[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated (9612023 -> 7e332f6)
|
From: |
gnunet |
|
Subject: |
[taler-anastasis] branch master updated (9612023 -> 7e332f6) |
|
Date: |
Wed, 01 Apr 2020 10:12:23 +0200 |
This is an automated email from the git hooks/post-receive script.
dennis-neufeld pushed a change to branch master
in repository anastasis.
from 9612023 worked on crypto
new 3e4cbc1 changed msec to key, added key_len
new 10939ad sizeof to strlen...
new f8e2ee5 GNUNET_free() to free()...
new a4d5bf6 private key derivation
new dd12182 modified policy key derivation
new 020b4d1 const char*...
new 5397641 PolicyKey to hash
new fc648b2 GNUNET_malloc() in core_secret_encrypt/recover
new 7e332f6 renaming
The 9 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
src/include/anastasis_crypto_lib.h | 96 +++++++------
src/util/anastasis_crypto.c | 287 +++++++++++++++++++++----------------
2 files changed, 209 insertions(+), 174 deletions(-)
diff --git a/src/include/anastasis_crypto_lib.h
b/src/include/anastasis_crypto_lib.h
index fb4b5b0..2eb545c 100644
--- a/src/include/anastasis_crypto_lib.h
+++ b/src/include/anastasis_crypto_lib.h
@@ -70,7 +70,7 @@ struct ANASTASIS_CRYPTO_Salt
*/
struct ANASTASIS_CRYPTO_PolicyKey
{
- uint32_t key[8];
+ struct GNUNET_HashCode key;
};
@@ -127,7 +127,7 @@ struct ANASTASIS_CRYPTO_UserIdentifier
* Creates the UserIdentifier, it is used as entropy source for the encryption
keys and
* for the public and private key for signing the data.
* @param id_data JSON encoded data, which contains the raw user secret and a
server salt
- * @param id reference to the id which was created
+ * @param id[out] reference to the id which was created
*/
void
ANASTASIS_CRYPTO_user_identifier_derive (
@@ -137,7 +137,7 @@ ANASTASIS_CRYPTO_user_identifier_derive (
/**
* Generates the eddsa public Key used as the account identifier on the
providers
* @param id holds a hashed user secret which is used as entropy source for
the public key generation
- * @param pub_key handle for the generated public key
+ * @param pub_key[out] handle for the generated public key
*/
void
ANASTASIS_CRYPTO_account_public_key_derive (
@@ -149,19 +149,19 @@ ANASTASIS_CRYPTO_account_public_key_derive (
* encrypted with a derivation from the user identifier and the salt "erd".
*
* @param id Hashed User input, used for the generation of the encryption key
- * @param data contains the recovery document as raw data
- * @param data_size defines the size of the recovery document inside data
- * @param res return from the result, which contains the encrypted recovery
document
+ * @param rec_doc contains the recovery document as raw data
+ * @param rd_size defines the size of the recovery document inside data
+ * @param enc_rec_doc[out] return from the result, which contains the
encrypted recovery document
* and the nonce and iv used for the encryption as Additional Data
- * @param res_size size of the result
+ * @param erd_size[out] size of the result
*/
void
ANASTASIS_CRYPTO_recovery_document_encrypt (
const struct ANASTASIS_CRYPTO_UserIdentifier *id,
- const void *data,
- size_t data_size,
- void **res,
- size_t *res_size);
+ const void *rec_doc,
+ size_t rd_size,
+ void **enc_rec_doc,
+ size_t *erd_size);
/**
* Decrypts the recovery document with AES256, the decryption key is generated
with
@@ -169,34 +169,34 @@ ANASTASIS_CRYPTO_recovery_document_encrypt (
* are the first 48Byte of the data.
*
* @param id Hashed User input, used for the generation of the encryption key
- * @param data, contains the encrypted recovery document and the nonce and iv
used for the encryption.
- * @param data_size size of the data
- * @param res return from the result, which contains the encrypted recovery
document
+ * @param enc_rec_doc, contains the encrypted recovery document and the nonce
and iv used for the encryption.
+ * @param erd_size size of the data
+ * @param rec_doc[out] return from the result, which contains the encrypted
recovery document
* and the nonce and iv used for the encryption as Additional Data
- * @param res_size size of the result
+ * @param rd_size[out] size of the result
*/
void
ANASTASIS_CRYPTO_recovery_document_decrypt (
const struct ANASTASIS_CRYPTO_UserIdentifier *id,
- const void *data,
- size_t data_size,
- void **res,
- size_t *res_size);
+ const void *enc_rec_doc,
+ size_t erd_size,
+ void **rec_doc,
+ size_t *rd_size);
/**
* Encrypts a keyshare with a key generated with the user identification as
entropy and the salt "eks".
*
* @param key_share the key share which is afterwards encrypted
* @param id the user identification which is the entropy source for the key
generation
- * @param res holds the encrypted share, the first 48 Bytes are the used nonce
and tag
- * @param res_size defines the size of the data
+ * @param enc_key_share[out] holds the encrypted share, the first 48 Bytes are
the used nonce and tag
+ * @param eks_size[out] defines the size of the data
*/
void
ANASTASIS_CRYPTO_key_share_encrypt (
const struct ANASTASIS_CRYPTO_KeyShare *key_share,
const struct ANASTASIS_CRYPTO_UserIdentifier *id,
- void **res,
- size_t *res_size);
+ void **enc_key_share,
+ size_t *eks_size);
/**
* Decrypts a keyshare with a key generated with the user identification as
entropy and the salt "eks".
@@ -204,8 +204,8 @@ ANASTASIS_CRYPTO_key_share_encrypt (
* @param enc_key_share holds the encrypted share, the first 48 Bytes are the
used nonce and tag
* @param size_eks size of encrypted key share
* @param id the user identification which is the entropy source for the key
generation
- * @param key_share the result of decryption
- * @param ks_size size of result
+ * @param key_share[out] the result of decryption
+ * @param ks_size[out] size of result
*/
void
ANASTASIS_CRYPTO_key_share_decrypt (
@@ -221,19 +221,19 @@ ANASTASIS_CRYPTO_key_share_decrypt (
* entropy source and the salt "ect".
*
* @param truth_enc_key master key used for encryption of the truth (see
interface EscrowMethod)
- * @param data truth which will be encrypted
- * @param data_size size of the truth
- * @param res return from the result, which contains the encrypted truth
+ * @param truth truth which will be encrypted
+ * @param truth_size size of the truth
+ * @param enc_truth[out] return from the result, which contains the encrypted
truth
* and the nonce and iv used for the encryption as Additional Data
- * @param res_size size of the result
+ * @param ect_size[out] size of the result
*/
void
ANASTASIS_CRYPTO_truth_encrypt (
const struct ANASTASIS_CRYPTO_TruthKey *truth_enc_key,
- const void *data,
- size_t data_size,
- void **res,
- size_t *res_size);
+ const void *truth,
+ size_t truth_size,
+ void **enc_truth,
+ size_t *ect_size);
/**
* Decrypts the truth data which contains the hashed answer or the phone
number..
@@ -241,25 +241,25 @@ ANASTASIS_CRYPTO_truth_encrypt (
* entropy source and the salt "ect".
*
* @param truth_enc_key master key used for encryption of the truth (see
interface EscrowMethod)
- * @param data truth holds the encrypted truth which will be decrypted
- * @param data_size size of the data
- * @param res return from the result, which contains the truth
- * @param res_size size of the result
+ * @param enc_truth truth holds the encrypted truth which will be decrypted
+ * @param ect_size size of the truth data
+ * @param truth return from the result, which contains the truth
+ * @param truth_size size of the result
*/
void
ANASTASIS_CRYPTO_truth_decrypt (
const struct ANASTASIS_CRYPTO_TruthKey *truth_enc_key,
- const void *data,
- size_t data_size,
- void **res,
- size_t *res_size);
+ const void *enc_truth,
+ size_t ect_size,
+ void **truth,
+ size_t *truth_size);
/**
* A key share is randomly generated, one key share is generated for every
* truth a policy contains.
*
- * @param key_share reference to the created key share.
+ * @param key_share[out] reference to the created key share.
*/
void
ANASTASIS_CRYPTO_key_share_create (
@@ -272,12 +272,14 @@ ANASTASIS_CRYPTO_key_share_create (
*
* @param key_shares list of key shares which are combined
* @param keyshare_length amount of key shares inside the array
- * @param policy_key reference to the created key
+ * @param salt salt value
+ * @param policy_key[out] reference to the created key
*/
void
ANASTASIS_CRYPTO_policy_key_derive (
const struct ANASTASIS_CRYPTO_KeyShare *key_shares,
unsigned int keyshare_length,
+ const struct ANASTASIS_CRYPTO_Salt *salt,
struct ANASTASIS_CRYPTO_PolicyKey *policy_key);
@@ -292,8 +294,8 @@ ANASTASIS_CRYPTO_policy_key_derive (
* @param core_secret the user provided core secret which is secured by
anastasis
* @param core_secret_size the size of the core secret
* @param enc_core_secret the core secret is encrypted with the generated
master key
- * @param enc_core_secret_size size of the encrypted secret
- * @param encrypted_master_keys array of encrypted master keys which will be
safed inside the policies one encrypted
+ * @param enc_core_secret_size[out] size of the encrypted secret
+ * @param encrypted_master_keys[out] array of encrypted master keys which will
be safed inside the policies one encrypted
* master key is created for each policy key
*/
void
@@ -314,8 +316,8 @@ ANASTASIS_CRYPTO_core_secret_encrypt (
* @param policy_key built policy key which will decrypt the master key
* @param encrypted_core_secret the encrypted core secret from the user, will
be encrypted with the policy key
* @param encrypted_core_secret_size size of the encrypted core secret
- * @param core_secret decrypted core secret will be returned
- * @param core_secret_size size of the returned core secret
+ * @param core_secret[out] decrypted core secret will be returned
+ * @param core_secret_size[out] size of the returned core secret
*/
void
ANASTASIS_CRYPTO_core_secret_recover (
diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c
index e706b7e..b2d3e2a 100644
--- a/src/util/anastasis_crypto.c
+++ b/src/util/anastasis_crypto.c
@@ -46,14 +46,16 @@
/**
* Compute @a key and @a iv.
*
- * @param msec master secret for calculation
+ * @param key_material key for calculation
+ * @param key_m_len length of key
* @param nonce nonce for calculation
* @param salt salt value for calculation
* @param key[out] where to write the en-/decription key
* @param iv[out] where to write the IV
*/
static void
-get_iv_key (const void *msec,
+get_iv_key (const void *key_material,
+ size_t key_m_len,
const struct ANASTASIS_CRYPTO_Nonce *nonce,
const char *salt,
char key[AES_KEY_SIZE],
@@ -66,12 +68,13 @@ get_iv_key (const void *msec,
sizeof (res),
GCRY_MD_SHA512,
GCRY_MD_SHA256,
- msec,
- sizeof(msec),
+ key_material,
+ key_m_len,
nonce,
- sizeof(struct ANASTASIS_CRYPTO_Nonce),
+ sizeof (struct
+ ANASTASIS_CRYPTO_Nonce),
salt,
- sizeof (*salt),
+ strlen (salt),
NULL,
0));
memcpy (key, res, AES_KEY_SIZE);
@@ -82,15 +85,17 @@ get_iv_key (const void *msec,
/**
* Encryption of data like recovery document etc.
*
- * @param msec master secret which is used to derive a key/iv pair from
+ * @param key key which is used to derive a key/iv pair from
+ * @param key_len length of key
* @param data data to encrypt
* @param data_size size of the data
* @param salt salt value which is used for key derivation
- * @param[out] res ciphertext output
- * @param[out] res_size size of the ciphertext
+ * @param res[out] ciphertext output
+ * @param res_size[out] size of the ciphertext
*/
static void
-anastasis_encrypt (const void *msec,
+anastasis_encrypt (const void *key,
+ size_t key_len,
const void *data,
size_t data_size,
const char *salt,
@@ -105,19 +110,21 @@ anastasis_encrypt (const void *msec,
struct ANASTASIS_CRYPTO_AesTag *tag;
char *ciphertext;
- *res_size = data_size + sizeof(struct ANASTASIS_CRYPTO_Nonce)
- + sizeof(struct ANASTASIS_CRYPTO_AesTag);
+ *res_size = data_size
+ + sizeof (struct ANASTASIS_CRYPTO_Nonce)
+ + sizeof (struct ANASTASIS_CRYPTO_AesTag);
*res = GNUNET_malloc (*res_size);
GNUNET_assert (*res_size == data_size
+ sizeof (struct ANASTASIS_CRYPTO_Nonce)
- + sizeof(struct ANASTASIS_CRYPTO_AesTag));
+ + sizeof (struct ANASTASIS_CRYPTO_AesTag));
nonce = (struct ANASTASIS_CRYPTO_Nonce *) *res;
tag = (struct ANASTASIS_CRYPTO_AesTag *) &nonce[1];
ciphertext = (char *) &tag[1];
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
nonce,
sizeof (struct ANASTASIS_CRYPTO_Nonce));
- get_iv_key (msec,
+ get_iv_key (key,
+ key_len,
nonce,
salt,
sym_key,
@@ -145,7 +152,7 @@ anastasis_encrypt (const void *msec,
GNUNET_assert (0 ==
gcry_cipher_gettag (cipher,
tag,
- sizeof(struct ANASTASIS_CRYPTO_AesTag)));
+ sizeof (struct ANASTASIS_CRYPTO_AesTag)));
gcry_cipher_close (cipher);
}
@@ -153,15 +160,17 @@ anastasis_encrypt (const void *msec,
/**
* Decryption of data like encrypted recovery document etc.
*
- * @param msec master secret which is used to derive a key/iv pair from
+ * @param key key which is used to derive a key/iv pair from
+ * @param key_len length of key
* @param data data to decrypt
* @param data_size size of the data
* @param salt salt value which is used for key derivation
- * @param res plaintext output
- * @param res_size size of the plaintext
+ * @param res[out] plaintext output
+ * @param res_size[out] size of the plaintext
*/
static void
-anastasis_decrypt (const void *msec,
+anastasis_decrypt (const void *key,
+ size_t key_len,
const void *data,
size_t data_size,
const char *salt,
@@ -176,16 +185,18 @@ anastasis_decrypt (const void *msec,
struct ANASTASIS_CRYPTO_AesTag *tag;
char *ciphertext;
- *res_size = data_size - sizeof (struct ANASTASIS_CRYPTO_Nonce)
- - sizeof(struct ANASTASIS_CRYPTO_AesTag);
+ *res_size = data_size
+ - sizeof (struct ANASTASIS_CRYPTO_Nonce)
+ - sizeof (struct ANASTASIS_CRYPTO_AesTag);
*res = GNUNET_malloc (*res_size);
GNUNET_assert (*res_size == data_size
- sizeof (struct ANASTASIS_CRYPTO_Nonce)
- - sizeof(struct ANASTASIS_CRYPTO_AesTag));
+ - sizeof (struct ANASTASIS_CRYPTO_AesTag));
nonce = (struct ANASTASIS_CRYPTO_Nonce *) data;
tag = (struct ANASTASIS_CRYPTO_AesTag *) &nonce[1];
ciphertext = (char *) &tag[1];
- get_iv_key (msec,
+ get_iv_key (key,
+ key_len,
nonce,
salt,
sym_key,
@@ -221,7 +232,7 @@ anastasis_decrypt (const void *msec,
* Creates the UserIdentifier, it is used as entropy source for the encryption
keys and
* for the public and private key for signing the data.
* @param id_data JSON encoded data, which contains the raw user secret and a
server salt
- * @param id reference to the id which was created
+ * @param id[out] reference to the id which was created
*/
void
ANASTASIS_CRYPTO_user_identifier_derive (
@@ -241,39 +252,42 @@ ANASTASIS_CRYPTO_user_identifier_derive (
sizeof (struct
ANASTASIS_CRYPTO_UserIdentifier),
id));
- GNUNET_free (json_enc);
+ free (json_enc);
}
/**
* Generates the eddsa private key used to authorize operations on policy
* @param id holds a hashed user secret which is used as entropy source for
the public key generation
- * @param priv_key handle for the generated private key
+ * @param priv_key[out] handle for the generated private key
*/
static void
ANASTASIS_CRYPTO_account_private_key_derive (
const struct ANASTASIS_CRYPTO_UserIdentifier *id,
struct GNUNET_CRYPTO_EddsaPrivateKey *priv_key)
{
- void *ver_secret;
- GNUNET_CRYPTO_hkdf (&ver_secret,
- sizeof (ver_secret),
+ /* priv_key = ver_secret */
+ GNUNET_CRYPTO_hkdf (priv_key,
+ sizeof (*priv_key),
GCRY_MD_SHA512,
GCRY_MD_SHA256,
id,
- sizeof (struct ANASTASIS_CRYPTO_UserIdentifier),
+ sizeof (struct
+ ANASTASIS_CRYPTO_UserIdentifier),
"ver",
strlen ("ver"),
NULL,
0);
- // *priv_key = eddsa_d_to_a (id);
+ /* go from ver_secret to proper private key (eddsa_d_to_a() in spec) */
+ priv_key->d[0] = (priv_key->d[0] & 0x7f) | 0x40;
+ priv_key->d[31] &= 0xf8;
}
/**
* Generates the eddsa public Key used as the account identifier on the
providers
* @param id holds a hashed user secret which is used as entropy source for
the public key generation
- * @param pub_key handle for the generated public key
+ * @param pub_key[out] handle for the generated public key
*/
void
ANASTASIS_CRYPTO_account_public_key_derive (
@@ -291,22 +305,29 @@ ANASTASIS_CRYPTO_account_public_key_derive (
* encrypted with a derivation from the user identifier and the salt "erd".
*
* @param id Hashed User input, used for the generation of the encryption key
- * @param data contains the recovery document as raw data
- * @param data_size defines the size of the recovery document inside data
- * @param res return from the result, which contains the encrypted recovery
document
+ * @param rec_doc contains the recovery document as raw data
+ * @param rd_size defines the size of the recovery document inside data
+ * @param enc_rec_doc[out] return from the result, which contains the
encrypted recovery document
* and the nonce and iv used for the encryption as Additional Data
- * @param res_size size of the result
+ * @param erd_size[out] size of the result
*/
void
ANASTASIS_CRYPTO_recovery_document_encrypt (
const struct ANASTASIS_CRYPTO_UserIdentifier *id,
- const void *data,
- size_t data_size,
- void **res,
- size_t *res_size)
+ const void *rec_doc,
+ size_t rd_size,
+ void **enc_rec_doc,
+ size_t *erd_size)
{
- char *salt = "erd";
- anastasis_encrypt (id, data, data_size, salt, res, res_size);
+ const char *salt = "erd";
+ anastasis_encrypt (id,
+ sizeof (struct
+ ANASTASIS_CRYPTO_UserIdentifier),
+ rec_doc,
+ rd_size,
+ salt,
+ enc_rec_doc,
+ erd_size);
}
@@ -316,22 +337,29 @@ ANASTASIS_CRYPTO_recovery_document_encrypt (
* are the first 48Byte of the data.
*
* @param id Hashed User input, used for the generation of the encryption key
- * @param data, contains the encrypted recovery document and the nonce and iv
used for the encryption.
- * @param data_size size of the data
- * @param res return from the result, which contains the encrypted recovery
document
+ * @param enc_rec_doc, contains the encrypted recovery document and the nonce
and iv used for the encryption.
+ * @param erd_size size of the data
+ * @param rec_doc[out] return from the result, which contains the encrypted
recovery document
* and the nonce and iv used for the encryption as Additional Data
- * @param res_size size of the result
+ * @param rd_size[out] size of the result
*/
void
ANASTASIS_CRYPTO_recovery_document_decrypt (
const struct ANASTASIS_CRYPTO_UserIdentifier *id,
- const void *data,
- size_t data_size,
- void **res,
- size_t *res_size)
+ const void *enc_rec_doc,
+ size_t erd_size,
+ void **rec_doc,
+ size_t *rd_size)
{
- char *salt = "erd";
- anastasis_decrypt (id, data, data_size, salt, res, res_size);
+ const char *salt = "erd";
+ anastasis_decrypt (id,
+ sizeof (struct
+ ANASTASIS_CRYPTO_UserIdentifier),
+ enc_rec_doc,
+ erd_size,
+ salt,
+ rec_doc,
+ rd_size);
}
@@ -340,23 +368,30 @@ ANASTASIS_CRYPTO_recovery_document_decrypt (
*
* @param key_share the key share which is afterwards encrypted
* @param id the user identification which is the entropy source for the key
generation
- * @param res holds the encrypted share, the first 48 Bytes are the used nonce
and tag
- * @param res_size defines the size of the data
+ * @param enc_key_share[out] holds the encrypted share, the first 48 Bytes are
the used nonce and tag
+ * @param eks_size[out] defines the size of the data
*/
void
ANASTASIS_CRYPTO_key_share_encrypt (
const struct ANASTASIS_CRYPTO_KeyShare *key_share,
const struct ANASTASIS_CRYPTO_UserIdentifier *id,
- void **res,
- size_t *res_size)
+ void **enc_key_share,
+ size_t *eks_size)
{
- char *salt = "eks";
+ const char *salt = "eks";
/* FIXME: the HKDF (in get_iv_key()) should be able to take additional
bits from the response (e.g. some hash over the answer to the
security question, see 12.6.-> interface EncryptedKeyShare in spec)
*/
- anastasis_encrypt (id, key_share, sizeof (struct ANASTASIS_CRYPTO_KeyShare),
- salt, res, res_size);
+ anastasis_encrypt (id,
+ sizeof (struct
+ ANASTASIS_CRYPTO_UserIdentifier),
+ key_share,
+ sizeof (struct
+ ANASTASIS_CRYPTO_KeyShare),
+ salt,
+ enc_key_share,
+ eks_size);
}
@@ -366,8 +401,8 @@ ANASTASIS_CRYPTO_key_share_encrypt (
* @param enc_key_share holds the encrypted share, the first 48 Bytes are the
used nonce and tag
* @param size_eks size of encrypted key share
* @param id the user identification which is the entropy source for the key
generation
- * @param key_share the result of decryption
- * @param ks_size size of result
+ * @param key_share[out] the result of decryption
+ * @param ks_size[out] size of result
*/
void
ANASTASIS_CRYPTO_key_share_decrypt (
@@ -377,8 +412,15 @@ ANASTASIS_CRYPTO_key_share_decrypt (
void **key_share,
size_t *ks_size)
{
- char *salt = "eks";
- anastasis_decrypt (id, enc_key_share, eks_size, salt, key_share, ks_size);
+ const char *salt = "eks";
+ anastasis_decrypt (id,
+ sizeof (struct
+ ANASTASIS_CRYPTO_UserIdentifier),
+ enc_key_share,
+ eks_size,
+ salt,
+ key_share,
+ ks_size);
}
@@ -388,22 +430,29 @@ ANASTASIS_CRYPTO_key_share_decrypt (
* entropy source and the salt "ect".
*
* @param truth_enc_key master key used for encryption of the truth
- * @param data truth which will be encrypted
- * @param data_size size of the truth
- * @param res return from the result, which contains the encrypted truth
+ * @param truth truth which will be encrypted
+ * @param truth_size size of the truth
+ * @param enc_truth[out] return from the result, which contains the encrypted
truth
* and the nonce and iv used for the encryption as Additional Data
- * @param res_size size of the result
+ * @param ect_size[out] size of the result
*/
void
ANASTASIS_CRYPTO_truth_encrypt (
const struct ANASTASIS_CRYPTO_TruthKey *truth_enc_key,
- const void *data,
- size_t data_size,
- void **res,
- size_t *res_size)
+ const void *truth,
+ size_t truth_size,
+ void **enc_truth,
+ size_t *ect_size)
{
- char *salt = "ect";
- anastasis_encrypt (truth_enc_key, data, data_size, salt, res, res_size);
+ const char *salt = "ect";
+ anastasis_encrypt (truth_enc_key,
+ sizeof (struct
+ ANASTASIS_CRYPTO_TruthKey),
+ truth,
+ truth_size,
+ salt,
+ enc_truth,
+ ect_size);
}
@@ -413,21 +462,28 @@ ANASTASIS_CRYPTO_truth_encrypt (
* entropy source and the salt "ect".
*
* @param truth_enc_key master key used for encryption of the truth
- * @param data truth holds the encrypted truth which will be decrypted
- * @param data_size size of the data
- * @param res return from the result, which contains the truth
- * @param res_size size of the result
+ * @param enc_truth truth holds the encrypted truth which will be decrypted
+ * @param ect_size size of the truth data
+ * @param truth[out] return from the result, which contains the truth
+ * @param truth_size[out] size of the result
*/
void
ANASTASIS_CRYPTO_truth_decrypt (
const struct ANASTASIS_CRYPTO_TruthKey *truth_enc_key,
- const void *data,
- size_t data_size,
- void **res,
- size_t *res_size)
+ const void *enc_truth,
+ size_t ect_size,
+ void **truth,
+ size_t *truth_size)
{
- char *salt = "ect";
- anastasis_decrypt (truth_enc_key, data, data_size, salt, res, res_size);
+ const char *salt = "ect";
+ anastasis_decrypt (truth_enc_key,
+ sizeof (struct
+ ANASTASIS_CRYPTO_TruthKey),
+ enc_truth,
+ ect_size,
+ salt,
+ truth,
+ truth_size);
}
@@ -435,7 +491,7 @@ ANASTASIS_CRYPTO_truth_decrypt (
* A key share is randomly generated, one key share is generated for every
* truth a policy contains.
*
- * @param key_share reference to the created key share.
+ * @param key_share[out] reference to the created key share.
*/
void
ANASTASIS_CRYPTO_key_share_create (
@@ -453,42 +509,25 @@ ANASTASIS_CRYPTO_key_share_create (
*
* @param key_shares list of key shares which are combined
* @param keyshare_length amount of key shares inside the array
- * @param policy_key reference to the created key
+ * @param salt salt value
+ * @param policy_key[out] reference to the created key
*/
void
ANASTASIS_CRYPTO_policy_key_derive (
const struct ANASTASIS_CRYPTO_KeyShare *key_shares,
unsigned int keyshare_length,
+ const struct ANASTASIS_CRYPTO_Salt *salt,
struct ANASTASIS_CRYPTO_PolicyKey *policy_key)
{
- struct GNUNET_HashCode p;
- struct GNUNET_HashCode b;
- for (unsigned int i = 0; i < keyshare_length; i++)
- {
- struct GNUNET_HashCode ks;
- GNUNET_CRYPTO_hash (&key_shares[i],
- sizeof (struct ANASTASIS_CRYPTO_KeyShare),
- &ks);
- if (i == 0)
- b = ks;
- else
- {
- GNUNET_CRYPTO_hash_xor (&ks,
- &b,
- &p);
- }
- }
- // FIXME: SCRYPT or simple hash?
- GNUNET_assert (0 ==
- gcry_kdf_derive (&p,
- sizeof (struct GNUNET_HashCode),
- GCRY_KDF_SCRYPT,
- 1, // subalgo
- "policykey",
- strlen ("policykey"),
- 1000, // iterations
- sizeof (struct ANASTASIS_CRYPTO_PolicyKey),
- policy_key));
+ GNUNET_CRYPTO_hkdf (policy_key,
+ sizeof (*policy_key),
+ GCRY_MD_SHA512,
+ GCRY_MD_SHA256,
+ key_shares,
+ keyshare_length * sizeof (*key_shares),
+ salt,
+ sizeof (*salt),
+ NULL, 0);
}
@@ -503,8 +542,8 @@ ANASTASIS_CRYPTO_policy_key_derive (
* @param core_secret the user provided core secret which is secured by
anastasis
* @param core_secret_size the size of the core secret
* @param enc_core_secret the core secret is encrypted with the generated
master key
- * @param enc_core_secret_size size of the encrypted secret
- * @param encrypted_master_keys array of encrypted master keys which will be
safed inside the policies one encrypted
+ * @param enc_core_secret_size[out] size of the encrypted secret
+ * @param encrypted_master_keys[out] array of encrypted master keys which will
be safed inside the policies one encrypted
* master key is created for each policy key
*/
void
@@ -521,6 +560,7 @@ ANASTASIS_CRYPTO_core_secret_encrypt (
struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
struct GNUNET_HashCode master_key;
+ *enc_core_secret = GNUNET_malloc (*enc_core_secret_size);
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
&master_key,
sizeof (struct GNUNET_HashCode));
@@ -535,12 +575,8 @@ ANASTASIS_CRYPTO_core_secret_encrypt (
{
struct GNUNET_CRYPTO_SymmetricSessionKey i_sk;
struct GNUNET_CRYPTO_SymmetricInitializationVector i_iv;
- struct GNUNET_HashCode hashed_policy_key;
- GNUNET_CRYPTO_hash (&policy_keys[i],
- sizeof (struct ANASTASIS_CRYPTO_PolicyKey),
- &hashed_policy_key);
- GNUNET_CRYPTO_hash_to_aes_key (&hashed_policy_key, &i_sk, &i_iv);
+ GNUNET_CRYPTO_hash_to_aes_key (&policy_keys[i].key, &i_sk, &i_iv);
GNUNET_assert (GNUNET_SYSERR !=
GNUNET_CRYPTO_symmetric_encrypt (&master_key,
sizeof (struct
@@ -560,8 +596,8 @@ ANASTASIS_CRYPTO_core_secret_encrypt (
* @param policy_key built policy key which will decrypt the master key
* @param encrypted_core_secret the encrypted core secret from the user, will
be encrypted with the policy key
* @param encrypted_core_secret_size size of the encrypted core secret
- * @param core_secret decrypted core secret will be returned
- * @param core_secret_size size of the returned core secret
+ * @param core_secret[out] decrypted core secret will be returned
+ * @param core_secret_size[out] size of the returned core secret
*/
void
ANASTASIS_CRYPTO_core_secret_recover (
@@ -576,13 +612,10 @@ ANASTASIS_CRYPTO_core_secret_recover (
struct GNUNET_CRYPTO_SymmetricInitializationVector mk_iv;
struct GNUNET_CRYPTO_SymmetricSessionKey core_sk;
struct GNUNET_CRYPTO_SymmetricInitializationVector core_iv;
- struct GNUNET_HashCode hashed_policy_key;
struct GNUNET_HashCode master_key;
- GNUNET_CRYPTO_hash (policy_key,
- sizeof (struct ANASTASIS_CRYPTO_PolicyKey),
- &hashed_policy_key);
- GNUNET_CRYPTO_hash_to_aes_key (&hashed_policy_key, &mk_sk, &mk_iv);
+ *core_secret = GNUNET_malloc (*core_secret_size);
+ GNUNET_CRYPTO_hash_to_aes_key (&policy_key->key, &mk_sk, &mk_iv);
GNUNET_assert (GNUNET_SYSERR !=
GNUNET_CRYPTO_symmetric_decrypt (encrypted_master_key,
sizeof (struct
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [taler-anastasis] branch master updated (9612023 -> 7e332f6),
gnunet <=
- [taler-anastasis] 04/09: private key derivation, gnunet, 2020/04/01
- [taler-anastasis] 02/09: sizeof to strlen..., gnunet, 2020/04/01
- [taler-anastasis] 01/09: changed msec to key, added key_len, gnunet, 2020/04/01
- [taler-anastasis] 03/09: GNUNET_free() to free()..., gnunet, 2020/04/01
- [taler-anastasis] 08/09: GNUNET_malloc() in core_secret_encrypt/recover, gnunet, 2020/04/01
- [taler-anastasis] 06/09: const char*..., gnunet, 2020/04/01
- [taler-anastasis] 07/09: PolicyKey to hash, gnunet, 2020/04/01
- [taler-anastasis] 05/09: modified policy key derivation, gnunet, 2020/04/01
- [taler-anastasis] 09/09: renaming, gnunet, 2020/04/01