diff options
Diffstat (limited to 'src/util/crypto.c')
-rw-r--r-- | src/util/crypto.c | 118 |
1 files changed, 118 insertions, 0 deletions
diff --git a/src/util/crypto.c b/src/util/crypto.c new file mode 100644 index 000000000..7ff741159 --- /dev/null +++ b/src/util/crypto.c | |||
@@ -0,0 +1,118 @@ | |||
1 | /* | ||
2 | This file is part of TALER | ||
3 | (C) 2014 Christian Grothoff (and other contributing authors) | ||
4 | |||
5 | TALER is free software; you can redistribute it and/or modify it under the | ||
6 | terms of the GNU General Public License as published by the Free Software | ||
7 | Foundation; either version 3, or (at your option) any later version. | ||
8 | |||
9 | TALER is distributed in the hope that it will be useful, but WITHOUT ANY | ||
10 | WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR | ||
11 | A PARTICULAR PURPOSE. See the GNU General Public License for more details. | ||
12 | |||
13 | You should have received a copy of the GNU General Public License along with | ||
14 | TALER; see the file COPYING. If not, If not, see <http://www.gnu.org/licenses/> | ||
15 | */ | ||
16 | |||
17 | /** | ||
18 | * @file crypto.c | ||
19 | * @brief Cryptographic utility functions | ||
20 | * @author Sree Harsha Totakura <sreeharsha@totakura.in> | ||
21 | * @author Florian Dold | ||
22 | * @author Benedikt Mueller | ||
23 | */ | ||
24 | |||
25 | #include "platform.h" | ||
26 | #include "taler_util.h" | ||
27 | #include <gnunet/gnunet_common.h> | ||
28 | #include <gnunet/gnunet_util_lib.h> | ||
29 | #include <gcrypt.h> | ||
30 | |||
31 | #define CURVE "Ed25519" | ||
32 | |||
33 | |||
34 | static void | ||
35 | fatal_error_handler (void *cls, int wtf, const char *msg) | ||
36 | { | ||
37 | LOG_ERROR("Fatal error in Gcrypt: %s\n", msg); | ||
38 | abort(); | ||
39 | } | ||
40 | |||
41 | |||
42 | /** | ||
43 | * Initialize Gcrypt library. | ||
44 | */ | ||
45 | void | ||
46 | TALER_gcrypt_init() | ||
47 | { | ||
48 | gcry_set_fatalerror_handler (&fatal_error_handler, NULL); | ||
49 | TALER_assert_as(gcry_check_version(NEED_LIBGCRYPT_VERSION), | ||
50 | "libgcrypt version mismatch"); | ||
51 | /* Disable secure memory. */ | ||
52 | gcry_control (GCRYCTL_DISABLE_SECMEM, 0); | ||
53 | gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); | ||
54 | } | ||
55 | |||
56 | |||
57 | /** | ||
58 | * Derive symmetric key material for refresh operations from | ||
59 | * a given shared secret. | ||
60 | * | ||
61 | * @param secret the shared secret | ||
62 | * @param[out] iv set to initialization vector | ||
63 | * @param[out] skey set to session key | ||
64 | */ | ||
65 | static void | ||
66 | derive_refresh_key (const struct GNUNET_HashCode *secret, | ||
67 | struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | ||
68 | struct GNUNET_CRYPTO_SymmetricSessionKey *skey) | ||
69 | { | ||
70 | static const char ctx_key[] = "taler-key-skey"; | ||
71 | static const char ctx_iv[] = "taler-key-iv"; | ||
72 | |||
73 | GNUNET_assert (GNUNET_YES == | ||
74 | GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), | ||
75 | ctx_key, strlen (ctx_key), | ||
76 | secret, sizeof (struct GNUNET_HashCode), | ||
77 | NULL, 0)); | ||
78 | GNUNET_assert (GNUNET_YES == | ||
79 | GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector), | ||
80 | ctx_iv, strlen (ctx_iv), | ||
81 | secret, sizeof (struct GNUNET_HashCode), | ||
82 | NULL, 0)); | ||
83 | } | ||
84 | |||
85 | |||
86 | int | ||
87 | TALER_refresh_decrypt (const void *input, | ||
88 | size_t input_size, | ||
89 | const struct GNUNET_HashCode *secret, | ||
90 | void *result) | ||
91 | { | ||
92 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | ||
93 | struct GNUNET_CRYPTO_SymmetricSessionKey skey; | ||
94 | |||
95 | derive_refresh_key (secret, &iv, &skey); | ||
96 | |||
97 | return GNUNET_CRYPTO_symmetric_decrypt (input, input_size, &skey, &iv, result); | ||
98 | } | ||
99 | |||
100 | |||
101 | int | ||
102 | TALER_refresh_encrypt (const void *input, | ||
103 | size_t input_size, | ||
104 | const struct GNUNET_HashCode *secret, | ||
105 | void *result) | ||
106 | { | ||
107 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | ||
108 | struct GNUNET_CRYPTO_SymmetricSessionKey skey; | ||
109 | |||
110 | derive_refresh_key (secret, &iv, &skey); | ||
111 | |||
112 | return GNUNET_CRYPTO_symmetric_encrypt (input, input_size, &skey, &iv, result); | ||
113 | } | ||
114 | |||
115 | |||
116 | |||
117 | |||
118 | /* end of crypto.c */ | ||