diff options
Diffstat (limited to 'src/util/crypto.c')
-rw-r--r-- | src/util/crypto.c | 106 |
1 files changed, 87 insertions, 19 deletions
diff --git a/src/util/crypto.c b/src/util/crypto.c index 930c43a7f..65c586d75 100644 --- a/src/util/crypto.c +++ b/src/util/crypto.c | |||
@@ -30,24 +30,34 @@ | |||
30 | 30 | ||
31 | #define CURVE "Ed25519" | 31 | #define CURVE "Ed25519" |
32 | 32 | ||
33 | 33 | /** | |
34 | * Function called by libgcrypt on serious errors. | ||
35 | * Prints an error message and aborts the process. | ||
36 | * | ||
37 | * @param cls NULL | ||
38 | * @param wtf unknown | ||
39 | * @param msg error message | ||
40 | */ | ||
34 | static void | 41 | static void |
35 | fatal_error_handler (void *cls, int wtf, const char *msg) | 42 | fatal_error_handler (void *cls, |
43 | int wtf, | ||
44 | const char *msg) | ||
36 | { | 45 | { |
37 | LOG_ERROR("Fatal error in Gcrypt: %s\n", msg); | 46 | LOG_ERROR ("Fatal error in libgcrypt: %s\n", |
47 | msg); | ||
38 | abort(); | 48 | abort(); |
39 | } | 49 | } |
40 | 50 | ||
41 | 51 | ||
42 | /** | 52 | /** |
43 | * Initialize Gcrypt library. | 53 | * Initialize libgcrypt. |
44 | */ | 54 | */ |
45 | void | 55 | void |
46 | TALER_gcrypt_init() | 56 | TALER_gcrypt_init () |
47 | { | 57 | { |
48 | gcry_set_fatalerror_handler (&fatal_error_handler, NULL); | 58 | gcry_set_fatalerror_handler (&fatal_error_handler, NULL); |
49 | TALER_assert_as(gcry_check_version(NEED_LIBGCRYPT_VERSION), | 59 | TALER_assert_as (gcry_check_version (NEED_LIBGCRYPT_VERSION), |
50 | "libgcrypt version mismatch"); | 60 | "libgcrypt version mismatch"); |
51 | /* Disable secure memory. */ | 61 | /* Disable secure memory. */ |
52 | gcry_control (GCRYCTL_DISABLE_SECMEM, 0); | 62 | gcry_control (GCRYCTL_DISABLE_SECMEM, 0); |
53 | gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); | 63 | gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); |
@@ -56,19 +66,48 @@ TALER_gcrypt_init() | |||
56 | 66 | ||
57 | /** | 67 | /** |
58 | * Derive symmetric key material for refresh operations from | 68 | * Derive symmetric key material for refresh operations from |
59 | * a given shared secret. | 69 | * a given shared secret for link decryption. |
60 | * | 70 | * |
61 | * @param secret the shared secret | 71 | * @param secret the shared secret |
62 | * @param[out] iv set to initialization vector | 72 | * @param[out] iv set to initialization vector |
63 | * @param[out] skey set to session key | 73 | * @param[out] skey set to session key |
64 | */ | 74 | */ |
65 | static void | 75 | static void |
66 | derive_refresh_key (const struct GNUNET_HashCode *secret, | 76 | derive_refresh_key (const struct TALER_LinkSecret *secret, |
67 | struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | 77 | struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, |
68 | struct GNUNET_CRYPTO_SymmetricSessionKey *skey) | 78 | struct GNUNET_CRYPTO_SymmetricSessionKey *skey) |
69 | { | 79 | { |
70 | static const char ctx_key[] = "taler-key-skey"; | 80 | static const char ctx_key[] = "taler-link-skey"; |
71 | static const char ctx_iv[] = "taler-key-iv"; | 81 | static const char ctx_iv[] = "taler-link-iv"; |
82 | |||
83 | GNUNET_assert (GNUNET_YES == | ||
84 | GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), | ||
85 | ctx_key, strlen (ctx_key), | ||
86 | secret, sizeof (struct TALER_LinkSecret), | ||
87 | NULL, 0)); | ||
88 | GNUNET_assert (GNUNET_YES == | ||
89 | GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector), | ||
90 | ctx_iv, strlen (ctx_iv), | ||
91 | secret, sizeof (struct TALER_LinkSecret), | ||
92 | NULL, 0)); | ||
93 | } | ||
94 | |||
95 | |||
96 | /** | ||
97 | * Derive symmetric key material for refresh operations from | ||
98 | * a given shared secret for key decryption. | ||
99 | * | ||
100 | * @param secret the shared secret | ||
101 | * @param[out] iv set to initialization vector | ||
102 | * @param[out] skey set to session key | ||
103 | */ | ||
104 | static void | ||
105 | derive_transfer_key (const struct GNUNET_HashCode *secret, | ||
106 | struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | ||
107 | struct GNUNET_CRYPTO_SymmetricSessionKey *skey) | ||
108 | { | ||
109 | static const char ctx_key[] = "taler-transfer-skey"; | ||
110 | static const char ctx_iv[] = "taler-transfer-iv"; | ||
72 | 111 | ||
73 | GNUNET_assert (GNUNET_YES == | 112 | GNUNET_assert (GNUNET_YES == |
74 | GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), | 113 | GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), |
@@ -87,23 +126,24 @@ derive_refresh_key (const struct GNUNET_HashCode *secret, | |||
87 | * Use the @a trans_sec (from ECDHE) to decrypt the @a secret_enc | 126 | * Use the @a trans_sec (from ECDHE) to decrypt the @a secret_enc |
88 | * to obtain the @a secret to decrypt the linkage data. | 127 | * to obtain the @a secret to decrypt the linkage data. |
89 | * | 128 | * |
90 | * @param secret_enc encrypted secret (FIXME: use different type!) | 129 | * @param secret_enc encrypted secret |
91 | * @param trans_sec transfer secret (FIXME: use different type?) | 130 | * @param trans_sec transfer secret (FIXME: use different type?) |
92 | * @param secret shared secret for refresh link decryption | 131 | * @param secret shared secret for refresh link decryption |
93 | * (FIXME: use different type?) | ||
94 | * @return #GNUNET_OK on success | 132 | * @return #GNUNET_OK on success |
95 | */ | 133 | */ |
96 | int | 134 | int |
97 | TALER_transfer_decrypt (const struct GNUNET_HashCode *secret_enc, | 135 | TALER_transfer_decrypt (const struct TALER_EncryptedLinkSecret *secret_enc, |
98 | const struct GNUNET_HashCode *trans_sec, | 136 | const struct GNUNET_HashCode *trans_sec, |
99 | struct GNUNET_HashCode *secret) | 137 | struct TALER_LinkSecret *secret) |
100 | { | 138 | { |
101 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | 139 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; |
102 | struct GNUNET_CRYPTO_SymmetricSessionKey skey; | 140 | struct GNUNET_CRYPTO_SymmetricSessionKey skey; |
103 | 141 | ||
104 | derive_refresh_key (trans_sec, &iv, &skey); | 142 | GNUNET_assert (sizeof (struct TALER_EncryptedLinkSecret) == |
143 | sizeof (struct TALER_LinkSecret)); | ||
144 | derive_transfer_key (trans_sec, &iv, &skey); | ||
105 | return GNUNET_CRYPTO_symmetric_decrypt (secret_enc, | 145 | return GNUNET_CRYPTO_symmetric_decrypt (secret_enc, |
106 | sizeof (struct GNUNET_HashCode), | 146 | sizeof (struct TALER_LinkSecret), |
107 | &skey, | 147 | &skey, |
108 | &iv, | 148 | &iv, |
109 | secret); | 149 | secret); |
@@ -111,6 +151,34 @@ TALER_transfer_decrypt (const struct GNUNET_HashCode *secret_enc, | |||
111 | 151 | ||
112 | 152 | ||
113 | /** | 153 | /** |
154 | * Use the @a trans_sec (from ECDHE) to encrypt the @a secret | ||
155 | * to obtain the @a secret_enc. | ||
156 | * | ||
157 | * @param secret shared secret for refresh link decryption | ||
158 | * @param trans_sec transfer secret (FIXME: use different type?) | ||
159 | * @param secret_enc[out] encrypted secret | ||
160 | * @return #GNUNET_OK on success | ||
161 | */ | ||
162 | int | ||
163 | TALER_transfer_encrypt (const struct TALER_LinkSecret *secret, | ||
164 | const struct GNUNET_HashCode *trans_sec, | ||
165 | struct TALER_EncryptedLinkSecret *secret_enc) | ||
166 | { | ||
167 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | ||
168 | struct GNUNET_CRYPTO_SymmetricSessionKey skey; | ||
169 | |||
170 | GNUNET_assert (sizeof (struct TALER_EncryptedLinkSecret) == | ||
171 | sizeof (struct TALER_LinkSecret)); | ||
172 | derive_transfer_key (trans_sec, &iv, &skey); | ||
173 | return GNUNET_CRYPTO_symmetric_encrypt (secret, | ||
174 | sizeof (struct TALER_LinkSecret), | ||
175 | &skey, | ||
176 | &iv, | ||
177 | secret_enc); | ||
178 | } | ||
179 | |||
180 | |||
181 | /** | ||
114 | * Decrypt refresh link information. | 182 | * Decrypt refresh link information. |
115 | * | 183 | * |
116 | * @param input encrypted refresh link data | 184 | * @param input encrypted refresh link data |
@@ -119,7 +187,7 @@ TALER_transfer_decrypt (const struct GNUNET_HashCode *secret_enc, | |||
119 | */ | 187 | */ |
120 | struct TALER_RefreshLinkDecrypted * | 188 | struct TALER_RefreshLinkDecrypted * |
121 | TALER_refresh_decrypt (const struct TALER_RefreshLinkEncrypted *input, | 189 | TALER_refresh_decrypt (const struct TALER_RefreshLinkEncrypted *input, |
122 | const struct GNUNET_HashCode *secret) | 190 | const struct TALER_LinkSecret *secret) |
123 | { | 191 | { |
124 | struct TALER_RefreshLinkDecrypted *ret; | 192 | struct TALER_RefreshLinkDecrypted *ret; |
125 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | 193 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; |
@@ -162,7 +230,7 @@ TALER_refresh_decrypt (const struct TALER_RefreshLinkEncrypted *input, | |||
162 | */ | 230 | */ |
163 | struct TALER_RefreshLinkEncrypted * | 231 | struct TALER_RefreshLinkEncrypted * |
164 | TALER_refresh_encrypt (const struct TALER_RefreshLinkDecrypted *input, | 232 | TALER_refresh_encrypt (const struct TALER_RefreshLinkDecrypted *input, |
165 | const struct GNUNET_HashCode *secret) | 233 | const struct TALER_LinkSecret *secret) |
166 | { | 234 | { |
167 | char *b_buf; | 235 | char *b_buf; |
168 | size_t b_buf_size; | 236 | size_t b_buf_size; |