aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2022-01-19 13:49:39 +0100
committerChristian Grothoff <christian@grothoff.org>2022-01-19 13:49:39 +0100
commit5694afc25e4363c15756fe6c529c441750870cff (patch)
treea003fc19d50d0c629a7d78d0e34d95ba62053a12
parentb973491c643a5e86e3df3acb9fc62a62d9401438 (diff)
downloadanastasis-5694afc25e4363c15756fe6c529c441750870cff.tar.gz
anastasis-5694afc25e4363c15756fe6c529c441750870cff.zip
helper routines for recdoc meta data encryption/decryption
-rw-r--r--src/include/anastasis_crypto_lib.h38
-rw-r--r--src/util/anastasis_crypto.c84
2 files changed, 91 insertions, 31 deletions
diff --git a/src/include/anastasis_crypto_lib.h b/src/include/anastasis_crypto_lib.h
index c28b83a..da60630 100644
--- a/src/include/anastasis_crypto_lib.h
+++ b/src/include/anastasis_crypto_lib.h
@@ -396,6 +396,44 @@ ANASTASIS_CRYPTO_recovery_document_decrypt (
396 396
397 397
398/** 398/**
399 * Encrypt recovery document meta data.
400 *
401 * @param id Hashed User input, used for the generation of the encryption key
402 * @param meta_data contains the recovery document meta data
403 * @param meta_data_size number of bytes in @a meta_data
404 * @param[out] enc_meta_data set to the encrypted meta data
405 * @param[out] enc_meta_data_size size of the result
406 */
407void
408ANASTASIS_CRYPTO_recovery_metadata_encrypt (
409 const struct ANASTASIS_CRYPTO_UserIdentifierP *id,
410 const void *meta_data,
411 size_t meta_data_size,
412 void **enc_meta_data,
413 size_t *enc_meta_data_size);
414
415
416/**
417 * Decrypts the recovery meta data.
418 *
419 * @param id Hashed User input, used for the generation of the decryption key
420 * @param enc_meta_data encrypted meta data
421 * @param enc_meta_data_size number of bytes in @a enc_meta_data
422 * @param[out] meta_data decrypted meta data
423 * @param[out] meta_data_size size of the result in @a meta_data
424 * @return #GNUNET_OK on success, #GNUNET_NO if the authentication tag
425 * was wrong
426 */
427enum GNUNET_GenericReturnValue
428ANASTASIS_CRYPTO_recovery_metadata_decrypt (
429 const struct ANASTASIS_CRYPTO_UserIdentifierP *id,
430 const void *enc_meta_data,
431 size_t enc_meta_data_size,
432 void **meta_data,
433 size_t *meta_data_size);
434
435
436/**
399 * Encrypts a keyshare with a key generated with the user identification as entropy and the salt "eks". 437 * Encrypts a keyshare with a key generated with the user identification as entropy and the salt "eks".
400 * 438 *
401 * @param key_share the key share which is afterwards encrypted 439 * @param key_share the key share which is afterwards encrypted
diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c
index f9ae657..89750e4 100644
--- a/src/util/anastasis_crypto.c
+++ b/src/util/anastasis_crypto.c
@@ -170,8 +170,9 @@ anastasis_encrypt (const struct ANASTASIS_CRYPTO_NonceP *nonce,
170 * @param salt salt value which is used for key derivation 170 * @param salt salt value which is used for key derivation
171 * @param[out] res plaintext output 171 * @param[out] res plaintext output
172 * @param[out] res_size size of the plaintext 172 * @param[out] res_size size of the plaintext
173 * @return #GNUNET_OK on success
173 */ 174 */
174static void 175static enum GNUNET_GenericReturnValue
175anastasis_decrypt (const void *key, 176anastasis_decrypt (const void *key,
176 size_t key_len, 177 size_t key_len,
177 const void *data, 178 const void *data,
@@ -204,7 +205,9 @@ anastasis_decrypt (const void *key,
204 { 205 {
205 GNUNET_break (0); 206 GNUNET_break (0);
206 GNUNET_free (*res); 207 GNUNET_free (*res);
208 return GNUNET_SYSERR;
207 } 209 }
210 return GNUNET_OK;
208} 211}
209 212
210 213
@@ -332,9 +335,9 @@ ANASTASIS_CRYPTO_keyshare_encrypt (
332 sizeof (nonce)); 335 sizeof (nonce));
333 anastasis_encrypt (&nonce, 336 anastasis_encrypt (&nonce,
334 id, 337 id,
335 sizeof (struct ANASTASIS_CRYPTO_UserIdentifierP), 338 sizeof (*id),
336 key_share, 339 key_share,
337 sizeof (struct ANASTASIS_CRYPTO_KeyShareP), 340 sizeof (*key_share),
338 (NULL == xsalt) ? salt : xsalt, 341 (NULL == xsalt) ? salt : xsalt,
339 &eks, 342 &eks,
340 &eks_size); 343 &eks_size);
@@ -359,9 +362,9 @@ ANASTASIS_CRYPTO_keyshare_decrypt (
359 void *ks = NULL; 362 void *ks = NULL;
360 363
361 anastasis_decrypt (id, 364 anastasis_decrypt (id,
362 sizeof (struct ANASTASIS_CRYPTO_UserIdentifierP), 365 sizeof (*id),
363 enc_key_share, 366 enc_key_share,
364 sizeof (struct ANASTASIS_CRYPTO_EncryptedKeyShareP), 367 sizeof (*enc_key_share),
365 (NULL == xsalt) ? salt : xsalt, 368 (NULL == xsalt) ? salt : xsalt,
366 &ks, 369 &ks,
367 &ks_size); 370 &ks_size);
@@ -505,18 +508,6 @@ ANASTASIS_CRYPTO_core_secret_encrypt (
505} 508}
506 509
507 510
508/**
509 * Decrypts the core secret with the master key. First the master key is decrypted with the provided policy key.
510 * Afterwards the core secret is encrypted with the master key. The core secret is returned.
511 *
512 * @param encrypted_master_key master key for decrypting the core secret, is itself encrypted by the policy key
513 * @param encrypted_master_key_size size of the encrypted master key
514 * @param policy_key built policy key which will decrypt the master key
515 * @param encrypted_core_secret the encrypted core secret from the user, will be encrypted with the policy key
516 * @param encrypted_core_secret_size size of the encrypted core secret
517 * @param[out] core_secret decrypted core secret will be returned
518 * @param[out] core_secret_size size of core secret
519 */
520void 511void
521ANASTASIS_CRYPTO_core_secret_recover ( 512ANASTASIS_CRYPTO_core_secret_recover (
522 const void *encrypted_master_key, 513 const void *encrypted_master_key,
@@ -561,11 +552,6 @@ ANASTASIS_CRYPTO_core_secret_recover (
561} 552}
562 553
563 554
564/**
565 * Destroy a core secret encryption result.
566 *
567 * @param cser the result to destroy
568 */
569void 555void
570ANASTASIS_CRYPTO_destroy_encrypted_core_secret ( 556ANASTASIS_CRYPTO_destroy_encrypted_core_secret (
571 struct ANASTASIS_CoreSecretEncryptionResult *cser) 557 struct ANASTASIS_CoreSecretEncryptionResult *cser)
@@ -579,15 +565,6 @@ ANASTASIS_CRYPTO_destroy_encrypted_core_secret (
579} 565}
580 566
581 567
582/**
583 * Convert a @a uuid to a shortened, human-readable string
584 * useful to show to users to identify the truth.
585 * Note that the return value is in a global variable and
586 * only valid until the next invocation of this function.
587 *
588 * @param uuid UUID to convert
589 * @return string representation
590 */
591const char * 568const char *
592ANASTASIS_CRYPTO_uuid2s (const struct ANASTASIS_CRYPTO_TruthUUIDP *uuid) 569ANASTASIS_CRYPTO_uuid2s (const struct ANASTASIS_CRYPTO_TruthUUIDP *uuid)
593{ 570{
@@ -604,4 +581,49 @@ ANASTASIS_CRYPTO_uuid2s (const struct ANASTASIS_CRYPTO_TruthUUIDP *uuid)
604} 581}
605 582
606 583
584void
585ANASTASIS_CRYPTO_recovery_metadata_encrypt (
586 const struct ANASTASIS_CRYPTO_UserIdentifierP *id,
587 const void *meta_data,
588 size_t meta_data_size,
589 void **enc_meta_data,
590 size_t *enc_meta_data_size)
591{
592 const char *salt = "rmd";
593 struct ANASTASIS_CRYPTO_NonceP nonce;
594
595 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
596 &nonce,
597 sizeof (nonce));
598 anastasis_encrypt (&nonce,
599 id,
600 sizeof (*id),
601 meta_data,
602 meta_data_size,
603 salt,
604 enc_meta_data,
605 enc_meta_data_size);
606}
607
608
609enum GNUNET_GenericReturnValue
610ANASTASIS_CRYPTO_recovery_metadata_decrypt (
611 const struct ANASTASIS_CRYPTO_UserIdentifierP *id,
612 const void *enc_meta_data,
613 size_t enc_meta_data_size,
614 void **meta_data,
615 size_t *meta_data_size)
616{
617 const char *salt = "rmd";
618
619 return anastasis_decrypt (id,
620 sizeof (*id),
621 enc_meta_data,
622 enc_meta_data_size,
623 salt,
624 meta_data,
625 meta_data_size);
626}
627
628
607/* end of anastasis_crypto.c */ 629/* end of anastasis_crypto.c */