1 files changed, 254 insertions, 0 deletions
diff --git a/src/lib/util/crypto_symmetric.c b/src/lib/util/crypto_symmetric.c
new file mode 100644
index 000000000..c08b84c17
--- /dev/null
+++ b/src/lib/util/crypto_symmetric.c
@@ -0,0 +1,254 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2013 GNUnet e.V.
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+/**
+ * @file util/crypto_symmetric.c
+ * @brief Symmetric encryption services; combined cipher AES+TWOFISH (256-bit each)
+ * @author Christian Grothoff
+ * @author Ioana Patrascu
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include <gcrypt.h>
+#define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-symmetric", \
+                                        __VA_ARGS__)
+/**
+ * Create a new SessionKey (for symmetric encryption).
+ *
+ * @param key session key to initialize
+ */
+void
+GNUNET_CRYPTO_symmetric_create_session_key (struct
+                                            GNUNET_CRYPTO_SymmetricSessionKey *
+                                            key)
+{
+  gcry_randomize (key->aes_key,
+                  GNUNET_CRYPTO_AES_KEY_LENGTH,
+                  GCRY_STRONG_RANDOM);
+  gcry_randomize (key->twofish_key,
+                  GNUNET_CRYPTO_AES_KEY_LENGTH,
+                  GCRY_STRONG_RANDOM);
+}
+/**
+ * Initialize AES cipher.
+ *
+ * @param handle handle to initialize
+ * @param sessionkey session key to use
+ * @param iv initialization vector to use
+ * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
+ */
+static int
+setup_cipher_aes (gcry_cipher_hd_t *handle,
+                  const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
+                  const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
+{
+  int rc;
+  GNUNET_assert (0 ==
+                 gcry_cipher_open (handle, GCRY_CIPHER_AES256,
+                                   GCRY_CIPHER_MODE_CFB, 0));
+  rc = gcry_cipher_setkey (*handle,
+                           sessionkey->aes_key,
+                           sizeof(sessionkey->aes_key));
+  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
+  rc = gcry_cipher_setiv (*handle,
+                          iv->aes_iv,
+                          sizeof(iv->aes_iv));
+  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
+  return GNUNET_OK;
+}
+/**
+ * Initialize TWOFISH cipher.
+ *
+ * @param handle handle to initialize
+ * @param sessionkey session key to use
+ * @param iv initialization vector to use
+ * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
+ */
+static int
+setup_cipher_twofish (gcry_cipher_hd_t *handle,
+                      const struct
+                      GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
+                      const struct
+                      GNUNET_CRYPTO_SymmetricInitializationVector *iv)
+{
+  int rc;
+  GNUNET_assert (0 ==
+                 gcry_cipher_open (handle, GCRY_CIPHER_TWOFISH,
+                                   GCRY_CIPHER_MODE_CFB, 0));
+  rc = gcry_cipher_setkey (*handle,
+                           sessionkey->twofish_key,
+                           sizeof(sessionkey->twofish_key));
+  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
+  rc = gcry_cipher_setiv (*handle,
+                          iv->twofish_iv,
+                          sizeof(iv->twofish_iv));
+  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
+  return GNUNET_OK;
+}
+/**
+ * Encrypt a block with a symmetric session key.
+ *
+ * @param block the block to encrypt
+ * @param size the size of the @a block
+ * @param sessionkey the key used to encrypt
+ * @param iv the initialization vector to use, use INITVALUE for streams
+ * @param result the output parameter in which to store the encrypted result
+ *               can be the same or overlap with @c block
+ * @returns the size of the encrypted block, -1 for errors.
+ *          Due to the use of CFB and therefore an effective stream cipher,
+ *          this size should be the same as @c len.
+ */
+ssize_t
+GNUNET_CRYPTO_symmetric_encrypt (const void *block,
+                                 size_t size,
+                                 const struct
+                                 GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
+                                 const struct
+                                 GNUNET_CRYPTO_SymmetricInitializationVector *iv,
+                                 void *result)
+{
+  gcry_cipher_hd_t handle;
+  char tmp[GNUNET_NZL(size)];
+  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
+    return -1;
+  GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, size, block, size));
+  gcry_cipher_close (handle);
+  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
+    return -1;
+  GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, tmp, size));
+  gcry_cipher_close (handle);
+  memset (tmp, 0, sizeof(tmp));
+  return size;
+}
+/**
+ * Decrypt a given block with the session key.
+ *
+ * @param block the data to decrypt, encoded as returned by encrypt
+ * @param size the size of the @a block to decrypt
+ * @param sessionkey the key used to decrypt
+ * @param iv the initialization vector to use, use INITVALUE for streams
+ * @param result address to store the result at
+ *               can be the same or overlap with @c block
+ * @return -1 on failure, size of decrypted block on success.
+ *         Due to the use of CFB and therefore an effective stream cipher,
+ *         this size should be the same as @c size.
+ */
+ssize_t
+GNUNET_CRYPTO_symmetric_decrypt (const void *block,
+                                 size_t size,
+                                 const struct
+                                 GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
+                                 const struct
+                                 GNUNET_CRYPTO_SymmetricInitializationVector *iv,
+                                 void *result)
+{
+  gcry_cipher_hd_t handle;
+  char tmp[size];
+  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
+    return -1;
+  GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, block, size));
+  gcry_cipher_close (handle);
+  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
+    return -1;
+  GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, tmp, size));
+  gcry_cipher_close (handle);
+  memset (tmp, 0, sizeof(tmp));
+  return size;
+}
+/**
+ * @brief Derive an IV
+ *
+ * @param iv initialization vector
+ * @param skey session key
+ * @param salt salt for the derivation
+ * @param salt_len size of the @a salt
+ * @param ... pairs of void * & size_t for context chunks, terminated by NULL
+ */
+void
+GNUNET_CRYPTO_symmetric_derive_iv (struct
+                                   GNUNET_CRYPTO_SymmetricInitializationVector *
+                                   iv,
+                                   const struct
+                                   GNUNET_CRYPTO_SymmetricSessionKey *skey,
+                                   const void *salt,
+                                   size_t salt_len,
+                                   ...)
+{
+  va_list argp;
+  va_start (argp, salt_len);
+  GNUNET_CRYPTO_symmetric_derive_iv_v (iv, skey, salt, salt_len, argp);
+  va_end (argp);
+}
+void
+GNUNET_CRYPTO_symmetric_derive_iv_v (struct
+                                     GNUNET_CRYPTO_SymmetricInitializationVector
+                                     *iv,
+                                     const struct
+                                     GNUNET_CRYPTO_SymmetricSessionKey *skey,
+                                     const void *salt,
+                                     size_t salt_len,
+                                     va_list argp)
+{
+  char aes_salt[salt_len + 4];
+  char twofish_salt[salt_len + 4];
+  GNUNET_memcpy (aes_salt, salt, salt_len);
+  GNUNET_memcpy (&aes_salt[salt_len], "AES!", 4);
+  GNUNET_memcpy (twofish_salt, salt, salt_len);
+  GNUNET_memcpy (&twofish_salt[salt_len], "FISH", 4);
+  GNUNET_CRYPTO_kdf_v (iv->aes_iv,
+                       sizeof(iv->aes_iv),
+                       aes_salt,
+                       salt_len + 4,
+                       skey->aes_key,
+                       sizeof(skey->aes_key),
+                       argp);
+  GNUNET_CRYPTO_kdf_v (iv->twofish_iv,
+                       sizeof(iv->twofish_iv),
+                       twofish_salt,
+                       salt_len + 4,
+                       skey->twofish_key,
+                       sizeof(skey->twofish_key),
+                       argp);
+}
+/* end of crypto_symmetric.c */

diff --git a/src/lib/util/crypto_symmetric.c b/src/lib/util/crypto_symmetric.c new file mode 100644 index 000000000..c08b84c17 --- /dev/null +++ b/src/lib/util/crypto_symmetric.c
@@ -0,0 +1,254 @@
	1	/*
	2	This file is part of GNUnet.
	3	Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2013 GNUnet e.V.
	4
	5	GNUnet is free software: you can redistribute it and/or modify it
	6	under the terms of the GNU Affero General Public License as published
	7	by the Free Software Foundation, either version 3 of the License,
	8	or (at your option) any later version.
	9
	10	GNUnet is distributed in the hope that it will be useful, but
	11	WITHOUT ANY WARRANTY; without even the implied warranty of
	12	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	13	Affero General Public License for more details.
	14
	15	You should have received a copy of the GNU Affero General Public License
	16	along with this program. If not, see <http://www.gnu.org/licenses/>.
	17
	18	SPDX-License-Identifier: AGPL3.0-or-later
	19	*/
	20
	21	/**
	22	* @file util/crypto_symmetric.c
	23	* @brief Symmetric encryption services; combined cipher AES+TWOFISH (256-bit each)
	24	* @author Christian Grothoff
	25	* @author Ioana Patrascu
	26	*/
	27
	28
	29	#include "platform.h"
	30	#include "gnunet_util_lib.h"
	31	#include <gcrypt.h>
	32
	33	#define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-symmetric", \
	34	__VA_ARGS__)
	35
	36	/**
	37	* Create a new SessionKey (for symmetric encryption).
	38	*
	39	* @param key session key to initialize
	40	*/
	41	void
	42	GNUNET_CRYPTO_symmetric_create_session_key (struct
	43	GNUNET_CRYPTO_SymmetricSessionKey *
	44	key)
	45	{
	46	gcry_randomize (key->aes_key,
	47	GNUNET_CRYPTO_AES_KEY_LENGTH,
	48	GCRY_STRONG_RANDOM);
	49	gcry_randomize (key->twofish_key,
	50	GNUNET_CRYPTO_AES_KEY_LENGTH,
	51	GCRY_STRONG_RANDOM);
	52	}
	53
	54
	55	/**
	56	* Initialize AES cipher.
	57	*
	58	* @param handle handle to initialize
	59	* @param sessionkey session key to use
	60	* @param iv initialization vector to use
	61	* @return #GNUNET_OK on success, #GNUNET_SYSERR on error
	62	*/
	63	static int
	64	setup_cipher_aes (gcry_cipher_hd_t *handle,
	65	const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
	66	const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
	67	{
	68	int rc;
	69
	70	GNUNET_assert (0 ==
	71	gcry_cipher_open (handle, GCRY_CIPHER_AES256,
	72	GCRY_CIPHER_MODE_CFB, 0));
	73	rc = gcry_cipher_setkey (*handle,
	74	sessionkey->aes_key,
	75	sizeof(sessionkey->aes_key));
	76	GNUNET_assert ((0 == rc) \|\| ((char) rc == GPG_ERR_WEAK_KEY));
	77	rc = gcry_cipher_setiv (*handle,
	78	iv->aes_iv,
	79	sizeof(iv->aes_iv));
	80	GNUNET_assert ((0 == rc) \|\| ((char) rc == GPG_ERR_WEAK_KEY));
	81	return GNUNET_OK;
	82	}
	83
	84
	85	/**
	86	* Initialize TWOFISH cipher.
	87	*
	88	* @param handle handle to initialize
	89	* @param sessionkey session key to use
	90	* @param iv initialization vector to use
	91	* @return #GNUNET_OK on success, #GNUNET_SYSERR on error
	92	*/
	93	static int
	94	setup_cipher_twofish (gcry_cipher_hd_t *handle,
	95	const struct
	96	GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
	97	const struct
	98	GNUNET_CRYPTO_SymmetricInitializationVector *iv)
	99	{
	100	int rc;
	101
	102	GNUNET_assert (0 ==
	103	gcry_cipher_open (handle, GCRY_CIPHER_TWOFISH,
	104	GCRY_CIPHER_MODE_CFB, 0));
	105	rc = gcry_cipher_setkey (*handle,
	106	sessionkey->twofish_key,
	107	sizeof(sessionkey->twofish_key));
	108	GNUNET_assert ((0 == rc) \|\| ((char) rc == GPG_ERR_WEAK_KEY));
	109	rc = gcry_cipher_setiv (*handle,
	110	iv->twofish_iv,
	111	sizeof(iv->twofish_iv));
	112	GNUNET_assert ((0 == rc) \|\| ((char) rc == GPG_ERR_WEAK_KEY));
	113	return GNUNET_OK;
	114	}
	115
	116
	117	/**
	118	* Encrypt a block with a symmetric session key.
	119	*
	120	* @param block the block to encrypt
	121	* @param size the size of the @a block
	122	* @param sessionkey the key used to encrypt
	123	* @param iv the initialization vector to use, use INITVALUE for streams
	124	* @param result the output parameter in which to store the encrypted result
	125	* can be the same or overlap with @c block
	126	* @returns the size of the encrypted block, -1 for errors.
	127	* Due to the use of CFB and therefore an effective stream cipher,
	128	* this size should be the same as @c len.
	129	*/
	130	ssize_t
	131	GNUNET_CRYPTO_symmetric_encrypt (const void *block,
	132	size_t size,
	133	const struct
	134	GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
	135	const struct
	136	GNUNET_CRYPTO_SymmetricInitializationVector *iv,
	137	void *result)
	138	{
	139	gcry_cipher_hd_t handle;
	140	char tmp[GNUNET_NZL(size)];
	141
	142	if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
	143	return -1;
	144	GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, size, block, size));
	145	gcry_cipher_close (handle);
	146	if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
	147	return -1;
	148	GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, tmp, size));
	149	gcry_cipher_close (handle);
	150	memset (tmp, 0, sizeof(tmp));
	151	return size;
	152	}
	153
	154
	155	/**
	156	* Decrypt a given block with the session key.
	157	*
	158	* @param block the data to decrypt, encoded as returned by encrypt
	159	* @param size the size of the @a block to decrypt
	160	* @param sessionkey the key used to decrypt
	161	* @param iv the initialization vector to use, use INITVALUE for streams
	162	* @param result address to store the result at
	163	* can be the same or overlap with @c block
	164	* @return -1 on failure, size of decrypted block on success.
	165	* Due to the use of CFB and therefore an effective stream cipher,
	166	* this size should be the same as @c size.
	167	*/
	168	ssize_t
	169	GNUNET_CRYPTO_symmetric_decrypt (const void *block,
	170	size_t size,
	171	const struct
	172	GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
	173	const struct
	174	GNUNET_CRYPTO_SymmetricInitializationVector *iv,
	175	void *result)
	176	{
	177	gcry_cipher_hd_t handle;
	178	char tmp[size];
	179
	180	if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
	181	return -1;
	182	GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, block, size));
	183	gcry_cipher_close (handle);
	184	if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
	185	return -1;
	186	GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, tmp, size));
	187	gcry_cipher_close (handle);
	188	memset (tmp, 0, sizeof(tmp));
	189	return size;
	190	}
	191
	192
	193	/**
	194	* @brief Derive an IV
	195	*
	196	* @param iv initialization vector
	197	* @param skey session key
	198	* @param salt salt for the derivation
	199	* @param salt_len size of the @a salt
	200	* @param ... pairs of void * & size_t for context chunks, terminated by NULL
	201	*/
	202	void
	203	GNUNET_CRYPTO_symmetric_derive_iv (struct
	204	GNUNET_CRYPTO_SymmetricInitializationVector *
	205	iv,
	206	const struct
	207	GNUNET_CRYPTO_SymmetricSessionKey *skey,
	208	const void *salt,
	209	size_t salt_len,
	210	...)
	211	{
	212	va_list argp;
	213
	214	va_start (argp, salt_len);
	215	GNUNET_CRYPTO_symmetric_derive_iv_v (iv, skey, salt, salt_len, argp);
	216	va_end (argp);
	217	}
	218
	219
	220	void
	221	GNUNET_CRYPTO_symmetric_derive_iv_v (struct
	222	GNUNET_CRYPTO_SymmetricInitializationVector
	223	*iv,
	224	const struct
	225	GNUNET_CRYPTO_SymmetricSessionKey *skey,
	226	const void *salt,
	227	size_t salt_len,
	228	va_list argp)
	229	{
	230	char aes_salt[salt_len + 4];
	231	char twofish_salt[salt_len + 4];
	232
	233	GNUNET_memcpy (aes_salt, salt, salt_len);
	234	GNUNET_memcpy (&aes_salt[salt_len], "AES!", 4);
	235	GNUNET_memcpy (twofish_salt, salt, salt_len);
	236	GNUNET_memcpy (&twofish_salt[salt_len], "FISH", 4);
	237	GNUNET_CRYPTO_kdf_v (iv->aes_iv,
	238	sizeof(iv->aes_iv),
	239	aes_salt,
	240	salt_len + 4,
	241	skey->aes_key,
	242	sizeof(skey->aes_key),
	243	argp);
	244	GNUNET_CRYPTO_kdf_v (iv->twofish_iv,
	245	sizeof(iv->twofish_iv),
	246	twofish_salt,
	247	salt_len + 4,
	248	skey->twofish_key,
	249	sizeof(skey->twofish_key),
	250	argp);
	251	}
	252
	253
	254	/* end of crypto_symmetric.c */