diff options
Diffstat (limited to 'src/util/anastasis_crypto.c')
-rw-r--r-- | src/util/anastasis_crypto.c | 151 |
1 files changed, 100 insertions, 51 deletions
diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c index f5e6c77..579f097 100644 --- a/src/util/anastasis_crypto.c +++ b/src/util/anastasis_crypto.c @@ -3,14 +3,14 @@ Copyright (C) 2020 Anastasis SARL Anastasis is free software; you can redistribute it and/or modify it under the - terms of the GNU Lesser General Public License as published by the Free Software + terms of the GNU General Public License as published by the Free Software Foundation; either version 3, or (at your option) any later version. Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR - A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. + A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU Affero General Public License along with + You should have received a copy of the GNU General Public License along with Anastasis; see the file COPYING.GPL. If not, see <http://www.gnu.org/licenses/> */ /** @@ -41,6 +41,10 @@ ANASTASIS_hash_answer (uint64_t code, GNUNET_CRYPTO_hash (cbuf, strlen (cbuf), hashed_code); + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Hashed answer %llu to %s\n", + (unsigned long long) code, + GNUNET_h2s (hashed_code)); } @@ -91,28 +95,23 @@ derive_key (const void *key_material, const char *salt, struct ANASTASIS_CRYPTO_SymKeyP *key) { - if (GNUNET_YES != - GNUNET_CRYPTO_kdf (key, - sizeof (struct ANASTASIS_CRYPTO_SymKeyP), - /* salt / XTS */ - nonce, - sizeof (struct ANASTASIS_CRYPTO_NonceP), - /* ikm */ - key_material, - key_m_len, - /* info chunks */ - /* The "salt" passed here is actually not something random, - but a protocol-specific identifier string. Thus - we pass it as a context info to the HKDF */ - salt, - strlen (salt), - NULL, - 0)) - { - // FIXME: Huh?! Why would we continue here? - GNUNET_break (0); - return; - } + GNUNET_assert (GNUNET_YES == + GNUNET_CRYPTO_kdf (key, + sizeof (*key), + /* salt / XTS */ + nonce, + sizeof (*nonce), + /* ikm */ + key_material, + key_m_len, + /* info chunks */ + /* The "salt" passed here is actually not something random, + but a protocol-specific identifier string. Thus + we pass it as a context info to the HKDF */ + salt, + strlen (salt), + NULL, + 0)); } @@ -170,8 +169,9 @@ anastasis_encrypt (const struct ANASTASIS_CRYPTO_NonceP *nonce, * @param salt salt value which is used for key derivation * @param[out] res plaintext output * @param[out] res_size size of the plaintext + * @return #GNUNET_OK on success */ -static void +static enum GNUNET_GenericReturnValue anastasis_decrypt (const void *key, size_t key_len, const void *data, @@ -184,8 +184,11 @@ anastasis_decrypt (const void *key, struct ANASTASIS_CRYPTO_SymKeyP skey; size_t plaintext_size; - GNUNET_assert (data_size >= crypto_secretbox_NONCEBYTES - + crypto_secretbox_MACBYTES); + if (data_size < crypto_secretbox_NONCEBYTES + crypto_secretbox_MACBYTES) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } nonce = data; derive_key (key, key_len, @@ -204,14 +207,16 @@ anastasis_decrypt (const void *key, { GNUNET_break (0); GNUNET_free (*res); + return GNUNET_SYSERR; } + return GNUNET_OK; } void ANASTASIS_CRYPTO_user_identifier_derive ( const json_t *id_data, - const struct ANASTASIS_CRYPTO_ProviderSaltP *server_salt, + const struct ANASTASIS_CRYPTO_ProviderSaltP *provider_salt, struct ANASTASIS_CRYPTO_UserIdentifierP *id) { char *json_enc; @@ -220,7 +225,7 @@ ANASTASIS_CRYPTO_user_identifier_derive ( json_enc = json_dumps (id_data, JSON_COMPACT | JSON_SORT_KEYS); GNUNET_assert (NULL != json_enc); - GNUNET_CRYPTO_pow_hash (&server_salt->salt, + GNUNET_CRYPTO_pow_hash (&provider_salt->salt, json_enc, strlen (json_enc), &hash); @@ -332,9 +337,9 @@ ANASTASIS_CRYPTO_keyshare_encrypt ( sizeof (nonce)); anastasis_encrypt (&nonce, id, - sizeof (struct ANASTASIS_CRYPTO_UserIdentifierP), + sizeof (*id), key_share, - sizeof (struct ANASTASIS_CRYPTO_KeyShareP), + sizeof (*key_share), (NULL == xsalt) ? salt : xsalt, &eks, &eks_size); @@ -359,9 +364,9 @@ ANASTASIS_CRYPTO_keyshare_decrypt ( void *ks = NULL; anastasis_decrypt (id, - sizeof (struct ANASTASIS_CRYPTO_UserIdentifierP), + sizeof (*id), enc_key_share, - sizeof (struct ANASTASIS_CRYPTO_EncryptedKeyShareP), + sizeof (*enc_key_share), (NULL == xsalt) ? salt : xsalt, &ks, &ks_size); @@ -505,18 +510,6 @@ ANASTASIS_CRYPTO_core_secret_encrypt ( } -/** - * Decrypts the core secret with the master key. First the master key is decrypted with the provided policy key. - * Afterwards the core secret is encrypted with the master key. The core secret is returned. - * - * @param encrypted_master_key master key for decrypting the core secret, is itself encrypted by the policy key - * @param encrypted_master_key_size size of the encrypted master key - * @param policy_key built policy key which will decrypt the master key - * @param encrypted_core_secret the encrypted core secret from the user, will be encrypted with the policy key - * @param encrypted_core_secret_size size of the encrypted core secret - * @param[out] core_secret decrypted core secret will be returned - * @param[out] core_secret_size size of core secret - */ void ANASTASIS_CRYPTO_core_secret_recover ( const void *encrypted_master_key, @@ -561,11 +554,6 @@ ANASTASIS_CRYPTO_core_secret_recover ( } -/** - * Destroy a core secret encryption result. - * - * @param cser the result to destroy - */ void ANASTASIS_CRYPTO_destroy_encrypted_core_secret ( struct ANASTASIS_CoreSecretEncryptionResult *cser) @@ -579,4 +567,65 @@ ANASTASIS_CRYPTO_destroy_encrypted_core_secret ( } +const char * +ANASTASIS_CRYPTO_uuid2s (const struct ANASTASIS_CRYPTO_TruthUUIDP *uuid) +{ + static char uuids[7]; + char *tpk; + + tpk = GNUNET_STRINGS_data_to_string_alloc (uuid, + sizeof (*uuid)); + memcpy (uuids, + tpk, + sizeof (uuids) - 1); + GNUNET_free (tpk); + return uuids; +} + + +void +ANASTASIS_CRYPTO_recovery_metadata_encrypt ( + const struct ANASTASIS_CRYPTO_UserIdentifierP *id, + const void *meta_data, + size_t meta_data_size, + void **enc_meta_data, + size_t *enc_meta_data_size) +{ + const char *salt = "rmd"; + struct ANASTASIS_CRYPTO_NonceP nonce; + + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, + &nonce, + sizeof (nonce)); + anastasis_encrypt (&nonce, + id, + sizeof (*id), + meta_data, + meta_data_size, + salt, + enc_meta_data, + enc_meta_data_size); +} + + +enum GNUNET_GenericReturnValue +ANASTASIS_CRYPTO_recovery_metadata_decrypt ( + const struct ANASTASIS_CRYPTO_UserIdentifierP *id, + const void *enc_meta_data, + size_t enc_meta_data_size, + void **meta_data, + size_t *meta_data_size) +{ + const char *salt = "rmd"; + + return anastasis_decrypt (id, + sizeof (*id), + enc_meta_data, + enc_meta_data_size, + salt, + meta_data, + meta_data_size); +} + + /* end of anastasis_crypto.c */ |