summaryrefslogtreecommitdiff
path: root/src/lib/anastasis_backup.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/anastasis_backup.c')
-rw-r--r--src/lib/anastasis_backup.c113
1 files changed, 70 insertions, 43 deletions
diff --git a/src/lib/anastasis_backup.c b/src/lib/anastasis_backup.c
index 6747d73..24d9643 100644
--- a/src/lib/anastasis_backup.c
+++ b/src/lib/anastasis_backup.c
@@ -3,14 +3,14 @@
Copyright (C) 2020, 2021 Anastasis SARL
Anastasis is free software; you can redistribute it and/or modify it under the
- terms of the GNU Lesser General Public License as published by the Free Software
+ terms of the GNU General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
- You should have received a copy of the GNU Affero General Public License along with
+ You should have received a copy of the GNU General Public License along with
Anastasis; see the file COPYING.GPL. If not, see <http://www.gnu.org/licenses/>
*/
/**
@@ -55,7 +55,7 @@ struct ANASTASIS_Truth
/**
* Server salt used to derive hash from security answer
*/
- struct ANASTASIS_CRYPTO_QuestionSaltP salt;
+ struct ANASTASIS_CRYPTO_QuestionSaltP question_salt;
/**
* Url of the server
@@ -97,7 +97,8 @@ ANASTASIS_truth_from_json (const json_t *json)
&instructions),
GNUNET_JSON_spec_mark_optional (
GNUNET_JSON_spec_string ("mime_type",
- &mime_type)),
+ &mime_type),
+ NULL),
GNUNET_JSON_spec_fixed_auto ("uuid",
&t->uuid),
GNUNET_JSON_spec_fixed_auto ("nonce",
@@ -106,8 +107,8 @@ ANASTASIS_truth_from_json (const json_t *json)
&t->key_share),
GNUNET_JSON_spec_fixed_auto ("truth_key",
&t->truth_key),
- GNUNET_JSON_spec_fixed_auto ("salt",
- &t->salt),
+ GNUNET_JSON_spec_fixed_auto ("question_salt",
+ &t->question_salt),
GNUNET_JSON_spec_fixed_auto ("provider_salt",
&t->provider_salt),
GNUNET_JSON_spec_end ()
@@ -141,8 +142,8 @@ ANASTASIS_truth_to_json (const struct ANASTASIS_Truth *t)
&t->key_share),
GNUNET_JSON_pack_data_auto ("truth_key",
&t->truth_key),
- GNUNET_JSON_pack_data_auto ("salt",
- &t->salt),
+ GNUNET_JSON_pack_data_auto ("question_salt",
+ &t->question_salt),
GNUNET_JSON_pack_data_auto ("nonce",
&t->nonce),
GNUNET_JSON_pack_data_auto ("provider_salt",
@@ -251,7 +252,7 @@ ANASTASIS_truth_upload3 (struct GNUNET_CURL_Context *ctx,
truth_data_size);
ANASTASIS_CRYPTO_secure_answer_hash (answer,
&t->uuid,
- &t->salt,
+ &t->question_salt,
&nt);
ANASTASIS_CRYPTO_keyshare_encrypt (&t->key_share,
&tu->id,
@@ -313,7 +314,7 @@ ANASTASIS_truth_upload2 (
struct GNUNET_TIME_Relative pay_timeout,
const struct ANASTASIS_CRYPTO_NonceP *nonce,
const struct ANASTASIS_CRYPTO_TruthUUIDP *uuid,
- const struct ANASTASIS_CRYPTO_QuestionSaltP *salt,
+ const struct ANASTASIS_CRYPTO_QuestionSaltP *question_salt,
const struct ANASTASIS_CRYPTO_TruthKeyP *truth_key,
const struct ANASTASIS_CRYPTO_KeyShareP *key_share,
ANASTASIS_TruthCallback tc,
@@ -325,13 +326,13 @@ ANASTASIS_truth_upload2 (
t->url = GNUNET_strdup (provider_url);
t->type = GNUNET_strdup (type);
t->instructions = (NULL != instructions)
- ? GNUNET_strdup (instructions)
- : NULL;
+ ? GNUNET_strdup (instructions)
+ : NULL;
t->mime_type = (NULL != mime_type)
- ? GNUNET_strdup (mime_type)
- : NULL;
+ ? GNUNET_strdup (mime_type)
+ : NULL;
t->provider_salt = *provider_salt;
- t->salt = *salt;
+ t->question_salt = *question_salt;
t->nonce = *nonce;
t->uuid = *uuid;
t->truth_key = *truth_key;
@@ -442,7 +443,7 @@ struct ANASTASIS_Policy
/**
* Salt used to encrypt the master key
*/
- struct ANASTASIS_CRYPTO_MasterSaltP salt;
+ struct ANASTASIS_CRYPTO_MasterSaltP master_salt;
/**
* Array of truths
@@ -486,8 +487,8 @@ ANASTASIS_policy_create (const struct ANASTASIS_Truth *truths[],
p = GNUNET_new (struct ANASTASIS_Policy);
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
- &p->salt,
- sizeof (p->salt));
+ &p->master_salt,
+ sizeof (p->master_salt));
{
struct ANASTASIS_CRYPTO_KeyShareP key_shares[truths_len];
@@ -495,7 +496,7 @@ ANASTASIS_policy_create (const struct ANASTASIS_Truth *truths[],
key_shares[i] = truths[i]->key_share;
ANASTASIS_CRYPTO_policy_key_derive (key_shares,
truths_len,
- &p->salt,
+ &p->master_salt,
&p->policy_key);
}
p->truths = GNUNET_new_array (truths_len,
@@ -541,7 +542,7 @@ struct PolicyStoreState
* Server salt. Points into a truth object from which we got the
* salt.
*/
- struct ANASTASIS_CRYPTO_ProviderSaltP server_salt;
+ struct ANASTASIS_CRYPTO_ProviderSaltP provider_salt;
/**
* The /policy POST operation handle.
@@ -571,7 +572,7 @@ struct PolicyStoreState
/**
* When will the policy expire at the provider.
*/
- struct GNUNET_TIME_Absolute policy_expiration;
+ struct GNUNET_TIME_Timestamp policy_expiration;
};
@@ -651,7 +652,7 @@ policy_store_cb (void *cls,
.ss = ANASTASIS_SHARE_STATUS_PROVIDER_FAILED,
.details.provider_failure.provider_url = pss->anastasis_url,
.details.provider_failure.http_status = ud->http_status,
- .details.provider_failure.ec = us,
+ .details.provider_failure.ec = ud->ec,
};
ss->src (ss->src_cls,
@@ -729,13 +730,13 @@ ANASTASIS_secret_share (struct GNUNET_CURL_Context *ctx,
size_t core_secret_size)
{
struct ANASTASIS_SecretShare *ss;
- struct ANASTASIS_CRYPTO_EncryptedMasterKeyP
- encrypted_master_keys[GNUNET_NZL (policies_len)];
- void *encrypted_core_secret;
+ struct ANASTASIS_CoreSecretEncryptionResult *cser;
json_t *dec_policies;
json_t *esc_methods;
size_t recovery_document_size;
char *recovery_document_str;
+ size_t meta_size;
+ void *meta;
if (0 == pss_length)
{
@@ -755,12 +756,10 @@ ANASTASIS_secret_share (struct GNUNET_CURL_Context *ctx,
for (unsigned int i = 0; i < policies_len; i++)
policy_keys[i] = policies[i]->policy_key;
- ANASTASIS_CRYPTO_core_secret_encrypt (policy_keys,
- policies_len,
- core_secret,
- core_secret_size,
- &encrypted_core_secret,
- encrypted_master_keys);
+ cser = ANASTASIS_CRYPTO_core_secret_encrypt (policy_keys,
+ policies_len,
+ core_secret,
+ core_secret_size);
}
dec_policies = json_array ();
GNUNET_assert (NULL != dec_policies);
@@ -780,15 +779,18 @@ ANASTASIS_secret_share (struct GNUNET_CURL_Context *ctx,
json_array_append_new (
dec_policies,
GNUNET_JSON_PACK (
- GNUNET_JSON_pack_data_auto ("master_key",
- &encrypted_master_keys[k]),
+ GNUNET_JSON_pack_data_varsize ("master_key",
+ cser->enc_master_keys[k],
+ cser->enc_master_key_sizes
+ [k]),
GNUNET_JSON_pack_array_steal ("uuids",
uuids),
- GNUNET_JSON_pack_data_auto ("salt",
- &policy->salt))));
+ GNUNET_JSON_pack_data_auto ("master_salt",
+ &policy->master_salt))));
}
esc_methods = json_array ();
+ GNUNET_assert (NULL != esc_methods);
for (unsigned int k = 0; k < policies_len; k++)
{
const struct ANASTASIS_Policy *policy = policies[k];
@@ -828,8 +830,8 @@ ANASTASIS_secret_share (struct GNUNET_CURL_Context *ctx,
pt->instructions),
GNUNET_JSON_pack_data_auto ("truth_key",
&pt->truth_key),
- GNUNET_JSON_pack_data_auto ("salt",
- &pt->salt),
+ GNUNET_JSON_pack_data_auto ("question_salt",
+ &pt->question_salt),
GNUNET_JSON_pack_data_auto ("provider_salt",
&pt->provider_salt),
GNUNET_JSON_pack_string ("escrow_type",
@@ -855,10 +857,11 @@ ANASTASIS_secret_share (struct GNUNET_CURL_Context *ctx,
GNUNET_JSON_pack_array_steal ("escrow_methods",
esc_methods),
GNUNET_JSON_pack_data_varsize ("encrypted_core_secret",
- encrypted_core_secret,
- core_secret_size));
+ cser->enc_core_secret,
+ cser->enc_core_secret_size));
GNUNET_assert (NULL != recovery_document);
- GNUNET_free (encrypted_core_secret);
+ ANASTASIS_CRYPTO_destroy_encrypted_core_secret (cser);
+ cser = NULL;
rd_str = json_dumps (recovery_document,
JSON_COMPACT | JSON_SORT_KEYS);
@@ -889,20 +892,39 @@ ANASTASIS_secret_share (struct GNUNET_CURL_Context *ctx,
recovery_document_str = (char *) cbuf;
}
+ meta_size = sizeof (struct GNUNET_HashCode);
+ if (NULL != secret_name)
+ meta_size += strlen (secret_name) + 1;
+ meta = GNUNET_malloc (meta_size);
+ GNUNET_CRYPTO_hash (recovery_document_str,
+ recovery_document_size,
+ (struct GNUNET_HashCode *) meta);
+ if (NULL != secret_name)
+ memcpy (meta + sizeof (struct GNUNET_HashCode),
+ secret_name,
+ strlen (secret_name) + 1);
+
for (unsigned int l = 0; l < ss->pss_length; l++)
{
struct PolicyStoreState *pss = &ss->pss[l];
void *recovery_data;
size_t recovery_data_size;
struct ANASTASIS_CRYPTO_AccountPrivateKeyP anastasis_priv;
+ size_t enc_meta_size = 0;
+ void *enc_meta = NULL;
pss->ss = ss;
pss->anastasis_url = GNUNET_strdup (providers[l].provider_url);
- pss->server_salt = providers[l].provider_salt;
+ pss->provider_salt = providers[l].provider_salt;
pss->payment_secret = providers[l].payment_secret;
ANASTASIS_CRYPTO_user_identifier_derive (id_data,
- &pss->server_salt,
+ &pss->provider_salt,
&pss->id);
+ ANASTASIS_CRYPTO_recovery_metadata_encrypt (&pss->id,
+ meta,
+ meta_size,
+ &enc_meta,
+ &enc_meta_size);
ANASTASIS_CRYPTO_account_private_key_derive (&pss->id,
&anastasis_priv);
ANASTASIS_CRYPTO_recovery_document_encrypt (&pss->id,
@@ -919,6 +941,8 @@ ANASTASIS_secret_share (struct GNUNET_CURL_Context *ctx,
&anastasis_priv,
recovery_data,
recovery_data_size,
+ enc_meta,
+ enc_meta_size,
payment_years_requested,
(! GNUNET_is_zero (&pss->payment_secret))
? &pss->payment_secret
@@ -927,14 +951,17 @@ ANASTASIS_secret_share (struct GNUNET_CURL_Context *ctx,
&policy_store_cb,
pss);
GNUNET_free (recovery_data);
+ GNUNET_free (enc_meta);
if (NULL == pss->pso)
{
GNUNET_break (0);
ANASTASIS_secret_share_cancel (ss);
GNUNET_free (recovery_document_str);
+ GNUNET_free (meta);
return NULL;
}
}
+ GNUNET_free (meta);
GNUNET_free (recovery_document_str);
return ss;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-26 19:00:15 +0000