diff options
Diffstat (limited to 'src/util/crypto_aes.c')
-rw-r--r-- | src/util/crypto_aes.c | 148 |
1 files changed, 148 insertions, 0 deletions
diff --git a/src/util/crypto_aes.c b/src/util/crypto_aes.c new file mode 100644 index 000000000..28a65dfca --- /dev/null +++ b/src/util/crypto_aes.c | |||
@@ -0,0 +1,148 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | (C) 2001, 2002, 2003, 2004, 2005, 2006 Christian Grothoff (and other contributing authors) | ||
4 | |||
5 | GNUnet is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License as published | ||
7 | by the Free Software Foundation; either version 2, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with GNUnet; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 59 Temple Place - Suite 330, | ||
18 | Boston, MA 02111-1307, USA. | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file util/crypto_aes.c | ||
23 | * @brief Symmetric encryption services. | ||
24 | * @author Christian Grothoff | ||
25 | * @author Ioana Patrascu | ||
26 | */ | ||
27 | |||
28 | #include "platform.h" | ||
29 | #include "gnunet_common.h" | ||
30 | #include "gnunet_crypto_lib.h" | ||
31 | #include <gcrypt.h> | ||
32 | |||
33 | /** | ||
34 | * Create a new SessionKey (for AES-256). | ||
35 | */ | ||
36 | void | ||
37 | GNUNET_CRYPTO_aes_create_session_key (struct GNUNET_CRYPTO_AesSessionKey *key) | ||
38 | { | ||
39 | gcry_randomize (&key->key[0], GNUNET_CRYPTO_AES_KEY_LENGTH, | ||
40 | GCRY_STRONG_RANDOM); | ||
41 | key->crc32 = | ||
42 | htonl (GNUNET_CRYPTO_crc32_n (key, GNUNET_CRYPTO_AES_KEY_LENGTH)); | ||
43 | } | ||
44 | |||
45 | /** | ||
46 | * Check that a new session key is well-formed. | ||
47 | * | ||
48 | * @return GNUNET_OK if the key is valid | ||
49 | */ | ||
50 | int | ||
51 | GNUNET_CRYPTO_aes_check_session_key (const struct GNUNET_CRYPTO_AesSessionKey | ||
52 | *key) | ||
53 | { | ||
54 | uint32_t crc; | ||
55 | |||
56 | crc = GNUNET_CRYPTO_crc32_n (key, GNUNET_CRYPTO_AES_KEY_LENGTH); | ||
57 | if (ntohl (key->crc32) == crc) | ||
58 | return GNUNET_OK; | ||
59 | GNUNET_break (0); | ||
60 | return GNUNET_SYSERR; | ||
61 | } | ||
62 | |||
63 | |||
64 | /** | ||
65 | * Encrypt a block with the public key of another | ||
66 | * host that uses the same cyper. | ||
67 | * @param block the block to encrypt | ||
68 | * @param len the size of the block | ||
69 | * @param sessionkey the key used to encrypt | ||
70 | * @param iv the initialization vector to use, use INITVALUE | ||
71 | * for streams. | ||
72 | * @param result the output parameter in which to store the encrypted result | ||
73 | * @returns the size of the encrypted block, -1 for errors | ||
74 | */ | ||
75 | int | ||
76 | GNUNET_CRYPTO_aes_encrypt (const void *block, | ||
77 | uint16_t len, | ||
78 | const struct GNUNET_CRYPTO_AesSessionKey | ||
79 | *sessionkey, | ||
80 | const struct GNUNET_CRYPTO_AesInitializationVector | ||
81 | *iv, void *result) | ||
82 | { | ||
83 | gcry_cipher_hd_t handle; | ||
84 | int rc; | ||
85 | |||
86 | if (sessionkey->crc32 != | ||
87 | htonl (GNUNET_CRYPTO_crc32_n | ||
88 | (sessionkey, GNUNET_CRYPTO_AES_KEY_LENGTH))) | ||
89 | { | ||
90 | GNUNET_break (0); | ||
91 | return GNUNET_SYSERR; | ||
92 | } | ||
93 | GNUNET_assert (0 == gcry_cipher_open (&handle, | ||
94 | GCRY_CIPHER_AES256, | ||
95 | GCRY_CIPHER_MODE_CFB, 0)); | ||
96 | rc = gcry_cipher_setkey (handle, sessionkey, GNUNET_CRYPTO_AES_KEY_LENGTH); | ||
97 | GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); | ||
98 | rc = | ||
99 | gcry_cipher_setiv (handle, iv, | ||
100 | sizeof (struct GNUNET_CRYPTO_AesInitializationVector)); | ||
101 | GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); | ||
102 | GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, len, block, len)); | ||
103 | gcry_cipher_close (handle); | ||
104 | return len; | ||
105 | } | ||
106 | |||
107 | /** | ||
108 | * Decrypt a given block with the sessionkey. | ||
109 | * @param sessionkey the key used to decrypt | ||
110 | * @param block the data to decrypt, encoded as returned by encrypt | ||
111 | * @param size the size of the block to decrypt | ||
112 | * @param iv the initialization vector to use, use INITVALUE | ||
113 | * for streams. | ||
114 | * @param result address to store the result at | ||
115 | * @return -1 on failure, size of decrypted block on success | ||
116 | */ | ||
117 | int | ||
118 | GNUNET_CRYPTO_aes_decrypt (const struct GNUNET_CRYPTO_AesSessionKey | ||
119 | *sessionkey, const void *block, uint16_t size, | ||
120 | const struct GNUNET_CRYPTO_AesInitializationVector | ||
121 | *iv, void *result) | ||
122 | { | ||
123 | gcry_cipher_hd_t handle; | ||
124 | int rc; | ||
125 | |||
126 | if (sessionkey->crc32 != | ||
127 | htonl (GNUNET_CRYPTO_crc32_n | ||
128 | (sessionkey, GNUNET_CRYPTO_AES_KEY_LENGTH))) | ||
129 | { | ||
130 | GNUNET_break (0); | ||
131 | return GNUNET_SYSERR; | ||
132 | } | ||
133 | GNUNET_assert (0 == gcry_cipher_open (&handle, | ||
134 | GCRY_CIPHER_AES256, | ||
135 | GCRY_CIPHER_MODE_CFB, 0)); | ||
136 | rc = gcry_cipher_setkey (handle, sessionkey, GNUNET_CRYPTO_AES_KEY_LENGTH); | ||
137 | GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); | ||
138 | rc = | ||
139 | gcry_cipher_setiv (handle, iv, | ||
140 | sizeof (struct GNUNET_CRYPTO_AesInitializationVector)); | ||
141 | GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); | ||
142 | GNUNET_assert (0 == | ||
143 | gcry_cipher_decrypt (handle, result, size, block, size)); | ||
144 | gcry_cipher_close (handle); | ||
145 | return size; | ||
146 | } | ||
147 | |||
148 | /* end of crypto_aes.c */ | ||