[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] 01/02: worked on crypto lib
From: |
gnunet |
Subject: |
[taler-anastasis] 01/02: worked on crypto lib |
Date: |
Mon, 23 Mar 2020 23:52:02 +0100 |
This is an automated email from the git hooks/post-receive script.
ds-meister pushed a commit to branch master
in repository anastasis.
commit 29eabb34afbd32b69fc948c2d5fc8e0440f0c897
Author: Dominik Meister <address@hidden>
AuthorDate: Mon Mar 23 23:51:09 2020 +0100
worked on crypto lib
---
src/util/anastasis_crypto.c | 107 ++++++++++++++++++++++++++++----------------
1 file changed, 69 insertions(+), 38 deletions(-)
diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c
index 19874f8..55ff82f 100644
--- a/src/util/anastasis_crypto.c
+++ b/src/util/anastasis_crypto.c
@@ -26,6 +26,7 @@
#include <gcrypt.h>
#include <taler/taler_json_lib.h>
#include <gnunet/gnunet_util_lib.h>
+#include <string.h>
/**
* Creates the UserIdentifier, it is used as entropy source for the encryption
keys and
@@ -62,6 +63,8 @@ ANASTASIS_CRYPTO_account_public_key_derive (
struct ANASTASIS_CRYPTO_AccountPublicKey *pub_key,
const struct ANASTASIS_CRYPTO_UserIdentifier *id)
{
+
+ //FIXME Muss zuerst HKDF mit "ver" als salt gemacht werden !
struct GNUNET_CRYPTO_EddsaPrivateKey priv_key;
char *val;
val = GNUNET_STRINGS_data_to_string_alloc (&id,
@@ -95,47 +98,75 @@ ANASTASIS_CRYPTO_recovery_document_encrypt (
void **res,
size_t *res_size)
{
- char key[256 / 8];
- char iv[96 / 8];
+ struct ANASTASIS_CRYPTO_Nonce nonce;
+ struct ANASTASIS_CRYPTO_Iv iv;
+ gcry_cipher_hd_t cipher;
+ char ciphertext[data_size];
+ char *str_id;
+ char *str_nonce;
+ unsigned int i;
+ char sym_key[32];
+ char source_key_material[64];
+ void *erd;
+
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
+ &nonce,
+ sizeof (nonce));
+
+ //FIXME IV CREATION
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
+ &iv,
+ sizeof (iv));
+
+ str_id = GNUNET_STRINGS_data_to_string_alloc (&id,
+ sizeof (id));
+
+ str_nonce = GNUNET_STRINGS_data_to_string_alloc (&nonce,
+ sizeof (nonce));
+ strcpy(source_key_material, str_id);
+ strcat(source_key_material, str_nonce);
+
+ GNUNET_assert (0 == (GNUNET_CRYPTO_hkdf (sym_key,
+ sizeof(sym_key),
+ GCRY_MD_SHA512,
+ GCRY_MD_SHA256,
+ "erd",
+ (size_t)3,
+ source_key_material,
+ sizeof(source_key_material))));
+ gcry_cipher_open (&cipher,
+ GCRY_CIPHER_AES256,
+ GCRY_CIPHER_MODE_GCM,
+ 0);
+ gcry_cipher_setkey (cipher,
+ sym_key,
+ sizeof (sym_key));
+ gcry_cipher_setiv (cipher,
+ &iv,
+ sizeof (iv));
+ gcry_cipher_encrypt (cipher,
+ ciphertext,
+ sizeof (ciphertext),
+ data,
+ data_size);
+ gcry_cipher_close (cipher);
+
+ res_size = sizeof (ciphertext) + sizeof(nonce) + sizeof(iv);
+ erd = GNUNET_malloc (res_size);
+ memcpy (erd,
+ &nonce,
+ sizeof(nonce));
+ memcpy (erd + sizeof(nonce),
+ &iv,
+ sizeof(iv));
+ memcpy (erd + sizeof(nonce) + sizeof(iv),
+ ciphertext,
+ sizeof(ciphertext));
+ *res = (void *) erd;
+}
- const void *buf;
- int rc;
- gcry_cipher_hd_t handle;
- GNUNET_break (0 == gcry_kdf_derive (buf,
- strlen (buf),
- GCRY_KDF_SCRYPT,
- 1 /* subalgo */,
- "erd",
- strlen ("erd"),
- 2 /* iterations; keep cost of individual
op small */,
- sizeof(twofish_key),
- &twofish_key));
- GNUNET_CRYPTO_kdf (twofish_iv,
- sizeof (twofish_iv),
- "gnunet-proof-of-work-iv",
- strlen ("gnunet-proof-of-work-iv"),
- twofish_key,
- sizeof(twofish_key),
- salt,
- strlen (salt),
- NULL, 0);
- GNUNET_assert (0 ==
- gcry_cipher_open (&handle, GCRY_CIPHER_TWOFISH,
- GCRY_CIPHER_MODE_CFB, 0));
- rc = gcry_cipher_setkey (handle,
- twofish_key,
- sizeof(twofish_key));
- GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
- rc = gcry_cipher_setiv (handle,
- twofish_iv,
- sizeof(twofish_iv));
- GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
- GNUNET_assert (0 == gcry_cipher_encrypt (handle, &rbuf, buf_len, buf,
- buf_len));
- gcry_cipher_close (handle);
-}
/**
* Decrypts the recovery document with AES256, the decryption key is generated
with
--
To stop receiving notification emails like this one, please contact
address@hidden.