diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/identity/gnunet-identity.c | 29 | ||||
| -rw-r--r-- | src/identity/identity_api.c | 37 | ||||
| -rw-r--r-- | src/identity/test_identity.c | 20 | ||||
| -rw-r--r-- | src/include/gnunet_identity_service.h | 21 |
4 files changed, 62 insertions, 45 deletions
diff --git a/src/identity/gnunet-identity.c b/src/identity/gnunet-identity.c index 59354a2e1..7adc86eb8 100644 --- a/src/identity/gnunet-identity.c +++ b/src/identity/gnunet-identity.c | |||
| @@ -259,20 +259,20 @@ static void | |||
| 259 | write_encrypted_message (void) | 259 | write_encrypted_message (void) |
| 260 | { | 260 | { |
| 261 | struct GNUNET_IDENTITY_PublicKey recipient; | 261 | struct GNUNET_IDENTITY_PublicKey recipient; |
| 262 | unsigned char ct[strlen (write_msg) + 1024]; | 262 | size_t ct_len = strlen (write_msg) + 1 |
| 263 | + GNUNET_IDENTITY_ENCRYPT_OVERHEAD_BYTES; | ||
| 264 | unsigned char ct[ct_len]; | ||
| 263 | if (GNUNET_IDENTITY_public_key_from_string (pubkey_msg, &recipient) != | 265 | if (GNUNET_IDENTITY_public_key_from_string (pubkey_msg, &recipient) != |
| 264 | GNUNET_SYSERR) | 266 | GNUNET_SYSERR) |
| 265 | { | 267 | { |
| 266 | size_t msg_len = strlen (write_msg) + 1; | 268 | size_t msg_len = strlen (write_msg) + 1; |
| 267 | ssize_t res = GNUNET_IDENTITY_encrypt (write_msg, | 269 | if (GNUNET_OK == GNUNET_IDENTITY_encrypt (write_msg, |
| 268 | msg_len, | 270 | msg_len, |
| 269 | &recipient, | 271 | &recipient, |
| 270 | ct, strlen (write_msg) + 1024); | 272 | ct, ct_len)) |
| 271 | if (-1 != res) | ||
| 272 | { | 273 | { |
| 273 | char *serialized_msg; | 274 | char *serialized_msg; |
| 274 | serialized_msg = GNUNET_STRINGS_data_to_string_alloc (ct, | 275 | serialized_msg = GNUNET_STRINGS_data_to_string_alloc (ct, ct_len); |
| 275 | res); | ||
| 276 | fprintf (stdout, | 276 | fprintf (stdout, |
| 277 | "%s\n", | 277 | "%s\n", |
| 278 | serialized_msg); | 278 | serialized_msg); |
| @@ -309,14 +309,13 @@ read_encrypted_message (struct GNUNET_IDENTITY_Ego *ego) | |||
| 309 | deserialized_msg, | 309 | deserialized_msg, |
| 310 | &msg_len)) | 310 | &msg_len)) |
| 311 | { | 311 | { |
| 312 | ssize_t res = GNUNET_IDENTITY_decrypt (deserialized_msg, | 312 | if (GNUNET_OK == GNUNET_IDENTITY_decrypt (deserialized_msg, |
| 313 | msg_len, | 313 | msg_len, |
| 314 | GNUNET_IDENTITY_ego_get_private_key ( | 314 | GNUNET_IDENTITY_ego_get_private_key ( |
| 315 | ego), | 315 | ego), |
| 316 | deserialized_msg, msg_len); | 316 | deserialized_msg, msg_len)) |
| 317 | if (-1 != res) | ||
| 318 | { | 317 | { |
| 319 | deserialized_msg[res - 1] = '\0'; | 318 | deserialized_msg[msg_len - 1] = '\0'; |
| 320 | fprintf (stdout, | 319 | fprintf (stdout, |
| 321 | "%s\n", | 320 | "%s\n", |
| 322 | deserialized_msg); | 321 | deserialized_msg); |
diff --git a/src/identity/identity_api.c b/src/identity/identity_api.c index 8a7e5c10b..81e318d19 100644 --- a/src/identity/identity_api.c +++ b/src/identity/identity_api.c | |||
| @@ -1174,7 +1174,7 @@ GNUNET_IDENTITY_encrypt_old (const void *block, | |||
| 1174 | } | 1174 | } |
| 1175 | 1175 | ||
| 1176 | 1176 | ||
| 1177 | ssize_t | 1177 | enum GNUNET_GenericReturnValue |
| 1178 | GNUNET_IDENTITY_encrypt (const void *pt, | 1178 | GNUNET_IDENTITY_encrypt (const void *pt, |
| 1179 | size_t pt_size, | 1179 | size_t pt_size, |
| 1180 | const struct GNUNET_IDENTITY_PublicKey *pub, | 1180 | const struct GNUNET_IDENTITY_PublicKey *pub, |
| @@ -1187,33 +1187,40 @@ GNUNET_IDENTITY_encrypt (const void *pt, | |||
| 1187 | unsigned char nonce[crypto_secretbox_NONCEBYTES]; | 1187 | unsigned char nonce[crypto_secretbox_NONCEBYTES]; |
| 1188 | unsigned char key[crypto_secretbox_KEYBYTES]; | 1188 | unsigned char key[crypto_secretbox_KEYBYTES]; |
| 1189 | 1189 | ||
| 1190 | if (ct_size < pt_size + GNUNET_IDENTITY_ENCRYPT_OVERHEAD_BYTES) | ||
| 1191 | { | ||
| 1192 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
| 1193 | "Output buffer size for ciphertext too small: Got %lu, want >=%lu\n", | ||
| 1194 | ct_size, pt_size + GNUNET_IDENTITY_ENCRYPT_OVERHEAD_BYTES); | ||
| 1195 | return GNUNET_SYSERR; | ||
| 1196 | } | ||
| 1190 | switch (ntohl (pub->type)) | 1197 | switch (ntohl (pub->type)) |
| 1191 | { | 1198 | { |
| 1192 | case GNUNET_IDENTITY_TYPE_ECDSA: | 1199 | case GNUNET_IDENTITY_TYPE_ECDSA: |
| 1193 | if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_fo_kem_encaps (&(pub->ecdsa_key), | 1200 | if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_fo_kem_encaps (&(pub->ecdsa_key), |
| 1194 | kemc, | 1201 | kemc, |
| 1195 | &k)) | 1202 | &k)) |
| 1196 | return -1; | 1203 | return GNUNET_SYSERR; |
| 1197 | break; | 1204 | break; |
| 1198 | case GNUNET_IDENTITY_TYPE_EDDSA: | 1205 | case GNUNET_IDENTITY_TYPE_EDDSA: |
| 1199 | if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_fo_kem_encaps (&pub->eddsa_key, | 1206 | if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_fo_kem_encaps (&pub->eddsa_key, |
| 1200 | kemc, | 1207 | kemc, |
| 1201 | &k)) | 1208 | &k)) |
| 1202 | return -1; | 1209 | return GNUNET_SYSERR; |
| 1203 | break; | 1210 | break; |
| 1204 | default: | 1211 | default: |
| 1205 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unsupported key type\n"); | 1212 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unsupported key type\n"); |
| 1206 | return -1; | 1213 | return GNUNET_SYSERR; |
| 1207 | } | 1214 | } |
| 1208 | memcpy (key, &k, crypto_secretbox_KEYBYTES); | 1215 | memcpy (key, &k, crypto_secretbox_KEYBYTES); |
| 1209 | memcpy (nonce, ((char* ) &k) + crypto_secretbox_KEYBYTES, | 1216 | memcpy (nonce, ((char* ) &k) + crypto_secretbox_KEYBYTES, |
| 1210 | crypto_secretbox_NONCEBYTES); | 1217 | crypto_secretbox_NONCEBYTES); |
| 1211 | crypto_secretbox_easy (encrypted_data, pt, pt_size, nonce, key); | 1218 | crypto_secretbox_easy (encrypted_data, pt, pt_size, nonce, key); |
| 1212 | return pt_size + crypto_secretbox_MACBYTES + sizeof (*kemc); | 1219 | return GNUNET_OK; |
| 1213 | } | 1220 | } |
| 1214 | 1221 | ||
| 1215 | 1222 | ||
| 1216 | ssize_t | 1223 | enum GNUNET_GenericReturnValue |
| 1217 | GNUNET_IDENTITY_decrypt (const void *ct_buf, | 1224 | GNUNET_IDENTITY_decrypt (const void *ct_buf, |
| 1218 | size_t ct_size, | 1225 | size_t ct_size, |
| 1219 | const struct GNUNET_IDENTITY_PrivateKey *priv, | 1226 | const struct GNUNET_IDENTITY_PrivateKey *priv, |
| @@ -1225,31 +1232,39 @@ GNUNET_IDENTITY_decrypt (const void *ct_buf, | |||
| 1225 | unsigned char *encrypted_data = (unsigned char*) &kemc[1]; | 1232 | unsigned char *encrypted_data = (unsigned char*) &kemc[1]; |
| 1226 | unsigned char nonce[crypto_secretbox_NONCEBYTES]; | 1233 | unsigned char nonce[crypto_secretbox_NONCEBYTES]; |
| 1227 | unsigned char key[crypto_secretbox_KEYBYTES]; | 1234 | unsigned char key[crypto_secretbox_KEYBYTES]; |
| 1235 | size_t expected_pt_len = ct_size - GNUNET_IDENTITY_ENCRYPT_OVERHEAD_BYTES; | ||
| 1228 | 1236 | ||
| 1237 | if (pt_size < expected_pt_len) | ||
| 1238 | { | ||
| 1239 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
| 1240 | "Output buffer size for plaintext too small: Got %lu, want >=%lu\n", | ||
| 1241 | pt_size, expected_pt_len); | ||
| 1242 | return GNUNET_SYSERR; | ||
| 1243 | } | ||
| 1229 | switch (ntohl (priv->type)) | 1244 | switch (ntohl (priv->type)) |
| 1230 | { | 1245 | { |
| 1231 | case GNUNET_IDENTITY_TYPE_ECDSA: | 1246 | case GNUNET_IDENTITY_TYPE_ECDSA: |
| 1232 | if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_fo_kem_decaps (&(priv->ecdsa_key), | 1247 | if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_fo_kem_decaps (&(priv->ecdsa_key), |
| 1233 | kemc, | 1248 | kemc, |
| 1234 | &k)) | 1249 | &k)) |
| 1235 | return -1; | 1250 | return GNUNET_SYSERR; |
| 1236 | break; | 1251 | break; |
| 1237 | case GNUNET_IDENTITY_TYPE_EDDSA: | 1252 | case GNUNET_IDENTITY_TYPE_EDDSA: |
| 1238 | if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_fo_kem_decaps (&(priv->eddsa_key), | 1253 | if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_fo_kem_decaps (&(priv->eddsa_key), |
| 1239 | kemc, | 1254 | kemc, |
| 1240 | &k)) | 1255 | &k)) |
| 1241 | return -1; | 1256 | return GNUNET_SYSERR; |
| 1242 | break; | 1257 | break; |
| 1243 | default: | 1258 | default: |
| 1244 | return -1; | 1259 | return GNUNET_SYSERR; |
| 1245 | } | 1260 | } |
| 1246 | memcpy (key, &k, crypto_secretbox_KEYBYTES); | 1261 | memcpy (key, &k, crypto_secretbox_KEYBYTES); |
| 1247 | memcpy (nonce, ((char* ) &k) + crypto_secretbox_KEYBYTES, | 1262 | memcpy (nonce, ((char* ) &k) + crypto_secretbox_KEYBYTES, |
| 1248 | crypto_secretbox_NONCEBYTES); | 1263 | crypto_secretbox_NONCEBYTES); |
| 1249 | if (crypto_secretbox_open_easy (pt, encrypted_data, ct_size - sizeof (*kemc), | 1264 | if (crypto_secretbox_open_easy (pt, encrypted_data, ct_size - sizeof (*kemc), |
| 1250 | nonce, key)) | 1265 | nonce, key)) |
| 1251 | return -1; | 1266 | return GNUNET_SYSERR; |
| 1252 | return ct_size - sizeof (*kemc) - crypto_secretbox_MACBYTES; | 1267 | return GNUNET_OK; |
| 1253 | } | 1268 | } |
| 1254 | 1269 | ||
| 1255 | 1270 | ||
diff --git a/src/identity/test_identity.c b/src/identity/test_identity.c index b9ec59ab3..92c074981 100644 --- a/src/identity/test_identity.c +++ b/src/identity/test_identity.c | |||
| @@ -259,16 +259,20 @@ create_cb (void *cls, | |||
| 259 | CHECK (NULL != pk); | 259 | CHECK (NULL != pk); |
| 260 | CHECK (GNUNET_EC_NONE == ec); | 260 | CHECK (GNUNET_EC_NONE == ec); |
| 261 | struct GNUNET_IDENTITY_PublicKey pub; | 261 | struct GNUNET_IDENTITY_PublicKey pub; |
| 262 | unsigned char ct[1024]; | 262 | size_t pt_len = strlen ("test") + 1; |
| 263 | char pt[strlen ("test") + 1]; | 263 | unsigned char ct[pt_len + GNUNET_IDENTITY_ENCRYPT_OVERHEAD_BYTES]; |
| 264 | ssize_t len; | 264 | char pt[pt_len]; |
| 265 | enum GNUNET_GenericReturnValue res; | ||
| 265 | 266 | ||
| 266 | GNUNET_IDENTITY_key_get_public (pk, &pub); | 267 | GNUNET_IDENTITY_key_get_public (pk, &pub); |
| 267 | len = GNUNET_IDENTITY_encrypt ("test", strlen ("test") + 1, &pub, ct, | 268 | res = GNUNET_IDENTITY_encrypt ("test", pt_len, &pub, ct, |
| 268 | sizeof(ct)); | 269 | pt_len |
| 269 | CHECK (-1 != len); | 270 | + GNUNET_IDENTITY_ENCRYPT_OVERHEAD_BYTES); |
| 270 | GNUNET_IDENTITY_decrypt (ct, len, pk, pt, sizeof (pt)); | 271 | CHECK (GNUNET_OK == res); |
| 271 | CHECK (-1 != len); | 272 | res = GNUNET_IDENTITY_decrypt (ct, pt_len |
| 273 | + GNUNET_IDENTITY_ENCRYPT_OVERHEAD_BYTES, | ||
| 274 | pk, pt, pt_len); | ||
| 275 | CHECK (GNUNET_OK == res); | ||
| 272 | CHECK (0 == strcmp (pt, "test")); | 276 | CHECK (0 == strcmp (pt, "test")); |
| 273 | op = | 277 | op = |
| 274 | GNUNET_IDENTITY_rename (h, "test-id", "test", &success_rename_cont, NULL); | 278 | GNUNET_IDENTITY_rename (h, "test-id", "test", &success_rename_cont, NULL); |
diff --git a/src/include/gnunet_identity_service.h b/src/include/gnunet_identity_service.h index db39a92eb..fd0458f62 100644 --- a/src/include/gnunet_identity_service.h +++ b/src/include/gnunet_identity_service.h | |||
| @@ -45,6 +45,7 @@ | |||
| 45 | #ifndef GNUNET_IDENTITY_SERVICE_H | 45 | #ifndef GNUNET_IDENTITY_SERVICE_H |
| 46 | #define GNUNET_IDENTITY_SERVICE_H | 46 | #define GNUNET_IDENTITY_SERVICE_H |
| 47 | 47 | ||
| 48 | #include "gnunet_common.h" | ||
| 48 | #ifdef __cplusplus | 49 | #ifdef __cplusplus |
| 49 | extern "C" { | 50 | extern "C" { |
| 50 | #if 0 /* keep Emacsens' auto-indent happy */ | 51 | #if 0 /* keep Emacsens' auto-indent happy */ |
| @@ -750,26 +751,26 @@ GNUNET_IDENTITY_decrypt_old ( | |||
| 750 | const struct GNUNET_CRYPTO_EcdhePublicKey *ecc, | 751 | const struct GNUNET_CRYPTO_EcdhePublicKey *ecc, |
| 751 | void *result); | 752 | void *result); |
| 752 | 753 | ||
| 754 | #define GNUNET_IDENTITY_ENCRYPT_OVERHEAD_BYTES (crypto_secretbox_MACBYTES \ | ||
| 755 | + sizeof (struct \ | ||
| 756 | GNUNET_CRYPTO_FoKemC)) | ||
| 757 | |||
| 753 | /** | 758 | /** |
| 754 | * Encrypt a block with #GNUNET_IDENTITY_PublicKey and derives a | 759 | * Encrypt a block with #GNUNET_IDENTITY_PublicKey and derives a |
| 755 | * #GNUNET_CRYPTO_EcdhePublicKey which is required for decryption | 760 | * #GNUNET_CRYPTO_EcdhePublicKey which is required for decryption |
| 756 | * using ecdh to derive a symmetric key. | 761 | * using ecdh to derive a symmetric key. |
| 757 | * | 762 | * |
| 758 | * Note that the result buffer for the ciphertext must be the length of | 763 | * Note that the result buffer for the ciphertext must be the length of |
| 759 | * the message to encrypt plus: | 764 | * the message to encrypt plus #GNUNET_IDENTITY_ENCRYPT_OVERHEAD_BYTES. |
| 760 | * - Length of a struct GNUNET_CRYPTO_FoKemC | ||
| 761 | * - the authentication tag of libsodium, e.g. crypto_secretbox_NONCEBYTES | ||
| 762 | * | 765 | * |
| 763 | * @param block the block to encrypt | 766 | * @param block the block to encrypt |
| 764 | * @param size the size of the @a block | 767 | * @param size the size of the @a block |
| 765 | * @param pub public key to encrypt for | 768 | * @param pub public key to encrypt for |
| 766 | * @param result the output parameter in which to store the encrypted result | 769 | * @param result the output parameter in which to store the encrypted result |
| 767 | * can be the same or overlap with @c block | 770 | * can be the same or overlap with @c block |
| 768 | * @returns the size of the encrypted block, -1 for errors. | 771 | * @returns GNUNET_OK on success. |
| 769 | * Due to the use of CFB and therefore an effective stream cipher, | ||
| 770 | * this size should be the same as @c len. | ||
| 771 | */ | 772 | */ |
| 772 | ssize_t | 773 | enum GNUNET_GenericReturnValue |
| 773 | GNUNET_IDENTITY_encrypt (const void *block, | 774 | GNUNET_IDENTITY_encrypt (const void *block, |
| 774 | size_t size, | 775 | size_t size, |
| 775 | const struct GNUNET_IDENTITY_PublicKey *pub, | 776 | const struct GNUNET_IDENTITY_PublicKey *pub, |
| @@ -786,11 +787,9 @@ GNUNET_IDENTITY_encrypt (const void *block, | |||
| 786 | * @param priv private key to use for ecdh | 787 | * @param priv private key to use for ecdh |
| 787 | * @param result address to store the result at | 788 | * @param result address to store the result at |
| 788 | * can be the same or overlap with @c block | 789 | * can be the same or overlap with @c block |
| 789 | * @return -1 on failure, size of decrypted block on success. | 790 | * @returns GNUNET_OK on success. |
| 790 | * Due to the use of CFB and therefore an effective stream cipher, | ||
| 791 | * this size should be the same as @c size. | ||
| 792 | */ | 791 | */ |
| 793 | ssize_t | 792 | enum GNUNET_GenericReturnValue |
| 794 | GNUNET_IDENTITY_decrypt (const void *block, | 793 | GNUNET_IDENTITY_decrypt (const void *block, |
| 795 | size_t size, | 794 | size_t size, |
| 796 | const struct GNUNET_IDENTITY_PrivateKey *priv, | 795 | const struct GNUNET_IDENTITY_PrivateKey *priv, |