gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-anastasis] 01/02: worked on crypto lib

From: gnunet
Subject: [taler-anastasis] 01/02: worked on crypto lib
Date: Mon, 23 Mar 2020 23:52:02 +0100 
This is an automated email from the git hooks/post-receive script.

ds-meister pushed a commit to branch master
in repository anastasis.

commit 29eabb34afbd32b69fc948c2d5fc8e0440f0c897
Author: Dominik Meister <address@hidden>
AuthorDate: Mon Mar 23 23:51:09 2020 +0100

    worked on crypto lib
---
 src/util/anastasis_crypto.c | 107 ++++++++++++++++++++++++++++----------------
 1 file changed, 69 insertions(+), 38 deletions(-)

diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c
index 19874f8..55ff82f 100644
--- a/src/util/anastasis_crypto.c
+++ b/src/util/anastasis_crypto.c
@@ -26,6 +26,7 @@
 #include <gcrypt.h>
 #include <taler/taler_json_lib.h>
 #include <gnunet/gnunet_util_lib.h>
+#include <string.h>
 
 /**
  * Creates the UserIdentifier, it is used as entropy source for the encryption 
keys and
@@ -62,6 +63,8 @@ ANASTASIS_CRYPTO_account_public_key_derive (
   struct ANASTASIS_CRYPTO_AccountPublicKey *pub_key,
   const struct ANASTASIS_CRYPTO_UserIdentifier *id)
 {
+
+  //FIXME Muss zuerst HKDF mit "ver" als salt gemacht werden !
   struct GNUNET_CRYPTO_EddsaPrivateKey priv_key;
   char *val;
   val = GNUNET_STRINGS_data_to_string_alloc (&id,
@@ -95,47 +98,75 @@ ANASTASIS_CRYPTO_recovery_document_encrypt (
   void **res,
   size_t *res_size)
 {
-  char key[256 / 8];
-  char iv[96 / 8];
+  struct ANASTASIS_CRYPTO_Nonce nonce;
+  struct ANASTASIS_CRYPTO_Iv iv;
+  gcry_cipher_hd_t cipher;
+  char ciphertext[data_size];
+  char *str_id;
+  char *str_nonce;
+  unsigned int i;
+  char sym_key[32];
+  char source_key_material[64];
+  void *erd;
+
+  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
+                              &nonce,
+                              sizeof (nonce));
+
+  //FIXME IV CREATION
+  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
+                              &iv,
+                              sizeof (iv));
+
+  str_id = GNUNET_STRINGS_data_to_string_alloc (&id,
+                                                sizeof (id));
+
+  str_nonce = GNUNET_STRINGS_data_to_string_alloc (&nonce,
+                                                   sizeof (nonce));
+  strcpy(source_key_material, str_id);
+  strcat(source_key_material, str_nonce);
+
+  GNUNET_assert (0 == (GNUNET_CRYPTO_hkdf (sym_key,
+                                           sizeof(sym_key),
+                                           GCRY_MD_SHA512,
+                                           GCRY_MD_SHA256,
+                                           "erd",
+                                           (size_t)3,
+                                           source_key_material,
+                                           sizeof(source_key_material))));
+  gcry_cipher_open (&cipher,
+                    GCRY_CIPHER_AES256,
+                    GCRY_CIPHER_MODE_GCM,
+                    0);
+  gcry_cipher_setkey (cipher,
+                      sym_key,
+                      sizeof (sym_key));
+  gcry_cipher_setiv (cipher,
+                     &iv,
+                     sizeof (iv));
+  gcry_cipher_encrypt (cipher,
+                       ciphertext,
+                       sizeof (ciphertext),
+                       data,
+                       data_size);
+  gcry_cipher_close (cipher);
+
+  res_size = sizeof (ciphertext) + sizeof(nonce) + sizeof(iv);
+  erd = GNUNET_malloc (res_size);
+  memcpy (erd,
+          &nonce,
+          sizeof(nonce));
+  memcpy (erd + sizeof(nonce),
+          &iv,
+          sizeof(iv));
+  memcpy (erd + sizeof(nonce) + sizeof(iv),
+          ciphertext,
+          sizeof(ciphertext));
+  *res = (void *) erd;
+}
 
-  const void *buf;
-  int rc;
-  gcry_cipher_hd_t handle;
 
-  GNUNET_break (0 == gcry_kdf_derive (buf,
-                                      strlen (buf),
-                                      GCRY_KDF_SCRYPT,
-                                      1 /* subalgo */,
-                                      "erd",
-                                      strlen ("erd"),
-                                      2 /* iterations; keep cost of individual 
op small */,
-                                      sizeof(twofish_key),
-                                      &twofish_key));
 
-  GNUNET_CRYPTO_kdf (twofish_iv,
-                     sizeof (twofish_iv),
-                     "gnunet-proof-of-work-iv",
-                     strlen ("gnunet-proof-of-work-iv"),
-                     twofish_key,
-                     sizeof(twofish_key),
-                     salt,
-                     strlen (salt),
-                     NULL, 0);
-  GNUNET_assert (0 ==
-                 gcry_cipher_open (&handle, GCRY_CIPHER_TWOFISH,
-                                   GCRY_CIPHER_MODE_CFB, 0));
-  rc = gcry_cipher_setkey (handle,
-                           twofish_key,
-                           sizeof(twofish_key));
-  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
-  rc = gcry_cipher_setiv (handle,
-                          twofish_iv,
-                          sizeof(twofish_iv));
-  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
-  GNUNET_assert (0 == gcry_cipher_encrypt (handle, &rbuf, buf_len, buf,
-                                           buf_len));
-  gcry_cipher_close (handle);
-}
 
 /**
  * Decrypts the recovery document with AES256, the decryption key is generated 
with

-- 
To stop receiving notification emails like this one, please contact
address@hidden.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]