[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: crypto library work
From: |
gnunet |
Subject: |
[taler-anastasis] branch master updated: crypto library work |
Date: |
Sun, 22 Mar 2020 23:21:08 +0100 |
This is an automated email from the git hooks/post-receive script.
ds-meister pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new aa9406d crypto library work
aa9406d is described below
commit aa9406d015ed7cc97aa8416eb0b9a69d88ae614f
Author: Dominik Meister <address@hidden>
AuthorDate: Sun Mar 22 23:20:51 2020 +0100
crypto library work
---
src/include/anastasis_crypto_lib.h | 370 ++++++++++++++++++++++---------------
1 file changed, 219 insertions(+), 151 deletions(-)
diff --git a/src/include/anastasis_crypto_lib.h
b/src/include/anastasis_crypto_lib.h
index b862c10..4031207 100644
--- a/src/include/anastasis_crypto_lib.h
+++ b/src/include/anastasis_crypto_lib.h
@@ -1,232 +1,300 @@
-#include "anastasis_service.h"
-#include <uuid/uuid.h>
-
-struct TruthData
-{
- const void *truth;
- size_t truth_size;
- const char *truth_mime;
-};
-
+/*
+ This file is part of TALER
+ Copyright (C) 2014-2017 Inria & GNUnet e.V.
-struct ANASTASIS_CRYPTO_RecoveryDocument;
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
-struct ANASTASIS_CRYPTO_EscrowMethod;
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-struct ANASTASIS_CRYPTO_Policy;
+ You should have received a copy of the GNU General Public License along with
+ TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+*/
-// => high level API
-struct ANASTASIS_CRYPTO_TruthUploadRequest;
-
-struct ANASTASIS_CRYPTO_Encrypted_KeyShare;
-
-struct ANASTAIS_CRYPTO_Encrypted_Truth;
+#include "anastasis_service.h"
+#include "anastasis.h"
-struct ANASTASIS_CRYPTO_AccountSignatureP
+/**
+ * An EdDSA public key that is used to identify a user's account.
+ */
+ struct ANASTASIS_CRYPTO_AccountSignature
{
- struct GNUNET_CRYPTO_EddsaSignature eddsa_sig;
+ struct GNUNET_CRYPTO_EddsaPublicKey pub;
};
-
+/**
+ * Specifies a Key Share from an escrow provider, the combined keyshares
generate the EscrowMasterKey
+ * which is used to decrypt the Secret from the user.
+*/
struct ANASTASIS_CRYPTO_KeyShare
{
uint32_t key[8];
};
-
-struct ANASTASIS_CRYPTO_truth_key
+/**
+ * Specifies a TruthKey which is used to decrypt the Truth stored by the user.
+*/
+struct ANASTASIS_CRYPTO_TruthKey
{
uint32_t key[8];
};
+/**
+ * Specifies a Salt value, here 32 Byte large.
+*/
struct ANASTASIS_CRYPTO_Salt
{
uint32_t key[8];
};
-struct ANASTASIS_CRYPTO_encMasterkey
+/**
+ * Specifies an encrypted Master Key, the master key is the user provided
secret.
+*/
+struct ANASTASIS_CRYPTO_EncryptedMasterKey
{
- uint32_t key[8];
+ void *encrypted_master_key;
+ size_t encrypted_master_key_size;
};
+/**
+ * Specifies a Nonce used for the AES encryption, here defined as 32Byte large.
+*/
struct ANASTASIS_CRYPTO_Nonce
{
uint32_t nonce[8];
};
-struct ANASTASIS_CRYPTO_AES_Tag
+/**
+ * Specifies an IV used for the AES encryption, here defined as 12Byte large.
+*/
+struct ANASTASIS_CRYPTO_Iv
+{
+ uint32_t iv[3];
+};
+
+/**
+ * Specifies an AES Tag used for the AES authentication, here defined as 16
Byte large.
+*/
+struct ANASTASIS_CRYPTO_AesTag
{
uint32_t aes_tag[4];
};
/**
- * The UserIdentifier is a Hash from the secret, see kdf_id definition in the
API
+ * The escrow master key is the key used to encrypt the user secret
(MasterKey).
*/
struct ANASTASIS_CRYPTO_EscrowMasterKey
{
uint32_t key[8];
};
+
/**
- * The UserIdentifier is a Hash from the secret, see kdf_id definition in the
API
+ * The user identifier consists of user information and the server salt. It is
used as
+ * entropy source to generate the account public key and the encryption keys.
*/
struct ANASTASIS_CRYPTO_UserIdentifier
{
uint32_t hash[8];
};
+
/**
- * the uuids are used as Identifiers for the Truths
+ * Creates the UserIdentifier, it is used as entropy source for the encryption
keys and
+ * for the public and private key for signing the data.
+ * @param id_data JSON encoded data, which contains the raw user secret and a
server salt
*/
-struct ANASTASIS_CRYPTO_EscrowUuid
-{
- uuid_t uuid;
-};
+struct ANASTASIS_CRYPTO_UserIdentifier *
+ANASTASIS_CRYPTO_user_identifier_create (const json_t *id_data);
/**
- * id_data contains the secret provided by the user and the server salt for
the Generation of the keys
- * @param id Reference to the generated Hash
- * @param id_data JSON encoded data, which contains the raw user secret and a
server salt
+ * Destroys a user identifier
+ * @param id handle for the identifier
*/
void
-ANASTASIS_CRYPTO_uid_hash (const json_t *id_data,
- struct ANASTASIS_CRYPTO_UserIdentifier *id);
+ANASTASIS_CRYPTO_user_identifier_destroy (
+ struct ANASTASIS_CRYPTO_UserIdentifier *id);
/**
- * Generates the eddsa public Key from the private Key
- * @param privP generated eddsa private key
- * @return AccountPrivP the generated eddsa private Key
+ * Generates the eddsa public Key used as the account identifier on the
providers
+ * @param id holds a hashed user secret which is used as entropy source for
the public key generation
+ * @return pub the generated eddsa public Key
+ */
+struct ANASTASIS_CRYPTO_AccountSignature *
+ANASTASIS_CRYPTO_account_signature_create (
+ const struct ANASTASIS_CRYPTO_UserIdentifier *id);
+
+/**
+ * Destroys an account signature
+ * @param as handle for the signature
*/
void
-ANASTASIS_CRYPTO_pubKey (const struct ANASTASIS_CRYPTO_UserIdentifier *id,
- struct ANASTASIS_AccountPubP *pub);
+ANASTASIS_CRYPTO_account_signature_destroy (
+ struct ANASTASIS_CRYPTO_AccountSignature *as);
/**
- * Encrypt and signs the Recoverydocument
+ * Encrypt and signs the recovery document with AES256, the recovery document
is
+ * encrypted with a derivation from the user identifier and the salt "erd".
*
- * @param p Reference to the Recoverydocument which should be encrypted
+ * @param rd Reference to the recovery document which should be encrypted
* @param id Hashed User input, used for the generation of the encryption key
- * @param res return from the result, which contains the encrypted
recoverydocument
+ * @param res return from the result, which contains the encrypted recovery
document
* and the nonce and iv used for the encryption as Additional Data
* @param res_size size of the result
* @return int Status code FIXME
*/
int
-ANASTASIS_CRYPTO_recovery_document_encrypt (const struct
- ANASTASIS_CRYPTO_RecoveryDocument
*p,
- const struct
- ANASTASIS_CRYPTO_UserIdentifier
*id,
- void **res,
- size_t *res_size,
- struct
- ANASTASIS_CRYPTO_AccountSignatureP
*
- sig);
-
-/**
- * Encrypts the Recoverydocument -- yeah,right.
+ANASTASIS_CRYPTO_recovery_document_encrypt (
+ const struct ANASTASIS_RecoveryDocument *rd,
+ const struct ANASTASIS_CRYPTO_UserIdentifier *id,
+ void **res,
+ size_t *res_size);
+
+/**
+ * Decrypts the recovery document with AES256, the decryption key is generated
with
+ * the user identifier provided by the user and the salt "erd". The nonce and
IV used for the encryption
+ * are the first 48Byte of the data.
*
* @param id Hashed User input, used for the generation of the encryption key
- * @param data, contains the encrypted Recoverydocument and the nonce and iv
used for the encryption.
+ * @param data, contains the encrypted recovery document and the nonce and iv
used for the encryption.
* @param data_size size of the data
* @return Decrypted Recovery Document, or NULL on error
*/
struct ANASTASIS_RecoveryDocument *
-ANASTASIS_CRYPTO_recovery_document_decrypt (const struct
- ANASTASIS_CRYPTO_UserIdentifier
*id,
- const void *data,
- size_t data_size);
+ANASTASIS_CRYPTO_recovery_document_decrypt (
+ const struct ANASTASIS_CRYPTO_UserIdentifier *id,
+ const void *data,
+ size_t data_size);
+/**
+ * Destroys a recovery document
+ * @param rd handle for the recovery document
+ */
+void
+ANASTASIS_CRYPTO_recovery_document_destroy (
+ struct ANASTASIS_RecoveryDocument *rd);
-struct ANASTASIS_CRYPTO_EscrowMasterKey *
-ANASTASIS_CRYPTO_escrow_master_key_create (const struct
- ANASTASIS_CRYPTO_KeyShare *keyShare,
- unsigned int keyshare_length);
-
-
-struct ANASTASIS_CRYPTO_Policy *
-ANSTASIS_CRYPTO_policy_create (const struct
- ANASTASIS_CRYPTO_Salt *
- salt,
- struct
- ANASTASIS_CRYPTO_encMasterkey *
- masterkey,
- const struct
- ANASTASIS_CRYPTO_EscrowUuid *
- uuid,
- unsigned int uuid_length);
-
-
-struct ANASTASIS_CRYPTO_EscrowMethod *
-ANASTASIS_CRYPTO_escrow_method_create (
- const char *base_url,
- const char *method,
- struct ANASTASIS_CRYPTO_EscrowUuid *uuid,
- struct ANASTASIS_CRYPTO_truth_key *key,
- struct ANASTASIS_CRYPTO_Salt *salt,
- void *challenge,
- size_t challange_size);
-
-
-struct ANASTASIS_CRYPTO_RecoveryDocument *
-ANASTASIS_CRYPTO_recovery_document_create (struct
- ANASTASIS_CRYPTO_EscrowMethod *
- escrow_methods,
- unsigned int escrow_methods_length,
- struct
- ANASTASIS_CRYPTO_Policy *
- policies,
- unsigned int policies_length);
-
-
-struct ANASTASIS_CRYPTO_TruthUploadRequest *
-ANASTASIS_CRYPTO_truth_upload_request_create (
- struct ANASTASIS_CRYPTO_Encrypted_KeyShare *encryptedKeyShare,
- const char *method,
- struct ANASTASIS_CRYPTO_Nonce *nonce,
- struct ANASTASIS_CRYPTO_AES_Tag *aesTag,
- struct ANASTAIS_CRYPTO_Encrypted_Truth *truth,
- const char *truth_mime);
-
-
-struct ANASTASIS_CRYPTO_Encrypted_KeyShare *
-ANASTASIS_CRYPTO_encrypted_keyshare_create (struct
- ANASTASIS_CRYPTO_Nonce *
- nonce,
- struct
- ANASTASIS_CRYPTO_AES_Tag *
- aesTag,
- struct
- ANASTASIS_CRYPTO_KeyShare *
- keyShare);
-
-
-struct TruthData *
-ANASTASIS_CRYPTO_truth_decrypt (const struct
- ANASTAIS_CRYPTO_Encrypted_Truth *et,
- const struct ANASTASIS_CRYPTO_truth_key *tk);
-
-
-const struct ANASTAIS_CRYPTO_Encrypted_Truth *
-ANASTASIS_CRYPTO_truth_encrypt (struct TruthData *td,
- const struct ANASTASIS_CRYPTO_truth_key *tk);
+/**
+ * Generates the escrow master key, the escrow masterkey consists of multiple
+ * keyshares. It is used to encrypt the masterkey(secret) from the user.
+ * FIXME How is it generated
+ *
+ * @param key_shares array of multiple keyshares which are combined
+ * @param keyshare_length specifies the amount of keyshares
+ */
+struct ANASTASIS_CRYPTO_EscrowMasterKey *
+ANASTASIS_CRYPTO_escrow_master_key_create (
+ const struct ANASTASIS_CRYPTO_KeyShare *key_shares,
+ unsigned int keyshare_length);
+/**
+ * Destroys a escrow master key
+ * @param emk handle for the escrow master key
+ */
void
-ANASTASIS_CRYPTO_recovery_document_destroy (struct
- ANASTASIS_CRYPTO_RecoveryDocument
*p);
+ANASTASIS_CRYPTO_escrow_master_key_destroy (
+ struct ANASTASIS_CRYPTO_EscrowMasterKey *emk);
-void
-ANASTASIS_CRYPTO_escrow_method_destroy (struct
- ANASTASIS_CRYPTO_EscrowMethod *p);
+/**
+ * Encrypts the master key of the user with the escrow master key with
AES256-GCM.
+ *
+ * @param escrow_master_key the escrow master key which is built with several
key shares is used for the encryption
+ * @param data holds the user provided key to encrypt and safe
+ * @param data_size the size of the key
+ * @return EncryptedMasterKey with the key and IV, Nonce and the AES Tag as
additional data or NULL on failure
+ */
+struct ANASTASIS_CRYPTO_EncryptedMasterKey *
+ANASTASIS_CRYPTO_master_key_encrypt (
+ const struct ANASTASIS_CRYPTO_EscrowMasterKey *escrow_master_key,
+ const void *data,
+ size_t data_size);
-void
-ANASTASIS_CRYPTO_policy_destroy (struct
- ANASTASIS_CRYPTO_Policy *p);
+/**
+ * Decrypts the master key of the user with the escrow master key with
AES256-GCM and the provided
+ * IV, Nonce. Verifies it afterwards with the AES Tag.
+ *
+ * @param escrow_master_key the escrow master key which is built with several
key shares is used for the encryption
+ * @param encrypted_master_key contains the encrypted key with the IV and
Nonce used to encrypt the key
+ * @param res holds the decrypted master key
+ * @param res_size the size of the master key
+ * @return Status code FIXME
+ */
+int
+ANASTASIS_CRYPTO_master_key_decrypt (
+ const struct ANASTASIS_CRYPTO_EscrowMasterKey *escrow_master_key,
+ const struct ANASTASIS_CRYPTO_EncryptedMasterKey *encrypted_master_key,
+ void **res,
+ size_t *res_size);
+/**
+ * Destroys an encrypted master key
+ * @param emk handle for the encrypted master key
+ */
void
-ANASTASIS_CRYPTO_truth_destroy (struct ANASTASIS_CRYPTO_TruthUploadRequest *p);
+ANASTASIS_CRYPTO_master_key_destroy (
+ struct ANASTASIS_CRYPTO_EncryptedMasterKey *emk);
-void
-ANASTASIS_CRYPTO_encrypted_keyshare_destroy (struct
-
ANASTASIS_CRYPTO_Encrypted_KeyShare
- *p);
+/**
+ * Encrypts a keyshare with a key generated with the user identification as
entropy and the salt "eks".
+ *
+ * @param key_share the key share which is afterwards encrypted
+ * @param id the user identification which is the entropy source for the key
generation
+ * @param res holds the encrypted share, the first 48 Bytes are the used nonce
and iv
+ * @param res_size defines the size of the data
+ * @return Status Code FIXME
+ */
+int
+ANASTASIS_CRYPTO_key_share_encrypt (
+ const struct ANASTASIS_CRYPTO_KeyShare *key_share,
+ const struct ANASTASIS_CRYPTO_UserIdentifier *id,
+ void **res,
+ void *res_size);
+/**
+ * Decrypts a keyshare with a key generated with the user identification as
entropy and the salt "eks".
+ *
+ * @param id the user identification which is the entropy source for the key
generation
+ * @param data holds the encrypted share, the first 48 Bytes are the used
nonce and iv
+ * @param data_size defines the size of the data
+ * @return keyshare or NULL on error
+ */
+struct ANASTASIS_CRYPTO_KeyShare *
+ANASTASIS_CRYPTO_key_share_decrypt (
+ const struct ANASTASIS_CRYPTO_UserIdentifier *id,
+ const void *data,
+ size_t data_size);
+
+/**
+ * Destroys a key share
+ * @param ks handle for the key share
+ */
void
-ANASTASIS_CRYPTO_encrypted_truth_destroy (struct
- ANASTAIS_CRYPTO_Encrypted_Truth *p);
+ANASTASIS_CRYPTO_key_share_destroy (
+ struct ANASTASIS_CRYPTO_KeyShare *ks);
+
+/**
+ * Encrypts the truth data which contains the hashed answer or the phone
number..
+ * It is encrypted with AES256, the key is generated with the user
identification as
+ * entropy source and the salt "ect".
+ *
+ * @param t Reference to the truth which should be encrypted
+ * @param id Hashed User input, used for the generation of the encryption key
+ * @param res return from the result, which contains the encrypted truth
+ * and the nonce and iv used for the encryption as Additional Data
+ * @param res_size size of the result
+ * @return int Status code FIXME
+ */
+int
+ANASTASIS_CRYPTO_truth_encrypt (
+ const struct ANASTASIS_Truth *t,
+ const struct ANASTASIS_CRYPTO_UserIdentifier *id,
+ void **res,
+ size_t *res_size);
+
+/*
+struct ANASTASIS_CRYPTO_TruthKey *
+ANASTASIS_CRYPTO_truth_key_create (
+ const struct ANASTASIS_CRYPTO_Iv *iv,
+ const struct ANASTASIS_CRYPTO_Nonce *nonce,
+ const struct ANASTASIS_CRYPTO_UserIdentifier *id);
+*/
--
To stop receiving notification emails like this one, please contact
address@hidden.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-anastasis] branch master updated: crypto library work,
gnunet <=