diff options
Diffstat (limited to 'src/util/crypto_symmetric.c')
-rw-r--r-- | src/util/crypto_symmetric.c | 197 |
1 files changed, 106 insertions, 91 deletions
diff --git a/src/util/crypto_symmetric.c b/src/util/crypto_symmetric.c index 7fad2a884..a6e22521a 100644 --- a/src/util/crypto_symmetric.c +++ b/src/util/crypto_symmetric.c | |||
@@ -29,7 +29,8 @@ | |||
29 | #include "gnunet_crypto_lib.h" | 29 | #include "gnunet_crypto_lib.h" |
30 | #include <gcrypt.h> | 30 | #include <gcrypt.h> |
31 | 31 | ||
32 | #define LOG(kind, ...) GNUNET_log_from(kind, "util-crypto-symmetric", __VA_ARGS__) | 32 | #define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-symmetric", \ |
33 | __VA_ARGS__) | ||
33 | 34 | ||
34 | /** | 35 | /** |
35 | * Create a new SessionKey (for symmetric encryption). | 36 | * Create a new SessionKey (for symmetric encryption). |
@@ -37,14 +38,16 @@ | |||
37 | * @param key session key to initialize | 38 | * @param key session key to initialize |
38 | */ | 39 | */ |
39 | void | 40 | void |
40 | GNUNET_CRYPTO_symmetric_create_session_key(struct GNUNET_CRYPTO_SymmetricSessionKey *key) | 41 | GNUNET_CRYPTO_symmetric_create_session_key (struct |
42 | GNUNET_CRYPTO_SymmetricSessionKey * | ||
43 | key) | ||
41 | { | 44 | { |
42 | gcry_randomize(key->aes_key, | 45 | gcry_randomize (key->aes_key, |
43 | GNUNET_CRYPTO_AES_KEY_LENGTH, | 46 | GNUNET_CRYPTO_AES_KEY_LENGTH, |
44 | GCRY_STRONG_RANDOM); | 47 | GCRY_STRONG_RANDOM); |
45 | gcry_randomize(key->twofish_key, | 48 | gcry_randomize (key->twofish_key, |
46 | GNUNET_CRYPTO_AES_KEY_LENGTH, | 49 | GNUNET_CRYPTO_AES_KEY_LENGTH, |
47 | GCRY_STRONG_RANDOM); | 50 | GCRY_STRONG_RANDOM); |
48 | } | 51 | } |
49 | 52 | ||
50 | 53 | ||
@@ -57,23 +60,23 @@ GNUNET_CRYPTO_symmetric_create_session_key(struct GNUNET_CRYPTO_SymmetricSession | |||
57 | * @return #GNUNET_OK on success, #GNUNET_SYSERR on error | 60 | * @return #GNUNET_OK on success, #GNUNET_SYSERR on error |
58 | */ | 61 | */ |
59 | static int | 62 | static int |
60 | setup_cipher_aes(gcry_cipher_hd_t *handle, | 63 | setup_cipher_aes (gcry_cipher_hd_t *handle, |
61 | const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, | 64 | const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, |
62 | const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv) | 65 | const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv) |
63 | { | 66 | { |
64 | int rc; | 67 | int rc; |
65 | 68 | ||
66 | GNUNET_assert(0 == | 69 | GNUNET_assert (0 == |
67 | gcry_cipher_open(handle, GCRY_CIPHER_AES256, | 70 | gcry_cipher_open (handle, GCRY_CIPHER_AES256, |
68 | GCRY_CIPHER_MODE_CFB, 0)); | 71 | GCRY_CIPHER_MODE_CFB, 0)); |
69 | rc = gcry_cipher_setkey(*handle, | 72 | rc = gcry_cipher_setkey (*handle, |
70 | sessionkey->aes_key, | 73 | sessionkey->aes_key, |
71 | sizeof(sessionkey->aes_key)); | 74 | sizeof(sessionkey->aes_key)); |
72 | GNUNET_assert((0 == rc) || ((char)rc == GPG_ERR_WEAK_KEY)); | 75 | GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); |
73 | rc = gcry_cipher_setiv(*handle, | 76 | rc = gcry_cipher_setiv (*handle, |
74 | iv->aes_iv, | 77 | iv->aes_iv, |
75 | sizeof(iv->aes_iv)); | 78 | sizeof(iv->aes_iv)); |
76 | GNUNET_assert((0 == rc) || ((char)rc == GPG_ERR_WEAK_KEY)); | 79 | GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); |
77 | return GNUNET_OK; | 80 | return GNUNET_OK; |
78 | } | 81 | } |
79 | 82 | ||
@@ -87,23 +90,25 @@ setup_cipher_aes(gcry_cipher_hd_t *handle, | |||
87 | * @return #GNUNET_OK on success, #GNUNET_SYSERR on error | 90 | * @return #GNUNET_OK on success, #GNUNET_SYSERR on error |
88 | */ | 91 | */ |
89 | static int | 92 | static int |
90 | setup_cipher_twofish(gcry_cipher_hd_t *handle, | 93 | setup_cipher_twofish (gcry_cipher_hd_t *handle, |
91 | const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, | 94 | const struct |
92 | const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv) | 95 | GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, |
96 | const struct | ||
97 | GNUNET_CRYPTO_SymmetricInitializationVector *iv) | ||
93 | { | 98 | { |
94 | int rc; | 99 | int rc; |
95 | 100 | ||
96 | GNUNET_assert(0 == | 101 | GNUNET_assert (0 == |
97 | gcry_cipher_open(handle, GCRY_CIPHER_TWOFISH, | 102 | gcry_cipher_open (handle, GCRY_CIPHER_TWOFISH, |
98 | GCRY_CIPHER_MODE_CFB, 0)); | 103 | GCRY_CIPHER_MODE_CFB, 0)); |
99 | rc = gcry_cipher_setkey(*handle, | 104 | rc = gcry_cipher_setkey (*handle, |
100 | sessionkey->twofish_key, | 105 | sessionkey->twofish_key, |
101 | sizeof(sessionkey->twofish_key)); | 106 | sizeof(sessionkey->twofish_key)); |
102 | GNUNET_assert((0 == rc) || ((char)rc == GPG_ERR_WEAK_KEY)); | 107 | GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); |
103 | rc = gcry_cipher_setiv(*handle, | 108 | rc = gcry_cipher_setiv (*handle, |
104 | iv->twofish_iv, | 109 | iv->twofish_iv, |
105 | sizeof(iv->twofish_iv)); | 110 | sizeof(iv->twofish_iv)); |
106 | GNUNET_assert((0 == rc) || ((char)rc == GPG_ERR_WEAK_KEY)); | 111 | GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); |
107 | return GNUNET_OK; | 112 | return GNUNET_OK; |
108 | } | 113 | } |
109 | 114 | ||
@@ -122,24 +127,26 @@ setup_cipher_twofish(gcry_cipher_hd_t *handle, | |||
122 | * this size should be the same as @c len. | 127 | * this size should be the same as @c len. |
123 | */ | 128 | */ |
124 | ssize_t | 129 | ssize_t |
125 | GNUNET_CRYPTO_symmetric_encrypt(const void *block, | 130 | GNUNET_CRYPTO_symmetric_encrypt (const void *block, |
126 | size_t size, | 131 | size_t size, |
127 | const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, | 132 | const struct |
128 | const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | 133 | GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, |
129 | void *result) | 134 | const struct |
135 | GNUNET_CRYPTO_SymmetricInitializationVector *iv, | ||
136 | void *result) | ||
130 | { | 137 | { |
131 | gcry_cipher_hd_t handle; | 138 | gcry_cipher_hd_t handle; |
132 | char tmp[size]; | 139 | char tmp[size]; |
133 | 140 | ||
134 | if (GNUNET_OK != setup_cipher_aes(&handle, sessionkey, iv)) | 141 | if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv)) |
135 | return -1; | 142 | return -1; |
136 | GNUNET_assert(0 == gcry_cipher_encrypt(handle, tmp, size, block, size)); | 143 | GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, size, block, size)); |
137 | gcry_cipher_close(handle); | 144 | gcry_cipher_close (handle); |
138 | if (GNUNET_OK != setup_cipher_twofish(&handle, sessionkey, iv)) | 145 | if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv)) |
139 | return -1; | 146 | return -1; |
140 | GNUNET_assert(0 == gcry_cipher_encrypt(handle, result, size, tmp, size)); | 147 | GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, tmp, size)); |
141 | gcry_cipher_close(handle); | 148 | gcry_cipher_close (handle); |
142 | memset(tmp, 0, sizeof(tmp)); | 149 | memset (tmp, 0, sizeof(tmp)); |
143 | return size; | 150 | return size; |
144 | } | 151 | } |
145 | 152 | ||
@@ -158,24 +165,26 @@ GNUNET_CRYPTO_symmetric_encrypt(const void *block, | |||
158 | * this size should be the same as @c size. | 165 | * this size should be the same as @c size. |
159 | */ | 166 | */ |
160 | ssize_t | 167 | ssize_t |
161 | GNUNET_CRYPTO_symmetric_decrypt(const void *block, | 168 | GNUNET_CRYPTO_symmetric_decrypt (const void *block, |
162 | size_t size, | 169 | size_t size, |
163 | const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, | 170 | const struct |
164 | const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | 171 | GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, |
165 | void *result) | 172 | const struct |
173 | GNUNET_CRYPTO_SymmetricInitializationVector *iv, | ||
174 | void *result) | ||
166 | { | 175 | { |
167 | gcry_cipher_hd_t handle; | 176 | gcry_cipher_hd_t handle; |
168 | char tmp[size]; | 177 | char tmp[size]; |
169 | 178 | ||
170 | if (GNUNET_OK != setup_cipher_twofish(&handle, sessionkey, iv)) | 179 | if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv)) |
171 | return -1; | 180 | return -1; |
172 | GNUNET_assert(0 == gcry_cipher_decrypt(handle, tmp, size, block, size)); | 181 | GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, block, size)); |
173 | gcry_cipher_close(handle); | 182 | gcry_cipher_close (handle); |
174 | if (GNUNET_OK != setup_cipher_aes(&handle, sessionkey, iv)) | 183 | if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv)) |
175 | return -1; | 184 | return -1; |
176 | GNUNET_assert(0 == gcry_cipher_decrypt(handle, result, size, tmp, size)); | 185 | GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, tmp, size)); |
177 | gcry_cipher_close(handle); | 186 | gcry_cipher_close (handle); |
178 | memset(tmp, 0, sizeof(tmp)); | 187 | memset (tmp, 0, sizeof(tmp)); |
179 | return size; | 188 | return size; |
180 | } | 189 | } |
181 | 190 | ||
@@ -190,17 +199,20 @@ GNUNET_CRYPTO_symmetric_decrypt(const void *block, | |||
190 | * @param ... pairs of void * & size_t for context chunks, terminated by NULL | 199 | * @param ... pairs of void * & size_t for context chunks, terminated by NULL |
191 | */ | 200 | */ |
192 | void | 201 | void |
193 | GNUNET_CRYPTO_symmetric_derive_iv(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | 202 | GNUNET_CRYPTO_symmetric_derive_iv (struct |
194 | const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, | 203 | GNUNET_CRYPTO_SymmetricInitializationVector * |
195 | const void *salt, | 204 | iv, |
196 | size_t salt_len, | 205 | const struct |
197 | ...) | 206 | GNUNET_CRYPTO_SymmetricSessionKey *skey, |
207 | const void *salt, | ||
208 | size_t salt_len, | ||
209 | ...) | ||
198 | { | 210 | { |
199 | va_list argp; | 211 | va_list argp; |
200 | 212 | ||
201 | va_start(argp, salt_len); | 213 | va_start (argp, salt_len); |
202 | GNUNET_CRYPTO_symmetric_derive_iv_v(iv, skey, salt, salt_len, argp); | 214 | GNUNET_CRYPTO_symmetric_derive_iv_v (iv, skey, salt, salt_len, argp); |
203 | va_end(argp); | 215 | va_end (argp); |
204 | } | 216 | } |
205 | 217 | ||
206 | 218 | ||
@@ -214,33 +226,36 @@ GNUNET_CRYPTO_symmetric_derive_iv(struct GNUNET_CRYPTO_SymmetricInitializationVe | |||
214 | * @param argp pairs of void * & size_t for context chunks, terminated by NULL | 226 | * @param argp pairs of void * & size_t for context chunks, terminated by NULL |
215 | */ | 227 | */ |
216 | void | 228 | void |
217 | GNUNET_CRYPTO_symmetric_derive_iv_v(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | 229 | GNUNET_CRYPTO_symmetric_derive_iv_v (struct |
218 | const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, | 230 | GNUNET_CRYPTO_SymmetricInitializationVector |
219 | const void *salt, | 231 | *iv, |
220 | size_t salt_len, | 232 | const struct |
221 | va_list argp) | 233 | GNUNET_CRYPTO_SymmetricSessionKey *skey, |
234 | const void *salt, | ||
235 | size_t salt_len, | ||
236 | va_list argp) | ||
222 | { | 237 | { |
223 | char aes_salt[salt_len + 4]; | 238 | char aes_salt[salt_len + 4]; |
224 | char twofish_salt[salt_len + 4]; | 239 | char twofish_salt[salt_len + 4]; |
225 | 240 | ||
226 | GNUNET_memcpy(aes_salt, salt, salt_len); | 241 | GNUNET_memcpy (aes_salt, salt, salt_len); |
227 | GNUNET_memcpy(&aes_salt[salt_len], "AES!", 4); | 242 | GNUNET_memcpy (&aes_salt[salt_len], "AES!", 4); |
228 | GNUNET_memcpy(twofish_salt, salt, salt_len); | 243 | GNUNET_memcpy (twofish_salt, salt, salt_len); |
229 | GNUNET_memcpy(&twofish_salt[salt_len], "FISH", 4); | 244 | GNUNET_memcpy (&twofish_salt[salt_len], "FISH", 4); |
230 | GNUNET_CRYPTO_kdf_v(iv->aes_iv, | 245 | GNUNET_CRYPTO_kdf_v (iv->aes_iv, |
231 | sizeof(iv->aes_iv), | 246 | sizeof(iv->aes_iv), |
232 | aes_salt, | 247 | aes_salt, |
233 | salt_len + 4, | 248 | salt_len + 4, |
234 | skey->aes_key, | 249 | skey->aes_key, |
235 | sizeof(skey->aes_key), | 250 | sizeof(skey->aes_key), |
236 | argp); | 251 | argp); |
237 | GNUNET_CRYPTO_kdf_v(iv->twofish_iv, | 252 | GNUNET_CRYPTO_kdf_v (iv->twofish_iv, |
238 | sizeof(iv->twofish_iv), | 253 | sizeof(iv->twofish_iv), |
239 | twofish_salt, | 254 | twofish_salt, |
240 | salt_len + 4, | 255 | salt_len + 4, |
241 | skey->twofish_key, | 256 | skey->twofish_key, |
242 | sizeof(skey->twofish_key), | 257 | sizeof(skey->twofish_key), |
243 | argp); | 258 | argp); |
244 | } | 259 | } |
245 | 260 | ||
246 | /* end of crypto_symmetric.c */ | 261 | /* end of crypto_symmetric.c */ |