From 05ef63d9f8cf65561b7ed2234efdc80e3fb40bd0 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Mon, 30 Sep 2013 11:22:48 +0000 Subject: -encrypt using both AES and TWOFISH, with independent symmetric keys --- src/core/gnunet-service-core_kx.c | 8 +- src/include/gnunet_crypto_lib.h | 16 ++- src/util/Makefile.am | 13 ++- src/util/crypto_aes.c | 110 ++++++++++++++++----- src/util/crypto_hash.c | 64 ++++++------ src/util/crypto_hkdf.c | 6 +- src/util/crypto_kdf.c | 12 +-- src/util/perf_crypto_aes.c | 76 +++++++++++++++ src/util/test_crypto_aes.c | 44 +++++---- src/util/test_crypto_aes_weak.c | 198 -------------------------------------- src/util/test_crypto_hash.c | 5 - 11 files changed, 254 insertions(+), 298 deletions(-) create mode 100644 src/util/perf_crypto_aes.c delete mode 100644 src/util/test_crypto_aes_weak.c diff --git a/src/core/gnunet-service-core_kx.c b/src/core/gnunet-service-core_kx.c index 19c8d7710..bf5e9a5fa 100644 --- a/src/core/gnunet-service-core_kx.c +++ b/src/core/gnunet-service-core_kx.c @@ -429,9 +429,11 @@ derive_auth_key (struct GNUNET_CRYPTO_AuthKey *akey, { static const char ctx[] = "authentication key"; - GNUNET_CRYPTO_hmac_derive_key (akey, skey, &seed, sizeof (seed), &skey->key, - sizeof (skey->key), ctx, - sizeof (ctx), NULL); + GNUNET_CRYPTO_hmac_derive_key (akey, skey, + &seed, sizeof (seed), + skey, sizeof (struct GNUNET_CRYPTO_AesSessionKey), + ctx, sizeof (ctx), + NULL); } diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 9b065e747..b8e38a2a2 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h @@ -212,22 +212,30 @@ struct GNUNET_CRYPTO_EccPrivateKey struct GNUNET_CRYPTO_AesSessionKey { /** - * Actual key. + * Actual key for AES. */ - unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH]; + unsigned char aes_key[GNUNET_CRYPTO_AES_KEY_LENGTH]; + + /** + * Actual key for TwoFish. + */ + unsigned char twofish_key[GNUNET_CRYPTO_AES_KEY_LENGTH]; }; + GNUNET_NETWORK_STRUCT_END /** * @brief IV for sym cipher * * NOTE: must be smaller (!) in size than the - * struct GNUNET_HashCode. + * `struct GNUNET_HashCode`. */ struct GNUNET_CRYPTO_AesInitializationVector { - unsigned char iv[GNUNET_CRYPTO_AES_KEY_LENGTH / 2]; + unsigned char aes_iv[GNUNET_CRYPTO_AES_KEY_LENGTH / 2]; + + unsigned char twofish_iv[GNUNET_CRYPTO_AES_KEY_LENGTH / 2]; }; diff --git a/src/util/Makefile.am b/src/util/Makefile.am index ca91f94f1..6c1d8d785 100644 --- a/src/util/Makefile.am +++ b/src/util/Makefile.am @@ -189,6 +189,7 @@ libgnunet_plugin_test_la_LDFLAGS = \ if HAVE_BENCHMARKS BENCHMARKS = \ perf_crypto_hash \ + perf_crypto_aes \ perf_malloc endif @@ -206,7 +207,6 @@ check_PROGRAMS = \ test_container_heap \ test_container_slist \ test_crypto_aes \ - test_crypto_aes_weak \ test_crypto_crc \ test_crypto_ecc \ test_crypto_hash \ @@ -325,12 +325,6 @@ test_crypto_aes_SOURCES = \ test_crypto_aes_LDADD = \ $(top_builddir)/src/util/libgnunetutil.la -test_crypto_aes_weak_SOURCES = \ - test_crypto_aes_weak.c -test_crypto_aes_weak_LDADD = \ - $(top_builddir)/src/util/libgnunetutil.la \ - $(LIBGCRYPT_LIBS) - test_crypto_crc_SOURCES = \ test_crypto_crc.c test_crypto_crc_LDADD = \ @@ -500,6 +494,11 @@ perf_crypto_hash_SOURCES = \ perf_crypto_hash_LDADD = \ $(top_builddir)/src/util/libgnunetutil.la +perf_crypto_aes_SOURCES = \ + perf_crypto_aes.c +perf_crypto_aes_LDADD = \ + $(top_builddir)/src/util/libgnunetutil.la + perf_malloc_SOURCES = \ perf_malloc.c perf_malloc_LDADD = \ diff --git a/src/util/crypto_aes.c b/src/util/crypto_aes.c index f475494f8..91c578ab8 100644 --- a/src/util/crypto_aes.c +++ b/src/util/crypto_aes.c @@ -1,6 +1,6 @@ /* This file is part of GNUnet. - (C) 2001, 2002, 2003, 2004, 2005, 2006 Christian Grothoff (and other contributing authors) + (C) 2001, 2002, 2003, 2004, 2005, 2006, 2013 Christian Grothoff (and other contributing authors) GNUnet is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published @@ -20,7 +20,7 @@ /** * @file util/crypto_aes.c - * @brief Symmetric encryption services. + * @brief Symmetric encryption services; combined cipher AES+TWOFISH (256-bit each) * @author Christian Grothoff * @author Ioana Patrascu */ @@ -33,14 +33,18 @@ #define LOG(kind,...) GNUNET_log_from (kind, "util", __VA_ARGS__) /** - * Create a new SessionKey (for AES-256). + * Create a new SessionKey (for symmetric encryption). * * @param key session key to initialize */ void GNUNET_CRYPTO_aes_create_session_key (struct GNUNET_CRYPTO_AesSessionKey *key) { - gcry_randomize (&key->key[0], GNUNET_CRYPTO_AES_KEY_LENGTH, + gcry_randomize (key->aes_key, + GNUNET_CRYPTO_AES_KEY_LENGTH, + GCRY_STRONG_RANDOM); + gcry_randomize (key->twofish_key, + GNUNET_CRYPTO_AES_KEY_LENGTH, GCRY_STRONG_RANDOM); } @@ -54,22 +58,52 @@ GNUNET_CRYPTO_aes_create_session_key (struct GNUNET_CRYPTO_AesSessionKey *key) * @return #GNUNET_OK on success, #GNUNET_SYSERR on error */ static int -setup_cipher (gcry_cipher_hd_t *handle, - const struct GNUNET_CRYPTO_AesSessionKey * - sessionkey, - const struct GNUNET_CRYPTO_AesInitializationVector * - iv) +setup_cipher_aes (gcry_cipher_hd_t *handle, + const struct GNUNET_CRYPTO_AesSessionKey *sessionkey, + const struct GNUNET_CRYPTO_AesInitializationVector *iv) { int rc; GNUNET_assert (0 == gcry_cipher_open (handle, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CFB, 0)); - rc = gcry_cipher_setkey (*handle, sessionkey, GNUNET_CRYPTO_AES_KEY_LENGTH); + rc = gcry_cipher_setkey (*handle, + sessionkey->aes_key, + sizeof (sessionkey->aes_key)); GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); - rc = gcry_cipher_setiv (*handle, iv, - sizeof (struct - GNUNET_CRYPTO_AesInitializationVector)); + rc = gcry_cipher_setiv (*handle, + iv->aes_iv, + sizeof (iv->aes_iv)); + GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); + return GNUNET_OK; +} + + +/** + * Initialize TWOFISH cipher. + * + * @param handle handle to initialize + * @param sessionkey session key to use + * @param iv initialization vector to use + * @return #GNUNET_OK on success, #GNUNET_SYSERR on error + */ +static int +setup_cipher_twofish (gcry_cipher_hd_t *handle, + const struct GNUNET_CRYPTO_AesSessionKey *sessionkey, + const struct GNUNET_CRYPTO_AesInitializationVector *iv) +{ + int rc; + + GNUNET_assert (0 == + gcry_cipher_open (handle, GCRY_CIPHER_TWOFISH, + GCRY_CIPHER_MODE_CFB, 0)); + rc = gcry_cipher_setkey (*handle, + sessionkey->twofish_key, + sizeof (sessionkey->twofish_key)); + GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); + rc = gcry_cipher_setiv (*handle, + iv->twofish_iv, + sizeof (iv->twofish_iv)); GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); return GNUNET_OK; } @@ -80,7 +114,7 @@ setup_cipher (gcry_cipher_hd_t *handle, * host that uses the same cyper. * * @param block the block to encrypt - * @param len the size of the block + * @param len the size of the @a block * @param sessionkey the key used to encrypt * @param iv the initialization vector to use, use INITVALUE * for streams. @@ -95,11 +129,17 @@ GNUNET_CRYPTO_aes_encrypt (const void *block, size_t len, iv, void *result) { gcry_cipher_hd_t handle; + char tmp[len]; - if (GNUNET_OK != setup_cipher (&handle, sessionkey, iv)) + if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv)) + return -1; + GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, len, block, len)); + gcry_cipher_close (handle); + if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv)) return -1; - GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, len, block, len)); + GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, len, tmp, len)); gcry_cipher_close (handle); + memset (tmp, 0, sizeof (tmp)); return len; } @@ -108,7 +148,7 @@ GNUNET_CRYPTO_aes_encrypt (const void *block, size_t len, * Decrypt a given block with the sessionkey. * * @param block the data to decrypt, encoded as returned by encrypt - * @param size the size of the block to decrypt + * @param size the size of the @a block to decrypt * @param sessionkey the key used to decrypt * @param iv the initialization vector to use, use INITVALUE * for streams. @@ -117,17 +157,22 @@ GNUNET_CRYPTO_aes_encrypt (const void *block, size_t len, */ ssize_t GNUNET_CRYPTO_aes_decrypt (const void *block, size_t size, - const struct GNUNET_CRYPTO_AesSessionKey * - sessionkey, - const struct GNUNET_CRYPTO_AesInitializationVector * - iv, void *result) + const struct GNUNET_CRYPTO_AesSessionKey *sessionkey, + const struct GNUNET_CRYPTO_AesInitializationVector *iv, + void *result) { gcry_cipher_hd_t handle; + char tmp[size]; - if (GNUNET_OK != setup_cipher (&handle, sessionkey, iv)) + if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv)) return -1; - GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, block, size)); + GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, block, size)); gcry_cipher_close (handle); + if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv)) + return -1; + GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, tmp, size)); + gcry_cipher_close (handle); + memset (tmp, 0, sizeof (tmp)); return size; } @@ -138,7 +183,7 @@ GNUNET_CRYPTO_aes_decrypt (const void *block, size_t size, * @param iv initialization vector * @param skey session key * @param salt salt for the derivation - * @param salt_len size of the salt + * @param salt_len size of the @a salt * @param ... pairs of void * & size_t for context chunks, terminated by NULL */ void @@ -168,8 +213,21 @@ GNUNET_CRYPTO_aes_derive_iv_v (struct GNUNET_CRYPTO_AesInitializationVector *iv, const struct GNUNET_CRYPTO_AesSessionKey *skey, const void *salt, size_t salt_len, va_list argp) { - GNUNET_CRYPTO_kdf_v (iv->iv, sizeof (iv->iv), salt, salt_len, skey->key, - sizeof (skey->key), argp); + char aes_salt[salt_len + 4]; + char twofish_salt[salt_len + 4]; + + memcpy (aes_salt, salt, salt_len); + memcpy (&aes_salt[salt_len], "AES!", 4); + memcpy (twofish_salt, salt, salt_len); + memcpy (&twofish_salt[salt_len], "FISH", 4); + GNUNET_CRYPTO_kdf_v (iv->aes_iv, sizeof (iv->aes_iv), + aes_salt, salt_len + 4, + skey->aes_key, sizeof (skey->aes_key), + argp); + GNUNET_CRYPTO_kdf_v (iv->twofish_iv, sizeof (iv->twofish_iv), + twofish_salt, salt_len + 4, + skey->twofish_key, sizeof (skey->twofish_key), + argp); } /* end of crypto_aes.c */ diff --git a/src/util/crypto_hash.c b/src/util/crypto_hash.c index a5b97148b..47baf660f 100644 --- a/src/util/crypto_hash.c +++ b/src/util/crypto_hash.c @@ -252,7 +252,7 @@ GNUNET_CRYPTO_hash_file_cancel (struct GNUNET_CRYPTO_FileHashContext *fhc) * safely cast to char*, a '\\0' termination is set). */ void -GNUNET_CRYPTO_hash_to_enc (const struct GNUNET_HashCode * block, +GNUNET_CRYPTO_hash_to_enc (const struct GNUNET_HashCode *block, struct GNUNET_CRYPTO_HashAsciiEncoded *result) { char *np; @@ -270,13 +270,14 @@ GNUNET_CRYPTO_hash_to_enc (const struct GNUNET_HashCode * block, * Convert ASCII encoding back to hash code. * * @param enc the encoding - * @param enclen number of characters in 'enc' (without 0-terminator, which can be missing) + * @param enclen number of characters in @a enc (without 0-terminator, which can be missing) * @param result where to store the hash code - * @return GNUNET_OK on success, GNUNET_SYSERR if result has the wrong encoding + * @return #GNUNET_OK on success, #GNUNET_SYSERR if result has the wrong encoding */ int -GNUNET_CRYPTO_hash_from_string2 (const char *enc, size_t enclen, - struct GNUNET_HashCode * result) +GNUNET_CRYPTO_hash_from_string2 (const char *enc, + size_t enclen, + struct GNUNET_HashCode *result) { char upper_enc[enclen]; char* up_ptr = upper_enc; @@ -303,8 +304,8 @@ GNUNET_CRYPTO_hash_from_string2 (const char *enc, size_t enclen, * hashcode proximity. */ unsigned int -GNUNET_CRYPTO_hash_distance_u32 (const struct GNUNET_HashCode * a, - const struct GNUNET_HashCode * b) +GNUNET_CRYPTO_hash_distance_u32 (const struct GNUNET_HashCode *a, + const struct GNUNET_HashCode *b) { unsigned int x1 = (a->bits[1] - b->bits[1]) >> 16; unsigned int x2 = (b->bits[1] - a->bits[1]) >> 16; @@ -338,9 +339,9 @@ GNUNET_CRYPTO_hash_create_random (enum GNUNET_CRYPTO_Quality mode, * @param result set to b - a */ void -GNUNET_CRYPTO_hash_difference (const struct GNUNET_HashCode * a, - const struct GNUNET_HashCode * b, - struct GNUNET_HashCode * result) +GNUNET_CRYPTO_hash_difference (const struct GNUNET_HashCode *a, + const struct GNUNET_HashCode *b, + struct GNUNET_HashCode *result) { int i; @@ -393,16 +394,20 @@ GNUNET_CRYPTO_hash_xor (const struct GNUNET_HashCode * a, const struct GNUNET_Ha * @param iv set to a valid initialization vector */ void -GNUNET_CRYPTO_hash_to_aes_key (const struct GNUNET_HashCode * hc, +GNUNET_CRYPTO_hash_to_aes_key (const struct GNUNET_HashCode *hc, struct GNUNET_CRYPTO_AesSessionKey *skey, struct GNUNET_CRYPTO_AesInitializationVector *iv) { - GNUNET_assert (sizeof (struct GNUNET_HashCode) >= - GNUNET_CRYPTO_AES_KEY_LENGTH + - sizeof (struct GNUNET_CRYPTO_AesInitializationVector)); - memcpy (skey, hc, GNUNET_CRYPTO_AES_KEY_LENGTH); - memcpy (iv, &((char *) hc)[GNUNET_CRYPTO_AES_KEY_LENGTH], - sizeof (struct GNUNET_CRYPTO_AesInitializationVector)); + GNUNET_assert (GNUNET_YES == + GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_AesSessionKey), + "Hash key derivation", strlen ("Hash key derivation"), + hc, sizeof (struct GNUNET_HashCode), + NULL, 0)); + GNUNET_assert (GNUNET_YES == + GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_AesInitializationVector), + "Initialization vector derivation", strlen ("Initialization vector derivation"), + hc, sizeof (struct GNUNET_HashCode), + NULL, 0)); } @@ -422,7 +427,7 @@ GNUNET_CRYPTO_hash_get_bit (const struct GNUNET_HashCode * code, unsigned int bi /** * Determine how many low order bits match in two - * struct GNUNET_HashCodes. i.e. - 010011 and 011111 share + * `struct GNUNET_HashCode`s. i.e. - 010011 and 011111 share * the first two lowest order bits, and therefore the * return value is two (NOT XOR distance, nor how many * bits match absolutely!). @@ -455,7 +460,8 @@ GNUNET_CRYPTO_hash_matching_bits (const struct GNUNET_HashCode * first, * @return 1 if h1 > h2, -1 if h1 < h2 and 0 if h1 == h2. */ int -GNUNET_CRYPTO_hash_cmp (const struct GNUNET_HashCode * h1, const struct GNUNET_HashCode * h2) +GNUNET_CRYPTO_hash_cmp (const struct GNUNET_HashCode *h1, + const struct GNUNET_HashCode *h2) { unsigned int *i1; unsigned int *i2; @@ -475,7 +481,7 @@ GNUNET_CRYPTO_hash_cmp (const struct GNUNET_HashCode * h1, const struct GNUNET_H /** - * Find out which of the two GNUNET_CRYPTO_hash codes is closer to target + * Find out which of the two `struct GNUNET_HashCode`s is closer to target * in the XOR metric (Kademlia). * * @param h1 some hash code @@ -484,9 +490,9 @@ GNUNET_CRYPTO_hash_cmp (const struct GNUNET_HashCode * h1, const struct GNUNET_H * @return -1 if h1 is closer, 1 if h2 is closer and 0 if h1==h2. */ int -GNUNET_CRYPTO_hash_xorcmp (const struct GNUNET_HashCode * h1, - const struct GNUNET_HashCode * h2, - const struct GNUNET_HashCode * target) +GNUNET_CRYPTO_hash_xorcmp (const struct GNUNET_HashCode *h1, + const struct GNUNET_HashCode *h2, + const struct GNUNET_HashCode *target) { int i; unsigned int d1; @@ -510,7 +516,7 @@ GNUNET_CRYPTO_hash_xorcmp (const struct GNUNET_HashCode * h1, * @param key authentication key * @param rkey root key * @param salt salt - * @param salt_len size of the salt + * @param salt_len size of the @a salt * @param ... pair of void * & size_t for context chunks, terminated by NULL */ void @@ -531,7 +537,7 @@ GNUNET_CRYPTO_hmac_derive_key (struct GNUNET_CRYPTO_AuthKey *key, * @param key authentication key * @param rkey root key * @param salt salt - * @param salt_len size of the salt + * @param salt_len size of the @a salt * @param argp pair of void * & size_t for context chunks, terminated by NULL */ void @@ -540,8 +546,10 @@ GNUNET_CRYPTO_hmac_derive_key_v (struct GNUNET_CRYPTO_AuthKey *key, const void *salt, size_t salt_len, va_list argp) { - GNUNET_CRYPTO_kdf_v (key->key, sizeof (key->key), salt, salt_len, rkey->key, - sizeof (rkey->key), argp); + GNUNET_CRYPTO_kdf_v (key->key, sizeof (key->key), + salt, salt_len, + rkey, sizeof (struct GNUNET_CRYPTO_AesSessionKey), + argp); } @@ -550,7 +558,7 @@ GNUNET_CRYPTO_hmac_derive_key_v (struct GNUNET_CRYPTO_AuthKey *key, * * @param key secret key * @param plaintext input plaintext - * @param plaintext_len length of plaintext + * @param plaintext_len length of @a plaintext * @param hmac where to store the hmac */ void diff --git a/src/util/crypto_hkdf.c b/src/util/crypto_hkdf.c index c2b96778a..2b9387357 100644 --- a/src/util/crypto_hkdf.c +++ b/src/util/crypto_hkdf.c @@ -275,10 +275,10 @@ hkdf_ok: * @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_... * @param prf_algo hash algorithm for the expansion phase, GCRY_MD_... * @param xts salt - * @param xts_len length of xts + * @param xts_len length of @a xts * @param skm source key material - * @param skm_len length of skm - * @return GNUNET_YES on success + * @param skm_len length of @a skm + * @return #GNUNET_YES on success */ int GNUNET_CRYPTO_hkdf (void *result, size_t out_len, int xtr_algo, int prf_algo, diff --git a/src/util/crypto_kdf.c b/src/util/crypto_kdf.c index 0c957b70c..9424c2350 100644 --- a/src/util/crypto_kdf.c +++ b/src/util/crypto_kdf.c @@ -36,11 +36,11 @@ * @param result buffer for the derived key, allocated by caller * @param out_len desired length of the derived key * @param xts salt - * @param xts_len length of xts + * @param xts_len length of @a xts * @param skm source key material - * @param skm_len length of skm + * @param skm_len length of @a skm * @param argp va_list of void * & size_t pairs for context chunks - * @return GNUNET_YES on success + * @return #GNUNET_YES on success */ int GNUNET_CRYPTO_kdf_v (void *result, size_t out_len, const void *xts, @@ -68,11 +68,11 @@ GNUNET_CRYPTO_kdf_v (void *result, size_t out_len, const void *xts, * @param result buffer for the derived key, allocated by caller * @param out_len desired length of the derived key * @param xts salt - * @param xts_len length of xts + * @param xts_len length of @a xts * @param skm source key material - * @param skm_len length of skm + * @param skm_len length of @a skm * @param ... void * & size_t pairs for context chunks - * @return GNUNET_YES on success + * @return #GNUNET_YES on success */ int GNUNET_CRYPTO_kdf (void *result, size_t out_len, const void *xts, diff --git a/src/util/perf_crypto_aes.c b/src/util/perf_crypto_aes.c new file mode 100644 index 000000000..f02335afe --- /dev/null +++ b/src/util/perf_crypto_aes.c @@ -0,0 +1,76 @@ +/* + This file is part of GNUnet. + (C) 2002, 2003, 2004, 2006 Christian Grothoff (and other contributing authors) + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. +*/ + +/** + * @author Christian Grothoff + * @file util/perf_crypto_aes.c + * @brief measure performance of encryption function + */ +#include "platform.h" +#include "gnunet_common.h" +#include "gnunet_util_lib.h" +#include + + +static void +perfEncrypt () +{ + unsigned int i; + char buf[64 * 1024]; + char rbuf[64 * 1024]; + struct GNUNET_CRYPTO_AesSessionKey sk; + struct GNUNET_CRYPTO_AesInitializationVector iv; + + GNUNET_CRYPTO_aes_create_session_key (&sk); + + memset (buf, 1, sizeof (buf)); + for (i = 0; i < 1024; i++) + { + memset (&iv, (int8_t) i, sizeof (iv)); + GNUNET_CRYPTO_aes_encrypt (buf, sizeof (buf), + &sk, &iv, + rbuf); + GNUNET_CRYPTO_aes_decrypt (rbuf, sizeof (buf), + &sk, &iv, + buf); + } + memset (rbuf, 1, sizeof (rbuf)); + GNUNET_assert (0 == memcmp (rbuf, buf, sizeof (buf))); +} + + +int +main (int argc, char *argv[]) +{ + struct GNUNET_TIME_Absolute start; + + start = GNUNET_TIME_absolute_get (); + perfEncrypt (); + printf ("Encrypt perf took %s\n", + GNUNET_STRINGS_relative_time_to_string (GNUNET_TIME_absolute_get_duration (start), + GNUNET_YES)); + GAUGER ("UTIL", "Symmetric encryption", + 64 * 1024 / (1 + + GNUNET_TIME_absolute_get_duration + (start).rel_value_us / 1000LL), "kb/ms"); + return 0; +} + +/* end of perf_crypto_aes.c */ diff --git a/src/util/test_crypto_aes.c b/src/util/test_crypto_aes.c index 1c5897c1e..a5d49063a 100644 --- a/src/util/test_crypto_aes.c +++ b/src/util/test_crypto_aes.c @@ -28,7 +28,7 @@ #include "gnunet_crypto_lib.h" #define TESTSTRING "Hello World!" -#define INITVALUE "InitializationVectorValue" +#define INITVALUE "InitializationVectorValueinitializationvectorvalue" static int testSymcipher () @@ -68,7 +68,8 @@ testSymcipher () return 0; } -int + +static int verifyCrypto () { struct GNUNET_CRYPTO_AesSessionKey key; @@ -77,25 +78,34 @@ verifyCrypto () int ret; unsigned char plain[] = - { 29, 128, 192, 253, 74, 171, 38, 187, 84, 219, 76, 76, 209, 118, 33, 249, + { + 29, 128, 192, 253, 74, 171, 38, 187, 84, 219, 76, 76, 209, 118, 33, 249, 172, 124, 96, 9, 157, 110, 8, 215, 200, 63, 69, 230, 157, 104, 247, 164 }; - unsigned char raw_key[] = - { 106, 74, 209, 88, 145, 55, 189, 135, 125, 180, 225, 108, 183, 54, 25, + unsigned char raw_key_aes[] = + { + 106, 74, 209, 88, 145, 55, 189, 135, 125, 180, 225, 108, 183, 54, 25, 169, 129, 188, 131, 75, 227, 245, 105, 10, 225, 15, 115, 159, 148, 184, 34, 191 }; + unsigned char raw_key_twofish[] = + { + 145, 55, 189, 135, 125, 180, 225, 108, 183, 54, 25, + 169, 129, 188, 131, 75, 227, 245, 105, 10, 225, 15, 115, 159, 148, 184, + 34, 191, 106, 74, 209, 88 + }; unsigned char encrresult[] = - { 167, 102, 230, 233, 127, 195, 176, 107, 17, 91, 199, 127, 96, 113, 75, - 195, 245, 217, 61, 236, 159, 165, 103, 121, 203, 99, 202, 41, 23, 222, 25, - 102 + { + 161, 152, 186, 231, 214, 55, 225, 206, 85, 43, 80, 134, 145, 198, 20, + 233, 236, 57, 194, 10, 147, 149, 30, 106, 179, 54, 182, 247, 71, 204, + 179, 51, 1 }; res = NULL; ret = 0; - memcpy (key.key, raw_key, GNUNET_CRYPTO_AES_KEY_LENGTH); - + memcpy (key.aes_key, raw_key_aes, GNUNET_CRYPTO_AES_KEY_LENGTH); + memcpy (key.twofish_key, raw_key_twofish, GNUNET_CRYPTO_AES_KEY_LENGTH); if (GNUNET_CRYPTO_AES_KEY_LENGTH != GNUNET_CRYPTO_aes_encrypt (plain, GNUNET_CRYPTO_AES_KEY_LENGTH, &key, (const struct @@ -107,15 +117,17 @@ verifyCrypto () goto error; } - if (memcmp (encrresult, result, GNUNET_CRYPTO_AES_KEY_LENGTH) != 0) + if (0 != memcmp (encrresult, result, GNUNET_CRYPTO_AES_KEY_LENGTH)) { + int i; printf ("Encrypted result wrong.\n"); + for (i=0;i - -#define MAX_WEAK_KEY_TRIALS 100000 -#define GENERATE_WEAK_KEYS GNUNET_NO -#define WEAK_KEY_TESTSTRING "I hate weak keys." - -static void -printWeakKey (struct GNUNET_CRYPTO_AesSessionKey *key) -{ - int i; - - for (i = 0; i < GNUNET_CRYPTO_AES_KEY_LENGTH; i++) - { - printf ("%x ", (int) (key->key[i])); - } -} - -static int -testWeakKey () -{ - char result[100]; - char res[100]; - int size; - struct GNUNET_CRYPTO_AesSessionKey weak_key; - struct GNUNET_CRYPTO_AesInitializationVector INITVALUE; - - memset (&INITVALUE, 42, - sizeof (struct GNUNET_CRYPTO_AesInitializationVector)); - /* sorry, this is not a weak key -- I don't have - * any at the moment! */ - weak_key.key[0] = (char) (0x4c); - weak_key.key[1] = (char) (0x31); - weak_key.key[2] = (char) (0xc6); - weak_key.key[3] = (char) (0x2b); - weak_key.key[4] = (char) (0xc1); - weak_key.key[5] = (char) (0x5f); - weak_key.key[6] = (char) (0x4d); - weak_key.key[7] = (char) (0x1f); - weak_key.key[8] = (char) (0x31); - weak_key.key[9] = (char) (0xaa); - weak_key.key[10] = (char) (0x12); - weak_key.key[11] = (char) (0x2e); - weak_key.key[12] = (char) (0xb7); - weak_key.key[13] = (char) (0x82); - weak_key.key[14] = (char) (0xc0); - weak_key.key[15] = (char) (0xb6); - weak_key.key[16] = (char) (0x4d); - weak_key.key[17] = (char) (0x1f); - weak_key.key[18] = (char) (0x31); - weak_key.key[19] = (char) (0xaa); - weak_key.key[20] = (char) (0x4c); - weak_key.key[21] = (char) (0x31); - weak_key.key[22] = (char) (0xc6); - weak_key.key[23] = (char) (0x2b); - weak_key.key[24] = (char) (0xc1); - weak_key.key[25] = (char) (0x5f); - weak_key.key[26] = (char) (0x4d); - weak_key.key[27] = (char) (0x1f); - weak_key.key[28] = (char) (0x31); - weak_key.key[29] = (char) (0xaa); - weak_key.key[30] = (char) (0xaa); - weak_key.key[31] = (char) (0xaa); - /* memset(&weak_key, 0, 32); */ - size = - GNUNET_CRYPTO_aes_encrypt (WEAK_KEY_TESTSTRING, - strlen (WEAK_KEY_TESTSTRING) + 1, &weak_key, - &INITVALUE, result); - - if (size == -1) - { - GNUNET_break (0); - return 1; - } - - size = GNUNET_CRYPTO_aes_decrypt (result, size, &weak_key, &INITVALUE, res); - - if ((strlen (WEAK_KEY_TESTSTRING) + 1) != size) - { - GNUNET_break (0); - return 1; - } - if (0 != strcmp (res, WEAK_KEY_TESTSTRING)) - { - GNUNET_break (0); - return 1; - } - else - return 0; -} - -static int -getWeakKeys () -{ - struct GNUNET_CRYPTO_AesSessionKey sessionkey; - int number_of_weak_keys = 0; - int number_of_runs; - - gcry_cipher_hd_t handle; - int rc; - - for (number_of_runs = 0; number_of_runs < MAX_WEAK_KEY_TRIALS; - number_of_runs++) - { - - if (number_of_runs % 1000 == 0) - FPRINTF (stderr, "%s", "."); - /*printf("Got to run number %d.\n", number_of_runs); */ - GNUNET_CRYPTO_aes_create_session_key (&sessionkey); - - rc = gcry_cipher_open (&handle, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CFB, - 0); - - if (rc) - { - printf ("testweakkey: gcry_cipher_open failed on trial %d. %s\n", - number_of_runs, gcry_strerror (rc)); - continue; - } - - rc = gcry_cipher_setkey (handle, &sessionkey, GNUNET_CRYPTO_AES_KEY_LENGTH); - - if ((char) rc == GPG_ERR_WEAK_KEY) - { - printf ("\nWeak key (in hex): "); - printWeakKey (&sessionkey); - printf ("\n"); - number_of_weak_keys++; - } - else if (rc) - { - printf ("\nUnexpected error generating keys. Error is %s\n", - gcry_strerror (rc)); - } - - gcry_cipher_close (handle); - - } - - return number_of_weak_keys; -} - -int -main (int argc, char *argv[]) -{ - int weak_keys; - - GNUNET_log_setup ("test-crypto-aes-weak", "WARNING", NULL); - if (GENERATE_WEAK_KEYS) - { - weak_keys = getWeakKeys (); - - if (weak_keys == 0) - { - printf ("\nNo weak keys found in %d runs.\n", MAX_WEAK_KEY_TRIALS); - } - else - { - printf ("\n%d weak keys found in %d runs.\n", weak_keys, - MAX_WEAK_KEY_TRIALS); - } - } - - if (testWeakKey () != 0) - return -1; - return 0; -} - -/* end of weakkeytest.c */ diff --git a/src/util/test_crypto_hash.c b/src/util/test_crypto_hash.c index a8ef39a38..2a5d6d773 100644 --- a/src/util/test_crypto_hash.c +++ b/src/util/test_crypto_hash.c @@ -65,8 +65,6 @@ testEncoding () static int testArithmetic () { - static struct GNUNET_CRYPTO_AesSessionKey zskey; - static struct GNUNET_CRYPTO_AesInitializationVector ziv; struct GNUNET_HashCode h1; struct GNUNET_HashCode h2; struct GNUNET_HashCode d; @@ -100,9 +98,6 @@ testArithmetic () return 1; memset (&d, 0, sizeof (d)); GNUNET_CRYPTO_hash_to_aes_key (&d, &skey, &iv); - if ((0 != memcmp (&skey, &zskey, sizeof (skey) - sizeof (unsigned int))) || - (0 != memcmp (&iv, &ziv, sizeof (iv)))) - return 1; return 0; } -- cgit v1.2.3