[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnunet] branch master updated: NEWS: Add KEM API to avoid ephemeral pri
From: |
gnunet |
Subject: |
[gnunet] branch master updated: NEWS: Add KEM API to avoid ephemeral private key management |
Date: |
Sat, 15 Jul 2023 00:09:19 +0200 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository gnunet.
The following commit(s) were added to refs/heads/master by this push:
new 3735010a7 NEWS: Add KEM API to avoid ephemeral private key management
new 1d86bc967 Merge branch 'master' of git+ssh://git.gnunet.org/gnunet
3735010a7 is described below
commit 3735010a72a634ff922bc453f8a04d5f90c949a1
Author: Martin Schanzenbach <schanzen@gnunet.org>
AuthorDate: Sat Jul 15 00:07:34 2023 +0200
NEWS: Add KEM API to avoid ephemeral private key management
---
src/include/gnunet_crypto_lib.h | 89 ++++++++++++++++++++++-----------
src/transport/gnunet-communicator-tcp.c | 51 ++++++++-----------
src/util/crypto_ecc.c | 46 +++++++++++++----
3 files changed, 117 insertions(+), 69 deletions(-)
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index a9e1a3212..1c17e72d9 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -44,7 +44,7 @@
* @see [Documentation](https://gnunet.org/crypto-api)
*/
-#if !defined (__GNUNET_UTIL_LIB_H_INSIDE__)
+#if ! defined (__GNUNET_UTIL_LIB_H_INSIDE__)
#error "Only <gnunet_util_lib.h> can be included directly."
#endif
@@ -846,7 +846,7 @@ GNUNET_CRYPTO_hash_from_string2 (const char *enc,
* @return #GNUNET_OK on success, #GNUNET_SYSERR if result has the wrong
encoding
*/
#define GNUNET_CRYPTO_hash_from_string(enc, result) \
- GNUNET_CRYPTO_hash_from_string2 (enc, strlen (enc), result)
+ GNUNET_CRYPTO_hash_from_string2 (enc, strlen (enc), result)
/**
@@ -1837,6 +1837,22 @@ GNUNET_CRYPTO_eddsa_ecdh (const struct
GNUNET_CRYPTO_EddsaPrivateKey *priv,
const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
struct GNUNET_HashCode *key_material);
+/**
+ * @ingroup crypto
+ * Decapsulate a key for a private EdDSA key.
+ * Dual to #GNUNET_CRRYPTO_eddsa_kem_encaps.
+ *
+ * @param priv private key from EdDSA to use for the ECDH (x)
+ * @param c the encapsulated key
+ * @param key_material where to write the key material H(h(x)yG)
+ * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_eddsa_kem_decaps (const struct
+ GNUNET_CRYPTO_EddsaPrivateKey *priv,
+ const struct GNUNET_CRYPTO_EcdhePublicKey *c,
+ struct GNUNET_HashCode *key_material);
+
/**
* @ingroup crypto
@@ -1869,6 +1885,21 @@ GNUNET_CRYPTO_ecdh_eddsa (const struct
GNUNET_CRYPTO_EcdhePrivateKey *priv,
const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
struct GNUNET_HashCode *key_material);
+/**
+ * @ingroup crypto
+ * Encapsulate key material for a EdDSA public key.
+ * Dual to #GNUNET_CRRYPTO_eddsa_kem_decaps.
+ *
+ * @param priv private key to use for the ECDH (y)
+ * @param c public key from EdDSA to use for the ECDH (X=h(x)G)
+ * @param key_material where to write the key material H(yX)=H(h(x)yG)
+ * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_eddsa_kem_encaps (const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
+ struct GNUNET_CRYPTO_EcdhePublicKey *c,
+ struct GNUNET_HashCode *key_material);
+
/**
* @ingroup crypto
* Derive key material from a EcDSA public key and a private ECDH key.
@@ -1920,15 +1951,15 @@ GNUNET_CRYPTO_eddsa_sign_ (
* @param[out] sig where to write the signature
*/
#define GNUNET_CRYPTO_eddsa_sign(priv,ps,sig) do { \
- /* check size is set correctly */ \
- GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*ps)); \
- /* check 'ps' begins with the purpose */ \
- GNUNET_static_assert (((void*) (ps)) == \
- ((void*) &(ps)->purpose)); \
- GNUNET_assert (GNUNET_OK == \
- GNUNET_CRYPTO_eddsa_sign_ (priv, \
- &(ps)->purpose, \
- sig)); \
+ /* check size is set correctly */ \
+ GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*ps)); \
+ /* check 'ps' begins with the purpose */ \
+ GNUNET_static_assert (((void*) (ps)) == \
+ ((void*) &(ps)->purpose)); \
+ GNUNET_assert (GNUNET_OK == \
+ GNUNET_CRYPTO_eddsa_sign_ (priv, \
+ &(ps)->purpose, \
+ sig)); \
} while (0)
@@ -1982,15 +2013,15 @@ GNUNET_CRYPTO_eddsa_sign_raw (
* @param[out] sig where to write the signature
*/
#define GNUNET_CRYPTO_ecdsa_sign(priv,ps,sig) do { \
- /* check size is set correctly */ \
- GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
- /* check 'ps' begins with the purpose */ \
- GNUNET_static_assert (((void*) (ps)) == \
- ((void*) &(ps)->purpose)); \
- GNUNET_assert (GNUNET_OK == \
- GNUNET_CRYPTO_ecdsa_sign_ (priv, \
- &(ps)->purpose, \
- sig)); \
+ /* check size is set correctly */ \
+ GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
+ /* check 'ps' begins with the purpose */ \
+ GNUNET_static_assert (((void*) (ps)) == \
+ ((void*) &(ps)->purpose)); \
+ GNUNET_assert (GNUNET_OK == \
+ GNUNET_CRYPTO_ecdsa_sign_ (priv, \
+ &(ps)->purpose, \
+ sig)); \
} while (0)
/**
@@ -2029,15 +2060,15 @@ GNUNET_CRYPTO_edx25519_sign_ (
* @param[out] sig where to write the signature
*/
#define GNUNET_CRYPTO_edx25519_sign(priv,ps,sig) do { \
- /* check size is set correctly */ \
- GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
- /* check 'ps' begins with the purpose */ \
- GNUNET_static_assert (((void*) (ps)) == \
- ((void*) &(ps)->purpose)); \
- GNUNET_assert (GNUNET_OK == \
- GNUNET_CRYPTO_edx25519_sign_ (priv, \
- &(ps)->purpose, \
- sig)); \
+ /* check size is set correctly */ \
+ GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
+ /* check 'ps' begins with the purpose */ \
+ GNUNET_static_assert (((void*) (ps)) == \
+ ((void*) &(ps)->purpose)); \
+ GNUNET_assert (GNUNET_OK == \
+ GNUNET_CRYPTO_edx25519_sign_ (priv, \
+ &(ps)->purpose, \
+ sig)); \
} while (0)
diff --git a/src/transport/gnunet-communicator-tcp.c
b/src/transport/gnunet-communicator-tcp.c
index e2f1e4507..20d052dce 100644
--- a/src/transport/gnunet-communicator-tcp.c
+++ b/src/transport/gnunet-communicator-tcp.c
@@ -52,7 +52,7 @@
* the other peer should revalidate).
*/
#define ADDRESS_VALIDITY_PERIOD \
- GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4)
+ GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4)
/**
* How many messages do we keep at most in the queue to the
@@ -91,16 +91,16 @@
* directions.
*/
#define INITIAL_KX_SIZE \
- (sizeof(struct GNUNET_CRYPTO_EcdhePublicKey) \
- + sizeof(struct TCPConfirmation))
+ (sizeof(struct GNUNET_CRYPTO_EcdhePublicKey) \
+ + sizeof(struct TCPConfirmation))
/**
* Size of the initial core key exchange messages.
*/
#define INITIAL_CORE_KX_SIZE \
- (sizeof(struct EphemeralKeyMessage) \
- + sizeof(struct PingMessage) \
- + sizeof(struct PongMessage))
+ (sizeof(struct EphemeralKeyMessage) \
+ + sizeof(struct PingMessage) \
+ + sizeof(struct PongMessage))
/**
* Address prefix used by the communicator.
@@ -468,12 +468,6 @@ struct Queue
*/
struct GNUNET_HashCode out_hmac;
- /**
- * Our ephemeral key. Stored here temporarily during rekeying / key
- * generation.
- */
- struct GNUNET_CRYPTO_EcdhePrivateKey ephemeral;
-
/**
* ID of read task for this connection.
*/
@@ -1357,10 +1351,10 @@ static void
setup_in_cipher (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral,
struct Queue *queue)
{
- struct GNUNET_HashCode dh;
+ struct GNUNET_HashCode k;
- GNUNET_CRYPTO_eddsa_ecdh (my_private_key, ephemeral, &dh);
- setup_cipher (&dh, &my_identity, &queue->in_cipher, &queue->in_hmac);
+ GNUNET_CRYPTO_eddsa_kem_decaps (my_private_key, ephemeral, &k);
+ setup_cipher (&k, &my_identity, &queue->in_cipher, &queue->in_hmac);
}
@@ -1557,14 +1551,9 @@ send_challenge (struct GNUNET_CRYPTO_ChallengeNonceP
challenge,
* @param queue queue to setup outgoing (encryption) cipher for
*/
static void
-setup_out_cipher (struct Queue *queue)
+setup_out_cipher (struct Queue *queue, struct GNUNET_HashCode *dh)
{
- struct GNUNET_HashCode dh;
-
- GNUNET_CRYPTO_ecdh_eddsa (&queue->ephemeral, &queue->target.public_key, &dh);
- /* we don't need the private key anymore, drop it! */
- memset (&queue->ephemeral, 0, sizeof(queue->ephemeral));
- setup_cipher (&dh, &queue->target, &queue->out_cipher, &queue->out_hmac);
+ setup_cipher (dh, &queue->target, &queue->out_cipher, &queue->out_hmac);
queue->rekey_time = GNUNET_TIME_relative_to_absolute (rekey_interval);
queue->rekey_left_bytes =
GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK, REKEY_MAX_BYTES);
@@ -1582,13 +1571,15 @@ inject_rekey (struct Queue *queue)
{
struct TCPRekey rekey;
struct TcpRekeySignature thp;
+ struct GNUNET_HashCode k;
+ struct GNUNET_CRYPTO_EcdhePublicKey c;
GNUNET_assert (0 == queue->pwrite_off);
memset (&rekey, 0, sizeof(rekey));
- GNUNET_CRYPTO_ecdhe_key_create (&queue->ephemeral);
+ GNUNET_CRYPTO_eddsa_kem_encaps (&queue->target.public_key, &rekey.ephemeral,
+ &k);
rekey.header.type = ntohs (GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_REKEY);
rekey.header.size = ntohs (sizeof(rekey));
- GNUNET_CRYPTO_ecdhe_key_get_public (&queue->ephemeral, &rekey.ephemeral);
rekey.monotonic_time =
GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg));
thp.purpose.purpose = htonl
(GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_TCP_REKEY);
@@ -1627,9 +1618,10 @@ inject_rekey (struct Queue *queue)
queue->cwrite_off += sizeof(rekey);
/* Setup new cipher for successive messages */
gcry_cipher_close (queue->out_cipher);
- setup_out_cipher (queue);
+ setup_out_cipher (queue, &k);
}
+
static int
pending_reversals_delete_it (void *cls,
const struct GNUNET_HashCode *key,
@@ -1829,7 +1821,7 @@ queue_write (void *cls)
if (((0 == queue->rekey_left_bytes) ||
(0 == GNUNET_TIME_absolute_get_remaining (
queue->rekey_time).rel_value_us)) &&
- (((0 == queue->pwrite_off) || ! we_do_not_need_to_rekey)&&
+ (((0 == queue->pwrite_off) || ! we_do_not_need_to_rekey) &&
(queue->cwrite_off + sizeof (struct TCPRekey) <= BUF_SIZE)))
{
inject_rekey (queue);
@@ -2712,10 +2704,10 @@ static void
start_initial_kx_out (struct Queue *queue)
{
struct GNUNET_CRYPTO_EcdhePublicKey epub;
+ struct GNUNET_HashCode k;
- GNUNET_CRYPTO_ecdhe_key_create (&queue->ephemeral);
- GNUNET_CRYPTO_ecdhe_key_get_public (&queue->ephemeral, &epub);
- setup_out_cipher (queue);
+ GNUNET_CRYPTO_eddsa_kem_encaps (&queue->target.public_key, &epub, &k);
+ setup_out_cipher (queue, &k);
transmit_kx (queue, &epub);
}
@@ -3060,6 +3052,7 @@ proto_read_kx (void *cls)
GNUNET_free (pq);
}
+
static struct ProtoQueue *
create_proto_queue (struct GNUNET_NETWORK_Handle *sock,
struct sockaddr *in,
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index 745a27481..ad6d5b1b5 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -61,10 +61,11 @@
#define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-ecc", __VA_ARGS__)
#define LOG_STRERROR(kind, syscall) \
- GNUNET_log_from_strerror (kind, "util-crypto-ecc", syscall)
+ GNUNET_log_from_strerror (kind, "util-crypto-ecc", syscall)
#define LOG_STRERROR_FILE(kind, syscall, filename) \
- GNUNET_log_from_strerror_file (kind, "util-crypto-ecc", syscall, filename)
+ GNUNET_log_from_strerror_file (kind, "util-crypto-ecc", syscall, \
+ filename)
/**
* Log an error message at log-level 'level' that indicates
@@ -72,15 +73,15 @@
* by gcry_strerror(rc).
*/
#define LOG_GCRY(level, cmd, rc) \
- do \
- { \
- LOG (level, \
- _ ("`%s' failed at %s:%d with error: %s\n"), \
- cmd, \
- __FILE__, \
- __LINE__, \
- gcry_strerror (rc)); \
- } while (0)
+ do \
+ { \
+ LOG (level, \
+ _ ("`%s' failed at %s:%d with error: %s\n"), \
+ cmd, \
+ __FILE__, \
+ __LINE__, \
+ gcry_strerror (rc)); \
+ } while (0)
/**
@@ -744,6 +745,16 @@ GNUNET_CRYPTO_eddsa_ecdh (const struct
GNUNET_CRYPTO_EddsaPrivateKey *priv,
}
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_eddsa_kem_decaps (const struct
+ GNUNET_CRYPTO_EddsaPrivateKey *priv,
+ const struct GNUNET_CRYPTO_EcdhePublicKey *c,
+ struct GNUNET_HashCode *key_material)
+{
+ return GNUNET_CRYPTO_eddsa_ecdh (priv, c, key_material);
+}
+
+
enum GNUNET_GenericReturnValue
GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
@@ -779,6 +790,19 @@ GNUNET_CRYPTO_ecdh_eddsa (const struct
GNUNET_CRYPTO_EcdhePrivateKey *priv,
}
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_eddsa_kem_encaps (const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
+ struct GNUNET_CRYPTO_EcdhePublicKey *c,
+ struct GNUNET_HashCode *key_material)
+{
+ struct GNUNET_CRYPTO_EcdhePrivateKey sk;
+
+ GNUNET_CRYPTO_ecdhe_key_create (&sk);
+ GNUNET_CRYPTO_ecdhe_key_get_public (&sk, c);
+ return GNUNET_CRYPTO_ecdh_eddsa (&sk, pub, key_material);
+}
+
+
enum GNUNET_GenericReturnValue
GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [gnunet] branch master updated: NEWS: Add KEM API to avoid ephemeral private key management,
gnunet <=