Symmetric encryption services; combined cipher AES+TWOFISH (256-bit each) More...

#include "platform.h"
#include "gnunet_util_lib.h"
#include <gcrypt.h>

Include dependency graph for crypto_symmetric.c:

Macros
#define	LOG(kind, ...)

Functions
void	GNUNET_CRYPTO_symmetric_create_session_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key)
	Create a new SessionKey (for symmetric encryption).

static int	setup_cipher_aes (gcry_cipher_hd_t handle, const struct GNUNET_CRYPTO_SymmetricSessionKey sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
	Initialize AES cipher.

static int	setup_cipher_twofish (gcry_cipher_hd_t handle, const struct GNUNET_CRYPTO_SymmetricSessionKey sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
	Initialize TWOFISH cipher.

ssize_t	GNUNET_CRYPTO_symmetric_encrypt (const void block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector iv, void result)
	Encrypt a block with a symmetric session key.

ssize_t	GNUNET_CRYPTO_symmetric_decrypt (const void block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector iv, void result)
	Decrypt a given block with the session key.

void	GNUNET_CRYPTO_symmetric_derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector iv, const struct GNUNET_CRYPTO_SymmetricSessionKey skey, const void *salt, size_t salt_len,...)
	Derive an IV.

void	GNUNET_CRYPTO_symmetric_derive_iv_v (struct GNUNET_CRYPTO_SymmetricInitializationVector iv, const struct GNUNET_CRYPTO_SymmetricSessionKey skey, const void *salt, size_t salt_len, va_list argp)
	Derive an IV.

Detailed Description

Symmetric encryption services; combined cipher AES+TWOFISH (256-bit each)

Author: Christian Grothoff; Ioana Patrascu

Definition in file crypto_symmetric.c.

Macro Definition Documentation

◆ LOG

#define LOG	(	kind,
		...
	)

Value:

GNUNET_log_from (kind, "util-crypto-symmetric", \

__VA_ARGS__)

GNUNET_log_from

#define GNUNET_log_from(kind, comp,...)

Definition gnunet_common.h:522

Definition at line 33 of file crypto_symmetric.c.

{
  gcry_randomize (key->aes_key,
                  GNUNET_CRYPTO_AES_KEY_LENGTH,
                  GCRY_STRONG_RANDOM);
  gcry_randomize (key->twofish_key,
                  GNUNET_CRYPTO_AES_KEY_LENGTH,
                  GCRY_STRONG_RANDOM);
}
 
 
static int
setup_cipher_aes (gcry_cipher_hd_t *handle,
                  const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
                  const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
{
  int rc;
 
  GNUNET_assert (0 ==
                 gcry_cipher_open (handle, GCRY_CIPHER_AES256,
                                   GCRY_CIPHER_MODE_CFB, 0));
  rc = gcry_cipher_setkey (*handle,
                           sessionkey->aes_key,
                           sizeof(sessionkey->aes_key));
  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
  rc = gcry_cipher_setiv (*handle,
                          iv->aes_iv,
                          sizeof(iv->aes_iv));
  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
  return GNUNET_OK;
}
 
 
static int
setup_cipher_twofish (gcry_cipher_hd_t *handle,
                      const struct
                      GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
                      const struct
                      GNUNET_CRYPTO_SymmetricInitializationVector *iv)
{
  int rc;
 
  GNUNET_assert (0 ==
                 gcry_cipher_open (handle, GCRY_CIPHER_TWOFISH,
                                   GCRY_CIPHER_MODE_CFB, 0));
  rc = gcry_cipher_setkey (*handle,
                           sessionkey->twofish_key,
                           sizeof(sessionkey->twofish_key));
  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
  rc = gcry_cipher_setiv (*handle,
                          iv->twofish_iv,
                          sizeof(iv->twofish_iv));
  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
  return GNUNET_OK;
}
 
 
ssize_t
GNUNET_CRYPTO_symmetric_encrypt (const void *block,
                                 size_t size,
                                 const struct
                                 GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
                                 const struct
                                 GNUNET_CRYPTO_SymmetricInitializationVector *iv,
                                 void *result)
{
  gcry_cipher_hd_t handle;
  char tmp[GNUNET_NZL(size)];
 
  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
    return -1;
  GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, size, block, size));
  gcry_cipher_close (handle);
  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
    return -1;
  GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, tmp, size));
  gcry_cipher_close (handle);
  memset (tmp, 0, sizeof(tmp));
  return size;
}
 
 
ssize_t
GNUNET_CRYPTO_symmetric_decrypt (const void *block,
                                 size_t size,
                                 const struct
                                 GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
                                 const struct
                                 GNUNET_CRYPTO_SymmetricInitializationVector *iv,
                                 void *result)
{
  gcry_cipher_hd_t handle;
  char tmp[size];
 
  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
    return -1;
  GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, block, size));
  gcry_cipher_close (handle);
  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
    return -1;
  GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, tmp, size));
  gcry_cipher_close (handle);
  memset (tmp, 0, sizeof(tmp));
  return size;
}
 
 
void
GNUNET_CRYPTO_symmetric_derive_iv (struct
                                   GNUNET_CRYPTO_SymmetricInitializationVector *
                                   iv,
                                   const struct
                                   GNUNET_CRYPTO_SymmetricSessionKey *skey,
                                   const void *salt,
                                   size_t salt_len,
                                   ...)
{
  va_list argp;
 
  va_start (argp, salt_len);
  GNUNET_CRYPTO_symmetric_derive_iv_v (iv, skey, salt, salt_len, argp);
  va_end (argp);
}
 
 
void
GNUNET_CRYPTO_symmetric_derive_iv_v (struct
                                     GNUNET_CRYPTO_SymmetricInitializationVector
                                     *iv,
                                     const struct
                                     GNUNET_CRYPTO_SymmetricSessionKey *skey,
                                     const void *salt,
                                     size_t salt_len,
                                     va_list argp)
{
  char aes_salt[salt_len + 4];
  char twofish_salt[salt_len + 4];
 
  GNUNET_memcpy (aes_salt, salt, salt_len);
  GNUNET_memcpy (&aes_salt[salt_len], "AES!", 4);
  GNUNET_memcpy (twofish_salt, salt, salt_len);
  GNUNET_memcpy (&twofish_salt[salt_len], "FISH", 4);
  GNUNET_CRYPTO_kdf_v (iv->aes_iv,
                       sizeof(iv->aes_iv),
                       aes_salt,
                       salt_len + 4,
                       skey->aes_key,
                       sizeof(skey->aes_key),
                       argp);
  GNUNET_CRYPTO_kdf_v (iv->twofish_iv,
                       sizeof(iv->twofish_iv),
                       twofish_salt,
                       salt_len + 4,
                       skey->twofish_key,
                       sizeof(skey->twofish_key),
                       argp);
}
 
 
/* end of crypto_symmetric.c */

Function Documentation

◆ setup_cipher_aes()

static int setup_cipher_aes	(	gcry_cipher_hd_t *	handle,
		const struct GNUNET_CRYPTO_SymmetricSessionKey *	sessionkey,
		const struct GNUNET_CRYPTO_SymmetricInitializationVector *	iv
	)

static

Initialize AES cipher.

Parameters

handle	handle to initialize
sessionkey	session key to use
iv	initialization vector to use

Returns: GNUNET_OK on success, GNUNET_SYSERR on error

Definition at line 64 of file crypto_symmetric.c.

{
  int rc;
 
  GNUNET_assert (0 ==
                 gcry_cipher_open (handle, GCRY_CIPHER_AES256,
                                   GCRY_CIPHER_MODE_CFB, 0));
  rc = gcry_cipher_setkey (*handle,
                           sessionkey->aes_key,
                           sizeof(sessionkey->aes_key));
  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
  rc = gcry_cipher_setiv (*handle,
                          iv->aes_iv,
                          sizeof(iv->aes_iv));
  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
  return GNUNET_OK;
}

References GNUNET_CRYPTO_SymmetricInitializationVector::aes_iv, GNUNET_CRYPTO_SymmetricSessionKey::aes_key, GNUNET_assert, GNUNET_OK, and handle.

Referenced by GNUNET_CRYPTO_symmetric_decrypt(), and GNUNET_CRYPTO_symmetric_encrypt().

Here is the caller graph for this function:

◆ setup_cipher_twofish()

static int setup_cipher_twofish	(	gcry_cipher_hd_t *	handle,
		const struct GNUNET_CRYPTO_SymmetricSessionKey *	sessionkey,
		const struct GNUNET_CRYPTO_SymmetricInitializationVector *	iv
	)

static

Initialize TWOFISH cipher.

Parameters

handle	handle to initialize
sessionkey	session key to use
iv	initialization vector to use

Returns: GNUNET_OK on success, GNUNET_SYSERR on error

Definition at line 94 of file crypto_symmetric.c.

{
  int rc;
 
  GNUNET_assert (0 ==
                 gcry_cipher_open (handle, GCRY_CIPHER_TWOFISH,
                                   GCRY_CIPHER_MODE_CFB, 0));
  rc = gcry_cipher_setkey (*handle,
                           sessionkey->twofish_key,
                           sizeof(sessionkey->twofish_key));
  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
  rc = gcry_cipher_setiv (*handle,
                          iv->twofish_iv,
                          sizeof(iv->twofish_iv));
  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
  return GNUNET_OK;
}

References GNUNET_assert, GNUNET_OK, handle, GNUNET_CRYPTO_SymmetricInitializationVector::twofish_iv, and GNUNET_CRYPTO_SymmetricSessionKey::twofish_key.