[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: adjusted header
From: |
gnunet |
Subject: |
[taler-anastasis] branch master updated: adjusted header |
Date: |
Mon, 23 Mar 2020 18:18:09 +0100 |
This is an automated email from the git hooks/post-receive script.
ds-meister pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new 76e93c0 adjusted header
76e93c0 is described below
commit 76e93c0cef477a426a26f380c76dd2b2c208c689
Author: Dominik Meister <address@hidden>
AuthorDate: Mon Mar 23 18:17:57 2020 +0100
adjusted header
---
src/include/anastasis_crypto_lib.h | 261 +++++++++++++++++++------------------
1 file changed, 133 insertions(+), 128 deletions(-)
diff --git a/src/include/anastasis_crypto_lib.h
b/src/include/anastasis_crypto_lib.h
index f9b2281..47db1e4 100644
--- a/src/include/anastasis_crypto_lib.h
+++ b/src/include/anastasis_crypto_lib.h
@@ -1,25 +1,23 @@
/*
- This file is part of TALER
- Copyright (C) 2014-2017 Inria & GNUnet e.V.
+ This file is part of Anastasis
+ Copyright (C) 2019 Taler Systems SA
- TALER is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
+ Anastasis is free software; you can redistribute it and/or modify it under
the
+ terms of the GNU Lesser General Public License as published by the Free
Software
Foundation; either version 3, or (at your option) any later version.
- TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
- TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ Anastasis; see the file COPYING.GPL. If not, see
<http://www.gnu.org/licenses/>
*/
-#include "anastasis_service.h"
-
/**
* An EdDSA public key that is used to identify a user's account.
*/
-struct ANASTASIS_CRYPTO_AccountSignature
+struct ANASTASIS_CRYPTO_AccountPublicKey
{
struct GNUNET_CRYPTO_EddsaPublicKey pub;
};
@@ -43,17 +41,24 @@ struct ANASTASIS_CRYPTO_TruthKey
* Specifies a Salt value, here 32 Byte large.
*/
struct ANASTASIS_CRYPTO_Salt
+{
+ uint32_t salt[8];
+};
+/**
+ * Specifies a policy key which is used to decrypt the master key
+*/
+struct ANASTASIS_CRYPTO_PolicyKey
{
uint32_t key[8];
};
+
/**
- * Specifies an encrypted Master Key, the master key is the user provided
secret.
+ * Specifies an encrypted master key, the key is used to encrypt the core
secret from the user
*/
struct ANASTASIS_CRYPTO_EncryptedMasterKey
{
- void *encrypted_master_key;
- size_t encrypted_master_key_size;
+ uint32_t key[8];
};
/**
@@ -101,50 +106,39 @@ struct ANASTASIS_CRYPTO_UserIdentifier
* Creates the UserIdentifier, it is used as entropy source for the encryption
keys and
* for the public and private key for signing the data.
* @param id_data JSON encoded data, which contains the raw user secret and a
server salt
- */
-struct ANASTASIS_CRYPTO_UserIdentifier *
-ANASTASIS_CRYPTO_user_identifier_create (const json_t *id_data);
-
-/**
- * Destroys a user identifier
- * @param id handle for the identifier
+ * @param id reference to the id which was created
*/
void
-ANASTASIS_CRYPTO_user_identifier_destroy (
+ANASTASIS_CRYPTO_user_identifier_derive (
+ const json_t *id_data,
struct ANASTASIS_CRYPTO_UserIdentifier *id);
/**
* Generates the eddsa public Key used as the account identifier on the
providers
* @param id holds a hashed user secret which is used as entropy source for
the public key generation
- * @return pub the generated eddsa public Key
- */
-struct ANASTASIS_CRYPTO_AccountSignature *
-ANASTASIS_CRYPTO_account_signature_create (
- const struct ANASTASIS_CRYPTO_UserIdentifier *id);
-
-/**
- * Destroys an account signature
- * @param as handle for the signature
+ * @param pub_key handle for the generated public key
*/
void
-ANASTASIS_CRYPTO_account_signature_destroy (
- struct ANASTASIS_CRYPTO_AccountSignature *as);
+ANASTASIS_CRYPTO_account_public_key_derive (
+ struct ANASTASIS_CRYPTO_AccountPublicKey *pub_key,
+ const struct ANASTASIS_CRYPTO_UserIdentifier *id);
/**
* Encrypt and signs the recovery document with AES256, the recovery document
is
* encrypted with a derivation from the user identifier and the salt "erd".
*
- * @param rd Reference to the recovery document which should be encrypted
* @param id Hashed User input, used for the generation of the encryption key
+ * @param data contains the recovery document as raw data
+ * @param data_size defines the size of the recovery document inside data
* @param res return from the result, which contains the encrypted recovery
document
* and the nonce and iv used for the encryption as Additional Data
* @param res_size size of the result
- * @return int Status code FIXME
*/
-int
+void
ANASTASIS_CRYPTO_recovery_document_encrypt (
- const struct ANASTASIS_RecoveryDocument *rd,
const struct ANASTASIS_CRYPTO_UserIdentifier *id,
+ const void *data,
+ size_t data_size,
void **res,
size_t *res_size);
@@ -156,83 +150,18 @@ ANASTASIS_CRYPTO_recovery_document_encrypt (
* @param id Hashed User input, used for the generation of the encryption key
* @param data, contains the encrypted recovery document and the nonce and iv
used for the encryption.
* @param data_size size of the data
- * @return Decrypted Recovery Document, or NULL on error
+ * @param res return from the result, which contains the encrypted recovery
document
+ * and the nonce and iv used for the encryption as Additional Data
+ * @param res_size size of the result
*/
-struct ANASTASIS_RecoveryDocument *
+void
ANASTASIS_CRYPTO_recovery_document_decrypt (
const struct ANASTASIS_CRYPTO_UserIdentifier *id,
const void *data,
- size_t data_size);
-
-/**
- * Destroys a recovery document
- * @param rd handle for the recovery document
- */
-void
-ANASTASIS_CRYPTO_recovery_document_destroy (
- struct ANASTASIS_RecoveryDocument *rd);
-
-
-/**
- * Generates the escrow master key, the escrow masterkey consists of multiple
- * keyshares. It is used to encrypt the masterkey(secret) from the user.
- * FIXME How is it generated
- *
- * @param key_shares array of multiple keyshares which are combined
- * @param keyshare_length specifies the amount of keyshares
- */
-struct ANASTASIS_CRYPTO_EscrowMasterKey *
-ANASTASIS_CRYPTO_escrow_master_key_create (
- const struct ANASTASIS_CRYPTO_KeyShare *key_shares,
- unsigned int keyshare_length);
-
-/**
- * Destroys a escrow master key
- * @param emk handle for the escrow master key
- */
-void
-ANASTASIS_CRYPTO_escrow_master_key_destroy (
- struct ANASTASIS_CRYPTO_EscrowMasterKey *emk);
-
-/**
- * Encrypts the master key of the user with the escrow master key with
AES256-GCM.
- *
- * @param escrow_master_key the escrow master key which is built with several
key shares is used for the encryption
- * @param data holds the user provided key to encrypt and safe
- * @param data_size the size of the key
- * @return EncryptedMasterKey with the key and IV, Nonce and the AES Tag as
additional data or NULL on failure
- */
-struct ANASTASIS_CRYPTO_EncryptedMasterKey *
-ANASTASIS_CRYPTO_master_key_encrypt (
- const struct ANASTASIS_CRYPTO_EscrowMasterKey *escrow_master_key,
- const void *data,
- size_t data_size);
-
-/**
- * Decrypts the master key of the user with the escrow master key with
AES256-GCM and the provided
- * IV, Nonce. Verifies it afterwards with the AES Tag.
- *
- * @param escrow_master_key the escrow master key which is built with several
key shares is used for the encryption
- * @param encrypted_master_key contains the encrypted key with the IV and
Nonce used to encrypt the key
- * @param res holds the decrypted master key
- * @param res_size the size of the master key
- * @return Status code FIXME
- */
-int
-ANASTASIS_CRYPTO_master_key_decrypt (
- const struct ANASTASIS_CRYPTO_EscrowMasterKey *escrow_master_key,
- const struct ANASTASIS_CRYPTO_EncryptedMasterKey *encrypted_master_key,
+ size_t data_size,
void **res,
size_t *res_size);
-/**
- * Destroys an encrypted master key
- * @param emk handle for the encrypted master key
- */
-void
-ANASTASIS_CRYPTO_master_key_destroy (
- struct ANASTASIS_CRYPTO_EncryptedMasterKey *emk);
-
/**
* Encrypts a keyshare with a key generated with the user identification as
entropy and the salt "eks".
*
@@ -240,9 +169,8 @@ ANASTASIS_CRYPTO_master_key_destroy (
* @param id the user identification which is the entropy source for the key
generation
* @param res holds the encrypted share, the first 48 Bytes are the used nonce
and iv
* @param res_size defines the size of the data
- * @return Status Code FIXME
*/
-int
+void
ANASTASIS_CRYPTO_key_share_encrypt (
const struct ANASTASIS_CRYPTO_KeyShare *key_share,
const struct ANASTASIS_CRYPTO_UserIdentifier *id,
@@ -252,48 +180,125 @@ ANASTASIS_CRYPTO_key_share_encrypt (
/**
* Decrypts a keyshare with a key generated with the user identification as
entropy and the salt "eks".
*
+ * @param key_share handle for the key share which will be decrypted
* @param id the user identification which is the entropy source for the key
generation
* @param data holds the encrypted share, the first 48 Bytes are the used
nonce and iv
* @param data_size defines the size of the data
- * @return keyshare or NULL on error
*/
-struct ANASTASIS_CRYPTO_KeyShare *
+void
ANASTASIS_CRYPTO_key_share_decrypt (
+ struct ANASTASIS_CRYPTO_KeyShare *key_share,
const struct ANASTASIS_CRYPTO_UserIdentifier *id,
const void *data,
size_t data_size);
-/**
- * Destroys a key share
- * @param ks handle for the key share
- */
-void
-ANASTASIS_CRYPTO_key_share_destroy (
- struct ANASTASIS_CRYPTO_KeyShare *ks);
-
/**
* Encrypts the truth data which contains the hashed answer or the phone
number..
* It is encrypted with AES256, the key is generated with the user
identification as
* entropy source and the salt "ect".
*
- * @param t Reference to the truth which should be encrypted
* @param id Hashed User input, used for the generation of the encryption key
+ * @param data truth which will be encrypted
+ * @param data_size size of the truth
* @param res return from the result, which contains the encrypted truth
* and the nonce and iv used for the encryption as Additional Data
* @param res_size size of the result
- * @return int Status code FIXME
*/
-int
+void
ANASTASIS_CRYPTO_truth_encrypt (
- const struct ANASTASIS_Truth *t,
const struct ANASTASIS_CRYPTO_UserIdentifier *id,
+ const void *data,
+ size_t data_size,
void **res,
size_t *res_size);
-/*
-struct ANASTASIS_CRYPTO_TruthKey *
-ANASTASIS_CRYPTO_truth_key_create (
- const struct ANASTASIS_CRYPTO_Iv *iv,
- const struct ANASTASIS_CRYPTO_Nonce *nonce,
- const struct ANASTASIS_CRYPTO_UserIdentifier *id);
-*/
+/**
+ * Decrypts the truth data which contains the hashed answer or the phone
number..
+ * It is decrypted with AES256, the key is generated with the user
identification as
+ * entropy source and the salt "ect".
+ *
+ * @param id Hashed User input, used for the generation of the decryption key
+ * @param data truth holds the encrypted truth which will be decrypted
+ * @param data_size size of the data
+ * @param res return from the result, which contains the truth
+ * @param res_size size of the result
+ */
+void
+ANASTASIS_CRYPTO_truth_decrypt (
+ const struct ANASTASIS_CRYPTO_UserIdentifier *id,
+ const void *data,
+ size_t data_size,
+ void **res,
+ size_t *res_size);
+
+
+/**
+ * A key share is randomly generated, one key share is generated for every
+ * truth a policy contains.
+ *
+ * @param key_share reference to the created key share.
+ */
+void
+ANASTASIS_CRYPTO_key_share_create (
+ struct ANASTASIS_CRYPTO_KeyShare *key_share);
+
+
+/**
+ * Once per policy a policy key is derived. The policy key consists of
+ * multiple key shares which are combined and hashed.
+ *
+ * @param key_shares list of key shares which are combined
+ * @param keyshare_length amount of key shares inside the array
+ * @param policy_key reference to the created key
+ */
+void
+ANASTASIS_CRYPTO_policy_key_derive (
+ const struct ANASTASIS_CRYPTO_KeyShare *key_shares,
+ unsigned int keyshare_length,
+ struct ANASTASIS_CRYPTO_PolicyKey *policy_key);
+
+
+/**
+ * The core secret is the user provided secret which will be saved with
Anastasis.
+ * The secret will be encrypted with the master key, the master key is a
random key which will
+ * be generated. The master key afterwards will be encrypted with the
different policy keys.
+ * Encryption is performed with AES256
+ *
+ * @param policy_keys an array of policy keys which are used to encrypt the
master key
+ * @param policy_keys_length defines the amount of policy keys and also the
amount of encrypted master keys
+ * @param core_secret the user provided core secret which is secured by
anastasis
+ * @param core_secret_size the size of the core secret
+ * @param enc_core_secret the core secret is encrypted with the generated
master key
+ * @param enc_core_secret_size size of the encrypted secret
+ * @param encrypted_master_keys array of encrypted master keys which will be
safed inside the policies one encrypted
+ * master key is created for each policy key
+ */
+void
+ANASTASIS_CRYPTO_core_secret_encrypt (
+ const struct ANASTASIS_CRYPTO_PolicyKey *policy_keys,
+ unsigned int policy_keys_length,
+ const void *core_secret,
+ size_t core_secret_size,
+ void **enc_core_secret,
+ size_t *enc_core_secret_size,
+ struct ANASTASIS_CRYPTO_EncryptedMasterKey *encrypted_master_keys);
+
+/**
+ * Decrypts the core secret with the master key. First the master key is
decrypted with the provided policy key.
+ * Afterwards the core secret is encrypted with the master key. The core
secret is returned.
+ *
+ * @param encrypted_master_key master key for decrypting the core secret, is
itself encrypted by the policy key
+ * @param policy_key built policy key which will decrypt the master key
+ * @param encrypted_core_secret the encrypted core secret from the user, will
be encrypted with the policy key
+ * @param encrypted_core_secret_size size of the encrypted core secret
+ * @param core_secret decrypted core secret will be returned
+ * @param core_secret_size size of the returned core secret
+ */
+void
+ANASTASIS_CRYPTO_core_secret_recover (
+ const struct ANASTASIS_CRYPTO_EncryptedMasterKey *encrypted_master_key,
+ const struct ANASTASIS_CRYPTO_PolicyKey *policy_key,
+ const void *encrypted_core_secret,
+ size_t encrypted_core_secret_size,
+ void **core_secret,
+ size_t *core_secret_size);
\ No newline at end of file
--
To stop receiving notification emails like this one, please contact
address@hidden.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-anastasis] branch master updated: adjusted header,
gnunet <=