diff options
Diffstat (limited to 'src/include/anastasis_crypto_lib.h')
-rw-r--r-- | src/include/anastasis_crypto_lib.h | 171 |
1 files changed, 120 insertions, 51 deletions
diff --git a/src/include/anastasis_crypto_lib.h b/src/include/anastasis_crypto_lib.h index 6377baf..8cbc954 100644 --- a/src/include/anastasis_crypto_lib.h +++ b/src/include/anastasis_crypto_lib.h @@ -3,14 +3,14 @@ Copyright (C) 2020, 2021 Anastasis SARL Anastasis is free software; you can redistribute it and/or modify it under the - terms of the GNU Lesser General Public License as published by the Free Software + terms of the GNU General Public License as published by the Free Software Foundation; either version 3, or (at your option) any later version. Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR - A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. + A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU Affero General Public License along with + You should have received a copy of the GNU General Public License along with Anastasis; see the file COPYING.GPL. If not, see <http://www.gnu.org/licenses/> */ /** @@ -21,7 +21,7 @@ * @author Dennis Neufeld */ #include <jansson.h> -#include <gnunet/gnunet_crypto_lib.h> +#include <gnunet/gnunet_util_lib.h> /** @@ -41,6 +41,12 @@ "Anastasis-Truth-Decryption-Key" /** + * Client to server: please store this meta data. + */ +#define ANASTASIS_HTTP_HEADER_POLICY_META_DATA "Anastasis-Policy-Meta-Data" + + +/** * Client to server: I paid using this payment secret. */ #define ANASTASIS_HTTP_HEADER_PAYMENT_IDENTIFIER "Anastasis-Payment-Identifier" @@ -133,34 +139,25 @@ struct ANASTASIS_CRYPTO_PolicyKeyP /** - * Specifies an encrypted master key, the key is used to encrypt the core secret from the user - */ -struct ANASTASIS_CRYPTO_EncryptedMasterKeyP -{ - struct GNUNET_HashCode key GNUNET_PACKED; -}; - - -/** - * Specifies a Nonce used for the AES encryption, here defined as 32Byte large. + * Nonce used for encryption, 24 bytes. */ struct ANASTASIS_CRYPTO_NonceP { - uint32_t nonce[8]; + uint8_t nonce[crypto_secretbox_NONCEBYTES]; }; /** - * Specifies an IV used for the AES encryption, here defined as 16Byte large. + * Header that is prepended to a ciphertext, consisting of nonce and MAC. */ -struct ANASTASIS_CRYPTO_IvP +struct ANASTASIS_CRYPTO_CiphertextHeaderP { - uint32_t iv[4]; + uint8_t header[crypto_secretbox_NONCEBYTES + crypto_secretbox_MACBYTES]; }; /** - * Specifies an symmetric key used for the AES encryption, here defined as 32Byte large. + * Specifies a key used for symmetric encryption, 32 bytes. */ struct ANASTASIS_CRYPTO_SymKeyP { @@ -169,15 +166,6 @@ struct ANASTASIS_CRYPTO_SymKeyP /** - * Specifies an AES Tag used for the AES authentication, here defined as 16 Byte large. - */ -struct ANASTASIS_CRYPTO_AesTagP -{ - uint32_t aes_tag[4]; -}; - - -/** * Specifies a Key Share from an escrow provider, the combined * keyshares generate the EscrowMasterKey which is used to decrypt the * Secret from the user. @@ -194,17 +182,12 @@ struct ANASTASIS_CRYPTO_KeyShareP struct ANASTASIS_CRYPTO_EncryptedKeyShareP { /** - * Nonce used for the symmetric encryption. - */ - struct ANASTASIS_CRYPTO_NonceP nonce; - - /** - * GCM tag to check authenticity. + * Ciphertext. */ - struct ANASTASIS_CRYPTO_AesTagP tag; + struct ANASTASIS_CRYPTO_CiphertextHeaderP header; /** - * The actual key share. + * The actual key share, encrypted. */ struct ANASTASIS_CRYPTO_KeyShareP keyshare; }; @@ -271,6 +254,33 @@ struct ANASTASIS_AccountSignatureP GNUNET_NETWORK_STRUCT_END +/** + * Result of encrypting the core secret. + */ +struct ANASTASIS_CoreSecretEncryptionResult +{ + /** + * Encrypted core secret. + */ + void *enc_core_secret; + + /** + * Size of the encrypted core secret. + */ + size_t enc_core_secret_size; + + /** + * Array of encrypted master keys. Each key is encrypted + * to a different policy key. + */ + void **enc_master_keys; + + /** + * Sizes of the encrypted master keys. + */ + size_t *enc_master_key_sizes; +}; + /** * Hash a numerical answer to compute the hash value to be submitted @@ -291,13 +301,13 @@ ANASTASIS_hash_answer (uint64_t code, * data. * * @param id_data JSON encoded data, which contains the raw user secret - * @param server_salt salt from the server (escrow provider) + * @param provider_salt salt from the server (escrow provider) * @param[out] id reference to the id which was created */ void ANASTASIS_CRYPTO_user_identifier_derive ( const json_t *id_data, - const struct ANASTASIS_CRYPTO_ProviderSaltP *server_salt, + const struct ANASTASIS_CRYPTO_ProviderSaltP *provider_salt, struct ANASTASIS_CRYPTO_UserIdentifierP *id); @@ -344,7 +354,7 @@ ANASTASIS_CRYPTO_secure_answer_hash ( /** - * Encrypt and signs the recovery document with AES256, the recovery + * Encrypt and signs the recovery document, the recovery * document is encrypted with a derivation from the user identifier * and the salt "erd". * @@ -365,7 +375,7 @@ ANASTASIS_CRYPTO_recovery_document_encrypt ( /** - * Decrypts the recovery document with AES256, the decryption key is generated with + * Decrypts the recovery document, the decryption key is generated with * the user identifier provided by the user and the salt "erd". The nonce and IV used for the encryption * are the first 48 bytes of the data. * @@ -386,6 +396,44 @@ ANASTASIS_CRYPTO_recovery_document_decrypt ( /** + * Encrypt recovery document meta data. + * + * @param id Hashed User input, used for the generation of the encryption key + * @param meta_data contains the recovery document meta data + * @param meta_data_size number of bytes in @a meta_data + * @param[out] enc_meta_data set to the encrypted meta data + * @param[out] enc_meta_data_size size of the result + */ +void +ANASTASIS_CRYPTO_recovery_metadata_encrypt ( + const struct ANASTASIS_CRYPTO_UserIdentifierP *id, + const void *meta_data, + size_t meta_data_size, + void **enc_meta_data, + size_t *enc_meta_data_size); + + +/** + * Decrypts the recovery meta data. + * + * @param id Hashed User input, used for the generation of the decryption key + * @param enc_meta_data encrypted meta data + * @param enc_meta_data_size number of bytes in @a enc_meta_data + * @param[out] meta_data decrypted meta data + * @param[out] meta_data_size size of the result in @a meta_data + * @return #GNUNET_OK on success, #GNUNET_NO if the authentication tag + * was wrong + */ +enum GNUNET_GenericReturnValue +ANASTASIS_CRYPTO_recovery_metadata_decrypt ( + const struct ANASTASIS_CRYPTO_UserIdentifierP *id, + const void *enc_meta_data, + size_t enc_meta_data_size, + void **meta_data, + size_t *meta_data_size); + + +/** * Encrypts a keyshare with a key generated with the user identification as entropy and the salt "eks". * * @param key_share the key share which is afterwards encrypted @@ -419,7 +467,7 @@ ANASTASIS_CRYPTO_keyshare_decrypt ( /** * Encrypts the truth data which contains the hashed answer or the - * phone number. It is encrypted with AES256, the key is generated + * phone number. It is encrypted with xsalsa20-poly1305, the key is generated * with the user identification as entropy source and the salt "ect". * * @param nonce value to use for the nonce @@ -442,7 +490,7 @@ ANASTASIS_CRYPTO_truth_encrypt ( /** * Decrypts the truth data which contains the hashed answer or the phone number.. - * It is decrypted with AES256, the key is generated with the user identification as + * It is decrypted with xsalsa20-poly1305, the key is generated with the user identification as * entropy source and the salt "ect". * * @param truth_enc_key master key used for encryption of the truth (see interface EscrowMethod) @@ -492,24 +540,30 @@ ANASTASIS_CRYPTO_policy_key_derive ( * The core secret is the user provided secret which will be saved with Anastasis. * The secret will be encrypted with the master key, the master key is a random key which will * be generated. The master key afterwards will be encrypted with the different policy keys. - * Encryption is performed with AES256 + * Encryption is performed with xsalsa20-poly1305. * * @param policy_keys an array of policy keys which are used to encrypt the master key * @param policy_keys_length defines the amount of policy keys and also the amount of encrypted master keys * @param core_secret the user provided core secret which is secured by anastasis * @param core_secret_size the size of the core secret - * @param[out] enc_core_secret the core secret is encrypted with the generated master key - * @param[out] encrypted_master_keys array of encrypted master keys which will be safed inside the policies one encrypted - * master key is created for each policy key + * @returns result of the encryption, must be freed with #ANASTASIS_CRYPTO_destroy_encrypted_core_secret */ -void +struct ANASTASIS_CoreSecretEncryptionResult * ANASTASIS_CRYPTO_core_secret_encrypt ( const struct ANASTASIS_CRYPTO_PolicyKeyP *policy_keys, unsigned int policy_keys_length, const void *core_secret, - size_t core_secret_size, - void **enc_core_secret, - struct ANASTASIS_CRYPTO_EncryptedMasterKeyP *encrypted_master_keys); + size_t core_secret_size); + + +/** + * Destroy a core secret encryption result. + * + * @param cser the result to destroy + */ +void +ANASTASIS_CRYPTO_destroy_encrypted_core_secret ( + struct ANASTASIS_CoreSecretEncryptionResult *cser); /** @@ -517,6 +571,7 @@ ANASTASIS_CRYPTO_core_secret_encrypt ( * Afterwards the core secret is encrypted with the master key. The core secret is returned. * * @param encrypted_master_key master key for decrypting the core secret, is itself encrypted by the policy key + * @param encrypted_master_key_size size of the encrypted master key * @param policy_key built policy key which will decrypt the master key * @param encrypted_core_secret the encrypted core secret from the user, will be encrypted with the policy key * @param encrypted_core_secret_size size of the encrypted core secret @@ -525,9 +580,23 @@ ANASTASIS_CRYPTO_core_secret_encrypt ( */ void ANASTASIS_CRYPTO_core_secret_recover ( - const struct ANASTASIS_CRYPTO_EncryptedMasterKeyP *encrypted_master_key, + const void *encrypted_master_key, + size_t encrypted_master_key_size, const struct ANASTASIS_CRYPTO_PolicyKeyP *policy_key, const void *encrypted_core_secret, size_t encrypted_core_secret_size, void **core_secret, size_t *core_secret_size); + + +/** + * Convert a @a uuid to a shortened, human-readable string + * useful to show to users to identify the truth. + * Note that the return value is in a global variable and + * only valid until the next invocation of this function. + * + * @param uuid UUID to convert + * @return string representation + */ +const char * +ANASTASIS_CRYPTO_uuid2s (const struct ANASTASIS_CRYPTO_TruthUUIDP *uuid); |