[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: worked on crypto
From: |
gnunet |
Subject: |
[taler-anastasis] branch master updated: worked on crypto |
Date: |
Tue, 31 Mar 2020 22:34:47 +0200 |
This is an automated email from the git hooks/post-receive script.
dennis-neufeld pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new 9612023 worked on crypto
9612023 is described below
commit 96120230b965fd839b9adf06d88f6a7329642f05
Author: Dennis Neufeld <address@hidden>
AuthorDate: Tue Mar 31 20:34:40 2020 +0000
worked on crypto
---
src/util/anastasis_crypto.c | 83 ++++++++++++++++++++-------------------------
1 file changed, 37 insertions(+), 46 deletions(-)
diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c
index e6cb0c6..e706b7e 100644
--- a/src/util/anastasis_crypto.c
+++ b/src/util/anastasis_crypto.c
@@ -94,8 +94,8 @@ anastasis_encrypt (const void *msec,
const void *data,
size_t data_size,
const char *salt,
- void *res,
- size_t res_size)
+ void **res,
+ size_t *res_size)
{
struct ANASTASIS_CRYPTO_Nonce *nonce;
gcry_cipher_hd_t cipher;
@@ -105,11 +105,13 @@ anastasis_encrypt (const void *msec,
struct ANASTASIS_CRYPTO_AesTag *tag;
char *ciphertext;
- res_size = data_size + sizeof(struct ANASTASIS_CRYPTO_Nonce)
- + GCM_TAG_SIZE;
- res = GNUNET_malloc (res_size);
- GNUNET_assert (res_size == data_size + sizeof (*nonce) + sizeof (*tag));
- nonce = (struct ANASTASIS_CRYPTO_Nonce*) res;
+ *res_size = data_size + sizeof(struct ANASTASIS_CRYPTO_Nonce)
+ + sizeof(struct ANASTASIS_CRYPTO_AesTag);
+ *res = GNUNET_malloc (*res_size);
+ GNUNET_assert (*res_size == data_size
+ + sizeof (struct ANASTASIS_CRYPTO_Nonce)
+ + sizeof(struct ANASTASIS_CRYPTO_AesTag));
+ nonce = (struct ANASTASIS_CRYPTO_Nonce *) *res;
tag = (struct ANASTASIS_CRYPTO_AesTag *) &nonce[1];
ciphertext = (char *) &tag[1];
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
@@ -130,7 +132,7 @@ anastasis_encrypt (const void *msec,
sizeof (sym_key));
GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
rc = gcry_cipher_setiv (cipher,
- &iv,
+ iv,
sizeof (iv));
GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
@@ -143,7 +145,7 @@ anastasis_encrypt (const void *msec,
GNUNET_assert (0 ==
gcry_cipher_gettag (cipher,
tag,
- GCM_TAG_SIZE));
+ sizeof(struct ANASTASIS_CRYPTO_AesTag)));
gcry_cipher_close (cipher);
}
@@ -166,15 +168,28 @@ anastasis_decrypt (const void *msec,
void **res,
size_t *res_size)
{
- struct ANASTASIS_CRYPTO_Nonce nonce;
+ struct ANASTASIS_CRYPTO_Nonce *nonce;
gcry_cipher_hd_t cipher;
char sym_key[AES_KEY_SIZE];
char iv[AES_IV_SIZE];
int rc;
+ struct ANASTASIS_CRYPTO_AesTag *tag;
+ char *ciphertext;
- memcpy (&nonce, data, sizeof (struct ANASTASIS_CRYPTO_Nonce));
- get_iv_key (msec, &nonce, salt, sym_key, iv);
-
+ *res_size = data_size - sizeof (struct ANASTASIS_CRYPTO_Nonce)
+ - sizeof(struct ANASTASIS_CRYPTO_AesTag);
+ *res = GNUNET_malloc (*res_size);
+ GNUNET_assert (*res_size == data_size
+ - sizeof (struct ANASTASIS_CRYPTO_Nonce)
+ - sizeof(struct ANASTASIS_CRYPTO_AesTag));
+ nonce = (struct ANASTASIS_CRYPTO_Nonce *) data;
+ tag = (struct ANASTASIS_CRYPTO_AesTag *) &nonce[1];
+ ciphertext = (char *) &tag[1];
+ get_iv_key (msec,
+ nonce,
+ salt,
+ sym_key,
+ iv);
GNUNET_assert (0 == gcry_cipher_open (&cipher,
GCRY_CIPHER_AES256,
GCRY_CIPHER_MODE_GCM,
@@ -185,22 +200,19 @@ anastasis_decrypt (const void *msec,
GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
rc = gcry_cipher_setiv (cipher,
- &iv,
+ iv,
sizeof (iv));
GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
GNUNET_assert (0 == gcry_cipher_decrypt (cipher,
- *res, *res_size,
- data
- + sizeof (struct
- ANASTASIS_CRYPTO_Nonce)
- + GCM_TAG_SIZE,
+ *res,
+ *res_size,
+ ciphertext,
*res_size));
GNUNET_assert (0 == gcry_cipher_checktag (cipher,
- data
- + sizeof (struct
- ANASTASIS_CRYPTO_Nonce),
- GCM_TAG_SIZE));
+ tag,
+ sizeof(struct
+ ANASTASIS_CRYPTO_AesTag)));
gcry_cipher_close (cipher);
}
@@ -294,11 +306,7 @@ ANASTASIS_CRYPTO_recovery_document_encrypt (
size_t *res_size)
{
char *salt = "erd";
-
- *res_size = data_size + sizeof(struct ANASTASIS_CRYPTO_Nonce)
- + GCM_TAG_SIZE;
- *res = GNUNET_malloc (*res_size);
- anastasis_encrypt (id, data, data_size, salt, *res, *res_size);
+ anastasis_encrypt (id, data, data_size, salt, res, res_size);
}
@@ -323,9 +331,6 @@ ANASTASIS_CRYPTO_recovery_document_decrypt (
size_t *res_size)
{
char *salt = "erd";
- *res_size = data_size - sizeof (struct ANASTASIS_CRYPTO_Nonce)
- - GCM_TAG_SIZE;
- *res = GNUNET_malloc (*res_size);
anastasis_decrypt (id, data, data_size, salt, res, res_size);
}
@@ -346,16 +351,12 @@ ANASTASIS_CRYPTO_key_share_encrypt (
size_t *res_size)
{
char *salt = "eks";
- *res_size = sizeof (struct ANASTASIS_CRYPTO_KeyShare)
- + sizeof (struct ANASTASIS_CRYPTO_Nonce)
- + GCM_TAG_SIZE;
- *res = GNUNET_malloc (*res_size);
/* FIXME: the HKDF (in get_iv_key()) should be able to take additional
bits from the response (e.g. some hash over the answer to the
security question, see 12.6.-> interface EncryptedKeyShare in spec)
*/
anastasis_encrypt (id, key_share, sizeof (struct ANASTASIS_CRYPTO_KeyShare),
- salt, *res, *res_size);
+ salt, res, res_size);
}
@@ -377,8 +378,6 @@ ANASTASIS_CRYPTO_key_share_decrypt (
size_t *ks_size)
{
char *salt = "eks";
- *ks_size = sizeof (struct ANASTASIS_CRYPTO_KeyShare);
- *key_share = GNUNET_malloc (*ks_size);
anastasis_decrypt (id, enc_key_share, eks_size, salt, key_share, ks_size);
}
@@ -404,10 +403,6 @@ ANASTASIS_CRYPTO_truth_encrypt (
size_t *res_size)
{
char *salt = "ect";
- *res_size = data_size
- + sizeof (struct ANASTASIS_CRYPTO_Nonce)
- + GCM_TAG_SIZE;
- *res = GNUNET_malloc (*res_size);
anastasis_encrypt (truth_enc_key, data, data_size, salt, res, res_size);
}
@@ -432,10 +427,6 @@ ANASTASIS_CRYPTO_truth_decrypt (
size_t *res_size)
{
char *salt = "ect";
- *res_size = data_size
- - sizeof (struct ANASTASIS_CRYPTO_Nonce)
- - GCM_TAG_SIZE;;
- *res = GNUNET_malloc (*res_size);
anastasis_decrypt (truth_enc_key, data, data_size, salt, res, res_size);
}
--
To stop receiving notification emails like this one, please contact
address@hidden.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-anastasis] branch master updated: worked on crypto,
gnunet <=