diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2020-10-14 19:47:32 +0200 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2020-10-15 12:11:18 +0200 |
commit | 96c802b46be51e5c45f34e2de823f787d26c2929 (patch) | |
tree | 457ccfd8f9a61563af86318739c4a8f964a57025 /src/gnsrecord/gnsrecord_crypto.c | |
parent | c14e3a2769ff0f15fdbb32797e37e43ce2344fa3 (diff) | |
download | gnunet-96c802b46be51e5c45f34e2de823f787d26c2929.tar.gz gnunet-96c802b46be51e5c45f34e2de823f787d26c2929.zip |
- towards crypto agility; wip
Diffstat (limited to 'src/gnsrecord/gnsrecord_crypto.c')
-rw-r--r-- | src/gnsrecord/gnsrecord_crypto.c | 148 |
1 files changed, 105 insertions, 43 deletions
diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c index c8919760a..b32b148fe 100644 --- a/src/gnsrecord/gnsrecord_crypto.c +++ b/src/gnsrecord/gnsrecord_crypto.c | |||
@@ -152,7 +152,8 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
152 | label, | 152 | label, |
153 | "gns"); | 153 | "gns"); |
154 | GNUNET_CRYPTO_ecdsa_key_get_public (dkey, | 154 | GNUNET_CRYPTO_ecdsa_key_get_public (dkey, |
155 | &block->derived_key); | 155 | &block->derived_key.ecdsa_key); |
156 | block->derived_key.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY); | ||
156 | derive_block_aes_key (&iv, | 157 | derive_block_aes_key (&iv, |
157 | &skey, | 158 | &skey, |
158 | label, | 159 | label, |
@@ -191,7 +192,7 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
191 | * @return NULL on error (block too large) | 192 | * @return NULL on error (block too large) |
192 | */ | 193 | */ |
193 | struct GNUNET_GNSRECORD_Block * | 194 | struct GNUNET_GNSRECORD_Block * |
194 | GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | 195 | GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key, |
195 | struct GNUNET_TIME_Absolute expire, | 196 | struct GNUNET_TIME_Absolute expire, |
196 | const char *label, | 197 | const char *label, |
197 | const struct GNUNET_GNSRECORD_Data *rd, | 198 | const struct GNUNET_GNSRECORD_Data *rd, |
@@ -199,14 +200,21 @@ GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
199 | { | 200 | { |
200 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; | 201 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; |
201 | 202 | ||
202 | GNUNET_CRYPTO_ecdsa_key_get_public (key, | 203 | switch (ntohl (key->type)) |
203 | &pkey); | 204 | { |
204 | return block_create (key, | 205 | case GNUNET_GNSRECORD_TYPE_PKEY: |
205 | &pkey, | 206 | GNUNET_CRYPTO_ecdsa_key_get_public (&key->ecdsa_key, |
206 | expire, | 207 | &pkey); |
207 | label, | 208 | return block_create (&key->ecdsa_key, |
208 | rd, | 209 | &pkey, |
209 | rd_count); | 210 | expire, |
211 | label, | ||
212 | rd, | ||
213 | rd_count); | ||
214 | default: | ||
215 | GNUNET_assert (0); | ||
216 | } | ||
217 | return NULL; | ||
210 | } | 218 | } |
211 | 219 | ||
212 | 220 | ||
@@ -240,12 +248,19 @@ struct KeyCacheLine | |||
240 | * @return NULL on error (block too large) | 248 | * @return NULL on error (block too large) |
241 | */ | 249 | */ |
242 | struct GNUNET_GNSRECORD_Block * | 250 | struct GNUNET_GNSRECORD_Block * |
243 | GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | 251 | GNUNET_GNSRECORD_block_create2 (const struct GNUNET_IDENTITY_PrivateKey *pkey, |
244 | struct GNUNET_TIME_Absolute expire, | 252 | struct GNUNET_TIME_Absolute expire, |
245 | const char *label, | 253 | const char *label, |
246 | const struct GNUNET_GNSRECORD_Data *rd, | 254 | const struct GNUNET_GNSRECORD_Data *rd, |
247 | unsigned int rd_count) | 255 | unsigned int rd_count) |
248 | { | 256 | { |
257 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *key; | ||
258 | |||
259 | if (GNUNET_IDENTITY_TYPE_ECDSA != ntohl (pkey->type)) | ||
260 | { | ||
261 | return NULL; //FIXME | ||
262 | } | ||
263 | key = &pkey->ecdsa_key; | ||
249 | #define CSIZE 64 | 264 | #define CSIZE 64 |
250 | static struct KeyCacheLine cache[CSIZE]; | 265 | static struct KeyCacheLine cache[CSIZE]; |
251 | struct KeyCacheLine *line; | 266 | struct KeyCacheLine *line; |
@@ -277,29 +292,27 @@ GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
277 | * @param block block to verify | 292 | * @param block block to verify |
278 | * @return #GNUNET_OK if the signature is valid | 293 | * @return #GNUNET_OK if the signature is valid |
279 | */ | 294 | */ |
280 | int | 295 | enum GNUNET_GenericReturnValue |
281 | GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block) | 296 | GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block) |
282 | { | 297 | { |
298 | const struct GNUNET_CRYPTO_EcdsaPublicKey *key; | ||
299 | |||
300 | if (GNUNET_GNSRECORD_TYPE_PKEY != ntohl (block->derived_key.type)) | ||
301 | { | ||
302 | GNUNET_break (0); | ||
303 | return GNUNET_NO; | ||
304 | } | ||
305 | key = &block->derived_key.ecdsa_key; | ||
306 | |||
283 | return GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, | 307 | return GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, |
284 | &block->purpose, | 308 | &block->purpose, |
285 | &block->signature, | 309 | &block->signature, |
286 | &block->derived_key); | 310 | key); |
287 | } | 311 | } |
288 | 312 | ||
289 | 313 | ||
290 | /** | 314 | enum GNUNET_GenericReturnValue |
291 | * Decrypt block. | 315 | block_decrypt (const struct GNUNET_GNSRECORD_Block *block, |
292 | * | ||
293 | * @param block block to decrypt | ||
294 | * @param zone_key public key of the zone | ||
295 | * @param label the name for the records | ||
296 | * @param proc function to call with the result | ||
297 | * @param proc_cls closure for proc | ||
298 | * @return #GNUNET_OK on success, #GNUNET_SYSERR if the block was | ||
299 | * not well-formed | ||
300 | */ | ||
301 | int | ||
302 | GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block, | ||
303 | const struct | 316 | const struct |
304 | GNUNET_CRYPTO_EcdsaPublicKey *zone_key, | 317 | GNUNET_CRYPTO_EcdsaPublicKey *zone_key, |
305 | const char *label, | 318 | const char *label, |
@@ -426,6 +439,39 @@ GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block, | |||
426 | 439 | ||
427 | 440 | ||
428 | /** | 441 | /** |
442 | * Decrypt block. | ||
443 | * | ||
444 | * @param block block to decrypt | ||
445 | * @param zone_key public key of the zone | ||
446 | * @param label the name for the records | ||
447 | * @param proc function to call with the result | ||
448 | * @param proc_cls closure for proc | ||
449 | * @return #GNUNET_OK on success, #GNUNET_SYSERR if the block was | ||
450 | * not well-formed | ||
451 | */ | ||
452 | enum GNUNET_GenericReturnValue | ||
453 | GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block, | ||
454 | const struct | ||
455 | GNUNET_IDENTITY_PublicKey *zone_key, | ||
456 | const char *label, | ||
457 | GNUNET_GNSRECORD_RecordCallback proc, | ||
458 | void *proc_cls) | ||
459 | { | ||
460 | const struct GNUNET_CRYPTO_EcdsaPublicKey *key; | ||
461 | |||
462 | if (GNUNET_IDENTITY_TYPE_ECDSA != ntohl (zone_key->type)) | ||
463 | { | ||
464 | return GNUNET_NO; | ||
465 | } | ||
466 | key = &zone_key->ecdsa_key; | ||
467 | |||
468 | return block_decrypt (block, key, label, proc, proc_cls); | ||
469 | |||
470 | } | ||
471 | |||
472 | |||
473 | |||
474 | /** | ||
429 | * Calculate the DHT query for a given @a label in a given @a zone. | 475 | * Calculate the DHT query for a given @a label in a given @a zone. |
430 | * | 476 | * |
431 | * @param zone private key of the zone | 477 | * @param zone private key of the zone |
@@ -434,17 +480,24 @@ GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block, | |||
434 | */ | 480 | */ |
435 | void | 481 | void |
436 | GNUNET_GNSRECORD_query_from_private_key (const struct | 482 | GNUNET_GNSRECORD_query_from_private_key (const struct |
437 | GNUNET_CRYPTO_EcdsaPrivateKey *zone, | 483 | GNUNET_IDENTITY_PrivateKey *zone, |
438 | const char *label, | 484 | const char *label, |
439 | struct GNUNET_HashCode *query) | 485 | struct GNUNET_HashCode *query) |
440 | { | 486 | { |
441 | struct GNUNET_CRYPTO_EcdsaPublicKey pub; | 487 | struct GNUNET_IDENTITY_PublicKey pub; |
442 | 488 | switch (ntohl (zone->type)) | |
443 | GNUNET_CRYPTO_ecdsa_key_get_public (zone, | 489 | { |
444 | &pub); | 490 | case GNUNET_GNSRECORD_TYPE_PKEY: |
445 | GNUNET_GNSRECORD_query_from_public_key (&pub, | 491 | |
446 | label, | 492 | GNUNET_IDENTITY_key_get_public (zone, |
447 | query); | 493 | &pub); |
494 | GNUNET_GNSRECORD_query_from_public_key (&pub, | ||
495 | label, | ||
496 | query); | ||
497 | break; | ||
498 | default: | ||
499 | GNUNET_assert (0); | ||
500 | } | ||
448 | } | 501 | } |
449 | 502 | ||
450 | 503 | ||
@@ -457,18 +510,27 @@ GNUNET_GNSRECORD_query_from_private_key (const struct | |||
457 | */ | 510 | */ |
458 | void | 511 | void |
459 | GNUNET_GNSRECORD_query_from_public_key (const struct | 512 | GNUNET_GNSRECORD_query_from_public_key (const struct |
460 | GNUNET_CRYPTO_EcdsaPublicKey *pub, | 513 | GNUNET_IDENTITY_PublicKey *pub, |
461 | const char *label, | 514 | const char *label, |
462 | struct GNUNET_HashCode *query) | 515 | struct GNUNET_HashCode *query) |
463 | { | 516 | { |
464 | struct GNUNET_CRYPTO_EcdsaPublicKey pd; | 517 | struct GNUNET_IDENTITY_PublicKey pd; |
465 | GNUNET_CRYPTO_ecdsa_public_key_derive (pub, | 518 | |
466 | label, | 519 | switch (ntohl (pub->type)) |
467 | "gns", | 520 | { |
468 | &pd); | 521 | case GNUNET_GNSRECORD_TYPE_PKEY: |
469 | GNUNET_CRYPTO_hash (&pd, | 522 | pd.type = pub->type; |
470 | sizeof(pd), | 523 | GNUNET_CRYPTO_ecdsa_public_key_derive (&pub->ecdsa_key, |
471 | query); | 524 | label, |
525 | "gns", | ||
526 | &pd.ecdsa_key); | ||
527 | GNUNET_CRYPTO_hash (&pd, | ||
528 | sizeof(pd), | ||
529 | query); | ||
530 | break; | ||
531 | default: | ||
532 | GNUNET_assert (0); | ||
533 | } | ||
472 | } | 534 | } |
473 | 535 | ||
474 | 536 | ||