3 files changed, 509 insertions, 1 deletions

diff --git a/src/util/Makefile.am b/src/util/Makefile.am
index c26e3e84b..cc9ff4745 100644
--- a/src/util/Makefile.am
+++ b/src/util/Makefile.am
@@ -119,11 +119,22 @@ libgnunetutil_la_LIBADD = \
   $(LTLIBINTL) \
   -lltdl $(Z_LIBS) -lunistring $(XLIB)
 
+if HAVE_PBC
+if HAVE_ABE
+libgnunetutil_la_SOURCES += \
+        crypto_abe.c
+libgnunetutil_la_LIBADD += \
+  $(ABE_LIBADD) \
+        -lgabe \
+        -lpbc \
+        -lglib-2.0
+endif
+endif
+
 libgnunetutil_la_LDFLAGS = \
   $(GN_LIB_LDFLAGS) \
   -version-info 13:0:0
 
-
 libgnunetutil_taler_wallet_la_SOURCES = \
   common_allocation.c \
   common_endian.c \
@@ -553,6 +564,17 @@ test_speedup_SOURCES = \
 test_speedup_LDADD = \
  libgnunetutil.la
 
+if HAVE_PBC
+if HAVE_ABE
+test_crypto_abe_SOURCES = \
+ test_crypto_abe.c
+test_crypto_abe_LDADD = \
+ libgnunetutil.la
+check_PROGRAMS += \
+ test_crypto_abe
+endif
+endif
+
 perf_crypto_hash_SOURCES = \
  perf_crypto_hash.c
 perf_crypto_hash_LDADD = \
diff --git a/src/util/crypto_abe.c b/src/util/crypto_abe.c
new file mode 100644
index 000000000..899965159
--- /dev/null
+++ b/src/util/crypto_abe.c
@@ -0,0 +1,400 @@
+/*
+     This file is part of GNUnet.  Copyright (C) 2001-2014 Christian Grothoff
+     (and other contributing authors)
+
+     GNUnet is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published
+     by the Free Software Foundation; either version 3, or (at your
+     option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     General Public License for more details.
+
+     You should have received a copy of the GNU General Public License
+     along with GNUnet; see the file COPYING.  If not, write to the
+     Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA 02110-1301, USA.
+
+*/
+
+/**
+ * @file util/crypto_random.c
+ * @brief functions to gather random numbers
+ * @author Christian Grothoff
+ */
+
+
+#include "platform.h"
+#include <pbc/pbc.h>
+#include <gabe.h>
+
+#include "gnunet_crypto_lib.h"
+
+struct GNUNET_CRYPTO_AbeMasterKey
+{
+  gabe_pub_t* pub;
+  gabe_msk_t* msk;
+};
+
+struct GNUNET_CRYPTO_AbeKey
+{
+  gabe_pub_t* pub;
+  gabe_prv_t* prv;
+};
+
+static int
+init_aes( element_t k, int enc,
+          gcry_cipher_hd_t* handle,
+          struct GNUNET_CRYPTO_SymmetricSessionKey *key,
+          unsigned char* iv)
+{
+  int rc;
+  int key_len;
+  unsigned char* key_buf;
+  
+  key_len = element_length_in_bytes(k) < 33 ? 3 : element_length_in_bytes(k);
+  key_buf = (unsigned char*) malloc(key_len);
+  element_to_bytes(key_buf, k);
+
+  memcpy (key->aes_key, key_buf, GNUNET_CRYPTO_AES_KEY_LENGTH); 
+  GNUNET_assert (0 ==
+                 gcry_cipher_open (handle, GCRY_CIPHER_AES256,
+                                   GCRY_CIPHER_MODE_CFB, 0));
+  rc = gcry_cipher_setkey (*handle,
+                           key->aes_key,
+                           sizeof (key->aes_key));
+  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
+  memset (iv, 0, 16); //TODO make reasonable
+  rc = gcry_cipher_setiv (*handle,
+                          iv,
+                          16);
+  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
+
+  free(key_buf);
+  return rc;
+}
+
+static int
+aes_128_cbc_encrypt( char* pt,
+                     int size,
+                     element_t k,
+                     char **ct )
+{
+  gcry_cipher_hd_t handle;
+  struct GNUNET_CRYPTO_SymmetricSessionKey skey;
+  unsigned char iv[16];
+  char* buf;
+  int padding;
+  int buf_size;
+  uint8_t len[4];
+  init_aes(k, 1, &handle, &skey, iv);
+
+  /* TODO make less crufty */
+
+  /* stuff in real length (big endian) before padding */
+  len[0] = (size & 0xff000000)>>24;
+  len[1] = (size & 0xff0000)>>16;
+  len[2] = (size & 0xff00)>>8;
+  len[3] = (size & 0xff)>>0;
+  padding = 16 - ((4+size) % 16);
+  buf_size = 4 + size + padding;
+  buf = GNUNET_malloc (buf_size);
+  GNUNET_memcpy (buf, len, 4);
+  GNUNET_memcpy (buf+4, pt, size);
+  *ct = GNUNET_malloc (buf_size);
+
+  GNUNET_assert (0 == gcry_cipher_encrypt (handle, *ct, buf_size, buf, buf_size));
+  gcry_cipher_close (handle);
+  //AES_cbc_encrypt(pt->data, ct->data, pt->len, &key, iv, AES_ENCRYPT);
+
+  return buf_size;
+}
+
+static int
+aes_128_cbc_decrypt( char* ct,
+                     int size,
+                     element_t k,
+                     char **pt )
+{
+  struct GNUNET_CRYPTO_SymmetricSessionKey skey;
+  gcry_cipher_hd_t handle;
+  unsigned char iv[16];
+  char* tmp;
+  uint32_t len;
+  
+  init_aes(k, 1, &handle, &skey, iv);
+
+  tmp = GNUNET_malloc (size);
+
+  //AES_cbc_encrypt(ct->data, pt->data, ct->len, &key, iv, AES_DECRYPT);
+  GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, ct, size)); 
+  gcry_cipher_close (handle);
+  /* TODO make less crufty */
+  
+  /* get real length */
+  len = 0;
+  len = len
+    | ((tmp[0])<<24) | ((tmp[1])<<16)
+    | ((tmp[2])<<8)  | ((tmp[3])<<0);
+  /* truncate any garbage from the padding */
+  *pt = GNUNET_malloc (len);
+  GNUNET_memcpy (*pt, tmp+4, len);
+  GNUNET_free (tmp);
+  return len;
+}
+
+struct GNUNET_CRYPTO_AbeMasterKey*
+GNUNET_CRYPTO_cpabe_create_master_key (void)
+{
+  struct GNUNET_CRYPTO_AbeMasterKey* key;
+  key = GNUNET_new (struct GNUNET_CRYPTO_AbeMasterKey);
+  gabe_setup(&key->pub, &key->msk);
+  GNUNET_assert (NULL != key->pub);
+  GNUNET_assert (NULL != key->msk);
+  return key;
+}
+
+void
+GNUNET_CRYPTO_cpabe_delete_master_key (struct GNUNET_CRYPTO_AbeMasterKey *key)
+{
+  gabe_msk_free (key->msk); //For some reason free of pub implicit?
+  GNUNET_free (key);
+}
+
+struct GNUNET_CRYPTO_AbeKey*
+GNUNET_CRYPTO_cpabe_create_key (struct GNUNET_CRYPTO_AbeMasterKey *key,
+                             char **attrs)
+{
+  struct GNUNET_CRYPTO_AbeKey *prv_key;
+  int size;
+  char *tmp;
+  
+  prv_key = GNUNET_new (struct GNUNET_CRYPTO_AbeKey);
+  prv_key->prv = gabe_keygen(key->pub, key->msk, attrs);
+  size = gabe_pub_serialize(key->pub, &tmp);
+  prv_key->pub = gabe_pub_unserialize(tmp, size);
+  GNUNET_assert (NULL != prv_key->prv);
+  return prv_key;
+}
+
+void
+GNUNET_CRYPTO_cpabe_delete_key (struct GNUNET_CRYPTO_AbeKey *key)
+{
+  //Memory management in gabe is buggy
+  //gabe_prv_free (prv);
+  GNUNET_free (key);
+}
+
+ssize_t
+write_cpabe (void **result,
+             uint32_t file_len,
+             char* cph_buf,
+             int cph_buf_len,
+             char* aes_buf,
+             int aes_buf_len)
+{
+  char *ptr;
+  uint32_t *len;
+  
+  *result = GNUNET_malloc (12 + cph_buf_len + aes_buf_len);
+  ptr = *result;
+  len = (uint32_t*) ptr;
+  *len = htonl (file_len);
+  ptr += 4;
+  len = (uint32_t*) ptr;
+  *len = htonl (aes_buf_len);
+  ptr += 4;
+  memcpy (ptr, aes_buf, aes_buf_len);
+  ptr += aes_buf_len;
+  len = (uint32_t*) ptr;
+  *len = htonl (cph_buf_len);
+  ptr += 4;
+  memcpy (ptr, cph_buf, cph_buf_len);
+  return 12 + cph_buf_len + aes_buf_len;
+}
+
+ssize_t
+read_cpabe (const void *data,
+            char** cph_buf,
+            int *cph_buf_len,
+            char** aes_buf,
+            int *aes_buf_len)
+{
+  int buf_len;
+  char *ptr;
+  uint32_t *len;
+
+  ptr = (char*)data;
+  len = (uint32_t*)ptr;
+  buf_len = ntohl (*len);
+  ptr += 4;
+  len = (uint32_t*)ptr;
+  *aes_buf_len = ntohl (*len);
+  ptr += 4;
+  *aes_buf = GNUNET_malloc (*aes_buf_len);
+  memcpy(*aes_buf, ptr, *aes_buf_len);
+  ptr += *aes_buf_len;
+  len = (uint32_t*)ptr;
+  *cph_buf_len = ntohl (*len);
+  ptr += 4;
+  *cph_buf = GNUNET_malloc (*cph_buf_len);
+  memcpy(*cph_buf, ptr, *cph_buf_len);
+
+  return buf_len;
+}
+
+ssize_t
+GNUNET_CRYPTO_cpabe_encrypt (const void *block,
+                             size_t size,
+                             const char *policy,
+                             const struct GNUNET_CRYPTO_AbeMasterKey *key,
+                             void **result)
+{
+  gabe_cph_t* cph;
+  char* plt;
+  char* cph_buf;
+  char* aes_buf;
+  element_t m;
+  int cph_buf_len;
+  int aes_buf_len;
+  ssize_t result_len;
+
+  if( !(cph = gabe_enc(key->pub, m, (char*)policy)) )
+    return GNUNET_SYSERR;
+  cph_buf_len = gabe_cph_serialize(cph,
+                                &cph_buf);
+  gabe_cph_free(cph);
+  plt = GNUNET_memdup (block, size);
+  aes_buf_len = aes_128_cbc_encrypt(plt, size, m, &aes_buf);
+  GNUNET_free (plt);
+  element_clear(m);
+  result_len = write_cpabe(result, size, cph_buf, cph_buf_len, aes_buf, aes_buf_len);
+  GNUNET_free(cph_buf);
+  GNUNET_free(aes_buf);
+  return result_len;
+}
+
+ssize_t
+GNUNET_CRYPTO_cpabe_decrypt (const void *block,
+                             size_t size,
+                             const struct GNUNET_CRYPTO_AbeKey *key,
+                             void **result)
+{
+  char* aes_buf;
+  char* cph_buf;
+  gabe_cph_t* cph;
+  element_t m;
+  int cph_buf_size;
+  int aes_buf_size;
+  int plt_len;
+
+  read_cpabe(block, &cph_buf, &cph_buf_size, &aes_buf, &aes_buf_size);
+  cph = gabe_cph_unserialize(key->pub, cph_buf, cph_buf_size);
+  if( !gabe_dec(key->pub, key->prv, cph, m) ) {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "%s\n", gabe_error());
+    gabe_cph_free(cph);
+    return GNUNET_SYSERR;
+  }
+  gabe_cph_free(cph);
+  plt_len = aes_128_cbc_decrypt(aes_buf, aes_buf_size, m, (char**)result);
+  //freeing is buggy in gabe
+  //gabe_prv_free (prv);
+  //gabe_pub_free (pub);
+  return plt_len;
+}
+
+ssize_t
+GNUNET_CRYPTO_cpabe_serialize_key (const struct GNUNET_CRYPTO_AbeKey *key,
+                                   void **result)
+{
+  ssize_t len;
+  char *pub;
+  char *prv;
+  int pub_len;
+  int prv_len;
+
+  pub_len = gabe_pub_serialize (key->pub, &pub);
+  prv_len = gabe_prv_serialize (key->prv, &prv);
+
+  len = pub_len + prv_len + 12;
+  write_cpabe (result, len, pub, pub_len, prv, prv_len);
+
+  GNUNET_free (pub);
+  GNUNET_free (prv);
+
+  return len;
+}
+
+struct GNUNET_CRYPTO_AbeKey*
+GNUNET_CRYPTO_cpabe_deserialize_key (const void *data,
+                                     size_t len)
+{
+  struct GNUNET_CRYPTO_AbeKey *key;
+  char *pub;
+  char *prv;
+  int prv_len;
+  int pub_len;
+
+  key = GNUNET_new (struct GNUNET_CRYPTO_AbeKey);
+  read_cpabe (data,
+              &pub,
+              &pub_len,
+              &prv,
+              &prv_len);
+  key->pub = gabe_pub_unserialize (pub, pub_len);
+  key->prv = gabe_prv_unserialize (key->pub, prv, prv_len);
+  
+  GNUNET_free (pub);
+  GNUNET_free (prv);
+  return key;
+}
+
+ssize_t
+GNUNET_CRYPTO_cpabe_serialize_master_key (const struct GNUNET_CRYPTO_AbeMasterKey *key,
+                                          void **result)
+{
+  ssize_t len;
+  char *pub;
+  char *msk;
+  int pub_len;
+  int msk_len;
+
+  pub_len = gabe_pub_serialize (key->pub, &pub);
+  msk_len = gabe_msk_serialize (key->msk, &msk);
+
+  len = pub_len + msk_len + 12;
+  write_cpabe (result, len, pub, pub_len, msk, msk_len);
+
+  GNUNET_free (pub);
+  GNUNET_free (msk);
+
+  return len;
+}
+
+struct GNUNET_CRYPTO_AbeMasterKey*
+GNUNET_CRYPTO_cpabe_deserialize_master_key (const void *data,
+                                            size_t len)
+{
+  struct GNUNET_CRYPTO_AbeMasterKey *key;
+  char *msk;
+  char *pub;
+  int msk_len;
+  int pub_len;
+
+  key = GNUNET_new (struct GNUNET_CRYPTO_AbeMasterKey);
+  read_cpabe (data,
+              &pub,
+              &pub_len,
+              &msk,
+              &msk_len);
+  key->pub = gabe_pub_unserialize (pub, pub_len);
+  key->msk = gabe_msk_unserialize (key->pub, msk, msk_len);
+  
+  GNUNET_free (pub);
+  GNUNET_free (msk);
+
+  return key;
+}
diff --git a/src/util/test_crypto_abe.c b/src/util/test_crypto_abe.c
new file mode 100644
index 000000000..cb36dccae
--- /dev/null
+++ b/src/util/test_crypto_abe.c
@@ -0,0 +1,86 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2002, 2003, 2004, 2006 GNUnet e.V.
+
+     GNUnet is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published
+     by the Free Software Foundation; either version 3, or (at your
+     option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     General Public License for more details.
+
+     You should have received a copy of the GNU General Public License
+     along with GNUnet; see the file COPYING.  If not, write to the
+     Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA 02110-1301, USA.
+
+*/
+/**
+ * @author Martin Schanzenbach
+ * @file util/test_crypto_abe.c
+ * @brief test for ABE ciphers
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+
+#define TESTSTRING "Hello World!"
+
+static int
+testAbecipher ()
+{
+  struct GNUNET_CRYPTO_AbeMasterKey *msk;
+  struct GNUNET_CRYPTO_AbeKey *key;
+  char *result;
+  char **attrs;
+  int size;
+  char *res;
+  msk = GNUNET_CRYPTO_cpabe_create_master_key ();
+  size = GNUNET_CRYPTO_cpabe_encrypt (TESTSTRING, strlen (TESTSTRING) + 1,
+                                      "testattr", //Policy
+                                      msk,
+                                      (void*)&result);
+  GNUNET_assert (-1 != size);
+  attrs = GNUNET_malloc (2 * sizeof (char*));
+  attrs[0] = "testattr";
+  attrs[1] = NULL;
+  key = GNUNET_CRYPTO_cpabe_create_key (msk,
+                                        attrs);
+
+  size = GNUNET_CRYPTO_cpabe_decrypt (result, size,
+                                      key,
+                                      (void*)&res);
+  if (strlen (TESTSTRING) + 1 != size)
+  {
+    printf ("abeciphertest failed: decryptBlock returned %d\n", size);
+    return 1;
+  }
+  if (0 != strcmp (res, TESTSTRING))
+  {
+    printf ("abeciphertest failed: %s != %s\n", res, TESTSTRING);
+    return 1;
+  }
+  else
+    return 0;
+}
+
+
+int
+main (int argc, char *argv[])
+{
+  int failureCount = 0;
+
+  GNUNET_log_setup ("test-crypto-abe", "WARNING", NULL);
+  failureCount += testAbecipher ();
+
+  if (failureCount != 0)
+  {
+    printf ("%d TESTS FAILED!\n", failureCount);
+    return -1;
+  }
+  return 0;
+}
+
+/* end of test_crypto_aes.c */