diff options
author | Florian Dold <florian@dold.me> | 2021-10-07 14:36:34 +0200 |
---|---|---|
committer | Florian Dold <florian@dold.me> | 2021-10-07 14:50:53 +0200 |
commit | ce961ab6f352bc26f244185e693dfc882151c3d0 (patch) | |
tree | ae264537817b686ad677816cb5010113cd5fa74d /src | |
parent | bfb15f6f8786c777b0c6e63a3bef9c671c8d34fa (diff) | |
download | anastasis-ce961ab6f352bc26f244185e693dfc882151c3d0.tar.gz anastasis-ce961ab6f352bc26f244185e693dfc882151c3d0.tar.bz2 anastasis-ce961ab6f352bc26f244185e693dfc882151c3d0.zip |
use libsodium cryptobox / chacha20poly1305
Diffstat (limited to 'src')
-rw-r--r-- | src/include/anastasis_crypto_lib.h | 2 | ||||
-rw-r--r-- | src/stasis/stasis-0001.sql | 2 | ||||
-rw-r--r-- | src/util/Makefile.am | 5 | ||||
-rw-r--r-- | src/util/anastasis_crypto.c | 218 |
4 files changed, 65 insertions, 162 deletions
diff --git a/src/include/anastasis_crypto_lib.h b/src/include/anastasis_crypto_lib.h index 0075be7..9e038fc 100644 --- a/src/include/anastasis_crypto_lib.h +++ b/src/include/anastasis_crypto_lib.h @@ -137,7 +137,7 @@ struct ANASTASIS_CRYPTO_PolicyKeyP */ struct ANASTASIS_CRYPTO_NonceP { - uint32_t nonce[8]; + uint8_t nonce[crypto_secretbox_NONCEBYTES]; }; diff --git a/src/stasis/stasis-0001.sql b/src/stasis/stasis-0001.sql index e0ebfa6..de2762a 100644 --- a/src/stasis/stasis-0001.sql +++ b/src/stasis/stasis-0001.sql @@ -40,7 +40,7 @@ COMMENT ON COLUMN anastasis_truth_payment.expiration CREATE TABLE IF NOT EXISTS anastasis_truth (truth_uuid BYTEA PRIMARY KEY CHECK(LENGTH(truth_uuid)=32), - key_share_data BYTEA CHECK(LENGTH(key_share_data)=80) NOT NULL, + key_share_data BYTEA CHECK(LENGTH(key_share_data)=72) NOT NULL, method_name VARCHAR NOT NULL, encrypted_truth BYTEA NOT NULL, truth_mime VARCHAR NOT NULL, diff --git a/src/util/Makefile.am b/src/util/Makefile.am index 5f3b3d5..22c7a1c 100644 --- a/src/util/Makefile.am +++ b/src/util/Makefile.am @@ -38,6 +38,7 @@ libanastasisutil_la_SOURCES = \ libanastasisutil_la_LIBADD = \ -lgnunetutil \ $(LIBGCRYPT_LIBS) \ + -lsodium \ -ljansson \ -ltalerutil \ $(XLIB) @@ -54,15 +55,15 @@ TESTS = \ test_anastasis_crypto_SOURCES = \ test_anastasis_crypto.c test_anastasis_crypto_LDADD = \ + $(top_builddir)/src/util/libanastasisutil.la \ -lgnunetutil \ -ltalerutil \ - libanastasisutil.la \ $(XLIB) anastasis_crypto_tvg_SOURCES = \ anastasis-crypto-tvg.c anastasis_crypto_tvg_LDADD = \ - $(top_builddir)/src/util/libanastasisutil.la \ + libanastasisutil.la \ -ltalerjson \ -ltalerutil \ -lgnunetjson \ diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c index 067ac92..1025e60 100644 --- a/src/util/anastasis_crypto.c +++ b/src/util/anastasis_crypto.c @@ -73,49 +73,38 @@ ANASTASIS_CRYPTO_secure_answer_hash ( /** - * Compute @a key and @a iv. + * Compute @a key. * * @param key_material key for calculation * @param key_m_len length of key * @param nonce nonce for calculation * @param salt salt value for calculation * @param[out] key where to write the en-/description key - * @param[out] iv where to write the IV */ static void -get_iv_key (const void *key_material, +derive_key (const void *key_material, size_t key_m_len, const struct ANASTASIS_CRYPTO_NonceP *nonce, const char *salt, - const struct ANASTASIS_CRYPTO_SymKeyP *key, - struct ANASTASIS_CRYPTO_IvP *iv) + struct ANASTASIS_CRYPTO_SymKeyP *key) { - char res[sizeof (struct ANASTASIS_CRYPTO_SymKeyP) - + sizeof (struct ANASTASIS_CRYPTO_IvP)]; if (GNUNET_YES != - GNUNET_CRYPTO_hkdf (res, - sizeof (res), - GCRY_MD_SHA512, - GCRY_MD_SHA256, - key_material, - key_m_len, - nonce, - sizeof (struct ANASTASIS_CRYPTO_NonceP), - salt, - strlen (salt), - NULL, - 0)) + GNUNET_CRYPTO_kdf (key, + sizeof (struct ANASTASIS_CRYPTO_SymKeyP), + nonce, + sizeof (struct ANASTASIS_CRYPTO_NonceP), + key_material, + key_m_len, + salt, + strlen (salt), + NULL, + 0)) { + // FIXME: Huh?! Why would we continue here? GNUNET_break (0); return; } - memcpy ((void *) key, - res, - sizeof (*key)); - memcpy (iv, - &res[sizeof (*key)], - sizeof (*iv)); } @@ -141,67 +130,25 @@ anastasis_encrypt (const struct ANASTASIS_CRYPTO_NonceP *nonce, void **res, size_t *res_size) { - struct ANASTASIS_CRYPTO_NonceP *nonceptr; - gcry_cipher_hd_t cipher; - struct ANASTASIS_CRYPTO_SymKeyP sym_key; - struct ANASTASIS_CRYPTO_IvP iv; - int rc; - struct ANASTASIS_CRYPTO_AesTagP *tag; - char *ciphertext; - - *res_size = data_size - + sizeof (struct ANASTASIS_CRYPTO_NonceP) - + sizeof (struct ANASTASIS_CRYPTO_AesTagP); - if (*res_size <= data_size) - { - GNUNET_break (0); - return; - } - *res = GNUNET_malloc (*res_size); - if (*res_size != data_size - + sizeof (struct ANASTASIS_CRYPTO_NonceP) - + sizeof (struct ANASTASIS_CRYPTO_AesTagP)) - { - GNUNET_break (0); - return; - } - nonceptr = (struct ANASTASIS_CRYPTO_NonceP *) *res; - tag = (struct ANASTASIS_CRYPTO_AesTagP *) &nonceptr[1]; - ciphertext = (char *) &tag[1]; - memcpy (nonceptr, - nonce, - sizeof (*nonce)); - get_iv_key (key, + size_t ciphertext_size; + struct ANASTASIS_CRYPTO_SymKeyP skey; + + derive_key (key, key_len, nonce, salt, - &sym_key, - &iv); - GNUNET_assert (0 == - gcry_cipher_open (&cipher, - GCRY_CIPHER_AES256, - GCRY_CIPHER_MODE_GCM, - 0)); - rc = gcry_cipher_setkey (cipher, - &sym_key, - sizeof (sym_key)); - GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); - rc = gcry_cipher_setiv (cipher, - &iv, - sizeof (iv)); - GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); - - GNUNET_assert (0 == - gcry_cipher_encrypt (cipher, - ciphertext, - data_size, - data, - data_size)); + &skey); + ciphertext_size = crypto_secretbox_NONCEBYTES + + crypto_secretbox_MACBYTES + data_size; + *res_size = ciphertext_size; + *res = GNUNET_malloc (ciphertext_size); + memcpy (*res, nonce, crypto_secretbox_NONCEBYTES); GNUNET_assert (0 == - gcry_cipher_gettag (cipher, - tag, - sizeof (struct ANASTASIS_CRYPTO_AesTagP))); - gcry_cipher_close (cipher); + crypto_secretbox_easy (*res + crypto_secretbox_NONCEBYTES, + data, + data_size, + (void *) nonce, + (void *) &skey)); } @@ -226,71 +173,30 @@ anastasis_decrypt (const void *key, size_t *res_size) { const struct ANASTASIS_CRYPTO_NonceP *nonce; - gcry_cipher_hd_t cipher; - const struct ANASTASIS_CRYPTO_SymKeyP sym_key; - struct ANASTASIS_CRYPTO_IvP iv; - int rc; - const struct ANASTASIS_CRYPTO_AesTagP *tag; - const char *ciphertext; - - *res_size = data_size - - sizeof (struct ANASTASIS_CRYPTO_NonceP) - - sizeof (struct ANASTASIS_CRYPTO_AesTagP); - if (*res_size >= data_size) - { - GNUNET_break (0); - *res = NULL; - return; - } - *res = GNUNET_malloc (*res_size); - if (*res_size != data_size - - sizeof (struct ANASTASIS_CRYPTO_NonceP) - - sizeof (struct ANASTASIS_CRYPTO_AesTagP)) - { - GNUNET_break (0); - GNUNET_free (*res); - return; - } + struct ANASTASIS_CRYPTO_SymKeyP skey; + size_t plaintext_size; - nonce = (const struct ANASTASIS_CRYPTO_NonceP *) data; - tag = (struct ANASTASIS_CRYPTO_AesTagP *) &nonce[1]; - ciphertext = (const char *) &tag[1]; - get_iv_key (key, + GNUNET_assert (data_size >= crypto_secretbox_NONCEBYTES + + crypto_secretbox_MACBYTES); + nonce = data; + derive_key (key, key_len, nonce, salt, - &sym_key, - &iv); - GNUNET_assert (0 == - gcry_cipher_open (&cipher, - GCRY_CIPHER_AES256, - GCRY_CIPHER_MODE_GCM, - 0)); - rc = gcry_cipher_setkey (cipher, - &sym_key, - sizeof (sym_key)); - GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); - - rc = gcry_cipher_setiv (cipher, - &iv, - sizeof (iv)); - GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); - - GNUNET_assert (0 == gcry_cipher_decrypt (cipher, - *res, - *res_size, - ciphertext, - *res_size)); - if (0 != - gcry_cipher_checktag (cipher, - tag, - sizeof (struct ANASTASIS_CRYPTO_AesTagP))) + &skey); + plaintext_size = data_size - (crypto_secretbox_NONCEBYTES + + crypto_secretbox_MACBYTES); + *res = GNUNET_malloc (plaintext_size); + *res_size = plaintext_size; + if (0 != crypto_secretbox_open_easy (*res, + data + crypto_secretbox_NONCEBYTES, + data_size - crypto_secretbox_NONCEBYTES, + (void *) nonce, + (void *) &skey)) { GNUNET_break (0); GNUNET_free (*res); - return; } - gcry_cipher_close (cipher); } @@ -322,16 +228,14 @@ ANASTASIS_CRYPTO_account_private_key_derive ( { /* priv_key = ver_secret */ if (GNUNET_YES != - GNUNET_CRYPTO_hkdf (&priv_key->priv, - sizeof (priv_key->priv), - GCRY_MD_SHA512, - GCRY_MD_SHA256, - id, - sizeof (struct ANASTASIS_CRYPTO_UserIdentifierP), - "ver", - strlen ("ver"), - NULL, - 0)) + GNUNET_CRYPTO_kdf (&priv_key->priv, + sizeof (priv_key->priv), + id, + sizeof (struct ANASTASIS_CRYPTO_UserIdentifierP), + "ver", + strlen ("ver"), + NULL, + 0)) { GNUNET_break (0); return; @@ -519,15 +423,13 @@ ANASTASIS_CRYPTO_policy_key_derive ( const struct ANASTASIS_CRYPTO_MasterSaltP *salt, struct ANASTASIS_CRYPTO_PolicyKeyP *policy_key) { - GNUNET_CRYPTO_hkdf (policy_key, - sizeof (*policy_key), - GCRY_MD_SHA512, - GCRY_MD_SHA256, - key_shares, - keyshare_length * sizeof (*key_shares), - salt, - sizeof (*salt), - NULL, 0); + GNUNET_CRYPTO_kdf (policy_key, + sizeof (*policy_key), + key_shares, + keyshare_length * sizeof (*key_shares), + salt, + sizeof (*salt), + NULL, 0); } |