepare + + tag_len = 12 + aad = yaca.random_bytes(16) + ctx = yaca.encrypt_initialize(key_sym, bcm=yaca.BLOCK_CIPHER_MODE.CCM, + iv=key_iv_64) + yaca.context_set_property(ctx, yaca.PROPERTY.CCM_TAG_LEN, tag_len) + yaca.encrypt_update(ctx, len(msg)) # encrypt_update second type of usage + yaca.context_set_property(ctx, yaca.PROPERTY.CCM_AAD, aad) + enc = yaca.encrypt_update(ctx, msg) + enc += yaca.encrypt_finalize(ctx) + tag = yaca.context_get_property(ctx, yaca.PROPERTY.CCM_TAG) + assert len(tag) == tag_len + + ctx = yaca.decrypt_initialize(key_sym, bcm=yaca.BLOCK_CIPHER_MODE.CCM, + iv=key_iv_64) + yaca.context_set_property(ctx, yaca.PROPERTY.CCM_TAG, tag) + yaca.decrypt_update(ctx, len(enc)) # decrypt_update second type of usage + yaca.context_set_property(ctx, yaca.PROPERTY.CCM_AAD, aad) + dec = yaca.decrypt_update(ctx, enc) + dec += yaca.decrypt_finalize(ctx) + + assert msg == dec + + +def sign(): + # prepare: + key_sym = yaca.key_generate() + key_rsa_prv = yaca.key_generate(yaca.KEY_TYPE.RSA_PRIV, + yaca.KEY_BIT_LENGTH.L2048BIT) + key_rsa_pub = yaca.key_extract_public(key_rsa_prv) + hmac_simple = yaca.simple_calculate_hmac(key_sym, msg, + yaca.DIGEST_ALGORITHM.SHA512) + cmac_simple = yaca.simple_calculate_cmac(key_sym, msg, + yaca.ENCRYPT_ALGORITHM.AES) + sign_simple = yaca.simple_calculate_signature(key_rsa_prv, msg, + yaca.DIGEST_ALGORITHM.SHA512) + # end prepare + + ctx = yaca.sign_initialize_hmac(key_sym, yaca.DIGEST_ALGORITHM.SHA512) + for part in msg_parts: + yaca.sign_update(ctx, part) + hmac = yaca.sign_finalize(ctx) + + assert hmac == hmac_simple + + ctx = yaca.sign_initialize_cmac(key_sym, yaca.ENCRYPT_ALGORITHM.AES) + for part in msg_parts: + yaca.sign_update(ctx, part) + cmac = yaca.sign_finalize(ctx) + + assert cmac == cmac_simple + + ctx = yaca.sign_initialize(key_rsa_prv, yaca.DIGEST_ALGORITHM.SHA512) + for part in msg_parts: + yaca.sign_update(ctx, part) + sig = yaca.sign_finalize(ctx) + + assert sig == sign_simple # won't work for DSA + + ctx = yaca.verify_initialize(key_rsa_pub, yaca.DIGEST_ALGORITHM.SHA512) + for part in msg_parts: + yaca.verify_update(ctx, part) + assert yaca.verify_finalize(ctx, sig) + + # SIGN + SET PADDING + + ctx = yaca.sign_initialize(key_rsa_prv) + for part in msg_parts: + yaca.sign_update(ctx, part) + yaca.context_set_property(ctx, yaca.PROPERTY.PADDING, + yaca.PADDING.PKCS1_PSS) + sig = yaca.sign_finalize(ctx) + + ctx = yaca.verify_initialize(key_rsa_pub) + for part in msg_parts: + yaca.verify_update(ctx, part) + yaca.context_set_property(ctx, yaca.PROPERTY.PADDING, + yaca.PADDING.PKCS1_PSS) + assert yaca.verify_finalize(ctx, sig) + + +def seal(): + # prepare: + key_rsa_prv = yaca.key_generate(yaca.KEY_TYPE.RSA_PRIV, + yaca.KEY_BIT_LENGTH.L2048BIT) + key_rsa_pub = yaca.key_extract_public(key_rsa_prv) + # end prepare + + ctx, key_seal, iv = yaca.seal_initialize(key_rsa_pub, + bcm=yaca.BLOCK_CIPHER_MODE.CBC) + sealed = b'' + for part in msg_parts: + sealed += yaca.seal_update(ctx, part) + sealed += yaca.seal_finalize(ctx) + + sealed_parts = split_into_parts(sealed, 5) + + ctx = yaca.open_initialize(key_rsa_prv, key_seal, iv, + bcm=yaca.BLOCK_CIPHER_MODE.CBC) + opened = b'' + for part in sealed_parts: + opened += yaca.open_update(ctx, part) + opened += yaca.open_finalize(ctx) + + assert opened == msg + + +def rsa(): + # prepare: + key_rsa_prv = yaca.key_generate(yaca.KEY_TYPE.RSA_PRIV, + yaca.KEY_BIT_LENGTH.L2048BIT) + key_rsa_pub = yaca.key_extract_public(key_rsa_prv) + # end prepare + + msg_short_max = int(2048 / 8 - 11) + msg_short = msg[:msg_short_max] + + enc_rsa = yaca.rsa_public_encrypt(key_rsa_pub, msg_short) + dec_rsa = yaca.rsa_private_decrypt(key_rsa_prv, enc_rsa) + + assert dec_rsa == msg_short + + enc_rsa = yaca.rsa_private_encrypt(key_rsa_prv, msg_short) + dec_rsa = yaca.rsa_public_decrypt(key_rsa_pub, enc_rsa) + + assert dec_rsa == msg_short -- 2.7.4 From 3b3c32e1d0a8414676b37dac83371e0f44173d50 Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Wed, 30 May 2018 14:30:56 +0200 Subject: [PATCH 12/16] Fix some pylint issues - not using len(seq) as a condition - too wide wildcard import Change-Id: I546ccc68729f2ba831dd0f73714aa234cc7254d1 --- python/yaca/__init__.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/python/yaca/__init__.py b/python/yaca/__init__.py index 38e8648..ab0e283 100755 --- a/python/yaca/__init__.py +++ b/python/yaca/__init__.py @@ -43,7 +43,7 @@ For examples see tests/examples in yaca.tests module. import enum as _enum import ctypes as _ctypes import yaca.library -from yaca.error import * +from yaca.error import InvalidParameterError del yaca.error # Initialization @@ -55,7 +55,7 @@ del yaca.library # Helpers def _get_char_param_nullify_if_zero(param): - return None if len(param) == 0 else param + return None if not param else param def _context_get_output_length(ctx, input_length): -- 2.7.4 From ee23e2882718f8a7642e0303325612fe06865e61 Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Mon, 18 Jun 2018 13:41:52 +0200 Subject: [PATCH 13/16] Fix pycodestyle issue pycodestyle: E741 ambiguous variable name 'l' Change-Id: Id70e425e51da8bcd10afd579080d20b2cc9c9d4c --- python/yaca/__init__.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/python/yaca/__init__.py b/python/yaca/__init__.py index ab0e283..3efd0bd 100755 --- a/python/yaca/__init__.py +++ b/python/yaca/__init__.py @@ -255,8 +255,8 @@ def cleanup(): def memcmp(first, second, length): """Safely compares first length bytes of two buffers.""" - l = _ctypes.c_size_t(length) - return _lib.yaca_memcmp(first, second, l) + length = _ctypes.c_size_t(length) + return _lib.yaca_memcmp(first, second, length) def random_bytes(length): -- 2.7.4 From 002321f293eb4ad32f520268d6d83e65e8cc791f Mon Sep 17 00:00:00 2001 From: Dongsun Lee Date: Fri, 25 Jan 2019 09:25:06 +0900 Subject: [PATCH 14/16] Fix TYPO in document Change-Id: I9e9f5fff90b9f51151773e5d75bd7c44992d27e5 Signed-off-by: Dongsun Lee --- doc/yaca_doc.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/yaca_doc.h b/doc/yaca_doc.h index d8b3ae3..03cd95d 100644 --- a/doc/yaca_doc.h +++ b/doc/yaca_doc.h @@ -20,8 +20,8 @@ * @defgroup CAPI_YACA_MODULE YACA * @brief The YACA (Yet Another Crypto Api) provides a crypto functions such as key management, data integrity, data en/decryption and low-level RSA operations. * Key management provides APIs for generating secured key,importing a key trying to match it to the key_type specified and exporting a key to arbitrary format. - * Data Integrity provides Advanced/Simpled API for the integrity handling - HMAC, CMAC, message digests and digital signature. - * Data en/decryption provides Advanced/Simpled APIs for en/decrypting and sealing/opening a data. + * Data Integrity provides Advanced/Simple API for the integrity handling - HMAC, CMAC, message digests and digital signature. + * Data en/decryption provides Advanced/Simple APIs for en/decrypting and sealing/opening a data. * RSA module provides advanced APIs for low-level encryption/decryption operations with asymmetric RSA keys. * * @section CAPI_YACA_MODULE_OVERVIEW Overview @@ -51,13 +51,13 @@ * * The yaca provides a crypto function such as key management, integrity handling and data en/decryption. * Key management provides APIs for generating secured key, importing a key trying to match it to the key type specified and exporting a key to arbitrary format. - * Data Integrity provides Advanced/Simpled API for the integrity handling - HMAC, CMAC, message digest and digital signature. - * Data en/decryption provides Advanced/Simpled APIs for en/decrypting a data and creating a IV. + * Data Integrity provides Advanced/Simple API for the integrity handling - HMAC, CMAC, message digest and digital signature. + * Data en/decryption provides Advanced/Simple APIs for en/decrypting a data and creating a IV. * RSA module provides advanced APIs for low-level encryption/decryption operations with asymmetric RSA keys. * * The yaca provides 4 types of API. * - key management APIs : These APIs provides generating key using random number or password, importing a key trying to match it to the key_type specified and exporting a key to arbitrary format. - * - data en/decryption APIs : These APIs provides Advanced/Simpled API for the data encryption. + * - data en/decryption APIs : These APIs provides Advanced/Simple API for the data encryption. * - integrity APIs : These APIs provides creating a signature using asymmetric private key, verifying a signature using asymmetric public key, calculating a HMAC/CMAC of given message using symmetric key and calculating message digests of given message without key. * - low-level RSA API : These APIs allow for low-level encryption/decryption operations with asymmetric RSA keys. * -- 2.7.4 From 9dac1435c98b31e63318785a3c15e9b32412cb7d Mon Sep 17 00:00:00 2001 From: Konrad Lipinski Date: Wed, 29 May 2019 17:48:39 +0200 Subject: [PATCH 15/16] Migrate to openssl 1.1 Change-Id: I07c36154ada7a74d59ba1e8d784309475157db33 --- packaging/yaca.spec | 2 +- src/CMakeLists.txt | 2 +- src/debug.c | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/packaging/yaca.spec b/packaging/yaca.spec index 5135774..59f0591 100644 --- a/packaging/yaca.spec +++ b/packaging/yaca.spec @@ -8,7 +8,7 @@ Summary: Yet Another Crypto API BuildRequires: cmake BuildRequires: python3 >= 3.4 BuildRequires: pkgconfig(capi-base-common) -BuildRequires: pkgconfig(openssl) +BuildRequires: pkgconfig(openssl1.1) Requires(post): /sbin/ldconfig Requires(postun): /sbin/ldconfig diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 2e022fc..57c4488 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -45,7 +45,7 @@ SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES VERSION ${_LIB_VERSION_}) ## Link libraries ############################################################## -PKG_CHECK_MODULES(YACA_DEPS REQUIRED openssl capi-base-common) +PKG_CHECK_MODULES(YACA_DEPS REQUIRED openssl1.1 capi-base-common) FIND_PACKAGE (Threads) diff --git a/src/debug.c b/src/debug.c index e49a4ca..169335c 100644 --- a/src/debug.c +++ b/src/debug.c @@ -126,6 +126,7 @@ int error_handle(const char *file, int line, const char *function) #if OPENSSL_VERSION_NUMBER > 0x10100000L case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN): case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN): + case ERR_PACK(ERR_LIB_PEM, PEM_F_GET_NAME, PEM_R_NO_START_LINE): #else /* OPENSSL_VERSION_NUMBER > 0x10100000L */ case ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS): case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN): -- 2.7.4 From 2d394e0a8cea49692634c5ccf6196e08cd23fbf1 Mon Sep 17 00:00:00 2001 From: Dariusz Michaluk Date: Thu, 18 Jul 2019 17:13:54 +0200 Subject: [PATCH 16/16] Release 0.0.4 Change-Id: I93f168da700c155b3267c5a47970edbb4bf0fa63 --- CMakeLists.txt | 2 +- packaging/yaca.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 51d28e7..c83f5a3 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -23,7 +23,7 @@ CMAKE_MINIMUM_REQUIRED (VERSION 2.6.2) PROJECT(yaca) -SET(VERSION "0.0.3") +SET(VERSION "0.0.4") ## pkgconfig ################################################################### INCLUDE(FindPkgConfig) diff --git a/packaging/yaca.spec b/packaging/yaca.spec index 59f0591..f602d76 100644 --- a/packaging/yaca.spec +++ b/packaging/yaca.spec @@ -1,5 +1,5 @@ Name: yaca -Version: 0.0.3 +Version: 0.0.4 Release: 0 Source0: %{name}-%{version}.tar.gz License: Apache-2.0 -- 2.7.4