[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r29706 - in gnunet/src: core include util
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] r29706 - in gnunet/src: core include util |
|
Date: |
Mon, 30 Sep 2013 13:22:48 +0200 |
Author: grothoff
Date: 2013-09-30 13:22:48 +0200 (Mon, 30 Sep 2013)
New Revision: 29706
Added:
gnunet/src/util/perf_crypto_aes.c
Removed:
gnunet/src/util/test_crypto_aes_weak.c
Modified:
gnunet/src/core/gnunet-service-core_kx.c
gnunet/src/include/gnunet_crypto_lib.h
gnunet/src/util/Makefile.am
gnunet/src/util/crypto_aes.c
gnunet/src/util/crypto_hash.c
gnunet/src/util/crypto_hkdf.c
gnunet/src/util/crypto_kdf.c
gnunet/src/util/test_crypto_aes.c
gnunet/src/util/test_crypto_hash.c
Log:
-encrypt using both AES and TWOFISH, with independent symmetric keys
Modified: gnunet/src/core/gnunet-service-core_kx.c
===================================================================
--- gnunet/src/core/gnunet-service-core_kx.c 2013-09-30 11:02:19 UTC (rev
29705)
+++ gnunet/src/core/gnunet-service-core_kx.c 2013-09-30 11:22:48 UTC (rev
29706)
@@ -429,9 +429,11 @@
{
static const char ctx[] = "authentication key";
- GNUNET_CRYPTO_hmac_derive_key (akey, skey, &seed, sizeof (seed), &skey->key,
- sizeof (skey->key), ctx,
- sizeof (ctx), NULL);
+ GNUNET_CRYPTO_hmac_derive_key (akey, skey,
+ &seed, sizeof (seed),
+ skey, sizeof (struct
GNUNET_CRYPTO_AesSessionKey),
+ ctx, sizeof (ctx),
+ NULL);
}
Modified: gnunet/src/include/gnunet_crypto_lib.h
===================================================================
--- gnunet/src/include/gnunet_crypto_lib.h 2013-09-30 11:02:19 UTC (rev
29705)
+++ gnunet/src/include/gnunet_crypto_lib.h 2013-09-30 11:22:48 UTC (rev
29706)
@@ -212,22 +212,30 @@
struct GNUNET_CRYPTO_AesSessionKey
{
/**
- * Actual key.
+ * Actual key for AES.
*/
- unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH];
+ unsigned char aes_key[GNUNET_CRYPTO_AES_KEY_LENGTH];
+ /**
+ * Actual key for TwoFish.
+ */
+ unsigned char twofish_key[GNUNET_CRYPTO_AES_KEY_LENGTH];
+
};
+
GNUNET_NETWORK_STRUCT_END
/**
* @brief IV for sym cipher
*
* NOTE: must be smaller (!) in size than the
- * struct GNUNET_HashCode.
+ * `struct GNUNET_HashCode`.
*/
struct GNUNET_CRYPTO_AesInitializationVector
{
- unsigned char iv[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
+ unsigned char aes_iv[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
+
+ unsigned char twofish_iv[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
};
Modified: gnunet/src/util/Makefile.am
===================================================================
--- gnunet/src/util/Makefile.am 2013-09-30 11:02:19 UTC (rev 29705)
+++ gnunet/src/util/Makefile.am 2013-09-30 11:22:48 UTC (rev 29706)
@@ -189,6 +189,7 @@
if HAVE_BENCHMARKS
BENCHMARKS = \
perf_crypto_hash \
+ perf_crypto_aes \
perf_malloc
endif
@@ -206,7 +207,6 @@
test_container_heap \
test_container_slist \
test_crypto_aes \
- test_crypto_aes_weak \
test_crypto_crc \
test_crypto_ecc \
test_crypto_hash \
@@ -325,12 +325,6 @@
test_crypto_aes_LDADD = \
$(top_builddir)/src/util/libgnunetutil.la
-test_crypto_aes_weak_SOURCES = \
- test_crypto_aes_weak.c
-test_crypto_aes_weak_LDADD = \
- $(top_builddir)/src/util/libgnunetutil.la \
- $(LIBGCRYPT_LIBS)
-
test_crypto_crc_SOURCES = \
test_crypto_crc.c
test_crypto_crc_LDADD = \
@@ -500,6 +494,11 @@
perf_crypto_hash_LDADD = \
$(top_builddir)/src/util/libgnunetutil.la
+perf_crypto_aes_SOURCES = \
+ perf_crypto_aes.c
+perf_crypto_aes_LDADD = \
+ $(top_builddir)/src/util/libgnunetutil.la
+
perf_malloc_SOURCES = \
perf_malloc.c
perf_malloc_LDADD = \
Modified: gnunet/src/util/crypto_aes.c
===================================================================
--- gnunet/src/util/crypto_aes.c 2013-09-30 11:02:19 UTC (rev 29705)
+++ gnunet/src/util/crypto_aes.c 2013-09-30 11:22:48 UTC (rev 29706)
@@ -1,6 +1,6 @@
/*
This file is part of GNUnet.
- (C) 2001, 2002, 2003, 2004, 2005, 2006 Christian Grothoff (and other
contributing authors)
+ (C) 2001, 2002, 2003, 2004, 2005, 2006, 2013 Christian Grothoff (and
other contributing authors)
GNUnet is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published
@@ -20,7 +20,7 @@
/**
* @file util/crypto_aes.c
- * @brief Symmetric encryption services.
+ * @brief Symmetric encryption services; combined cipher AES+TWOFISH (256-bit
each)
* @author Christian Grothoff
* @author Ioana Patrascu
*/
@@ -33,15 +33,19 @@
#define LOG(kind,...) GNUNET_log_from (kind, "util", __VA_ARGS__)
/**
- * Create a new SessionKey (for AES-256).
+ * Create a new SessionKey (for symmetric encryption).
*
* @param key session key to initialize
*/
void
GNUNET_CRYPTO_aes_create_session_key (struct GNUNET_CRYPTO_AesSessionKey *key)
{
- gcry_randomize (&key->key[0], GNUNET_CRYPTO_AES_KEY_LENGTH,
+ gcry_randomize (key->aes_key,
+ GNUNET_CRYPTO_AES_KEY_LENGTH,
GCRY_STRONG_RANDOM);
+ gcry_randomize (key->twofish_key,
+ GNUNET_CRYPTO_AES_KEY_LENGTH,
+ GCRY_STRONG_RANDOM);
}
@@ -54,33 +58,63 @@
* @return #GNUNET_OK on success, #GNUNET_SYSERR on error
*/
static int
-setup_cipher (gcry_cipher_hd_t *handle,
- const struct GNUNET_CRYPTO_AesSessionKey *
- sessionkey,
- const struct GNUNET_CRYPTO_AesInitializationVector *
- iv)
+setup_cipher_aes (gcry_cipher_hd_t *handle,
+ const struct GNUNET_CRYPTO_AesSessionKey *sessionkey,
+ const struct GNUNET_CRYPTO_AesInitializationVector *iv)
{
int rc;
GNUNET_assert (0 ==
gcry_cipher_open (handle, GCRY_CIPHER_AES256,
GCRY_CIPHER_MODE_CFB, 0));
- rc = gcry_cipher_setkey (*handle, sessionkey, GNUNET_CRYPTO_AES_KEY_LENGTH);
+ rc = gcry_cipher_setkey (*handle,
+ sessionkey->aes_key,
+ sizeof (sessionkey->aes_key));
GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
- rc = gcry_cipher_setiv (*handle, iv,
- sizeof (struct
- GNUNET_CRYPTO_AesInitializationVector));
+ rc = gcry_cipher_setiv (*handle,
+ iv->aes_iv,
+ sizeof (iv->aes_iv));
GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
return GNUNET_OK;
}
/**
+ * Initialize TWOFISH cipher.
+ *
+ * @param handle handle to initialize
+ * @param sessionkey session key to use
+ * @param iv initialization vector to use
+ * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
+ */
+static int
+setup_cipher_twofish (gcry_cipher_hd_t *handle,
+ const struct GNUNET_CRYPTO_AesSessionKey *sessionkey,
+ const struct GNUNET_CRYPTO_AesInitializationVector *iv)
+{
+ int rc;
+
+ GNUNET_assert (0 ==
+ gcry_cipher_open (handle, GCRY_CIPHER_TWOFISH,
+ GCRY_CIPHER_MODE_CFB, 0));
+ rc = gcry_cipher_setkey (*handle,
+ sessionkey->twofish_key,
+ sizeof (sessionkey->twofish_key));
+ GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
+ rc = gcry_cipher_setiv (*handle,
+ iv->twofish_iv,
+ sizeof (iv->twofish_iv));
+ GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
+ return GNUNET_OK;
+}
+
+
+/**
* Encrypt a block with the public key of another
* host that uses the same cyper.
*
* @param block the block to encrypt
- * @param len the size of the block
+ * @param len the size of the @a block
* @param sessionkey the key used to encrypt
* @param iv the initialization vector to use, use INITVALUE
* for streams.
@@ -95,11 +129,17 @@
iv, void *result)
{
gcry_cipher_hd_t handle;
+ char tmp[len];
- if (GNUNET_OK != setup_cipher (&handle, sessionkey, iv))
+ if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
return -1;
- GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, len, block, len));
+ GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, len, block, len));
gcry_cipher_close (handle);
+ if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
+ return -1;
+ GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, len, tmp, len));
+ gcry_cipher_close (handle);
+ memset (tmp, 0, sizeof (tmp));
return len;
}
@@ -108,7 +148,7 @@
* Decrypt a given block with the sessionkey.
*
* @param block the data to decrypt, encoded as returned by encrypt
- * @param size the size of the block to decrypt
+ * @param size the size of the @a block to decrypt
* @param sessionkey the key used to decrypt
* @param iv the initialization vector to use, use INITVALUE
* for streams.
@@ -117,17 +157,22 @@
*/
ssize_t
GNUNET_CRYPTO_aes_decrypt (const void *block, size_t size,
- const struct GNUNET_CRYPTO_AesSessionKey *
- sessionkey,
- const struct GNUNET_CRYPTO_AesInitializationVector *
- iv, void *result)
+ const struct GNUNET_CRYPTO_AesSessionKey
*sessionkey,
+ const struct GNUNET_CRYPTO_AesInitializationVector
*iv,
+ void *result)
{
gcry_cipher_hd_t handle;
+ char tmp[size];
- if (GNUNET_OK != setup_cipher (&handle, sessionkey, iv))
+ if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
return -1;
- GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, block, size));
+ GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, block, size));
gcry_cipher_close (handle);
+ if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
+ return -1;
+ GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, tmp, size));
+ gcry_cipher_close (handle);
+ memset (tmp, 0, sizeof (tmp));
return size;
}
@@ -138,7 +183,7 @@
* @param iv initialization vector
* @param skey session key
* @param salt salt for the derivation
- * @param salt_len size of the salt
+ * @param salt_len size of the @a salt
* @param ... pairs of void * & size_t for context chunks, terminated by NULL
*/
void
@@ -168,8 +213,21 @@
const struct GNUNET_CRYPTO_AesSessionKey *skey,
const void *salt, size_t salt_len, va_list argp)
{
- GNUNET_CRYPTO_kdf_v (iv->iv, sizeof (iv->iv), salt, salt_len, skey->key,
- sizeof (skey->key), argp);
+ char aes_salt[salt_len + 4];
+ char twofish_salt[salt_len + 4];
+
+ memcpy (aes_salt, salt, salt_len);
+ memcpy (&aes_salt[salt_len], "AES!", 4);
+ memcpy (twofish_salt, salt, salt_len);
+ memcpy (&twofish_salt[salt_len], "FISH", 4);
+ GNUNET_CRYPTO_kdf_v (iv->aes_iv, sizeof (iv->aes_iv),
+ aes_salt, salt_len + 4,
+ skey->aes_key, sizeof (skey->aes_key),
+ argp);
+ GNUNET_CRYPTO_kdf_v (iv->twofish_iv, sizeof (iv->twofish_iv),
+ twofish_salt, salt_len + 4,
+ skey->twofish_key, sizeof (skey->twofish_key),
+ argp);
}
/* end of crypto_aes.c */
Modified: gnunet/src/util/crypto_hash.c
===================================================================
--- gnunet/src/util/crypto_hash.c 2013-09-30 11:02:19 UTC (rev 29705)
+++ gnunet/src/util/crypto_hash.c 2013-09-30 11:22:48 UTC (rev 29706)
@@ -252,7 +252,7 @@
* safely cast to char*, a '\\0' termination is set).
*/
void
-GNUNET_CRYPTO_hash_to_enc (const struct GNUNET_HashCode * block,
+GNUNET_CRYPTO_hash_to_enc (const struct GNUNET_HashCode *block,
struct GNUNET_CRYPTO_HashAsciiEncoded *result)
{
char *np;
@@ -270,13 +270,14 @@
* Convert ASCII encoding back to hash code.
*
* @param enc the encoding
- * @param enclen number of characters in 'enc' (without 0-terminator, which
can be missing)
+ * @param enclen number of characters in @a enc (without 0-terminator, which
can be missing)
* @param result where to store the hash code
- * @return GNUNET_OK on success, GNUNET_SYSERR if result has the wrong encoding
+ * @return #GNUNET_OK on success, #GNUNET_SYSERR if result has the wrong
encoding
*/
int
-GNUNET_CRYPTO_hash_from_string2 (const char *enc, size_t enclen,
- struct GNUNET_HashCode * result)
+GNUNET_CRYPTO_hash_from_string2 (const char *enc,
+ size_t enclen,
+ struct GNUNET_HashCode *result)
{
char upper_enc[enclen];
char* up_ptr = upper_enc;
@@ -303,8 +304,8 @@
* hashcode proximity.
*/
unsigned int
-GNUNET_CRYPTO_hash_distance_u32 (const struct GNUNET_HashCode * a,
- const struct GNUNET_HashCode * b)
+GNUNET_CRYPTO_hash_distance_u32 (const struct GNUNET_HashCode *a,
+ const struct GNUNET_HashCode *b)
{
unsigned int x1 = (a->bits[1] - b->bits[1]) >> 16;
unsigned int x2 = (b->bits[1] - a->bits[1]) >> 16;
@@ -338,9 +339,9 @@
* @param result set to b - a
*/
void
-GNUNET_CRYPTO_hash_difference (const struct GNUNET_HashCode * a,
- const struct GNUNET_HashCode * b,
- struct GNUNET_HashCode * result)
+GNUNET_CRYPTO_hash_difference (const struct GNUNET_HashCode *a,
+ const struct GNUNET_HashCode *b,
+ struct GNUNET_HashCode *result)
{
int i;
@@ -393,16 +394,20 @@
* @param iv set to a valid initialization vector
*/
void
-GNUNET_CRYPTO_hash_to_aes_key (const struct GNUNET_HashCode * hc,
+GNUNET_CRYPTO_hash_to_aes_key (const struct GNUNET_HashCode *hc,
struct GNUNET_CRYPTO_AesSessionKey *skey,
struct GNUNET_CRYPTO_AesInitializationVector
*iv)
{
- GNUNET_assert (sizeof (struct GNUNET_HashCode) >=
- GNUNET_CRYPTO_AES_KEY_LENGTH +
- sizeof (struct GNUNET_CRYPTO_AesInitializationVector));
- memcpy (skey, hc, GNUNET_CRYPTO_AES_KEY_LENGTH);
- memcpy (iv, &((char *) hc)[GNUNET_CRYPTO_AES_KEY_LENGTH],
- sizeof (struct GNUNET_CRYPTO_AesInitializationVector));
+ GNUNET_assert (GNUNET_YES ==
+ GNUNET_CRYPTO_kdf (skey, sizeof (struct
GNUNET_CRYPTO_AesSessionKey),
+ "Hash key derivation", strlen ("Hash key
derivation"),
+ hc, sizeof (struct GNUNET_HashCode),
+ NULL, 0));
+ GNUNET_assert (GNUNET_YES ==
+ GNUNET_CRYPTO_kdf (iv, sizeof (struct
GNUNET_CRYPTO_AesInitializationVector),
+ "Initialization vector derivation", strlen
("Initialization vector derivation"),
+ hc, sizeof (struct GNUNET_HashCode),
+ NULL, 0));
}
@@ -422,7 +427,7 @@
/**
* Determine how many low order bits match in two
- * struct GNUNET_HashCodes. i.e. - 010011 and 011111 share
+ * `struct GNUNET_HashCode`s. i.e. - 010011 and 011111 share
* the first two lowest order bits, and therefore the
* return value is two (NOT XOR distance, nor how many
* bits match absolutely!).
@@ -455,7 +460,8 @@
* @return 1 if h1 > h2, -1 if h1 < h2 and 0 if h1 == h2.
*/
int
-GNUNET_CRYPTO_hash_cmp (const struct GNUNET_HashCode * h1, const struct
GNUNET_HashCode * h2)
+GNUNET_CRYPTO_hash_cmp (const struct GNUNET_HashCode *h1,
+ const struct GNUNET_HashCode *h2)
{
unsigned int *i1;
unsigned int *i2;
@@ -475,7 +481,7 @@
/**
- * Find out which of the two GNUNET_CRYPTO_hash codes is closer to target
+ * Find out which of the two `struct GNUNET_HashCode`s is closer to target
* in the XOR metric (Kademlia).
*
* @param h1 some hash code
@@ -484,9 +490,9 @@
* @return -1 if h1 is closer, 1 if h2 is closer and 0 if h1==h2.
*/
int
-GNUNET_CRYPTO_hash_xorcmp (const struct GNUNET_HashCode * h1,
- const struct GNUNET_HashCode * h2,
- const struct GNUNET_HashCode * target)
+GNUNET_CRYPTO_hash_xorcmp (const struct GNUNET_HashCode *h1,
+ const struct GNUNET_HashCode *h2,
+ const struct GNUNET_HashCode *target)
{
int i;
unsigned int d1;
@@ -510,7 +516,7 @@
* @param key authentication key
* @param rkey root key
* @param salt salt
- * @param salt_len size of the salt
+ * @param salt_len size of the @a salt
* @param ... pair of void * & size_t for context chunks, terminated by NULL
*/
void
@@ -531,7 +537,7 @@
* @param key authentication key
* @param rkey root key
* @param salt salt
- * @param salt_len size of the salt
+ * @param salt_len size of the @a salt
* @param argp pair of void * & size_t for context chunks, terminated by NULL
*/
void
@@ -540,8 +546,10 @@
const void *salt, size_t salt_len,
va_list argp)
{
- GNUNET_CRYPTO_kdf_v (key->key, sizeof (key->key), salt, salt_len, rkey->key,
- sizeof (rkey->key), argp);
+ GNUNET_CRYPTO_kdf_v (key->key, sizeof (key->key),
+ salt, salt_len,
+ rkey, sizeof (struct GNUNET_CRYPTO_AesSessionKey),
+ argp);
}
@@ -550,7 +558,7 @@
*
* @param key secret key
* @param plaintext input plaintext
- * @param plaintext_len length of plaintext
+ * @param plaintext_len length of @a plaintext
* @param hmac where to store the hmac
*/
void
Modified: gnunet/src/util/crypto_hkdf.c
===================================================================
--- gnunet/src/util/crypto_hkdf.c 2013-09-30 11:02:19 UTC (rev 29705)
+++ gnunet/src/util/crypto_hkdf.c 2013-09-30 11:22:48 UTC (rev 29706)
@@ -275,10 +275,10 @@
* @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_...
* @param prf_algo hash algorithm for the expansion phase, GCRY_MD_...
* @param xts salt
- * @param xts_len length of xts
+ * @param xts_len length of @a xts
* @param skm source key material
- * @param skm_len length of skm
- * @return GNUNET_YES on success
+ * @param skm_len length of @a skm
+ * @return #GNUNET_YES on success
*/
int
GNUNET_CRYPTO_hkdf (void *result, size_t out_len, int xtr_algo, int prf_algo,
Modified: gnunet/src/util/crypto_kdf.c
===================================================================
--- gnunet/src/util/crypto_kdf.c 2013-09-30 11:02:19 UTC (rev 29705)
+++ gnunet/src/util/crypto_kdf.c 2013-09-30 11:22:48 UTC (rev 29706)
@@ -36,11 +36,11 @@
* @param result buffer for the derived key, allocated by caller
* @param out_len desired length of the derived key
* @param xts salt
- * @param xts_len length of xts
+ * @param xts_len length of @a xts
* @param skm source key material
- * @param skm_len length of skm
+ * @param skm_len length of @a skm
* @param argp va_list of void * & size_t pairs for context chunks
- * @return GNUNET_YES on success
+ * @return #GNUNET_YES on success
*/
int
GNUNET_CRYPTO_kdf_v (void *result, size_t out_len, const void *xts,
@@ -68,11 +68,11 @@
* @param result buffer for the derived key, allocated by caller
* @param out_len desired length of the derived key
* @param xts salt
- * @param xts_len length of xts
+ * @param xts_len length of @a xts
* @param skm source key material
- * @param skm_len length of skm
+ * @param skm_len length of @a skm
* @param ... void * & size_t pairs for context chunks
- * @return GNUNET_YES on success
+ * @return #GNUNET_YES on success
*/
int
GNUNET_CRYPTO_kdf (void *result, size_t out_len, const void *xts,
Added: gnunet/src/util/perf_crypto_aes.c
===================================================================
--- gnunet/src/util/perf_crypto_aes.c (rev 0)
+++ gnunet/src/util/perf_crypto_aes.c 2013-09-30 11:22:48 UTC (rev 29706)
@@ -0,0 +1,76 @@
+/*
+ This file is part of GNUnet.
+ (C) 2002, 2003, 2004, 2006 Christian Grothoff (and other contributing
authors)
+
+ GNUnet is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published
+ by the Free Software Foundation; either version 3, or (at your
+ option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with GNUnet; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ Boston, MA 02111-1307, USA.
+*/
+
+/**
+ * @author Christian Grothoff
+ * @file util/perf_crypto_aes.c
+ * @brief measure performance of encryption function
+ */
+#include "platform.h"
+#include "gnunet_common.h"
+#include "gnunet_util_lib.h"
+#include <gauger.h>
+
+
+static void
+perfEncrypt ()
+{
+ unsigned int i;
+ char buf[64 * 1024];
+ char rbuf[64 * 1024];
+ struct GNUNET_CRYPTO_AesSessionKey sk;
+ struct GNUNET_CRYPTO_AesInitializationVector iv;
+
+ GNUNET_CRYPTO_aes_create_session_key (&sk);
+
+ memset (buf, 1, sizeof (buf));
+ for (i = 0; i < 1024; i++)
+ {
+ memset (&iv, (int8_t) i, sizeof (iv));
+ GNUNET_CRYPTO_aes_encrypt (buf, sizeof (buf),
+ &sk, &iv,
+ rbuf);
+ GNUNET_CRYPTO_aes_decrypt (rbuf, sizeof (buf),
+ &sk, &iv,
+ buf);
+ }
+ memset (rbuf, 1, sizeof (rbuf));
+ GNUNET_assert (0 == memcmp (rbuf, buf, sizeof (buf)));
+}
+
+
+int
+main (int argc, char *argv[])
+{
+ struct GNUNET_TIME_Absolute start;
+
+ start = GNUNET_TIME_absolute_get ();
+ perfEncrypt ();
+ printf ("Encrypt perf took %s\n",
+ GNUNET_STRINGS_relative_time_to_string
(GNUNET_TIME_absolute_get_duration (start),
+ GNUNET_YES));
+ GAUGER ("UTIL", "Symmetric encryption",
+ 64 * 1024 / (1 +
+ GNUNET_TIME_absolute_get_duration
+ (start).rel_value_us / 1000LL), "kb/ms");
+ return 0;
+}
+
+/* end of perf_crypto_aes.c */
Modified: gnunet/src/util/test_crypto_aes.c
===================================================================
--- gnunet/src/util/test_crypto_aes.c 2013-09-30 11:02:19 UTC (rev 29705)
+++ gnunet/src/util/test_crypto_aes.c 2013-09-30 11:22:48 UTC (rev 29706)
@@ -28,7 +28,7 @@
#include "gnunet_crypto_lib.h"
#define TESTSTRING "Hello World!"
-#define INITVALUE "InitializationVectorValue"
+#define INITVALUE "InitializationVectorValueinitializationvectorvalue"
static int
testSymcipher ()
@@ -68,7 +68,8 @@
return 0;
}
-int
+
+static int
verifyCrypto ()
{
struct GNUNET_CRYPTO_AesSessionKey key;
@@ -77,25 +78,34 @@
int ret;
unsigned char plain[] =
- { 29, 128, 192, 253, 74, 171, 38, 187, 84, 219, 76, 76, 209, 118, 33,
249,
+ {
+ 29, 128, 192, 253, 74, 171, 38, 187, 84, 219, 76, 76, 209, 118, 33, 249,
172, 124, 96, 9, 157, 110, 8, 215, 200, 63, 69, 230, 157, 104, 247, 164
};
- unsigned char raw_key[] =
- { 106, 74, 209, 88, 145, 55, 189, 135, 125, 180, 225, 108, 183, 54, 25,
+ unsigned char raw_key_aes[] =
+ {
+ 106, 74, 209, 88, 145, 55, 189, 135, 125, 180, 225, 108, 183, 54, 25,
169, 129, 188, 131, 75, 227, 245, 105, 10, 225, 15, 115, 159, 148, 184,
34, 191
};
+ unsigned char raw_key_twofish[] =
+ {
+ 145, 55, 189, 135, 125, 180, 225, 108, 183, 54, 25,
+ 169, 129, 188, 131, 75, 227, 245, 105, 10, 225, 15, 115, 159, 148, 184,
+ 34, 191, 106, 74, 209, 88
+ };
unsigned char encrresult[] =
- { 167, 102, 230, 233, 127, 195, 176, 107, 17, 91, 199, 127, 96, 113, 75,
- 195, 245, 217, 61, 236, 159, 165, 103, 121, 203, 99, 202, 41, 23, 222, 25,
- 102
+ {
+ 161, 152, 186, 231, 214, 55, 225, 206, 85, 43, 80, 134, 145, 198, 20,
+ 233, 236, 57, 194, 10, 147, 149, 30, 106, 179, 54, 182, 247, 71, 204,
+ 179, 51, 1
};
res = NULL;
ret = 0;
- memcpy (key.key, raw_key, GNUNET_CRYPTO_AES_KEY_LENGTH);
-
+ memcpy (key.aes_key, raw_key_aes, GNUNET_CRYPTO_AES_KEY_LENGTH);
+ memcpy (key.twofish_key, raw_key_twofish, GNUNET_CRYPTO_AES_KEY_LENGTH);
if (GNUNET_CRYPTO_AES_KEY_LENGTH !=
GNUNET_CRYPTO_aes_encrypt (plain, GNUNET_CRYPTO_AES_KEY_LENGTH, &key,
(const struct
@@ -107,15 +117,17 @@
goto error;
}
- if (memcmp (encrresult, result, GNUNET_CRYPTO_AES_KEY_LENGTH) != 0)
+ if (0 != memcmp (encrresult, result, GNUNET_CRYPTO_AES_KEY_LENGTH))
{
+ int i;
printf ("Encrypted result wrong.\n");
+ for (i=0;i<GNUNET_CRYPTO_AES_KEY_LENGTH;i++)
+ printf ("%u, ", (uint8_t) result[i]);
ret = 1;
goto error;
}
res = GNUNET_malloc (GNUNET_CRYPTO_AES_KEY_LENGTH);
-
if (GNUNET_CRYPTO_AES_KEY_LENGTH !=
GNUNET_CRYPTO_aes_decrypt (result, GNUNET_CRYPTO_AES_KEY_LENGTH, &key,
(const struct
@@ -126,21 +138,17 @@
ret = 1;
goto error;
}
-
- if (memcmp (res, plain, GNUNET_CRYPTO_AES_KEY_LENGTH) != 0)
+ if (0 != memcmp (res, plain, GNUNET_CRYPTO_AES_KEY_LENGTH))
{
printf ("Decrypted result does not match input.\n");
-
ret = 1;
}
-
error:
-
GNUNET_free_non_null (res);
-
return ret;
}
+
int
main (int argc, char *argv[])
{
Deleted: gnunet/src/util/test_crypto_aes_weak.c
===================================================================
--- gnunet/src/util/test_crypto_aes_weak.c 2013-09-30 11:02:19 UTC (rev
29705)
+++ gnunet/src/util/test_crypto_aes_weak.c 2013-09-30 11:22:48 UTC (rev
29706)
@@ -1,198 +0,0 @@
-/*
- This file is part of GNUnet.
- (C) 2003, 2004, 2005, 2006 Christian Grothoff (and other contributing
authors)
-
- GNUnet is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published
- by the Free Software Foundation; either version 3, or (at your
- option) any later version.
-
- GNUnet is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with GNUnet; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- Boston, MA 02111-1307, USA.
-
-*/
-
-/**
- * @author Krista Bennett
- * @author Christian Grothoff
- * @file util/test_crypto_aes_weak.c
- * @brief AES weak key test.
- */
-#include "platform.h"
-#include "gnunet_common.h"
-#include "gnunet_crypto_lib.h"
-#include <gcrypt.h>
-
-#define MAX_WEAK_KEY_TRIALS 100000
-#define GENERATE_WEAK_KEYS GNUNET_NO
-#define WEAK_KEY_TESTSTRING "I hate weak keys."
-
-static void
-printWeakKey (struct GNUNET_CRYPTO_AesSessionKey *key)
-{
- int i;
-
- for (i = 0; i < GNUNET_CRYPTO_AES_KEY_LENGTH; i++)
- {
- printf ("%x ", (int) (key->key[i]));
- }
-}
-
-static int
-testWeakKey ()
-{
- char result[100];
- char res[100];
- int size;
- struct GNUNET_CRYPTO_AesSessionKey weak_key;
- struct GNUNET_CRYPTO_AesInitializationVector INITVALUE;
-
- memset (&INITVALUE, 42,
- sizeof (struct GNUNET_CRYPTO_AesInitializationVector));
- /* sorry, this is not a weak key -- I don't have
- * any at the moment! */
- weak_key.key[0] = (char) (0x4c);
- weak_key.key[1] = (char) (0x31);
- weak_key.key[2] = (char) (0xc6);
- weak_key.key[3] = (char) (0x2b);
- weak_key.key[4] = (char) (0xc1);
- weak_key.key[5] = (char) (0x5f);
- weak_key.key[6] = (char) (0x4d);
- weak_key.key[7] = (char) (0x1f);
- weak_key.key[8] = (char) (0x31);
- weak_key.key[9] = (char) (0xaa);
- weak_key.key[10] = (char) (0x12);
- weak_key.key[11] = (char) (0x2e);
- weak_key.key[12] = (char) (0xb7);
- weak_key.key[13] = (char) (0x82);
- weak_key.key[14] = (char) (0xc0);
- weak_key.key[15] = (char) (0xb6);
- weak_key.key[16] = (char) (0x4d);
- weak_key.key[17] = (char) (0x1f);
- weak_key.key[18] = (char) (0x31);
- weak_key.key[19] = (char) (0xaa);
- weak_key.key[20] = (char) (0x4c);
- weak_key.key[21] = (char) (0x31);
- weak_key.key[22] = (char) (0xc6);
- weak_key.key[23] = (char) (0x2b);
- weak_key.key[24] = (char) (0xc1);
- weak_key.key[25] = (char) (0x5f);
- weak_key.key[26] = (char) (0x4d);
- weak_key.key[27] = (char) (0x1f);
- weak_key.key[28] = (char) (0x31);
- weak_key.key[29] = (char) (0xaa);
- weak_key.key[30] = (char) (0xaa);
- weak_key.key[31] = (char) (0xaa);
- /* memset(&weak_key, 0, 32); */
- size =
- GNUNET_CRYPTO_aes_encrypt (WEAK_KEY_TESTSTRING,
- strlen (WEAK_KEY_TESTSTRING) + 1, &weak_key,
- &INITVALUE, result);
-
- if (size == -1)
- {
- GNUNET_break (0);
- return 1;
- }
-
- size = GNUNET_CRYPTO_aes_decrypt (result, size, &weak_key, &INITVALUE, res);
-
- if ((strlen (WEAK_KEY_TESTSTRING) + 1) != size)
- {
- GNUNET_break (0);
- return 1;
- }
- if (0 != strcmp (res, WEAK_KEY_TESTSTRING))
- {
- GNUNET_break (0);
- return 1;
- }
- else
- return 0;
-}
-
-static int
-getWeakKeys ()
-{
- struct GNUNET_CRYPTO_AesSessionKey sessionkey;
- int number_of_weak_keys = 0;
- int number_of_runs;
-
- gcry_cipher_hd_t handle;
- int rc;
-
- for (number_of_runs = 0; number_of_runs < MAX_WEAK_KEY_TRIALS;
- number_of_runs++)
- {
-
- if (number_of_runs % 1000 == 0)
- FPRINTF (stderr, "%s", ".");
- /*printf("Got to run number %d.\n", number_of_runs); */
- GNUNET_CRYPTO_aes_create_session_key (&sessionkey);
-
- rc = gcry_cipher_open (&handle, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CFB,
- 0);
-
- if (rc)
- {
- printf ("testweakkey: gcry_cipher_open failed on trial %d. %s\n",
- number_of_runs, gcry_strerror (rc));
- continue;
- }
-
- rc = gcry_cipher_setkey (handle, &sessionkey,
GNUNET_CRYPTO_AES_KEY_LENGTH);
-
- if ((char) rc == GPG_ERR_WEAK_KEY)
- {
- printf ("\nWeak key (in hex): ");
- printWeakKey (&sessionkey);
- printf ("\n");
- number_of_weak_keys++;
- }
- else if (rc)
- {
- printf ("\nUnexpected error generating keys. Error is %s\n",
- gcry_strerror (rc));
- }
-
- gcry_cipher_close (handle);
-
- }
-
- return number_of_weak_keys;
-}
-
-int
-main (int argc, char *argv[])
-{
- int weak_keys;
-
- GNUNET_log_setup ("test-crypto-aes-weak", "WARNING", NULL);
- if (GENERATE_WEAK_KEYS)
- {
- weak_keys = getWeakKeys ();
-
- if (weak_keys == 0)
- {
- printf ("\nNo weak keys found in %d runs.\n", MAX_WEAK_KEY_TRIALS);
- }
- else
- {
- printf ("\n%d weak keys found in %d runs.\n", weak_keys,
- MAX_WEAK_KEY_TRIALS);
- }
- }
-
- if (testWeakKey () != 0)
- return -1;
- return 0;
-}
-
-/* end of weakkeytest.c */
Modified: gnunet/src/util/test_crypto_hash.c
===================================================================
--- gnunet/src/util/test_crypto_hash.c 2013-09-30 11:02:19 UTC (rev 29705)
+++ gnunet/src/util/test_crypto_hash.c 2013-09-30 11:22:48 UTC (rev 29706)
@@ -65,8 +65,6 @@
static int
testArithmetic ()
{
- static struct GNUNET_CRYPTO_AesSessionKey zskey;
- static struct GNUNET_CRYPTO_AesInitializationVector ziv;
struct GNUNET_HashCode h1;
struct GNUNET_HashCode h2;
struct GNUNET_HashCode d;
@@ -100,9 +98,6 @@
return 1;
memset (&d, 0, sizeof (d));
GNUNET_CRYPTO_hash_to_aes_key (&d, &skey, &iv);
- if ((0 != memcmp (&skey, &zskey, sizeof (skey) - sizeof (unsigned int))) ||
- (0 != memcmp (&iv, &ziv, sizeof (iv))))
- return 1;
return 0;
}
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r29706 - in gnunet/src: core include util,
gnunet <=