[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: remove references to AES, fix c
From: |
gnunet |
Subject: |
[taler-anastasis] branch master updated: remove references to AES, fix ciphertext header |
Date: |
Mon, 18 Oct 2021 19:04:38 +0200 |
This is an automated email from the git hooks/post-receive script.
dold pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new 708b89e remove references to AES, fix ciphertext header
708b89e is described below
commit 708b89e8c6878b5bae23ab8f371c9b7984b71c2a
Author: Florian Dold <florian@dold.me>
AuthorDate: Mon Oct 18 19:04:32 2021 +0200
remove references to AES, fix ciphertext header
---
src/include/anastasis_crypto_lib.h | 40 +++++++++++++-------------------------
1 file changed, 13 insertions(+), 27 deletions(-)
diff --git a/src/include/anastasis_crypto_lib.h
b/src/include/anastasis_crypto_lib.h
index 9e038fc..fbafcd6 100644
--- a/src/include/anastasis_crypto_lib.h
+++ b/src/include/anastasis_crypto_lib.h
@@ -133,7 +133,7 @@ struct ANASTASIS_CRYPTO_PolicyKeyP
/**
- * Specifies a Nonce used for the AES encryption, here defined as 32Byte large.
+ * Nonce used for encryption, 24 bytes.
*/
struct ANASTASIS_CRYPTO_NonceP
{
@@ -142,16 +142,16 @@ struct ANASTASIS_CRYPTO_NonceP
/**
- * Specifies an IV used for the AES encryption, here defined as 16Byte large.
+ * Header that is prepended to a ciphertext, consisting of nonce and MAC.
*/
-struct ANASTASIS_CRYPTO_IvP
+struct ANASTASIS_CRYPTO_CiphertextHeaderP
{
- uint32_t iv[4];
+ uint8_t header[crypto_secretbox_NONCEBYTES + crypto_secretbox_MACBYTES];
};
/**
- * Specifies an symmetric key used for the AES encryption, here defined as
32Byte large.
+ * Specifies a key used for symmetric encryption, 32 bytes.
*/
struct ANASTASIS_CRYPTO_SymKeyP
{
@@ -159,15 +159,6 @@ struct ANASTASIS_CRYPTO_SymKeyP
};
-/**
- * Specifies an AES Tag used for the AES authentication, here defined as 16
Byte large.
- */
-struct ANASTASIS_CRYPTO_AesTagP
-{
- uint32_t aes_tag[4];
-};
-
-
/**
* Specifies a Key Share from an escrow provider, the combined
* keyshares generate the EscrowMasterKey which is used to decrypt the
@@ -185,17 +176,12 @@ struct ANASTASIS_CRYPTO_KeyShareP
struct ANASTASIS_CRYPTO_EncryptedKeyShareP
{
/**
- * Nonce used for the symmetric encryption.
- */
- struct ANASTASIS_CRYPTO_NonceP nonce;
-
- /**
- * GCM tag to check authenticity.
+ * Ciphertext.
*/
- struct ANASTASIS_CRYPTO_AesTagP tag;
+ struct ANASTASIS_CRYPTO_CiphertextHeaderP header;
/**
- * The actual key share.
+ * The actual key share, encrypted.
*/
struct ANASTASIS_CRYPTO_KeyShareP keyshare;
};
@@ -362,7 +348,7 @@ ANASTASIS_CRYPTO_secure_answer_hash (
/**
- * Encrypt and signs the recovery document with AES256, the recovery
+ * Encrypt and signs the recovery document, the recovery
* document is encrypted with a derivation from the user identifier
* and the salt "erd".
*
@@ -383,7 +369,7 @@ ANASTASIS_CRYPTO_recovery_document_encrypt (
/**
- * Decrypts the recovery document with AES256, the decryption key is generated
with
+ * Decrypts the recovery document, the decryption key is generated with
* the user identifier provided by the user and the salt "erd". The nonce and
IV used for the encryption
* are the first 48 bytes of the data.
*
@@ -437,7 +423,7 @@ ANASTASIS_CRYPTO_keyshare_decrypt (
/**
* Encrypts the truth data which contains the hashed answer or the
- * phone number. It is encrypted with AES256, the key is generated
+ * phone number. It is encrypted with xsalsa20-poly1305, the key is generated
* with the user identification as entropy source and the salt "ect".
*
* @param nonce value to use for the nonce
@@ -460,7 +446,7 @@ ANASTASIS_CRYPTO_truth_encrypt (
/**
* Decrypts the truth data which contains the hashed answer or the phone
number..
- * It is decrypted with AES256, the key is generated with the user
identification as
+ * It is decrypted with xsalsa20-poly1305, the key is generated with the user
identification as
* entropy source and the salt "ect".
*
* @param truth_enc_key master key used for encryption of the truth (see
interface EscrowMethod)
@@ -510,7 +496,7 @@ ANASTASIS_CRYPTO_policy_key_derive (
* The core secret is the user provided secret which will be saved with
Anastasis.
* The secret will be encrypted with the master key, the master key is a
random key which will
* be generated. The master key afterwards will be encrypted with the
different policy keys.
- * Encryption is performed with AES256
+ * Encryption is performed with xsalsa20-poly1305.
*
* @param policy_keys an array of policy keys which are used to encrypt the
master key
* @param policy_keys_length defines the amount of policy keys and also the
amount of encrypted master keys
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-anastasis] branch master updated: remove references to AES, fix ciphertext header,
gnunet <=