- towards crypto agility; wip

author: Martin Schanzenbach <mschanzenbach@posteo.de> 2020-10-14 19:47:32 +0200
committer: Martin Schanzenbach <mschanzenbach@posteo.de> 2020-10-15 12:11:18 +0200
commit: 96c802b46be51e5c45f34e2de823f787d26c2929 (patch)
tree: 457ccfd8f9a61563af86318739c4a8f964a57025 /src/gnsrecord/gnsrecord_crypto.c
parent: c14e3a2769ff0f15fdbb32797e37e43ce2344fa3 (diff)
download: gnunet-96c802b46be51e5c45f34e2de823f787d26c2929.tar.gz
gnunet-96c802b46be51e5c45f34e2de823f787d26c2929.zip
1 files changed, 105 insertions, 43 deletions
diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c
index c8919760a..b32b148fe 100644
--- a/src/gnsrecord/gnsrecord_crypto.c
+++ b/src/gnsrecord/gnsrecord_crypto.c
@@ -152,7 +152,8 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
                                                   label,
                                                   "gns");
    GNUNET_CRYPTO_ecdsa_key_get_public (dkey,
-                                        &block->derived_key);
+                                        &block->derived_key.ecdsa_key);
+    block->derived_key.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
    derive_block_aes_key (&iv,
                          &skey,
                          label,
@@ -191,7 +192,7 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
 * @return NULL on error (block too large)
 */
 struct GNUNET_GNSRECORD_Block *
-GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
+GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key,
                               struct GNUNET_TIME_Absolute expire,
                               const char *label,
                               const struct GNUNET_GNSRECORD_Data *rd,
@@ -199,14 +200,21 @@ GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
 {
  struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
-  GNUNET_CRYPTO_ecdsa_key_get_public (key,
+  switch (ntohl (key->type))
-                                      &pkey);
+  {
-  return block_create (key,
+  case GNUNET_GNSRECORD_TYPE_PKEY:
-                       &pkey,
+    GNUNET_CRYPTO_ecdsa_key_get_public (&key->ecdsa_key,
-                       expire,
+                                        &pkey);
-                       label,
+    return block_create (&key->ecdsa_key,
-                       rd,
+                         &pkey,
-                       rd_count);
+                         expire,
+                         label,
+                         rd,
+                         rd_count);
+  default:
+    GNUNET_assert (0);
+  }
+  return NULL;
 }
@@ -240,12 +248,19 @@ struct KeyCacheLine
 * @return NULL on error (block too large)
 */
 struct GNUNET_GNSRECORD_Block *
-GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
+GNUNET_GNSRECORD_block_create2 (const struct GNUNET_IDENTITY_PrivateKey *pkey,
                                struct GNUNET_TIME_Absolute expire,
                                const char *label,
                                const struct GNUNET_GNSRECORD_Data *rd,
                                unsigned int rd_count)
 {
+  const struct GNUNET_CRYPTO_EcdsaPrivateKey *key;
+  if (GNUNET_IDENTITY_TYPE_ECDSA != ntohl (pkey->type))
+  {
+    return NULL; //FIXME
+  }
+  key = &pkey->ecdsa_key;
 #define CSIZE 64
  static struct KeyCacheLine cache[CSIZE];
  struct KeyCacheLine *line;
@@ -277,29 +292,27 @@ GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
 * @param block block to verify
 * @return #GNUNET_OK if the signature is valid
 */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block)
 {
+  const struct GNUNET_CRYPTO_EcdsaPublicKey *key;
+  if (GNUNET_GNSRECORD_TYPE_PKEY != ntohl (block->derived_key.type))
+  {
+    GNUNET_break (0);
+    return GNUNET_NO;
+  }
+  key = &block->derived_key.ecdsa_key;
  return GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
                                      &block->purpose,
                                      &block->signature,
-                                      &block->derived_key);
+                                      key);
 }
-/**
+enum GNUNET_GenericReturnValue
- * Decrypt block.
+block_decrypt (const struct GNUNET_GNSRECORD_Block *block,
- *
- * @param block block to decrypt
- * @param zone_key public key of the zone
- * @param label the name for the records
- * @param proc function to call with the result
- * @param proc_cls closure for proc
- * @return #GNUNET_OK on success, #GNUNET_SYSERR if the block was
- *        not well-formed
- */
-int
-GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block,
                                const struct
                                GNUNET_CRYPTO_EcdsaPublicKey *zone_key,
                                const char *label,
@@ -426,6 +439,39 @@ GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block,
 /**
+ * Decrypt block.
+ *
+ * @param block block to decrypt
+ * @param zone_key public key of the zone
+ * @param label the name for the records
+ * @param proc function to call with the result
+ * @param proc_cls closure for proc
+ * @return #GNUNET_OK on success, #GNUNET_SYSERR if the block was
+ *        not well-formed
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block,
+                                const struct
+                                GNUNET_IDENTITY_PublicKey *zone_key,
+                                const char *label,
+                                GNUNET_GNSRECORD_RecordCallback proc,
+                                void *proc_cls)
+{
+  const struct GNUNET_CRYPTO_EcdsaPublicKey *key;
+  if (GNUNET_IDENTITY_TYPE_ECDSA != ntohl (zone_key->type))
+  {
+    return GNUNET_NO;
+  }
+  key = &zone_key->ecdsa_key;
+  return block_decrypt (block, key, label, proc, proc_cls);
+}
+/**
 * Calculate the DHT query for a given @a label in a given @a zone.
 *
 * @param zone private key of the zone
@@ -434,17 +480,24 @@ GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block,
 */
 void
 GNUNET_GNSRECORD_query_from_private_key (const struct
-                                         GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                                         GNUNET_IDENTITY_PrivateKey *zone,
                                         const char *label,
                                         struct GNUNET_HashCode *query)
 {
-  struct GNUNET_CRYPTO_EcdsaPublicKey pub;
+  struct GNUNET_IDENTITY_PublicKey pub;
+  switch (ntohl (zone->type))
-  GNUNET_CRYPTO_ecdsa_key_get_public (zone,
+  {
-                                      &pub);
+  case GNUNET_GNSRECORD_TYPE_PKEY:
-  GNUNET_GNSRECORD_query_from_public_key (&pub,
-                                          label,
+    GNUNET_IDENTITY_key_get_public (zone,
-                                          query);
+                                    &pub);
+    GNUNET_GNSRECORD_query_from_public_key (&pub,
+                                            label,
+                                            query);
+    break;
+  default:
+    GNUNET_assert (0);
+  }
 }
@@ -457,18 +510,27 @@ GNUNET_GNSRECORD_query_from_private_key (const struct
 */
 void
 GNUNET_GNSRECORD_query_from_public_key (const struct
-                                        GNUNET_CRYPTO_EcdsaPublicKey *pub,
+                                        GNUNET_IDENTITY_PublicKey *pub,
                                        const char *label,
                                        struct GNUNET_HashCode *query)
 {
-  struct GNUNET_CRYPTO_EcdsaPublicKey pd;
+  struct GNUNET_IDENTITY_PublicKey pd;
-  GNUNET_CRYPTO_ecdsa_public_key_derive (pub,
-                                         label,
+  switch (ntohl (pub->type))
-                                         "gns",
+  {
-                                         &pd);
+  case GNUNET_GNSRECORD_TYPE_PKEY:
-  GNUNET_CRYPTO_hash (&pd,
+    pd.type = pub->type;
-                      sizeof(pd),
+    GNUNET_CRYPTO_ecdsa_public_key_derive (&pub->ecdsa_key,
-                      query);
+                                           label,
+                                           "gns",
+                                           &pd.ecdsa_key);
+    GNUNET_CRYPTO_hash (&pd,
+                        sizeof(pd),
+                        query);
+    break;
+  default:
+    GNUNET_assert (0);
+  }
 }
author	Martin Schanzenbach <mschanzenbach@posteo.de>	2020-10-14 19:47:32 +0200
committer	Martin Schanzenbach <mschanzenbach@posteo.de>	2020-10-15 12:11:18 +0200
commit	96c802b46be51e5c45f34e2de823f787d26c2929 (patch)
tree	457ccfd8f9a61563af86318739c4a8f964a57025 /src/gnsrecord/gnsrecord_crypto.c
parent	c14e3a2769ff0f15fdbb32797e37e43ce2344fa3 (diff)
download	gnunet-96c802b46be51e5c45f34e2de823f787d26c2929.tar.gz gnunet-96c802b46be51e5c45f34e2de823f787d26c2929.zip

diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c index c8919760a..b32b148fe 100644 --- a/src/gnsrecord/gnsrecord_crypto.c +++ b/src/gnsrecord/gnsrecord_crypto.c
@@ -152,7 +152,8 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
152	label,	152	label,
153	"gns");	153	"gns");
154	GNUNET_CRYPTO_ecdsa_key_get_public (dkey,	154	GNUNET_CRYPTO_ecdsa_key_get_public (dkey,
155	&block->derived_key);	155	&block->derived_key.ecdsa_key);
		156	block->derived_key.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
156	derive_block_aes_key (&iv,	157	derive_block_aes_key (&iv,
157	&skey,	158	&skey,
158	label,	159	label,
@@ -191,7 +192,7 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
191	* @return NULL on error (block too large)	192	* @return NULL on error (block too large)
192	*/	193	*/
193	struct GNUNET_GNSRECORD_Block *	194	struct GNUNET_GNSRECORD_Block *
194	GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,	195	GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key,
195	struct GNUNET_TIME_Absolute expire,	196	struct GNUNET_TIME_Absolute expire,
196	const char *label,	197	const char *label,
197	const struct GNUNET_GNSRECORD_Data *rd,	198	const struct GNUNET_GNSRECORD_Data *rd,
@@ -199,14 +200,21 @@ GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
199	{	200	{
200	struct GNUNET_CRYPTO_EcdsaPublicKey pkey;	201	struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
201		202
202	GNUNET_CRYPTO_ecdsa_key_get_public (key,	203	switch (ntohl (key->type))
203	&pkey);	204	{
204	return block_create (key,	205	case GNUNET_GNSRECORD_TYPE_PKEY:
205	&pkey,	206	GNUNET_CRYPTO_ecdsa_key_get_public (&key->ecdsa_key,
206	expire,	207	&pkey);
207	label,	208	return block_create (&key->ecdsa_key,
208	rd,	209	&pkey,
209	rd_count);	210	expire,
		211	label,
		212	rd,
		213	rd_count);
		214	default:
		215	GNUNET_assert (0);
		216	}
		217	return NULL;
210	}	218	}
211		219
212		220
@@ -240,12 +248,19 @@ struct KeyCacheLine
240	* @return NULL on error (block too large)	248	* @return NULL on error (block too large)
241	*/	249	*/
242	struct GNUNET_GNSRECORD_Block *	250	struct GNUNET_GNSRECORD_Block *
243	GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,	251	GNUNET_GNSRECORD_block_create2 (const struct GNUNET_IDENTITY_PrivateKey *pkey,
244	struct GNUNET_TIME_Absolute expire,	252	struct GNUNET_TIME_Absolute expire,
245	const char *label,	253	const char *label,
246	const struct GNUNET_GNSRECORD_Data *rd,	254	const struct GNUNET_GNSRECORD_Data *rd,
247	unsigned int rd_count)	255	unsigned int rd_count)
248	{	256	{
		257	const struct GNUNET_CRYPTO_EcdsaPrivateKey *key;
		258
		259	if (GNUNET_IDENTITY_TYPE_ECDSA != ntohl (pkey->type))
		260	{
		261	return NULL; //FIXME
		262	}
		263	key = &pkey->ecdsa_key;
249	#define CSIZE 64	264	#define CSIZE 64
250	static struct KeyCacheLine cache[CSIZE];	265	static struct KeyCacheLine cache[CSIZE];
251	struct KeyCacheLine *line;	266	struct KeyCacheLine *line;
@@ -277,29 +292,27 @@ GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
277	* @param block block to verify	292	* @param block block to verify
278	* @return #GNUNET_OK if the signature is valid	293	* @return #GNUNET_OK if the signature is valid
279	*/	294	*/
280	int	295	enum GNUNET_GenericReturnValue
281	GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block)	296	GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block)
282	{	297	{
		298	const struct GNUNET_CRYPTO_EcdsaPublicKey *key;
		299
		300	if (GNUNET_GNSRECORD_TYPE_PKEY != ntohl (block->derived_key.type))
		301	{
		302	GNUNET_break (0);
		303	return GNUNET_NO;
		304	}
		305	key = &block->derived_key.ecdsa_key;
		306
283	return GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,	307	return GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
284	&block->purpose,	308	&block->purpose,
285	&block->signature,	309	&block->signature,
286	&block->derived_key);	310	key);
287	}	311	}
288		312
289		313
290	/**	314	enum GNUNET_GenericReturnValue
291	* Decrypt block.	315	block_decrypt (const struct GNUNET_GNSRECORD_Block *block,
292	*
293	* @param block block to decrypt
294	* @param zone_key public key of the zone
295	* @param label the name for the records
296	* @param proc function to call with the result
297	* @param proc_cls closure for proc
298	* @return #GNUNET_OK on success, #GNUNET_SYSERR if the block was
299	* not well-formed
300	*/
301	int
302	GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block,
303	const struct	316	const struct
304	GNUNET_CRYPTO_EcdsaPublicKey *zone_key,	317	GNUNET_CRYPTO_EcdsaPublicKey *zone_key,
305	const char *label,	318	const char *label,
@@ -426,6 +439,39 @@ GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block,
426		439
427		440
428	/**	441	/**
		442	* Decrypt block.
		443	*
		444	* @param block block to decrypt
		445	* @param zone_key public key of the zone
		446	* @param label the name for the records
		447	* @param proc function to call with the result
		448	* @param proc_cls closure for proc
		449	* @return #GNUNET_OK on success, #GNUNET_SYSERR if the block was
		450	* not well-formed
		451	*/
		452	enum GNUNET_GenericReturnValue
		453	GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block,
		454	const struct
		455	GNUNET_IDENTITY_PublicKey *zone_key,
		456	const char *label,
		457	GNUNET_GNSRECORD_RecordCallback proc,
		458	void *proc_cls)
		459	{
		460	const struct GNUNET_CRYPTO_EcdsaPublicKey *key;
		461
		462	if (GNUNET_IDENTITY_TYPE_ECDSA != ntohl (zone_key->type))
		463	{
		464	return GNUNET_NO;
		465	}
		466	key = &zone_key->ecdsa_key;
		467
		468	return block_decrypt (block, key, label, proc, proc_cls);
		469
		470	}
		471
		472
		473
		474	/**
429	* Calculate the DHT query for a given @a label in a given @a zone.	475	* Calculate the DHT query for a given @a label in a given @a zone.
430	*	476	*
431	* @param zone private key of the zone	477	* @param zone private key of the zone
@@ -434,17 +480,24 @@ GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block,
434	*/	480	*/
435	void	481	void
436	GNUNET_GNSRECORD_query_from_private_key (const struct	482	GNUNET_GNSRECORD_query_from_private_key (const struct
437	GNUNET_CRYPTO_EcdsaPrivateKey *zone,	483	GNUNET_IDENTITY_PrivateKey *zone,
438	const char *label,	484	const char *label,
439	struct GNUNET_HashCode *query)	485	struct GNUNET_HashCode *query)
440	{	486	{
441	struct GNUNET_CRYPTO_EcdsaPublicKey pub;	487	struct GNUNET_IDENTITY_PublicKey pub;
442		488	switch (ntohl (zone->type))
443	GNUNET_CRYPTO_ecdsa_key_get_public (zone,	489	{
444	&pub);	490	case GNUNET_GNSRECORD_TYPE_PKEY:
445	GNUNET_GNSRECORD_query_from_public_key (&pub,	491
446	label,	492	GNUNET_IDENTITY_key_get_public (zone,
447	query);	493	&pub);
		494	GNUNET_GNSRECORD_query_from_public_key (&pub,
		495	label,
		496	query);
		497	break;
		498	default:
		499	GNUNET_assert (0);
		500	}
448	}	501	}
449		502
450		503
@@ -457,18 +510,27 @@ GNUNET_GNSRECORD_query_from_private_key (const struct
457	*/	510	*/
458	void	511	void
459	GNUNET_GNSRECORD_query_from_public_key (const struct	512	GNUNET_GNSRECORD_query_from_public_key (const struct
460	GNUNET_CRYPTO_EcdsaPublicKey *pub,	513	GNUNET_IDENTITY_PublicKey *pub,
461	const char *label,	514	const char *label,
462	struct GNUNET_HashCode *query)	515	struct GNUNET_HashCode *query)
463	{	516	{
464	struct GNUNET_CRYPTO_EcdsaPublicKey pd;	517	struct GNUNET_IDENTITY_PublicKey pd;
465	GNUNET_CRYPTO_ecdsa_public_key_derive (pub,	518
466	label,	519	switch (ntohl (pub->type))
467	"gns",	520	{
468	&pd);	521	case GNUNET_GNSRECORD_TYPE_PKEY:
469	GNUNET_CRYPTO_hash (&pd,	522	pd.type = pub->type;
470	sizeof(pd),	523	GNUNET_CRYPTO_ecdsa_public_key_derive (&pub->ecdsa_key,
471	query);	524	label,
		525	"gns",
		526	&pd.ecdsa_key);
		527	GNUNET_CRYPTO_hash (&pd,
		528	sizeof(pd),
		529	query);
		530	break;
		531	default:
		532	GNUNET_assert (0);
		533	}
472	}	534	}
473		535
474		536