aboutsummaryrefslogtreecommitdiff
path: root/src/util/crypto.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/util/crypto.c')
-rw-r--r--src/util/crypto.c106
1 files changed, 87 insertions, 19 deletions
diff --git a/src/util/crypto.c b/src/util/crypto.c
index 930c43a7f..65c586d75 100644
--- a/src/util/crypto.c
+++ b/src/util/crypto.c
@@ -30,24 +30,34 @@
30 30
31#define CURVE "Ed25519" 31#define CURVE "Ed25519"
32 32
33 33/**
34 * Function called by libgcrypt on serious errors.
35 * Prints an error message and aborts the process.
36 *
37 * @param cls NULL
38 * @param wtf unknown
39 * @param msg error message
40 */
34static void 41static void
35fatal_error_handler (void *cls, int wtf, const char *msg) 42fatal_error_handler (void *cls,
43 int wtf,
44 const char *msg)
36{ 45{
37 LOG_ERROR("Fatal error in Gcrypt: %s\n", msg); 46 LOG_ERROR ("Fatal error in libgcrypt: %s\n",
47 msg);
38 abort(); 48 abort();
39} 49}
40 50
41 51
42/** 52/**
43 * Initialize Gcrypt library. 53 * Initialize libgcrypt.
44 */ 54 */
45void 55void
46TALER_gcrypt_init() 56TALER_gcrypt_init ()
47{ 57{
48 gcry_set_fatalerror_handler (&fatal_error_handler, NULL); 58 gcry_set_fatalerror_handler (&fatal_error_handler, NULL);
49 TALER_assert_as(gcry_check_version(NEED_LIBGCRYPT_VERSION), 59 TALER_assert_as (gcry_check_version (NEED_LIBGCRYPT_VERSION),
50 "libgcrypt version mismatch"); 60 "libgcrypt version mismatch");
51 /* Disable secure memory. */ 61 /* Disable secure memory. */
52 gcry_control (GCRYCTL_DISABLE_SECMEM, 0); 62 gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
53 gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); 63 gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
@@ -56,19 +66,48 @@ TALER_gcrypt_init()
56 66
57/** 67/**
58 * Derive symmetric key material for refresh operations from 68 * Derive symmetric key material for refresh operations from
59 * a given shared secret. 69 * a given shared secret for link decryption.
60 * 70 *
61 * @param secret the shared secret 71 * @param secret the shared secret
62 * @param[out] iv set to initialization vector 72 * @param[out] iv set to initialization vector
63 * @param[out] skey set to session key 73 * @param[out] skey set to session key
64 */ 74 */
65static void 75static void
66derive_refresh_key (const struct GNUNET_HashCode *secret, 76derive_refresh_key (const struct TALER_LinkSecret *secret,
67 struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, 77 struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
68 struct GNUNET_CRYPTO_SymmetricSessionKey *skey) 78 struct GNUNET_CRYPTO_SymmetricSessionKey *skey)
69{ 79{
70 static const char ctx_key[] = "taler-key-skey"; 80 static const char ctx_key[] = "taler-link-skey";
71 static const char ctx_iv[] = "taler-key-iv"; 81 static const char ctx_iv[] = "taler-link-iv";
82
83 GNUNET_assert (GNUNET_YES ==
84 GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey),
85 ctx_key, strlen (ctx_key),
86 secret, sizeof (struct TALER_LinkSecret),
87 NULL, 0));
88 GNUNET_assert (GNUNET_YES ==
89 GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector),
90 ctx_iv, strlen (ctx_iv),
91 secret, sizeof (struct TALER_LinkSecret),
92 NULL, 0));
93}
94
95
96/**
97 * Derive symmetric key material for refresh operations from
98 * a given shared secret for key decryption.
99 *
100 * @param secret the shared secret
101 * @param[out] iv set to initialization vector
102 * @param[out] skey set to session key
103 */
104static void
105derive_transfer_key (const struct GNUNET_HashCode *secret,
106 struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
107 struct GNUNET_CRYPTO_SymmetricSessionKey *skey)
108{
109 static const char ctx_key[] = "taler-transfer-skey";
110 static const char ctx_iv[] = "taler-transfer-iv";
72 111
73 GNUNET_assert (GNUNET_YES == 112 GNUNET_assert (GNUNET_YES ==
74 GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), 113 GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey),
@@ -87,23 +126,24 @@ derive_refresh_key (const struct GNUNET_HashCode *secret,
87 * Use the @a trans_sec (from ECDHE) to decrypt the @a secret_enc 126 * Use the @a trans_sec (from ECDHE) to decrypt the @a secret_enc
88 * to obtain the @a secret to decrypt the linkage data. 127 * to obtain the @a secret to decrypt the linkage data.
89 * 128 *
90 * @param secret_enc encrypted secret (FIXME: use different type!) 129 * @param secret_enc encrypted secret
91 * @param trans_sec transfer secret (FIXME: use different type?) 130 * @param trans_sec transfer secret (FIXME: use different type?)
92 * @param secret shared secret for refresh link decryption 131 * @param secret shared secret for refresh link decryption
93 * (FIXME: use different type?)
94 * @return #GNUNET_OK on success 132 * @return #GNUNET_OK on success
95 */ 133 */
96int 134int
97TALER_transfer_decrypt (const struct GNUNET_HashCode *secret_enc, 135TALER_transfer_decrypt (const struct TALER_EncryptedLinkSecret *secret_enc,
98 const struct GNUNET_HashCode *trans_sec, 136 const struct GNUNET_HashCode *trans_sec,
99 struct GNUNET_HashCode *secret) 137 struct TALER_LinkSecret *secret)
100{ 138{
101 struct GNUNET_CRYPTO_SymmetricInitializationVector iv; 139 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
102 struct GNUNET_CRYPTO_SymmetricSessionKey skey; 140 struct GNUNET_CRYPTO_SymmetricSessionKey skey;
103 141
104 derive_refresh_key (trans_sec, &iv, &skey); 142 GNUNET_assert (sizeof (struct TALER_EncryptedLinkSecret) ==
143 sizeof (struct TALER_LinkSecret));
144 derive_transfer_key (trans_sec, &iv, &skey);
105 return GNUNET_CRYPTO_symmetric_decrypt (secret_enc, 145 return GNUNET_CRYPTO_symmetric_decrypt (secret_enc,
106 sizeof (struct GNUNET_HashCode), 146 sizeof (struct TALER_LinkSecret),
107 &skey, 147 &skey,
108 &iv, 148 &iv,
109 secret); 149 secret);
@@ -111,6 +151,34 @@ TALER_transfer_decrypt (const struct GNUNET_HashCode *secret_enc,
111 151
112 152
113/** 153/**
154 * Use the @a trans_sec (from ECDHE) to encrypt the @a secret
155 * to obtain the @a secret_enc.
156 *
157 * @param secret shared secret for refresh link decryption
158 * @param trans_sec transfer secret (FIXME: use different type?)
159 * @param secret_enc[out] encrypted secret
160 * @return #GNUNET_OK on success
161 */
162int
163TALER_transfer_encrypt (const struct TALER_LinkSecret *secret,
164 const struct GNUNET_HashCode *trans_sec,
165 struct TALER_EncryptedLinkSecret *secret_enc)
166{
167 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
168 struct GNUNET_CRYPTO_SymmetricSessionKey skey;
169
170 GNUNET_assert (sizeof (struct TALER_EncryptedLinkSecret) ==
171 sizeof (struct TALER_LinkSecret));
172 derive_transfer_key (trans_sec, &iv, &skey);
173 return GNUNET_CRYPTO_symmetric_encrypt (secret,
174 sizeof (struct TALER_LinkSecret),
175 &skey,
176 &iv,
177 secret_enc);
178}
179
180
181/**
114 * Decrypt refresh link information. 182 * Decrypt refresh link information.
115 * 183 *
116 * @param input encrypted refresh link data 184 * @param input encrypted refresh link data
@@ -119,7 +187,7 @@ TALER_transfer_decrypt (const struct GNUNET_HashCode *secret_enc,
119 */ 187 */
120struct TALER_RefreshLinkDecrypted * 188struct TALER_RefreshLinkDecrypted *
121TALER_refresh_decrypt (const struct TALER_RefreshLinkEncrypted *input, 189TALER_refresh_decrypt (const struct TALER_RefreshLinkEncrypted *input,
122 const struct GNUNET_HashCode *secret) 190 const struct TALER_LinkSecret *secret)
123{ 191{
124 struct TALER_RefreshLinkDecrypted *ret; 192 struct TALER_RefreshLinkDecrypted *ret;
125 struct GNUNET_CRYPTO_SymmetricInitializationVector iv; 193 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
@@ -162,7 +230,7 @@ TALER_refresh_decrypt (const struct TALER_RefreshLinkEncrypted *input,
162 */ 230 */
163struct TALER_RefreshLinkEncrypted * 231struct TALER_RefreshLinkEncrypted *
164TALER_refresh_encrypt (const struct TALER_RefreshLinkDecrypted *input, 232TALER_refresh_encrypt (const struct TALER_RefreshLinkDecrypted *input,
165 const struct GNUNET_HashCode *secret) 233 const struct TALER_LinkSecret *secret)
166{ 234{
167 char *b_buf; 235 char *b_buf;
168 size_t b_buf_size; 236 size_t b_buf_size;