[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnunet] branch master updated: -output IVs and Ks for symmetric encrypt
From: |
gnunet |
Subject: |
[gnunet] branch master updated: -output IVs and Ks for symmetric encryption GNS |
Date: |
Mon, 31 Jan 2022 11:10:58 +0100 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository gnunet.
The following commit(s) were added to refs/heads/master by this push:
new b3c486bfa -output IVs and Ks for symmetric encryption GNS
b3c486bfa is described below
commit b3c486bfa32ed6d0c62c0cbbb6f0ce8489271f6e
Author: Martin Schanzenbach <schanzen@gnunet.org>
AuthorDate: Mon Jan 31 11:10:53 2022 +0100
-output IVs and Ks for symmetric encryption GNS
---
contrib/gana | 2 +-
po/POTFILES.in | 2 +
src/gnsrecord/gnsrecord_crypto.c | 252 ++++++++++++++++-------------------
src/gnsrecord/gnunet-gnsrecord-tvg.c | 60 +++++++--
4 files changed, 165 insertions(+), 151 deletions(-)
diff --git a/contrib/gana b/contrib/gana
index c12314df0..3a71278a2 160000
--- a/contrib/gana
+++ b/contrib/gana
@@ -1 +1 @@
-Subproject commit c12314df0f82e192c6829a9c6cf3e9663b586da1
+Subproject commit 3a71278a2aab67f9a1888af172b507d6e08364cf
diff --git a/po/POTFILES.in b/po/POTFILES.in
index ffa06a484..ad5c68056 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -183,6 +183,7 @@ src/gnsrecord/gnsrecord_serialization.c
src/gnsrecord/gnunet-gnsrecord-tvg.c
src/gnsrecord/json_gnsrecord.c
src/gnsrecord/plugin_gnsrecord_dns.c
+src/gnsrecord/test.c
src/hello/address.c
src/hello/gnunet-hello.c
src/hello/hello-ng.c
@@ -314,6 +315,7 @@ src/reclaim/plugin_rest_reclaim.c
src/reclaim/reclaim_api.c
src/reclaim/reclaim_attribute.c
src/reclaim/reclaim_credential.c
+src/reclaim/test.c
src/regex/gnunet-daemon-regexprofiler.c
src/regex/gnunet-regex-profiler.c
src/regex/gnunet-regex-simulation-profiler.c
diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c
index fe7db88b9..58feaee74 100644
--- a/src/gnsrecord/gnsrecord_crypto.c
+++ b/src/gnsrecord/gnsrecord_crypto.c
@@ -25,15 +25,7 @@
* @author Matthias Wachs
* @author Christian Grothoff
*/
-#include "platform.h"
-#include "gnunet_util_lib.h"
-#include "gnunet_constants.h"
-#include "gnunet_signatures.h"
-#include "gnunet_arm_service.h"
-#include "gnunet_gnsrecord_lib.h"
-#include "gnunet_dnsparser_lib.h"
-#include "gnunet_tun_lib.h"
-
+#include "gnsrecord_crypto.h"
#define LOG(kind, ...) GNUNET_log_from (kind, "gnsrecord", __VA_ARGS__)
@@ -104,7 +96,7 @@ eddsa_symmetric_decrypt (
return GNUNET_SYSERR;
if (0 != crypto_secretbox_open_detached (result,
block, // Ciphertext
- ((unsigned char*)block) + ctlen, //
TAG
+ ((unsigned char*) block) + ctlen,
// TAG
ctlen,
nonce, key))
{
@@ -131,20 +123,12 @@ eddsa_symmetric_encrypt (
}
-/**
- * Derive session key and iv from label and public key.
- *
- * @param iv initialization vector to initialize
- * @param skey session key to initialize
- * @param label label to use for KDF
- * @param pub public key to use for KDF
- */
-static void
-derive_block_aes_key (unsigned char *ctr,
- unsigned char *key,
- const char *label,
- uint64_t exp,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
+void
+GNR_derive_block_aes_key (unsigned char *ctr,
+ unsigned char *key,
+ const char *label,
+ uint64_t exp,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
{
static const char ctx_key[] = "gns-aes-ctx-key";
static const char ctx_iv[] = "gns-aes-ctx-iv";
@@ -168,20 +152,12 @@ derive_block_aes_key (unsigned char *ctr,
}
-/**
- * Derive session key and iv from label and public key.
- *
- * @param nonce initialization vector to initialize
- * @param skey session key to initialize
- * @param label label to use for KDF
- * @param pub public key to use for KDF
- */
-static void
-derive_block_xsalsa_key (unsigned char *nonce,
- unsigned char *key,
- const char *label,
- uint64_t exp,
- const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
+void
+GNR_derive_block_xsalsa_key (unsigned char *nonce,
+ unsigned char *key,
+ const char *label,
+ uint64_t exp,
+ const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
{
static const char ctx_key[] = "gns-aes-ctx-key";
static const char ctx_iv[] = "gns-aes-ctx-iv";
@@ -291,11 +267,11 @@ block_create_ecdsa (const struct
GNUNET_CRYPTO_EcdsaPrivateKey *key,
"gns");
GNUNET_CRYPTO_ecdsa_key_get_public (dkey,
&ecblock->derived_key);
- derive_block_aes_key (ctr,
- skey,
- label,
- ecblock->expiration_time.abs_value_us__,
- pkey);
+ GNR_derive_block_aes_key (ctr,
+ skey,
+ label,
+ ecblock->expiration_time.abs_value_us__,
+ pkey);
GNUNET_break (payload_len + sizeof(uint32_t) ==
ecdsa_symmetric_encrypt (payload,
payload_len
@@ -409,11 +385,11 @@ block_create_eddsa (const struct
GNUNET_CRYPTO_EddsaPrivateKey *key,
&dkey);
GNUNET_CRYPTO_eddsa_key_get_public_from_scalar (&dkey,
&edblock->derived_key);
- derive_block_xsalsa_key (nonce,
- skey,
- label,
- edblock->expiration_time.abs_value_us__,
- pkey);
+ GNR_derive_block_xsalsa_key (nonce,
+ skey,
+ label,
+ edblock->expiration_time.abs_value_us__,
+ pkey);
GNUNET_break (GNUNET_OK ==
eddsa_symmetric_encrypt (payload,
payload_len
@@ -456,24 +432,24 @@ GNUNET_GNSRECORD_block_create (const struct
GNUNET_IDENTITY_PrivateKey *key,
switch (ntohl (key->type))
{
- case GNUNET_GNSRECORD_TYPE_PKEY:
- res = block_create_ecdsa (&key->ecdsa_key,
- &pkey.ecdsa_key,
- expire,
- norm_label,
- rd,
- rd_count);
- break;
- case GNUNET_GNSRECORD_TYPE_EDKEY:
- res = block_create_eddsa (&key->eddsa_key,
- &pkey.eddsa_key,
- expire,
- norm_label,
- rd,
- rd_count);
- break;
- default:
- GNUNET_assert (0);
+ case GNUNET_GNSRECORD_TYPE_PKEY:
+ res = block_create_ecdsa (&key->ecdsa_key,
+ &pkey.ecdsa_key,
+ expire,
+ norm_label,
+ rd,
+ rd_count);
+ break;
+ case GNUNET_GNSRECORD_TYPE_EDKEY:
+ res = block_create_eddsa (&key->eddsa_key,
+ &pkey.eddsa_key,
+ expire,
+ norm_label,
+ rd,
+ rd_count);
+ break;
+ default:
+ GNUNET_assert (0);
}
GNUNET_free (norm_label);
return res;
@@ -576,20 +552,20 @@ GNUNET_GNSRECORD_block_verify (const struct
GNUNET_GNSRECORD_Block *block)
{
switch (ntohl (block->type))
{
- case GNUNET_GNSRECORD_TYPE_PKEY:
- return GNUNET_CRYPTO_ecdsa_verify_ (
-
GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
- &block->ecdsa_block.purpose,
- &block->ecdsa_block.signature,
- &block->ecdsa_block.derived_key);
- case GNUNET_GNSRECORD_TYPE_EDKEY:
- return GNUNET_CRYPTO_eddsa_verify_ (
-
GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
- &block->eddsa_block.purpose,
- &block->eddsa_block.signature,
- &block->eddsa_block.derived_key);
- default:
- return GNUNET_NO;
+ case GNUNET_GNSRECORD_TYPE_PKEY:
+ return GNUNET_CRYPTO_ecdsa_verify_ (
+ GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
+ &block->ecdsa_block.purpose,
+ &block->ecdsa_block.signature,
+ &block->ecdsa_block.derived_key);
+ case GNUNET_GNSRECORD_TYPE_EDKEY:
+ return GNUNET_CRYPTO_eddsa_verify_ (
+ GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
+ &block->eddsa_block.purpose,
+ &block->eddsa_block.signature,
+ &block->eddsa_block.derived_key);
+ default:
+ return GNUNET_NO;
}
}
@@ -603,8 +579,8 @@ block_decrypt_ecdsa (const struct
GNUNET_GNSRECORD_EcdsaBlock *block,
void *proc_cls)
{
size_t payload_len = ntohl (block->purpose.size)
- - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
- - sizeof(struct GNUNET_TIME_AbsoluteNBO);
+ - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
+ - sizeof(struct GNUNET_TIME_AbsoluteNBO);
unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH];
@@ -615,11 +591,11 @@ block_decrypt_ecdsa (const struct
GNUNET_GNSRECORD_EcdsaBlock *block,
GNUNET_break_op (0);
return GNUNET_SYSERR;
}
- derive_block_aes_key (ctr,
- key,
- label,
- block->expiration_time.abs_value_us__,
- zone_key);
+ GNR_derive_block_aes_key (ctr,
+ key,
+ label,
+ block->expiration_time.abs_value_us__,
+ zone_key);
{
char payload[payload_len];
uint32_t rd_count;
@@ -731,8 +707,8 @@ block_decrypt_eddsa (const struct
GNUNET_GNSRECORD_EddsaBlock *block,
void *proc_cls)
{
size_t payload_len = ntohl (block->purpose.size)
- - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
- - sizeof(struct GNUNET_TIME_AbsoluteNBO);
+ - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
+ - sizeof(struct GNUNET_TIME_AbsoluteNBO);
unsigned char nonce[crypto_secretbox_NONCEBYTES];
unsigned char key[crypto_secretbox_KEYBYTES];
@@ -743,11 +719,11 @@ block_decrypt_eddsa (const struct
GNUNET_GNSRECORD_EddsaBlock *block,
GNUNET_break_op (0);
return GNUNET_SYSERR;
}
- derive_block_xsalsa_key (nonce,
- key,
- label,
- block->expiration_time.abs_value_us__,
- zone_key);
+ GNR_derive_block_xsalsa_key (nonce,
+ key,
+ label,
+ block->expiration_time.abs_value_us__,
+ zone_key);
{
char payload[payload_len];
uint32_t rd_count;
@@ -875,16 +851,18 @@ GNUNET_GNSRECORD_block_decrypt (const struct
GNUNET_GNSRECORD_Block *block,
norm_label = GNUNET_GNSRECORD_string_normalize (label);
switch (ntohl (zone_key->type))
{
- case GNUNET_IDENTITY_TYPE_ECDSA:
- res = block_decrypt_ecdsa (&block->ecdsa_block,
- &zone_key->ecdsa_key, norm_label, proc,
proc_cls);
- break;
- case GNUNET_IDENTITY_TYPE_EDDSA:
- res = block_decrypt_eddsa (&block->eddsa_block,
- &zone_key->eddsa_key, norm_label, proc,
proc_cls);
- break;
- default:
- return GNUNET_SYSERR;
+ case GNUNET_IDENTITY_TYPE_ECDSA:
+ res = block_decrypt_ecdsa (&block->ecdsa_block,
+ &zone_key->ecdsa_key, norm_label, proc,
+ proc_cls);
+ break;
+ case GNUNET_IDENTITY_TYPE_EDDSA:
+ res = block_decrypt_eddsa (&block->eddsa_block,
+ &zone_key->eddsa_key, norm_label, proc,
+ proc_cls);
+ break;
+ default:
+ return GNUNET_SYSERR;
}
GNUNET_free (norm_label);
return res;
@@ -910,17 +888,17 @@ GNUNET_GNSRECORD_query_from_private_key (const struct
norm_label = GNUNET_GNSRECORD_string_normalize (label);
switch (ntohl (zone->type))
{
- case GNUNET_GNSRECORD_TYPE_PKEY:
- case GNUNET_GNSRECORD_TYPE_EDKEY:
-
- GNUNET_IDENTITY_key_get_public (zone,
- &pub);
- GNUNET_GNSRECORD_query_from_public_key (&pub,
- norm_label,
- query);
- break;
- default:
- GNUNET_assert (0);
+ case GNUNET_GNSRECORD_TYPE_PKEY:
+ case GNUNET_GNSRECORD_TYPE_EDKEY:
+
+ GNUNET_IDENTITY_key_get_public (zone,
+ &pub);
+ GNUNET_GNSRECORD_query_from_public_key (&pub,
+ norm_label,
+ query);
+ break;
+ default:
+ GNUNET_assert (0);
}
GNUNET_free (norm_label);
}
@@ -947,28 +925,28 @@ GNUNET_GNSRECORD_query_from_public_key (const struct
switch (ntohl (pub->type))
{
- case GNUNET_GNSRECORD_TYPE_PKEY:
- pd.type = pub->type;
- GNUNET_CRYPTO_ecdsa_public_key_derive (&pub->ecdsa_key,
- norm_label,
- "gns",
- &pd.ecdsa_key);
- GNUNET_CRYPTO_hash (&pd.ecdsa_key,
- sizeof (pd.ecdsa_key),
- query);
- break;
- case GNUNET_GNSRECORD_TYPE_EDKEY:
- pd.type = pub->type;
- GNUNET_CRYPTO_eddsa_public_key_derive (&pub->eddsa_key,
- norm_label,
- "gns",
- &(pd.eddsa_key));
- GNUNET_CRYPTO_hash (&pd.eddsa_key,
- sizeof (pd.eddsa_key),
- query);
- break;
- default:
- GNUNET_assert (0);
+ case GNUNET_GNSRECORD_TYPE_PKEY:
+ pd.type = pub->type;
+ GNUNET_CRYPTO_ecdsa_public_key_derive (&pub->ecdsa_key,
+ norm_label,
+ "gns",
+ &pd.ecdsa_key);
+ GNUNET_CRYPTO_hash (&pd.ecdsa_key,
+ sizeof (pd.ecdsa_key),
+ query);
+ break;
+ case GNUNET_GNSRECORD_TYPE_EDKEY:
+ pd.type = pub->type;
+ GNUNET_CRYPTO_eddsa_public_key_derive (&pub->eddsa_key,
+ norm_label,
+ "gns",
+ &(pd.eddsa_key));
+ GNUNET_CRYPTO_hash (&pd.eddsa_key,
+ sizeof (pd.eddsa_key),
+ query);
+ break;
+ default:
+ GNUNET_assert (0);
}
GNUNET_free (norm_label);
}
diff --git a/src/gnsrecord/gnunet-gnsrecord-tvg.c
b/src/gnsrecord/gnunet-gnsrecord-tvg.c
index 9e3dea921..7a78580d2 100644
--- a/src/gnsrecord/gnunet-gnsrecord-tvg.c
+++ b/src/gnsrecord/gnunet-gnsrecord-tvg.c
@@ -31,6 +31,7 @@
#include "gnunet_dnsparser_lib.h"
#include "gnunet_testing_lib.h"
#include <inttypes.h>
+#include "gnsrecord_crypto.h"
#define TEST_RECORD_LABEL "test"
#define TEST_RECORD_A "1.2.3.4"
@@ -38,9 +39,9 @@
static void
print_bytes_ (void *buf,
- size_t buf_len,
- int fold,
- int in_be)
+ size_t buf_len,
+ int fold,
+ int in_be)
{
int i;
@@ -114,14 +115,16 @@ run_pkey (void)
size_t rdata_size;
uint32_t rd_count_nbo;
char ztld[128];
+ unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
+ unsigned char skey[GNUNET_CRYPTO_AES_KEY_LENGTH];
/*
* Make two different expiration times
*/
delta1 = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS,
- 420); //420 years
+ 420); // 420 years
delta2 = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS,
- 777); //777 years
+ 777); // 777 years
exp1 = GNUNET_TIME_absolute_add (now, delta1);
exp2 = GNUNET_TIME_absolute_add (now, delta2);
@@ -131,7 +134,8 @@ run_pkey (void)
&id_pub);
fprintf (stdout,
"Zone private key (d, big-endian):\n");
- print_bytes (&id_priv.ecdsa_key, sizeof (struct
GNUNET_CRYPTO_EcdsaPrivateKey), 8);
+ print_bytes (&id_priv.ecdsa_key, sizeof (struct
+ GNUNET_CRYPTO_EcdsaPrivateKey), 8);
fprintf (stdout, "\n");
fprintf (stdout, "Zone identifier (ztype|zkey):\n");
print_bytes (&id_pub, GNUNET_IDENTITY_key_get_length (&id_pub), 8);
@@ -171,7 +175,7 @@ run_pkey (void)
rdata_size = GNUNET_GNSRECORD_records_get_size (TEST_RRCOUNT,
rd);
rdata = GNUNET_malloc (rdata_size);
- rd_count_nbo = htonl(2);
+ rd_count_nbo = htonl (2);
GNUNET_memcpy (rdata,
&rd_count_nbo,
sizeof (uint32_t));
@@ -183,6 +187,20 @@ run_pkey (void)
print_bytes (rdata, rdata_size, 8);
fprintf (stdout, "\n");
expire = GNUNET_GNSRECORD_record_get_expiration_time (TEST_RRCOUNT, rd);
+ GNR_derive_block_aes_key (ctr,
+ skey,
+ TEST_RECORD_LABEL,
+ GNUNET_TIME_absolute_hton (
+ expire).abs_value_us__,
+ &id_pub.ecdsa_key);
+
+ fprintf (stdout, "Encryption NONCE|EXPIRATION|BLOCK COUNTER:\n");
+ print_bytes (ctr, sizeof (ctr), 8);
+ fprintf (stdout, "\n");
+ fprintf (stdout, "Encryption key (K):\n");
+ print_bytes (skey, sizeof (skey), 8);
+
+
rrblock = GNUNET_GNSRECORD_block_create (&id_priv,
expire,
TEST_RECORD_LABEL,
@@ -237,14 +255,16 @@ run_edkey (void)
size_t rdata_size;
uint32_t rd_count_nbo;
char ztld[128];
+ unsigned char nonce[crypto_secretbox_NONCEBYTES];
+ unsigned char skey[crypto_secretbox_KEYBYTES];
/*
* Make two different expiration times
*/
delta1 = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS,
- 420); //420 years
+ 420); // 420 years
delta2 = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS,
- 777); //777 years
+ 777); // 777 years
exp1 = GNUNET_TIME_absolute_add (now, delta1);
exp2 = GNUNET_TIME_absolute_add (now, delta2);
@@ -259,7 +279,8 @@ run_edkey (void)
&id_pub);
fprintf (stdout,
"Zone private key (d):\n");
- print_bytes (&id_priv.eddsa_key, sizeof (struct
GNUNET_CRYPTO_EddsaPrivateKey), 8);
+ print_bytes (&id_priv.eddsa_key, sizeof (struct
+ GNUNET_CRYPTO_EddsaPrivateKey), 8);
fprintf (stdout, "\n");
fprintf (stdout, "Zone identifier (ztype|zkey):\n");
print_bytes (&id_pub, GNUNET_IDENTITY_key_get_length (&id_pub), 8);
@@ -301,7 +322,7 @@ run_edkey (void)
expire = GNUNET_GNSRECORD_record_get_expiration_time (TEST_RRCOUNT,
rd);
rdata = GNUNET_malloc (sizeof (uint32_t) + rdata_size);
- rd_count_nbo = htonl(2);
+ rd_count_nbo = htonl (2);
GNUNET_memcpy (rdata,
&rd_count_nbo,
sizeof (uint32_t));
@@ -312,6 +333,19 @@ run_edkey (void)
fprintf (stdout, "RDATA:\n");
print_bytes (rdata, rdata_size, 8);
fprintf (stdout, "\n");
+ GNR_derive_block_xsalsa_key (nonce,
+ skey,
+ TEST_RECORD_LABEL,
+ GNUNET_TIME_absolute_hton (
+ expire).abs_value_us__,
+ &id_pub.eddsa_key);
+ fprintf (stdout, "Encryption NONCE|EXPIRATION:\n");
+ print_bytes (nonce, sizeof (nonce), 8);
+ fprintf (stdout, "\n");
+ fprintf (stdout, "Encryption key (K):\n");
+ print_bytes (skey, sizeof (skey), 8);
+ fprintf (stdout, "\n");
+
rrblock = GNUNET_GNSRECORD_block_create (&id_priv,
expire,
TEST_RECORD_LABEL,
@@ -350,8 +384,8 @@ run (void *cls,
const char *cfgfile,
const struct GNUNET_CONFIGURATION_Handle *cfg)
{
- run_pkey();
- run_edkey();
+ run_pkey ();
+ run_edkey ();
}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [gnunet] branch master updated: -output IVs and Ks for symmetric encryption GNS,
gnunet <=