Add McEliece keygen and MCEIES to C89 API. Plus random fiddling

1 files changed, 83 insertions, 24 deletions

diff --git a/src/lib/ffi/ffi.h b/src/lib/ffi/ffi.h
index 1402ec129..18a41938b 100644
--- a/src/lib/ffi/ffi.h
+++ b/src/lib/ffi/ffi.h
@@ -13,10 +13,14 @@ extern "C" {
 #endif
 
 /*
-This header exports some of botan's functionality via a C89 interface.  The API
-is intended to be as easy as possible to call from other languages, which often
-have easy ways to call C, because C. But some C code is easier to deal with than
-others, so to make things easy this API follows a few simple rules:
+This header exports some of botan's functionality via a C89
+interface. This API is uesd by the Python and OCaml bindings via those
+languages respective ctypes libraries.
+
+The API is intended to be as easy as possible to call from other
+languages, which often have easy ways to call C, because C. But some C
+code is easier to deal with than others, so to make things easy this
+API follows a few simple rules:
 
 - All interactions are via pointers to opaque structs. No need to worry about
   structure padding issues and the like.
@@ -24,20 +28,25 @@ others, so to make things easy this API follows a few simple rules:
 - All functions return an int error code (except the version calls, which are
   assumed to always have something to say).
 
-- No ownership of memory transfers across the API boundary. The API will write
-  to buffers provided by the caller, or return opaque pointers which may not be
-  dereferenced.
+- Use simple types: size_t for lengths, const char* NULL terminated strings,
+  uint8_t for binary.
+
+- No ownership of memory transfers across the API boundary. The API will
+  consume data from const pointers, and will produce output by writing to
+  variables provided by the caller.
 
 - If exporting a value (a string or a blob) the function takes a pointer to the
-  output array and a read/write pointer to the length. If it is insufficient, an
-  error is returned. So passing nullptr/0 
+  output array and a read/write pointer to the length. If the length is insufficient, an
+  error is returned. So passing nullptr/0 allows querying the final value.
 
-This API is uesd by the Python and OCaml bindings via those languages respective
-ctypes libraries.
+  Note this does not apply to all functions, like `botan_hash_final`
+  which is not idempotent and are documented specially. But it's a
+  general theory of operation.
 
-The API is not currently documented, nor should it be considered stable. It is
-buggy as heck, most likely. However the goal is to provide a long term API
-usable for language bindings, or for use by systems written in C. Suggestions on
+The API is not currently documented, nor should it be considered
+stable. It is buggy as heck, most likely, and error handling is a
+mess. However the goal is to provide a long term API usable for
+language bindings, or for use by systems written in C. Suggestions on
 how to provide the cleanest API for such users would be most welcome.
 
 * TODO:
@@ -68,6 +77,7 @@ BOTAN_DLL uint32_t botan_version_datestamp();
 *
 * Some way of exporting these values to other languages would be useful
 
+
  THIS FUNCTION ASSUMES BOTH ARGUMENTS ARE LITERAL STRINGS
  so it retains only the pointers and does not make a copy.
 
@@ -77,14 +87,26 @@ int botan_make_error(const char* msg, const char* func, int line);
  normally called like
    return botan_make_error(BOTAN_ERROR_STRING_NOT_IMPLEMENTED, BOTAN_FUNCTION, __LINE__);
 
+// This would seem to require both saving the message permanently
+catch(std::exception& e) {
+return botan_make_error_from_transient_string(e.what(), BOTAN_FUNCTION, __LINE__);
+}
+
 #define botan_make_error_inf(s) return botan_make_error(s, BOTAN_FUNCTION, __LINE__);
 
+Easier to return a const char* from each function directly? However,
+
+catch(std::exception& e) { return e.what(); }
+
+doesn't exactly work well either!
+
 *
 * Later call:
 * const char* botan_get_error_str(int);
 * To recover the msg, func, and line
 
 */
+#define BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE (-10)
 #define BOTAN_FFI_ERROR_EXCEPTION_THROWN (-20)
 #define BOTAN_FFI_ERROR_BAD_FLAG (-30)
 #define BOTAN_FFI_ERROR_NULL_POINTER (-31)
@@ -93,7 +115,7 @@ int botan_make_error(const char* msg, const char* func, int line);
 //const char* botan_error_description(int err);
 
 /*
-* Utility
+* Returns 0 if x[0..len] == y[0..len], or otherwise -1
 */
 BOTAN_DLL int botan_same_mem(const uint8_t* x, const uint8_t* y, size_t len);
 
@@ -271,7 +293,8 @@ BOTAN_DLL int botan_privkey_create_rsa(botan_privkey_t* key, botan_rng_t rng, si
 //BOTAN_DLL int botan_privkey_create_dh(botan_privkey_t* key, botan_rng_t rng, size_t p_bits);
 BOTAN_DLL int botan_privkey_create_ecdsa(botan_privkey_t* key, botan_rng_t rng, const char* params);
 BOTAN_DLL int botan_privkey_create_ecdh(botan_privkey_t* key, botan_rng_t rng, const char* params);
-//BOTAN_DLL int botan_privkey_create_mceliece(botan_privkey_t* key, botan_rng_t rng, size_t n, size_t t);
+BOTAN_DLL int botan_privkey_create_mceliece(botan_privkey_t* key, botan_rng_t rng, size_t n, size_t t);
+
 
 /*
 * Input currently assumed to be PKCS #8 structure;
@@ -406,6 +429,26 @@ BOTAN_DLL int botan_pk_op_key_agreement(botan_pk_op_ka_t op,
                                         const uint8_t salt[], size_t salt_len);
 
 
+/*
+*
+* @param mce_key must be a McEliece key
+* ct_len should be pt_len + n/8 + a few?
+*/
+BOTAN_DLL int botan_mceies_encrypt(botan_pubkey_t mce_key,
+                                   botan_rng_t rng,
+                                   const char* aead,
+                                   const uint8_t pt[], size_t pt_len,
+                                   const uint8_t ad[], size_t ad_len,
+                                   uint8_t ct[], size_t* ct_len);
+
+BOTAN_DLL int botan_mceies_decrypt(botan_privkey_t mce_key,
+                                   const char* aead,
+                                   const uint8_t ct[], size_t ct_len,
+                                   const uint8_t ad[], size_t ad_len,
+                                   uint8_t pt[], size_t* pt_len);
+
+
+
 typedef struct botan_x509_cert_struct* botan_x509_cert_t;
 BOTAN_DLL int botan_x509_cert_load(botan_x509_cert_t* cert_obj, const uint8_t cert[], size_t cert_len);
 BOTAN_DLL int botan_x509_cert_load_file(botan_x509_cert_t* cert_obj, const char* filename);
@@ -439,7 +482,6 @@ BOTAN_DLL int botan_x509_cert_get_issuer_dn(botan_x509_cert_t cert,
                                             const char* key, size_t index,
                                             uint8_t out[], size_t* out_len);
 
-
 BOTAN_DLL int botan_x509_cert_get_subject_dn(botan_x509_cert_t cert,
                                              const char* key, size_t index,
                                              uint8_t out[], size_t* out_len);
@@ -469,17 +511,29 @@ BOTAN_DLL int botan_x509_cert_allowed_usage(botan_x509_cert_t cert, unsigned int
 
 typedef struct botan_tls_session_struct* botan_tls_session_t;
 
-BOTAN_DLL int botan_tls_session_get_version(botan_tls_session_t* session, uint16_t* tls_version);
-BOTAN_DLL int botan_tls_session_get_ciphersuite(botan_tls_session_t* session, uint16_t* ciphersuite);
-BOTAN_DLL int botan_tls_session
+BOTAN_DLL int botan_tls_session_decrypt(botan_tls_session_t* session,
+                                        const byte key[], size_t key_len,
+                                        const byte blob[], size_t blob_len);
+
+BOTAN_DLL int botan_tls_session_get_version(botan_tls_session_t session, uint16_t* tls_version);
+BOTAN_DLL int botan_tls_session_get_ciphersuite(botan_tls_session_t session, uint16_t* ciphersuite);
+BOTAN_DLL int botan_tls_session_encrypt(botan_tls_session_t session, botan_rng_t rng, byte key[], size_t* key_len);
+
+BOTAN_DLL int botan_tls_session_get_peer_certs(botan_tls_session_t session, botan_x509_cert_t certs[], size_t* cert_len);
+
 // TODO: peer certs, validation, ...
 
 typedef struct botan_tls_channel_struct* botan_tls_channel_t;
 
-typedef void (*botan_tls_channel_output_fn)(void*, const uint8_t*, size_t);
-typedef void (*botan_tls_channel_data_cb)(void*, const uint8_t*, size_t);
-typedef void (*botan_tls_channel_alert_cb)(void*, uint16_t, const char*);
-typedef void (*botan_tls_channel_session_established)(void*, botan_tls_session_t);
+typedef void (*botan_tls_channel_output_fn)(void* application_data, const uint8_t* data, size_t data_len);
+
+typedef void (*botan_tls_channel_data_cb)(void* application_data, const uint8_t* data, size_t data_len);
+
+typedef void (*botan_tls_channel_alert_cb)(void* application_data, uint16_t alert_code);
+
+typedef void (*botan_tls_channel_session_established)(void* application_data,
+                                                      botan_tls_channel_t channel,
+                                                      botan_tls_session_t session);
 
 BOTAN_DLL int botan_tls_channel_init_client(botan_tls_channel_t* channel,
                                             botan_tls_channel_output_fn output_fn,
@@ -497,6 +551,11 @@ BOTAN_DLL int botan_tls_channel_init_server(botan_tls_channel_t* channel,
 BOTAN_DLL int botan_tls_channel_received_data(botan_tls_channel_t chan,
                                               const uint8_t input[], size_t len);
 
+/**
+* Returns 0 for client, 1 for server, negative for error
+*/
+BOTAN_DLL int botan_tls_channel_type(botan_tls_channel_t chan);
+
 BOTAN_DLL int botan_tls_channel_send(botan_tls_channel_t chan,
                                      const uint8_t input[], size_t len);