[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated (4ff80e1 -> f131592)
|
From: |
gnunet |
|
Subject: |
[taler-anastasis] branch master updated (4ff80e1 -> f131592) |
|
Date: |
Wed, 01 Apr 2020 23:36:57 +0200 |
This is an automated email from the git hooks/post-receive script.
dennis-neufeld pushed a change to branch master
in repository anastasis.
from 4ff80e1 modified keyshare enc/dec
new ce39225 testing of keyshare-creation
new 487c68a worked on core secret encryption test
new f131592 Testing of core secret enc-/decryption
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
src/include/anastasis_crypto_lib.h | 12 ++---
src/util/anastasis_crypto.c | 18 +++----
src/util/test_anastasis_crypto.c | 107 +++++++++++++++++++++++++++++++++----
3 files changed, 109 insertions(+), 28 deletions(-)
diff --git a/src/include/anastasis_crypto_lib.h
b/src/include/anastasis_crypto_lib.h
index 2be02a7..6d9f7d3 100644
--- a/src/include/anastasis_crypto_lib.h
+++ b/src/include/anastasis_crypto_lib.h
@@ -75,7 +75,7 @@ struct ANASTASIS_CRYPTO_PolicyKey
*/
struct ANASTASIS_CRYPTO_EncryptedMasterKey
{
- uint32_t key[8];
+ struct GNUNET_HashCode key;
};
@@ -326,8 +326,7 @@ ANASTASIS_CRYPTO_policy_key_derive (
* @param policy_keys_length defines the amount of policy keys and also the
amount of encrypted master keys
* @param core_secret the user provided core secret which is secured by
anastasis
* @param core_secret_size the size of the core secret
- * @param enc_core_secret the core secret is encrypted with the generated
master key
- * @param enc_core_secret_size[out] size of the encrypted secret
+ * @param enc_core_secret[out] the core secret is encrypted with the generated
master key
* @param encrypted_master_keys[out] array of encrypted master keys which will
be safed inside the policies one encrypted
* master key is created for each policy key
*/
@@ -338,7 +337,6 @@ ANASTASIS_CRYPTO_core_secret_encrypt (
const void *core_secret,
size_t core_secret_size,
void **enc_core_secret,
- size_t *enc_core_secret_size,
struct ANASTASIS_CRYPTO_EncryptedMasterKey *encrypted_master_keys);
@@ -351,13 +349,11 @@ ANASTASIS_CRYPTO_core_secret_encrypt (
* @param encrypted_core_secret the encrypted core secret from the user, will
be encrypted with the policy key
* @param encrypted_core_secret_size size of the encrypted core secret
* @param core_secret[out] decrypted core secret will be returned
- * @param core_secret_size[out] size of the returned core secret
*/
void
ANASTASIS_CRYPTO_core_secret_recover (
const struct ANASTASIS_CRYPTO_EncryptedMasterKey *encrypted_master_key,
- const struct ANASTASIS_CRYPTO_PolicyKey *policy_key,
+ const struct ANASTASIS_CRYPTO_PolicyKey policy_key,
const void *encrypted_core_secret,
size_t encrypted_core_secret_size,
- void **core_secret,
- size_t *core_secret_size);
\ No newline at end of file
+ void **core_secret);
\ No newline at end of file
diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c
index ab765ee..38cad04 100644
--- a/src/util/anastasis_crypto.c
+++ b/src/util/anastasis_crypto.c
@@ -546,8 +546,7 @@ ANASTASIS_CRYPTO_policy_key_derive (
* @param policy_keys_length defines the amount of policy keys and also the
amount of encrypted master keys
* @param core_secret the user provided core secret which is secured by
anastasis
* @param core_secret_size the size of the core secret
- * @param enc_core_secret the core secret is encrypted with the generated
master key
- * @param enc_core_secret_size[out] size of the encrypted secret
+ * @param enc_core_secret[out] the core secret is encrypted with the generated
master key
* @param encrypted_master_keys[out] array of encrypted master keys which will
be safed inside the policies one encrypted
* master key is created for each policy key
*/
@@ -558,14 +557,13 @@ ANASTASIS_CRYPTO_core_secret_encrypt (
const void *core_secret,
size_t core_secret_size,
void **enc_core_secret,
- size_t *enc_core_secret_size,
struct ANASTASIS_CRYPTO_EncryptedMasterKey *encrypted_master_keys)
{
struct GNUNET_CRYPTO_SymmetricSessionKey sk;
struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
struct GNUNET_HashCode master_key;
- *enc_core_secret = GNUNET_malloc (*enc_core_secret_size);
+ *enc_core_secret = GNUNET_malloc (core_secret_size);
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
&master_key,
sizeof (struct GNUNET_HashCode));
@@ -588,7 +586,7 @@ ANASTASIS_CRYPTO_core_secret_encrypt (
GNUNET_HashCode),
&i_sk,
&i_iv,
-
&encrypted_master_keys[0]));
+
&encrypted_master_keys[i]));
}
}
@@ -602,16 +600,14 @@ ANASTASIS_CRYPTO_core_secret_encrypt (
* @param encrypted_core_secret the encrypted core secret from the user, will
be encrypted with the policy key
* @param encrypted_core_secret_size size of the encrypted core secret
* @param core_secret[out] decrypted core secret will be returned
- * @param core_secret_size[out] size of the returned core secret
*/
void
ANASTASIS_CRYPTO_core_secret_recover (
const struct ANASTASIS_CRYPTO_EncryptedMasterKey *encrypted_master_key,
- const struct ANASTASIS_CRYPTO_PolicyKey *policy_key,
+ const struct ANASTASIS_CRYPTO_PolicyKey policy_key,
const void *encrypted_core_secret,
size_t encrypted_core_secret_size,
- void **core_secret,
- size_t *core_secret_size)
+ void **core_secret)
{
struct GNUNET_CRYPTO_SymmetricSessionKey mk_sk;
struct GNUNET_CRYPTO_SymmetricInitializationVector mk_iv;
@@ -619,8 +615,8 @@ ANASTASIS_CRYPTO_core_secret_recover (
struct GNUNET_CRYPTO_SymmetricInitializationVector core_iv;
struct GNUNET_HashCode master_key;
- *core_secret = GNUNET_malloc (*core_secret_size);
- GNUNET_CRYPTO_hash_to_aes_key (&policy_key->key, &mk_sk, &mk_iv);
+ *core_secret = GNUNET_malloc (encrypted_core_secret_size);
+ GNUNET_CRYPTO_hash_to_aes_key (&policy_key.key, &mk_sk, &mk_iv);
GNUNET_assert (GNUNET_SYSERR !=
GNUNET_CRYPTO_symmetric_decrypt (encrypted_master_key,
sizeof (struct
diff --git a/src/util/test_anastasis_crypto.c b/src/util/test_anastasis_crypto.c
index 514fd83..41f573b 100644
--- a/src/util/test_anastasis_crypto.c
+++ b/src/util/test_anastasis_crypto.c
@@ -106,7 +106,7 @@ test_recovery_document (void)
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"ERD_AFTER: %s\n",
TALER_b2s (plaintext, size_plaintext));
- return GNUNET_memcmp (test, plaintext);
+ return strncmp ((char *) plaintext, test, strlen (test));
}
@@ -117,14 +117,14 @@ test_key_share (void)
struct ANASTASIS_CRYPTO_KeyShare *plaintext;
struct ANASTASIS_CRYPTO_UserIdentifier id;
struct ANASTASIS_CRYPTO_KeyShare key_share;
+ struct ANASTASIS_CRYPTO_KeyShare key_share_1;
+ struct ANASTASIS_CRYPTO_KeyShare key_share_2;
+ // testing of enc-/decryption of a keyshare
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
&id,
sizeof (struct ANASTASIS_CRYPTO_UserIdentifier));
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
- &key_share,
- sizeof (struct ANASTASIS_CRYPTO_KeyShare));
-
+ ANASTASIS_CRYPTO_key_share_create (&key_share);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"KEYSHARE_BEFORE: %s\n",
TALER_B2S (&key_share));
@@ -138,6 +138,13 @@ test_key_share (void)
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"KEYSHARE_AFTER: %s\n",
TALER_B2S (plaintext));
+
+ // testing creation of keyshares
+ ANASTASIS_CRYPTO_key_share_create (&key_share_1);
+ ANASTASIS_CRYPTO_key_share_create (&key_share_2);
+ GNUNET_assert (0 !=
+ GNUNET_memcmp (&key_share_1, &key_share_2));
+
return GNUNET_memcmp (&key_share, plaintext);
}
@@ -145,12 +152,12 @@ test_key_share (void)
static int
test_truth (void)
{
+ const char *test = "TEST_TRUTH";
void *ciphertext;
size_t size_ciphertext;
void *plaintext;
size_t size_plaintext;
struct ANASTASIS_CRYPTO_TruthKey truth_enc_key;
- const char *test = "TEST_TRUTH";
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
&truth_enc_key,
@@ -161,8 +168,8 @@ test_truth (void)
TALER_b2s (test, strlen (test)));
ANASTASIS_CRYPTO_truth_encrypt (&truth_enc_key,
- "TEST_TRUTH",
- strlen ("TEST_TRUTH"),
+ test,
+ strlen (test),
&ciphertext,
&size_ciphertext);
@@ -174,7 +181,87 @@ test_truth (void)
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"TRUTH_AFTER: %s\n",
TALER_b2s (plaintext, size_plaintext));
- return GNUNET_memcmp ("TEST_TRUTH", plaintext);
+ return strncmp ((char *) plaintext, test, strlen (test));
+}
+
+
+static int
+test_core_secret (void)
+{
+ const char *test = "TEST_CORE_SECRET";
+ const char *test_wrong = "TEST_CORE_WRONG";
+ void *enc_core_secret;
+ size_t enc_core_secret_size;
+ unsigned int policy_keys_length = 5;
+ struct ANASTASIS_CRYPTO_Salt salt;
+ struct ANASTASIS_CRYPTO_EncryptedMasterKey
+ encrypted_master_keys[policy_keys_length];
+
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
+ &salt,
+ sizeof (struct ANASTASIS_CRYPTO_Salt));
+
+ // construction of PolicyKey-array
+ struct ANASTASIS_CRYPTO_PolicyKey policy_keys[policy_keys_length];
+ for (unsigned int i = 0; i < policy_keys_length; i++)
+ {
+ // construction of KeyShare-array
+ unsigned int keyshare_length = 5;
+ struct ANASTASIS_CRYPTO_KeyShare keyshares[keyshare_length];
+ for (unsigned int j = 0; j < keyshare_length; j++)
+ {
+ ANASTASIS_CRYPTO_key_share_create (&keyshares[j]);
+ if (j > 0)
+ GNUNET_assert (0 !=
+ GNUNET_memcmp (&keyshares[j - 1], &keyshares[j]));
+ }
+
+ // derive policy-keys
+ ANASTASIS_CRYPTO_policy_key_derive ((struct
+ ANASTASIS_CRYPTO_KeyShare *)
+ &keyshares,
+ keyshare_length,
+ &salt,
+ &policy_keys[i]);
+ if (i > 0)
+ GNUNET_assert (0 !=
+ GNUNET_memcmp (&policy_keys[i - 1], &policy_keys[i]));
+ }
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "CORE_SECRET_BEFORE: %s\n",
+ TALER_b2s (test, strlen (test)));
+
+ // test encryption of core_secret
+ ANASTASIS_CRYPTO_core_secret_encrypt ((struct
+ ANASTASIS_CRYPTO_PolicyKey *)
+ &policy_keys,
+ policy_keys_length,
+ test,
+ strlen (test),
+ &enc_core_secret,
+ &encrypted_master_keys);
+
+ // test recover of core secret
+ for (unsigned int k = 0; k < policy_keys_length; k++)
+ {
+ void *dec_core_secret;
+ ANASTASIS_CRYPTO_core_secret_recover (&encrypted_master_keys[k],
+ policy_keys[k],
+ enc_core_secret,
+ strlen (test),
+ &dec_core_secret);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "CORE_SECRET_AFTER_%i: %s\n",
+ k,
+ TALER_b2s (dec_core_secret, strlen (test)));
+ GNUNET_assert (0 ==
+ strncmp ((char *) dec_core_secret, test, strlen (test)));
+ GNUNET_assert (0 !=
+ strncmp ((char *) dec_core_secret, test_wrong, strlen (
+ test)));
+ }
+ return 0;
}
@@ -191,6 +278,8 @@ main (int argc,
return 1;
if (0 != test_truth ())
return 1;
+ if (0 != test_core_secret ())
+ return 1;
return 0;
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [taler-anastasis] branch master updated (4ff80e1 -> f131592),
gnunet <=