GNUnet  0.20.0
crypto_symmetric.c
Go to the documentation of this file.
1 /*
2  This file is part of GNUnet.
3  Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2013 GNUnet e.V.
4 
5  GNUnet is free software: you can redistribute it and/or modify it
6  under the terms of the GNU Affero General Public License as published
7  by the Free Software Foundation, either version 3 of the License,
8  or (at your option) any later version.
9 
10  GNUnet is distributed in the hope that it will be useful, but
11  WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  Affero General Public License for more details.
14 
15  You should have received a copy of the GNU Affero General Public License
16  along with this program. If not, see <http://www.gnu.org/licenses/>.
17 
18  SPDX-License-Identifier: AGPL3.0-or-later
19  */
20 
29 #include "platform.h"
30 #include "gnunet_util_lib.h"
31 #include <gcrypt.h>
32 
33 #define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-symmetric", \
34  __VA_ARGS__)
35 
41 void
42 GNUNET_CRYPTO_symmetric_create_session_key (struct
43  GNUNET_CRYPTO_SymmetricSessionKey *
44  key)
45 {
46  gcry_randomize (key->aes_key,
47  GNUNET_CRYPTO_AES_KEY_LENGTH,
48  GCRY_STRONG_RANDOM);
49  gcry_randomize (key->twofish_key,
50  GNUNET_CRYPTO_AES_KEY_LENGTH,
51  GCRY_STRONG_RANDOM);
52 }
53 
54 
63 static int
64 setup_cipher_aes (gcry_cipher_hd_t *handle,
65  const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
66  const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
67 {
68  int rc;
69 
70  GNUNET_assert (0 ==
71  gcry_cipher_open (handle, GCRY_CIPHER_AES256,
72  GCRY_CIPHER_MODE_CFB, 0));
73  rc = gcry_cipher_setkey (*handle,
74  sessionkey->aes_key,
75  sizeof(sessionkey->aes_key));
76  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
77  rc = gcry_cipher_setiv (*handle,
78  iv->aes_iv,
79  sizeof(iv->aes_iv));
80  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
81  return GNUNET_OK;
82 }
83 
84 
93 static int
94 setup_cipher_twofish (gcry_cipher_hd_t *handle,
95  const struct
96  GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
97  const struct
98  GNUNET_CRYPTO_SymmetricInitializationVector *iv)
99 {
100  int rc;
101 
102  GNUNET_assert (0 ==
103  gcry_cipher_open (handle, GCRY_CIPHER_TWOFISH,
104  GCRY_CIPHER_MODE_CFB, 0));
105  rc = gcry_cipher_setkey (*handle,
106  sessionkey->twofish_key,
107  sizeof(sessionkey->twofish_key));
108  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
109  rc = gcry_cipher_setiv (*handle,
110  iv->twofish_iv,
111  sizeof(iv->twofish_iv));
112  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
113  return GNUNET_OK;
114 }
115 
116 
130 ssize_t
131 GNUNET_CRYPTO_symmetric_encrypt (const void *block,
132  size_t size,
133  const struct
134  GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
135  const struct
136  GNUNET_CRYPTO_SymmetricInitializationVector *iv,
137  void *result)
138 {
139  gcry_cipher_hd_t handle;
140  char tmp[size];
141 
142  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
143  return -1;
144  GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, size, block, size));
145  gcry_cipher_close (handle);
146  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
147  return -1;
148  GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, tmp, size));
149  gcry_cipher_close (handle);
150  memset (tmp, 0, sizeof(tmp));
151  return size;
152 }
153 
154 
168 ssize_t
169 GNUNET_CRYPTO_symmetric_decrypt (const void *block,
170  size_t size,
171  const struct
172  GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
173  const struct
174  GNUNET_CRYPTO_SymmetricInitializationVector *iv,
175  void *result)
176 {
177  gcry_cipher_hd_t handle;
178  char tmp[size];
179 
180  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
181  return -1;
182  GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, block, size));
183  gcry_cipher_close (handle);
184  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
185  return -1;
186  GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, tmp, size));
187  gcry_cipher_close (handle);
188  memset (tmp, 0, sizeof(tmp));
189  return size;
190 }
191 
192 
202 void
203 GNUNET_CRYPTO_symmetric_derive_iv (struct
204  GNUNET_CRYPTO_SymmetricInitializationVector *
205  iv,
206  const struct
207  GNUNET_CRYPTO_SymmetricSessionKey *skey,
208  const void *salt,
209  size_t salt_len,
210  ...)
211 {
212  va_list argp;
213 
214  va_start (argp, salt_len);
215  GNUNET_CRYPTO_symmetric_derive_iv_v (iv, skey, salt, salt_len, argp);
216  va_end (argp);
217 }
218 
219 
220 void
221 GNUNET_CRYPTO_symmetric_derive_iv_v (struct
222  GNUNET_CRYPTO_SymmetricInitializationVector
223  *iv,
224  const struct
225  GNUNET_CRYPTO_SymmetricSessionKey *skey,
226  const void *salt,
227  size_t salt_len,
228  va_list argp)
229 {
230  char aes_salt[salt_len + 4];
231  char twofish_salt[salt_len + 4];
232 
233  GNUNET_memcpy (aes_salt, salt, salt_len);
234  GNUNET_memcpy (&aes_salt[salt_len], "AES!", 4);
235  GNUNET_memcpy (twofish_salt, salt, salt_len);
236  GNUNET_memcpy (&twofish_salt[salt_len], "FISH", 4);
237  GNUNET_CRYPTO_kdf_v (iv->aes_iv,
238  sizeof(iv->aes_iv),
239  aes_salt,
240  salt_len + 4,
241  skey->aes_key,
242  sizeof(skey->aes_key),
243  argp);
244  GNUNET_CRYPTO_kdf_v (iv->twofish_iv,
245  sizeof(iv->twofish_iv),
246  twofish_salt,
247  salt_len + 4,
248  skey->twofish_key,
249  sizeof(skey->twofish_key),
250  argp);
251 }
252 
253 
254 /* end of crypto_symmetric.c */
setup_cipher_aes
static int setup_cipher_aes(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize AES cipher.
Definition: crypto_symmetric.c:64
setup_cipher_twofish
static int setup_cipher_twofish(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize TWOFISH cipher.
Definition: crypto_symmetric.c:94
key
struct GNUNET_HashCode key
The key used in the DHT.
Definition: gnunet-dht-put.c:37
handle
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
Definition: gnunet-dns-monitor.c:34
result
static int result
Global testing status.
Definition: gnunet-regex-profiler.c:240
salt
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calcualations.
Definition: gnunet-service-nse.c:119
gnunet_util_lib.h
GNUNET_CRYPTO_symmetric_create_session_key
void GNUNET_CRYPTO_symmetric_create_session_key(struct GNUNET_CRYPTO_SymmetricSessionKey *key)
Create a new SessionKey (for symmetric encryption).
Definition: crypto_symmetric.c:42
GNUNET_CRYPTO_symmetric_encrypt
ssize_t GNUNET_CRYPTO_symmetric_encrypt(const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
Encrypt a block with a symmetric session key.
Definition: crypto_symmetric.c:131
GNUNET_CRYPTO_symmetric_derive_iv
void GNUNET_CRYPTO_symmetric_derive_iv(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len,...)
Derive an IV.
Definition: crypto_symmetric.c:203
GNUNET_CRYPTO_symmetric_decrypt
ssize_t GNUNET_CRYPTO_symmetric_decrypt(const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
Decrypt a given block with the session key.
Definition: crypto_symmetric.c:169
GNUNET_CRYPTO_AES_KEY_LENGTH
#define GNUNET_CRYPTO_AES_KEY_LENGTH
length of the sessionkey in bytes (256 BIT sessionkey)
Definition: gnunet_crypto_lib.h:110
GNUNET_CRYPTO_kdf_v
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf_v(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len, va_list argp)
Derive key.
Definition: crypto_kdf.c:38
GNUNET_CRYPTO_symmetric_derive_iv_v
void GNUNET_CRYPTO_symmetric_derive_iv_v(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len, va_list argp)
Derive an IV.
Definition: crypto_symmetric.c:221
GNUNET_memcpy
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
Definition: gnunet_common.h:1294
GNUNET_OK
@ GNUNET_OK
Definition: gnunet_common.h:109
GNUNET_assert
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
Definition: gnunet_common.h:943
size
static unsigned int size
Size of the "table".
Definition: peer.c:68
GNUNET_CRYPTO_SymmetricInitializationVector
IV for sym cipher.
Definition: gnunet_crypto_lib.h:388
GNUNET_CRYPTO_SymmetricInitializationVector::aes_iv
unsigned char aes_iv[(256/8)/2]
Definition: gnunet_crypto_lib.h:389
GNUNET_CRYPTO_SymmetricInitializationVector::twofish_iv
unsigned char twofish_iv[(256/8)/2]
Definition: gnunet_crypto_lib.h:391
GNUNET_CRYPTO_SymmetricSessionKey
type for session keys
Definition: gnunet_crypto_lib.h:356
GNUNET_CRYPTO_SymmetricSessionKey::twofish_key
unsigned char twofish_key[(256/8)]
Actual key for TwoFish.
Definition: gnunet_crypto_lib.h:365
GNUNET_CRYPTO_SymmetricSessionKey::aes_key
unsigned char aes_key[(256/8)]
Actual key for AES.
Definition: gnunet_crypto_lib.h:360