summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSchanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de>2018-01-03 10:11:40 +0100
committerSchanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de>2018-01-03 10:11:40 +0100
commitfb85cf602c67994646c156aa9e05d2b9aa10816c (patch)
treeed14e694bb1ce9c11e7cebd0aa445ad41f7c2c7e
parent7c1f035ed971e12882cd7a65c7d36883842945b1 (diff)
-move abe functionality out of util; prepare for release
-rw-r--r--configure.ac1
-rw-r--r--contrib/Dockerfile (renamed from Dockerfile)0
-rw-r--r--contrib/docker-entrypoint.sh (renamed from docker-entrypoint.sh)0
-rw-r--r--po/POTFILES.in1
-rw-r--r--src/Makefile.am7
-rw-r--r--src/abe/Makefile.am50
-rw-r--r--src/abe/abe.c417
-rw-r--r--src/abe/test_cpabe.c (renamed from src/util/test_crypto_abe.c)13
-rw-r--r--src/identity-provider/Makefile.am1
-rw-r--r--src/identity-provider/gnunet-service-identity-provider.c77
-rw-r--r--src/include/gnunet_abe_lib.h143
-rw-r--r--src/include/gnunet_crypto_lib.h82
-rw-r--r--src/util/Makefile.am23
13 files changed, 663 insertions, 152 deletions
diff --git a/configure.ac b/configure.ac
index ac00bd5d6..017b4836c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1658,6 +1658,7 @@ src/vpn/vpn.conf
src/zonemaster/Makefile
src/zonemaster/zonemaster.conf
src/rest/Makefile
+src/abe/Makefile
src/identity-attribute/Makefile
src/identity-provider/Makefile
pkgconfig/Makefile
diff --git a/Dockerfile b/contrib/Dockerfile
index 5a193a46d..5a193a46d 100644
--- a/Dockerfile
+++ b/contrib/Dockerfile
diff --git a/docker-entrypoint.sh b/contrib/docker-entrypoint.sh
index 807d86d6f..807d86d6f 100644
--- a/docker-entrypoint.sh
+++ b/contrib/docker-entrypoint.sh
diff --git a/po/POTFILES.in b/po/POTFILES.in
index e0654d4b4..2fcb74c09 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -1,3 +1,4 @@
+src/abe/abe.c
src/arm/arm_api.c
src/arm/arm_monitor_api.c
src/arm/gnunet-arm.c
diff --git a/src/Makefile.am b/src/Makefile.am
index fcdd44bfb..6d0284157 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -14,9 +14,10 @@ if HAVE_EXPERIMENTAL
rps
# dv (FTBFS)
if HAVE_ABE
- EXP_DIR += identity-attribute \
- identity-provider \
- credential
+ EXP_DIR += abe \
+ credential \
+ identity-attribute \
+ identity-provider
endif
endif
diff --git a/src/abe/Makefile.am b/src/abe/Makefile.am
new file mode 100644
index 000000000..308e6c67c
--- /dev/null
+++ b/src/abe/Makefile.am
@@ -0,0 +1,50 @@
+# This Makefile.am is in the public domain
+AM_CPPFLAGS = -I$(top_srcdir)/src/include
+
+plugindir = $(libdir)/gnunet
+
+libexecdir= $(pkglibdir)/libexec/
+
+pkgcfgdir= $(pkgdatadir)/config.d/
+
+dist_pkgcfg_DATA = \
+ abe.conf
+
+if USE_COVERAGE
+ AM_CFLAGS = --coverage -O0
+ XLIB = -lgcov
+endif
+
+libgnunetabe_la_SOURCES = abe.c
+
+libgnunetabe_la_LIBADD = \
+ $(GCLIBADD)\
+ $(LIBGCRYPT_LIBS) \
+ $(LTLIBICONV) \
+ $(LTLIBINTL) \
+ $(ABE_LIBADD) \
+ -lgabe \
+ -lpbc \
+ -lglib-2.0 \
+ -lltdl $(Z_LIBS) -lunistring $(XLIB)
+
+libgnunetabe_la_LDFLAGS = \
+ $(GN_LIB_LDFLAGS) \
+ -version-info 1:0:0
+
+lib_LTLIBRARIES = libgnunetabe.la
+
+if ENABLE_TEST_RUN
+AM_TESTS_ENVIRONMENT=export GNUNET_PREFIX=$${GNUNET_PREFIX:-@libdir@};export PATH=$${GNUNET_PREFIX:-@prefix@}/bin:$$PATH;unset XDG_DATA_HOME;unset XDG_CONFIG_HOME;
+TESTS = $(check_PROGRAMS)
+endif
+
+check_PROGRAMS = test_cpabe
+
+test_cpabe_SOURCES = \
+ test_cpabe.c
+test_cpabe_LDADD = \
+ libgnunetabe.la \
+ $(top_builddir)/src/util/libgnunetutil.la
+check_PROGRAMS += \
+ test_cpabe
diff --git a/src/abe/abe.c b/src/abe/abe.c
new file mode 100644
index 000000000..d008cc522
--- /dev/null
+++ b/src/abe/abe.c
@@ -0,0 +1,417 @@
+/*
+ This file is part of GNUnet. Copyright (C) 2001-2014 Christian Grothoff
+ (and other contributing authors)
+
+ GNUnet is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published
+ by the Free Software Foundation; either version 3, or (at your
+ option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with GNUnet; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ Boston, MA 02110-1301, USA.
+
+*/
+
+/**
+ * @file util/crypto_random.c
+ * @brief functions to gather random numbers
+ * @author Christian Grothoff
+ */
+
+
+#include "platform.h"
+#include <pbc/pbc.h>
+#include <gabe.h>
+
+#include "gnunet_crypto_lib.h"
+#include "gnunet_abe_lib.h"
+
+struct GNUNET_ABE_AbeMasterKey
+{
+ gabe_pub_t* pub;
+ gabe_msk_t* msk;
+};
+
+struct GNUNET_ABE_AbeKey
+{
+ gabe_pub_t* pub;
+ gabe_prv_t* prv;
+};
+
+static int
+init_aes( element_t k, int enc,
+ gcry_cipher_hd_t* handle,
+ struct GNUNET_CRYPTO_SymmetricSessionKey *key,
+ unsigned char* iv)
+{
+ int rc;
+ int key_len;
+ unsigned char* key_buf;
+
+ key_len = element_length_in_bytes(k) < 33 ? 3 : element_length_in_bytes(k);
+ key_buf = (unsigned char*) malloc(key_len);
+ element_to_bytes(key_buf, k);
+
+ memcpy (key->aes_key, key_buf, GNUNET_CRYPTO_AES_KEY_LENGTH);
+ GNUNET_assert (0 ==
+ gcry_cipher_open (handle, GCRY_CIPHER_AES256,
+ GCRY_CIPHER_MODE_CFB, 0));
+ rc = gcry_cipher_setkey (*handle,
+ key->aes_key,
+ sizeof (key->aes_key));
+ GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
+ memset (iv, 0, 16); //TODO make reasonable
+ rc = gcry_cipher_setiv (*handle,
+ iv,
+ 16);
+ GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
+
+ free(key_buf);
+ return rc;
+}
+
+static int
+aes_128_cbc_encrypt( char* pt,
+ int size,
+ element_t k,
+ char **ct )
+{
+ gcry_cipher_hd_t handle;
+ struct GNUNET_CRYPTO_SymmetricSessionKey skey;
+ unsigned char iv[16];
+ char* buf;
+ int padding;
+ int buf_size;
+ uint8_t len[4];
+ init_aes(k, 1, &handle, &skey, iv);
+
+ /* TODO make less crufty */
+
+ /* stuff in real length (big endian) before padding */
+ len[0] = (size & 0xff000000)>>24;
+ len[1] = (size & 0xff0000)>>16;
+ len[2] = (size & 0xff00)>>8;
+ len[3] = (size & 0xff)>>0;
+ padding = 16 - ((4+size) % 16);
+ buf_size = 4 + size + padding;
+ buf = GNUNET_malloc (buf_size);
+ GNUNET_memcpy (buf, len, 4);
+ GNUNET_memcpy (buf+4, pt, size);
+ *ct = GNUNET_malloc (buf_size);
+
+ GNUNET_assert (0 == gcry_cipher_encrypt (handle, *ct, buf_size, buf, buf_size));
+ gcry_cipher_close (handle);
+ //AES_cbc_encrypt(pt->data, ct->data, pt->len, &key, iv, AES_ENCRYPT);
+ GNUNET_free (buf);
+ return buf_size;
+}
+
+static int
+aes_128_cbc_decrypt( char* ct,
+ int size,
+ element_t k,
+ char **pt )
+{
+ struct GNUNET_CRYPTO_SymmetricSessionKey skey;
+ gcry_cipher_hd_t handle;
+ unsigned char iv[16];
+ char* tmp;
+ uint32_t len;
+
+ init_aes(k, 1, &handle, &skey, iv);
+
+ tmp = GNUNET_malloc (size);
+
+ //AES_cbc_encrypt(ct->data, pt->data, ct->len, &key, iv, AES_DECRYPT);
+ GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, ct, size));
+ gcry_cipher_close (handle);
+ /* TODO make less crufty */
+
+ /* get real length */
+ len = 0;
+ len = len
+ | ((tmp[0])<<24) | ((tmp[1])<<16)
+ | ((tmp[2])<<8) | ((tmp[3])<<0);
+ /* truncate any garbage from the padding */
+ *pt = GNUNET_malloc (len);
+ GNUNET_memcpy (*pt, tmp+4, len);
+ GNUNET_free (tmp);
+ return len;
+}
+
+struct GNUNET_ABE_AbeMasterKey*
+GNUNET_ABE_cpabe_create_master_key (void)
+{
+ struct GNUNET_ABE_AbeMasterKey* key;
+ key = GNUNET_new (struct GNUNET_ABE_AbeMasterKey);
+ gabe_setup(&key->pub, &key->msk);
+ GNUNET_assert (NULL != key->pub);
+ GNUNET_assert (NULL != key->msk);
+ return key;
+}
+
+void
+GNUNET_ABE_cpabe_delete_master_key (struct GNUNET_ABE_AbeMasterKey *key)
+{
+ gabe_msk_free (key->msk);
+ gabe_pub_free (key->pub);
+ //GNUNET_free (key->msk);
+ //gabe_msk_free (key->msk); //For some reason free of pub implicit?
+ GNUNET_free (key);
+}
+
+struct GNUNET_ABE_AbeKey*
+GNUNET_ABE_cpabe_create_key (struct GNUNET_ABE_AbeMasterKey *key,
+ char **attrs)
+{
+ struct GNUNET_ABE_AbeKey *prv_key;
+ int size;
+ char *tmp;
+
+ prv_key = GNUNET_new (struct GNUNET_ABE_AbeKey);
+ prv_key->prv = gabe_keygen(key->pub, key->msk, attrs);
+ size = gabe_pub_serialize(key->pub, &tmp);
+ prv_key->pub = gabe_pub_unserialize(tmp, size);
+ GNUNET_free (tmp);
+ GNUNET_assert (NULL != prv_key->prv);
+ return prv_key;
+}
+
+void
+GNUNET_ABE_cpabe_delete_key (struct GNUNET_ABE_AbeKey *key,
+ int delete_pub)
+{
+ //Memory management in gabe is buggy
+ gabe_prv_free (key->prv);
+ if (GNUNET_YES == delete_pub)
+ gabe_pub_free (key->pub);
+ GNUNET_free (key);
+}
+
+ssize_t
+write_cpabe (void **result,
+ uint32_t file_len,
+ char* cph_buf,
+ int cph_buf_len,
+ char* aes_buf,
+ int aes_buf_len)
+{
+ char *ptr;
+ uint32_t *len;
+
+ *result = GNUNET_malloc (12 + cph_buf_len + aes_buf_len);
+ ptr = *result;
+ len = (uint32_t*) ptr;
+ *len = htonl (file_len);
+ ptr += 4;
+ len = (uint32_t*) ptr;
+ *len = htonl (aes_buf_len);
+ ptr += 4;
+ memcpy (ptr, aes_buf, aes_buf_len);
+ ptr += aes_buf_len;
+ len = (uint32_t*) ptr;
+ *len = htonl (cph_buf_len);
+ ptr += 4;
+ memcpy (ptr, cph_buf, cph_buf_len);
+ return 12 + cph_buf_len + aes_buf_len;
+}
+
+ssize_t
+read_cpabe (const void *data,
+ char** cph_buf,
+ int *cph_buf_len,
+ char** aes_buf,
+ int *aes_buf_len)
+{
+ int buf_len;
+ char *ptr;
+ uint32_t *len;
+
+ ptr = (char*)data;
+ len = (uint32_t*)ptr;
+ buf_len = ntohl (*len);
+ ptr += 4;
+ len = (uint32_t*)ptr;
+ *aes_buf_len = ntohl (*len);
+ ptr += 4;
+ *aes_buf = GNUNET_malloc (*aes_buf_len);
+ memcpy(*aes_buf, ptr, *aes_buf_len);
+ ptr += *aes_buf_len;
+ len = (uint32_t*)ptr;
+ *cph_buf_len = ntohl (*len);
+ ptr += 4;
+ *cph_buf = GNUNET_malloc (*cph_buf_len);
+ memcpy(*cph_buf, ptr, *cph_buf_len);
+
+ return buf_len;
+}
+
+ssize_t
+GNUNET_ABE_cpabe_encrypt (const void *block,
+ size_t size,
+ const char *policy,
+ const struct GNUNET_ABE_AbeMasterKey *key,
+ void **result)
+{
+ gabe_cph_t* cph;
+ char* plt;
+ char* cph_buf;
+ char* aes_buf;
+ element_t m;
+ int cph_buf_len;
+ int aes_buf_len;
+ ssize_t result_len;
+
+ if( !(cph = gabe_enc(key->pub, m, (char*)policy)) )
+ return GNUNET_SYSERR;
+ cph_buf_len = gabe_cph_serialize(cph,
+ &cph_buf);
+ gabe_cph_free(cph);
+ GNUNET_free (cph);
+ plt = GNUNET_memdup (block, size);
+ aes_buf_len = aes_128_cbc_encrypt(plt, size, m, &aes_buf);
+ GNUNET_free (plt);
+ element_clear(m);
+ result_len = write_cpabe(result, size, cph_buf, cph_buf_len, aes_buf, aes_buf_len);
+ GNUNET_free(cph_buf);
+ GNUNET_free(aes_buf);
+ return result_len;
+}
+
+ssize_t
+GNUNET_ABE_cpabe_decrypt (const void *block,
+ size_t size,
+ const struct GNUNET_ABE_AbeKey *key,
+ void **result)
+{
+ char* aes_buf;
+ char* cph_buf;
+ gabe_cph_t* cph;
+ element_t m;
+ int cph_buf_size;
+ int aes_buf_size;
+ int plt_len;
+
+ read_cpabe(block, &cph_buf, &cph_buf_size, &aes_buf, &aes_buf_size);
+ cph = gabe_cph_unserialize(key->pub, cph_buf, cph_buf_size);
+ if( !gabe_dec(key->pub, key->prv, cph, m) ) {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "%s\n", gabe_error());
+ GNUNET_free (aes_buf);
+ GNUNET_free (cph_buf);
+ gabe_cph_free(cph);
+ GNUNET_free (cph);
+ element_clear (m);
+ return GNUNET_SYSERR;
+ }
+ gabe_cph_free(cph);
+ GNUNET_free (cph);
+ plt_len = aes_128_cbc_decrypt(aes_buf, aes_buf_size, m, (char**)result);
+ GNUNET_free (cph_buf);
+ GNUNET_free (aes_buf);
+ element_clear (m);
+ //freeing is buggy in gabe
+ //gabe_prv_free (prv);
+ //gabe_pub_free (pub);
+ return plt_len;
+}
+
+ssize_t
+GNUNET_ABE_cpabe_serialize_key (const struct GNUNET_ABE_AbeKey *key,
+ void **result)
+{
+ ssize_t len;
+ char *pub;
+ char *prv;
+ int pub_len;
+ int prv_len;
+
+ pub_len = gabe_pub_serialize (key->pub, &pub);
+ prv_len = gabe_prv_serialize (key->prv, &prv);
+
+ len = pub_len + prv_len + 12;
+ write_cpabe (result, len, pub, pub_len, prv, prv_len);
+
+ GNUNET_free (pub);
+ GNUNET_free (prv);
+
+ return len;
+}
+
+struct GNUNET_ABE_AbeKey*
+GNUNET_ABE_cpabe_deserialize_key (const void *data,
+ size_t len)
+{
+ struct GNUNET_ABE_AbeKey *key;
+ char *pub;
+ char *prv;
+ int prv_len;
+ int pub_len;
+
+ key = GNUNET_new (struct GNUNET_ABE_AbeKey);
+ read_cpabe (data,
+ &pub,
+ &pub_len,
+ &prv,
+ &prv_len);
+ key->pub = gabe_pub_unserialize (pub, pub_len);
+ key->prv = gabe_prv_unserialize (key->pub, prv, prv_len);
+
+ GNUNET_free (pub);
+ GNUNET_free (prv);
+ return key;
+}
+
+ssize_t
+GNUNET_ABE_cpabe_serialize_master_key (const struct GNUNET_ABE_AbeMasterKey *key,
+ void **result)
+{
+ ssize_t len;
+ char *pub;
+ char *msk;
+ int pub_len;
+ int msk_len;
+
+ pub_len = gabe_pub_serialize (key->pub, &pub);
+ msk_len = gabe_msk_serialize (key->msk, &msk);
+
+ len = pub_len + msk_len + 12;
+ write_cpabe (result, len, pub, pub_len, msk, msk_len);
+
+ GNUNET_free (pub);
+ GNUNET_free (msk);
+
+ return len;
+}
+
+struct GNUNET_ABE_AbeMasterKey*
+GNUNET_ABE_cpabe_deserialize_master_key (const void *data,
+ size_t len)
+{
+ struct GNUNET_ABE_AbeMasterKey *key;
+ char *msk;
+ char *pub;
+ int msk_len;
+ int pub_len;
+
+ key = GNUNET_new (struct GNUNET_ABE_AbeMasterKey);
+ read_cpabe (data,
+ &pub,
+ &pub_len,
+ &msk,
+ &msk_len);
+ key->pub = gabe_pub_unserialize (pub, pub_len);
+ key->msk = gabe_msk_unserialize (key->pub, msk, msk_len);
+
+ GNUNET_free (pub);
+ GNUNET_free (msk);
+
+ return key;
+}
diff --git a/src/util/test_crypto_abe.c b/src/abe/test_cpabe.c
index cb36dccae..9b2062b23 100644
--- a/src/util/test_crypto_abe.c
+++ b/src/abe/test_cpabe.c
@@ -25,20 +25,21 @@
*/
#include "platform.h"
#include "gnunet_util_lib.h"
+#include "gnunet_abe_lib.h"
#define TESTSTRING "Hello World!"
static int
testAbecipher ()
{
- struct GNUNET_CRYPTO_AbeMasterKey *msk;
- struct GNUNET_CRYPTO_AbeKey *key;
+ struct GNUNET_ABE_AbeMasterKey *msk;
+ struct GNUNET_ABE_AbeKey *key;
char *result;
char **attrs;
int size;
char *res;
- msk = GNUNET_CRYPTO_cpabe_create_master_key ();
- size = GNUNET_CRYPTO_cpabe_encrypt (TESTSTRING, strlen (TESTSTRING) + 1,
+ msk = GNUNET_ABE_cpabe_create_master_key ();
+ size = GNUNET_ABE_cpabe_encrypt (TESTSTRING, strlen (TESTSTRING) + 1,
"testattr", //Policy
msk,
(void*)&result);
@@ -46,10 +47,10 @@ testAbecipher ()
attrs = GNUNET_malloc (2 * sizeof (char*));
attrs[0] = "testattr";
attrs[1] = NULL;
- key = GNUNET_CRYPTO_cpabe_create_key (msk,
+ key = GNUNET_ABE_cpabe_create_key (msk,
attrs);
- size = GNUNET_CRYPTO_cpabe_decrypt (result, size,
+ size = GNUNET_ABE_cpabe_decrypt (result, size,
key,
(void*)&res);
if (strlen (TESTSTRING) + 1 != size)
diff --git a/src/identity-provider/Makefile.am b/src/identity-provider/Makefile.am
index 5c5ddaa57..adf6af3b3 100644
--- a/src/identity-provider/Makefile.am
+++ b/src/identity-provider/Makefile.am
@@ -70,6 +70,7 @@ gnunet_service_identity_provider_LDADD = \
$(top_builddir)/src/namestore/libgnunetnamestore.la \
$(top_builddir)/src/identity/libgnunetidentity.la \
$(top_builddir)/src/statistics/libgnunetstatistics.la \
+ $(top_builddir)/src/abe/libgnunetabe.la \
$(top_builddir)/src/credential/libgnunetcredential.la \
$(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \
libgnunetidentityprovider.la \
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c
index a5c178aa5..351308c3a 100644
--- a/src/identity-provider/gnunet-service-identity-provider.c
+++ b/src/identity-provider/gnunet-service-identity-provider.c
@@ -30,6 +30,7 @@
#include "gnunet_identity_service.h"
#include "gnunet_gnsrecord_lib.h"
#include "gnunet_namestore_service.h"
+#include "gnunet_abe_lib.h"
#include "gnunet_credential_service.h"
#include "gnunet_statistics_service.h"
#include "gnunet_gns_service.h"
@@ -205,7 +206,7 @@ struct TicketIteration
*/
typedef void
(*AbeBootstrapResult) (void *cls,
- struct GNUNET_CRYPTO_AbeMasterKey *abe_key);
+ struct GNUNET_ABE_AbeMasterKey *abe_key);
struct AbeBootstrapHandle
@@ -233,7 +234,7 @@ struct AbeBootstrapHandle
/**
* The issuer egos ABE master key
*/
- struct GNUNET_CRYPTO_AbeMasterKey *abe_key;
+ struct GNUNET_ABE_AbeMasterKey *abe_key;
};
/**
@@ -264,7 +265,7 @@ struct AttributeIterator
/**
* The issuer egos ABE master key
*/
- struct GNUNET_CRYPTO_AbeMasterKey *abe_key;
+ struct GNUNET_ABE_AbeMasterKey *abe_key;
/**
* Namestore iterator
@@ -355,7 +356,7 @@ struct AttributeStoreHandle
/**
* The issuer egos ABE master key
*/
- struct GNUNET_CRYPTO_AbeMasterKey *abe_key;
+ struct GNUNET_ABE_AbeMasterKey *abe_key;
/**
* QueueEntry
@@ -423,7 +424,7 @@ struct ConsumeTicketHandle
/**
* The ABE key
*/
- struct GNUNET_CRYPTO_AbeKey *key;
+ struct GNUNET_ABE_AbeKey *key;
/**
* Attributes
@@ -520,7 +521,7 @@ struct TicketRevocationHandle
/**
* The ABE master key
*/
- struct GNUNET_CRYPTO_AbeMasterKey *abe_key;
+ struct GNUNET_ABE_AbeMasterKey *abe_key;
/**
* Offset
@@ -690,7 +691,7 @@ bootstrap_store_task (void *cls)
struct GNUNET_GNSRECORD_Data rd[1];
char *key;
- rd[0].data_size = GNUNET_CRYPTO_cpabe_serialize_master_key (abh->abe_key,
+ rd[0].data_size = GNUNET_ABE_cpabe_serialize_master_key (abh->abe_key,
(void**)&key);
rd[0].data = key;
rd[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER;
@@ -730,13 +731,13 @@ bootstrap_abe_result (void *cls,
const struct GNUNET_GNSRECORD_Data *rd)
{
struct AbeBootstrapHandle *abh = cls;
- struct GNUNET_CRYPTO_AbeMasterKey *abe_key;
+ struct GNUNET_ABE_AbeMasterKey *abe_key;
int i;
for (i=0;i<rd_count;i++) {
if (GNUNET_GNSRECORD_TYPE_ABE_MASTER != rd[i].record_type)
continue;
- abe_key = GNUNET_CRYPTO_cpabe_deserialize_master_key (rd[i].data,
+ abe_key = GNUNET_ABE_cpabe_deserialize_master_key (rd[i].data,
rd[i].data_size);
abh->proc (abh->proc_cls, abe_key);
GNUNET_free (abh);
@@ -744,7 +745,7 @@ bootstrap_abe_result (void *cls,
}
//No ABE master found, bootstrapping...
- abh->abe_key = GNUNET_CRYPTO_cpabe_create_master_key ();
+ abh->abe_key = GNUNET_ABE_cpabe_create_master_key ();
GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh);
}
@@ -767,7 +768,7 @@ bootstrap_abe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
abh->identity = *identity;
if (GNUNET_YES == recreate)
{
- abh->abe_key = GNUNET_CRYPTO_cpabe_create_master_key ();
+ abh->abe_key = GNUNET_ABE_cpabe_create_master_key ();
GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh);
} else {
abh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle,
@@ -874,7 +875,7 @@ store_ticket_issue_cont (void *cls,
int
serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
- const struct GNUNET_CRYPTO_AbeKey *rp_key,
+ const struct GNUNET_ABE_AbeKey *rp_key,
struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey,
char **result)
{
@@ -892,7 +893,7 @@ serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
struct GNUNET_HashCode new_key_hash;
ssize_t enc_size;
- size = GNUNET_CRYPTO_cpabe_serialize_key (rp_key,
+ size = GNUNET_ABE_cpabe_serialize_key (rp_key,
(void**)&serialized_key);
attrs_str_len = 0;
for (le = attrs->list_head; NULL != le; le = le->next) {
@@ -951,13 +952,13 @@ serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
static void
issue_ticket_after_abe_bootstrap (void *cls,
- struct GNUNET_CRYPTO_AbeMasterKey *abe_key)
+ struct GNUNET_ABE_AbeMasterKey *abe_key)
{
struct TicketIssueHandle *ih = cls;
struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
struct GNUNET_GNSRECORD_Data code_record[1];
- struct GNUNET_CRYPTO_AbeKey *rp_key;
+ struct GNUNET_ABE_AbeKey *rp_key;
char *code_record_data;
char **attrs;
char *label;
@@ -983,7 +984,7 @@ issue_ticket_after_abe_bootstrap (void *cls,
i++;
}
attrs[i] = NULL;
- rp_key = GNUNET_CRYPTO_cpabe_create_key (abe_key,
+ rp_key = GNUNET_ABE_cpabe_create_key (abe_key,
attrs);
//TODO review this wireformat
@@ -1014,9 +1015,9 @@ issue_ticket_after_abe_bootstrap (void *cls,
GNUNET_free (label);
GNUNET_free (attrs);
GNUNET_free (code_record_data);
- GNUNET_CRYPTO_cpabe_delete_key (rp_key,
+ GNUNET_ABE_cpabe_delete_key (rp_key,
GNUNET_YES);
- GNUNET_CRYPTO_cpabe_delete_master_key (abe_key);
+ GNUNET_ABE_cpabe_delete_master_key (abe_key);
}
@@ -1091,7 +1092,7 @@ cleanup_revoke_ticket_handle (struct TicketRevocationHandle *handle)
if (NULL != handle->rvk_attrs)
GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->rvk_attrs);
if (NULL != handle->abe_key)
- GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key);
+ GNUNET_ABE_cpabe_delete_master_key (handle->abe_key);
if (NULL != handle->ns_qe)
GNUNET_NAMESTORE_cancel (handle->ns_qe);
if (NULL != handle->ns_it)
@@ -1183,7 +1184,7 @@ ticket_reissue_proc (void *cls,
struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le_rollover;
struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
struct GNUNET_GNSRECORD_Data code_record[1];
- struct GNUNET_CRYPTO_AbeKey *rp_key;
+ struct GNUNET_ABE_AbeKey *rp_key;
char *code_record_data;
char **attr_arr;
char *label;
@@ -1263,7 +1264,7 @@ ticket_reissue_proc (void *cls,
i++;
}
attr_arr[i] = NULL;
- rp_key = GNUNET_CRYPTO_cpabe_create_key (rh->abe_key,
+ rp_key = GNUNET_ABE_cpabe_create_key (rh->abe_key,
attr_arr);
//TODO review this wireformat
@@ -1294,7 +1295,7 @@ ticket_reissue_proc (void *cls,
GNUNET_free (label);
GNUNET_free (attr_arr);
GNUNET_free (code_record_data);
- GNUNET_CRYPTO_cpabe_delete_key (rp_key, GNUNET_YES);
+ GNUNET_ABE_cpabe_delete_key (rp_key, GNUNET_YES);
}
@@ -1362,7 +1363,7 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
/**
* Encrypt the attribute value and store in namestore
*/
- enc_size = GNUNET_CRYPTO_cpabe_encrypt (buf,
+ enc_size = GNUNET_ABE_cpabe_encrypt (buf,
buf_size,
policy, //Policy
rh->abe_key,
@@ -1463,7 +1464,7 @@ process_attributes_to_update (void *cls,
static void
get_ticket_after_abe_bootstrap (void *cls,
- struct GNUNET_CRYPTO_AbeMasterKey *abe_key)
+ struct GNUNET_ABE_AbeMasterKey *abe_key)
{
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Finished ABE bootstrap\n");
@@ -1534,7 +1535,7 @@ static void
cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle)
{
if (NULL != handle->key)
- GNUNET_CRYPTO_cpabe_delete_key (handle->key,
+ GNUNET_ABE_cpabe_delete_key (handle->key,
GNUNET_YES);
if (NULL != handle->attrs)
GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->attrs);
@@ -1603,7 +1604,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
if (rd->record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR)
{
decrypt_duration = GNUNET_TIME_absolute_get ();
- attr_len = GNUNET_CRYPTO_cpabe_decrypt (rd->data + sizeof (uint32_t),
+ attr_len = GNUNET_ABE_cpabe_decrypt (rd->data + sizeof (uint32_t),
rd->data_size - sizeof (uint32_t),
handle->key,
(void**)&data);
@@ -1745,7 +1746,7 @@ process_consume_abe_key (void *cls, uint32_t rd_count,
scopes = GNUNET_strdup (buf);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Scopes %s\n", scopes);
- handle->key = GNUNET_CRYPTO_cpabe_deserialize_key ((void*)(buf + strlen (scopes) + 1),
+ handle->key = GNUNET_ABE_cpabe_deserialize_key ((void*)(buf + strlen (scopes) + 1),
rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)
- strlen (scopes) - 1);
@@ -1833,7 +1834,7 @@ cleanup_as_handle (struct AttributeStoreHandle *handle)
if (NULL != handle->claim)
GNUNET_free (handle->claim);
if (NULL != handle->abe_key)
- GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key);
+ GNUNET_ABE_cpabe_delete_master_key (handle->abe_key);
GNUNET_free (handle);
}
@@ -1897,7 +1898,7 @@ attr_store_task (void *cls)
/**
* Encrypt the attribute value and store in namestore
*/
- enc_size = GNUNET_CRYPTO_cpabe_encrypt (buf,
+ enc_size = GNUNET_ABE_cpabe_encrypt (buf,
buf_size,
policy, //Policy
as_handle->abe_key,
@@ -1931,7 +1932,7 @@ attr_store_task (void *cls)
static void
store_after_abe_bootstrap (void *cls,
- struct GNUNET_CRYPTO_AbeMasterKey *abe_key)
+ struct GNUNET_ABE_AbeMasterKey *abe_key)
{
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Finished ABE bootstrap\n");
@@ -2001,7 +2002,7 @@ static void
cleanup_iter_handle (struct AttributeIterator *ai)
{
if (NULL != ai->abe_key)
- GNUNET_CRYPTO_cpabe_delete_master_key (ai->abe_key);
+ GNUNET_ABE_cpabe_delete_master_key (ai->abe_key);
GNUNET_CONTAINER_DLL_remove (ai->client->op_head,
ai->client->op_tail,
ai);
@@ -2043,7 +2044,7 @@ attr_iter_cb (void *cls,
{
struct AttributeIterator *ai = cls;
struct AttributeResultMessage *arm;
- struct GNUNET_CRYPTO_AbeKey *key;
+ struct GNUNET_ABE_AbeKey *key;
struct GNUNET_MQ_Envelope *env;
ssize_t msg_extra_len;
char* attr_ser;
@@ -2067,14 +2068,14 @@ attr_iter_cb (void *cls,
label, attr_ver);
attrs[0] = policy;
attrs[1] = 0;
- key = GNUNET_CRYPTO_cpabe_create_key (ai->abe_key,
+ key = GNUNET_ABE_cpabe_create_key (ai->abe_key,
attrs);
- msg_extra_len = GNUNET_CRYPTO_cpabe_decrypt (rd->data+sizeof (uint32_t),
+ msg_extra_len = GNUNET_ABE_cpabe_decrypt (rd->data+sizeof (uint32_t),
rd->data_size-sizeof (uint32_t),
key,
(void**)&attr_ser);
- GNUNET_CRYPTO_cpabe_delete_key (key,
+ GNUNET_ABE_cpabe_delete_key (key,
GNUNET_YES);
//GNUNET_free (policy);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -2092,14 +2093,14 @@ attr_iter_cb (void *cls,
msg_extra_len);
GNUNET_MQ_send (ai->client->mq, env);
GNUNET_free (attr_ser);
- GNUNET_CRYPTO_cpabe_delete_master_key (ai->abe_key);
+ GNUNET_ABE_cpabe_delete_master_key (ai->abe_key);
ai->abe_key = NULL;
}
void
iterate_after_abe_bootstrap (void *cls,
- struct GNUNET_CRYPTO_AbeMasterKey *abe_key)
+ struct GNUNET_ABE_AbeMasterKey *abe_key)
{
struct AttributeIterator *ai = cls;
ai->abe_key = abe_key;
@@ -2115,7 +2116,7 @@ iterate_after_abe_bootstrap (void *cls,
void
iterate_next_after_abe_bootstrap (void *cls,
- struct GNUNET_CRYPTO_AbeMasterKey *abe_key)
+ struct GNUNET_ABE_AbeMasterKey *abe_key)
{
struct AttributeIterator *ai = cls;
ai->abe_key = abe_key;
diff --git a/src/include/gnunet_abe_lib.h b/src/include/gnunet_abe_lib.h
new file mode 100644
index 000000000..77b0f9e99
--- /dev/null
+++ b/src/include/gnunet_abe_lib.h
@@ -0,0 +1,143 @@
+/*
+ This file is part of GNUnet.
+ Copyright (C) 2001-2018 GNUnet e.V.
+
+ GNUnet is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published
+ by the Free Software Foundation; either version 3, or (at your
+ option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with GNUnet; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ Boston, MA 02110-1301, USA.
+*/
+
+/**
+ * @file include/gnunet_crypto_lib.h
+ * @brief cryptographic primitives for GNUnet
+ *
+ * @author Martin Schanzenbach
+ *
+ * @defgroup abe ABE Crypto library: Attribute-Based Encryption operations
+ *
+ */
+#ifndef GNUNET_ABE_LIB_H
+#define GNUNET_ABE_LIB_H
+
+#ifdef __cplusplus
+extern "C"
+{
+#if 0 /* keep Emacsens' auto-indent happy */
+}
+#endif
+#endif
+
+#include "gnunet_common.h"
+#include <gcrypt.h>
+
+/**
+ * @brief type for ABE master keys
+ */
+struct GNUNET_CRYPTO_AbeMasterKey;
+
+/**
+ * @brief type for ABE keys
+ */
+struct GNUNET_CRYPTO_AbeKey;
+
+
+
+/**
+ * @ingroup abe
+ * Create a new CP-ABE master key. Caller must free return value.
+ *
+ * @return fresh private key; free using #GNUNET_free
+ */
+struct GNUNET_ABE_AbeMasterKey *
+GNUNET_ABE_cpabe_create_master_key (void);
+void
+GNUNET_ABE_cpabe_delete_master_key (struct GNUNET_ABE_AbeMasterKey *key);
+
+/**
+ * @ingroup abe
+ * Create a new CP-ABE key. Caller must free return value.
+ *
+ * @return fresh private key; free using #GNUNET_free
+ */
+struct GNUNET_ABE_AbeKey *
+GNUNET_ABE_cpabe_create_key (struct GNUNET_ABE_AbeMasterKey *msk,
+ char **attrs);
+void
+GNUNET_ABE_cpabe_delete_key (struct GNUNET_ABE_AbeKey *key,
+ int delete_pub);
+
+
+/**
+ * @ingroup abe
+ * Encrypt a block using sessionkey.
+ *
+ * @param block the block to encrypt
+ * @param size the size of the @a block
+ * @param sessionkey the key used to encrypt
+ * @param iv the initialization vector to use, use INITVALUE
+ * for streams.
+ * @return the size of the encrypted block, -1 for errors
+ */
+ssize_t
+GNUNET_ABE_cpabe_encrypt (const void *block,
+ size_t size,
+ const char *policy,
+ const struct GNUNET_ABE_AbeMasterKey *key,
+ void **result);
+
+/**
+ * @ingroup abe
+ * Encrypt a block using sessionkey.
+ *
+ * @param block the block to encrypt
+ * @param size the size of the @a block
+ * @param sessionkey the key used to encrypt
+ * @param iv the initialization vector to use, use INITVALUE
+ * for streams.
+ * @return the size of the encrypted block, -1 for errors
+ */
+ssize_t
+GNUNET_ABE_cpabe_decrypt (const void *block,
+ size_t size,
+ const struct GNUNET_ABE_AbeKey *key,
+ void **result);
+
+ssize_t
+GNUNET_ABE_cpabe_serialize_key (const struct GNUNET_ABE_AbeKey *key,
+ void **result);
+
+struct GNUNET_ABE_AbeKey*
+GNUNET_ABE_cpabe_deserialize_key (const void *data,
+ size_t len);
+
+ssize_t
+GNUNET_ABE_cpabe_serialize_master_key (const struct GNUNET_ABE_AbeMasterKey *key,
+ void **result);
+
+struct GNUNET_ABE_AbeMasterKey*
+GNUNET_ABE_cpabe_deserialize_master_key (const void *data,
+ size_t len);
+
+
+#if 0 /* keep Emacsens' auto-indent happy */
+{
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+
+/* ifndef GNUNET_ABE_LIB_H */
+#endif
+/* end of gnunet_abe_lib.h */
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 2fd67ae1b..e886a561c 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -395,11 +395,6 @@ struct GNUNET_CRYPTO_PaillierCiphertext
unsigned char bits[GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8];
};
-/**
- * @brief type for ABE master keys
- */
-struct GNUNET_CRYPTO_AbeMasterKey;
-
/* **************** Functions and Macros ************* */
@@ -2142,83 +2137,6 @@ GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash,
const struct GNUNET_CRYPTO_RsaPublicKey *public_key);
-/**
- * @ingroup crypto
- * Create a new CP-ABE master key. Caller must free return value.
- *
- * @return fresh private key; free using #GNUNET_free
- */
-struct GNUNET_CRYPTO_AbeMasterKey *
-GNUNET_CRYPTO_cpabe_create_master_key (void);
-void
-GNUNET_CRYPTO_cpabe_delete_master_key (struct GNUNET_CRYPTO_AbeMasterKey *key);
-
-/**
- * @ingroup crypto
- * Create a new CP-ABE key. Caller must free return value.
- *
- * @return fresh private key; free using #GNUNET_free
- */
-struct GNUNET_CRYPTO_AbeKey *
-GNUNET_CRYPTO_cpabe_create_key (struct GNUNET_CRYPTO_AbeMasterKey *msk,
- char **attrs);
-void
-GNUNET_CRYPTO_cpabe_delete_key (struct GNUNET_CRYPTO_AbeKey *key,
- int delete_pub);
-
-
-/**
- * @ingroup crypto
- * Encrypt a block using sessionkey.
- *
- * @param block the block to encrypt
- * @param size the size of the @a block
- * @param sessionkey the key used to encrypt
- * @param iv the initialization vector to use, use INITVALUE
- * for streams.
- * @return the size of the encrypted block, -1 for errors
- */
-ssize_t
-GNUNET_CRYPTO_cpabe_encrypt (const void *block,
- size_t size,
- const char *policy,
- const struct GNUNET_CRYPTO_AbeMasterKey *key,
- void **result);
-
-/**
- * @ingroup crypto
- * Encrypt a block using sessionkey.
- *
- * @param block the block to encrypt
- * @param size the size of the @a block
- * @param sessionkey the key used to encrypt
- * @param iv the initialization vector to use, use INITVALUE
- * for streams.
- * @return the size of the encrypted block, -1 for errors
- */
-ssize_t
-GNUNET_CRYPTO_cpabe_decrypt (const void *block,
- size_t size,
- const struct GNUNET_CRYPTO_AbeKey *key,
- void **result);
-
-ssize_t
-GNUNET_CRYPTO_cpabe_serialize_key (const struct GNUNET_CRYPTO_AbeKey *key,
- void **result);
-
-struct GNUNET_CRYPTO_AbeKey*
-GNUNET_CRYPTO_cpabe_deserialize_key (const void *data,
- size_t len);
-
-ssize_t
-GNUNET_CRYPTO_cpabe_serialize_master_key (const struct GNUNET_CRYPTO_AbeMasterKey *key,
- void **result);
-
-struct GNUNET_CRYPTO_AbeMasterKey*
-GNUNET_CRYPTO_cpabe_deserialize_master_key (const void *data,
- size_t len);
-
-
#if 0 /* keep Emacsens' auto-indent happy */
{
#endif
diff --git a/src/util/Makefile.am b/src/util/Makefile.am
index cc9ff4745..eb655157d 100644
--- a/src/util/Makefile.am
+++ b/src/util/Makefile.am
@@ -119,18 +119,6 @@ libgnunetutil_la_LIBADD = \
$(LTLIBINTL) \
-lltdl $(Z_LIBS) -lunistring $(XLIB)
-if HAVE_PBC
-if HAVE_ABE
-libgnunetutil_la_SOURCES += \
- crypto_abe.c
-libgnunetutil_la_LIBADD += \
- $(ABE_LIBADD) \
- -lgabe \
- -lpbc \
- -lglib-2.0
-endif
-endif
-
libgnunetutil_la_LDFLAGS = \
$(GN_LIB_LDFLAGS) \
-version-info 13:0:0
@@ -564,17 +552,6 @@ test_speedup_SOURCES = \
test_speedup_LDADD = \
libgnunetutil.la
-if HAVE_PBC
-if HAVE_ABE
-test_crypto_abe_SOURCES = \
- test_crypto_abe.c
-test_crypto_abe_LDADD = \
- libgnunetutil.la
-check_PROGRAMS += \
- test_crypto_abe
-endif
-endif
-
perf_crypto_hash_SOURCES = \
perf_crypto_hash.c
perf_crypto_hash_LDADD = \