GNUnet  0.19.3
crypto_symmetric.c
Go to the documentation of this file.
1 /*
2  This file is part of GNUnet.
3  Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2013 GNUnet e.V.
4 
5  GNUnet is free software: you can redistribute it and/or modify it
6  under the terms of the GNU Affero General Public License as published
7  by the Free Software Foundation, either version 3 of the License,
8  or (at your option) any later version.
9 
10  GNUnet is distributed in the hope that it will be useful, but
11  WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  Affero General Public License for more details.
14 
15  You should have received a copy of the GNU Affero General Public License
16  along with this program. If not, see <http://www.gnu.org/licenses/>.
17 
18  SPDX-License-Identifier: AGPL3.0-or-later
19  */
20 
29 #include "platform.h"
30 #include "gnunet_util_lib.h"
31 #include <gcrypt.h>
32 
33 #define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-symmetric", \
34  __VA_ARGS__)
35 
41 void
44  key)
45 {
46  gcry_randomize (key->aes_key,
48  GCRY_STRONG_RANDOM);
49  gcry_randomize (key->twofish_key,
51  GCRY_STRONG_RANDOM);
52 }
53 
54 
63 static int
64 setup_cipher_aes (gcry_cipher_hd_t *handle,
65  const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
67 {
68  int rc;
69 
70  GNUNET_assert (0 ==
71  gcry_cipher_open (handle, GCRY_CIPHER_AES256,
72  GCRY_CIPHER_MODE_CFB, 0));
73  rc = gcry_cipher_setkey (*handle,
74  sessionkey->aes_key,
75  sizeof(sessionkey->aes_key));
76  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
77  rc = gcry_cipher_setiv (*handle,
78  iv->aes_iv,
79  sizeof(iv->aes_iv));
80  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
81  return GNUNET_OK;
82 }
83 
84 
93 static int
94 setup_cipher_twofish (gcry_cipher_hd_t *handle,
95  const struct
97  const struct
99 {
100  int rc;
101 
102  GNUNET_assert (0 ==
103  gcry_cipher_open (handle, GCRY_CIPHER_TWOFISH,
104  GCRY_CIPHER_MODE_CFB, 0));
105  rc = gcry_cipher_setkey (*handle,
106  sessionkey->twofish_key,
107  sizeof(sessionkey->twofish_key));
108  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
109  rc = gcry_cipher_setiv (*handle,
110  iv->twofish_iv,
111  sizeof(iv->twofish_iv));
112  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
113  return GNUNET_OK;
114 }
115 
116 
130 ssize_t
132  size_t size,
133  const struct
135  const struct
137  void *result)
138 {
139  gcry_cipher_hd_t handle;
140  char tmp[size];
141 
142  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
143  return -1;
144  GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, size, block, size));
145  gcry_cipher_close (handle);
146  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
147  return -1;
148  GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, tmp, size));
149  gcry_cipher_close (handle);
150  memset (tmp, 0, sizeof(tmp));
151  return size;
152 }
153 
154 
168 ssize_t
170  size_t size,
171  const struct
173  const struct
175  void *result)
176 {
177  gcry_cipher_hd_t handle;
178  char tmp[size];
179 
180  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
181  return -1;
182  GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, block, size));
183  gcry_cipher_close (handle);
184  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
185  return -1;
186  GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, tmp, size));
187  gcry_cipher_close (handle);
188  memset (tmp, 0, sizeof(tmp));
189  return size;
190 }
191 
192 
202 void
205  iv,
206  const struct
208  const void *salt,
209  size_t salt_len,
210  ...)
211 {
212  va_list argp;
213 
214  va_start (argp, salt_len);
215  GNUNET_CRYPTO_symmetric_derive_iv_v (iv, skey, salt, salt_len, argp);
216  va_end (argp);
217 }
218 
219 
220 void
223  *iv,
224  const struct
226  const void *salt,
227  size_t salt_len,
228  va_list argp)
229 {
230  char aes_salt[salt_len + 4];
231  char twofish_salt[salt_len + 4];
232 
233  GNUNET_memcpy (aes_salt, salt, salt_len);
234  GNUNET_memcpy (&aes_salt[salt_len], "AES!", 4);
235  GNUNET_memcpy (twofish_salt, salt, salt_len);
236  GNUNET_memcpy (&twofish_salt[salt_len], "FISH", 4);
238  sizeof(iv->aes_iv),
239  aes_salt,
240  salt_len + 4,
241  skey->aes_key,
242  sizeof(skey->aes_key),
243  argp);
245  sizeof(iv->twofish_iv),
246  twofish_salt,
247  salt_len + 4,
248  skey->twofish_key,
249  sizeof(skey->twofish_key),
250  argp);
251 }
252 
253 
254 /* end of crypto_symmetric.c */
static int setup_cipher_aes(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize AES cipher.
static int setup_cipher_twofish(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize TWOFISH cipher.
struct GNUNET_HashCode key
The key used in the DHT.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static int result
Global testing status.
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calcualations.
void GNUNET_CRYPTO_symmetric_create_session_key(struct GNUNET_CRYPTO_SymmetricSessionKey *key)
Create a new SessionKey (for symmetric encryption).
ssize_t GNUNET_CRYPTO_symmetric_encrypt(const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
Encrypt a block with a symmetric session key.
void GNUNET_CRYPTO_symmetric_derive_iv(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len,...)
Derive an IV.
ssize_t GNUNET_CRYPTO_symmetric_decrypt(const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
Decrypt a given block with the session key.
#define GNUNET_CRYPTO_AES_KEY_LENGTH
length of the sessionkey in bytes (256 BIT sessionkey)
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf_v(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len, va_list argp)
Derive key.
Definition: crypto_kdf.c:38
void GNUNET_CRYPTO_symmetric_derive_iv_v(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len, va_list argp)
Derive an IV.
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
@ GNUNET_OK
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static unsigned int size
Size of the "table".
Definition: peer.c:68
unsigned char twofish_key[(256/8)]
Actual key for TwoFish.
unsigned char aes_key[(256/8)]
Actual key for AES.