diff options
author | Martin Schanzenbach <schanzen@gnunet.org> | 2022-01-31 11:10:53 +0100 |
---|---|---|
committer | Martin Schanzenbach <schanzen@gnunet.org> | 2022-01-31 11:10:53 +0100 |
commit | b3c486bfa32ed6d0c62c0cbbb6f0ce8489271f6e (patch) | |
tree | dc720eafba5d20bb9ebfe237696244fd3e7943df | |
parent | b1b33aa38f25b9b3182163a2fd44a60784e7dadc (diff) | |
download | gnunet-b3c486bfa32ed6d0c62c0cbbb6f0ce8489271f6e.tar.gz gnunet-b3c486bfa32ed6d0c62c0cbbb6f0ce8489271f6e.zip |
-output IVs and Ks for symmetric encryption GNS
m--------- | contrib/gana | 0 | ||||
-rw-r--r-- | po/POTFILES.in | 2 | ||||
-rw-r--r-- | src/gnsrecord/gnsrecord_crypto.c | 252 | ||||
-rw-r--r-- | src/gnsrecord/gnunet-gnsrecord-tvg.c | 60 |
4 files changed, 164 insertions, 150 deletions
diff --git a/contrib/gana b/contrib/gana | |||
Subproject c12314df0f82e192c6829a9c6cf3e9663b586da | Subproject 3a71278a2aab67f9a1888af172b507d6e08364c | ||
diff --git a/po/POTFILES.in b/po/POTFILES.in index ffa06a484..ad5c68056 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in | |||
@@ -183,6 +183,7 @@ src/gnsrecord/gnsrecord_serialization.c | |||
183 | src/gnsrecord/gnunet-gnsrecord-tvg.c | 183 | src/gnsrecord/gnunet-gnsrecord-tvg.c |
184 | src/gnsrecord/json_gnsrecord.c | 184 | src/gnsrecord/json_gnsrecord.c |
185 | src/gnsrecord/plugin_gnsrecord_dns.c | 185 | src/gnsrecord/plugin_gnsrecord_dns.c |
186 | src/gnsrecord/test.c | ||
186 | src/hello/address.c | 187 | src/hello/address.c |
187 | src/hello/gnunet-hello.c | 188 | src/hello/gnunet-hello.c |
188 | src/hello/hello-ng.c | 189 | src/hello/hello-ng.c |
@@ -314,6 +315,7 @@ src/reclaim/plugin_rest_reclaim.c | |||
314 | src/reclaim/reclaim_api.c | 315 | src/reclaim/reclaim_api.c |
315 | src/reclaim/reclaim_attribute.c | 316 | src/reclaim/reclaim_attribute.c |
316 | src/reclaim/reclaim_credential.c | 317 | src/reclaim/reclaim_credential.c |
318 | src/reclaim/test.c | ||
317 | src/regex/gnunet-daemon-regexprofiler.c | 319 | src/regex/gnunet-daemon-regexprofiler.c |
318 | src/regex/gnunet-regex-profiler.c | 320 | src/regex/gnunet-regex-profiler.c |
319 | src/regex/gnunet-regex-simulation-profiler.c | 321 | src/regex/gnunet-regex-simulation-profiler.c |
diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c index fe7db88b9..58feaee74 100644 --- a/src/gnsrecord/gnsrecord_crypto.c +++ b/src/gnsrecord/gnsrecord_crypto.c | |||
@@ -25,15 +25,7 @@ | |||
25 | * @author Matthias Wachs | 25 | * @author Matthias Wachs |
26 | * @author Christian Grothoff | 26 | * @author Christian Grothoff |
27 | */ | 27 | */ |
28 | #include "platform.h" | 28 | #include "gnsrecord_crypto.h" |
29 | #include "gnunet_util_lib.h" | ||
30 | #include "gnunet_constants.h" | ||
31 | #include "gnunet_signatures.h" | ||
32 | #include "gnunet_arm_service.h" | ||
33 | #include "gnunet_gnsrecord_lib.h" | ||
34 | #include "gnunet_dnsparser_lib.h" | ||
35 | #include "gnunet_tun_lib.h" | ||
36 | |||
37 | 29 | ||
38 | #define LOG(kind, ...) GNUNET_log_from (kind, "gnsrecord", __VA_ARGS__) | 30 | #define LOG(kind, ...) GNUNET_log_from (kind, "gnsrecord", __VA_ARGS__) |
39 | 31 | ||
@@ -104,7 +96,7 @@ eddsa_symmetric_decrypt ( | |||
104 | return GNUNET_SYSERR; | 96 | return GNUNET_SYSERR; |
105 | if (0 != crypto_secretbox_open_detached (result, | 97 | if (0 != crypto_secretbox_open_detached (result, |
106 | block, // Ciphertext | 98 | block, // Ciphertext |
107 | ((unsigned char*)block) + ctlen, // TAG | 99 | ((unsigned char*) block) + ctlen, // TAG |
108 | ctlen, | 100 | ctlen, |
109 | nonce, key)) | 101 | nonce, key)) |
110 | { | 102 | { |
@@ -131,20 +123,12 @@ eddsa_symmetric_encrypt ( | |||
131 | } | 123 | } |
132 | 124 | ||
133 | 125 | ||
134 | /** | 126 | void |
135 | * Derive session key and iv from label and public key. | 127 | GNR_derive_block_aes_key (unsigned char *ctr, |
136 | * | 128 | unsigned char *key, |
137 | * @param iv initialization vector to initialize | 129 | const char *label, |
138 | * @param skey session key to initialize | 130 | uint64_t exp, |
139 | * @param label label to use for KDF | 131 | const struct GNUNET_CRYPTO_EcdsaPublicKey *pub) |
140 | * @param pub public key to use for KDF | ||
141 | */ | ||
142 | static void | ||
143 | derive_block_aes_key (unsigned char *ctr, | ||
144 | unsigned char *key, | ||
145 | const char *label, | ||
146 | uint64_t exp, | ||
147 | const struct GNUNET_CRYPTO_EcdsaPublicKey *pub) | ||
148 | { | 132 | { |
149 | static const char ctx_key[] = "gns-aes-ctx-key"; | 133 | static const char ctx_key[] = "gns-aes-ctx-key"; |
150 | static const char ctx_iv[] = "gns-aes-ctx-iv"; | 134 | static const char ctx_iv[] = "gns-aes-ctx-iv"; |
@@ -168,20 +152,12 @@ derive_block_aes_key (unsigned char *ctr, | |||
168 | } | 152 | } |
169 | 153 | ||
170 | 154 | ||
171 | /** | 155 | void |
172 | * Derive session key and iv from label and public key. | 156 | GNR_derive_block_xsalsa_key (unsigned char *nonce, |
173 | * | 157 | unsigned char *key, |
174 | * @param nonce initialization vector to initialize | 158 | const char *label, |
175 | * @param skey session key to initialize | 159 | uint64_t exp, |
176 | * @param label label to use for KDF | 160 | const struct GNUNET_CRYPTO_EddsaPublicKey *pub) |
177 | * @param pub public key to use for KDF | ||
178 | */ | ||
179 | static void | ||
180 | derive_block_xsalsa_key (unsigned char *nonce, | ||
181 | unsigned char *key, | ||
182 | const char *label, | ||
183 | uint64_t exp, | ||
184 | const struct GNUNET_CRYPTO_EddsaPublicKey *pub) | ||
185 | { | 161 | { |
186 | static const char ctx_key[] = "gns-aes-ctx-key"; | 162 | static const char ctx_key[] = "gns-aes-ctx-key"; |
187 | static const char ctx_iv[] = "gns-aes-ctx-iv"; | 163 | static const char ctx_iv[] = "gns-aes-ctx-iv"; |
@@ -291,11 +267,11 @@ block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
291 | "gns"); | 267 | "gns"); |
292 | GNUNET_CRYPTO_ecdsa_key_get_public (dkey, | 268 | GNUNET_CRYPTO_ecdsa_key_get_public (dkey, |
293 | &ecblock->derived_key); | 269 | &ecblock->derived_key); |
294 | derive_block_aes_key (ctr, | 270 | GNR_derive_block_aes_key (ctr, |
295 | skey, | 271 | skey, |
296 | label, | 272 | label, |
297 | ecblock->expiration_time.abs_value_us__, | 273 | ecblock->expiration_time.abs_value_us__, |
298 | pkey); | 274 | pkey); |
299 | GNUNET_break (payload_len + sizeof(uint32_t) == | 275 | GNUNET_break (payload_len + sizeof(uint32_t) == |
300 | ecdsa_symmetric_encrypt (payload, | 276 | ecdsa_symmetric_encrypt (payload, |
301 | payload_len | 277 | payload_len |
@@ -409,11 +385,11 @@ block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key, | |||
409 | &dkey); | 385 | &dkey); |
410 | GNUNET_CRYPTO_eddsa_key_get_public_from_scalar (&dkey, | 386 | GNUNET_CRYPTO_eddsa_key_get_public_from_scalar (&dkey, |
411 | &edblock->derived_key); | 387 | &edblock->derived_key); |
412 | derive_block_xsalsa_key (nonce, | 388 | GNR_derive_block_xsalsa_key (nonce, |
413 | skey, | 389 | skey, |
414 | label, | 390 | label, |
415 | edblock->expiration_time.abs_value_us__, | 391 | edblock->expiration_time.abs_value_us__, |
416 | pkey); | 392 | pkey); |
417 | GNUNET_break (GNUNET_OK == | 393 | GNUNET_break (GNUNET_OK == |
418 | eddsa_symmetric_encrypt (payload, | 394 | eddsa_symmetric_encrypt (payload, |
419 | payload_len | 395 | payload_len |
@@ -456,24 +432,24 @@ GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key, | |||
456 | 432 | ||
457 | switch (ntohl (key->type)) | 433 | switch (ntohl (key->type)) |
458 | { | 434 | { |
459 | case GNUNET_GNSRECORD_TYPE_PKEY: | 435 | case GNUNET_GNSRECORD_TYPE_PKEY: |
460 | res = block_create_ecdsa (&key->ecdsa_key, | 436 | res = block_create_ecdsa (&key->ecdsa_key, |
461 | &pkey.ecdsa_key, | 437 | &pkey.ecdsa_key, |
462 | expire, | 438 | expire, |
463 | norm_label, | 439 | norm_label, |
464 | rd, | 440 | rd, |
465 | rd_count); | 441 | rd_count); |
466 | break; | 442 | break; |
467 | case GNUNET_GNSRECORD_TYPE_EDKEY: | 443 | case GNUNET_GNSRECORD_TYPE_EDKEY: |
468 | res = block_create_eddsa (&key->eddsa_key, | 444 | res = block_create_eddsa (&key->eddsa_key, |
469 | &pkey.eddsa_key, | 445 | &pkey.eddsa_key, |
470 | expire, | 446 | expire, |
471 | norm_label, | 447 | norm_label, |
472 | rd, | 448 | rd, |
473 | rd_count); | 449 | rd_count); |
474 | break; | 450 | break; |
475 | default: | 451 | default: |
476 | GNUNET_assert (0); | 452 | GNUNET_assert (0); |
477 | } | 453 | } |
478 | GNUNET_free (norm_label); | 454 | GNUNET_free (norm_label); |
479 | return res; | 455 | return res; |
@@ -576,20 +552,20 @@ GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block) | |||
576 | { | 552 | { |
577 | switch (ntohl (block->type)) | 553 | switch (ntohl (block->type)) |
578 | { | 554 | { |
579 | case GNUNET_GNSRECORD_TYPE_PKEY: | 555 | case GNUNET_GNSRECORD_TYPE_PKEY: |
580 | return GNUNET_CRYPTO_ecdsa_verify_ ( | 556 | return GNUNET_CRYPTO_ecdsa_verify_ ( |
581 | GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, | 557 | GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, |
582 | &block->ecdsa_block.purpose, | 558 | &block->ecdsa_block.purpose, |
583 | &block->ecdsa_block.signature, | 559 | &block->ecdsa_block.signature, |
584 | &block->ecdsa_block.derived_key); | 560 | &block->ecdsa_block.derived_key); |
585 | case GNUNET_GNSRECORD_TYPE_EDKEY: | 561 | case GNUNET_GNSRECORD_TYPE_EDKEY: |
586 | return GNUNET_CRYPTO_eddsa_verify_ ( | 562 | return GNUNET_CRYPTO_eddsa_verify_ ( |
587 | GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, | 563 | GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, |
588 | &block->eddsa_block.purpose, | 564 | &block->eddsa_block.purpose, |
589 | &block->eddsa_block.signature, | 565 | &block->eddsa_block.signature, |
590 | &block->eddsa_block.derived_key); | 566 | &block->eddsa_block.derived_key); |
591 | default: | 567 | default: |
592 | return GNUNET_NO; | 568 | return GNUNET_NO; |
593 | } | 569 | } |
594 | } | 570 | } |
595 | 571 | ||
@@ -603,8 +579,8 @@ block_decrypt_ecdsa (const struct GNUNET_GNSRECORD_EcdsaBlock *block, | |||
603 | void *proc_cls) | 579 | void *proc_cls) |
604 | { | 580 | { |
605 | size_t payload_len = ntohl (block->purpose.size) | 581 | size_t payload_len = ntohl (block->purpose.size) |
606 | - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | 582 | - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) |
607 | - sizeof(struct GNUNET_TIME_AbsoluteNBO); | 583 | - sizeof(struct GNUNET_TIME_AbsoluteNBO); |
608 | unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2]; | 584 | unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2]; |
609 | unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH]; | 585 | unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH]; |
610 | 586 | ||
@@ -615,11 +591,11 @@ block_decrypt_ecdsa (const struct GNUNET_GNSRECORD_EcdsaBlock *block, | |||
615 | GNUNET_break_op (0); | 591 | GNUNET_break_op (0); |
616 | return GNUNET_SYSERR; | 592 | return GNUNET_SYSERR; |
617 | } | 593 | } |
618 | derive_block_aes_key (ctr, | 594 | GNR_derive_block_aes_key (ctr, |
619 | key, | 595 | key, |
620 | label, | 596 | label, |
621 | block->expiration_time.abs_value_us__, | 597 | block->expiration_time.abs_value_us__, |
622 | zone_key); | 598 | zone_key); |
623 | { | 599 | { |
624 | char payload[payload_len]; | 600 | char payload[payload_len]; |
625 | uint32_t rd_count; | 601 | uint32_t rd_count; |
@@ -731,8 +707,8 @@ block_decrypt_eddsa (const struct GNUNET_GNSRECORD_EddsaBlock *block, | |||
731 | void *proc_cls) | 707 | void *proc_cls) |
732 | { | 708 | { |
733 | size_t payload_len = ntohl (block->purpose.size) | 709 | size_t payload_len = ntohl (block->purpose.size) |
734 | - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | 710 | - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) |
735 | - sizeof(struct GNUNET_TIME_AbsoluteNBO); | 711 | - sizeof(struct GNUNET_TIME_AbsoluteNBO); |
736 | unsigned char nonce[crypto_secretbox_NONCEBYTES]; | 712 | unsigned char nonce[crypto_secretbox_NONCEBYTES]; |
737 | unsigned char key[crypto_secretbox_KEYBYTES]; | 713 | unsigned char key[crypto_secretbox_KEYBYTES]; |
738 | 714 | ||
@@ -743,11 +719,11 @@ block_decrypt_eddsa (const struct GNUNET_GNSRECORD_EddsaBlock *block, | |||
743 | GNUNET_break_op (0); | 719 | GNUNET_break_op (0); |
744 | return GNUNET_SYSERR; | 720 | return GNUNET_SYSERR; |
745 | } | 721 | } |
746 | derive_block_xsalsa_key (nonce, | 722 | GNR_derive_block_xsalsa_key (nonce, |
747 | key, | 723 | key, |
748 | label, | 724 | label, |
749 | block->expiration_time.abs_value_us__, | 725 | block->expiration_time.abs_value_us__, |
750 | zone_key); | 726 | zone_key); |
751 | { | 727 | { |
752 | char payload[payload_len]; | 728 | char payload[payload_len]; |
753 | uint32_t rd_count; | 729 | uint32_t rd_count; |
@@ -875,16 +851,18 @@ GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block, | |||
875 | norm_label = GNUNET_GNSRECORD_string_normalize (label); | 851 | norm_label = GNUNET_GNSRECORD_string_normalize (label); |
876 | switch (ntohl (zone_key->type)) | 852 | switch (ntohl (zone_key->type)) |
877 | { | 853 | { |
878 | case GNUNET_IDENTITY_TYPE_ECDSA: | 854 | case GNUNET_IDENTITY_TYPE_ECDSA: |
879 | res = block_decrypt_ecdsa (&block->ecdsa_block, | 855 | res = block_decrypt_ecdsa (&block->ecdsa_block, |
880 | &zone_key->ecdsa_key, norm_label, proc, proc_cls); | 856 | &zone_key->ecdsa_key, norm_label, proc, |
881 | break; | 857 | proc_cls); |
882 | case GNUNET_IDENTITY_TYPE_EDDSA: | 858 | break; |
883 | res = block_decrypt_eddsa (&block->eddsa_block, | 859 | case GNUNET_IDENTITY_TYPE_EDDSA: |
884 | &zone_key->eddsa_key, norm_label, proc, proc_cls); | 860 | res = block_decrypt_eddsa (&block->eddsa_block, |
885 | break; | 861 | &zone_key->eddsa_key, norm_label, proc, |
886 | default: | 862 | proc_cls); |
887 | return GNUNET_SYSERR; | 863 | break; |
864 | default: | ||
865 | return GNUNET_SYSERR; | ||
888 | } | 866 | } |
889 | GNUNET_free (norm_label); | 867 | GNUNET_free (norm_label); |
890 | return res; | 868 | return res; |
@@ -910,17 +888,17 @@ GNUNET_GNSRECORD_query_from_private_key (const struct | |||
910 | norm_label = GNUNET_GNSRECORD_string_normalize (label); | 888 | norm_label = GNUNET_GNSRECORD_string_normalize (label); |
911 | switch (ntohl (zone->type)) | 889 | switch (ntohl (zone->type)) |
912 | { | 890 | { |
913 | case GNUNET_GNSRECORD_TYPE_PKEY: | 891 | case GNUNET_GNSRECORD_TYPE_PKEY: |
914 | case GNUNET_GNSRECORD_TYPE_EDKEY: | 892 | case GNUNET_GNSRECORD_TYPE_EDKEY: |
915 | 893 | ||
916 | GNUNET_IDENTITY_key_get_public (zone, | 894 | GNUNET_IDENTITY_key_get_public (zone, |
917 | &pub); | 895 | &pub); |
918 | GNUNET_GNSRECORD_query_from_public_key (&pub, | 896 | GNUNET_GNSRECORD_query_from_public_key (&pub, |
919 | norm_label, | 897 | norm_label, |
920 | query); | 898 | query); |
921 | break; | 899 | break; |
922 | default: | 900 | default: |
923 | GNUNET_assert (0); | 901 | GNUNET_assert (0); |
924 | } | 902 | } |
925 | GNUNET_free (norm_label); | 903 | GNUNET_free (norm_label); |
926 | } | 904 | } |
@@ -947,28 +925,28 @@ GNUNET_GNSRECORD_query_from_public_key (const struct | |||
947 | 925 | ||
948 | switch (ntohl (pub->type)) | 926 | switch (ntohl (pub->type)) |
949 | { | 927 | { |
950 | case GNUNET_GNSRECORD_TYPE_PKEY: | 928 | case GNUNET_GNSRECORD_TYPE_PKEY: |
951 | pd.type = pub->type; | 929 | pd.type = pub->type; |
952 | GNUNET_CRYPTO_ecdsa_public_key_derive (&pub->ecdsa_key, | 930 | GNUNET_CRYPTO_ecdsa_public_key_derive (&pub->ecdsa_key, |
953 | norm_label, | 931 | norm_label, |
954 | "gns", | 932 | "gns", |
955 | &pd.ecdsa_key); | 933 | &pd.ecdsa_key); |
956 | GNUNET_CRYPTO_hash (&pd.ecdsa_key, | 934 | GNUNET_CRYPTO_hash (&pd.ecdsa_key, |
957 | sizeof (pd.ecdsa_key), | 935 | sizeof (pd.ecdsa_key), |
958 | query); | 936 | query); |
959 | break; | 937 | break; |
960 | case GNUNET_GNSRECORD_TYPE_EDKEY: | 938 | case GNUNET_GNSRECORD_TYPE_EDKEY: |
961 | pd.type = pub->type; | 939 | pd.type = pub->type; |
962 | GNUNET_CRYPTO_eddsa_public_key_derive (&pub->eddsa_key, | 940 | GNUNET_CRYPTO_eddsa_public_key_derive (&pub->eddsa_key, |
963 | norm_label, | 941 | norm_label, |
964 | "gns", | 942 | "gns", |
965 | &(pd.eddsa_key)); | 943 | &(pd.eddsa_key)); |
966 | GNUNET_CRYPTO_hash (&pd.eddsa_key, | 944 | GNUNET_CRYPTO_hash (&pd.eddsa_key, |
967 | sizeof (pd.eddsa_key), | 945 | sizeof (pd.eddsa_key), |
968 | query); | 946 | query); |
969 | break; | 947 | break; |
970 | default: | 948 | default: |
971 | GNUNET_assert (0); | 949 | GNUNET_assert (0); |
972 | } | 950 | } |
973 | GNUNET_free (norm_label); | 951 | GNUNET_free (norm_label); |
974 | } | 952 | } |
diff --git a/src/gnsrecord/gnunet-gnsrecord-tvg.c b/src/gnsrecord/gnunet-gnsrecord-tvg.c index 9e3dea921..7a78580d2 100644 --- a/src/gnsrecord/gnunet-gnsrecord-tvg.c +++ b/src/gnsrecord/gnunet-gnsrecord-tvg.c | |||
@@ -31,6 +31,7 @@ | |||
31 | #include "gnunet_dnsparser_lib.h" | 31 | #include "gnunet_dnsparser_lib.h" |
32 | #include "gnunet_testing_lib.h" | 32 | #include "gnunet_testing_lib.h" |
33 | #include <inttypes.h> | 33 | #include <inttypes.h> |
34 | #include "gnsrecord_crypto.h" | ||
34 | 35 | ||
35 | #define TEST_RECORD_LABEL "test" | 36 | #define TEST_RECORD_LABEL "test" |
36 | #define TEST_RECORD_A "1.2.3.4" | 37 | #define TEST_RECORD_A "1.2.3.4" |
@@ -38,9 +39,9 @@ | |||
38 | 39 | ||
39 | static void | 40 | static void |
40 | print_bytes_ (void *buf, | 41 | print_bytes_ (void *buf, |
41 | size_t buf_len, | 42 | size_t buf_len, |
42 | int fold, | 43 | int fold, |
43 | int in_be) | 44 | int in_be) |
44 | { | 45 | { |
45 | int i; | 46 | int i; |
46 | 47 | ||
@@ -114,14 +115,16 @@ run_pkey (void) | |||
114 | size_t rdata_size; | 115 | size_t rdata_size; |
115 | uint32_t rd_count_nbo; | 116 | uint32_t rd_count_nbo; |
116 | char ztld[128]; | 117 | char ztld[128]; |
118 | unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2]; | ||
119 | unsigned char skey[GNUNET_CRYPTO_AES_KEY_LENGTH]; | ||
117 | 120 | ||
118 | /* | 121 | /* |
119 | * Make two different expiration times | 122 | * Make two different expiration times |
120 | */ | 123 | */ |
121 | delta1 = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS, | 124 | delta1 = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS, |
122 | 420); //420 years | 125 | 420); // 420 years |
123 | delta2 = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS, | 126 | delta2 = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS, |
124 | 777); //777 years | 127 | 777); // 777 years |
125 | exp1 = GNUNET_TIME_absolute_add (now, delta1); | 128 | exp1 = GNUNET_TIME_absolute_add (now, delta1); |
126 | exp2 = GNUNET_TIME_absolute_add (now, delta2); | 129 | exp2 = GNUNET_TIME_absolute_add (now, delta2); |
127 | 130 | ||
@@ -131,7 +134,8 @@ run_pkey (void) | |||
131 | &id_pub); | 134 | &id_pub); |
132 | fprintf (stdout, | 135 | fprintf (stdout, |
133 | "Zone private key (d, big-endian):\n"); | 136 | "Zone private key (d, big-endian):\n"); |
134 | print_bytes (&id_priv.ecdsa_key, sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey), 8); | 137 | print_bytes (&id_priv.ecdsa_key, sizeof (struct |
138 | GNUNET_CRYPTO_EcdsaPrivateKey), 8); | ||
135 | fprintf (stdout, "\n"); | 139 | fprintf (stdout, "\n"); |
136 | fprintf (stdout, "Zone identifier (ztype|zkey):\n"); | 140 | fprintf (stdout, "Zone identifier (ztype|zkey):\n"); |
137 | print_bytes (&id_pub, GNUNET_IDENTITY_key_get_length (&id_pub), 8); | 141 | print_bytes (&id_pub, GNUNET_IDENTITY_key_get_length (&id_pub), 8); |
@@ -171,7 +175,7 @@ run_pkey (void) | |||
171 | rdata_size = GNUNET_GNSRECORD_records_get_size (TEST_RRCOUNT, | 175 | rdata_size = GNUNET_GNSRECORD_records_get_size (TEST_RRCOUNT, |
172 | rd); | 176 | rd); |
173 | rdata = GNUNET_malloc (rdata_size); | 177 | rdata = GNUNET_malloc (rdata_size); |
174 | rd_count_nbo = htonl(2); | 178 | rd_count_nbo = htonl (2); |
175 | GNUNET_memcpy (rdata, | 179 | GNUNET_memcpy (rdata, |
176 | &rd_count_nbo, | 180 | &rd_count_nbo, |
177 | sizeof (uint32_t)); | 181 | sizeof (uint32_t)); |
@@ -183,6 +187,20 @@ run_pkey (void) | |||
183 | print_bytes (rdata, rdata_size, 8); | 187 | print_bytes (rdata, rdata_size, 8); |
184 | fprintf (stdout, "\n"); | 188 | fprintf (stdout, "\n"); |
185 | expire = GNUNET_GNSRECORD_record_get_expiration_time (TEST_RRCOUNT, rd); | 189 | expire = GNUNET_GNSRECORD_record_get_expiration_time (TEST_RRCOUNT, rd); |
190 | GNR_derive_block_aes_key (ctr, | ||
191 | skey, | ||
192 | TEST_RECORD_LABEL, | ||
193 | GNUNET_TIME_absolute_hton ( | ||
194 | expire).abs_value_us__, | ||
195 | &id_pub.ecdsa_key); | ||
196 | |||
197 | fprintf (stdout, "Encryption NONCE|EXPIRATION|BLOCK COUNTER:\n"); | ||
198 | print_bytes (ctr, sizeof (ctr), 8); | ||
199 | fprintf (stdout, "\n"); | ||
200 | fprintf (stdout, "Encryption key (K):\n"); | ||
201 | print_bytes (skey, sizeof (skey), 8); | ||
202 | |||
203 | |||
186 | rrblock = GNUNET_GNSRECORD_block_create (&id_priv, | 204 | rrblock = GNUNET_GNSRECORD_block_create (&id_priv, |
187 | expire, | 205 | expire, |
188 | TEST_RECORD_LABEL, | 206 | TEST_RECORD_LABEL, |
@@ -237,14 +255,16 @@ run_edkey (void) | |||
237 | size_t rdata_size; | 255 | size_t rdata_size; |
238 | uint32_t rd_count_nbo; | 256 | uint32_t rd_count_nbo; |
239 | char ztld[128]; | 257 | char ztld[128]; |
258 | unsigned char nonce[crypto_secretbox_NONCEBYTES]; | ||
259 | unsigned char skey[crypto_secretbox_KEYBYTES]; | ||
240 | 260 | ||
241 | /* | 261 | /* |
242 | * Make two different expiration times | 262 | * Make two different expiration times |
243 | */ | 263 | */ |
244 | delta1 = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS, | 264 | delta1 = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS, |
245 | 420); //420 years | 265 | 420); // 420 years |
246 | delta2 = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS, | 266 | delta2 = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS, |
247 | 777); //777 years | 267 | 777); // 777 years |
248 | exp1 = GNUNET_TIME_absolute_add (now, delta1); | 268 | exp1 = GNUNET_TIME_absolute_add (now, delta1); |
249 | exp2 = GNUNET_TIME_absolute_add (now, delta2); | 269 | exp2 = GNUNET_TIME_absolute_add (now, delta2); |
250 | 270 | ||
@@ -259,7 +279,8 @@ run_edkey (void) | |||
259 | &id_pub); | 279 | &id_pub); |
260 | fprintf (stdout, | 280 | fprintf (stdout, |
261 | "Zone private key (d):\n"); | 281 | "Zone private key (d):\n"); |
262 | print_bytes (&id_priv.eddsa_key, sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey), 8); | 282 | print_bytes (&id_priv.eddsa_key, sizeof (struct |
283 | GNUNET_CRYPTO_EddsaPrivateKey), 8); | ||
263 | fprintf (stdout, "\n"); | 284 | fprintf (stdout, "\n"); |
264 | fprintf (stdout, "Zone identifier (ztype|zkey):\n"); | 285 | fprintf (stdout, "Zone identifier (ztype|zkey):\n"); |
265 | print_bytes (&id_pub, GNUNET_IDENTITY_key_get_length (&id_pub), 8); | 286 | print_bytes (&id_pub, GNUNET_IDENTITY_key_get_length (&id_pub), 8); |
@@ -301,7 +322,7 @@ run_edkey (void) | |||
301 | expire = GNUNET_GNSRECORD_record_get_expiration_time (TEST_RRCOUNT, | 322 | expire = GNUNET_GNSRECORD_record_get_expiration_time (TEST_RRCOUNT, |
302 | rd); | 323 | rd); |
303 | rdata = GNUNET_malloc (sizeof (uint32_t) + rdata_size); | 324 | rdata = GNUNET_malloc (sizeof (uint32_t) + rdata_size); |
304 | rd_count_nbo = htonl(2); | 325 | rd_count_nbo = htonl (2); |
305 | GNUNET_memcpy (rdata, | 326 | GNUNET_memcpy (rdata, |
306 | &rd_count_nbo, | 327 | &rd_count_nbo, |
307 | sizeof (uint32_t)); | 328 | sizeof (uint32_t)); |
@@ -312,6 +333,19 @@ run_edkey (void) | |||
312 | fprintf (stdout, "RDATA:\n"); | 333 | fprintf (stdout, "RDATA:\n"); |
313 | print_bytes (rdata, rdata_size, 8); | 334 | print_bytes (rdata, rdata_size, 8); |
314 | fprintf (stdout, "\n"); | 335 | fprintf (stdout, "\n"); |
336 | GNR_derive_block_xsalsa_key (nonce, | ||
337 | skey, | ||
338 | TEST_RECORD_LABEL, | ||
339 | GNUNET_TIME_absolute_hton ( | ||
340 | expire).abs_value_us__, | ||
341 | &id_pub.eddsa_key); | ||
342 | fprintf (stdout, "Encryption NONCE|EXPIRATION:\n"); | ||
343 | print_bytes (nonce, sizeof (nonce), 8); | ||
344 | fprintf (stdout, "\n"); | ||
345 | fprintf (stdout, "Encryption key (K):\n"); | ||
346 | print_bytes (skey, sizeof (skey), 8); | ||
347 | fprintf (stdout, "\n"); | ||
348 | |||
315 | rrblock = GNUNET_GNSRECORD_block_create (&id_priv, | 349 | rrblock = GNUNET_GNSRECORD_block_create (&id_priv, |
316 | expire, | 350 | expire, |
317 | TEST_RECORD_LABEL, | 351 | TEST_RECORD_LABEL, |
@@ -350,8 +384,8 @@ run (void *cls, | |||
350 | const char *cfgfile, | 384 | const char *cfgfile, |
351 | const struct GNUNET_CONFIGURATION_Handle *cfg) | 385 | const struct GNUNET_CONFIGURATION_Handle *cfg) |
352 | { | 386 | { |
353 | run_pkey(); | 387 | run_pkey (); |
354 | run_edkey(); | 388 | run_edkey (); |
355 | } | 389 | } |
356 | 390 | ||
357 | 391 | ||