Tizen Native API
9.0
|
Provides APIs for encryption and decryption operations.
Required Header
#include <yaca/yaca_crypto.h>
#include <yaca/yaca_encrypt.h>
#include <yaca/yaca_seal.h>
#include <yaca/yaca_types.h>
#include <yaca/yaca_error.h>
Overview
It provides advanced APIs for encryption/decryption operations with symmetric keys and sealing/opening operations with asymmetric keys.
Examples
Encrypt API example
#include <stdio.h> #include <yaca_crypto.h> #include <yaca_encrypt.h> #include <yaca_key.h> #include <yaca_error.h> /* include helpers functions and definitions */ #include "misc.h" int main() { int ret; yaca_context_h ctx = YACA_CONTEXT_NULL; yaca_key_h key = YACA_KEY_NULL; yaca_key_h iv = YACA_KEY_NULL; char *encrypted = NULL; char *decrypted = NULL; size_t encrypted_len; size_t decrypted_len; size_t block_len; size_t output_len; size_t written_len; ret = yaca_initialize(); if (ret != YACA_ERROR_NONE) goto exit; printf("Plain data (16 of %zu bytes): %.16s\n", INPUT_DATA_SIZE, INPUT_DATA); /* Key generation */ ret = yaca_key_generate(YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_LENGTH_256BIT, &key); if (ret != YACA_ERROR_NONE) goto exit; /* IV generation */ ret = yaca_key_generate(YACA_KEY_TYPE_IV, YACA_KEY_LENGTH_IV_128BIT, &iv); if (ret != YACA_ERROR_NONE) goto exit; /* Encryption */ { /* Initialize encryption context */ ret = yaca_encrypt_initialize(&ctx, YACA_ENCRYPT_AES, YACA_BCM_CBC, key, iv); if (ret != YACA_ERROR_NONE) goto exit; /* Get output length for the update */ ret = yaca_context_get_output_length(ctx, INPUT_DATA_SIZE, &output_len); if (ret != YACA_ERROR_NONE) goto exit; /* Get output length for the finalize */ ret = yaca_context_get_output_length(ctx, 0, &block_len); if (ret != YACA_ERROR_NONE) goto exit; /* Calculate max output length and allocate memory */ encrypted_len = output_len + block_len; ret = yaca_zalloc(encrypted_len, (void**)&encrypted); if (ret != YACA_ERROR_NONE) goto exit; /* Encrypt data */ ret = yaca_encrypt_update(ctx, INPUT_DATA, INPUT_DATA_SIZE, encrypted, &written_len); if (ret != YACA_ERROR_NONE) goto exit; encrypted_len = written_len; ret = yaca_encrypt_finalize(ctx, encrypted + encrypted_len, &written_len); if (ret != YACA_ERROR_NONE) goto exit; encrypted_len += written_len; /* Resize output buffer */ ret = yaca_realloc(encrypted_len, (void**)&encrypted); if (ret != YACA_ERROR_NONE) goto exit; /* display encrypted data in hexadecimal format */ dump_hex(encrypted, 16, "Encrypted data (16 of %zu bytes): ", encrypted_len); yaca_context_destroy(ctx); ctx = YACA_CONTEXT_NULL; } /* Decryption */ { /* Initialize decryption context */ ret = yaca_decrypt_initialize(&ctx, YACA_ENCRYPT_AES, YACA_BCM_CBC, key, iv); if (ret != YACA_ERROR_NONE) goto exit; /* Get output length for the update */ ret = yaca_context_get_output_length(ctx, encrypted_len, &output_len); if (ret != YACA_ERROR_NONE) goto exit; /* Get output length for the finalize */ ret = yaca_context_get_output_length(ctx, 0, &block_len); if (ret != YACA_ERROR_NONE) goto exit; /* Calculate max output length and allocate memory */ decrypted_len = output_len + block_len; ret = yaca_zalloc(decrypted_len, (void**)&decrypted); if (ret != YACA_ERROR_NONE) goto exit; /* Decrypt data */ ret = yaca_decrypt_update(ctx, encrypted, encrypted_len, decrypted, &written_len); if (ret != YACA_ERROR_NONE) goto exit; decrypted_len = written_len; ret = yaca_decrypt_finalize(ctx, decrypted + decrypted_len, &written_len); if (ret != YACA_ERROR_NONE) goto exit; decrypted_len += written_len; /* Resize output buffer */ ret = yaca_realloc(decrypted_len, (void**)&decrypted); if (ret != YACA_ERROR_NONE) goto exit; printf("Decrypted data (16 of %zu bytes): %.16s\n\n", decrypted_len, decrypted); } exit: yaca_free(decrypted); yaca_free(encrypted); yaca_context_destroy(ctx); yaca_key_destroy(iv); yaca_key_destroy(key); yaca_cleanup(); return ret; }
AES GCM encrypt API example
#include <stdio.h> #include <yaca_crypto.h> #include <yaca_encrypt.h> #include <yaca_key.h> #include <yaca_error.h> /* include helpers functions and definitions */ #include "misc.h" int main() { int ret; yaca_context_h ctx = YACA_CONTEXT_NULL; yaca_key_h key = YACA_KEY_NULL; yaca_key_h iv = YACA_KEY_NULL; char *encrypted = NULL; char *decrypted = NULL; size_t encrypted_len; size_t decrypted_len; char *aad = NULL; char *tag = NULL; size_t aad_len = 16; size_t tag_len = 16; size_t block_len; size_t output_len; size_t written_len; ret = yaca_initialize(); if (ret != YACA_ERROR_NONE) goto exit; printf("Plain data (16 of %zu bytes): %.16s\n", INPUT_DATA_SIZE, INPUT_DATA); /* Key generation */ ret = yaca_key_generate(YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_LENGTH_256BIT, &key); if (ret != YACA_ERROR_NONE) goto exit; /* IV generation */ ret = yaca_key_generate(YACA_KEY_TYPE_IV, YACA_KEY_LENGTH_IV_128BIT, &iv); if (ret != YACA_ERROR_NONE) goto exit; /* Additional Authentication Data generation */ ret = yaca_zalloc(aad_len, (void**)&aad); if (ret != YACA_ERROR_NONE) goto exit; ret = yaca_randomize_bytes(aad, aad_len); if (ret != YACA_ERROR_NONE) goto exit; /* Encryption */ { /* Initialize encryption context */ ret = yaca_encrypt_initialize(&ctx, YACA_ENCRYPT_AES, YACA_BCM_GCM, key, iv); if (ret != YACA_ERROR_NONE) goto exit; /* Get output length for the update */ ret = yaca_context_get_output_length(ctx, INPUT_DATA_SIZE, &output_len); if (ret != YACA_ERROR_NONE) goto exit; /* Get output length for the finalize */ ret = yaca_context_get_output_length(ctx, 0, &block_len); if (ret != YACA_ERROR_NONE) goto exit; /* Calculate max output length and allocate memory */ encrypted_len = output_len + block_len; ret = yaca_zalloc(encrypted_len, (void**)&encrypted); if (ret != YACA_ERROR_NONE) goto exit; /* Provide Additional Authentication Data */ ret = yaca_context_set_property(ctx, YACA_PROPERTY_GCM_AAD, aad, aad_len); if (ret != YACA_ERROR_NONE) goto exit; /* Encrypt data */ ret = yaca_encrypt_update(ctx, INPUT_DATA, INPUT_DATA_SIZE, encrypted, &written_len); if (ret != YACA_ERROR_NONE) goto exit; encrypted_len = written_len; ret = yaca_encrypt_finalize(ctx, encrypted + encrypted_len, &written_len); if (ret != YACA_ERROR_NONE) goto exit; encrypted_len += written_len; /* Resize output buffer */ ret = yaca_realloc(encrypted_len, (void**)&encrypted); if (ret != YACA_ERROR_NONE) goto exit; /* Set the tag length and get the tag */ ret = yaca_context_set_property(ctx, YACA_PROPERTY_GCM_TAG_LEN, &tag_len, sizeof(tag_len)); if (ret != YACA_ERROR_NONE) goto exit; ret = yaca_context_get_property(ctx, YACA_PROPERTY_GCM_TAG, (void**)&tag, &tag_len); if (ret != YACA_ERROR_NONE) goto exit; /* display encrypted data in hexadecimal format */ dump_hex(encrypted, 16, "Encrypted data (16 of %zu bytes): ", encrypted_len); yaca_context_destroy(ctx); ctx = YACA_CONTEXT_NULL; } /* Decryption */ { /* Initialize decryption context */ ret = yaca_decrypt_initialize(&ctx, YACA_ENCRYPT_AES, YACA_BCM_GCM, key, iv); if (ret != YACA_ERROR_NONE) goto exit; /* Get output length for the update */ ret = yaca_context_get_output_length(ctx, encrypted_len, &output_len); if (ret != YACA_ERROR_NONE) goto exit; /* Get output length for the finalize */ ret = yaca_context_get_output_length(ctx, 0, &block_len); if (ret != YACA_ERROR_NONE) goto exit; /* Calculate max output length and allocate memory */ decrypted_len = output_len + block_len; ret = yaca_zalloc(decrypted_len, (void**)&decrypted); if (ret != YACA_ERROR_NONE) goto exit; /* Provide Additional Authentication Data */ ret = yaca_context_set_property(ctx, YACA_PROPERTY_GCM_AAD, aad, aad_len); if (ret != YACA_ERROR_NONE) goto exit; /* Decrypt data */ ret = yaca_decrypt_update(ctx, encrypted, encrypted_len, decrypted, &written_len); if (ret != YACA_ERROR_NONE) goto exit; decrypted_len = written_len; /* Set expected tag value before final decryption */ ret = yaca_context_set_property(ctx, YACA_PROPERTY_GCM_TAG, tag, tag_len); if (ret != YACA_ERROR_NONE) goto exit; ret = yaca_decrypt_finalize(ctx, decrypted + decrypted_len, &written_len); if (ret != YACA_ERROR_NONE) goto exit; decrypted_len += written_len; /* Resize output buffer */ ret = yaca_realloc(decrypted_len, (void**)&decrypted); if (ret != YACA_ERROR_NONE) goto exit; printf("Decrypted data (16 of %zu bytes): %.16s\n\n", decrypted_len, decrypted); } exit: yaca_free(decrypted); yaca_free(encrypted); yaca_free(tag); yaca_free(aad); yaca_context_destroy(ctx); yaca_key_destroy(iv); yaca_key_destroy(key); yaca_cleanup(); return ret; }
AES CCM encrypt API example
#include <stdio.h> #include <yaca_crypto.h> #include <yaca_encrypt.h> #include <yaca_key.h> #include <yaca_error.h> /* include helpers functions and definitions */ #include "misc.h" int main() { int ret; yaca_context_h ctx = YACA_CONTEXT_NULL; yaca_key_h key = YACA_KEY_NULL; yaca_key_h iv = YACA_KEY_NULL; char *encrypted = NULL; char *decrypted = NULL; size_t encrypted_len; size_t decrypted_len; char *aad = NULL; char *tag = NULL; size_t aad_len = 16; size_t tag_len = 12; size_t block_len; size_t output_len; size_t written_len; ret = yaca_initialize(); if (ret != YACA_ERROR_NONE) goto exit; printf("Plain data (16 of %zu bytes): %.16s\n", INPUT_DATA_SIZE, INPUT_DATA); /* Key generation */ ret = yaca_key_generate(YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_LENGTH_256BIT, &key); if (ret != YACA_ERROR_NONE) goto exit; /* IV generation */ ret = yaca_key_generate(YACA_KEY_TYPE_IV, YACA_KEY_LENGTH_IV_64BIT, &iv); if (ret != YACA_ERROR_NONE) goto exit; /* Additional Authentication Data generation */ ret = yaca_zalloc(aad_len, (void**)&aad); if (ret != YACA_ERROR_NONE) goto exit; ret = yaca_randomize_bytes(aad, aad_len); if (ret != YACA_ERROR_NONE) goto exit; /* Encryption */ { /* Initialize encryption context */ ret = yaca_encrypt_initialize(&ctx, YACA_ENCRYPT_AES, YACA_BCM_CCM, key, iv); if (ret != YACA_ERROR_NONE) goto exit; /* Get output length for the update */ ret = yaca_context_get_output_length(ctx, INPUT_DATA_SIZE, &output_len); if (ret != YACA_ERROR_NONE) goto exit; /* Get output length for the finalize */ ret = yaca_context_get_output_length(ctx, 0, &block_len); if (ret != YACA_ERROR_NONE) goto exit; /* Calculate max output length and allocate memory */ encrypted_len = output_len + block_len; ret = yaca_zalloc(encrypted_len, (void**)&encrypted); if (ret != YACA_ERROR_NONE) goto exit; /* Set tag length */ ret = yaca_context_set_property(ctx, YACA_PROPERTY_CCM_TAG_LEN, &tag_len, sizeof(tag_len)); if (ret != YACA_ERROR_NONE) goto exit; /* The total plain text length must be passed (only needed if AAD is passed) */ ret = yaca_encrypt_update(ctx, NULL, INPUT_DATA_SIZE , NULL, &written_len); if (ret != YACA_ERROR_NONE) goto exit; /* Provide Additional Authentication Data */ ret = yaca_context_set_property(ctx, YACA_PROPERTY_CCM_AAD, aad, aad_len); if (ret != YACA_ERROR_NONE) goto exit; /* Encrypt data */ ret = yaca_encrypt_update(ctx, INPUT_DATA, INPUT_DATA_SIZE, encrypted, &written_len); if (ret != YACA_ERROR_NONE) goto exit; encrypted_len = written_len; ret = yaca_encrypt_finalize(ctx, encrypted + encrypted_len, &written_len); if (ret != YACA_ERROR_NONE) goto exit; encrypted_len += written_len; /* Resize output buffer */ ret = yaca_realloc(encrypted_len, (void**)&encrypted); if (ret != YACA_ERROR_NONE) goto exit; /* Get the tag after final encryption */ ret = yaca_context_get_property(ctx, YACA_PROPERTY_CCM_TAG, (void**)&tag, &tag_len); if (ret != YACA_ERROR_NONE) goto exit; /* display encrypted data in hexadecimal format */ dump_hex(encrypted, 16, "Encrypted data (16 of %zu bytes): ", encrypted_len); yaca_context_destroy(ctx); ctx = YACA_CONTEXT_NULL; } /* Decryption */ { /* Initialize decryption context */ ret = yaca_decrypt_initialize(&ctx, YACA_ENCRYPT_AES, YACA_BCM_CCM, key, iv); if (ret != YACA_ERROR_NONE) goto exit; /* Get output length for the update */ ret = yaca_context_get_output_length(ctx, encrypted_len, &output_len); if (ret != YACA_ERROR_NONE) goto exit; /* Get output length for the finalize */ ret = yaca_context_get_output_length(ctx, 0, &block_len); if (ret != YACA_ERROR_NONE) goto exit; /* Calculate max output length and allocate memory */ decrypted_len = output_len + block_len; ret = yaca_zalloc(decrypted_len, (void**)&decrypted); if (ret != YACA_ERROR_NONE) goto exit; /* Set expected tag value */ ret = yaca_context_set_property(ctx, YACA_PROPERTY_CCM_TAG, tag, tag_len); if (ret != YACA_ERROR_NONE) goto exit; /* The total encrypted text length must be passed (only needed if AAD is passed) */ ret = yaca_decrypt_update(ctx, NULL, encrypted_len , NULL, &written_len); if (ret != YACA_ERROR_NONE) goto exit; /* Provide Additional Authentication Data */ ret = yaca_context_set_property(ctx, YACA_PROPERTY_CCM_AAD, aad, aad_len); if (ret != YACA_ERROR_NONE) goto exit; /* Decrypt data */ ret = yaca_decrypt_update(ctx, encrypted, encrypted_len, decrypted, &written_len); if (ret != YACA_ERROR_NONE) goto exit; decrypted_len = written_len; ret = yaca_decrypt_finalize(ctx, decrypted + decrypted_len, &written_len); if (ret != YACA_ERROR_NONE) goto exit; decrypted_len += written_len; /* Resize output buffer */ ret = yaca_realloc(decrypted_len, (void**)&decrypted); if (ret != YACA_ERROR_NONE) goto exit; printf("Decrypted data (16 of %zu bytes): %.16s\n\n", decrypted_len, decrypted); } exit: yaca_free(decrypted); yaca_free(encrypted); yaca_free(tag); yaca_free(aad); yaca_context_destroy(ctx); yaca_key_destroy(iv); yaca_key_destroy(key); yaca_cleanup(); return ret; }
Asymmetric Encryption API example
#include <stdio.h> #include <yaca_crypto.h> #include <yaca_seal.h> #include <yaca_key.h> #include <yaca_error.h> /* include helpers functions and definitions */ #include "misc.h" int main() { int ret; yaca_context_h ctx = YACA_CONTEXT_NULL; yaca_key_h rsa_pub = YACA_KEY_NULL; yaca_key_h rsa_priv = YACA_KEY_NULL; yaca_key_h sym_key = YACA_KEY_NULL; yaca_key_h iv = YACA_KEY_NULL; char *encrypted = NULL; char *decrypted = NULL; size_t encrypted_len; size_t decrypted_len; size_t block_len; size_t output_len; size_t written_len; ret = yaca_initialize(); if (ret != YACA_ERROR_NONE) goto exit; printf("Plain data (16 of %zu bytes): %.16s\n", INPUT_DATA_SIZE, INPUT_DATA); /* Generate key pair */ ret = yaca_key_generate(YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_LENGTH_4096BIT, &rsa_priv); if (ret != YACA_ERROR_NONE) goto exit; ret = yaca_key_extract_public(rsa_priv, &rsa_pub); if (ret != YACA_ERROR_NONE) goto exit; /* Encryption */ { /* Initialize encryption context */ ret = yaca_seal_initialize(&ctx, rsa_pub, YACA_ENCRYPT_AES, YACA_BCM_CBC, YACA_KEY_LENGTH_256BIT, &sym_key, &iv); if (ret != YACA_ERROR_NONE) goto exit; /* Get output length for the update */ ret = yaca_context_get_output_length(ctx, INPUT_DATA_SIZE, &output_len); if (ret != YACA_ERROR_NONE) goto exit; /* Get output length for the finalize */ ret = yaca_context_get_output_length(ctx, 0, &block_len); if (ret != YACA_ERROR_NONE) goto exit; /* Calculate max output length and allocate memory */ encrypted_len = output_len + block_len; ret = yaca_zalloc(encrypted_len, (void**)&encrypted); if (ret != YACA_ERROR_NONE) goto exit; /* Encrypt data */ ret = yaca_seal_update(ctx, INPUT_DATA, INPUT_DATA_SIZE, encrypted, &written_len); if (ret != YACA_ERROR_NONE) goto exit; encrypted_len = written_len; ret = yaca_seal_finalize(ctx, encrypted + encrypted_len, &written_len); if (ret != YACA_ERROR_NONE) goto exit; encrypted_len += written_len; /* Resize output buffer */ ret = yaca_realloc(encrypted_len, (void**)&encrypted); if (ret != YACA_ERROR_NONE) goto exit; /* display encrypted data in hexadecimal format */ dump_hex(encrypted, 16, "Encrypted data (16 of %zu bytes): ", encrypted_len); yaca_context_destroy(ctx); ctx = YACA_CONTEXT_NULL; } /* Decryption */ { /* Initialize decryption context */ ret = yaca_open_initialize(&ctx, rsa_priv, YACA_ENCRYPT_AES, YACA_BCM_CBC, YACA_KEY_LENGTH_256BIT, sym_key, iv); if (ret != YACA_ERROR_NONE) goto exit; /* Get output length for the update */ ret = yaca_context_get_output_length(ctx, encrypted_len, &output_len); if (ret != YACA_ERROR_NONE) goto exit; /* Get output length for the finalize */ ret = yaca_context_get_output_length(ctx, 0, &block_len); if (ret != YACA_ERROR_NONE) goto exit; /* Calculate max output length and allocate memory */ decrypted_len = output_len + block_len; ret = yaca_zalloc(decrypted_len, (void**)&decrypted); if (ret != YACA_ERROR_NONE) goto exit; /* Decrypt data */ ret = yaca_open_update(ctx, encrypted, encrypted_len, decrypted, &written_len); if (ret != YACA_ERROR_NONE) goto exit; decrypted_len = written_len; ret = yaca_open_finalize(ctx, decrypted + decrypted_len, &written_len); if (ret != YACA_ERROR_NONE) goto exit; decrypted_len += written_len; /* Resize output buffer */ ret = yaca_realloc(decrypted_len, (void**)&decrypted); if (ret != YACA_ERROR_NONE) goto exit; printf("Decrypted data (16 of %zu bytes): %.16s\n\n", decrypted_len, decrypted); } exit: yaca_free(decrypted); yaca_free(encrypted); yaca_context_destroy(ctx); yaca_key_destroy(sym_key); yaca_key_destroy(iv); yaca_key_destroy(rsa_pub); yaca_key_destroy(rsa_priv); yaca_cleanup(); return ret; }
Functions | |
int | yaca_initialize (void) |
Initializes the library. Must be called before any other crypto function. Should be called once in each thread that uses yaca. | |
void | yaca_cleanup (void) |
Cleans up the library. Must be called before exiting the thread that called yaca_initialize(). | |
int | yaca_malloc (size_t size, void **memory) |
Allocates the memory. | |
int | yaca_zalloc (size_t size, void **memory) |
Allocates the zeroed memory. | |
int | yaca_realloc (size_t size, void **memory) |
Re-allocates the memory. | |
void | yaca_free (void *memory) |
Frees the memory allocated by yaca_malloc(), yaca_zalloc(), yaca_realloc() or one of the cryptographic operations. | |
int | yaca_memcmp (const void *first, const void *second, size_t len) |
Safely compares first len bytes of two buffers. | |
int | yaca_randomize_bytes (char *data, size_t data_len) |
Generates random data. | |
int | yaca_context_set_property (yaca_context_h ctx, yaca_property_e property, const void *value, size_t value_len) |
Sets the non-standard context properties. Can only be called on an initialized context. | |
int | yaca_context_get_property (const yaca_context_h ctx, yaca_property_e property, void **value, size_t *value_len) |
Returns the non-standard context properties. Can only be called on an initialized context. | |
int | yaca_context_get_output_length (const yaca_context_h ctx, size_t input_len, size_t *output_len) |
Returns the minimum required size of the output buffer for a single crypto function call. | |
void | yaca_context_destroy (yaca_context_h ctx) |
Destroys the crypto context. Must be called on all contexts that are no longer used. Passing YACA_CONTEXT_NULL is allowed. | |
int | yaca_encrypt_get_iv_bit_length (yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, size_t key_bit_len, size_t *iv_bit_len) |
Returns the recommended/default length of the Initialization Vector for a given encryption configuration. | |
int | yaca_encrypt_initialize (yaca_context_h *ctx, yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, const yaca_key_h sym_key, const yaca_key_h iv) |
Initializes an encryption context. | |
int | yaca_encrypt_update (yaca_context_h ctx, const char *plaintext, size_t plaintext_len, char *ciphertext, size_t *ciphertext_len) |
Encrypts chunk of the data. | |
int | yaca_encrypt_finalize (yaca_context_h ctx, char *ciphertext, size_t *ciphertext_len) |
Encrypts the final chunk of the data. | |
int | yaca_decrypt_initialize (yaca_context_h *ctx, yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, const yaca_key_h sym_key, const yaca_key_h iv) |
Initializes an decryption context. | |
int | yaca_decrypt_update (yaca_context_h ctx, const char *ciphertext, size_t ciphertext_len, char *plaintext, size_t *plaintext_len) |
Decrypts chunk of the data. | |
int | yaca_decrypt_finalize (yaca_context_h ctx, char *plaintext, size_t *plaintext_len) |
Decrypts the final chunk of the data. | |
int | yaca_seal_initialize (yaca_context_h *ctx, const yaca_key_h pub_key, yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, size_t sym_key_bit_len, yaca_key_h *sym_key, yaca_key_h *iv) |
Initializes an asymmetric encryption context and generates symmetric key and Initialization Vector. | |
int | yaca_seal_update (yaca_context_h ctx, const char *plaintext, size_t plaintext_len, char *ciphertext, size_t *ciphertext_len) |
Encrypts piece of the data. | |
int | yaca_seal_finalize (yaca_context_h ctx, char *ciphertext, size_t *ciphertext_len) |
Encrypts the final piece of the data. | |
int | yaca_open_initialize (yaca_context_h *ctx, const yaca_key_h prv_key, yaca_encrypt_algorithm_e algo, yaca_block_cipher_mode_e bcm, size_t sym_key_bit_len, const yaca_key_h sym_key, const yaca_key_h iv) |
Initializes an asymmetric decryption context. | |
int | yaca_open_update (yaca_context_h ctx, const char *ciphertext, size_t ciphertext_len, char *plaintext, size_t *plaintext_len) |
Decrypts piece of the data. | |
int | yaca_open_finalize (yaca_context_h ctx, char *plaintext, size_t *plaintext_len) |
Decrypts last chunk of sealed message. | |
Typedefs | |
typedef struct yaca_context_s * | yaca_context_h |
The context handle. | |
typedef struct yaca_key_s * | yaca_key_h |
An Initialization Vector or a key generation parameters by the key handle. | |
Defines | |
#define | YACA_CONTEXT_NULL ((yaca_context_h) NULL) |
Definition for NULL value for the crypto context. | |
#define | YACA_KEY_LENGTH_DH_GENERATOR_2 (YACA_KEYLEN_COMPONENT_TYPE_DH | YACA_KEYLEN_COMPONENT_DH_GEN_2) |
Definition for the value indicating generator equal 2 for DH parameters. To be or'ed with safe prime length in bits. Prime length is recommended to be 2048 bits or higher. | |
#define | YACA_KEY_LENGTH_DH_GENERATOR_5 (YACA_KEYLEN_COMPONENT_TYPE_DH | YACA_KEYLEN_COMPONENT_DH_GEN_5) |
Definition for the value indicating generator equal 5 for DH parameters. To be or'ed with safe prime length in bits. Prime length is recommended to be 2048 bits or higher. |
Define Documentation
#define YACA_CONTEXT_NULL ((yaca_context_h) NULL) |
Definition for NULL value for the crypto context.
- Since :
- 3.0
#define YACA_KEY_LENGTH_DH_GENERATOR_2 (YACA_KEYLEN_COMPONENT_TYPE_DH | YACA_KEYLEN_COMPONENT_DH_GEN_2) |
Definition for the value indicating generator equal 2 for DH parameters. To be or'ed with safe prime length in bits. Prime length is recommended to be 2048 bits or higher.
- Since :
- 3.0
#define YACA_KEY_LENGTH_DH_GENERATOR_5 (YACA_KEYLEN_COMPONENT_TYPE_DH | YACA_KEYLEN_COMPONENT_DH_GEN_5) |
Definition for the value indicating generator equal 5 for DH parameters. To be or'ed with safe prime length in bits. Prime length is recommended to be 2048 bits or higher.
- Since :
- 3.0
Typedef Documentation
typedef struct yaca_context_s* yaca_context_h |
The context handle.
- Since :
- 3.0
typedef struct yaca_key_s* yaca_key_h |
An Initialization Vector or a key generation parameters by the key handle.
- Since :
- 3.0
Enumeration Type Documentation
Enumeration for YACA chaining modes for block ciphers.
- Since :
- 3.0
- Enumerator:
YACA_BCM_NONE Used when algorithm doesn't support block ciphers modes. Initialization Vector is not used.
YACA_BCM_ECB ECB block cipher mode. Initialization Vector is not used. By default the input data is padded using standard block padding (YACA_PADDING_PKCS7). Padding can be disabled using yaca_context_set_property() and YACA_PROPERTY_PADDING,YACA_PADDING_NONE, then the total length of data passed until *_finalize() MUST be a multiple of block size. In case of encrypt/seal YACA_PROPERTY_PADDING can be set at the latest before the *_finalize() call. In case of decrypt/open it can be set at the latest before the *_update() call.
YACA_BCM_CTR CTR block cipher mode. 128-bit Initialization Vector for AES, 64-bit for other algorithms is mandatory.
YACA_BCM_CBC CBC block cipher mode. 128-bit Initialization Vector for AES, 64-bit for other algorithms is mandatory. By default the input data is padded using standard block padding (YACA_PADDING_PKCS7). Padding can be disabled using yaca_context_set_property() and YACA_PROPERTY_PADDING, YACA_PADDING_NONE, then the total length of data passed until *_finalize() MUST be a multiple of block size. In case of encrypt/seal YACA_PROPERTY_PADDING can be set at the latest before the *_finalize() call. In case of decrypt/open it can be set at the latest before the *_update() call.
YACA_BCM_GCM GCM block cipher mode. This is a variable Initialization Vector length mode (recommended 96-bits). Supported properties:
- YACA_PROPERTY_GCM_TAG_LEN = GCM tag length (optional)
Supported tag lengths:4
,8
,12
,13
,14
,15
,16
(16 bytes tag by default).
Set after yaca_encrypt_finalize() / yaca_seal_finalize() and before yaca_context_get_property(YACA_PROPERTY_GCM_TAG) in encryption / seal operation.
The value should be a size_t variable.
In decryption / open operation tag length is not set.
- YACA_PROPERTY_GCM_TAG = GCM tag
Get after yaca_encrypt_finalize() / yaca_seal_finalize() in encryption / seal operation.
Set after yaca_decrypt_update() / yaca_open_update() and before yaca_decrypt_finalize() / yaca_open_finalize() in decryption / open operation.
- YACA_PROPERTY_GCM_AAD = additional authentication data (optional)
AAD length can have any positive value.
Set after yaca_encrypt_initialize() / yaca_seal_initialize() and before yaca_encrypt_update() / yaca_seal_update() in encryption / seal operation.
Set after yaca_decrypt_initialize() / yaca_open_initialize() and before yaca_decrypt_update() / yaca_open_update() in decryption / open operation.
YACA_BCM_CFB Default CFB block cipher mode. 128-bit Initialization Vector for AES, 64-bit for other algorithms is mandatory.
YACA_BCM_CFB1 1 bit CFB block cipher mode. 128-bit Initialization Vector for AES, 64-bit for other algorithms is mandatory.
YACA_BCM_CFB8 8 bits CFB block cipher mode. 128-bit Initialization Vector for AES, 64-bit for other algorithms is mandatory.
YACA_BCM_OFB OFB block cipher mode. 128-bit Initialization Vector for AES, 64-bit for other algorithms is mandatory.
YACA_BCM_CCM CBC-MAC Mode (AES). This is a variable Initialization Vector length mode.
Supported Initialization Vector lengths: 56-104 bits in steps of 8 bits (recommended 56-bits).
Supported properties:- YACA_PROPERTY_CCM_TAG_LEN = CCM tag length (optional)
Supported tag lengths: 4-16 bytes in steps of 2 bytes (12 bytes tag by default).
Set after yaca_encrypt_initialize() / yaca_seal_initialize() and before yaca_encrypt_update() / yaca_seal_update() in encryption / seal operation.
The value should be a size_t variable.
In decryption / open operation tag length is not set.
- YACA_PROPERTY_CCM_TAG = CCM tag
Get after yaca_encrypt_finalize() / yaca_seal_finalize() in encryption / seal operation.
Set after yaca_decrypt_initialize() / yaca_open_initialize() and before yaca_decrypt_update() / yaca_open_update() in decryption / open operation.
- YACA_PROPERTY_CCM_AAD = additional authentication data (optional)
AAD length can have any positive value.
The total plaintext length must be passed to yaca_encrypt_update() / yaca_seal_update() if AAD is used.
Set after yaca_encrypt_initialize() / yaca_seal_initialize() and before yaca_encrypt_update() / yaca_seal_update() in encryption / seal operation.
The total encrypted text length must be passed to yaca_decrypt_update() / yaca_open_update() if AAD is used.
Set after yaca_decrypt_initialize() / yaca_open_initialize() and before yaca_decrypt_update() / yaca_open_update() in decryption / open operation.
You can only call yaca_encrypt_update() / yaca_seal_update() once for AAD (if used) and once for the plaintext.
You can only call yaca_decrypt_update() / yaca_open_update() once for AAD (if used) and once for the encrypted text.
YACA_BCM_WRAP Used with YACA_ENCRYPT_AES or YACA_ENCRYPT_3DES_3TDEA to perform a key wrapping (key material symmetric encryption). Only a single yaca_encrypt_update() / yaca_decrypt_update() is allowed. Usage in yaca_seal_initialize() / yaca_open_finalize() is forbidden. Key used to do the wrapping with YACA_ENCRYPT_AES can be a 128-bit key, a 192-bit key, or a 256-bit key.
64-bit Initialization Vector is used.
Wrapped key can be a 128-bit key, a 192-bit key, or a 256-bit key.
YACA_ENCRYPT_AES allows wrapping multiple keys together. Key used to do the wrapping with YACA_ENCRYPT_3DES_3TDEA can be a 192-bit DES key only.
Initialization Vector is not used.
Wrapped key can be a 128-bit DES key (two-key), or a 192-bit DES key (three-key).
YACA_ENCRYPT_3DES_3TDEA allows wrapping only one key.- YACA_PROPERTY_GCM_TAG_LEN = GCM tag length (optional)
Enumeration for YACA message digest algorithms.
- Since :
- 3.0
- Enumerator:
Enumeration for YACA symmetric encryption algorithms.
- Since :
- 3.0
- Enumerator:
YACA_ENCRYPT_AES AES encryption.
- Supported key lengths:
128
,192
and256
bits. - Supported block cipher modes:
YACA_BCM_CBC,
YACA_BCM_OFB,
YACA_BCM_CFB,
YACA_BCM_CFB1,
YACA_BCM_CFB8,
YACA_BCM_ECB,
YACA_BCM_GCM,
YACA_BCM_CCM,
YACA_BCM_CTR,
YACA_BCM_WRAP - see yaca_block_cipher_mode_e for details on additional properties (mandatory).
YACA_ENCRYPT_UNSAFE_DES DES encryption.
- Supported key lengths:
64
bits. - Supported block cipher modes:
YACA_BCM_CBC,
YACA_BCM_OFB,
YACA_BCM_CFB,
YACA_BCM_CFB1,
YACA_BCM_CFB8,
YACA_BCM_ECB - see yaca_block_cipher_mode_e for details on additional properties (mandatory).
YACA_ENCRYPT_UNSAFE_3DES_2TDEA 3DES 2-key encryption.
- Supported key lengths:
128
bits. - Supported block cipher modes:
YACA_BCM_CBC,
YACA_BCM_OFB,
YACA_BCM_CFB,
YACA_BCM_ECB - see yaca_block_cipher_mode_e for details on additional properties (mandatory).
- Use double DES keys to perform corresponding 2-key 3DES encryption.
YACA_ENCRYPT_3DES_3TDEA 3DES 3-key encryption.
- Supported key lengths:
192
bits. - Supported block cipher modes:
YACA_BCM_CBC,
YACA_BCM_OFB,
YACA_BCM_CFB,
YACA_BCM_CFB1,
YACA_BCM_CFB8,
YACA_BCM_ECB,
YACA_BCM_WRAP - see yaca_block_cipher_mode_e for details on additional properties (mandatory).
- Use triple DES keys to perform corresponding 3-key 3DES encryption.
YACA_ENCRYPT_UNSAFE_RC2 RC2 encryption. This is a variable key length cipher.
- Supported key lengths: 8-1024 bits in steps of 8 bits.
- Effective key bits property by default equals to 128 bits.
Effective key bits can be set using yaca_context_set_property() and YACA_PROPERTY_RC2_EFFECTIVE_KEY_BITS.
It can be set after yaca_encrypt_initialize() / yaca_decrypt_initialize(), and before yaca_encrypt_update() / yaca_decrypt_update() in encryption / decryption operation.
- Supported block cipher modes:
YACA_BCM_CBC,
YACA_BCM_OFB,
YACA_BCM_CFB,
YACA_BCM_ECB - see yaca_block_cipher_mode_e for details on additional properties (mandatory).
YACA_ENCRYPT_UNSAFE_RC4 RC4 encryption. This is a variable key length cipher.
- Supported key lengths: 40–2048 bits in steps of 8 bits.
- Initialization Vector is not used.
- This cipher doesn't support block cipher modes, use YACA_BCM_NONE instead.
YACA_ENCRYPT_CAST5 CAST5 encryption. This is a variable key length cipher.
- Supported key lengths: 40-128 bits in steps of 8 bits.
- Supported block cipher modes:
YACA_BCM_CBC,
YACA_BCM_OFB,
YACA_BCM_CFB,
YACA_BCM_ECB - see yaca_block_cipher_mode_e for details on additional properties (mandatory).
- Supported key lengths:
enum yaca_error_e |
enum yaca_kdf_e |
Enumeration for YACA key derivation functions.
- Since :
- 3.0
Enumeration for YACA DH parameters taken from RFC 5114. It's meant to be passed or returned as a key_bit_len param in appropriate functions when dealing with DH and wanting to use RFC 5114 values.
- Since :
- 3.0
Enumeration for YACA key lengths. It is possible to use arbitrary integer instead, this enum values are placed here to avoid magic numbers.
- Since :
- 3.0
- Enumerator:
Enumeration for YACA elliptic curve types with their bit lengths. It's meant to be passed or returned as a key_bit_len param in appropriate functions when dealing with elliptic curves.
- Since :
- 3.0
Enumeration for formats YACA key file.
- Since :
- 3.0
- Enumerator:
enum yaca_key_format_e |
enum yaca_key_type_e |
Enumeration for YACA key types, Initialization Vector is considered as key.
- Since :
- 3.0
- Enumerator:
enum yaca_padding_e |
Enumeration for YACA paddings.
- Since :
- 3.0
- Enumerator:
YACA_PADDING_NONE No padding at all. This method assumes that the input data already has a proper length for a given cryptographic operation (e.g. it has been padded by the client). Suitable for symmetric encrypt/decrypt operations as well as low-level RSA operations.
YACA_PADDING_X931 X9.31 padding. Suitable for RSA sign/verify operation. Not supported in low-level RSA operations.
YACA_PADDING_PKCS1 PKCS #1 v1.5 padding. Suitable for RSA sign/verify and low-level RSA operations. For low-level operations the input must be at least 11 bytes shorter than the key length.
YACA_PADDING_PKCS1_PSS PKCS #1 PSS padding. Suitable for RSA sign/verify operations. Not supported in low-level RSA operations.
YACA_PADDING_PKCS1_OAEP EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty encoding parameter. Suitable for low-level RSA public_encrypt/private_decrypt operations. For low-level operations the input must be at least 42 bytes shorter than the key length.
YACA_PADDING_PKCS1_SSLV23 Removed in OpenSSL 3.0 and should not be used anymore. For compatibility reason YACA_PADDING_PKCS1_SSLV23 is now equal to YACA_PADDING_PKCS1.
PKCS #1 v1.5 padding with an SSL-specific modification that denotes that the party is SSL3 capable. It is used for rollback attack detection in SSLv3. If during decryption it turns out that both parties are using YACA_PADDING_PKCS1_SSLV23 (both are communicating using SSL2 and both are SSL3 capable) it is treated as a rollback attack and an error is returned. Suitable for low-level RSA public_encrypt/private_decrypt operations. For low-level operations the input must be at least 11 bytes shorter than the key length.
YACA_PADDING_PKCS7 PKCS #7 padding. Suitable for symmetric encrypt/decrypt operation.
enum yaca_property_e |
Enumeration for YACA non-standard properties for algorithms.
- Since :
- 3.0
- See also:
- yaca_padding_e
- Enumerator:
YACA_PROPERTY_PADDING Padding for the encrypt/decrypt or sign/verify operation. Property type is yaca_padding_e. This property can be set at the latest before the *_finalize() call.
YACA_PROPERTY_GCM_AAD GCM Additional Authentication Data. Property type is a buffer (e.g. char*)
YACA_PROPERTY_GCM_TAG GCM Tag. Property type is a buffer (e.g. char*)
YACA_PROPERTY_GCM_TAG_LEN GCM Tag length in bytes. Property type is size_t.
YACA_PROPERTY_CCM_AAD CCM Additional Authentication Data. Property type is a buffer (e.g. char*)
YACA_PROPERTY_CCM_TAG CCM Tag. Property type is a buffer (e.g. char*)
YACA_PROPERTY_CCM_TAG_LEN CCM Tag length in bytes. Property type is size_t.
YACA_PROPERTY_RC2_EFFECTIVE_KEY_BITS RC2 effective key bits, 1-1024, 1 bit resolution. Property type is size_t.
Function Documentation
void yaca_cleanup | ( | void | ) |
Cleans up the library. Must be called before exiting the thread that called yaca_initialize().
- Since :
- 3.0
- See also:
- yaca_initialize()
void yaca_context_destroy | ( | yaca_context_h | ctx | ) |
Destroys the crypto context. Must be called on all contexts that are no longer used. Passing YACA_CONTEXT_NULL is allowed.
- Since :
- 3.0
- Parameters:
-
[in,out] ctx Crypto context
- See also:
- yaca_context_h
int yaca_context_get_output_length | ( | const yaca_context_h | ctx, |
size_t | input_len, | ||
size_t * | output_len | ||
) |
Returns the minimum required size of the output buffer for a single crypto function call.
- Since :
- 3.0
- Remarks:
- This function should be used to learn the required size of the output buffer for a single function call (eg. *_update or *_finalize). The actual output length (number of bytes that has been used) will be returned by the function call itself.
- In case the function call has no output (e.g. yaca_sign_update(), yaca_digest_update()), there is no need to use this function.
- In case the function call has no input (eg. *_finalize), the value of input_len has to be set to 0.
- Parameters:
-
[in] ctx Previously initialized crypto context [in] input_len Length of the input data to be processed [out] output_len Required length of the output
- Returns:
- YACA_ERROR_NONE on success, negative on error
- Return values:
-
YACA_ERROR_NONE Successful YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, invalid ctx or too big input_len) YACA_ERROR_INTERNAL Internal error
int yaca_context_get_property | ( | const yaca_context_h | ctx, |
yaca_property_e | property, | ||
void ** | value, | ||
size_t * | value_len | ||
) |
Returns the non-standard context properties. Can only be called on an initialized context.
- Since :
- 3.0
- Remarks:
- The value should be freed using yaca_free().
- The value has to be of type appropriate for given property. See yaca_property_e for details on corresponding types.
- The value_len can be NULL if returned value is a single object (i.e. not an array/buffer).
- Parameters:
-
[in] ctx Previously initialized crypto context [in] property Property to be read [out] value Copy of the property value [out] value_len Length of the property value will be returned here
- Returns:
- YACA_ERROR_NONE on success, negative on error
- Return values:
-
YACA_ERROR_NONE Successful YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, invalid ctx or property) YACA_ERROR_OUT_OF_MEMORY Out of memory error YACA_ERROR_INTERNAL Internal error
int yaca_context_set_property | ( | yaca_context_h | ctx, |
yaca_property_e | property, | ||
const void * | value, | ||
size_t | value_len | ||
) |
Sets the non-standard context properties. Can only be called on an initialized context.
- Since :
- 3.0
- Remarks:
- The value has to be of type appropriate for given property. See yaca_property_e for details on corresponding types.
- Parameters:
-
[in,out] ctx Previously initialized crypto context [in] property Property to be set [in] value Property value [in] value_len Length of the property value
- Returns:
- YACA_ERROR_NONE on success, negative on error
- Return values:
-
YACA_ERROR_NONE Successful YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, invalid ctx or property) YACA_ERROR_INTERNAL Internal error
int yaca_decrypt_finalize | ( | yaca_context_h | ctx, |
char * | plaintext, | ||
size_t * | plaintext_len | ||
) |
Decrypts the final chunk of the data.
- Since :
- 3.0
- Remarks:
- Skipping yaca_decrypt_update() and calling only yaca_decrypt_finalize() will produce a decryption of an empty ciphertext.
- Parameters:
-
[in,out] ctx A valid decrypt context [out] plaintext Final piece of the decrypted data (must be allocated by client, see yaca_context_get_output_length()) [out] plaintext_len Length of the final piece, actual number of bytes written will be returned here
- Returns:
- YACA_ERROR_NONE on success, negative on error
- Return values:
-
YACA_ERROR_NONE Successful YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, invalid ctx), wrong YACA_PROPERTY_GCM_AAD or wrong YACA_PROPERTY_GCM_TAG was used YACA_ERROR_INTERNAL Internal error
int yaca_decrypt_initialize | ( | yaca_context_h * | ctx, |
yaca_encrypt_algorithm_e | algo, | ||
yaca_block_cipher_mode_e | bcm, | ||
const yaca_key_h | sym_key, | ||
const yaca_key_h | iv | ||
) |
Initializes an decryption context.
- Since :
- 3.0
- Remarks:
- The ctx should be released using yaca_context_destroy().
- Parameters:
-
[out] ctx Newly created context [in] algo Encryption algorithm that was used to encrypt the data [in] bcm Chaining mode that was used to encrypt the data [in] sym_key Symmetric key that was used to encrypt the data [in] iv Initialization Vector that was used to encrypt the data
- Returns:
- YACA_ERROR_NONE on success, negative on error
- Return values:
-
YACA_ERROR_NONE Successful YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, invalid algo, bcm, sym_key or iv) YACA_ERROR_OUT_OF_MEMORY Out of memory error YACA_ERROR_INTERNAL Internal error
int yaca_decrypt_update | ( | yaca_context_h | ctx, |
const char * | ciphertext, | ||
size_t | ciphertext_len, | ||
char * | plaintext, | ||
size_t * | plaintext_len | ||
) |
Decrypts chunk of the data.
- Since :
- 3.0
- Parameters:
-
[in,out] ctx Context created by yaca_decrypt_initialize() [in] ciphertext Ciphertext to be decrypted [in] ciphertext_len Length of the ciphertext [out] plaintext Buffer for the decrypted data (must be allocated by client, see yaca_context_get_output_length()) [out] plaintext_len Length of the decrypted data, actual number of bytes written will be returned here
- Returns:
- YACA_ERROR_NONE on success, negative on error
- Return values:
-
YACA_ERROR_NONE Successful YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, invalid ctx), wrong YACA_PROPERTY_CCM_AAD or wrong YACA_PROPERTY_CCM_TAG was used YACA_ERROR_INTERNAL Internal error
int yaca_encrypt_finalize | ( | yaca_context_h | ctx, |
char * | ciphertext, | ||
size_t * | ciphertext_len | ||
) |
Encrypts the final chunk of the data.
- Since :
- 3.0
- Remarks:
- Skipping yaca_encrypt_update() and calling only yaca_encrypt_finalize() will produce an encryption of an empty message.
- Parameters:
-
[in,out] ctx A valid encrypt context [out] ciphertext Final piece of the encrypted data (must be allocated by client, see yaca_context_get_output_length()) [out] ciphertext_len Length of the final piece, actual number of bytes written will be returned here
- Returns:
- YACA_ERROR_NONE on success, negative on error
- Return values:
-
YACA_ERROR_NONE Successful YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, invalid ctx) YACA_ERROR_INTERNAL Internal error
int yaca_encrypt_get_iv_bit_length | ( | yaca_encrypt_algorithm_e | algo, |
yaca_block_cipher_mode_e | bcm, | ||
size_t | key_bit_len, | ||
size_t * | iv_bit_len | ||
) |
Returns the recommended/default length of the Initialization Vector for a given encryption configuration.
- Since :
- 3.0
- Remarks:
- If returned iv_bit_len equals 0 that means that for this specific algorithm and its parameters Initialization Vector is not used.
- Parameters:
-
[in] algo Encryption algorithm [in] bcm Chain mode [in] key_bit_len Key length in bits [out] iv_bit_len Recommended Initialization Vector length in bits
- Returns:
- YACA_ERROR_NONE on success, negative on error
- Return values:
-
YACA_ERROR_NONE Successful YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, invalid algo, bcm or key_bit_len not divisible by 8) YACA_ERROR_INTERNAL Internal error
int yaca_encrypt_initialize | ( | yaca_context_h * | ctx, |
yaca_encrypt_algorithm_e | algo, | ||
yaca_block_cipher_mode_e | bcm, | ||
const yaca_key_h | sym_key, | ||
const yaca_key_h | iv | ||
) |
Initializes an encryption context.
- Since :
- 3.0
- Remarks:
- The ctx should be released using yaca_context_destroy().
- Parameters:
-
[out] ctx Newly created context [in] algo Encryption algorithm that will be used [in] bcm Chaining mode that will be used [in] sym_key Symmetric key that will be used [in] iv Initialization Vector that will be used
- Returns:
- YACA_ERROR_NONE on success, negative on error
- Return values:
-
YACA_ERROR_NONE Successful YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, invalid algo, bcm, sym_key or iv) YACA_ERROR_OUT_OF_MEMORY Out of memory error YACA_ERROR_INTERNAL Internal error
int yaca_encrypt_update | ( | yaca_context_h | ctx, |
const char * | plaintext, | ||
size_t | plaintext_len, | ||
char * | ciphertext, | ||
size_t * | ciphertext_len | ||
) |
Encrypts chunk of the data.
- Since :
- 3.0
- Parameters:
-
[in,out] ctx Context created by yaca_encrypt_initialize() [in] plaintext Plaintext to be encrypted [in] plaintext_len Length of the plaintext [out] ciphertext Buffer for the encrypted data (must be allocated by client, see yaca_context_get_output_length()) [out] ciphertext_len Length of the encrypted data, actual number of bytes written will be returned here
- Returns:
- YACA_ERROR_NONE on success, negative on error
- Return values:
-
YACA_ERROR_NONE Successful YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, invalid ctx) YACA_ERROR_INTERNAL Internal error
void yaca_free | ( | void * | memory | ) |
Frees the memory allocated by yaca_malloc(), yaca_zalloc(), yaca_realloc() or one of the cryptographic operations.
- Since :
- 3.0
- Parameters:
-
[in] memory Pointer to the memory to be freed
- See also:
- yaca_malloc()
- yaca_zalloc()
- yaca_realloc()
int yaca_initialize | ( | void | ) |
Initializes the library. Must be called before any other crypto function. Should be called once in each thread that uses yaca.
- Since :
- 3.0
- Returns:
- YACA_ERROR_NONE on success, negative on error
- Return values:
-
YACA_ERROR_NONE Successful YACA_ERROR_OUT_OF_MEMORY Out of memory error YACA_ERROR_INTERNAL Internal error
- See also:
- yaca_cleanup()
int yaca_malloc | ( | size_t | size, |
void ** | memory | ||
) |
Allocates the memory.
- Since :
- 3.0
- Remarks:
- The memory should be freed using yaca_free().
- Parameters:
-
[in] size Size of the allocation (bytes) [out] memory Allocated memory
- Returns:
- YACA_ERROR_NONE on success, negative on error
- Return values:
-
YACA_ERROR_NONE Successful YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0) YACA_ERROR_OUT_OF_MEMORY Out of memory error
- See also:
- yaca_zalloc()
- yaca_realloc()
- yaca_free()
int yaca_memcmp | ( | const void * | first, |
const void * | second, | ||
size_t | len | ||
) |
Safely compares first len bytes of two buffers.
- Since :
- 3.0
- Parameters:
-
[in] first Pointer to the first buffer [in] second Pointer to the second buffer [in] len Length to compare
- Returns:
- YACA_ERROR_NONE when buffers are equal, otherwise YACA_ERROR_DATA_MISMATCH
- Return values:
-
YACA_ERROR_NONE Successful YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0) YACA_ERROR_DATA_MISMATCH Buffers are different
int yaca_open_finalize | ( | yaca_context_h | ctx, |
char * | plaintext, | ||
size_t * | plaintext_len | ||
) |
Decrypts last chunk of sealed message.
- Since :
- 3.0
- Remarks:
- Skipping yaca_open_update() and calling only yaca_open_finalize() will produce a decryption of an empty ciphertext.
- Parameters:
-
[in,out] ctx A valid open context [out] plaintext Final piece of the decrypted data (must be allocated by client, see yaca_context_get_output_length()) [out] plaintext_len Length of the final piece, actual number of bytes written will be returned here
- Returns:
- YACA_ERROR_NONE on success, negative on error
- Return values:
-
YACA_ERROR_NONE Successful YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, invalid ctx), wrong YACA_PROPERTY_GCM_AAD or wrong YACA_PROPERTY_GCM_TAG was used YACA_ERROR_INTERNAL Internal error
int yaca_open_initialize | ( | yaca_context_h * | ctx, |
const yaca_key_h | prv_key, | ||
yaca_encrypt_algorithm_e | algo, | ||
yaca_block_cipher_mode_e | bcm, | ||
size_t | sym_key_bit_len, | ||
const yaca_key_h | sym_key, | ||
const yaca_key_h | iv | ||
) |
Initializes an asymmetric decryption context.
- Since :
- 3.0
- Remarks:
- The ctx should be released using yaca_context_destroy().
- The prv_key must be YACA_KEY_TYPE_RSA_PRIV.
- Parameters:
-
[out] ctx Newly created context [in] prv_key Private key, part of the pair that was used for the encryption [in] algo Symmetric algorithm that was used for the encryption [in] bcm Block chaining mode for the symmetric algorithm [in] sym_key_bit_len Symmetric key length (in bits) that was used for the encryption [in] sym_key Symmetric key, encrypted with the public key, that was used to encrypt the data [in] iv Initialization Vector that was used for the encryption
- Returns:
- YACA_ERROR_NONE on success, negative on error
- Return values:
-
YACA_ERROR_NONE Successful YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, invalid algo, bcm, sym_key_bit_len, prv_key, sym_key or iv) YACA_ERROR_OUT_OF_MEMORY Out of memory error YACA_ERROR_INTERNAL Internal error
int yaca_open_update | ( | yaca_context_h | ctx, |
const char * | ciphertext, | ||
size_t | ciphertext_len, | ||
char * | plaintext, | ||
size_t * | plaintext_len | ||
) |
Decrypts piece of the data.
- Since :
- 3.0
- Parameters:
-
[in,out] ctx Context created by yaca_open_initialize() [in] ciphertext Ciphertext to be decrypted [in] ciphertext_len Length of the ciphertext [out] plaintext Buffer for the decrypted data (must be allocated by client, see yaca_context_get_output_length()) [out] plaintext_len Length of the decrypted data, actual number of bytes written will be returned here
- Returns:
- YACA_ERROR_NONE on success, negative on error
- Return values:
-
YACA_ERROR_NONE Successful YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, invalid ctx), wrong YACA_PROPERTY_CCM_AAD or wrong YACA_PROPERTY_CCM_TAG was used YACA_ERROR_INTERNAL Internal error
int yaca_randomize_bytes | ( | char * | data, |
size_t | data_len | ||
) |
Generates random data.
- Since :
- 3.0
- Parameters:
-
[in,out] data Pointer to the memory to be randomized [in] data_len Length of the memory to be randomized
- Returns:
- YACA_ERROR_NONE on success, negative on error
- Return values:
-
YACA_ERROR_NONE Successful YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0) YACA_ERROR_INTERNAL Internal error
int yaca_realloc | ( | size_t | size, |
void ** | memory | ||
) |
Re-allocates the memory.
- Since :
- 3.0
- Remarks:
- In case of failure the function doesn't free the memory pointed by memory.
- If memory is NULL then the call is equivalent to yaca_malloc().
- If the function fails the contents of memory will be left unchanged.
- The memory should be freed using yaca_free().
- Parameters:
-
[in] size Size of the new allocation (bytes) [in,out] memory Memory to be reallocated
- Returns:
- YACA_ERROR_NONE on success, negative on error
- Return values:
-
YACA_ERROR_NONE Successful YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0) YACA_ERROR_OUT_OF_MEMORY Out of memory error
- See also:
- yaca_malloc()
- yaca_zalloc()
- yaca_free()
int yaca_seal_finalize | ( | yaca_context_h | ctx, |
char * | ciphertext, | ||
size_t * | ciphertext_len | ||
) |
Encrypts the final piece of the data.
- Since :
- 3.0
- Remarks:
- Skipping yaca_seal_update() and calling only yaca_seal_finalize() will produce an encryption of an empty message.
- Parameters:
-
[in,out] ctx A valid seal context [out] ciphertext Final piece of the encrypted data (must be allocated by client, see yaca_context_get_output_length()) [out] ciphertext_len Length of the final piece, actual number of bytes written will be returned here
- Returns:
- YACA_ERROR_NONE on success, negative on error
- Return values:
-
YACA_ERROR_NONE Successful YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, invalid ctx) YACA_ERROR_INTERNAL Internal error
int yaca_seal_initialize | ( | yaca_context_h * | ctx, |
const yaca_key_h | pub_key, | ||
yaca_encrypt_algorithm_e | algo, | ||
yaca_block_cipher_mode_e | bcm, | ||
size_t | sym_key_bit_len, | ||
yaca_key_h * | sym_key, | ||
yaca_key_h * | iv | ||
) |
Initializes an asymmetric encryption context and generates symmetric key and Initialization Vector.
- Since :
- 3.0
- Remarks:
- Generated symmetric key is encrypted with public key, so can be only used with yaca_open_initialize(). It can be exported, but after import it can be only used with yaca_open_initialize() as well.
- The ctx should be released using yaca_context_destroy().
- The pub_key must be YACA_KEY_TYPE_RSA_PUB.
- The sym_key_bit_len must be at least 88 bits shorter than the pub_key bit length.
- The sym_key should be released using yaca_key_destroy().
- The iv should be released using yaca_key_destroy().
- Parameters:
-
[out] ctx Newly created context [in] pub_key Public key of the peer that will receive the encrypted data [in] algo Symmetric algorithm that will be used [in] bcm Block chaining mode for the symmetric algorithm [in] sym_key_bit_len Symmetric key length (in bits) that will be generated [out] sym_key Generated symmetric key that will be used, it is encrypted with peer's public key [out] iv Generated Initialization Vector that will be used
- Returns:
- YACA_ERROR_NONE on success, negative on error
- Return values:
-
YACA_ERROR_NONE Successful YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, invalid algo, bcm, sym_key_bit_len or pub_key) YACA_ERROR_OUT_OF_MEMORY Out of memory error YACA_ERROR_INTERNAL Internal error
int yaca_seal_update | ( | yaca_context_h | ctx, |
const char * | plaintext, | ||
size_t | plaintext_len, | ||
char * | ciphertext, | ||
size_t * | ciphertext_len | ||
) |
Encrypts piece of the data.
- Since :
- 3.0
- Parameters:
-
[in,out] ctx Context created by yaca_seal_initialize() [in] plaintext Plaintext to be encrypted [in] plaintext_len Length of the plaintext [out] ciphertext Buffer for the encrypted data (must be allocated by client, see yaca_context_get_output_length()) [out] ciphertext_len Length of the encrypted data, actual number of bytes written will be returned here
- Returns:
- YACA_ERROR_NONE on success, negative on error
- Return values:
-
YACA_ERROR_NONE Successful YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0, invalid ctx) YACA_ERROR_INTERNAL Internal error
int yaca_zalloc | ( | size_t | size, |
void ** | memory | ||
) |
Allocates the zeroed memory.
- Since :
- 3.0
- Remarks:
- The memory should be freed using yaca_free().
- Parameters:
-
[in] size Size of the allocation (bytes) [out] memory Allocated memory
- Returns:
- YACA_ERROR_NONE on success, negative on error
- Return values:
-
YACA_ERROR_NONE Successful YACA_ERROR_INVALID_PARAMETER Required parameters have incorrect values (NULL, 0) YACA_ERROR_OUT_OF_MEMORY Out of memory error
- See also:
- yaca_malloc()
- yaca_realloc()
- yaca_free()