From 5694afc25e4363c15756fe6c529c441750870cff Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Wed, 19 Jan 2022 13:49:39 +0100
Subject: helper routines for recdoc meta data encryption/decryption

---
 src/util/anastasis_crypto.c | 84 ++++++++++++++++++++++++++++-----------------
 1 file changed, 53 insertions(+), 31 deletions(-)

(limited to 'src/util')

diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c
index f9ae657..89750e4 100644
--- a/src/util/anastasis_crypto.c
+++ b/src/util/anastasis_crypto.c
@@ -170,8 +170,9 @@ anastasis_encrypt (const struct ANASTASIS_CRYPTO_NonceP *nonce,
  * @param salt salt value which is used for key derivation
  * @param[out] res plaintext output
  * @param[out] res_size size of the plaintext
+ * @return #GNUNET_OK on success
  */
-static void
+static enum GNUNET_GenericReturnValue
 anastasis_decrypt (const void *key,
                    size_t key_len,
                    const void *data,
@@ -204,7 +205,9 @@ anastasis_decrypt (const void *key,
   {
     GNUNET_break (0);
     GNUNET_free (*res);
+    return GNUNET_SYSERR;
   }
+  return GNUNET_OK;
 }
 
 
@@ -332,9 +335,9 @@ ANASTASIS_CRYPTO_keyshare_encrypt (
                               sizeof (nonce));
   anastasis_encrypt (&nonce,
                      id,
-                     sizeof (struct ANASTASIS_CRYPTO_UserIdentifierP),
+                     sizeof (*id),
                      key_share,
-                     sizeof (struct ANASTASIS_CRYPTO_KeyShareP),
+                     sizeof (*key_share),
                      (NULL == xsalt) ? salt : xsalt,
                      &eks,
                      &eks_size);
@@ -359,9 +362,9 @@ ANASTASIS_CRYPTO_keyshare_decrypt (
   void *ks = NULL;
 
   anastasis_decrypt (id,
-                     sizeof (struct ANASTASIS_CRYPTO_UserIdentifierP),
+                     sizeof (*id),
                      enc_key_share,
-                     sizeof (struct ANASTASIS_CRYPTO_EncryptedKeyShareP),
+                     sizeof (*enc_key_share),
                      (NULL == xsalt) ? salt : xsalt,
                      &ks,
                      &ks_size);
@@ -505,18 +508,6 @@ ANASTASIS_CRYPTO_core_secret_encrypt (
 }
 
 
-/**
- * Decrypts the core secret with the master key. First the master key is decrypted with the provided policy key.
- * Afterwards the core secret is encrypted with the master key. The core secret is returned.
- *
- * @param encrypted_master_key master key for decrypting the core secret, is itself encrypted by the policy key
- * @param encrypted_master_key_size size of the encrypted master key
- * @param policy_key built policy key which will decrypt the master key
- * @param encrypted_core_secret the encrypted core secret from the user, will be encrypted with the policy key
- * @param encrypted_core_secret_size size of the encrypted core secret
- * @param[out] core_secret decrypted core secret will be returned
- * @param[out] core_secret_size size of core secret
- */
 void
 ANASTASIS_CRYPTO_core_secret_recover (
   const void *encrypted_master_key,
@@ -561,11 +552,6 @@ ANASTASIS_CRYPTO_core_secret_recover (
 }
 
 
-/**
- * Destroy a core secret encryption result.
- *
- * @param cser the result to destroy
- */
 void
 ANASTASIS_CRYPTO_destroy_encrypted_core_secret (
   struct ANASTASIS_CoreSecretEncryptionResult *cser)
@@ -579,15 +565,6 @@ ANASTASIS_CRYPTO_destroy_encrypted_core_secret (
 }
 
 
-/**
- * Convert a @a uuid to a shortened, human-readable string
- * useful to show to users to identify the truth.
- * Note that the return value is in a global variable and
- * only valid until the next invocation of this function.
- *
- * @param uuid UUID to convert
- * @return string representation
- */
 const char *
 ANASTASIS_CRYPTO_uuid2s (const struct ANASTASIS_CRYPTO_TruthUUIDP *uuid)
 {
@@ -604,4 +581,49 @@ ANASTASIS_CRYPTO_uuid2s (const struct ANASTASIS_CRYPTO_TruthUUIDP *uuid)
 }
 
 
+void
+ANASTASIS_CRYPTO_recovery_metadata_encrypt (
+  const struct ANASTASIS_CRYPTO_UserIdentifierP *id,
+  const void *meta_data,
+  size_t meta_data_size,
+  void **enc_meta_data,
+  size_t *enc_meta_data_size)
+{
+  const char *salt = "rmd";
+  struct ANASTASIS_CRYPTO_NonceP nonce;
+
+  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
+                              &nonce,
+                              sizeof (nonce));
+  anastasis_encrypt (&nonce,
+                     id,
+                     sizeof (*id),
+                     meta_data,
+                     meta_data_size,
+                     salt,
+                     enc_meta_data,
+                     enc_meta_data_size);
+}
+
+
+enum GNUNET_GenericReturnValue
+ANASTASIS_CRYPTO_recovery_metadata_decrypt (
+  const struct ANASTASIS_CRYPTO_UserIdentifierP *id,
+  const void *enc_meta_data,
+  size_t enc_meta_data_size,
+  void **meta_data,
+  size_t *meta_data_size)
+{
+  const char *salt = "rmd";
+
+  return anastasis_decrypt (id,
+                            sizeof (*id),
+                            enc_meta_data,
+                            enc_meta_data_size,
+                            salt,
+                            meta_data,
+                            meta_data_size);
+}
+
+
 /* end of anastasis_crypto.c */
-- 
cgit v1.2.3