summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2022-01-19 13:49:39 +0100
committerChristian Grothoff <christian@grothoff.org>2022-01-19 13:49:39 +0100
commit5694afc25e4363c15756fe6c529c441750870cff (patch)
treea003fc19d50d0c629a7d78d0e34d95ba62053a12
parentb973491c643a5e86e3df3acb9fc62a62d9401438 (diff)
downloadanastasis-5694afc25e4363c15756fe6c529c441750870cff.tar.gz
anastasis-5694afc25e4363c15756fe6c529c441750870cff.tar.bz2
anastasis-5694afc25e4363c15756fe6c529c441750870cff.zip
helper routines for recdoc meta data encryption/decryption
-rw-r--r--src/include/anastasis_crypto_lib.h38
-rw-r--r--src/util/anastasis_crypto.c84
2 files changed, 91 insertions, 31 deletions
diff --git a/src/include/anastasis_crypto_lib.h b/src/include/anastasis_crypto_lib.h
index c28b83a..da60630 100644
--- a/src/include/anastasis_crypto_lib.h
+++ b/src/include/anastasis_crypto_lib.h
@@ -396,6 +396,44 @@ ANASTASIS_CRYPTO_recovery_document_decrypt (
/**
+ * Encrypt recovery document meta data.
+ *
+ * @param id Hashed User input, used for the generation of the encryption key
+ * @param meta_data contains the recovery document meta data
+ * @param meta_data_size number of bytes in @a meta_data
+ * @param[out] enc_meta_data set to the encrypted meta data
+ * @param[out] enc_meta_data_size size of the result
+ */
+void
+ANASTASIS_CRYPTO_recovery_metadata_encrypt (
+ const struct ANASTASIS_CRYPTO_UserIdentifierP *id,
+ const void *meta_data,
+ size_t meta_data_size,
+ void **enc_meta_data,
+ size_t *enc_meta_data_size);
+
+
+/**
+ * Decrypts the recovery meta data.
+ *
+ * @param id Hashed User input, used for the generation of the decryption key
+ * @param enc_meta_data encrypted meta data
+ * @param enc_meta_data_size number of bytes in @a enc_meta_data
+ * @param[out] meta_data decrypted meta data
+ * @param[out] meta_data_size size of the result in @a meta_data
+ * @return #GNUNET_OK on success, #GNUNET_NO if the authentication tag
+ * was wrong
+ */
+enum GNUNET_GenericReturnValue
+ANASTASIS_CRYPTO_recovery_metadata_decrypt (
+ const struct ANASTASIS_CRYPTO_UserIdentifierP *id,
+ const void *enc_meta_data,
+ size_t enc_meta_data_size,
+ void **meta_data,
+ size_t *meta_data_size);
+
+
+/**
* Encrypts a keyshare with a key generated with the user identification as entropy and the salt "eks".
*
* @param key_share the key share which is afterwards encrypted
diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c
index f9ae657..89750e4 100644
--- a/src/util/anastasis_crypto.c
+++ b/src/util/anastasis_crypto.c
@@ -170,8 +170,9 @@ anastasis_encrypt (const struct ANASTASIS_CRYPTO_NonceP *nonce,
* @param salt salt value which is used for key derivation
* @param[out] res plaintext output
* @param[out] res_size size of the plaintext
+ * @return #GNUNET_OK on success
*/
-static void
+static enum GNUNET_GenericReturnValue
anastasis_decrypt (const void *key,
size_t key_len,
const void *data,
@@ -204,7 +205,9 @@ anastasis_decrypt (const void *key,
{
GNUNET_break (0);
GNUNET_free (*res);
+ return GNUNET_SYSERR;
}
+ return GNUNET_OK;
}
@@ -332,9 +335,9 @@ ANASTASIS_CRYPTO_keyshare_encrypt (
sizeof (nonce));
anastasis_encrypt (&nonce,
id,
- sizeof (struct ANASTASIS_CRYPTO_UserIdentifierP),
+ sizeof (*id),
key_share,
- sizeof (struct ANASTASIS_CRYPTO_KeyShareP),
+ sizeof (*key_share),
(NULL == xsalt) ? salt : xsalt,
&eks,
&eks_size);
@@ -359,9 +362,9 @@ ANASTASIS_CRYPTO_keyshare_decrypt (
void *ks = NULL;
anastasis_decrypt (id,
- sizeof (struct ANASTASIS_CRYPTO_UserIdentifierP),
+ sizeof (*id),
enc_key_share,
- sizeof (struct ANASTASIS_CRYPTO_EncryptedKeyShareP),
+ sizeof (*enc_key_share),
(NULL == xsalt) ? salt : xsalt,
&ks,
&ks_size);
@@ -505,18 +508,6 @@ ANASTASIS_CRYPTO_core_secret_encrypt (
}
-/**
- * Decrypts the core secret with the master key. First the master key is decrypted with the provided policy key.
- * Afterwards the core secret is encrypted with the master key. The core secret is returned.
- *
- * @param encrypted_master_key master key for decrypting the core secret, is itself encrypted by the policy key
- * @param encrypted_master_key_size size of the encrypted master key
- * @param policy_key built policy key which will decrypt the master key
- * @param encrypted_core_secret the encrypted core secret from the user, will be encrypted with the policy key
- * @param encrypted_core_secret_size size of the encrypted core secret
- * @param[out] core_secret decrypted core secret will be returned
- * @param[out] core_secret_size size of core secret
- */
void
ANASTASIS_CRYPTO_core_secret_recover (
const void *encrypted_master_key,
@@ -561,11 +552,6 @@ ANASTASIS_CRYPTO_core_secret_recover (
}
-/**
- * Destroy a core secret encryption result.
- *
- * @param cser the result to destroy
- */
void
ANASTASIS_CRYPTO_destroy_encrypted_core_secret (
struct ANASTASIS_CoreSecretEncryptionResult *cser)
@@ -579,15 +565,6 @@ ANASTASIS_CRYPTO_destroy_encrypted_core_secret (
}
-/**
- * Convert a @a uuid to a shortened, human-readable string
- * useful to show to users to identify the truth.
- * Note that the return value is in a global variable and
- * only valid until the next invocation of this function.
- *
- * @param uuid UUID to convert
- * @return string representation
- */
const char *
ANASTASIS_CRYPTO_uuid2s (const struct ANASTASIS_CRYPTO_TruthUUIDP *uuid)
{
@@ -604,4 +581,49 @@ ANASTASIS_CRYPTO_uuid2s (const struct ANASTASIS_CRYPTO_TruthUUIDP *uuid)
}
+void
+ANASTASIS_CRYPTO_recovery_metadata_encrypt (
+ const struct ANASTASIS_CRYPTO_UserIdentifierP *id,
+ const void *meta_data,
+ size_t meta_data_size,
+ void **enc_meta_data,
+ size_t *enc_meta_data_size)
+{
+ const char *salt = "rmd";
+ struct ANASTASIS_CRYPTO_NonceP nonce;
+
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
+ &nonce,
+ sizeof (nonce));
+ anastasis_encrypt (&nonce,
+ id,
+ sizeof (*id),
+ meta_data,
+ meta_data_size,
+ salt,
+ enc_meta_data,
+ enc_meta_data_size);
+}
+
+
+enum GNUNET_GenericReturnValue
+ANASTASIS_CRYPTO_recovery_metadata_decrypt (
+ const struct ANASTASIS_CRYPTO_UserIdentifierP *id,
+ const void *enc_meta_data,
+ size_t enc_meta_data_size,
+ void **meta_data,
+ size_t *meta_data_size)
+{
+ const char *salt = "rmd";
+
+ return anastasis_decrypt (id,
+ sizeof (*id),
+ enc_meta_data,
+ enc_meta_data_size,
+ salt,
+ meta_data,
+ meta_data_size);
+}
+
+
/* end of anastasis_crypto.c */