-rename files/symbols from _aes to _symmetric

author: Christian Grothoff <christian@grothoff.org> 2013-09-30 11:32:30 +0000
committer: Christian Grothoff <christian@grothoff.org> 2013-09-30 11:32:30 +0000
commit: 45b5c1f11144bc14fae34c991ae9db89d6ba8913 (patch)
tree: f4a2fbe70573e0d9bb56d4ccb8be29fcf0c50c55 /src/util/crypto_symmetric.c
parent: 05ef63d9f8cf65561b7ed2234efdc80e3fb40bd0 (diff)
download: gnunet-45b5c1f11144bc14fae34c991ae9db89d6ba8913.tar.gz
gnunet-45b5c1f11144bc14fae34c991ae9db89d6ba8913.zip
1 files changed, 233 insertions, 0 deletions
diff --git a/src/util/crypto_symmetric.c b/src/util/crypto_symmetric.c
new file mode 100644
index 000000000..3e4f9d748
--- /dev/null
+++ b/src/util/crypto_symmetric.c
@@ -0,0 +1,233 @@
+/*
+     This file is part of GNUnet.
+     (C) 2001, 2002, 2003, 2004, 2005, 2006, 2013 Christian Grothoff (and other contributing authors)
+     GNUnet is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published
+     by the Free Software Foundation; either version 3, or (at your
+     option) any later version.
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     General Public License for more details.
+     You should have received a copy of the GNU General Public License
+     along with GNUnet; see the file COPYING.  If not, write to the
+     Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+     Boston, MA 02111-1307, USA.
+*/
+/**
+ * @file util/crypto_symmetric.c
+ * @brief Symmetric encryption services; combined cipher AES+TWOFISH (256-bit each)
+ * @author Christian Grothoff
+ * @author Ioana Patrascu
+ */
+#include "platform.h"
+#include "gnunet_common.h"
+#include "gnunet_crypto_lib.h"
+#include <gcrypt.h>
+#define LOG(kind,...) GNUNET_log_from (kind, "util", __VA_ARGS__)
+/**
+ * Create a new SessionKey (for symmetric encryption).
+ *
+ * @param key session key to initialize
+ */
+void
+GNUNET_CRYPTO_symmetric_create_session_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key)
+{
+  gcry_randomize (key->aes_key, 
+                  GNUNET_CRYPTO_AES_KEY_LENGTH,
+                  GCRY_STRONG_RANDOM);
+  gcry_randomize (key->twofish_key, 
+                  GNUNET_CRYPTO_AES_KEY_LENGTH,
+                  GCRY_STRONG_RANDOM);
+}
+/**
+ * Initialize AES cipher.
+ *
+ * @param handle handle to initialize
+ * @param sessionkey session key to use
+ * @param iv initialization vector to use
+ * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
+ */
+static int
+setup_cipher_aes (gcry_cipher_hd_t *handle,
+                  const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
+                  const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
+{
+  int rc;
+  GNUNET_assert (0 ==
+                 gcry_cipher_open (handle, GCRY_CIPHER_AES256,
+                                   GCRY_CIPHER_MODE_CFB, 0));
+  rc = gcry_cipher_setkey (*handle, 
+                           sessionkey->aes_key, 
+                           sizeof (sessionkey->aes_key));
+  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
+  rc = gcry_cipher_setiv (*handle, 
+                          iv->aes_iv, 
+                          sizeof (iv->aes_iv));
+  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
+  return GNUNET_OK;
+}
+/**
+ * Initialize TWOFISH cipher.
+ *
+ * @param handle handle to initialize
+ * @param sessionkey session key to use
+ * @param iv initialization vector to use
+ * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
+ */
+static int
+setup_cipher_twofish (gcry_cipher_hd_t *handle,
+                      const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
+                      const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
+{
+  int rc;
+  GNUNET_assert (0 ==
+                 gcry_cipher_open (handle, GCRY_CIPHER_TWOFISH, 
+                                   GCRY_CIPHER_MODE_CFB, 0));
+  rc = gcry_cipher_setkey (*handle, 
+                           sessionkey->twofish_key, 
+                           sizeof (sessionkey->twofish_key));
+  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
+  rc = gcry_cipher_setiv (*handle, 
+                          iv->twofish_iv,
+                          sizeof (iv->twofish_iv));
+  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
+  return GNUNET_OK;
+}
+/**
+ * Encrypt a block with the public key of another
+ * host that uses the same cyper.
+ *
+ * @param block the block to encrypt
+ * @param len the size of the @a block
+ * @param sessionkey the key used to encrypt
+ * @param iv the initialization vector to use, use INITVALUE
+ *        for streams.
+ * @param result the output parameter in which to store the encrypted result
+ * @returns the size of the encrypted block, -1 for errors
+ */
+ssize_t
+GNUNET_CRYPTO_symmetric_encrypt (const void *block, size_t len,
+                           const struct GNUNET_CRYPTO_SymmetricSessionKey *
+                           sessionkey,
+                           const struct GNUNET_CRYPTO_SymmetricInitializationVector *
+                           iv, void *result)
+{
+  gcry_cipher_hd_t handle;
+  char tmp[len];
+  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
+    return -1;
+  GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, len, block, len));
+  gcry_cipher_close (handle);
+  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
+    return -1;
+  GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, len, tmp, len));
+  gcry_cipher_close (handle);
+  memset (tmp, 0, sizeof (tmp));
+  return len;
+}
+/**
+ * Decrypt a given block with the sessionkey.
+ *
+ * @param block the data to decrypt, encoded as returned by encrypt
+ * @param size the size of the @a block to decrypt
+ * @param sessionkey the key used to decrypt
+ * @param iv the initialization vector to use, use INITVALUE
+ *        for streams.
+ * @param result address to store the result at
+ * @return -1 on failure, size of decrypted block on success
+ */
+ssize_t
+GNUNET_CRYPTO_symmetric_decrypt (const void *block, size_t size,
+                           const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
+                           const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, 
+                           void *result)
+{
+  gcry_cipher_hd_t handle;
+  char tmp[size];
+  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
+    return -1;
+  GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, block, size));
+  gcry_cipher_close (handle);
+  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
+    return -1;
+  GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, tmp, size));
+  gcry_cipher_close (handle);
+  memset (tmp, 0, sizeof (tmp));
+  return size;
+}
+/**
+ * @brief Derive an IV
+ *
+ * @param iv initialization vector
+ * @param skey session key
+ * @param salt salt for the derivation
+ * @param salt_len size of the @a salt
+ * @param ... pairs of void * & size_t for context chunks, terminated by NULL
+ */
+void
+GNUNET_CRYPTO_symmetric_derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
+                             const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
+                             const void *salt, size_t salt_len, ...)
+{
+  va_list argp;
+  va_start (argp, salt_len);
+  GNUNET_CRYPTO_symmetric_derive_iv_v (iv, skey, salt, salt_len, argp);
+  va_end (argp);
+}
+/**
+ * @brief Derive an IV
+ *
+ * @param iv initialization vector
+ * @param skey session key
+ * @param salt salt for the derivation
+ * @param salt_len size of the salt
+ * @param argp pairs of void * & size_t for context chunks, terminated by NULL
+ */
+void
+GNUNET_CRYPTO_symmetric_derive_iv_v (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
+                               const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
+                               const void *salt, size_t salt_len, va_list argp)
+{
+  char aes_salt[salt_len + 4];
+  char twofish_salt[salt_len + 4];
+  memcpy (aes_salt, salt, salt_len);
+  memcpy (&aes_salt[salt_len], "AES!", 4);
+  memcpy (twofish_salt, salt, salt_len);
+  memcpy (&twofish_salt[salt_len], "FISH", 4);
+  GNUNET_CRYPTO_kdf_v (iv->aes_iv, sizeof (iv->aes_iv), 
+                       aes_salt, salt_len + 4, 
+                       skey->aes_key, sizeof (skey->aes_key), 
+                       argp);
+  GNUNET_CRYPTO_kdf_v (iv->twofish_iv, sizeof (iv->twofish_iv),
+                       twofish_salt, salt_len + 4, 
+                       skey->twofish_key, sizeof (skey->twofish_key), 
+                       argp);
+}
+/* end of crypto_aes.c */
author	Christian Grothoff <christian@grothoff.org>	2013-09-30 11:32:30 +0000
committer	Christian Grothoff <christian@grothoff.org>	2013-09-30 11:32:30 +0000
commit	45b5c1f11144bc14fae34c991ae9db89d6ba8913 (patch)
tree	f4a2fbe70573e0d9bb56d4ccb8be29fcf0c50c55 /src/util/crypto_symmetric.c
parent	05ef63d9f8cf65561b7ed2234efdc80e3fb40bd0 (diff)
download	gnunet-45b5c1f11144bc14fae34c991ae9db89d6ba8913.tar.gz gnunet-45b5c1f11144bc14fae34c991ae9db89d6ba8913.zip

diff --git a/src/util/crypto_symmetric.c b/src/util/crypto_symmetric.c new file mode 100644 index 000000000..3e4f9d748 --- /dev/null +++ b/src/util/crypto_symmetric.c
@@ -0,0 +1,233 @@
	1	/*
	2	This file is part of GNUnet.
	3	(C) 2001, 2002, 2003, 2004, 2005, 2006, 2013 Christian Grothoff (and other contributing authors)
	4
	5	GNUnet is free software; you can redistribute it and/or modify
	6	it under the terms of the GNU General Public License as published
	7	by the Free Software Foundation; either version 3, or (at your
	8	option) any later version.
	9
	10	GNUnet is distributed in the hope that it will be useful, but
	11	WITHOUT ANY WARRANTY; without even the implied warranty of
	12	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	13	General Public License for more details.
	14
	15	You should have received a copy of the GNU General Public License
	16	along with GNUnet; see the file COPYING. If not, write to the
	17	Free Software Foundation, Inc., 59 Temple Place - Suite 330,
	18	Boston, MA 02111-1307, USA.
	19	*/
	20
	21	/**
	22	* @file util/crypto_symmetric.c
	23	* @brief Symmetric encryption services; combined cipher AES+TWOFISH (256-bit each)
	24	* @author Christian Grothoff
	25	* @author Ioana Patrascu
	26	*/
	27
	28	#include "platform.h"
	29	#include "gnunet_common.h"
	30	#include "gnunet_crypto_lib.h"
	31	#include <gcrypt.h>
	32
	33	#define LOG(kind,...) GNUNET_log_from (kind, "util", __VA_ARGS__)
	34
	35	/**
	36	* Create a new SessionKey (for symmetric encryption).
	37	*
	38	* @param key session key to initialize
	39	*/
	40	void
	41	GNUNET_CRYPTO_symmetric_create_session_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key)
	42	{
	43	gcry_randomize (key->aes_key,
	44	GNUNET_CRYPTO_AES_KEY_LENGTH,
	45	GCRY_STRONG_RANDOM);
	46	gcry_randomize (key->twofish_key,
	47	GNUNET_CRYPTO_AES_KEY_LENGTH,
	48	GCRY_STRONG_RANDOM);
	49	}
	50
	51
	52	/**
	53	* Initialize AES cipher.
	54	*
	55	* @param handle handle to initialize
	56	* @param sessionkey session key to use
	57	* @param iv initialization vector to use
	58	* @return #GNUNET_OK on success, #GNUNET_SYSERR on error
	59	*/
	60	static int
	61	setup_cipher_aes (gcry_cipher_hd_t *handle,
	62	const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
	63	const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
	64	{
	65	int rc;
	66
	67	GNUNET_assert (0 ==
	68	gcry_cipher_open (handle, GCRY_CIPHER_AES256,
	69	GCRY_CIPHER_MODE_CFB, 0));
	70	rc = gcry_cipher_setkey (*handle,
	71	sessionkey->aes_key,
	72	sizeof (sessionkey->aes_key));
	73	GNUNET_assert ((0 == rc) \|\| ((char) rc == GPG_ERR_WEAK_KEY));
	74	rc = gcry_cipher_setiv (*handle,
	75	iv->aes_iv,
	76	sizeof (iv->aes_iv));
	77	GNUNET_assert ((0 == rc) \|\| ((char) rc == GPG_ERR_WEAK_KEY));
	78	return GNUNET_OK;
	79	}
	80
	81
	82	/**
	83	* Initialize TWOFISH cipher.
	84	*
	85	* @param handle handle to initialize
	86	* @param sessionkey session key to use
	87	* @param iv initialization vector to use
	88	* @return #GNUNET_OK on success, #GNUNET_SYSERR on error
	89	*/
	90	static int
	91	setup_cipher_twofish (gcry_cipher_hd_t *handle,
	92	const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
	93	const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
	94	{
	95	int rc;
	96
	97	GNUNET_assert (0 ==
	98	gcry_cipher_open (handle, GCRY_CIPHER_TWOFISH,
	99	GCRY_CIPHER_MODE_CFB, 0));
	100	rc = gcry_cipher_setkey (*handle,
	101	sessionkey->twofish_key,
	102	sizeof (sessionkey->twofish_key));
	103	GNUNET_assert ((0 == rc) \|\| ((char) rc == GPG_ERR_WEAK_KEY));
	104	rc = gcry_cipher_setiv (*handle,
	105	iv->twofish_iv,
	106	sizeof (iv->twofish_iv));
	107	GNUNET_assert ((0 == rc) \|\| ((char) rc == GPG_ERR_WEAK_KEY));
	108	return GNUNET_OK;
	109	}
	110
	111
	112	/**
	113	* Encrypt a block with the public key of another
	114	* host that uses the same cyper.
	115	*
	116	* @param block the block to encrypt
	117	* @param len the size of the @a block
	118	* @param sessionkey the key used to encrypt
	119	* @param iv the initialization vector to use, use INITVALUE
	120	* for streams.
	121	* @param result the output parameter in which to store the encrypted result
	122	* @returns the size of the encrypted block, -1 for errors
	123	*/
	124	ssize_t
	125	GNUNET_CRYPTO_symmetric_encrypt (const void *block, size_t len,
	126	const struct GNUNET_CRYPTO_SymmetricSessionKey *
	127	sessionkey,
	128	const struct GNUNET_CRYPTO_SymmetricInitializationVector *
	129	iv, void *result)
	130	{
	131	gcry_cipher_hd_t handle;
	132	char tmp[len];
	133
	134	if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
	135	return -1;
	136	GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, len, block, len));
	137	gcry_cipher_close (handle);
	138	if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
	139	return -1;
	140	GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, len, tmp, len));
	141	gcry_cipher_close (handle);
	142	memset (tmp, 0, sizeof (tmp));
	143	return len;
	144	}
	145
	146
	147	/**
	148	* Decrypt a given block with the sessionkey.
	149	*
	150	* @param block the data to decrypt, encoded as returned by encrypt
	151	* @param size the size of the @a block to decrypt
	152	* @param sessionkey the key used to decrypt
	153	* @param iv the initialization vector to use, use INITVALUE
	154	* for streams.
	155	* @param result address to store the result at
	156	* @return -1 on failure, size of decrypted block on success
	157	*/
	158	ssize_t
	159	GNUNET_CRYPTO_symmetric_decrypt (const void *block, size_t size,
	160	const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
	161	const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
	162	void *result)
	163	{
	164	gcry_cipher_hd_t handle;
	165	char tmp[size];
	166
	167	if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
	168	return -1;
	169	GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, block, size));
	170	gcry_cipher_close (handle);
	171	if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
	172	return -1;
	173	GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, tmp, size));
	174	gcry_cipher_close (handle);
	175	memset (tmp, 0, sizeof (tmp));
	176	return size;
	177	}
	178
	179
	180	/**
	181	* @brief Derive an IV
	182	*
	183	* @param iv initialization vector
	184	* @param skey session key
	185	* @param salt salt for the derivation
	186	* @param salt_len size of the @a salt
	187	* @param ... pairs of void * & size_t for context chunks, terminated by NULL
	188	*/
	189	void
	190	GNUNET_CRYPTO_symmetric_derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
	191	const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
	192	const void *salt, size_t salt_len, ...)
	193	{
	194	va_list argp;
	195
	196	va_start (argp, salt_len);
	197	GNUNET_CRYPTO_symmetric_derive_iv_v (iv, skey, salt, salt_len, argp);
	198	va_end (argp);
	199	}
	200
	201
	202	/**
	203	* @brief Derive an IV
	204	*
	205	* @param iv initialization vector
	206	* @param skey session key
	207	* @param salt salt for the derivation
	208	* @param salt_len size of the salt
	209	* @param argp pairs of void * & size_t for context chunks, terminated by NULL
	210	*/
	211	void
	212	GNUNET_CRYPTO_symmetric_derive_iv_v (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
	213	const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
	214	const void *salt, size_t salt_len, va_list argp)
	215	{
	216	char aes_salt[salt_len + 4];
	217	char twofish_salt[salt_len + 4];
	218
	219	memcpy (aes_salt, salt, salt_len);
	220	memcpy (&aes_salt[salt_len], "AES!", 4);
	221	memcpy (twofish_salt, salt, salt_len);
	222	memcpy (&twofish_salt[salt_len], "FISH", 4);
	223	GNUNET_CRYPTO_kdf_v (iv->aes_iv, sizeof (iv->aes_iv),
	224	aes_salt, salt_len + 4,
	225	skey->aes_key, sizeof (skey->aes_key),
	226	argp);
	227	GNUNET_CRYPTO_kdf_v (iv->twofish_iv, sizeof (iv->twofish_iv),
	228	twofish_salt, salt_len + 4,
	229	skey->twofish_key, sizeof (skey->twofish_key),
	230	argp);
	231	}
	232
	233	/* end of crypto_aes.c */