dd/d01/crypto__symmetric_8c_source.html

/*

     This file is part of GNUnet.

     Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2013 GNUnet e.V.


     GNUnet is free software: you can redistribute it and/or modify it

     under the terms of the GNU Affero General Public License as published

     by the Free Software Foundation, either version 3 of the License,

     or (at your option) any later version.


     GNUnet is distributed in the hope that it will be useful, but

     WITHOUT ANY WARRANTY; without even the implied warranty of

     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

     Affero General Public License for more details.


     You should have received a copy of the GNU Affero General Public License

     along with this program.  If not, see <http://www.gnu.org/licenses/>.


     SPDX-License-Identifier: AGPL3.0-or-later

 */


#include "platform.h"

#include "gnunet_util_lib.h"

#include <gcrypt.h>


#define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-symmetric", \

                                        __VA_ARGS__)


void


GNUNET_CRYPTO_symmetric_create_session_key (struct

                                            GNUNET_CRYPTO_SymmetricSessionKey *

                                            key)

{

  gcry_randomize (key->aes_key,

                  GNUNET_CRYPTO_AES_KEY_LENGTH,

                  GCRY_STRONG_RANDOM);

  gcry_randomize (key->twofish_key,

                  GNUNET_CRYPTO_AES_KEY_LENGTH,

                  GCRY_STRONG_RANDOM);

}


static int


setup_cipher_aes (gcry_cipher_hd_t *handle,

                  const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,

                  const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)

{

  int rc;


  GNUNET_assert (0 ==

                 gcry_cipher_open (handle, GCRY_CIPHER_AES256,

                                   GCRY_CIPHER_MODE_CFB, 0));

  rc = gcry_cipher_setkey (*handle,

                           sessionkey->aes_key,

                           sizeof(sessionkey->aes_key));

  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));

  rc = gcry_cipher_setiv (*handle,

                          iv->aes_iv,

                          sizeof(iv->aes_iv));

  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));

  return GNUNET_OK;

}


static int


setup_cipher_twofish (gcry_cipher_hd_t *handle,

                      const struct

                      GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,

                      const struct

                      GNUNET_CRYPTO_SymmetricInitializationVector *iv)

{

  int rc;


  GNUNET_assert (0 ==

                 gcry_cipher_open (handle, GCRY_CIPHER_TWOFISH,

                                   GCRY_CIPHER_MODE_CFB, 0));

  rc = gcry_cipher_setkey (*handle,

                           sessionkey->twofish_key,

                           sizeof(sessionkey->twofish_key));

  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));

  rc = gcry_cipher_setiv (*handle,

                          iv->twofish_iv,

                          sizeof(iv->twofish_iv));

  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));

  return GNUNET_OK;

}


ssize_t


GNUNET_CRYPTO_symmetric_encrypt (const void *block,

                                 size_t size,

                                 const struct

                                 GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,

                                 const struct

                                 GNUNET_CRYPTO_SymmetricInitializationVector *iv

                                 ,

                                 void *result)

{

  gcry_cipher_hd_t handle;

  char tmp[GNUNET_NZL (size)];


  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))

    return -1;

  GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, size, block, size));

  gcry_cipher_close (handle);

  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))

    return -1;

  GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, tmp, size));

  gcry_cipher_close (handle);

  memset (tmp, 0, sizeof(tmp));

  return size;

}


ssize_t


GNUNET_CRYPTO_symmetric_decrypt (const void *block,

                                 size_t size,

                                 const struct

                                 GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,

                                 const struct

                                 GNUNET_CRYPTO_SymmetricInitializationVector *iv

                                 ,

                                 void *result)

{

  gcry_cipher_hd_t handle;

  char tmp[size];


  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))

    return -1;

  GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, block, size));

  gcry_cipher_close (handle);

  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))

    return -1;

  GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, tmp, size));

  gcry_cipher_close (handle);

  memset (tmp, 0, sizeof(tmp));

  return size;

}


/* end of crypto_symmetric.c */

setup_cipher_aes
static int setup_cipher_aes(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize AES cipher.
Definition crypto_symmetric.c:64

setup_cipher_twofish
static int setup_cipher_twofish(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize TWOFISH cipher.
Definition crypto_symmetric.c:94

key
struct GNUNET_HashCode key
The key used in the DHT.
Definition gnunet-dht-put.c:37

result
static int result
Global testing status.
Definition gnunet-regex-profiler.c:240

handle
static struct GNUNET_VPN_Handle * handle
Handle to vpn service.
Definition gnunet-vpn.c:35

gnunet_util_lib.h

GNUNET_CRYPTO_symmetric_create_session_key
void GNUNET_CRYPTO_symmetric_create_session_key(struct GNUNET_CRYPTO_SymmetricSessionKey *key)
Create a new SessionKey (for symmetric encryption).
Definition crypto_symmetric.c:42

GNUNET_CRYPTO_symmetric_encrypt
ssize_t GNUNET_CRYPTO_symmetric_encrypt(const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
Encrypt a block using a symmetric sessionkey.
Definition crypto_symmetric.c:118

GNUNET_CRYPTO_symmetric_decrypt
ssize_t GNUNET_CRYPTO_symmetric_decrypt(const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
Decrypt a given block using a symmetric sessionkey.
Definition crypto_symmetric.c:144

GNUNET_NZL
#define GNUNET_NZL(l)
Macro used to avoid using 0 for the length of a variable-size array (Non-Zero-Length).
Definition gnunet_common.h:235

GNUNET_CRYPTO_AES_KEY_LENGTH
#define GNUNET_CRYPTO_AES_KEY_LENGTH
length of the sessionkey in bytes (256 BIT sessionkey)
Definition gnunet_crypto_lib.h:111

GNUNET_OK
@ GNUNET_OK
Definition gnunet_common.h:114

GNUNET_assert
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
Definition gnunet_common.h:960

size
static unsigned int size
Size of the "table".
Definition peer.c:68

platform.h

GNUNET_CRYPTO_SymmetricInitializationVector
IV for sym cipher.
Definition gnunet_crypto_lib.h:567

GNUNET_CRYPTO_SymmetricInitializationVector::aes_iv
unsigned char aes_iv[(256/8)/2]
Definition gnunet_crypto_lib.h:568

GNUNET_CRYPTO_SymmetricInitializationVector::twofish_iv
unsigned char twofish_iv[(256/8)/2]
Definition gnunet_crypto_lib.h:570

GNUNET_CRYPTO_SymmetricSessionKey
type for session keys
Definition gnunet_crypto_lib.h:535

GNUNET_CRYPTO_SymmetricSessionKey::twofish_key
unsigned char twofish_key[(256/8)]
Actual key for TwoFish.
Definition gnunet_crypto_lib.h:544

GNUNET_CRYPTO_SymmetricSessionKey::aes_key
unsigned char aes_key[(256/8)]
Actual key for AES.
Definition gnunet_crypto_lib.h:539