diff options
author | Christian Grothoff <christian@grothoff.org> | 2022-01-19 13:49:39 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2022-01-19 13:49:39 +0100 |
commit | 5694afc25e4363c15756fe6c529c441750870cff (patch) | |
tree | a003fc19d50d0c629a7d78d0e34d95ba62053a12 | |
parent | b973491c643a5e86e3df3acb9fc62a62d9401438 (diff) | |
download | anastasis-5694afc25e4363c15756fe6c529c441750870cff.tar.gz anastasis-5694afc25e4363c15756fe6c529c441750870cff.zip |
helper routines for recdoc meta data encryption/decryption
-rw-r--r-- | src/include/anastasis_crypto_lib.h | 38 | ||||
-rw-r--r-- | src/util/anastasis_crypto.c | 84 |
2 files changed, 91 insertions, 31 deletions
diff --git a/src/include/anastasis_crypto_lib.h b/src/include/anastasis_crypto_lib.h index c28b83a..da60630 100644 --- a/src/include/anastasis_crypto_lib.h +++ b/src/include/anastasis_crypto_lib.h | |||
@@ -396,6 +396,44 @@ ANASTASIS_CRYPTO_recovery_document_decrypt ( | |||
396 | 396 | ||
397 | 397 | ||
398 | /** | 398 | /** |
399 | * Encrypt recovery document meta data. | ||
400 | * | ||
401 | * @param id Hashed User input, used for the generation of the encryption key | ||
402 | * @param meta_data contains the recovery document meta data | ||
403 | * @param meta_data_size number of bytes in @a meta_data | ||
404 | * @param[out] enc_meta_data set to the encrypted meta data | ||
405 | * @param[out] enc_meta_data_size size of the result | ||
406 | */ | ||
407 | void | ||
408 | ANASTASIS_CRYPTO_recovery_metadata_encrypt ( | ||
409 | const struct ANASTASIS_CRYPTO_UserIdentifierP *id, | ||
410 | const void *meta_data, | ||
411 | size_t meta_data_size, | ||
412 | void **enc_meta_data, | ||
413 | size_t *enc_meta_data_size); | ||
414 | |||
415 | |||
416 | /** | ||
417 | * Decrypts the recovery meta data. | ||
418 | * | ||
419 | * @param id Hashed User input, used for the generation of the decryption key | ||
420 | * @param enc_meta_data encrypted meta data | ||
421 | * @param enc_meta_data_size number of bytes in @a enc_meta_data | ||
422 | * @param[out] meta_data decrypted meta data | ||
423 | * @param[out] meta_data_size size of the result in @a meta_data | ||
424 | * @return #GNUNET_OK on success, #GNUNET_NO if the authentication tag | ||
425 | * was wrong | ||
426 | */ | ||
427 | enum GNUNET_GenericReturnValue | ||
428 | ANASTASIS_CRYPTO_recovery_metadata_decrypt ( | ||
429 | const struct ANASTASIS_CRYPTO_UserIdentifierP *id, | ||
430 | const void *enc_meta_data, | ||
431 | size_t enc_meta_data_size, | ||
432 | void **meta_data, | ||
433 | size_t *meta_data_size); | ||
434 | |||
435 | |||
436 | /** | ||
399 | * Encrypts a keyshare with a key generated with the user identification as entropy and the salt "eks". | 437 | * Encrypts a keyshare with a key generated with the user identification as entropy and the salt "eks". |
400 | * | 438 | * |
401 | * @param key_share the key share which is afterwards encrypted | 439 | * @param key_share the key share which is afterwards encrypted |
diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c index f9ae657..89750e4 100644 --- a/src/util/anastasis_crypto.c +++ b/src/util/anastasis_crypto.c | |||
@@ -170,8 +170,9 @@ anastasis_encrypt (const struct ANASTASIS_CRYPTO_NonceP *nonce, | |||
170 | * @param salt salt value which is used for key derivation | 170 | * @param salt salt value which is used for key derivation |
171 | * @param[out] res plaintext output | 171 | * @param[out] res plaintext output |
172 | * @param[out] res_size size of the plaintext | 172 | * @param[out] res_size size of the plaintext |
173 | * @return #GNUNET_OK on success | ||
173 | */ | 174 | */ |
174 | static void | 175 | static enum GNUNET_GenericReturnValue |
175 | anastasis_decrypt (const void *key, | 176 | anastasis_decrypt (const void *key, |
176 | size_t key_len, | 177 | size_t key_len, |
177 | const void *data, | 178 | const void *data, |
@@ -204,7 +205,9 @@ anastasis_decrypt (const void *key, | |||
204 | { | 205 | { |
205 | GNUNET_break (0); | 206 | GNUNET_break (0); |
206 | GNUNET_free (*res); | 207 | GNUNET_free (*res); |
208 | return GNUNET_SYSERR; | ||
207 | } | 209 | } |
210 | return GNUNET_OK; | ||
208 | } | 211 | } |
209 | 212 | ||
210 | 213 | ||
@@ -332,9 +335,9 @@ ANASTASIS_CRYPTO_keyshare_encrypt ( | |||
332 | sizeof (nonce)); | 335 | sizeof (nonce)); |
333 | anastasis_encrypt (&nonce, | 336 | anastasis_encrypt (&nonce, |
334 | id, | 337 | id, |
335 | sizeof (struct ANASTASIS_CRYPTO_UserIdentifierP), | 338 | sizeof (*id), |
336 | key_share, | 339 | key_share, |
337 | sizeof (struct ANASTASIS_CRYPTO_KeyShareP), | 340 | sizeof (*key_share), |
338 | (NULL == xsalt) ? salt : xsalt, | 341 | (NULL == xsalt) ? salt : xsalt, |
339 | &eks, | 342 | &eks, |
340 | &eks_size); | 343 | &eks_size); |
@@ -359,9 +362,9 @@ ANASTASIS_CRYPTO_keyshare_decrypt ( | |||
359 | void *ks = NULL; | 362 | void *ks = NULL; |
360 | 363 | ||
361 | anastasis_decrypt (id, | 364 | anastasis_decrypt (id, |
362 | sizeof (struct ANASTASIS_CRYPTO_UserIdentifierP), | 365 | sizeof (*id), |
363 | enc_key_share, | 366 | enc_key_share, |
364 | sizeof (struct ANASTASIS_CRYPTO_EncryptedKeyShareP), | 367 | sizeof (*enc_key_share), |
365 | (NULL == xsalt) ? salt : xsalt, | 368 | (NULL == xsalt) ? salt : xsalt, |
366 | &ks, | 369 | &ks, |
367 | &ks_size); | 370 | &ks_size); |
@@ -505,18 +508,6 @@ ANASTASIS_CRYPTO_core_secret_encrypt ( | |||
505 | } | 508 | } |
506 | 509 | ||
507 | 510 | ||
508 | /** | ||
509 | * Decrypts the core secret with the master key. First the master key is decrypted with the provided policy key. | ||
510 | * Afterwards the core secret is encrypted with the master key. The core secret is returned. | ||
511 | * | ||
512 | * @param encrypted_master_key master key for decrypting the core secret, is itself encrypted by the policy key | ||
513 | * @param encrypted_master_key_size size of the encrypted master key | ||
514 | * @param policy_key built policy key which will decrypt the master key | ||
515 | * @param encrypted_core_secret the encrypted core secret from the user, will be encrypted with the policy key | ||
516 | * @param encrypted_core_secret_size size of the encrypted core secret | ||
517 | * @param[out] core_secret decrypted core secret will be returned | ||
518 | * @param[out] core_secret_size size of core secret | ||
519 | */ | ||
520 | void | 511 | void |
521 | ANASTASIS_CRYPTO_core_secret_recover ( | 512 | ANASTASIS_CRYPTO_core_secret_recover ( |
522 | const void *encrypted_master_key, | 513 | const void *encrypted_master_key, |
@@ -561,11 +552,6 @@ ANASTASIS_CRYPTO_core_secret_recover ( | |||
561 | } | 552 | } |
562 | 553 | ||
563 | 554 | ||
564 | /** | ||
565 | * Destroy a core secret encryption result. | ||
566 | * | ||
567 | * @param cser the result to destroy | ||
568 | */ | ||
569 | void | 555 | void |
570 | ANASTASIS_CRYPTO_destroy_encrypted_core_secret ( | 556 | ANASTASIS_CRYPTO_destroy_encrypted_core_secret ( |
571 | struct ANASTASIS_CoreSecretEncryptionResult *cser) | 557 | struct ANASTASIS_CoreSecretEncryptionResult *cser) |
@@ -579,15 +565,6 @@ ANASTASIS_CRYPTO_destroy_encrypted_core_secret ( | |||
579 | } | 565 | } |
580 | 566 | ||
581 | 567 | ||
582 | /** | ||
583 | * Convert a @a uuid to a shortened, human-readable string | ||
584 | * useful to show to users to identify the truth. | ||
585 | * Note that the return value is in a global variable and | ||
586 | * only valid until the next invocation of this function. | ||
587 | * | ||
588 | * @param uuid UUID to convert | ||
589 | * @return string representation | ||
590 | */ | ||
591 | const char * | 568 | const char * |
592 | ANASTASIS_CRYPTO_uuid2s (const struct ANASTASIS_CRYPTO_TruthUUIDP *uuid) | 569 | ANASTASIS_CRYPTO_uuid2s (const struct ANASTASIS_CRYPTO_TruthUUIDP *uuid) |
593 | { | 570 | { |
@@ -604,4 +581,49 @@ ANASTASIS_CRYPTO_uuid2s (const struct ANASTASIS_CRYPTO_TruthUUIDP *uuid) | |||
604 | } | 581 | } |
605 | 582 | ||
606 | 583 | ||
584 | void | ||
585 | ANASTASIS_CRYPTO_recovery_metadata_encrypt ( | ||
586 | const struct ANASTASIS_CRYPTO_UserIdentifierP *id, | ||
587 | const void *meta_data, | ||
588 | size_t meta_data_size, | ||
589 | void **enc_meta_data, | ||
590 | size_t *enc_meta_data_size) | ||
591 | { | ||
592 | const char *salt = "rmd"; | ||
593 | struct ANASTASIS_CRYPTO_NonceP nonce; | ||
594 | |||
595 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, | ||
596 | &nonce, | ||
597 | sizeof (nonce)); | ||
598 | anastasis_encrypt (&nonce, | ||
599 | id, | ||
600 | sizeof (*id), | ||
601 | meta_data, | ||
602 | meta_data_size, | ||
603 | salt, | ||
604 | enc_meta_data, | ||
605 | enc_meta_data_size); | ||
606 | } | ||
607 | |||
608 | |||
609 | enum GNUNET_GenericReturnValue | ||
610 | ANASTASIS_CRYPTO_recovery_metadata_decrypt ( | ||
611 | const struct ANASTASIS_CRYPTO_UserIdentifierP *id, | ||
612 | const void *enc_meta_data, | ||
613 | size_t enc_meta_data_size, | ||
614 | void **meta_data, | ||
615 | size_t *meta_data_size) | ||
616 | { | ||
617 | const char *salt = "rmd"; | ||
618 | |||
619 | return anastasis_decrypt (id, | ||
620 | sizeof (*id), | ||
621 | enc_meta_data, | ||
622 | enc_meta_data_size, | ||
623 | salt, | ||
624 | meta_data, | ||
625 | meta_data_size); | ||
626 | } | ||
627 | |||
628 | |||
607 | /* end of anastasis_crypto.c */ | 629 | /* end of anastasis_crypto.c */ |