gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-anastasis] branch master updated: ERD encryption

From: gnunet
Subject: [taler-anastasis] branch master updated: ERD encryption
Date: Tue, 24 Mar 2020 12:25:49 +0100 
This is an automated email from the git hooks/post-receive script.

dennis-neufeld pushed a commit to branch master
in repository anastasis.

The following commit(s) were added to refs/heads/master by this push:
     new a49b0eb  ERD encryption
a49b0eb is described below

commit a49b0ebb39dbfecd33fdeff02e841ffe2b5dc66d
Author: Dennis Neufeld <address@hidden>
AuthorDate: Tue Mar 24 11:25:42 2020 +0000

    ERD encryption
---
 src/include/anastasis.h            | 24 ++++++++++
 src/include/anastasis_crypto_lib.h | 12 ++++-
 src/util/anastasis_crypto.c        | 97 ++++++++++++++++++++++++--------------
 3 files changed, 95 insertions(+), 38 deletions(-)

diff --git a/src/include/anastasis.h b/src/include/anastasis.h
index 2e5f25c..5d3c9f4 100644
--- a/src/include/anastasis.h
+++ b/src/include/anastasis.h
@@ -1,3 +1,27 @@
+/*
+  This file is part of Anastasis
+  Copyright (C) 2020 Taler Systems SA
+
+  Anastasis is free software; you can redistribute it and/or modify it under 
the
+  terms of the GNU Lesser General Public License as published by the Free 
Software
+  Foundation; either version 3, or (at your option) any later version.
+
+  Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License along with
+  Anastasis; see the file COPYING.GPL.  If not, see 
<http://www.gnu.org/licenses/>
+*/
+/**
+ * @file include/anastasis.h
+ * @brief anastasis client api
+ * @author Christian Grothoff
+ * @author Dominik Meister
+ * @author Dennis Neufeld
+ */
+
+
 /* libanastasis */
 #include <anastasis_crypto_lib.h>
 
diff --git a/src/include/anastasis_crypto_lib.h 
b/src/include/anastasis_crypto_lib.h
index 6c865f0..e158473 100644
--- a/src/include/anastasis_crypto_lib.h
+++ b/src/include/anastasis_crypto_lib.h
@@ -1,6 +1,6 @@
 /*
   This file is part of Anastasis
-  Copyright (C) 2019 Taler Systems SA
+  Copyright (C) 2020 Taler Systems SA
 
   Anastasis is free software; you can redistribute it and/or modify it under 
the
   terms of the GNU Lesser General Public License as published by the Free 
Software
@@ -13,6 +13,14 @@
   You should have received a copy of the GNU General Public License along with
   Anastasis; see the file COPYING.GPL.  If not, see 
<http://www.gnu.org/licenses/>
 */
+/**
+ * @file lib/anastasis_crypto.c
+ * @brief anastasis crypto api
+ * @author Christian Grothoff
+ * @author Dominik Meister
+ * @author Dennis Neufeld
+ */
+
 
 #include <jansson.h>
 #include <gnunet/gnunet_crypto_lib.h>
@@ -79,7 +87,7 @@ struct ANASTASIS_CRYPTO_Nonce
 */
 struct ANASTASIS_CRYPTO_Iv
 {
-  uint32_t iv[3];
+  char iv[96 / 8];
 };
 
 /**
diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c
index c77c51e..fb7ed20 100644
--- a/src/util/anastasis_crypto.c
+++ b/src/util/anastasis_crypto.c
@@ -1,6 +1,6 @@
 /*
   This file is part of Anastasis
-  Copyright (C) 2019 Taler Systems SA
+  Copyright (C) 2020 Taler Systems SA
 
   Anastasis is free software; you can redistribute it and/or modify it under 
the
   terms of the GNU Lesser General Public License as published by the Free 
Software
@@ -28,6 +28,54 @@
 #include <gnunet/gnunet_util_lib.h>
 #include <string.h>
 
+/**
+ * AES key size.
+ */
+#define AES_KEY_SIZE (256 / 8)
+
+/**
+ * AES (GCM) IV size.
+ */
+#define AES_IV_SIZE (96 / 8)
+
+/**
+ * Size of the GCM tag.
+ */
+#define GCM_TAG_SIZE (128 / 8)
+
+/**
+ * Compute @a key and @a iv.
+ *
+ * @param msec master secret for calculation
+ * @param serial number for the @a smac calculation
+ * @param key[out] where to write the decrption key
+ * @param iv[out] where to write the IV
+ */
+static void
+get_iv_key (const struct ANASTASIS_CRYPTO_UserIdentifier *kdf_id,
+            const struct ANASTASIS_CRYPTO_Nonce *nonce,
+            const char *salt,
+            char key[AES_KEY_SIZE],
+            char iv[AES_IV_SIZE])
+{
+  char res[AES_KEY_SIZE + AES_IV_SIZE];
+
+  GNUNET_CRYPTO_hkdf (res,
+                      sizeof(res),
+                      GCRY_MD_SHA512,
+                      GCRY_MD_SHA256,
+                      &kdf_id->hash,
+                      sizeof(kdf_id->hash),
+                      &nonce->nonce,
+                      sizeof(nonce->nonce),
+                      &salt,
+                      strlen (salt),
+                      NULL,
+                      0);
+  memcpy (key, res, AES_KEY_SIZE);
+  memcpy (iv, &res[AES_KEY_SIZE], AES_IV_SIZE);
+}
+
 /**
  * Creates the UserIdentifier, it is used as entropy source for the encryption 
keys and
  * for the public and private key for signing the data.
@@ -99,41 +147,18 @@ ANASTASIS_CRYPTO_recovery_document_encrypt (
   size_t *res_size)
 {
   struct ANASTASIS_CRYPTO_Nonce nonce;
-  struct ANASTASIS_CRYPTO_Iv iv;
   gcry_cipher_hd_t cipher;
   char ciphertext[data_size];
-  char *str_id;
-  char *str_nonce;
-  unsigned int i;
-  char sym_key[32];
-  char source_key_material[64];
+  char sym_key[AES_KEY_SIZE];
+  char iv[AES_IV_SIZE];
+  char gcm_tag[GCM_TAG_SIZE];
   void *erd;
 
   GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
                               &nonce,
                               sizeof (nonce));
+  get_iv_key (id, &nonce, "erd", sym_key, iv);
 
-  // FIXME IV CREATION
-  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
-                              &iv,
-                              sizeof (iv));
-
-  str_id = GNUNET_STRINGS_data_to_string_alloc (&id,
-                                                sizeof (id));
-
-  str_nonce = GNUNET_STRINGS_data_to_string_alloc (&nonce,
-                                                   sizeof (nonce));
-  strcpy (source_key_material, str_id);
-  strcat (source_key_material, str_nonce);
-
-  GNUNET_assert (0 == (GNUNET_CRYPTO_hkdf (sym_key,
-                                           sizeof(sym_key),
-                                           GCRY_MD_SHA512,
-                                           GCRY_MD_SHA256,
-                                           "erd",
-                                           (size_t) 3,
-                                           source_key_material,
-                                           sizeof(source_key_material))));
   gcry_cipher_open (&cipher,
                     GCRY_CIPHER_AES256,
                     GCRY_CIPHER_MODE_GCM,
@@ -149,25 +174,25 @@ ANASTASIS_CRYPTO_recovery_document_encrypt (
                        sizeof (ciphertext),
                        data,
                        data_size);
+  gcry_cipher_gettag (cipher,
+                      gcm_tag,
+                      sizeof (gcm_tag));
   gcry_cipher_close (cipher);
 
-  res_size = sizeof (ciphertext) + sizeof(nonce) + sizeof(iv);
-  erd = GNUNET_malloc (res_size);
+  *res_size = sizeof (ciphertext) + sizeof(nonce) + sizeof(gcm_tag);
+  erd = GNUNET_malloc (*res_size);
   memcpy (erd,
           &nonce,
           sizeof(nonce));
   memcpy (erd + sizeof(nonce),
-          &iv,
-          sizeof(iv));
-  memcpy (erd + sizeof(nonce) + sizeof(iv),
+          &gcm_tag,
+          sizeof(gcm_tag));
+  memcpy (erd + sizeof(nonce) + sizeof(gcm_tag),
           ciphertext,
           sizeof(ciphertext));
   *res = (void *) erd;
 }
 
-
-
-
 /**
  * Decrypts the recovery document with AES256, the decryption key is generated 
with
  * the user identifier provided by the user and the salt "erd". The nonce and 
IV used for the encryption

-- 
To stop receiving notification emails like this one, please contact
address@hidden.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]