[taler-anastasis] 03/03: Testing of core secret enc-/decryption

[gnunet]

This is an automated email from the git hooks/post-receive script.

dennis-neufeld pushed a commit to branch master
in repository anastasis.

commit f1315921ff9350a9f809311555d99de6c97e085d
Author: Dennis Neufeld <address@hidden>
AuthorDate: Wed Apr 1 21:36:52 2020 +0000

    Testing of core secret enc-/decryption
---
 src/include/anastasis_crypto_lib.h |  8 +++----
 src/util/anastasis_crypto.c        | 11 +++++-----
 src/util/test_anastasis_crypto.c   | 44 +++++++++++++++++++++++++++++---------
 3 files changed, 42 insertions(+), 21 deletions(-)

diff --git a/src/include/anastasis_crypto_lib.h 
b/src/include/anastasis_crypto_lib.h
index 77bb1d0..6d9f7d3 100644
--- a/src/include/anastasis_crypto_lib.h
+++ b/src/include/anastasis_crypto_lib.h
@@ -75,7 +75,7 @@ struct ANASTASIS_CRYPTO_PolicyKey
 */
 struct ANASTASIS_CRYPTO_EncryptedMasterKey
 {
-  uint32_t key[8];
+  struct GNUNET_HashCode key;
 };
 
 
@@ -349,13 +349,11 @@ ANASTASIS_CRYPTO_core_secret_encrypt (
  * @param encrypted_core_secret the encrypted core secret from the user, will 
be encrypted with the policy key
  * @param encrypted_core_secret_size size of the encrypted core secret
  * @param core_secret[out] decrypted core secret will be returned
- * @param core_secret_size[out] size of the returned core secret
  */
 void
 ANASTASIS_CRYPTO_core_secret_recover (
   const struct ANASTASIS_CRYPTO_EncryptedMasterKey *encrypted_master_key,
-  const struct ANASTASIS_CRYPTO_PolicyKey *policy_key,
+  const struct ANASTASIS_CRYPTO_PolicyKey policy_key,
   const void *encrypted_core_secret,
   size_t encrypted_core_secret_size,
-  void **core_secret,
-  size_t *core_secret_size);
\ No newline at end of file
+  void **core_secret);
\ No newline at end of file
diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c
index b42ba7e..38cad04 100644
--- a/src/util/anastasis_crypto.c
+++ b/src/util/anastasis_crypto.c
@@ -579,6 +579,7 @@ ANASTASIS_CRYPTO_core_secret_encrypt (
     struct GNUNET_CRYPTO_SymmetricSessionKey i_sk;
     struct GNUNET_CRYPTO_SymmetricInitializationVector i_iv;
 
+    GNUNET_CRYPTO_hash_to_aes_key (&policy_keys[i].key, &i_sk, &i_iv);
     GNUNET_assert (GNUNET_SYSERR !=
                    GNUNET_CRYPTO_symmetric_encrypt (&master_key,
                                                     sizeof (struct
@@ -599,16 +600,14 @@ ANASTASIS_CRYPTO_core_secret_encrypt (
  * @param encrypted_core_secret the encrypted core secret from the user, will 
be encrypted with the policy key
  * @param encrypted_core_secret_size size of the encrypted core secret
  * @param core_secret[out] decrypted core secret will be returned
- * @param core_secret_size[out] size of the returned core secret
  */
 void
 ANASTASIS_CRYPTO_core_secret_recover (
   const struct ANASTASIS_CRYPTO_EncryptedMasterKey *encrypted_master_key,
-  const struct ANASTASIS_CRYPTO_PolicyKey *policy_key,
+  const struct ANASTASIS_CRYPTO_PolicyKey policy_key,
   const void *encrypted_core_secret,
   size_t encrypted_core_secret_size,
-  void **core_secret,
-  size_t *core_secret_size)
+  void **core_secret)
 {
   struct GNUNET_CRYPTO_SymmetricSessionKey mk_sk;
   struct GNUNET_CRYPTO_SymmetricInitializationVector mk_iv;
@@ -616,8 +615,8 @@ ANASTASIS_CRYPTO_core_secret_recover (
   struct GNUNET_CRYPTO_SymmetricInitializationVector core_iv;
   struct GNUNET_HashCode master_key;
 
-  *core_secret = GNUNET_malloc (*core_secret_size);
-  GNUNET_CRYPTO_hash_to_aes_key (&policy_key->key, &mk_sk, &mk_iv);
+  *core_secret = GNUNET_malloc (encrypted_core_secret_size);
+  GNUNET_CRYPTO_hash_to_aes_key (&policy_key.key, &mk_sk, &mk_iv);
   GNUNET_assert (GNUNET_SYSERR !=
                  GNUNET_CRYPTO_symmetric_decrypt (encrypted_master_key,
                                                   sizeof (struct
diff --git a/src/util/test_anastasis_crypto.c b/src/util/test_anastasis_crypto.c
index 0a5da10..41f573b 100644
--- a/src/util/test_anastasis_crypto.c
+++ b/src/util/test_anastasis_crypto.c
@@ -106,7 +106,7 @@ test_recovery_document (void)
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "ERD_AFTER:   %s\n",
               TALER_b2s (plaintext, size_plaintext));
-  return GNUNET_memcmp (test, plaintext);
+  return strncmp ((char *) plaintext, test, strlen (test));
 }
 
 
@@ -152,12 +152,12 @@ test_key_share (void)
 static int
 test_truth (void)
 {
+  const char *test = "TEST_TRUTH";
   void *ciphertext;
   size_t size_ciphertext;
   void *plaintext;
   size_t size_plaintext;
   struct ANASTASIS_CRYPTO_TruthKey truth_enc_key;
-  const char *test = "TEST_TRUTH";
 
   GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
                               &truth_enc_key,
@@ -168,8 +168,8 @@ test_truth (void)
               TALER_b2s (test, strlen (test)));
 
   ANASTASIS_CRYPTO_truth_encrypt (&truth_enc_key,
-                                  "TEST_TRUTH",
-                                  strlen ("TEST_TRUTH"),
+                                  test,
+                                  strlen (test),
                                   &ciphertext,
                                   &size_ciphertext);
 
@@ -181,13 +181,15 @@ test_truth (void)
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "TRUTH_AFTER:   %s\n",
               TALER_b2s (plaintext, size_plaintext));
-  return GNUNET_memcmp ("TEST_TRUTH", plaintext);
+  return strncmp ((char *) plaintext, test, strlen (test));
 }
 
 
 static int
 test_core_secret (void)
 {
+  const char *test = "TEST_CORE_SECRET";
+  const char *test_wrong = "TEST_CORE_WRONG";
   void *enc_core_secret;
   size_t enc_core_secret_size;
   unsigned int policy_keys_length = 5;
@@ -226,16 +228,40 @@ test_core_secret (void)
                      GNUNET_memcmp (&policy_keys[i - 1], &policy_keys[i]));
   }
 
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "CORE_SECRET_BEFORE:   %s\n",
+              TALER_b2s (test, strlen (test)));
+
   // test encryption of core_secret
   ANASTASIS_CRYPTO_core_secret_encrypt ((struct
                                          ANASTASIS_CRYPTO_PolicyKey *)
                                         &policy_keys,
                                         policy_keys_length,
-                                        "TEST_CORE_SECRET",
-                                        strlen ("TEST_CORE_SECRET"),
+                                        test,
+                                        strlen (test),
                                         &enc_core_secret,
                                         &encrypted_master_keys);
-  return 1;
+
+  // test recover of core secret
+  for (unsigned int k = 0; k < policy_keys_length; k++)
+  {
+    void *dec_core_secret;
+    ANASTASIS_CRYPTO_core_secret_recover (&encrypted_master_keys[k],
+                                          policy_keys[k],
+                                          enc_core_secret,
+                                          strlen (test),
+                                          &dec_core_secret);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "CORE_SECRET_AFTER_%i:   %s\n",
+                k,
+                TALER_b2s (dec_core_secret, strlen (test)));
+    GNUNET_assert (0 ==
+                   strncmp ((char *) dec_core_secret, test, strlen (test)));
+    GNUNET_assert (0 !=
+                   strncmp ((char *) dec_core_secret, test_wrong, strlen (
+                              test)));
+  }
+  return 0;
 }
 
 
@@ -244,7 +270,6 @@ main (int argc,
       const char *const argv[])
 {
   GNUNET_log_setup (argv[0], "DEBUG", NULL);
-  /*
   if (0 != test_recovery_document ())
     return 1;
   if (0 != test_user_identifier_derive ())
@@ -253,7 +278,6 @@ main (int argc,
     return 1;
   if (0 != test_truth ())
     return 1;
-  */
   if (0 != test_core_secret ())
     return 1;
 

-- 
To stop receiving notification emails like this one, please contact
address@hidden.