From bfb15f6f8786c777b0c6e63a3bef9c671c8d34fa Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Wed, 6 Oct 2021 20:23:37 +0200 Subject: use anastasis_(de|en)crypt primitive everywhere --- src/lib/anastasis_backup.c | 27 +++++++++++++-------------- src/lib/anastasis_recovery.c | 42 ++++++++++++++++++++++++++++++++---------- 2 files changed, 45 insertions(+), 24 deletions(-) (limited to 'src/lib') diff --git a/src/lib/anastasis_backup.c b/src/lib/anastasis_backup.c index a1f162a..b9981f0 100644 --- a/src/lib/anastasis_backup.c +++ b/src/lib/anastasis_backup.c @@ -729,9 +729,7 @@ ANASTASIS_secret_share (struct GNUNET_CURL_Context *ctx, size_t core_secret_size) { struct ANASTASIS_SecretShare *ss; - struct ANASTASIS_CRYPTO_EncryptedMasterKeyP - encrypted_master_keys[GNUNET_NZL (policies_len)]; - void *encrypted_core_secret; + struct ANASTASIS_CoreSecretEncryptionResult *cser; json_t *dec_policies; json_t *esc_methods; size_t recovery_document_size; @@ -755,12 +753,10 @@ ANASTASIS_secret_share (struct GNUNET_CURL_Context *ctx, for (unsigned int i = 0; i < policies_len; i++) policy_keys[i] = policies[i]->policy_key; - ANASTASIS_CRYPTO_core_secret_encrypt (policy_keys, - policies_len, - core_secret, - core_secret_size, - &encrypted_core_secret, - encrypted_master_keys); + cser = ANASTASIS_CRYPTO_core_secret_encrypt (policy_keys, + policies_len, + core_secret, + core_secret_size); } dec_policies = json_array (); GNUNET_assert (NULL != dec_policies); @@ -780,8 +776,10 @@ ANASTASIS_secret_share (struct GNUNET_CURL_Context *ctx, json_array_append_new ( dec_policies, GNUNET_JSON_PACK ( - GNUNET_JSON_pack_data_auto ("master_key", - &encrypted_master_keys[k]), + GNUNET_JSON_pack_data_varsize ("master_key", + cser->enc_master_keys[k], + cser->enc_master_key_sizes + [k]), GNUNET_JSON_pack_array_steal ("uuids", uuids), GNUNET_JSON_pack_data_auto ("salt", @@ -855,10 +853,11 @@ ANASTASIS_secret_share (struct GNUNET_CURL_Context *ctx, GNUNET_JSON_pack_array_steal ("escrow_methods", esc_methods), GNUNET_JSON_pack_data_varsize ("encrypted_core_secret", - encrypted_core_secret, - core_secret_size)); + cser->enc_core_secret, + cser->enc_core_secret_size)); GNUNET_assert (NULL != recovery_document); - GNUNET_free (encrypted_core_secret); + ANASTASIS_CRYPTO_destroy_encrypted_core_secret (cser); + cser = NULL; rd_str = json_dumps (recovery_document, JSON_COMPACT | JSON_SORT_KEYS); diff --git a/src/lib/anastasis_recovery.c b/src/lib/anastasis_recovery.c index ac10418..aca9d29 100644 --- a/src/lib/anastasis_recovery.c +++ b/src/lib/anastasis_recovery.c @@ -118,9 +118,14 @@ struct DecryptionPolicy struct ANASTASIS_DecryptionPolicy pub_details; /** - * Encrypted masterkey (encrypted with the policy key). + * Encrypted master key (encrypted with the policy key). */ - struct ANASTASIS_CRYPTO_EncryptedMasterKeyP emk; + void *emk; + + /** + * Size of the encrypted master key. + */ + size_t emk_size; /** * Salt used to decrypt master key. @@ -439,7 +444,10 @@ keyshare_lookup_cb (void *cls, rdps->pub_details.challenges_length, &rdps->salt, &policy_key); - ANASTASIS_CRYPTO_core_secret_recover (&rdps->emk, + GNUNET_assert (NULL != rdps->emk); + GNUNET_assert (rdps->emk_size > 0); + ANASTASIS_CRYPTO_core_secret_recover (rdps->emk, + rdps->emk_size, &policy_key, recovery->enc_core_secret, recovery->enc_core_secret_size, @@ -822,12 +830,14 @@ policy_lookup_cb (void *cls, for (unsigned int j = 0; j < r->ri.dps_len; j++) { struct DecryptionPolicy *dp = &r->dps[j]; + json_t *uuids = NULL; json_t *uuid; size_t n_index; struct GNUNET_JSON_Specification spec[] = { - GNUNET_JSON_spec_fixed_auto ("master_key", - &dp->emk), + GNUNET_JSON_spec_varsize ("master_key", + &dp->emk, + &dp->emk_size), GNUNET_JSON_spec_fixed_auto ("salt", &dp->salt), GNUNET_JSON_spec_json ("uuids", @@ -854,6 +864,9 @@ policy_lookup_cb (void *cls, return; } + GNUNET_assert (NULL != dp->emk); + GNUNET_assert (dp->emk_size > 0); + dp->pub_details.challenges_length = json_array_size (uuids); dp->pub_details.challenges = GNUNET_new_array (dp->pub_details.challenges_length, @@ -997,9 +1010,11 @@ ANASTASIS_recovery_serialize (const struct ANASTASIS_Recovery *r) json_array_append_new (c_arr, cs)); } + GNUNET_assert (NULL != dp->emk); dps = GNUNET_JSON_PACK ( - GNUNET_JSON_pack_data_auto ("emk", - &dp->emk), + GNUNET_JSON_pack_data_varsize ("emk", + dp->emk, + dp->emk_size), GNUNET_JSON_pack_data_auto ("salt", &dp->salt), GNUNET_JSON_pack_array_steal ("challenges", @@ -1187,8 +1202,9 @@ parse_dps_array (struct ANASTASIS_Recovery *r, struct DecryptionPolicy *dp = &r->dps[n_index]; json_t *challenges; struct GNUNET_JSON_Specification spec[] = { - GNUNET_JSON_spec_fixed_auto ("emk", - &dp->emk), + GNUNET_JSON_spec_varsize ("emk", + &dp->emk, + &dp->emk_size), GNUNET_JSON_spec_fixed_auto ("salt", &dp->salt), GNUNET_JSON_spec_json ("challenges", @@ -1213,6 +1229,8 @@ parse_dps_array (struct ANASTASIS_Recovery *r, JSON_INDENT (2)); return GNUNET_SYSERR; } + GNUNET_assert (NULL != dp->emk); + GNUNET_assert (dp->emk_size > 0); if (! json_is_array (challenges)) { GNUNET_break_op (0); @@ -1263,7 +1281,8 @@ parse_dps_array (struct ANASTASIS_Recovery *r, } } } - GNUNET_JSON_parse_free (spec); + /* We don't free the spec, since we're still using dp->ems. */ + json_decref (challenges); } return GNUNET_OK; } @@ -1428,7 +1447,10 @@ ANASTASIS_recovery_abort (struct ANASTASIS_Recovery *r) } GNUNET_free (r->solved_challenges); for (unsigned int j = 0; j < r->ri.dps_len; j++) + { GNUNET_free (r->dps[j].pub_details.challenges); + GNUNET_free (r->dps[j].emk); + } GNUNET_free (r->ri.dps); for (unsigned int i = 0; i < r->ri.cs_len; i++) { -- cgit v1.2.3