[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] 03/03: worked on keyshare api, currently failing on de
From: |
gnunet |
Subject: |
[taler-anastasis] 03/03: worked on keyshare api, currently failing on decryption of encrypted truth from db (checktag fails) |
Date: |
Mon, 20 Apr 2020 23:18:23 +0200 |
This is an automated email from the git hooks/post-receive script.
dennis-neufeld pushed a commit to branch master
in repository anastasis.
commit dcefd8e770cc5eade34b489c10e011b24383c18d
Author: Dennis Neufeld <address@hidden>
AuthorDate: Mon Apr 20 21:18:09 2020 +0000
worked on keyshare api, currently failing on decryption of encrypted truth
from db (checktag fails)
---
src/backend/anastasis-httpd_truth.c | 11 +++++-----
src/lib/anastasis_api_keyshare_lookup.c | 29 ++++++++++++++++++++++--
src/lib/testing_api_cmd_truth_store.c | 6 +++++
src/util/anastasis_crypto.c | 39 +++++++++++++++++++++++++--------
4 files changed, 69 insertions(+), 16 deletions(-)
diff --git a/src/backend/anastasis-httpd_truth.c
b/src/backend/anastasis-httpd_truth.c
index ed3fbbd..6805ab1 100644
--- a/src/backend/anastasis-httpd_truth.c
+++ b/src/backend/anastasis-httpd_truth.c
@@ -83,6 +83,8 @@ AH_handler_truth_get (struct MHD_Connection *connection,
tdk = MHD_lookup_connection_value (connection,
MHD_HEADER_KIND,
"Truth-Decryption-Key");
+ if (NULL == tdk)
+ return MHD_HTTP_PRECONDITION_FAILED;
if ( (NULL != tdk) &&
(GNUNET_OK !=
@@ -99,8 +101,6 @@ AH_handler_truth_get (struct MHD_Connection *connection,
TALER_EC_SYNC_BAD_IF_MATCH,
"Truth-Decryption-Key does not
include a base32-encoded decryption key");
}
- else
- return MHD_HTTP_PRECONDITION_FAILED;
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"TruthKey from header: %s\n",
@@ -112,7 +112,7 @@ AH_handler_truth_get (struct MHD_Connection *connection,
qs = db->get_escrow_challenge (db->cls,
&uuid,
- encrypted_truth,
+ &encrypted_truth,
&encrypted_truth_size,
&truth_mime,
&method);
@@ -121,7 +121,8 @@ AH_handler_truth_get (struct MHD_Connection *connection,
return MHD_HTTP_NOT_FOUND;
}
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Success, found truth information in db\n");
+ "Encrypted truth from db: %s\n",
+ TALER_b2s (encrypted_truth, encrypted_truth_size));
}
{
// decrypt encrypted_truth
@@ -135,7 +136,7 @@ AH_handler_truth_get (struct MHD_Connection *connection,
// validate challenge response
GNUNET_assert (strlen (method) == strlen ("Secure-Question"));
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Method from truth information: %s\n",
+ "Method from db: %s\n",
method);
if (strncmp (method, "Secure-Question", strlen ("Secure-Question")) == 0)
{
diff --git a/src/lib/anastasis_api_keyshare_lookup.c
b/src/lib/anastasis_api_keyshare_lookup.c
index 1e4e805..653e858 100644
--- a/src/lib/anastasis_api_keyshare_lookup.c
+++ b/src/lib/anastasis_api_keyshare_lookup.c
@@ -251,10 +251,35 @@ ANASTASIS_keyshare_lookup (struct GNUNET_CURL_Context
*ctx,
{
struct ANASTASIS_KeyShareLookupOperation *kslo;
CURL *eh;
+ struct curl_slist *job_headers;
char uuid_str[37];
char *hashed_answer_str;
char *path;
+ job_headers = NULL;
+ {
+ struct curl_slist *ext;
+ char *val;
+ char *hdr;
+
+ /* Set Truth-Decryption-Key header */
+ val = GNUNET_STRINGS_data_to_string_alloc (truth_key,
+ sizeof (*truth_key));
+ GNUNET_asprintf (&hdr,
+ "Truth-Decryption-Key: %s",
+ val);
+ GNUNET_free (val);
+ ext = curl_slist_append (job_headers,
+ hdr);
+ GNUNET_free (hdr);
+ if (NULL == ext)
+ {
+ GNUNET_break (0);
+ curl_slist_free_all (job_headers);
+ return NULL;
+ }
+ job_headers = ext;
+ }
kslo = GNUNET_new (struct ANASTASIS_KeyShareLookupOperation);
kslo->ctx = ctx;
kslo->cb = cb;
@@ -285,7 +310,6 @@ ANASTASIS_keyshare_lookup (struct GNUNET_CURL_Context *ctx,
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Url get request (keyshare lookup): %s\n",
kslo->url);
- // eh = curl_easy_init ();
eh = ANASTASIS_curl_easy_get_ (kslo->url);
GNUNET_assert (CURLE_OK ==
curl_easy_setopt (eh,
@@ -298,11 +322,12 @@ ANASTASIS_keyshare_lookup (struct GNUNET_CURL_Context
*ctx,
kslo->cb_cls = cb_cls;
kslo->job = GNUNET_CURL_job_add_raw (ctx,
eh,
- GNUNET_NO,
+ job_headers,
&handle_keyshare_lookup_finished,
kslo);
GNUNET_free (path);
GNUNET_free (hashed_answer_str);
+ curl_slist_free_all (job_headers);
return kslo;
}
diff --git a/src/lib/testing_api_cmd_truth_store.c
b/src/lib/testing_api_cmd_truth_store.c
index 3c8ea12..6117aee 100644
--- a/src/lib/testing_api_cmd_truth_store.c
+++ b/src/lib/testing_api_cmd_truth_store.c
@@ -407,6 +407,12 @@ ANASTASIS_TESTING_make_truth_example (const char *method,
sizeof (answer),
&encrypted_truth,
&size_encrypted_truth);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Encrypted truth in json: %s\n",
+ TALER_b2s (encrypted_truth, size_encrypted_truth));
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Encrypted truth size: %lu\n",
+ size_encrypted_truth);
truth_data = json_pack ("{s:o," /* keyshare_data */
" s:s," /* method */
" s:o," /* encrypted_truth */
diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c
index 5c3b62e..19cb076 100644
--- a/src/util/anastasis_crypto.c
+++ b/src/util/anastasis_crypto.c
@@ -87,6 +87,14 @@ anastasis_encrypt (const void *key,
void **res,
size_t *res_size)
{
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "KEY_E: %s\n",
+ TALER_b2s (key,
+ key_len));
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "PLAINTEXT_E: %s\n",
+ TALER_b2s (data,
+ data_size));
struct ANASTASIS_CRYPTO_Nonce *nonce;
gcry_cipher_hd_t cipher;
struct ANASTASIS_CRYPTO_SymKey sym_key;
@@ -114,6 +122,9 @@ anastasis_encrypt (const void *key,
salt,
&sym_key,
&iv);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "NONCE_E: %s\n",
+ TALER_B2S (nonce));
GNUNET_assert (0 ==
gcry_cipher_open (&cipher,
GCRY_CIPHER_AES256,
@@ -134,21 +145,22 @@ anastasis_encrypt (const void *key,
data_size,
data,
data_size));
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "CIPHERTEXT_E: %s\n",
+ TALER_b2s (ciphertext,
+ strlen (ciphertext)));
GNUNET_assert (0 ==
gcry_cipher_gettag (cipher,
tag,
sizeof (struct ANASTASIS_CRYPTO_AesTag)));
- gcry_cipher_close (cipher);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "NONCE_E: %s\n",
- TALER_B2S (nonce));
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"TAG_E: %s\n",
TALER_B2S (tag));
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "CIPHERTEXT_E: %s\n",
- TALER_b2s (ciphertext,
- strlen (ciphertext)));
+ "RES_E: %s\n",
+ TALER_b2s (*res,
+ *res_size));
+ gcry_cipher_close (cipher);
}
@@ -172,6 +184,10 @@ anastasis_decrypt (const void *key,
void **res,
size_t *res_size)
{
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "KEY_D: %s\n",
+ TALER_b2s (key,
+ key_len));
struct ANASTASIS_CRYPTO_Nonce *nonce;
gcry_cipher_hd_t cipher;
struct ANASTASIS_CRYPTO_SymKey sym_key;
@@ -188,18 +204,19 @@ anastasis_decrypt (const void *key,
- sizeof (struct ANASTASIS_CRYPTO_Nonce)
- sizeof (struct ANASTASIS_CRYPTO_AesTag));
nonce = (struct ANASTASIS_CRYPTO_Nonce *) data;
- tag = (struct ANASTASIS_CRYPTO_AesTag *) &nonce[1];
- ciphertext = (char *) &tag[1];
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"NONCE_D: %s\n",
TALER_B2S (nonce));
+ tag = (struct ANASTASIS_CRYPTO_AesTag *) &nonce[1];
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"TAG_D: %s\n",
TALER_B2S (tag));
+ ciphertext = (char *) &tag[1];
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"CIPHERTEXT_D: %s\n",
TALER_b2s (ciphertext,
strlen (ciphertext)));
+
get_iv_key (key,
key_len,
nonce,
@@ -225,6 +242,10 @@ anastasis_decrypt (const void *key,
*res_size,
ciphertext,
*res_size));
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "PLAINTEXT_D: %s\n",
+ TALER_b2s (*res,
+ *res_size));
GNUNET_assert (0 ==
gcry_cipher_checktag (cipher,
tag,
--
To stop receiving notification emails like this one, please contact
address@hidden.