From e62df1be79c2a82447e66461840327342231cf39 Mon Sep 17 00:00:00 2001 From: Mateusz Kulikowski Date: Mon, 11 Apr 2016 15:50:50 +0200 Subject: [PATCH 01/16] Use crypto_zalloc for internal structure allocations. Change-Id: I3a3f738cf238c362ac33e3aa01c3a37d263140f9 Signed-off-by: Mateusz Kulikowski --- src/digest.c | 2 +- src/encrypt.c | 4 +--- src/key.c | 10 +++++----- 3 files changed, 7 insertions(+), 9 deletions(-) diff --git a/src/digest.c b/src/digest.c index 93a2535..9c50748 100644 --- a/src/digest.c +++ b/src/digest.c @@ -121,7 +121,7 @@ API int yaca_digest_init(yaca_ctx_h *ctx, yaca_digest_algo_e algo) if (ctx == NULL) return YACA_ERROR_INVALID_ARGUMENT; - nc = yaca_malloc(sizeof(struct yaca_digest_ctx_s)); + nc = yaca_zalloc(sizeof(struct yaca_digest_ctx_s)); if (nc == NULL) return YACA_ERROR_OUT_OF_MEMORY; diff --git a/src/encrypt.c b/src/encrypt.c index d195800..24e9117 100644 --- a/src/encrypt.c +++ b/src/encrypt.c @@ -184,12 +184,10 @@ static int encrypt_init(yaca_ctx_h *ctx, if (lkey == NULL) return YACA_ERROR_INVALID_ARGUMENT; - nc = yaca_malloc(sizeof(struct yaca_encrypt_ctx_s)); + nc = yaca_zalloc(sizeof(struct yaca_encrypt_ctx_s)); if (nc == NULL) return YACA_ERROR_OUT_OF_MEMORY; - memset(nc, 0, sizeof(struct yaca_encrypt_ctx_s)); - nc->ctx.type = YACA_CTX_ENCRYPT; nc->ctx.ctx_destroy = destroy_encrypt_ctx; nc->ctx.get_output_length = get_encrypt_output_length; diff --git a/src/key.c b/src/key.c index 6ba3c9e..f5aa42c 100644 --- a/src/key.c +++ b/src/key.c @@ -137,7 +137,7 @@ API int yaca_key_import(yaca_key_h *key, if (data_len > SIZE_MAX - sizeof(struct yaca_key_simple_s)) return YACA_ERROR_TOO_BIG_ARGUMENT; - nk = yaca_malloc(sizeof(struct yaca_key_simple_s) + data_len); + nk = yaca_zalloc(sizeof(struct yaca_key_simple_s) + data_len); if (nk == NULL) return YACA_ERROR_OUT_OF_MEMORY; @@ -232,7 +232,7 @@ API int yaca_key_gen(yaca_key_h *sym_key, if (key_byte_len > SIZE_MAX - sizeof(struct yaca_key_simple_s)) return YACA_ERROR_TOO_BIG_ARGUMENT; - nk = yaca_malloc(sizeof(struct yaca_key_simple_s) + key_byte_len); + nk = yaca_zalloc(sizeof(struct yaca_key_simple_s) + key_byte_len); if (nk == NULL) return YACA_ERROR_OUT_OF_MEMORY; @@ -269,11 +269,11 @@ API int yaca_key_gen_pair(yaca_key_h *prv_key, if (key_type != YACA_KEY_TYPE_PAIR_RSA) return YACA_ERROR_NOT_IMPLEMENTED; - nk_prv = yaca_malloc(sizeof(struct yaca_key_evp_s)); + nk_prv = yaca_zalloc(sizeof(struct yaca_key_evp_s)); if (nk_prv == NULL) return YACA_ERROR_OUT_OF_MEMORY; - nk_pub = yaca_malloc(sizeof(struct yaca_key_evp_s)); + nk_pub = yaca_zalloc(sizeof(struct yaca_key_evp_s)); if (nk_pub == NULL) { ret = YACA_ERROR_OUT_OF_MEMORY; goto free_prv; @@ -414,7 +414,7 @@ API int yaca_key_derive_pbkdf2(const char *password, if (key_byte_len > SIZE_MAX - sizeof(struct yaca_key_simple_s)) return YACA_ERROR_TOO_BIG_ARGUMENT; - nk = yaca_malloc(sizeof(struct yaca_key_simple_s) + key_byte_len); + nk = yaca_zalloc(sizeof(struct yaca_key_simple_s) + key_byte_len); if (nk == NULL) return YACA_ERROR_OUT_OF_MEMORY; -- 2.7.4 From 40c0aefda7679310c150f24fcb88b9177cf56485 Mon Sep 17 00:00:00 2001 From: Mateusz Kulikowski Date: Mon, 11 Apr 2016 15:51:51 +0200 Subject: [PATCH 02/16] Add yaca_ctx_get|set_param prototypes. Change-Id: I714a47663e742bc8c3eeb446483eee0a58a8a056 Signed-off-by: Mateusz Kulikowski --- src/crypto.c | 16 ++++++++++++++-- src/internal.h | 4 ++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/src/crypto.c b/src/crypto.c index 550abf0..a90d0d9 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -92,13 +92,25 @@ API int yaca_rand_bytes(char *data, size_t data_len) API int yaca_ctx_set_param(yaca_ctx_h ctx, yaca_ex_param_e param, const void *value, size_t value_len) { - return YACA_ERROR_NOT_IMPLEMENTED; + if (ctx == YACA_CTX_NULL) + return YACA_ERROR_INVALID_ARGUMENT; + + if (ctx->set_param == NULL) + return YACA_ERROR_NOT_SUPPORTED; + + return ctx->set_param(ctx, param, value, value_len); } API int yaca_ctx_get_param(const yaca_ctx_h ctx, yaca_ex_param_e param, void **value, size_t *value_len) { - return YACA_ERROR_NOT_IMPLEMENTED; + if (ctx == YACA_CTX_NULL) + return YACA_ERROR_INVALID_ARGUMENT; + + if (ctx->get_param == NULL) + return YACA_ERROR_NOT_SUPPORTED; + + return ctx->get_param(ctx, param, value, value_len); } API void yaca_ctx_free(yaca_ctx_h ctx) diff --git a/src/internal.h b/src/internal.h index 504fb6d..25f0edc 100644 --- a/src/internal.h +++ b/src/internal.h @@ -46,6 +46,10 @@ struct yaca_ctx_s void (*ctx_destroy)(const yaca_ctx_h ctx); int (*get_output_length)(const yaca_ctx_h ctx, size_t input_len); + int (*set_param)(yaca_ctx_h ctx, yaca_ex_param_e param, + const void *value, size_t value_len); + int (*get_param)(const yaca_ctx_h ctx, yaca_ex_param_e param, + void **value, size_t *value_len); }; -- 2.7.4 From d167d69d481326aae3ab570605b236724800d199 Mon Sep 17 00:00:00 2001 From: Mateusz Kulikowski Date: Mon, 11 Apr 2016 15:52:33 +0200 Subject: [PATCH 03/16] yaca_ctx_free: Cause exception on missing destructor. ctx->ctx_destriy is mandatory for all contexts. Add assert to verify that. Change-Id: I1a1b5b5c7eb50eb5cea440ad74d410aeb2cdda59 Signed-off-by: Mateusz Kulikowski --- src/crypto.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/crypto.c b/src/crypto.c index a90d0d9..2ffb10c 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -116,6 +116,7 @@ API int yaca_ctx_get_param(const yaca_ctx_h ctx, yaca_ex_param_e param, API void yaca_ctx_free(yaca_ctx_h ctx) { if (ctx != YACA_CTX_NULL) { + assert(ctx->ctx_destroy != NULL); ctx->ctx_destroy(ctx); yaca_free(ctx); } -- 2.7.4 From 9b0e0ce18c07687c33f47a296c6cd8dc9f7098b5 Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Thu, 14 Apr 2016 16:52:58 +0200 Subject: [PATCH 04/16] Nullify destroyed pointer. Change-Id: I40384227010a733499b05bf6b587a1ec125505df --- src/digest.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/digest.c b/src/digest.c index 9c50748..2a5f01d 100644 --- a/src/digest.c +++ b/src/digest.c @@ -67,6 +67,7 @@ static void destroy_digest_context(yaca_ctx_h ctx) return; EVP_MD_CTX_destroy(c->mdctx); + c->mdctx = NULL; } int digest_get_algorithm(yaca_digest_algo_e algo, const EVP_MD **md) -- 2.7.4 From 28e28e9ea9ef82981c5da5d941e20e6c3ffc827d Mon Sep 17 00:00:00 2001 From: Dariusz Michaluk Date: Mon, 18 Apr 2016 12:35:32 +0200 Subject: [PATCH 05/16] Split symmetric/asymmetric encryption Change-Id: Iab1755771de9cdb8d2b2902cf6b6a1adcb343ade --- api/yaca/encrypt.h | 112 --------------------------------- api/yaca/seal.h | 150 ++++++++++++++++++++++++++++++++++++++++++++ examples/CMakeLists.txt | 1 + examples/encrypt.c | 122 ------------------------------------ examples/seal.c | 162 ++++++++++++++++++++++++++++++++++++++++++++++++ src/encrypt.c | 52 ---------------- src/seal.c | 83 +++++++++++++++++++++++++ 7 files changed, 396 insertions(+), 286 deletions(-) create mode 100644 api/yaca/seal.h create mode 100644 examples/seal.c create mode 100644 src/seal.c diff --git a/api/yaca/encrypt.h b/api/yaca/encrypt.h index e94fb37..8c52fc9 100644 --- a/api/yaca/encrypt.h +++ b/api/yaca/encrypt.h @@ -135,118 +135,6 @@ int yaca_decrypt_final(yaca_ctx_h ctx, char *plain, size_t *plain_len); -/**@}*/ - -/** - * @defgroup Advanced-Encryption-Asymmetric Advanced API for the asymmetric encryption. - * - * TODO: extended description and examples. - * - * TODO: Seal does more than just encrypt. It first generates the encryption key and IV, - * then encrypts whole message using this key (and selected symmetric algorithm). - * Finally it encrypts symmetric key with public key. - * - * @{ - */ - -/** - * @brief yaca_seal_init Initializes an asymmetric encryption context. - * - * @param[out] ctx Newly created context (must be freed with @see yaca_ctx_free). - * @param[in] pub_key Public key of the peer that will receive the encrypted data. - * @param[in] algo Symmetric algorithm that will be used. - * @param[in] bcm Block chaining mode for the symmetric algorithm. - * @param[out] sym_key Generated symmetric key that will be used. It is encrypted with peer's public key. - * @param[out] iv Generated initialization vector that will be used. - * - * @return 0 on success, negative on error (@see error.h). - */ -int yaca_seal_init(yaca_ctx_h *ctx, - const yaca_key_h pub_key, - yaca_enc_algo_e algo, - yaca_block_cipher_mode_e bcm, - yaca_key_h *sym_key, - yaca_key_h *iv); - -/** - * @brief yaca_seal_update Encrypts piece of the data. - * - * @param[in,out] ctx Context created by @see yaca_seal_init. - * @param[in] plain Plain text to be encrypted. - * @param[in] plain_len Length of the plain text. - * @param[out] cipher Buffer for the encrypted data (must be allocated by client, @see yaca_get_output_length). - * @param[out] cipher_len Length of the encrypted data, actual number of bytes written will be returned here. - * - * @return 0 on success, negative on error (@see error.h). - */ -int yaca_seal_update(yaca_ctx_h ctx, - const char *plain, - size_t plain_len, - char *cipher, - size_t *cipher_len); - -/** - * @brief yaca_seal_final Encrypts the final piece of the data. - * - * @param[in,out] ctx A valid seal context. - * @param[out] cipher Final piece of the encrypted data (must be allocated by client, @see yaca_get_block_length). - * @param[out] cipher_len Length of the final piece, actual number of bytes written will be returned here. - * - * @return 0 on success, negative on error (@see error.h). - */ -int yaca_seal_final(yaca_ctx_h ctx, - char *cipher, - size_t *cipher_len); - -/** - * @brief yaca_open_init Initializes an asymmetric decryption context. - * - * @param[out] ctx Newly created context. Must be freed by @see yaca_ctx_free. - * @param[in] prv_key Private key, part of the pair that was used for the encryption. - * @param[in] algo Symmetric algorithm that was used for the encryption. - * @param[in] bcm Block chaining mode for the symmetric algorithm. - * @param[in] sym_key Symmetric key, encrypted with the public key, that was used to encrypt the data. - * @param[in] iv Initialization vector that was used for the encryption. - * - * @return 0 on success, negative on error (@see error.h). - */ -int yaca_open_init(yaca_ctx_h *ctx, - const yaca_key_h prv_key, - yaca_enc_algo_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv); - -/** - * @brief yaca_open_update Decrypts piece of the data. - * - * @param[in,out] ctx Context created by @see yaca_open_init. - * @param[in] cipher Cipher text to be decrypted. - * @param[in] cipher_len Length of the cipher text. - * @param[out] plain Buffer for the decrypted data (must be allocated by client, @see yaca_get_output_length). - * @param[out] plain_len Length of the decrypted data, actual number of bytes written will be returned here. - * - * @return 0 on success, negative on error (@see error.h). - */ -int yaca_open_update(yaca_ctx_h ctx, - const char *cipher, - size_t cipher_len, - char *plain, - size_t *plain_len); - -/** - * @brief yaca_open_final Decrypts last chunk of sealed message. - * - * @param[in,out] ctx A valid open context. - * @param[out] plain Final piece of the decrypted data (must be allocated by client, @see yaca_get_block_length). - * @param[out] plain_len Length of the final piece, actual number of bytes written will be returned here. - * - * @return 0 on success, negative on error (@see error.h). - */ -int yaca_open_final(yaca_ctx_h ctx, - char *plain, - size_t *plain_len); - /** * @brief yaca_get_iv_bits Returns the recomended/default length of the IV for a given encryption configuration. * diff --git a/api/yaca/seal.h b/api/yaca/seal.h new file mode 100644 index 0000000..aa1a10b --- /dev/null +++ b/api/yaca/seal.h @@ -0,0 +1,150 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Krzysztof Jackiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file seal.h + * @brief + */ + +#ifndef SEAL_H +#define SEAL_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @defgroup Advanced-Encryption-Asymmetric Advanced API for the asymmetric encryption. + * + * TODO: extended description and examples. + * + * TODO: Seal does more than just encrypt. It first generates the encryption key and IV, + * then encrypts whole message using this key (and selected symmetric algorithm). + * Finally it encrypts symmetric key with public key. + * + * @{ + */ + +/** + * @brief yaca_seal_init Initializes an asymmetric encryption context. + * + * @param[out] ctx Newly created context (must be freed with @see yaca_ctx_free). + * @param[in] pub_key Public key of the peer that will receive the encrypted data. + * @param[in] algo Symmetric algorithm that will be used. + * @param[in] bcm Block chaining mode for the symmetric algorithm. + * @param[out] sym_key Generated symmetric key that will be used. It is encrypted with peer's public key. + * @param[out] iv Generated initialization vector that will be used. + * + * @return 0 on success, negative on error (@see error.h). + */ +int yaca_seal_init(yaca_ctx_h *ctx, + const yaca_key_h pub_key, + yaca_enc_algo_e algo, + yaca_block_cipher_mode_e bcm, + yaca_key_h *sym_key, + yaca_key_h *iv); + +/** + * @brief yaca_seal_update Encrypts piece of the data. + * + * @param[in,out] ctx Context created by @see yaca_seal_init. + * @param[in] plain Plain text to be encrypted. + * @param[in] plain_len Length of the plain text. + * @param[out] cipher Buffer for the encrypted data (must be allocated by client, @see yaca_get_output_length). + * @param[out] cipher_len Length of the encrypted data, actual number of bytes written will be returned here. + * + * @return 0 on success, negative on error (@see error.h). + */ +int yaca_seal_update(yaca_ctx_h ctx, + const char *plain, + size_t plain_len, + char *cipher, + size_t *cipher_len); + +/** + * @brief yaca_seal_final Encrypts the final piece of the data. + * + * @param[in,out] ctx A valid seal context. + * @param[out] cipher Final piece of the encrypted data (must be allocated by client, @see yaca_get_block_length). + * @param[out] cipher_len Length of the final piece, actual number of bytes written will be returned here. + * + * @return 0 on success, negative on error (@see error.h). + */ +int yaca_seal_final(yaca_ctx_h ctx, + char *cipher, + size_t *cipher_len); + +/** + * @brief yaca_open_init Initializes an asymmetric decryption context. + * + * @param[out] ctx Newly created context. Must be freed by @see yaca_ctx_free. + * @param[in] prv_key Private key, part of the pair that was used for the encryption. + * @param[in] algo Symmetric algorithm that was used for the encryption. + * @param[in] bcm Block chaining mode for the symmetric algorithm. + * @param[in] sym_key Symmetric key, encrypted with the public key, that was used to encrypt the data. + * @param[in] iv Initialization vector that was used for the encryption. + * + * @return 0 on success, negative on error (@see error.h). + */ +int yaca_open_init(yaca_ctx_h *ctx, + const yaca_key_h prv_key, + yaca_enc_algo_e algo, + yaca_block_cipher_mode_e bcm, + const yaca_key_h sym_key, + const yaca_key_h iv); + +/** + * @brief yaca_open_update Decrypts piece of the data. + * + * @param[in,out] ctx Context created by @see yaca_open_init. + * @param[in] cipher Cipher text to be decrypted. + * @param[in] cipher_len Length of the cipher text. + * @param[out] plain Buffer for the decrypted data (must be allocated by client, @see yaca_get_output_length). + * @param[out] plain_len Length of the decrypted data, actual number of bytes written will be returned here. + * + * @return 0 on success, negative on error (@see error.h). + */ +int yaca_open_update(yaca_ctx_h ctx, + const char *cipher, + size_t cipher_len, + char *plain, + size_t *plain_len); + +/** + * @brief yaca_open_final Decrypts last chunk of sealed message. + * + * @param[in,out] ctx A valid open context. + * @param[out] plain Final piece of the decrypted data (must be allocated by client, @see yaca_get_block_length). + * @param[out] plain_len Length of the final piece, actual number of bytes written will be returned here. + * + * @return 0 on success, negative on error (@see error.h). + */ +int yaca_open_final(yaca_ctx_h ctx, + char *plain, + size_t *plain_len); + +/**@}*/ + +#ifdef __cplusplus +} /* extern */ +#endif + +#endif /* SEAL_H */ diff --git a/examples/CMakeLists.txt b/examples/CMakeLists.txt index 6413bad..cda1c9c 100644 --- a/examples/CMakeLists.txt +++ b/examples/CMakeLists.txt @@ -51,6 +51,7 @@ ENDFUNCTION(BUILD_EXAMPLE) BUILD_EXAMPLE("yaca-example-digest" digest.c) BUILD_EXAMPLE("yaca-example-encrypt" encrypt.c) +BUILD_EXAMPLE("yaca-example-seal" seal.c) BUILD_EXAMPLE("yaca-example-encrypt-gcm" encrypt_aes_gcm.c) BUILD_EXAMPLE("yaca-example-sign" sign.c) BUILD_EXAMPLE("yaca-example-key-exchange" key_exchange.c) diff --git a/examples/encrypt.c b/examples/encrypt.c index f428713..eb8f3ce 100644 --- a/examples/encrypt.c +++ b/examples/encrypt.c @@ -228,126 +228,6 @@ ex_key: yaca_key_free(key); } -void encrypt_seal(void) -{ - int ret; - yaca_ctx_h ctx = YACA_CTX_NULL; - yaca_key_h key_pub = YACA_KEY_NULL; - yaca_key_h key_priv = YACA_KEY_NULL; - yaca_key_h aes_key = YACA_KEY_NULL; - yaca_key_h iv = YACA_KEY_NULL; - - char *enc = NULL; - char *dec = NULL; - size_t enc_size; - size_t dec_size; - - printf("Plain data (16 of %zu bytes): %.16s\n", (size_t)4096, lorem1024); - - /// Generate key pair - ret = yaca_key_gen_pair(&key_priv, &key_pub, - YACA_KEY_TYPE_PAIR_RSA, - YACA_KEY_2048BIT); - if (ret) return; - - /// Encrypt a.k.a. seal - { - size_t out_size; - size_t rem; - - ret = yaca_seal_init(&ctx, key_pub, - YACA_ENC_AES, YACA_BCM_CBC, - &aes_key, &iv); - if (ret < 0) - goto ex_pk; - - ret = yaca_seal_update(ctx, lorem4096, 4096, NULL, &enc_size); - if (ret < 0) - goto ex_ak; - - ret = yaca_get_block_length(ctx); - if (ret < 0) - goto ex_ak; - - enc_size = enc_size + ret; - enc = yaca_malloc(enc_size); - if (enc == NULL) - goto ex_ak; - - // Seal and finalize - out_size = enc_size; - ret = yaca_seal_update(ctx, lorem4096, 4096, enc, &out_size); - if (ret < 0) - goto ex_of; - - rem = enc_size - out_size; - ret = yaca_seal_final(ctx, enc + out_size, &rem); - if (ret < 0) - goto ex_of; - - enc_size = rem + out_size; - - dump_hex(enc, 16, "Encrypted data (16 of %zu bytes): ", enc_size); - - yaca_ctx_free(ctx); // TODO: perhaps it should not return value - } - - /// Decrypt a.k.a. open - { - size_t out_size; - size_t rem; - - ret = yaca_open_init(&ctx, key_priv, - YACA_ENC_AES, YACA_BCM_CBC, - aes_key, iv); - if (ret < 0) { - yaca_free(enc); - goto ex_ak; - } - - ret = yaca_open_update(ctx, enc, enc_size, NULL, &dec_size); - if (ret < 0) - goto ex_of; - - ret = yaca_get_block_length(ctx); - if (ret < 0) - goto ex_of; - - dec_size = dec_size + ret; - dec = yaca_malloc(dec_size); - if (dec == NULL) - goto ex_of; - - // Seal and finalize - out_size = enc_size; - ret = yaca_open_update(ctx, enc, enc_size, dec, &out_size); - if (ret < 0) - goto ex_in; - - rem = dec_size - out_size; - ret = yaca_open_final(ctx, dec + out_size, &rem); - if (ret < 0) - goto ex_in; - - dec_size = rem + out_size; - - printf("Decrypted data (16 of %zu bytes): %.16s\n", (size_t)dec_size, dec); - - yaca_ctx_free(ctx); // TODO: perhaps it should not return value - } - -ex_in: - yaca_free(dec); -ex_of: - yaca_free(enc); -ex_ak: - yaca_key_free(aes_key); - yaca_key_free(iv); -ex_pk: - yaca_key_free(key_pub); - yaca_key_free(key_priv); -} - int main() { int ret = yaca_init(); @@ -358,8 +238,6 @@ int main() encrypt_advanced(); - encrypt_seal(); - yaca_exit(); // TODO: what about handing of return value from exit?? return ret; } diff --git a/examples/seal.c b/examples/seal.c new file mode 100644 index 0000000..a96dfd0 --- /dev/null +++ b/examples/seal.c @@ -0,0 +1,162 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Krzysztof Jackiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file seal.c + * @brief + */ + +#include + +#include +#include +#include +#include "lorem.h" +#include "misc.h" + +void encrypt_seal(void) +{ + int ret; + yaca_ctx_h ctx = YACA_CTX_NULL; + yaca_key_h key_pub = YACA_KEY_NULL; + yaca_key_h key_priv = YACA_KEY_NULL; + yaca_key_h aes_key = YACA_KEY_NULL; + yaca_key_h iv = YACA_KEY_NULL; + + char *enc = NULL; + char *dec = NULL; + size_t enc_size; + size_t dec_size; + + printf("Plain data (16 of %zu bytes): %.16s\n", (size_t)4096, lorem1024); + + /// Generate key pair + ret = yaca_key_gen_pair(&key_priv, &key_pub, + YACA_KEY_TYPE_PAIR_RSA, + YACA_KEY_2048BIT); + if (ret) return; + + /// Encrypt a.k.a. seal + { + size_t out_size; + size_t rem; + + ret = yaca_seal_init(&ctx, key_pub, + YACA_ENC_AES, YACA_BCM_CBC, + &aes_key, &iv); + if (ret < 0) + goto ex_pk; + + ret = yaca_seal_update(ctx, lorem4096, 4096, NULL, &enc_size); + if (ret < 0) + goto ex_ak; + + ret = yaca_get_block_length(ctx); + if (ret < 0) + goto ex_ak; + + enc_size = enc_size + ret; + enc = yaca_malloc(enc_size); + if (enc == NULL) + goto ex_ak; + + // Seal and finalize + out_size = enc_size; + ret = yaca_seal_update(ctx, lorem4096, 4096, enc, &out_size); + if (ret < 0) + goto ex_of; + + rem = enc_size - out_size; + ret = yaca_seal_final(ctx, enc + out_size, &rem); + if (ret < 0) + goto ex_of; + + enc_size = rem + out_size; + + dump_hex(enc, 16, "Encrypted data (16 of %zu bytes): ", enc_size); + + yaca_ctx_free(ctx); // TODO: perhaps it should not return value + } + + /// Decrypt a.k.a. open + { + size_t out_size; + size_t rem; + + ret = yaca_open_init(&ctx, key_priv, + YACA_ENC_AES, YACA_BCM_CBC, + aes_key, iv); + if (ret < 0) { + yaca_free(enc); + goto ex_ak; + } + + ret = yaca_open_update(ctx, enc, enc_size, NULL, &dec_size); + if (ret < 0) + goto ex_of; + + ret = yaca_get_block_length(ctx); + if (ret < 0) + goto ex_of; + + dec_size = dec_size + ret; + dec = yaca_malloc(dec_size); + if (dec == NULL) + goto ex_of; + + // Seal and finalize + out_size = enc_size; + ret = yaca_open_update(ctx, enc, enc_size, dec, &out_size); + if (ret < 0) + goto ex_in; + + rem = dec_size - out_size; + ret = yaca_open_final(ctx, dec + out_size, &rem); + if (ret < 0) + goto ex_in; + + dec_size = rem + out_size; + + printf("Decrypted data (16 of %zu bytes): %.16s\n", (size_t)dec_size, dec); + + yaca_ctx_free(ctx); // TODO: perhaps it should not return value + } + +ex_in: + yaca_free(dec); +ex_of: + yaca_free(enc); +ex_ak: + yaca_key_free(aes_key); + yaca_key_free(iv); +ex_pk: + yaca_key_free(key_pub); + yaca_key_free(key_priv); +} + +int main() +{ + int ret = yaca_init(); + if (ret < 0) + return ret; + + encrypt_seal(); + + yaca_exit(); // TODO: what about handing of return value from exit?? + return ret; +} diff --git a/src/encrypt.c b/src/encrypt.c index 24e9117..5aeecf7 100644 --- a/src/encrypt.c +++ b/src/encrypt.c @@ -399,55 +399,3 @@ API int yaca_decrypt_final(yaca_ctx_h ctx, return encrypt_final(ctx,(unsigned char*)plain, plain_len, OP_DECRYPT); } - -API int yaca_seal_init(yaca_ctx_h *ctx, - const yaca_key_h pub_key, - yaca_enc_algo_e algo, - yaca_block_cipher_mode_e bcm, - yaca_key_h *sym_key, - yaca_key_h *iv) -{ - return YACA_ERROR_NOT_IMPLEMENTED; -} - -API int yaca_seal_update(yaca_ctx_h ctx, - const char *plain, - size_t plain_len, - char *cipher, - size_t *cipher_len) -{ - return YACA_ERROR_NOT_IMPLEMENTED; -} - -API int yaca_seal_final(yaca_ctx_h ctx, - char *cipher, - size_t *cipher_len) -{ - return YACA_ERROR_NOT_IMPLEMENTED; -} - -API int yaca_open_init(yaca_ctx_h *ctx, - const yaca_key_h prv_key, - yaca_enc_algo_e algo, - yaca_block_cipher_mode_e bcm, - const yaca_key_h sym_key, - const yaca_key_h iv) -{ - return YACA_ERROR_NOT_IMPLEMENTED; -} - -API int yaca_open_update(yaca_ctx_h ctx, - const char *cipher, - size_t cipher_len, - char *plain, - size_t *plain_len) -{ - return YACA_ERROR_NOT_IMPLEMENTED; -} - -API int yaca_open_final(yaca_ctx_h ctx, - char *plain, - size_t *plain_len) -{ - return YACA_ERROR_NOT_IMPLEMENTED; -} diff --git a/src/seal.c b/src/seal.c new file mode 100644 index 0000000..fb5b50e --- /dev/null +++ b/src/seal.c @@ -0,0 +1,83 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Krzysztof Jackiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include +#include + +#include +#include +#include + +#include +#include +#include +#include + +#include "internal.h" + +API int yaca_seal_init(yaca_ctx_h *ctx, + const yaca_key_h pub_key, + yaca_enc_algo_e algo, + yaca_block_cipher_mode_e bcm, + yaca_key_h *sym_key, + yaca_key_h *iv) +{ + return YACA_ERROR_NOT_IMPLEMENTED; +} + +API int yaca_seal_update(yaca_ctx_h ctx, + const char *plain, + size_t plain_len, + char *cipher, + size_t *cipher_len) +{ + return YACA_ERROR_NOT_IMPLEMENTED; +} + +API int yaca_seal_final(yaca_ctx_h ctx, + char *cipher, + size_t *cipher_len) +{ + return YACA_ERROR_NOT_IMPLEMENTED; +} + +API int yaca_open_init(yaca_ctx_h *ctx, + const yaca_key_h prv_key, + yaca_enc_algo_e algo, + yaca_block_cipher_mode_e bcm, + const yaca_key_h sym_key, + const yaca_key_h iv) +{ + return YACA_ERROR_NOT_IMPLEMENTED; +} + +API int yaca_open_update(yaca_ctx_h ctx, + const char *cipher, + size_t cipher_len, + char *plain, + size_t *plain_len) +{ + return YACA_ERROR_NOT_IMPLEMENTED; +} + +API int yaca_open_final(yaca_ctx_h ctx, + char *plain, + size_t *plain_len) +{ + return YACA_ERROR_NOT_IMPLEMENTED; +} -- 2.7.4 From 7e63a71279fe8fcdc74e66c7ca17c1056d610e15 Mon Sep 17 00:00:00 2001 From: Dariusz Michaluk Date: Mon, 18 Apr 2016 16:56:42 +0200 Subject: [PATCH 06/16] yaca_seal_init() needs key length to generate EVP_CIPHER Change-Id: I65f40910983d5d8928174807dbdc7c622eee70d8 --- api/yaca/seal.h | 14 ++++++++------ examples/seal.c | 2 +- src/seal.c | 1 + 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/api/yaca/seal.h b/api/yaca/seal.h index aa1a10b..a080247 100644 --- a/api/yaca/seal.h +++ b/api/yaca/seal.h @@ -46,12 +46,13 @@ extern "C" { /** * @brief yaca_seal_init Initializes an asymmetric encryption context. * - * @param[out] ctx Newly created context (must be freed with @see yaca_ctx_free). - * @param[in] pub_key Public key of the peer that will receive the encrypted data. - * @param[in] algo Symmetric algorithm that will be used. - * @param[in] bcm Block chaining mode for the symmetric algorithm. - * @param[out] sym_key Generated symmetric key that will be used. It is encrypted with peer's public key. - * @param[out] iv Generated initialization vector that will be used. + * @param[out] ctx Newly created context (must be freed with @see yaca_ctx_free). + * @param[in] pub_key Public key of the peer that will receive the encrypted data. + * @param[in] algo Symmetric algorithm that will be used. + * @param[in] bcm Block chaining mode for the symmetric algorithm. + * @param[in] sym_key_bits Symmetric key length (in bits) that will be generated. + * @param[out] sym_key Generated symmetric key that will be used. It is encrypted with peer's public key. + * @param[out] iv Generated initialization vector that will be used. * * @return 0 on success, negative on error (@see error.h). */ @@ -59,6 +60,7 @@ int yaca_seal_init(yaca_ctx_h *ctx, const yaca_key_h pub_key, yaca_enc_algo_e algo, yaca_block_cipher_mode_e bcm, + yaca_key_bits_e sym_key_bits, yaca_key_h *sym_key, yaca_key_h *iv); diff --git a/examples/seal.c b/examples/seal.c index a96dfd0..e2377a1 100644 --- a/examples/seal.c +++ b/examples/seal.c @@ -57,7 +57,7 @@ void encrypt_seal(void) size_t rem; ret = yaca_seal_init(&ctx, key_pub, - YACA_ENC_AES, YACA_BCM_CBC, + YACA_ENC_AES, YACA_BCM_CBC, YACA_KEY_192BIT, &aes_key, &iv); if (ret < 0) goto ex_pk; diff --git a/src/seal.c b/src/seal.c index fb5b50e..7b9308a 100644 --- a/src/seal.c +++ b/src/seal.c @@ -34,6 +34,7 @@ API int yaca_seal_init(yaca_ctx_h *ctx, const yaca_key_h pub_key, yaca_enc_algo_e algo, yaca_block_cipher_mode_e bcm, + yaca_key_bits_e sym_key_bits, yaca_key_h *sym_key, yaca_key_h *iv) { -- 2.7.4 From cdaa7471cc9b1359e366423bb1a57e67def123ea Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Thu, 14 Apr 2016 16:56:09 +0200 Subject: [PATCH 07/16] Add a TODO about get_output length signature. Change-Id: I33b588ab52da7e1efb05e48c73f5335f02b55fb8 --- api/yaca/crypto.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/api/yaca/crypto.h b/api/yaca/crypto.h index 309d2f9..b3d16db 100644 --- a/api/yaca/crypto.h +++ b/api/yaca/crypto.h @@ -155,6 +155,8 @@ void yaca_ctx_free(yaca_ctx_h ctx); * * @return negative on error (@see error.h) or length of output. */ +// TODO: this function should probably return the value by param of +// size_t type and leave the return int value only to report errors int yaca_get_output_length(const yaca_ctx_h ctx, size_t input_len); /** -- 2.7.4 From f9a0e633add765e75b2eb5205cf4bb4722474ae2 Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Fri, 15 Apr 2016 16:07:12 +0200 Subject: [PATCH 08/16] Add a line break before printing out formatted data bytes. Change-Id: Iadd01247f0cba4190f99990bdf48e38351580a56 --- examples/misc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/misc.c b/examples/misc.c index e5c76d3..8672fd9 100644 --- a/examples/misc.c +++ b/examples/misc.c @@ -11,5 +11,6 @@ void dump_hex(const char *buf, size_t dump_size, const char *fmt, ...) va_start(ap, fmt); vprintf(fmt, ap); va_end(ap); + putchar('\n'); BIO_dump_fp(stdout, buf, dump_size); } -- 2.7.4 From 5cfcdf2db3a35e35334d67d5d5091c2ac00c467a Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Wed, 20 Apr 2016 15:28:15 +0200 Subject: [PATCH 09/16] Split ECC key types into ECDSA and ECDH Change-Id: I58b90609886d529cc1b387c56dd544977e5b6803 --- api/yaca/types.h | 34 +++++++++++++++++++--------------- examples/key_exchange.c | 4 ++-- src/key.c | 27 +++++++++++++++------------ 3 files changed, 36 insertions(+), 29 deletions(-) diff --git a/api/yaca/types.h b/api/yaca/types.h index c4e52b8..19428df 100644 --- a/api/yaca/types.h +++ b/api/yaca/types.h @@ -60,26 +60,30 @@ typedef enum { * @brief Key types, IV is considered as key */ typedef enum { - YACA_KEY_TYPE_SYMMETRIC, /**< Generic symmetric cipher KEY */ - YACA_KEY_TYPE_DES, /**< DES* key - must be handled differently because of parity bits */ - YACA_KEY_TYPE_IV, /**< IV for symmetric algorithms */ + YACA_KEY_TYPE_SYMMETRIC, /**< Generic symmetric cipher KEY */ + YACA_KEY_TYPE_DES, /**< DES* key - must be handled differently because of parity bits */ + YACA_KEY_TYPE_IV, /**< Initialization Vector for symmetric algorithms */ - YACA_KEY_TYPE_RSA_PUB, /**< RSA public key */ - YACA_KEY_TYPE_RSA_PRIV, /**< RSA private key */ + YACA_KEY_TYPE_RSA_PUB, /**< RSA public key */ + YACA_KEY_TYPE_RSA_PRIV, /**< RSA private key */ - YACA_KEY_TYPE_DSA_PUB, /**< DSA public key */ - YACA_KEY_TYPE_DSA_PRIV, /**< DSA private key */ + YACA_KEY_TYPE_DSA_PUB, /**< Digital Signature Algorithm public key */ + YACA_KEY_TYPE_DSA_PRIV, /**< Digital Signature Algorithm private key */ - YACA_KEY_TYPE_DH_PUB, /**< Diffie-Hellman public key */ - YACA_KEY_TYPE_DH_PRIV, /**< Diffie-Hellman private key */ + YACA_KEY_TYPE_DH_PUB, /**< Diffie-Hellman public key */ + YACA_KEY_TYPE_DH_PRIV, /**< Diffie-Hellman private key */ - YACA_KEY_TYPE_ECC_PUB, /**< ECC public key */ - YACA_KEY_TYPE_ECC_PRIV, /**< ECC private key */ + YACA_KEY_TYPE_ECDSA_PUB, /**< Elliptic Curve Digital Signature Algorithm public key */ + YACA_KEY_TYPE_ECDSA_PRIV, /**< Elliptic Curve Digital Signature Algorithm private key */ - YACA_KEY_TYPE_PAIR_RSA, /**< Pair of RSA keys */ - YACA_KEY_TYPE_PAIR_DSA, /**< Pair of DSA keys */ - YACA_KEY_TYPE_PAIR_DH, /**< Pair of Diffie-Hellman keys */ - YACA_KEY_TYPE_PAIR_ECC /**< Pair of ECC keys */ + YACA_KEY_TYPE_ECDH_PUB, /**< Elliptic Curve Diffie-Hellman public key */ + YACA_KEY_TYPE_ECDH_PRIV, /**< Elliptic Curve Diffie-Hellman private key */ + + YACA_KEY_TYPE_PAIR_RSA, /**< Pair of RSA keys */ + YACA_KEY_TYPE_PAIR_DSA, /**< Pair of DSA keys */ + YACA_KEY_TYPE_PAIR_DH, /**< Pair of DH keys */ + YACA_KEY_TYPE_PAIR_ECDSA, /**< Pair of ECDSA keys */ + YACA_KEY_TYPE_PAIR_ECDH /**< Pair of ECDH keys */ } yaca_key_type_e; /** diff --git a/examples/key_exchange.c b/examples/key_exchange.c index 2377c20..82db88a 100644 --- a/examples/key_exchange.c +++ b/examples/key_exchange.c @@ -100,7 +100,7 @@ void key_exchange_ecdh(void) long size; // generate private, public key - ret = yaca_key_gen_pair(&private_key, &public_key, YACA_KEY_TYPE_PAIR_ECC, YACA_KEY_CURVE_P256); + ret = yaca_key_gen_pair(&private_key, &public_key, YACA_KEY_TYPE_PAIR_ECDH, YACA_KEY_CURVE_P256); if (ret < 0) goto clean; @@ -122,7 +122,7 @@ void key_exchange_ecdh(void) if (1 != fread(buffer, size, 1, fp)) goto clean; - ret = yaca_key_import(&peer_key, YACA_KEY_FORMAT_RAW, YACA_KEY_TYPE_ECC_PUB, buffer, size); + ret = yaca_key_import(&peer_key, YACA_KEY_FORMAT_RAW, YACA_KEY_TYPE_ECDH_PUB, buffer, size); if (ret < 0) goto clean; diff --git a/src/key.c b/src/key.c index f5aa42c..3fbd596 100644 --- a/src/key.c +++ b/src/key.c @@ -212,18 +212,21 @@ API int yaca_key_gen(yaca_key_h *sym_key, case YACA_KEY_TYPE_IV: break; case YACA_KEY_TYPE_DES: - case YACA_KEY_TYPE_RSA_PUB: /**< RSA public key */ - case YACA_KEY_TYPE_RSA_PRIV: /**< RSA private key */ - case YACA_KEY_TYPE_DSA_PUB: /**< DSA public key */ - case YACA_KEY_TYPE_DSA_PRIV: /**< DSA private key */ - case YACA_KEY_TYPE_DH_PUB: /**< Diffie-Hellman public key */ - case YACA_KEY_TYPE_DH_PRIV: /**< Diffie-Hellman private key */ - case YACA_KEY_TYPE_ECC_PUB: /**< ECC public key */ - case YACA_KEY_TYPE_ECC_PRIV: /**< ECC private key */ - case YACA_KEY_TYPE_PAIR_RSA: /**< Pair of RSA keys */ - case YACA_KEY_TYPE_PAIR_DSA: /**< Pair of DSA keys */ - case YACA_KEY_TYPE_PAIR_DH: /**< Pair of Diffie-Hellman keys */ - case YACA_KEY_TYPE_PAIR_ECC: /**< Pair of ECC keys */ + case YACA_KEY_TYPE_RSA_PUB: /* RSA public key */ + case YACA_KEY_TYPE_RSA_PRIV: /* RSA private key */ + case YACA_KEY_TYPE_DSA_PUB: /* DSA public key */ + case YACA_KEY_TYPE_DSA_PRIV: /* DSA private key */ + case YACA_KEY_TYPE_DH_PUB: /* DH public key */ + case YACA_KEY_TYPE_DH_PRIV: /* DH private key */ + case YACA_KEY_TYPE_ECDSA_PUB: /* ECDSA public key */ + case YACA_KEY_TYPE_ECDSA_PRIV: /* ECDSA private key */ + case YACA_KEY_TYPE_ECDH_PUB: /* ECDH public key */ + case YACA_KEY_TYPE_ECDH_PRIV: /* ECDH private key */ + case YACA_KEY_TYPE_PAIR_RSA: /* Pair of RSA keys */ + case YACA_KEY_TYPE_PAIR_DSA: /* Pair of DSA keys */ + case YACA_KEY_TYPE_PAIR_DH: /* Pair of DH keys */ + case YACA_KEY_TYPE_PAIR_ECDSA: /* Pair of ECDSA keys */ + case YACA_KEY_TYPE_PAIR_ECDH: /* Pair of ECDH keys */ return YACA_ERROR_NOT_IMPLEMENTED; default: return YACA_ERROR_INVALID_ARGUMENT; -- 2.7.4 From 5e2949b23829e35ab7d24e7d5589cb4663ae6835 Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Tue, 12 Apr 2016 13:42:52 +0200 Subject: [PATCH 10/16] Sign/verify initial implementation. Examples to follow. Change-Id: I31205fdbb897011b2cf5cbff02acbae396e95205 --- api/yaca/error.h | 2 +- src/sign.c | 353 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 346 insertions(+), 9 deletions(-) diff --git a/api/yaca/error.h b/api/yaca/error.h index e8d11ed..1e5ee16 100644 --- a/api/yaca/error.h +++ b/api/yaca/error.h @@ -33,7 +33,7 @@ extern "C" { enum __yaca_error_code { YACA_ERROR_INVALID_ARGUMENT = -1, - YACA_ERROR_NOT_IMPLEMENTED= -2, + YACA_ERROR_NOT_IMPLEMENTED = -2, YACA_ERROR_OPENSSL_FAILURE = -3, YACA_ERROR_NOT_SUPPORTED = -4, YACA_ERROR_TOO_BIG_ARGUMENT = -5, diff --git a/src/sign.c b/src/sign.c index 2f37c0f..aee4c8c 100644 --- a/src/sign.c +++ b/src/sign.c @@ -18,52 +18,389 @@ #include -#include -#include +#include #include #include #include "internal.h" +/* Operation type saved in context to recognize what + * type of operation is performed and how to perform it. +*/ +enum sign_op_type { + OP_SIGN = 0, + OP_VERIFY_SYMMETRIC = 1, + OP_VERIFY_ASYMMETRIC = 2 +}; + +struct yaca_sign_ctx_s +{ + struct yaca_ctx_s ctx; + + EVP_MD_CTX *mdctx; + enum sign_op_type op_type; +}; + +static struct yaca_sign_ctx_s *get_sign_ctx(const yaca_ctx_h ctx) +{ + if (ctx == YACA_CTX_NULL) + return NULL; + + switch (ctx->type) + { + case YACA_CTX_SIGN: + return (struct yaca_sign_ctx_s *)ctx; + default: + return NULL; + } +} + +static int get_sign_output_length(const yaca_ctx_h ctx, size_t input_len) +{ + struct yaca_sign_ctx_s *c = get_sign_ctx(ctx); + + if (c == NULL || c->mdctx == NULL || c->mdctx->pctx == NULL) + return YACA_ERROR_INVALID_ARGUMENT; + + EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(c->mdctx->pctx); + if (pkey == NULL) + return YACA_ERROR_INVALID_ARGUMENT; + + size_t len = EVP_PKEY_size(pkey); + if (len <= 0) + return YACA_ERROR_INVALID_ARGUMENT; + + return len; +} + +static void destroy_sign_context(yaca_ctx_h ctx) +{ + struct yaca_sign_ctx_s *c = get_sign_ctx(ctx); + + if (c == NULL) + return; + + EVP_MD_CTX_destroy(c->mdctx); + c->mdctx = NULL; +} + +static int create_sign_pkey(const yaca_key_h key, EVP_PKEY **pkey) +{ + const struct yaca_key_simple_s *simple_key = key_get_simple(key); + const struct yaca_key_evp_s *evp_key = key_get_evp(key); + + if (pkey == NULL) + return YACA_ERROR_INVALID_ARGUMENT; + + if (simple_key != NULL) + { + *pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, + NULL, + (unsigned char *)simple_key->d, + simple_key->bits / 8); + if (*pkey == NULL) + return YACA_ERROR_OPENSSL_FAILURE; + + return 0; + } + + if (evp_key != NULL) + { + *pkey = evp_key->evp; + /* Add a reference so we can free it afterwards anyway */ + CRYPTO_add(&(*pkey)->references, 1, CRYPTO_LOCK_EVP_PKEY); + + return 0; + } + + return YACA_ERROR_INVALID_ARGUMENT; +} + +/* TODO: error checking? + * should DES and IV keys be rejected by us or silently let them work? + */ API int yaca_sign_init(yaca_ctx_h *ctx, yaca_digest_algo_e algo, const yaca_key_h key) { - return YACA_ERROR_NOT_IMPLEMENTED; + struct yaca_sign_ctx_s *nc = NULL; + EVP_PKEY *pkey; + const EVP_MD *md; + int ret; + + if (ctx == NULL) + return YACA_ERROR_INVALID_ARGUMENT; + + ret = create_sign_pkey(key, &pkey); + if (ret != 0) + return ret; + + // TODO: use zalloc when available + nc = yaca_malloc(sizeof(struct yaca_sign_ctx_s)); + if (nc == NULL) { + ret = YACA_ERROR_OUT_OF_MEMORY; + goto free_key; + } + + nc->ctx.type = YACA_CTX_SIGN; + nc->ctx.ctx_destroy = destroy_sign_context; + nc->ctx.get_output_length = get_sign_output_length; + + switch (key->type) + { + case YACA_KEY_TYPE_SYMMETRIC: + case YACA_KEY_TYPE_RSA_PRIV: + nc->op_type = OP_SIGN; + break; + case YACA_KEY_TYPE_DSA_PRIV: + case YACA_KEY_TYPE_ECDSA_PRIV: + ret = YACA_ERROR_NOT_IMPLEMENTED; + goto free_ctx; + default: + ret = YACA_ERROR_INVALID_ARGUMENT; + goto free_ctx; + } + + ret = digest_get_algorithm(algo, &md); + if (ret != 0) + goto free_ctx; + + nc->mdctx = EVP_MD_CTX_create(); + if (nc->mdctx == NULL) { + ret = YACA_ERROR_OPENSSL_FAILURE; + goto free_ctx; + } + + ret = EVP_DigestSignInit(nc->mdctx, NULL, md, NULL, pkey); + if (ret == -2) { + ret = YACA_ERROR_NOT_SUPPORTED; + goto ctx; + } + if (ret != 1) { + ret = YACA_ERROR_OPENSSL_FAILURE; + goto ctx; + } + + *ctx = (yaca_ctx_h)nc; + + ret = 0; + +ctx: + if (ret != 0) + EVP_MD_CTX_destroy(nc->mdctx); +free_ctx: + if (ret != 0) + yaca_free(nc); +free_key: + EVP_PKEY_free(pkey); + + return ret; } API int yaca_sign_update(yaca_ctx_h ctx, const char *data, size_t data_len) { - return YACA_ERROR_NOT_IMPLEMENTED; + struct yaca_sign_ctx_s *c = get_sign_ctx(ctx); + int ret; + + if (c == NULL || c->op_type != OP_SIGN || + data == NULL || data_len == 0) + return YACA_ERROR_INVALID_ARGUMENT; + + ret = EVP_DigestSignUpdate(c->mdctx, data, data_len); + if (ret == -2) + return YACA_ERROR_NOT_SUPPORTED; + if (ret != 1) + return YACA_ERROR_OPENSSL_FAILURE; + + return 0; } API int yaca_sign_final(yaca_ctx_h ctx, char *mac, size_t *mac_len) { - return YACA_ERROR_NOT_IMPLEMENTED; + struct yaca_sign_ctx_s *c = get_sign_ctx(ctx); + int ret; + + if (c == NULL || c->op_type != OP_SIGN || + mac == NULL || mac_len == NULL || *mac_len == 0) + return YACA_ERROR_INVALID_ARGUMENT; + + ret = EVP_DigestSignFinal(c->mdctx, (unsigned char *)mac, mac_len); + if (ret == -2) + return YACA_ERROR_NOT_SUPPORTED; + if (ret != 1) + return YACA_ERROR_OPENSSL_FAILURE; + + return 0; } API int yaca_verify_init(yaca_ctx_h *ctx, yaca_digest_algo_e algo, const yaca_key_h key) { - return YACA_ERROR_NOT_IMPLEMENTED; + struct yaca_sign_ctx_s *nc = NULL; + EVP_PKEY *pkey; + const EVP_MD *md; + int ret; + + if (ctx == NULL) + return YACA_ERROR_INVALID_ARGUMENT; + + ret = create_sign_pkey(key, &pkey); + if (ret != 0) + return ret; + + // TODO: use zalloc when available + nc = yaca_malloc(sizeof(struct yaca_sign_ctx_s)); + if (nc == NULL) { + ret = YACA_ERROR_OUT_OF_MEMORY; + goto free_key; + } + + nc->ctx.type = YACA_CTX_SIGN; + nc->ctx.ctx_destroy = destroy_sign_context; + nc->ctx.get_output_length = NULL; + + switch (key->type) + { + case YACA_KEY_TYPE_SYMMETRIC: + nc->op_type = OP_VERIFY_SYMMETRIC; + break; + case YACA_KEY_TYPE_RSA_PUB: + nc->op_type = OP_VERIFY_ASYMMETRIC; + break; + case YACA_KEY_TYPE_DSA_PUB: + case YACA_KEY_TYPE_ECDSA_PUB: + ret = YACA_ERROR_NOT_IMPLEMENTED; + goto free_ctx; + default: + ret = YACA_ERROR_INVALID_ARGUMENT; + goto free_ctx; + } + + ret = digest_get_algorithm(algo, &md); + if (ret < 0) + goto free_ctx; + + nc->mdctx = EVP_MD_CTX_create(); + if (nc->mdctx == NULL) { + ret = YACA_ERROR_OPENSSL_FAILURE; + goto free_ctx; + } + + switch (nc->op_type) + { + case OP_VERIFY_SYMMETRIC: + ret = EVP_DigestSignInit(nc->mdctx, NULL, md, NULL, pkey); + break; + case OP_VERIFY_ASYMMETRIC: + ret = EVP_DigestVerifyInit(nc->mdctx, NULL, md, NULL, pkey); + break; + default: + ret = YACA_ERROR_INVALID_ARGUMENT; + goto ctx; + } + + if (ret == -2) { + ret = YACA_ERROR_NOT_SUPPORTED; + goto ctx; + } + if (ret != 1) { + ret = YACA_ERROR_OPENSSL_FAILURE; + goto ctx; + } + + *ctx = (yaca_ctx_h)nc; + + ret = 0; + +ctx: + if (ret != 0) + EVP_MD_CTX_destroy(nc->mdctx); +free_ctx: + if (ret != 0) + yaca_free(nc); +free_key: + EVP_PKEY_free(pkey); + + return ret; } API int yaca_verify_update(yaca_ctx_h ctx, const char *data, size_t data_len) { - return YACA_ERROR_NOT_IMPLEMENTED; + struct yaca_sign_ctx_s *c = get_sign_ctx(ctx); + int ret; + + if (c == NULL || data == NULL || data_len == 0) + return YACA_ERROR_INVALID_ARGUMENT; + + switch (c->op_type) + { + case OP_VERIFY_SYMMETRIC: + ret = EVP_DigestSignUpdate(c->mdctx, data, data_len); + break; + case OP_VERIFY_ASYMMETRIC: + ret = EVP_DigestVerifyUpdate(c->mdctx, data, data_len); + break; + default: + return YACA_ERROR_INVALID_ARGUMENT; + } + + if (ret == -2) + return YACA_ERROR_NOT_SUPPORTED; + if (ret != 1) + return YACA_ERROR_OPENSSL_FAILURE; + + return 0; } API int yaca_verify_final(yaca_ctx_h ctx, const char *mac, size_t mac_len) { - return YACA_ERROR_NOT_IMPLEMENTED; + struct yaca_sign_ctx_s *c = get_sign_ctx(ctx); + char mac_cmp[mac_len]; + size_t mac_cmp_len = mac_len; + int ret; + + if (c == NULL || mac == NULL || mac_len == 0) + return YACA_ERROR_INVALID_ARGUMENT; + + switch (c->op_type) + { + case OP_VERIFY_SYMMETRIC: + ret = EVP_DigestSignFinal(c->mdctx, + (unsigned char *)mac_cmp, + &mac_cmp_len); + if (ret == -2) + return YACA_ERROR_NOT_SUPPORTED; + if (ret != 1) + return YACA_ERROR_OPENSSL_FAILURE; + + if (mac_len != mac_cmp_len || + CRYPTO_memcmp(mac, mac_cmp, mac_len) != 0) + return YACA_ERROR_SIGNATURE_INVALID; + + return 0; + case OP_VERIFY_ASYMMETRIC: + ret = EVP_DigestVerifyFinal(c->mdctx, + (unsigned char *)mac, + mac_len); + if (ret == 0) + return YACA_ERROR_SIGNATURE_INVALID; + if (ret == -2) + return YACA_ERROR_NOT_SUPPORTED; + if (ret != 1) + return YACA_ERROR_OPENSSL_FAILURE; + + return 0; + default: + return YACA_ERROR_INVALID_ARGUMENT; + } } -- 2.7.4 From 6832d413b26b5596a7722e5ab33e2d20dfd30cf3 Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Thu, 14 Apr 2016 16:56:31 +0200 Subject: [PATCH 11/16] Examples reviewed and simplified after RSA/HMAC sign implementation. Change-Id: I4b771695346d77ff0a133a6907e701de6fcfe856 --- examples/sign.c | 179 +++++++++++++++++++++++++------------------------------- 1 file changed, 80 insertions(+), 99 deletions(-) diff --git a/examples/sign.c b/examples/sign.c index dbec172..f8f7bec 100644 --- a/examples/sign.c +++ b/examples/sign.c @@ -25,76 +25,11 @@ #include #include #include -#include "misc.h" - -size_t IDX = 0; -size_t MAX_IDX = 2345; -const size_t SIZE = 666; - -void reset() -{ - IDX = 0; -} - -size_t read_data(char* buffer, size_t size) -{ - size_t i = 0; - - for(; i < size && IDX < MAX_IDX; i++, IDX++) - buffer[i] = IDX%0xff; - - return i; -} - -int sign(yaca_ctx_h ctx, char** signature, size_t* signature_len) -{ - char buffer[SIZE]; - - reset(); - for (;;) { - size_t read = read_data(buffer, SIZE); - if (read == 0) - break; - - if (yaca_sign_update(ctx, buffer, read)) - return -1; - } - - // TODO: is it a size in bytes or length in characters? - *signature_len = yaca_get_digest_length(ctx); - *signature = (char*)yaca_malloc(*signature_len); - - // TODO: yaca_get_digest_length() returns int but yaca_sign_final accepts size_t. Use common type. - if (yaca_sign_final(ctx, *signature, signature_len)) - return -1; - - dump_hex(*signature, *signature_len, "Message signature: "); - return 0; -} - -int verify(yaca_ctx_h ctx, const char* signature, size_t signature_len) -{ - char buffer[SIZE]; - - reset(); - for (;;) { - size_t read = read_data(buffer, SIZE); - if (read == 0) - break; - - if (yaca_verify_update(ctx, buffer, read)) - return -1; - } - - // TODO: use int or size_t for output sizes - if (yaca_verify_final(ctx, signature, (size_t)signature_len)) - return -1; - - printf("Verification succeeded\n"); +#include "lorem.h" +#include "misc.h" - return 0; -} +#define PADDING_IMPLEMENTED 0 // Signature creation and verification using advanced API void sign_verify_rsa(void) @@ -105,43 +40,59 @@ void sign_verify_rsa(void) yaca_ctx_h ctx = YACA_CTX_NULL; yaca_key_h prv = YACA_KEY_NULL; yaca_key_h pub = YACA_KEY_NULL; +#if PADDING_IMPLEMENTED yaca_padding_e padding = YACA_PADDING_PKCS1; - +#endif // GENERATE - - if (yaca_key_gen_pair(&prv, &pub, YACA_KEY_TYPE_PAIR_RSA, YACA_KEY_4096BIT)) + if (yaca_key_gen_pair(&prv, &pub, YACA_KEY_TYPE_PAIR_RSA, YACA_KEY_4096BIT) != 0) return; - // SIGN - - if (yaca_sign_init(&ctx, YACA_DIGEST_SHA512, prv)) + if (yaca_sign_init(&ctx, YACA_DIGEST_SHA512, prv) != 0) goto finish; +#if PADDING_IMPLEMENTED // TODO: yaca_ctx_set_param should take void* not char* - if (yaca_ctx_set_param(ctx, YACA_PARAM_PADDING, (char*)(&padding), sizeof(padding))) + if (yaca_ctx_set_param(ctx, YACA_PARAM_PADDING, (char*)(&padding), sizeof(padding)) != 0) + goto finish; +#endif + + if (yaca_sign_update(ctx, lorem4096, LOREM4096_SIZE) != 0) + goto finish; + + if ((signature_len = yaca_get_sign_length(ctx)) <= 0) goto finish; - if (sign(ctx, &signature, &signature_len)) + if ((signature = yaca_malloc(signature_len)) == NULL) goto finish; - // TODO: is this necessary or will next ctx init handle it? + if (yaca_sign_final(ctx, signature, &signature_len) != 0) + goto finish; + + dump_hex(signature, signature_len, "RSA Signature of lorem4096:"); + + // CLEANUP yaca_ctx_free(ctx); ctx = YACA_CTX_NULL; - // VERIFY - - if (yaca_verify_init(&ctx, YACA_DIGEST_SHA512, pub)) + if (yaca_verify_init(&ctx, YACA_DIGEST_SHA512, pub) != 0) goto finish; - if (yaca_ctx_set_param(ctx, YACA_PARAM_PADDING, (char*)(&padding), sizeof(padding))) +#if PADDING_IMPLEMENTED + if (yaca_ctx_set_param(ctx, YACA_PARAM_PADDING, (char*)(&padding), sizeof(padding)) != 0) goto finish; +#endif - if (verify(ctx, signature, signature_len)) + if (yaca_verify_update(ctx, lorem4096, LOREM4096_SIZE) != 0) goto finish; + if (yaca_verify_final(ctx, signature, signature_len) != 0) + printf("RSA verification failed\n"); + else + printf("RSA verification succesful\n"); + finish: yaca_free(signature); yaca_key_free(prv); @@ -157,29 +108,44 @@ void sign_verify_hmac(void) yaca_ctx_h ctx = YACA_CTX_NULL; yaca_key_h key = YACA_KEY_NULL; - // GENERATE - - if (yaca_key_gen(&key, YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_256BIT)) + if (yaca_key_gen(&key, YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_256BIT) != 0) return; // SIGN + if (yaca_sign_init(&ctx, YACA_DIGEST_SHA512, key) != 0) + goto finish; - if (yaca_sign_init(&ctx, YACA_DIGEST_SHA512, key)) + if (yaca_sign_update(ctx, lorem4096, LOREM4096_SIZE) != 0) goto finish; - if (sign(ctx, &signature, &signature_len)) + if ((signature_len = yaca_get_sign_length(ctx)) <= 0) goto finish; + if ((signature = yaca_malloc(signature_len)) == NULL) + goto finish; - // VERIFY + if (yaca_sign_final(ctx, signature, &signature_len) != 0) + goto finish; + + dump_hex(signature, signature_len, "HMAC Signature of lorem4096:"); + + // CLEANUP + yaca_ctx_free(ctx); + ctx = YACA_CTX_NULL; - if (yaca_verify_init(&ctx, YACA_DIGEST_SHA512, key)) + // VERIFY + if (yaca_verify_init(&ctx, YACA_DIGEST_SHA512, key) != 0) goto finish; - if (verify(ctx, signature, signature_len)) + if (yaca_verify_update(ctx, lorem4096, LOREM4096_SIZE) != 0) goto finish; + if (yaca_verify_final(ctx, signature, signature_len) != 0) + printf("HMAC verification failed\n"); + else + printf("HMAC verification succesful\n"); + finish: yaca_free(signature); yaca_key_free(key); @@ -194,36 +160,51 @@ void sign_verify_cmac(void) yaca_ctx_h ctx = YACA_CTX_NULL; yaca_key_h key = YACA_KEY_NULL; - // GENERATE - - if( yaca_key_gen(&key, YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_256BIT)) + if (yaca_key_gen(&key, YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_256BIT)) return; // SIGN // TODO: CMAC must extract the key length to select the proper evp (EVP_aes_XXX_cbc()) it should be documented - if( yaca_sign_init(&ctx, YACA_DIGEST_CMAC, key)) + if (yaca_sign_init(&ctx, YACA_DIGEST_CMAC, key) != 0) goto finish; - if( sign(ctx, &signature, &signature_len)) + if (yaca_sign_update(ctx, lorem4096, LOREM4096_SIZE)) goto finish; + if ((signature_len = yaca_get_sign_length(ctx)) <= 0) + goto finish; - // VERIFY + if ((signature = yaca_malloc(signature_len)) == NULL) + goto finish; - if( yaca_verify_init(&ctx, YACA_DIGEST_CMAC, key)) + if (yaca_sign_final(ctx, signature, &signature_len)) goto finish; - if( verify(ctx, signature, signature_len)) + dump_hex(signature, signature_len, "CMAC Signature of lorem4096:"); + + // CLEANUP + yaca_ctx_free(ctx); + ctx = YACA_CTX_NULL; + + // VERIFY + if (yaca_verify_init(&ctx, YACA_DIGEST_CMAC, key) != 0) goto finish; + if (yaca_verify_update(ctx, lorem4096, LOREM4096_SIZE) != 0) + goto finish; + + if (yaca_verify_final(ctx, signature, signature_len) != 0) + printf("CMAC verification failed\n"); + else + printf("CMAC verification succesful\n"); + finish: yaca_free(signature); yaca_key_free(key); yaca_ctx_free(ctx); } - int main() { int ret = yaca_init(); -- 2.7.4 From 9efcc3699a73004520fc01d10d3460d8a43394bf Mon Sep 17 00:00:00 2001 From: Dariusz Michaluk Date: Thu, 21 Apr 2016 11:45:31 +0200 Subject: [PATCH 12/16] Bugfix: yaca_encrypt_final used in decryption Change-Id: I26f60bc9adfd8e55390a1522c6d36197cccc46b5 --- examples/encrypt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/encrypt.c b/examples/encrypt.c index eb8f3ce..303bcd7 100644 --- a/examples/encrypt.c +++ b/examples/encrypt.c @@ -207,7 +207,7 @@ void encrypt_advanced(void) goto ex_in; rem = dec_size - out_size; - ret = yaca_encrypt_final(ctx, dec + out_size, &rem); + ret = yaca_decrypt_final(ctx, dec + out_size, &rem); if (ret < 0) goto ex_in; -- 2.7.4 From d3ada7279a4bfd452f1eae81a40bf7c5ea549976 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Thu, 21 Apr 2016 13:15:53 +0200 Subject: [PATCH 13/16] Add helper functions for openssl error handling Change-Id: Ibc20d9e37bc2d90a92646e1115d9a1b63f5342e6 --- api/yaca/error.h | 18 ++++++++++++ src/crypto.c | 3 ++ src/error.c | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ src/internal.h | 3 ++ 4 files changed, 110 insertions(+) create mode 100644 src/error.c diff --git a/api/yaca/error.h b/api/yaca/error.h index 1e5ee16..5012c34 100644 --- a/api/yaca/error.h +++ b/api/yaca/error.h @@ -41,6 +41,24 @@ enum __yaca_error_code { YACA_ERROR_SIGNATURE_INVALID = -7 }; +// TODO disable debug function in release? + +/** + * @brief Debug callback type. + */ +typedef void (*yaca_debug_func)(const char*); + +/** + * @brief yaca_error_set_debug_func Sets a current thread debug callback that will be called each + * time an internal error occurs. A NULL terminated string with + * location and description of the error will be passed as an + * argument. + * + * @param[in] fn Function to set as internal error callback. + */ +void yaca_error_set_debug_func(yaca_debug_func fn); + + #ifdef __cplusplus } /* extern */ #endif diff --git a/src/crypto.c b/src/crypto.c index 2ffb10c..4cc313f 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include @@ -46,6 +47,8 @@ API int yaca_init(void) API void yaca_exit(void) { + ERR_free_strings(); + ERR_remove_thread_state(NULL); EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); } diff --git a/src/error.c b/src/error.c new file mode 100644 index 0000000..140d1b4 --- /dev/null +++ b/src/error.c @@ -0,0 +1,86 @@ +/* + * Copyright (c) 2000 - 2016 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file error.c + * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) + */ + +#include +#include +#include + +#include + +#include +#include "internal.h" + +// TODO any better idea than to use __thread? +static __thread yaca_debug_func debug_fn = NULL; +static bool error_strings_loaded = false; + +API void yaca_error_set_debug_func(yaca_debug_func fn) +{ + debug_fn = fn; +} + +// TODO use peeking function to intercept common errors +//unsigned long ERR_peek_error(); + +void error_dump(const char *file, int line, const char *function, int code) +{ + if (debug_fn == NULL) + return; + + static const size_t BUF_SIZE = 512; + static const char ELLIPSIS[] = "...\n"; + static const size_t ELLIPSIS_SIZE = sizeof(ELLIPSIS) / sizeof(ELLIPSIS[0]); + char buf[BUF_SIZE]; + unsigned long err; + size_t written; + + written = snprintf(buf, BUF_SIZE, "%s:%d %s() API error: %d\n", file, line, function, code); + + while ((err = ERR_get_error()) != 0 && written < BUF_SIZE - 1) { + if (!error_strings_loaded) { + /* + * Both these functions are thread-safe as long as static locks are + * installed according to doc so calling them twice won't break + * anything and I don't want to use synchronization mechanisms + * here. + */ + ERR_load_crypto_strings(); + ERR_clear_error(); + error_strings_loaded = true; + } + + ERR_error_string_n(err, buf + written, BUF_SIZE - written); + written = strlen(buf); /* I trust you, openssl */ + if (written < BUF_SIZE - 1) { + buf[written] = '\n'; + written++; + } + } + + if (written >= BUF_SIZE - 1) { + strncpy(buf + BUF_SIZE - ELLIPSIS_SIZE, ELLIPSIS, ELLIPSIS_SIZE); + written = BUF_SIZE - 1; + ERR_clear_error(); + } + buf[written] = '\0'; + + (*debug_fn)(buf); +} + diff --git a/src/internal.h b/src/internal.h index 25f0edc..2b5dc9f 100644 --- a/src/internal.h +++ b/src/internal.h @@ -94,4 +94,7 @@ int digest_get_algorithm(yaca_digest_algo_e algo, const EVP_MD **md); struct yaca_key_simple_s *key_get_simple(const yaca_key_h key); struct yaca_key_evp_s *key_get_evp(const yaca_key_h key); +void error_dump(const char *file, int line, const char *function, int code); +#define ERROR_DUMP(code) error_dump(__FILE__, __LINE__, __FUNCTION__, (code)) + #endif -- 2.7.4 From a943253129d8c399bd7f78dc506cebe01468abed Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Thu, 21 Apr 2016 12:51:54 +0200 Subject: [PATCH 14/16] Dump openssl errors after each failure Change-Id: Ie665574073d00e29a451fcd799488efa35023bbb --- src/crypto.c | 10 +++++-- src/digest.c | 20 ++++++++++---- src/encrypt.c | 38 +++++++++++++++++-------- src/key.c | 20 +++++++++++--- src/sign.c | 89 ++++++++++++++++++++++++++++++++++++++++------------------- 5 files changed, 125 insertions(+), 52 deletions(-) diff --git a/src/crypto.c b/src/crypto.c index 4cc313f..bfcb358 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -84,12 +84,16 @@ API int yaca_rand_bytes(char *data, size_t data_len) return YACA_ERROR_INVALID_ARGUMENT; ret = RAND_bytes((unsigned char *)data, data_len); - if (ret == -1) - return YACA_ERROR_NOT_SUPPORTED; if (ret == 1) return 0; - return YACA_ERROR_OPENSSL_FAILURE; + if (ret == -1) + ret = YACA_ERROR_NOT_SUPPORTED; + else + ret = YACA_ERROR_OPENSSL_FAILURE; + + ERROR_DUMP(ret); + return ret; } API int yaca_ctx_set_param(yaca_ctx_h ctx, yaca_ex_param_e param, diff --git a/src/digest.c b/src/digest.c index 2a5f01d..e23f7b5 100644 --- a/src/digest.c +++ b/src/digest.c @@ -107,8 +107,10 @@ int digest_get_algorithm(yaca_digest_algo_e algo, const EVP_MD **md) break; } - if (ret == 0 && *md == NULL) + if (ret == 0 && *md == NULL) { ret = YACA_ERROR_OPENSSL_FAILURE; + ERROR_DUMP(ret); + } return ret; } @@ -137,12 +139,14 @@ API int yaca_digest_init(yaca_ctx_h *ctx, yaca_digest_algo_e algo) nc->mdctx = EVP_MD_CTX_create(); if (nc->mdctx == NULL) { ret = YACA_ERROR_OPENSSL_FAILURE; + ERROR_DUMP(ret); goto free; } ret = EVP_DigestInit(nc->mdctx, md); if (ret != 1) { ret = YACA_ERROR_OPENSSL_FAILURE; + ERROR_DUMP(ret); goto ctx; } @@ -166,8 +170,11 @@ API int yaca_digest_update(yaca_ctx_h ctx, const char *data, size_t data_len) return YACA_ERROR_INVALID_ARGUMENT; ret = EVP_DigestUpdate(c->mdctx, data, data_len); - if (ret != 1) - return YACA_ERROR_OPENSSL_FAILURE; + if (ret != 1) { + ret = YACA_ERROR_OPENSSL_FAILURE; + ERROR_DUMP(ret); + return ret; + } return 0; } @@ -185,8 +192,11 @@ API int yaca_digest_final(yaca_ctx_h ctx, char *digest, size_t *digest_len) return YACA_ERROR_INVALID_ARGUMENT; ret = EVP_DigestFinal_ex(c->mdctx, (unsigned char*)digest, &len); - if (ret != 1) - return YACA_ERROR_OPENSSL_FAILURE; + if (ret != 1) { + ret = YACA_ERROR_OPENSSL_FAILURE; + ERROR_DUMP(ret); + return ret; + } *digest_len = len; diff --git a/src/encrypt.c b/src/encrypt.c index 5aeecf7..a18a05c 100644 --- a/src/encrypt.c +++ b/src/encrypt.c @@ -77,8 +77,10 @@ static int get_encrypt_output_length(const yaca_ctx_h ctx, size_t input_len) return YACA_ERROR_INVALID_ARGUMENT; block_size = EVP_CIPHER_CTX_block_size(nc->cipher_ctx); - if (block_size == 0) - return YACA_ERROR_OPENSSL_FAILURE; // TODO: extract openssl error here + if (block_size == 0) { + ERROR_DUMP(YACA_ERROR_OPENSSL_FAILURE); + return YACA_ERROR_OPENSSL_FAILURE; + } if (input_len > 0) return block_size + input_len - 1; @@ -155,8 +157,11 @@ int get_encrypt_algorithm(yaca_enc_algo_e algo, return YACA_ERROR_INVALID_ARGUMENT; lcipher = EVP_get_cipherbyname(cipher_name); - if (lcipher == NULL) - return YACA_ERROR_OPENSSL_FAILURE; // TODO: yaca_get_error_code_from_openssl(ret); + if (lcipher == NULL) { + ret = YACA_ERROR_OPENSSL_FAILURE; + ERROR_DUMP(ret); + return ret; + } *cipher = lcipher; return 0; @@ -204,8 +209,11 @@ static int encrypt_init(yaca_ctx_h *ctx, goto err_free; ret = EVP_CIPHER_iv_length(cipher); - if (ret < 0) + if (ret < 0) { + ret = YACA_ERROR_OPENSSL_FAILURE; + ERROR_DUMP(ret); goto err_free; + } iv_bits = ret * 8; if (iv_bits == 0 && iv != NULL) { /* 0 -> cipher doesn't use iv, but it was provided */ @@ -227,7 +235,8 @@ static int encrypt_init(yaca_ctx_h *ctx, nc->cipher_ctx = EVP_CIPHER_CTX_new(); if (nc->cipher_ctx == NULL) { - ret = YACA_ERROR_OPENSSL_FAILURE; // TODO: yaca_get_error_code_from_openssl(ret); + ret = YACA_ERROR_OPENSSL_FAILURE; + ERROR_DUMP(ret); goto err_free; } @@ -248,7 +257,8 @@ static int encrypt_init(yaca_ctx_h *ctx, } if (ret != 1) { - ret = YACA_ERROR_OPENSSL_FAILURE; // TODO: yaca_get_error_code_from_openssl(ret); + ret = YACA_ERROR_OPENSSL_FAILURE; + ERROR_DUMP(ret); goto err_ctx; } @@ -292,8 +302,11 @@ static int encrypt_update(yaca_ctx_h ctx, return YACA_ERROR_INVALID_ARGUMENT; } - if (ret != 1) - return YACA_ERROR_OPENSSL_FAILURE; // TODO: yaca_get_error_code_from_openssl(ret); + if (ret != 1) { + ret = YACA_ERROR_OPENSSL_FAILURE; + ERROR_DUMP(ret); + return ret; + } *output_len = loutput_len; return 0; @@ -325,8 +338,11 @@ static int encrypt_final(yaca_ctx_h ctx, return YACA_ERROR_INVALID_ARGUMENT; } - if (ret != 1) - return YACA_ERROR_OPENSSL_FAILURE; // TODO: yaca_get_error_code_from_openssl(ret); + if (ret != 1) { + ret = YACA_ERROR_OPENSSL_FAILURE; + ERROR_DUMP(ret); + return ret; + } *output_len = loutput_len; return 0; diff --git a/src/key.c b/src/key.c index 3fbd596..2debe7d 100644 --- a/src/key.c +++ b/src/key.c @@ -110,8 +110,11 @@ API int yaca_key_get_length(const yaca_key_h key) // TODO: handle ECC keys when they're implemented ret = EVP_PKEY_bits(evp_key->evp); - if (ret <= 0) - return YACA_ERROR_OPENSSL_FAILURE; + if (ret <= 0) { + ret = YACA_ERROR_OPENSSL_FAILURE; + ERROR_DUMP(ret); + return ret; + } return ret; } @@ -288,48 +291,56 @@ API int yaca_key_gen_pair(yaca_key_h *prv_key, bne = BN_new(); if (bne == NULL) { ret = YACA_ERROR_OUT_OF_MEMORY; + ERROR_DUMP(ret); goto free_pub; } ret = BN_set_word(bne, RSA_F4); if (ret != 1) { ret = YACA_ERROR_OPENSSL_FAILURE; + ERROR_DUMP(ret); goto free_bne; } rsa = RSA_new(); if (rsa == NULL) { - ret = YACA_ERROR_OPENSSL_FAILURE; + ret = YACA_ERROR_OUT_OF_MEMORY; + ERROR_DUMP(ret); goto free_bne; } ret = RSA_generate_key_ex(rsa, key_bits, bne, NULL); if (ret != 1) { ret = YACA_ERROR_OPENSSL_FAILURE; + ERROR_DUMP(ret); goto free_rsa; } nk_prv->evp = EVP_PKEY_new(); if (nk_prv->evp == NULL) { ret = YACA_ERROR_OUT_OF_MEMORY; + ERROR_DUMP(ret); goto free_rsa; } nk_pub->evp = EVP_PKEY_new(); if (nk_prv->evp == NULL) { ret = YACA_ERROR_OUT_OF_MEMORY; + ERROR_DUMP(ret); goto free_evp_prv; } ret = EVP_PKEY_assign_RSA(nk_prv->evp, RSAPrivateKey_dup(rsa)); if (ret != 1) { ret = YACA_ERROR_OPENSSL_FAILURE; + ERROR_DUMP(ret); goto free_evp_pub; } ret = EVP_PKEY_assign_RSA(nk_pub->evp, RSAPublicKey_dup(rsa)); if (ret != 1) { ret = YACA_ERROR_OPENSSL_FAILURE; + ERROR_DUMP(ret); goto free_evp_pub; } @@ -428,7 +439,8 @@ API int yaca_key_derive_pbkdf2(const char *password, salt_len, iter, md, key_byte_len, (unsigned char*)nk->d); if (ret != 1) { - ret = YACA_ERROR_OPENSSL_FAILURE; // TODO: yaca_get_error_code_from_openssl(ret); + ret = YACA_ERROR_OPENSSL_FAILURE; + ERROR_DUMP(ret); goto err; } diff --git a/src/sign.c b/src/sign.c index aee4c8c..a77b403 100644 --- a/src/sign.c +++ b/src/sign.c @@ -64,12 +64,16 @@ static int get_sign_output_length(const yaca_ctx_h ctx, size_t input_len) return YACA_ERROR_INVALID_ARGUMENT; EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(c->mdctx->pctx); - if (pkey == NULL) + if (pkey == NULL) { + ERROR_DUMP(YACA_ERROR_INVALID_ARGUMENT); return YACA_ERROR_INVALID_ARGUMENT; + } size_t len = EVP_PKEY_size(pkey); - if (len <= 0) + if (len <= 0) { + ERROR_DUMP(YACA_ERROR_INVALID_ARGUMENT); return YACA_ERROR_INVALID_ARGUMENT; + } return len; } @@ -99,8 +103,10 @@ static int create_sign_pkey(const yaca_key_h key, EVP_PKEY **pkey) NULL, (unsigned char *)simple_key->d, simple_key->bits / 8); - if (*pkey == NULL) + if (*pkey == NULL) { + ERROR_DUMP(YACA_ERROR_OPENSSL_FAILURE); return YACA_ERROR_OPENSSL_FAILURE; + } return 0; } @@ -169,16 +175,19 @@ API int yaca_sign_init(yaca_ctx_h *ctx, nc->mdctx = EVP_MD_CTX_create(); if (nc->mdctx == NULL) { ret = YACA_ERROR_OPENSSL_FAILURE; + ERROR_DUMP(ret); goto free_ctx; } ret = EVP_DigestSignInit(nc->mdctx, NULL, md, NULL, pkey); if (ret == -2) { ret = YACA_ERROR_NOT_SUPPORTED; + ERROR_DUMP(ret); goto ctx; } if (ret != 1) { ret = YACA_ERROR_OPENSSL_FAILURE; + ERROR_DUMP(ret); goto ctx; } @@ -210,12 +219,16 @@ API int yaca_sign_update(yaca_ctx_h ctx, return YACA_ERROR_INVALID_ARGUMENT; ret = EVP_DigestSignUpdate(c->mdctx, data, data_len); + if (ret == 1) + return 0; + if (ret == -2) - return YACA_ERROR_NOT_SUPPORTED; - if (ret != 1) - return YACA_ERROR_OPENSSL_FAILURE; + ret = YACA_ERROR_NOT_SUPPORTED; + else + ret = YACA_ERROR_OPENSSL_FAILURE; - return 0; + ERROR_DUMP(ret); + return ret; } API int yaca_sign_final(yaca_ctx_h ctx, @@ -230,12 +243,16 @@ API int yaca_sign_final(yaca_ctx_h ctx, return YACA_ERROR_INVALID_ARGUMENT; ret = EVP_DigestSignFinal(c->mdctx, (unsigned char *)mac, mac_len); + if(ret == 1) + return 0; + if (ret == -2) - return YACA_ERROR_NOT_SUPPORTED; - if (ret != 1) - return YACA_ERROR_OPENSSL_FAILURE; + ret = YACA_ERROR_NOT_SUPPORTED; + else + ret = YACA_ERROR_OPENSSL_FAILURE; - return 0; + ERROR_DUMP(ret); + return ret; } API int yaca_verify_init(yaca_ctx_h *ctx, @@ -289,6 +306,7 @@ API int yaca_verify_init(yaca_ctx_h *ctx, nc->mdctx = EVP_MD_CTX_create(); if (nc->mdctx == NULL) { ret = YACA_ERROR_OPENSSL_FAILURE; + ERROR_DUMP(ret); goto free_ctx; } @@ -307,10 +325,12 @@ API int yaca_verify_init(yaca_ctx_h *ctx, if (ret == -2) { ret = YACA_ERROR_NOT_SUPPORTED; + ERROR_DUMP(ret); goto ctx; } if (ret != 1) { ret = YACA_ERROR_OPENSSL_FAILURE; + ERROR_DUMP(ret); goto ctx; } @@ -352,12 +372,16 @@ API int yaca_verify_update(yaca_ctx_h ctx, return YACA_ERROR_INVALID_ARGUMENT; } + if (ret == 1) + return 0; + if (ret == -2) - return YACA_ERROR_NOT_SUPPORTED; - if (ret != 1) - return YACA_ERROR_OPENSSL_FAILURE; + ret = YACA_ERROR_NOT_SUPPORTED; + else + ret = YACA_ERROR_OPENSSL_FAILURE; - return 0; + ERROR_DUMP(ret); + return ret; } API int yaca_verify_final(yaca_ctx_h ctx, @@ -378,28 +402,35 @@ API int yaca_verify_final(yaca_ctx_h ctx, ret = EVP_DigestSignFinal(c->mdctx, (unsigned char *)mac_cmp, &mac_cmp_len); - if (ret == -2) - return YACA_ERROR_NOT_SUPPORTED; - if (ret != 1) - return YACA_ERROR_OPENSSL_FAILURE; + if (ret == 1) { + if (mac_len != mac_cmp_len || CRYPTO_memcmp(mac, mac_cmp, mac_len) != 0) + return YACA_ERROR_SIGNATURE_INVALID; + return 0; + } - if (mac_len != mac_cmp_len || - CRYPTO_memcmp(mac, mac_cmp, mac_len) != 0) - return YACA_ERROR_SIGNATURE_INVALID; + if (ret == -2) + ret = YACA_ERROR_NOT_SUPPORTED; + else + ret = YACA_ERROR_OPENSSL_FAILURE; - return 0; + ERROR_DUMP(ret); + return ret; case OP_VERIFY_ASYMMETRIC: ret = EVP_DigestVerifyFinal(c->mdctx, (unsigned char *)mac, mac_len); + if (ret == 1) + return 0; + if (ret == 0) - return YACA_ERROR_SIGNATURE_INVALID; - if (ret == -2) - return YACA_ERROR_NOT_SUPPORTED; - if (ret != 1) - return YACA_ERROR_OPENSSL_FAILURE; + ret = YACA_ERROR_SIGNATURE_INVALID; + else if (ret == -2) + ret = YACA_ERROR_NOT_SUPPORTED; + else + ret = YACA_ERROR_OPENSSL_FAILURE; - return 0; + ERROR_DUMP(ret); + return ret; default: return YACA_ERROR_INVALID_ARGUMENT; } -- 2.7.4 From 858010f791ffa33efb9fdeca8bfac73e02ee8468 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Thu, 21 Apr 2016 13:06:40 +0200 Subject: [PATCH 15/16] Set debug function in examples Change-Id: Ia4e65acbad056d988b7ceffa3f9190f40b35270a --- examples/digest.c | 3 +++ examples/encrypt.c | 3 +++ examples/encrypt_aes_gcm.c | 3 +++ examples/key_exchange.c | 4 ++++ examples/misc.c | 5 +++++ examples/misc.h | 2 ++ examples/seal.c | 3 +++ examples/sign.c | 3 +++ examples/test.c | 3 +++ 9 files changed, 29 insertions(+) diff --git a/examples/digest.c b/examples/digest.c index 70978a6..9ee0b41 100644 --- a/examples/digest.c +++ b/examples/digest.c @@ -25,6 +25,7 @@ #include #include #include +#include #include "lorem.h" #include "misc.h" @@ -80,6 +81,8 @@ exit_ctx: int main() { + yaca_error_set_debug_func(debug_func); + int ret = yaca_init(); if (ret < 0) return ret; diff --git a/examples/encrypt.c b/examples/encrypt.c index 303bcd7..8615abe 100644 --- a/examples/encrypt.c +++ b/examples/encrypt.c @@ -27,6 +27,7 @@ #include #include #include +#include #include "lorem.h" #include "misc.h" @@ -230,6 +231,8 @@ ex_key: int main() { + yaca_error_set_debug_func(debug_func); + int ret = yaca_init(); if (ret < 0) return ret; diff --git a/examples/encrypt_aes_gcm.c b/examples/encrypt_aes_gcm.c index 3976170..9b2c6f8 100644 --- a/examples/encrypt_aes_gcm.c +++ b/examples/encrypt_aes_gcm.c @@ -27,6 +27,7 @@ #include #include #include +#include #include "lorem.h" #include "misc.h" @@ -178,6 +179,8 @@ clean: int main() { + yaca_error_set_debug_func(debug_func); + int ret = yaca_init(); if (ret < 0) return ret; diff --git a/examples/key_exchange.c b/examples/key_exchange.c index 82db88a..2b0b61c 100644 --- a/examples/key_exchange.c +++ b/examples/key_exchange.c @@ -26,6 +26,8 @@ #include #include #include +#include +#include "misc.h" void key_exchange_dh(void) { @@ -143,6 +145,8 @@ clean: int main() { + yaca_error_set_debug_func(debug_func); + int ret = yaca_init(); if (ret < 0) return ret; diff --git a/examples/misc.c b/examples/misc.c index 8672fd9..bd951e9 100644 --- a/examples/misc.c +++ b/examples/misc.c @@ -14,3 +14,8 @@ void dump_hex(const char *buf, size_t dump_size, const char *fmt, ...) putchar('\n'); BIO_dump_fp(stdout, buf, dump_size); } + +void debug_func(const char* buf) +{ + puts(buf); +} diff --git a/examples/misc.h b/examples/misc.h index dc73467..a4436f5 100644 --- a/examples/misc.h +++ b/examples/misc.h @@ -35,4 +35,6 @@ void dump_hex(const char *buf, size_t dump_size, const char *fmt, ...); +void debug_func(const char* buf); + #endif /* MISC_H */ diff --git a/examples/seal.c b/examples/seal.c index e2377a1..985f5dc 100644 --- a/examples/seal.c +++ b/examples/seal.c @@ -26,6 +26,7 @@ #include #include #include +#include #include "lorem.h" #include "misc.h" @@ -151,6 +152,8 @@ ex_pk: int main() { + yaca_error_set_debug_func(debug_func); + int ret = yaca_init(); if (ret < 0) return ret; diff --git a/examples/sign.c b/examples/sign.c index f8f7bec..58b921f 100644 --- a/examples/sign.c +++ b/examples/sign.c @@ -25,6 +25,7 @@ #include #include #include +#include #include "lorem.h" #include "misc.h" @@ -207,6 +208,8 @@ finish: int main() { + yaca_error_set_debug_func(debug_func); + int ret = yaca_init(); if (ret < 0) return ret; diff --git a/examples/test.c b/examples/test.c index e6d9048..22f9632 100644 --- a/examples/test.c +++ b/examples/test.c @@ -20,12 +20,15 @@ #include #include #include +#include #include "misc.h" /** Simple test for development of library (before API is ready) */ int main(int argc, char* argv[]) { + yaca_error_set_debug_func(debug_func); + yaca_key_h key; char *k; size_t kl; -- 2.7.4 From f4d1ac95ac8b5e891e07f16586738b77849231f7 Mon Sep 17 00:00:00 2001 From: Dariusz Michaluk Date: Tue, 12 Apr 2016 15:48:14 +0200 Subject: [PATCH 16/16] Change spaces to tab in CMakeLists Change-Id: I721359eaade46100c96d6a9fd9ed3e24293868d6 --- CMakeLists.txt | 28 ++++++++++++++-------------- examples/CMakeLists.txt | 44 +++++++++++++++++++------------------------- src/CMakeLists.txt | 7 +++---- 3 files changed, 36 insertions(+), 43 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 0c2f401..78db916 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -33,16 +33,16 @@ INCLUDE(GNUInstallDirs) ## Color output if it's possible: IF (( "${CMAKE_C_COMPILER_ID}" STREQUAL "GNU" AND NOT (CMAKE_C_COMPILER_VERSION VERSION_LESS 4.9)) - OR ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang" )) + OR ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang" )) - IF (YACA_BUILD_FORCE_COMPILER_COLORS) - SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fdiagnostics-color=always") - ENDIF() + IF (YACA_BUILD_FORCE_COMPILER_COLORS) + SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fdiagnostics-color=always") + ENDIF() ENDIF() ## Compiler flags, depending on the build type ################################# IF(NOT CMAKE_BUILD_TYPE) - SET(CMAKE_BUILD_TYPE "DEBUG") + SET(CMAKE_BUILD_TYPE "DEBUG") ENDIF(NOT CMAKE_BUILD_TYPE) ## Print build information ##################################################### @@ -66,10 +66,10 @@ ADD_DEFINITIONS("-pedantic-errors") # Make pedantic warnings into errors ADD_DEFINITIONS(-DPROJECT_SOURCE_DIR="${PROJECT_SOURCE_DIR}") IF("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang") - # Warn about documentation problems - ADD_DEFINITIONS("-Wdocumentation") - # Enable all diagnostics - #ADD_DEFINITIONS("-Weverything") + # Warn about documentation problems + ADD_DEFINITIONS("-Wdocumentation") + # Enable all diagnostics + #ADD_DEFINITIONS("-Weverything") ENDIF() ## Subdirectories ############################################################## @@ -79,23 +79,23 @@ SET(SRC_FOLDER ${PROJECT_SOURCE_DIR}/src) SET(TEST_FOLDER ${PROJECT_SOURCE_DIR}/test) IF(NOT DEFINED LIB_INSTALL_DIR) - SET(LIB_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}") + SET(LIB_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}") ENDIF(NOT DEFINED LIB_INSTALL_DIR) IF(NOT DEFINED INCLUDE_INSTALL_DIR) - SET(INCLUDE_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_INCLUDEDIR}") + SET(INCLUDE_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_INCLUDEDIR}") ENDIF(NOT DEFINED INCLUDE_INSTALL_DIR) IF(NOT DEFINED BIN_INSTALL_DIR) - SET(BIN_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_BINDIR}") + SET(BIN_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_BINDIR}") ENDIF(NOT DEFINED BIN_INSTALL_DIR) IF(NOT DEFINED SHARE_INSTALL_PREFIX) - SET(SHARE_INSTALL_PREFIX "${CMAKE_INSTALL_PREFIX}/share") + SET(SHARE_INSTALL_PREFIX "${CMAKE_INSTALL_PREFIX}/share") ENDIF(NOT DEFINED SHARE_INSTALL_PREFIX) IF(NOT DEFINED EXAMPLES_DIR) - SET(EXAMPLES_DIR "${SHARE_INSTALL_PREFIX}/${PROJECT_NAME}/examples") + SET(EXAMPLES_DIR "${SHARE_INSTALL_PREFIX}/${PROJECT_NAME}/examples") ENDIF(NOT DEFINED EXAMPLES_DIR) ADD_SUBDIRECTORY(${SRC_FOLDER}) diff --git a/examples/CMakeLists.txt b/examples/CMakeLists.txt index cda1c9c..9048331 100644 --- a/examples/CMakeLists.txt +++ b/examples/CMakeLists.txt @@ -1,7 +1,7 @@ # # Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved # -# Contact: +# Contact: Krzysztof Jackiewicz # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,35 +18,29 @@ # # @file CMakeLists.txt # @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) -# @version 1.0 -# @brief # INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/api) -SET(COMMON_SOURCES - ${CMAKE_CURRENT_SOURCE_DIR}/lorem.c - ${CMAKE_CURRENT_SOURCE_DIR}/misc.c - ) +SET(COMMON_SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/lorem.c + ${CMAKE_CURRENT_SOURCE_DIR}/misc.c) FUNCTION(BUILD_EXAMPLE EXAMPLE_NAME SOURCE_FILE) - ADD_EXECUTABLE(${EXAMPLE_NAME} - ${CMAKE_CURRENT_SOURCE_DIR}/${SOURCE_FILE} - ${COMMON_SOURCES} - ) - TARGET_LINK_LIBRARIES(${EXAMPLE_NAME} ${PROJECT_NAME}) - INSTALL(TARGETS ${EXAMPLE_NAME} - DESTINATION ${BIN_INSTALL_DIR} - PERMISSIONS OWNER_READ - OWNER_WRITE - OWNER_EXECUTE - GROUP_READ - GROUP_EXECUTE - WORLD_READ - WORLD_EXECUTE - ) - INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/${SOURCE_FILE} - DESTINATION ${EXAMPLES_DIR}) + ADD_EXECUTABLE(${EXAMPLE_NAME} + ${CMAKE_CURRENT_SOURCE_DIR}/${SOURCE_FILE} + ${COMMON_SOURCES}) + TARGET_LINK_LIBRARIES(${EXAMPLE_NAME} ${PROJECT_NAME}) + INSTALL(TARGETS ${EXAMPLE_NAME} + DESTINATION ${BIN_INSTALL_DIR} + PERMISSIONS OWNER_READ + OWNER_WRITE + OWNER_EXECUTE + GROUP_READ + GROUP_EXECUTE + WORLD_READ + WORLD_EXECUTE) + INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/${SOURCE_FILE} + DESTINATION ${EXAMPLES_DIR}) ENDFUNCTION(BUILD_EXAMPLE) BUILD_EXAMPLE("yaca-example-digest" digest.c) @@ -58,4 +52,4 @@ BUILD_EXAMPLE("yaca-example-key-exchange" key_exchange.c) BUILD_EXAMPLE("yaca-example-test" test.c) INSTALL(FILES ${COMMON_SOURCES} - DESTINATION ${EXAMPLES_DIR}) + DESTINATION ${EXAMPLES_DIR}) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 4f6cc74..9d8369b 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -41,9 +41,8 @@ ADD_DEFINITIONS(-fvisibility=hidden) ## Setup target ################################################################ ADD_LIBRARY(${PROJECT_NAME} SHARED ${SRCS} ${HEADERS}) SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES - SOVERSION ${_LIB_SOVERSION_} - VERSION ${_LIB_VERSION_} -) + SOVERSION ${_LIB_SOVERSION_} + VERSION ${_LIB_VERSION_}) ## Link libraries ############################################################## PKG_CHECK_MODULES(YACA_DEPS REQUIRED openssl) @@ -64,4 +63,4 @@ INSTALL(TARGETS ${PROJECT_NAME} COMPONENT RuntimeLibraries) INSTALL(FILES ${HEADERS} - DESTINATION ${INCLUDE_INSTALL_DIR}/yaca) + DESTINATION ${INCLUDE_INSTALL_DIR}/yaca) -- 2.7.4