diff options
Diffstat (limited to 'src/identity/identity_api.c')
| -rw-r--r-- | src/identity/identity_api.c | 117 |
1 files changed, 107 insertions, 10 deletions
diff --git a/src/identity/identity_api.c b/src/identity/identity_api.c index 47a78e2bb..3a9258aa4 100644 --- a/src/identity/identity_api.c +++ b/src/identity/identity_api.c | |||
| @@ -1136,11 +1136,11 @@ GNUNET_IDENTITY_signature_verify_raw_ (uint32_t purpose, | |||
| 1136 | 1136 | ||
| 1137 | 1137 | ||
| 1138 | ssize_t | 1138 | ssize_t |
| 1139 | GNUNET_IDENTITY_encrypt (const void *block, | 1139 | GNUNET_IDENTITY_encrypt_old (const void *block, |
| 1140 | size_t size, | 1140 | size_t size, |
| 1141 | const struct GNUNET_IDENTITY_PublicKey *pub, | 1141 | const struct GNUNET_IDENTITY_PublicKey *pub, |
| 1142 | struct GNUNET_CRYPTO_EcdhePublicKey *ecc, | 1142 | struct GNUNET_CRYPTO_EcdhePublicKey *ecc, |
| 1143 | void *result) | 1143 | void *result) |
| 1144 | { | 1144 | { |
| 1145 | struct GNUNET_CRYPTO_EcdhePrivateKey pk; | 1145 | struct GNUNET_CRYPTO_EcdhePrivateKey pk; |
| 1146 | GNUNET_CRYPTO_ecdhe_key_create (&pk); | 1146 | GNUNET_CRYPTO_ecdhe_key_create (&pk); |
| @@ -1174,12 +1174,109 @@ GNUNET_IDENTITY_encrypt (const void *block, | |||
| 1174 | } | 1174 | } |
| 1175 | 1175 | ||
| 1176 | 1176 | ||
| 1177 | ssize_t | 1177 | enum GNUNET_GenericReturnValue |
| 1178 | GNUNET_IDENTITY_decrypt (const void *block, | 1178 | GNUNET_IDENTITY_encrypt (const void *pt, |
| 1179 | size_t size, | 1179 | size_t pt_size, |
| 1180 | const struct GNUNET_IDENTITY_PublicKey *pub, | ||
| 1181 | void *ct_buf, | ||
| 1182 | size_t ct_size) | ||
| 1183 | { | ||
| 1184 | struct GNUNET_HashCode k; | ||
| 1185 | struct GNUNET_CRYPTO_FoKemC kemc; | ||
| 1186 | struct GNUNET_CRYPTO_FoKemC *kemc_buf = (struct GNUNET_CRYPTO_FoKemC*) ct_buf; | ||
| 1187 | unsigned char *encrypted_data = (unsigned char*) &kemc_buf[1]; | ||
| 1188 | unsigned char nonce[crypto_secretbox_NONCEBYTES]; | ||
| 1189 | unsigned char key[crypto_secretbox_KEYBYTES]; | ||
| 1190 | |||
| 1191 | if (ct_size < pt_size + GNUNET_IDENTITY_ENCRYPT_OVERHEAD_BYTES) | ||
| 1192 | { | ||
| 1193 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
| 1194 | "Output buffer size for ciphertext too small: Got %lu, want >=%lu\n", | ||
| 1195 | ct_size, pt_size + GNUNET_IDENTITY_ENCRYPT_OVERHEAD_BYTES); | ||
| 1196 | return GNUNET_SYSERR; | ||
| 1197 | } | ||
| 1198 | switch (ntohl (pub->type)) | ||
| 1199 | { | ||
| 1200 | case GNUNET_IDENTITY_TYPE_ECDSA: | ||
| 1201 | if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_fo_kem_encaps (&(pub->ecdsa_key), | ||
| 1202 | &kemc, | ||
| 1203 | &k)) | ||
| 1204 | return GNUNET_SYSERR; | ||
| 1205 | break; | ||
| 1206 | case GNUNET_IDENTITY_TYPE_EDDSA: | ||
| 1207 | if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_fo_kem_encaps (&pub->eddsa_key, | ||
| 1208 | &kemc, | ||
| 1209 | &k)) | ||
| 1210 | return GNUNET_SYSERR; | ||
| 1211 | break; | ||
| 1212 | default: | ||
| 1213 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unsupported key type\n"); | ||
| 1214 | return GNUNET_SYSERR; | ||
| 1215 | } | ||
| 1216 | memcpy (key, &k, crypto_secretbox_KEYBYTES); | ||
| 1217 | memcpy (nonce, ((char* ) &k) + crypto_secretbox_KEYBYTES, | ||
| 1218 | crypto_secretbox_NONCEBYTES); | ||
| 1219 | if (crypto_secretbox_easy (encrypted_data, pt, pt_size, nonce, key)) | ||
| 1220 | return GNUNET_SYSERR; | ||
| 1221 | memcpy (kemc_buf, &kemc, sizeof (kemc)); | ||
| 1222 | return GNUNET_OK; | ||
| 1223 | } | ||
| 1224 | |||
| 1225 | |||
| 1226 | enum GNUNET_GenericReturnValue | ||
| 1227 | GNUNET_IDENTITY_decrypt (const void *ct_buf, | ||
| 1228 | size_t ct_size, | ||
| 1180 | const struct GNUNET_IDENTITY_PrivateKey *priv, | 1229 | const struct GNUNET_IDENTITY_PrivateKey *priv, |
| 1181 | const struct GNUNET_CRYPTO_EcdhePublicKey *ecc, | 1230 | void *pt, |
| 1182 | void *result) | 1231 | size_t pt_size) |
| 1232 | { | ||
| 1233 | struct GNUNET_HashCode k; | ||
| 1234 | struct GNUNET_CRYPTO_FoKemC *kemc = (struct GNUNET_CRYPTO_FoKemC*) ct_buf; | ||
| 1235 | unsigned char *encrypted_data = (unsigned char*) &kemc[1]; | ||
| 1236 | unsigned char nonce[crypto_secretbox_NONCEBYTES]; | ||
| 1237 | unsigned char key[crypto_secretbox_KEYBYTES]; | ||
| 1238 | size_t expected_pt_len = ct_size - GNUNET_IDENTITY_ENCRYPT_OVERHEAD_BYTES; | ||
| 1239 | |||
| 1240 | if (pt_size < expected_pt_len) | ||
| 1241 | { | ||
| 1242 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
| 1243 | "Output buffer size for plaintext too small: Got %lu, want >=%lu\n", | ||
| 1244 | pt_size, expected_pt_len); | ||
| 1245 | return GNUNET_SYSERR; | ||
| 1246 | } | ||
| 1247 | switch (ntohl (priv->type)) | ||
| 1248 | { | ||
| 1249 | case GNUNET_IDENTITY_TYPE_ECDSA: | ||
| 1250 | if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_fo_kem_decaps (&(priv->ecdsa_key), | ||
| 1251 | kemc, | ||
| 1252 | &k)) | ||
| 1253 | return GNUNET_SYSERR; | ||
| 1254 | break; | ||
| 1255 | case GNUNET_IDENTITY_TYPE_EDDSA: | ||
| 1256 | if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_fo_kem_decaps (&(priv->eddsa_key), | ||
| 1257 | kemc, | ||
| 1258 | &k)) | ||
| 1259 | return GNUNET_SYSERR; | ||
| 1260 | break; | ||
| 1261 | default: | ||
| 1262 | return GNUNET_SYSERR; | ||
| 1263 | } | ||
| 1264 | memcpy (key, &k, crypto_secretbox_KEYBYTES); | ||
| 1265 | memcpy (nonce, ((char* ) &k) + crypto_secretbox_KEYBYTES, | ||
| 1266 | crypto_secretbox_NONCEBYTES); | ||
| 1267 | if (crypto_secretbox_open_easy (pt, encrypted_data, ct_size - sizeof (*kemc), | ||
| 1268 | nonce, key)) | ||
| 1269 | return GNUNET_SYSERR; | ||
| 1270 | return GNUNET_OK; | ||
| 1271 | } | ||
| 1272 | |||
| 1273 | |||
| 1274 | ssize_t | ||
| 1275 | GNUNET_IDENTITY_decrypt_old (const void *block, | ||
| 1276 | size_t size, | ||
| 1277 | const struct GNUNET_IDENTITY_PrivateKey *priv, | ||
| 1278 | const struct GNUNET_CRYPTO_EcdhePublicKey *ecc, | ||
| 1279 | void *result) | ||
| 1183 | { | 1280 | { |
| 1184 | struct GNUNET_HashCode hash; | 1281 | struct GNUNET_HashCode hash; |
| 1185 | switch (ntohl (priv->type)) | 1282 | switch (ntohl (priv->type)) |