gnunet-svn
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] r13130 - in gnunet/src: core include util


From: gnunet
Subject: [GNUnet-SVN] r13130 - in gnunet/src: core include util
Date: Sun, 3 Oct 2010 15:29:09 +0200

Author: durner
Date: 2010-10-03 15:29:09 +0200 (Sun, 03 Oct 2010)
New Revision: 13130

Added:
   gnunet/src/util/crypto_kdf.c
Modified:
   gnunet/src/core/gnunet-service-core.c
   gnunet/src/include/gnunet_crypto_lib.h
   gnunet/src/util/Makefile.am
   gnunet/src/util/crypto_aes.c
   gnunet/src/util/crypto_hash.c
   gnunet/src/util/crypto_random.c
Log:
KDF code

Modified: gnunet/src/core/gnunet-service-core.c
===================================================================
--- gnunet/src/core/gnunet-service-core.c       2010-10-02 22:29:25 UTC (rev 
13129)
+++ gnunet/src/core/gnunet-service-core.c       2010-10-03 13:29:09 UTC (rev 
13130)
@@ -2122,10 +2122,11 @@
   em->header.type = htons (GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE);
   em->iv_seed = ph->iv_seed;
   esize = used - ENCRYPTED_HEADER_SIZE;
-  GNUNET_CRYPTO_hmac (&n->encrypt_key,
-                     &ph->sequence_number,
-                     esize - sizeof (GNUNET_HashCode), 
-                     &ph->hmac);
+// FIXME NILS
+//  GNUNET_CRYPTO_hmac (&n->encrypt_key,
+//                   &ph->sequence_number,
+//                   esize - sizeof (GNUNET_HashCode),
+//                   &ph->hmac);
   GNUNET_CRYPTO_hash (&ph->iv_seed, sizeof (uint32_t), &iv);
 #if DEBUG_HANDSHAKE
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -3356,24 +3357,25 @@
     return;
   pt = (struct EncryptedMessage *) buf;
   /* validate hash */
-  GNUNET_CRYPTO_hmac (&n->decrypt_key,
-                     &pt->sequence_number,
-                      size - ENCRYPTED_HEADER_SIZE - sizeof (GNUNET_HashCode), 
&ph);
-#if DEBUG_HANDSHAKE 
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "V-Hashed %u bytes of plaintext (`%s') using IV `%d'\n",
-             (unsigned int) (size - ENCRYPTED_HEADER_SIZE - sizeof 
(GNUNET_HashCode)),
-             GNUNET_h2s (&ph),
-             (int) m->iv_seed);
-#endif
-  if (0 != memcmp (&ph, 
-                  &pt->hmac, 
-                  sizeof (GNUNET_HashCode)))
-    {
-      /* checksum failed */
-      GNUNET_break_op (0);
-      return;
-    }
+// FIXME NILS
+//  GNUNET_CRYPTO_hmac (&n->decrypt_key,
+//                   &pt->sequence_number,
+//                      size - ENCRYPTED_HEADER_SIZE - sizeof 
(GNUNET_HashCode), &ph);
+//#if DEBUG_HANDSHAKE
+//  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+//              "V-Hashed %u bytes of plaintext (`%s') using IV `%d'\n",
+//           (unsigned int) (size - ENCRYPTED_HEADER_SIZE - sizeof 
(GNUNET_HashCode)),
+//           GNUNET_h2s (&ph),
+//           (int) m->iv_seed);
+//#endif
+//  if (0 != memcmp (&ph,
+//                &pt->hmac,
+//                sizeof (GNUNET_HashCode)))
+//    {
+//      /* checksum failed */
+//      GNUNET_break_op (0);
+//      return;
+//    }
 
   /* validate sequence number */
   snum = ntohl (pt->sequence_number);

Modified: gnunet/src/include/gnunet_crypto_lib.h
===================================================================
--- gnunet/src/include/gnunet_crypto_lib.h      2010-10-02 22:29:25 UTC (rev 
13129)
+++ gnunet/src/include/gnunet_crypto_lib.h      2010-10-03 13:29:09 UTC (rev 
13130)
@@ -57,7 +57,12 @@
   /**
    * High-quality operations are desired.
    */
-  GNUNET_CRYPTO_QUALITY_STRONG
+  GNUNET_CRYPTO_QUALITY_STRONG,
+
+  /**
+   * Randomness for IVs etc. is required.
+   */
+  GNUNET_CRYPTO_QUALITY_NONCE
 };
 
 
@@ -87,6 +92,11 @@
 
 
 /**
+ * Length of a hash value
+ */
+#define GNUNET_CRYPTO_HASH_LENGTH 512/8
+
+/**
  * The private information of an RSA key pair.
  */
 struct GNUNET_CRYPTO_RsaPrivateKey;
@@ -201,6 +211,15 @@
 };
 
 
+/**
+ * @brief type for (message) authentication keys
+ */
+struct GNUNET_CRYPTO_AuthKey
+{
+  unsigned char key[GNUNET_CRYPTO_HASH_LENGTH];
+};
+
+
 /* **************** Functions and Macros ************* */
 
 
@@ -257,7 +276,6 @@
 void GNUNET_CRYPTO_aes_create_session_key (struct GNUNET_CRYPTO_AesSessionKey
                                            *key);
 
-
 /**
  * Check that a new session key is well-formed.
  *
@@ -306,6 +324,34 @@
 
 
 /**
+ * @brief Derive an IV
+ * @param iv initialization vector
+ * @param skey session key
+ * @param salt salt for the derivation
+ * @param salt_len size of the salt
+ * @param ... pairs of void * & size_t for context chunks, terminated by NULL
+ */
+void
+GNUNET_CRYPTO_aes_derive_iv (struct GNUNET_CRYPTO_AesInitializationVector *iv,
+    const struct GNUNET_CRYPTO_AesSessionKey *skey, void *salt,
+    size_t salt_len, ...);
+
+
+/**
+ * @brief Derive an IV
+ * @param iv initialization vector
+ * @param skey session key
+ * @param salt salt for the derivation
+ * @param salt_len size of the salt
+ * @param argp pairs of void * & size_t for context chunks, terminated by NULL
+ */
+void
+GNUNET_CRYPTO_aes_derive_iv_v (struct GNUNET_CRYPTO_AesInitializationVector 
*iv,
+    const struct GNUNET_CRYPTO_AesSessionKey *skey, void *salt,
+    size_t salt_len, va_list argp);
+
+
+/**
  * Convert hash to ASCII encoding.
  * @param block the hash code
  * @param result where to store the encoding (struct 
GNUNET_CRYPTO_HashAsciiEncoded can be
@@ -362,7 +408,7 @@
  * @param hmac where to store the hmac
  */
 void 
-GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AesSessionKey *key,
+GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
                    const void *plaintext,
                    size_t plaintext_len,
                    GNUNET_HashCode *hmac);
@@ -526,6 +572,37 @@
 
 
 /**
+ * @brief Derive an authentication key
+ * @param key authentication key
+ * @param rkey root key
+ * @param salt salt
+ * @param salt_len size of the salt
+ * @param argp pair of void * & size_t for context chunks, terminated by NULL
+ */
+void
+GNUNET_CRYPTO_hmac_derive_key_v(struct GNUNET_CRYPTO_AuthKey *key,
+                                const struct GNUNET_CRYPTO_AesSessionKey *rkey,
+                                const void *salt,
+                                const size_t salt_len,
+                                const va_list argp);
+
+
+/**
+ * @brief Derive an authentication key
+ * @param key authentication key
+ * @param rkey root key
+ * @param salt salt
+ * @param salt_len size of the salt
+ * @param ... pair of void * & size_t for context chunks, terminated by NULL
+ */
+void
+GNUNET_CRYPTO_hmac_derive_key(struct GNUNET_CRYPTO_AuthKey *key,
+                              const struct GNUNET_CRYPTO_AesSessionKey *rkey,
+                              const void *salt,
+                              const size_t salt_len,
+                              ...);
+
+/**
  * @brief Derive key
  * @param result buffer for the derived key, allocated by caller
  * @param out_len desired length of the derived key
@@ -546,6 +623,59 @@
 
 
 /**
+ * @brief Derive key
+ * @param result buffer for the derived key, allocated by caller
+ * @param out_len desired length of the derived key
+ * @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_...
+ * @param prf_algo hash algorithm for the expansion phase, GCRY_MD_...
+ * @param xts salt
+ * @param xts_len length of xts
+ * @param skm source key material
+ * @param skm_len length of skm
+ * @param argp va_list of void * & size_t pairs for context chunks
+ * @return GNUNET_YES on success
+ */
+int
+GNUNET_CRYPTO_hkdf_v (void *result, const unsigned long long out_len,
+    int xtr_algo, int prf_algo, const void *xts, const size_t xts_len,
+    const void *skm, const size_t skm_len, va_list argp);
+
+
+/**
+ * @brief Derive key
+ * @param result buffer for the derived key, allocated by caller
+ * @param out_len desired length of the derived key
+ * @param xts salt
+ * @param xts_len length of xts
+ * @param skm source key material
+ * @param skm_len length of skm
+ * @param argp va_list of void * & size_t pairs for context chunks
+ * @return GNUNET_YES on success
+ */
+int
+GNUNET_CRYPTO_kdf_v (void *result, const unsigned long long out_len,
+    const void *xts, const size_t xts_len, const void *skm,
+    const size_t skm_len, va_list argp);
+
+
+/**
+ * @brief Derive key
+ * @param result buffer for the derived key, allocated by caller
+ * @param out_len desired length of the derived key
+ * @param xts salt
+ * @param xts_len length of xts
+ * @param skm source key material
+ * @param skm_len length of skm
+ * @param ... void * & size_t pairs for context chunks
+ * @return GNUNET_YES on success
+ */
+int
+GNUNET_CRYPTO_kdf (void *result, const unsigned long long out_len,
+    const void *xts, const size_t xts_len, const void *skm,
+    const size_t skm_len, ...);
+
+
+/**
  * Create a new private key. Caller must free return value.
  *
  * @return fresh private key

Modified: gnunet/src/util/Makefile.am
===================================================================
--- gnunet/src/util/Makefile.am 2010-10-02 22:29:25 UTC (rev 13129)
+++ gnunet/src/util/Makefile.am 2010-10-03 13:29:09 UTC (rev 13130)
@@ -41,6 +41,7 @@
   crypto_crc.c \
   crypto_hash.c \
   crypto_hkdf.c \
+  crypto_kdf.c \
   crypto_ksk.c \
   crypto_random.c \
   crypto_rsa.c \

Modified: gnunet/src/util/crypto_aes.c
===================================================================
--- gnunet/src/util/crypto_aes.c        2010-10-02 22:29:25 UTC (rev 13129)
+++ gnunet/src/util/crypto_aes.c        2010-10-03 13:29:09 UTC (rev 13130)
@@ -148,4 +148,41 @@
   return size;
 }
 
+/**
+ * @brief Derive an IV
+ * @param iv initialization vector
+ * @param skey session key
+ * @param salt salt for the derivation
+ * @param salt_len size of the salt
+ * @param ... pairs of void * & size_t for context chunks, terminated by NULL
+ */
+void
+GNUNET_CRYPTO_aes_derive_iv (struct GNUNET_CRYPTO_AesInitializationVector *iv,
+    const struct GNUNET_CRYPTO_AesSessionKey *skey, void *salt,
+    size_t salt_len, ...)
+{
+  va_list argp;
+
+  va_start (argp, salt_len);
+  GNUNET_CRYPTO_aes_derive_iv_v (iv, skey, salt, salt_len, argp);
+  va_end (argp);
+}
+
+/**
+ * @brief Derive an IV
+ * @param iv initialization vector
+ * @param skey session key
+ * @param salt salt for the derivation
+ * @param salt_len size of the salt
+ * @param argp pairs of void * & size_t for context chunks, terminated by NULL
+ */
+void
+GNUNET_CRYPTO_aes_derive_iv_v (struct GNUNET_CRYPTO_AesInitializationVector 
*iv,
+    const struct GNUNET_CRYPTO_AesSessionKey *skey, void *salt,
+    size_t salt_len, va_list argp)
+{
+  GNUNET_CRYPTO_kdf_v (iv->iv, sizeof(iv->iv), salt, salt_len, skey->key,
+      sizeof(skey->key), argp);
+}
+
 /* end of crypto_aes.c */

Modified: gnunet/src/util/crypto_hash.c
===================================================================
--- gnunet/src/util/crypto_hash.c       2010-10-02 22:29:25 UTC (rev 13129)
+++ gnunet/src/util/crypto_hash.c       2010-10-03 13:29:09 UTC (rev 13130)
@@ -832,6 +832,48 @@
 
 
 /**
+ * @brief Derive an authentication key
+ * @param key authentication key
+ * @param rkey root key
+ * @param salt salt
+ * @param salt_len size of the salt
+ * @param ... pair of void * & size_t for context chunks, terminated by NULL
+ */
+void
+GNUNET_CRYPTO_hmac_derive_key(struct GNUNET_CRYPTO_AuthKey *key,
+                              const struct GNUNET_CRYPTO_AesSessionKey *rkey,
+                              const void *salt,
+                              const size_t salt_len,
+                              ...)
+{
+  va_list argp;
+
+  va_start (argp, salt_len);
+  GNUNET_CRYPTO_hmac_derive_key_v (key, rkey, salt, salt_len, argp);
+  va_end (argp);
+}
+
+
+/**
+ * @brief Derive an authentication key
+ * @param key authentication key
+ * @param rkey root key
+ * @param salt salt
+ * @param salt_len size of the salt
+ * @param argp pair of void * & size_t for context chunks, terminated by NULL
+ */
+void
+GNUNET_CRYPTO_hmac_derive_key_v(struct GNUNET_CRYPTO_AuthKey *key,
+                                const struct GNUNET_CRYPTO_AesSessionKey *rkey,
+                                const void *salt,
+                                const size_t salt_len,
+                                const va_list argp)
+{
+  GNUNET_CRYPTO_kdf_v (key->key, sizeof(key->key), salt, salt_len, rkey->key,
+      sizeof(rkey->key), argp);
+}
+
+/**
  * Calculate HMAC of a message (RFC 2104)
  *
  * @param key secret key
@@ -840,7 +882,7 @@
  * @param hmac where to store the hmac
  */
 void 
-GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AesSessionKey *key,
+GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
                    const void *plaintext,
                    size_t plaintext_len,
                    GNUNET_HashCode *hmac)
@@ -852,8 +894,7 @@
   struct sha512_ctx sctx;
 
   memset (&kh, 0, sizeof (kh));
-  GNUNET_assert (sizeof (GNUNET_HashCode) > sizeof (struct 
GNUNET_CRYPTO_AesSessionKey));
-  memcpy (&kh, key, sizeof (struct GNUNET_CRYPTO_AesSessionKey));              
                
+  memcpy (&kh, key->key, sizeof (struct GNUNET_CRYPTO_AuthKey));
   memset (&ipad, 0x5c, sizeof (ipad));
   memset (&opad, 0x36, sizeof (opad));
   GNUNET_CRYPTO_hash_xor (&ipad, &kh, &ipad);

Added: gnunet/src/util/crypto_kdf.c
===================================================================
--- gnunet/src/util/crypto_kdf.c                                (rev 0)
+++ gnunet/src/util/crypto_kdf.c        2010-10-03 13:29:09 UTC (rev 13130)
@@ -0,0 +1,88 @@
+/*
+     This file is part of GNUnet.
+     (C) 2010 Christian Grothoff (and other contributing authors)
+
+     GNUnet is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published
+     by the Free Software Foundation; either version 2, or (at your
+     option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     General Public License for more details.
+
+     You should have received a copy of the GNU General Public License
+     along with GNUnet; see the file COPYING.  If not, write to the
+     Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+     Boston, MA 02111-1307, USA.
+*/
+
+/**
+ * @file src/util/crypto_kdf.c
+ * @brief Key derivation
+ * @author Nils Durner
+ */
+
+#include <gcrypt.h>
+
+#include "platform.h"
+#include "gnunet_crypto_lib.h"
+
+/**
+ * @brief Derive key
+ * @param result buffer for the derived key, allocated by caller
+ * @param out_len desired length of the derived key
+ * @param xts salt
+ * @param xts_len length of xts
+ * @param skm source key material
+ * @param skm_len length of skm
+ * @param argp va_list of void * & size_t pairs for context chunks
+ * @return GNUNET_YES on success
+ */
+int
+GNUNET_CRYPTO_kdf_v (void *result, const unsigned long long out_len,
+    const void *xts, const size_t xts_len, const void *skm,
+    const size_t skm_len, va_list argp)
+{
+  /*
+   "Finally, we point out to a particularly advantageous instantiation using
+    HMAC-SHA512 as XTR and HMAC-SHA256 in PRF* (in which case the output from 
SHA-512 is
+    truncated to 256 bits). This makes sense in two ways: First, the 
extraction part is where we need a
+    stronger hash function due to the unconventional demand from the hash 
function in the extraction
+    setting. Second, as shown in Section 6, using HMAC with a truncated output 
as an extractor
+    allows to prove the security of HKDF under considerably weaker assumptions 
on the underlying
+    hash function."
+
+   http://eprint.iacr.org/2010/264
+   */
+
+  return GNUNET_CRYPTO_hkdf_v (result, out_len, GCRY_MD_SHA512, GCRY_MD_SHA256,
+      xts, xts_len, skm, skm_len, argp);
+}
+
+/**
+ * @brief Derive key
+ * @param result buffer for the derived key, allocated by caller
+ * @param out_len desired length of the derived key
+ * @param xts salt
+ * @param xts_len length of xts
+ * @param skm source key material
+ * @param skm_len length of skm
+ * @param ... void * & size_t pairs for context chunks
+ * @return GNUNET_YES on success
+ */
+int
+GNUNET_CRYPTO_kdf (void *result, const unsigned long long out_len,
+    const void *xts, const size_t xts_len, const void *skm,
+    const size_t skm_len, ...)
+{
+  va_list argp;
+  int ret;
+
+  va_start(argp, skm_len);
+  ret = GNUNET_CRYPTO_kdf_v (result, out_len, xts, xts_len, skm, skm_len, 
argp);
+  va_end(argp);
+
+  return ret;
+}

Modified: gnunet/src/util/crypto_random.c
===================================================================
--- gnunet/src/util/crypto_random.c     2010-10-02 22:29:25 UTC (rev 13129)
+++ gnunet/src/util/crypto_random.c     2010-10-03 13:29:09 UTC (rev 13130)
@@ -76,6 +76,17 @@
       while (ret >= ul);
       return ret % i;
     }
+  else if (mode == GNUNET_CRYPTO_QUALITY_NONCE)
+    {
+      ul = UINT32_MAX - (UINT32_MAX % i);
+      do
+        {
+          gcry_create_nonce(&ret, sizeof(ret));
+        }
+      while (ret >= ul);
+
+      return ret % i;
+    }
   else
     {
       ret = i * weak_random ();
@@ -142,6 +153,17 @@
       while (ret >= ul);
       return ret % max;
     }
+  else if (mode == GNUNET_CRYPTO_QUALITY_NONCE)
+    {
+      ul = UINT64_MAX - (UINT64_MAX % max);
+      do
+        {
+          gcry_create_nonce(&ret, sizeof(ret));
+        }
+      while (ret >= ul);
+
+      return ret % max;
+    }
   else
     {
       ret = max * weak_random ();




reply via email to

[Prev in Thread] Current Thread [Next in Thread]