[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: allow encryption nonce to be fi
From: |
gnunet |
Subject: |
[taler-anastasis] branch master updated: allow encryption nonce to be fixed for truth encryption to ensure truth upload idempotency can be detected |
Date: |
Thu, 18 Mar 2021 13:18:37 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new d019b39 allow encryption nonce to be fixed for truth encryption to
ensure truth upload idempotency can be detected
d019b39 is described below
commit d019b391154c507a0e5b6b5c936d869c9e2433a6
Author: Christian Grothoff <grothoff@gnunet.org>
AuthorDate: Thu Mar 18 13:18:23 2021 +0100
allow encryption nonce to be fixed for truth encryption to ensure truth
upload idempotency can be detected
---
src/include/anastasis.h | 2 ++
src/include/anastasis_crypto_lib.h | 21 +++++++++++--------
src/lib/anastasis_backup.c | 21 +++++++++++++++++--
src/reducer/anastasis_api_backup_redux.c | 5 +++++
src/testing/testing_api_cmd_truth_store.c | 7 ++++++-
src/util/anastasis_crypto.c | 34 ++++++++++++++++++++++---------
src/util/test_anastasis_crypto.c | 16 +++++++++------
7 files changed, 78 insertions(+), 28 deletions(-)
diff --git a/src/include/anastasis.h b/src/include/anastasis.h
index 384844b..972b110 100644
--- a/src/include/anastasis.h
+++ b/src/include/anastasis.h
@@ -620,6 +620,7 @@ ANASTASIS_truth_upload (
* @param truth_data_size size of the data
* @param payment_requested true if the client wants to pay more for the
account now
* @param pay_timeout how long to wait for payment
+ * @param nonce nonce to use for symmetric encryption
* @param uuid truth UUID to use
* @param salt salt to use to hash security questions
* @param truth_key symmetric encryption key to use to encrypt @a truth_data
@@ -640,6 +641,7 @@ ANASTASIS_truth_upload2 (
size_t truth_data_size,
bool payment_requested,
struct GNUNET_TIME_Relative pay_timeout,
+ const struct ANASTASIS_CRYPTO_NonceP *nonce,
const struct ANASTASIS_CRYPTO_TruthUUIDP *uuid,
const struct ANASTASIS_CRYPTO_QuestionSaltP *salt,
const struct ANASTASIS_CRYPTO_TruthKeyP *truth_key,
diff --git a/src/include/anastasis_crypto_lib.h
b/src/include/anastasis_crypto_lib.h
index 96f77c1..57f4841 100644
--- a/src/include/anastasis_crypto_lib.h
+++ b/src/include/anastasis_crypto_lib.h
@@ -119,7 +119,7 @@ struct ANASTASIS_CRYPTO_ProviderSaltP
/**
* Specifies a policy key which is used to decrypt the master key
-*/
+ */
struct ANASTASIS_CRYPTO_PolicyKeyP
{
struct GNUNET_HashCode key GNUNET_PACKED;
@@ -128,7 +128,7 @@ struct ANASTASIS_CRYPTO_PolicyKeyP
/**
* Specifies an encrypted master key, the key is used to encrypt the core
secret from the user
-*/
+ */
struct ANASTASIS_CRYPTO_EncryptedMasterKeyP
{
struct GNUNET_HashCode key GNUNET_PACKED;
@@ -136,8 +136,8 @@ struct ANASTASIS_CRYPTO_EncryptedMasterKeyP
/**
- * Specifies a Nonce used for the AES encryption, here defined as 32Byte
large.
-*/
+ * Specifies a Nonce used for the AES encryption, here defined as 32Byte large.
+ */
struct ANASTASIS_CRYPTO_NonceP
{
uint32_t nonce[8];
@@ -146,7 +146,7 @@ struct ANASTASIS_CRYPTO_NonceP
/**
* Specifies an IV used for the AES encryption, here defined as 16Byte large.
-*/
+ */
struct ANASTASIS_CRYPTO_IvP
{
uint32_t iv[4];
@@ -155,7 +155,7 @@ struct ANASTASIS_CRYPTO_IvP
/**
* Specifies an symmetric key used for the AES encryption, here defined as
32Byte large.
-*/
+ */
struct ANASTASIS_CRYPTO_SymKeyP
{
uint32_t key[8];
@@ -164,7 +164,7 @@ struct ANASTASIS_CRYPTO_SymKeyP
/**
* Specifies an AES Tag used for the AES authentication, here defined as 16
Byte large.
-*/
+ */
struct ANASTASIS_CRYPTO_AesTagP
{
uint32_t aes_tag[4];
@@ -175,7 +175,7 @@ struct ANASTASIS_CRYPTO_AesTagP
* Specifies a Key Share from an escrow provider, the combined
* keyshares generate the EscrowMasterKey which is used to decrypt the
* Secret from the user.
-*/
+ */
struct ANASTASIS_CRYPTO_KeyShareP
{
uint32_t key[8];
@@ -184,7 +184,7 @@ struct ANASTASIS_CRYPTO_KeyShareP
/**
* Specifies an encrypted KeyShare
-*/
+ */
struct ANASTASIS_CRYPTO_EncryptedKeyShareP
{
/**
@@ -231,6 +231,7 @@ struct ANASTASIS_PaymentSecretP
uint32_t id[8];
};
+
/**
* Data signed by the account public key of a sync client to
* authorize the upload of the backup.
@@ -394,6 +395,7 @@ ANASTASIS_CRYPTO_keyshare_decrypt (
* phone number. It is encrypted with AES256, the key is generated
* with the user identification as entropy source and the salt "ect".
*
+ * @param nonce value to use for the nonce
* @param truth_enc_key master key used for encryption of the truth (see
interface EscrowMethod)
* @param truth truth which will be encrypted
* @param truth_size size of the truth
@@ -403,6 +405,7 @@ ANASTASIS_CRYPTO_keyshare_decrypt (
*/
void
ANASTASIS_CRYPTO_truth_encrypt (
+ const struct ANASTASIS_CRYPTO_NonceP *nonce,
const struct ANASTASIS_CRYPTO_TruthKeyP *truth_enc_key,
const void *truth,
size_t truth_size,
diff --git a/src/lib/anastasis_backup.c b/src/lib/anastasis_backup.c
index fb1e6c3..ce213b6 100644
--- a/src/lib/anastasis_backup.c
+++ b/src/lib/anastasis_backup.c
@@ -37,6 +37,11 @@ struct ANASTASIS_Truth
*/
struct ANASTASIS_CRYPTO_KeyShareP key_share;
+ /**
+ * Nonce used for the symmetric encryption.
+ */
+ struct ANASTASIS_CRYPTO_NonceP nonce;
+
/**
* Key used to encrypt this truth
*/
@@ -103,6 +108,8 @@ ANASTASIS_truth_from_json (const json_t *json)
&mime_type)),
GNUNET_JSON_spec_fixed_auto ("uuid",
&t->uuid),
+ GNUNET_JSON_spec_fixed_auto ("nonce",
+ &t->nonce),
GNUNET_JSON_spec_fixed_auto ("key_share",
&t->key_share),
GNUNET_JSON_spec_fixed_auto ("truth_key",
@@ -146,7 +153,7 @@ ANASTASIS_truth_to_json (const struct ANASTASIS_Truth *t)
{
return json_pack (
"{s:o,s:o,s:o,s:o,s:o"
- ",s:s,s:s,s:s,s:s?}",
+ ",s:o,s:s,s:s,s:s,s:s?}",
"uuid",
GNUNET_JSON_from_data_auto (&t->uuid),
"key_share",
@@ -155,6 +162,8 @@ ANASTASIS_truth_to_json (const struct ANASTASIS_Truth *t)
GNUNET_JSON_from_data_auto (&t->truth_key),
"salt",
GNUNET_JSON_from_data_auto (&t->salt),
+ "nonce",
+ GNUNET_JSON_from_data_auto (&t->nonce),
"provider_salt",
GNUNET_JSON_from_data_auto (&t->provider_salt),
"url",
@@ -294,7 +303,8 @@ ANASTASIS_truth_upload3 (struct GNUNET_CURL_Context *ctx,
truth_data = &nt;
truth_data_size = sizeof (nt);
}
- ANASTASIS_CRYPTO_truth_encrypt (&t->truth_key,
+ ANASTASIS_CRYPTO_truth_encrypt (&t->nonce,
+ &t->truth_key,
truth_data,
truth_data_size,
&encrypted_truth,
@@ -336,6 +346,7 @@ ANASTASIS_truth_upload2 (struct GNUNET_CURL_Context *ctx,
size_t truth_data_size,
bool payment_requested,
struct GNUNET_TIME_Relative pay_timeout,
+ const struct ANASTASIS_CRYPTO_NonceP *nonce,
const struct ANASTASIS_CRYPTO_TruthUUIDP *uuid,
const struct ANASTASIS_CRYPTO_QuestionSaltP *salt,
const struct ANASTASIS_CRYPTO_TruthKeyP *truth_key,
@@ -356,6 +367,7 @@ ANASTASIS_truth_upload2 (struct GNUNET_CURL_Context *ctx,
: NULL;
t->provider_salt = *provider_salt;
t->salt = *salt;
+ t->nonce = *nonce;
t->uuid = *uuid;
t->truth_key = *truth_key;
t->key_share = *key_share;
@@ -391,9 +403,13 @@ ANASTASIS_truth_upload (struct GNUNET_CURL_Context *ctx,
struct ANASTASIS_CRYPTO_TruthUUIDP uuid;
struct ANASTASIS_CRYPTO_TruthKeyP truth_key;
struct ANASTASIS_CRYPTO_KeyShareP key_share;
+ struct ANASTASIS_CRYPTO_NonceP nonce;
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Creating fresh truth object\n");
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
+ &nonce,
+ sizeof (nonce));
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
&question_salt,
sizeof (question_salt));
@@ -415,6 +431,7 @@ ANASTASIS_truth_upload (struct GNUNET_CURL_Context *ctx,
truth_data_size,
payment_requested,
pay_timeout,
+ &nonce,
&uuid,
&question_salt,
&truth_key,
diff --git a/src/reducer/anastasis_api_backup_redux.c
b/src/reducer/anastasis_api_backup_redux.c
index 0ff43db..19ee771 100644
--- a/src/reducer/anastasis_api_backup_redux.c
+++ b/src/reducer/anastasis_api_backup_redux.c
@@ -2220,11 +2220,15 @@ check_truth_upload (struct UploadContext *uc,
struct ANASTASIS_CRYPTO_QuestionSaltP question_salt;
struct ANASTASIS_CRYPTO_TruthKeyP truth_key;
struct ANASTASIS_CRYPTO_KeyShareP key_share;
+ struct ANASTASIS_CRYPTO_NonceP nonce;
+
struct GNUNET_JSON_Specification jspec[] = {
GNUNET_JSON_spec_fixed_auto ("salt",
&question_salt),
GNUNET_JSON_spec_fixed_auto ("truth_key",
&truth_key),
+ GNUNET_JSON_spec_fixed_auto ("nonce",
+ &nonce),
GNUNET_JSON_spec_fixed_auto ("uuid",
&uuid),
GNUNET_JSON_spec_fixed_auto ("key_share",
@@ -2264,6 +2268,7 @@ check_truth_upload (struct UploadContext *uc,
truth_data_size,
force_payment,
uc->timeout,
+ &nonce,
&uuid,
&question_salt,
&truth_key,
diff --git a/src/testing/testing_api_cmd_truth_store.c
b/src/testing/testing_api_cmd_truth_store.c
index 7df2c70..0883406 100644
--- a/src/testing/testing_api_cmd_truth_store.c
+++ b/src/testing/testing_api_cmd_truth_store.c
@@ -244,8 +244,13 @@ truth_store_run (void *cls,
{
void *encrypted_truth;
size_t size_encrypted_truth;
+ struct ANASTASIS_CRYPTO_NonceP nonce;
- ANASTASIS_CRYPTO_truth_encrypt (&tss->key,
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
+ &nonce,
+ sizeof (nonce));
+ ANASTASIS_CRYPTO_truth_encrypt (&nonce,
+ &tss->key,
tss->truth_data,
tss->truth_data_size,
&encrypted_truth,
diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c
index 0bb0e63..9695035 100644
--- a/src/util/anastasis_crypto.c
+++ b/src/util/anastasis_crypto.c
@@ -102,6 +102,7 @@ get_iv_key (const void *key_material,
/**
* Encryption of data like recovery document etc.
*
+ * @param nonce value to use for the nonce
* @param key key which is used to derive a key/iv pair from
* @param key_len length of key
* @param data data to encrypt
@@ -111,7 +112,8 @@ get_iv_key (const void *key_material,
* @param res_size[out] size of the ciphertext
*/
static void
-anastasis_encrypt (const void *key,
+anastasis_encrypt (const struct ANASTASIS_CRYPTO_NonceP *nonce,
+ const void *key,
size_t key_len,
const void *data,
size_t data_size,
@@ -119,7 +121,7 @@ anastasis_encrypt (const void *key,
void **res,
size_t *res_size)
{
- struct ANASTASIS_CRYPTO_NonceP *nonce;
+ struct ANASTASIS_CRYPTO_NonceP *nonceptr;
gcry_cipher_hd_t cipher;
struct ANASTASIS_CRYPTO_SymKeyP sym_key;
struct ANASTASIS_CRYPTO_IvP iv;
@@ -143,12 +145,12 @@ anastasis_encrypt (const void *key,
GNUNET_break (0);
return;
}
- nonce = (struct ANASTASIS_CRYPTO_NonceP *) *res;
- tag = (struct ANASTASIS_CRYPTO_AesTagP *) &nonce[1];
+ nonceptr = (struct ANASTASIS_CRYPTO_NonceP *) *res;
+ tag = (struct ANASTASIS_CRYPTO_AesTagP *) &nonceptr[1];
ciphertext = (char *) &tag[1];
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
- nonce,
- sizeof (struct ANASTASIS_CRYPTO_NonceP));
+ memcpy (nonceptr,
+ nonce,
+ sizeof (*nonce));
get_iv_key (key,
key_len,
nonce,
@@ -342,8 +344,13 @@ ANASTASIS_CRYPTO_recovery_document_encrypt (
size_t *erd_size)
{
const char *salt = "erd";
+ struct ANASTASIS_CRYPTO_NonceP nonce;
- anastasis_encrypt (id,
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
+ &nonce,
+ sizeof (nonce));
+ anastasis_encrypt (&nonce,
+ id,
sizeof (struct ANASTASIS_CRYPTO_UserIdentifierP),
rec_doc,
rd_size,
@@ -382,12 +389,17 @@ ANASTASIS_CRYPTO_keyshare_encrypt (
const char *salt = "eks";
size_t eks_size = 0;
void *eks = NULL;
+ struct ANASTASIS_CRYPTO_NonceP nonce;
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
+ &nonce,
+ sizeof (nonce));
/* FIXME: the HKDF (in get_iv_key()) should be able to take additional
bits from the response (e.g. some hash over the answer to the
security question, see 12.6.-> interface EncryptedKeyShare in spec)
*/
- anastasis_encrypt (id,
+ anastasis_encrypt (&nonce,
+ id,
sizeof (struct ANASTASIS_CRYPTO_UserIdentifierP),
key_share,
sizeof (struct ANASTASIS_CRYPTO_KeyShareP),
@@ -431,6 +443,7 @@ ANASTASIS_CRYPTO_keyshare_decrypt (
void
ANASTASIS_CRYPTO_truth_encrypt (
+ const struct ANASTASIS_CRYPTO_NonceP *nonce,
const struct ANASTASIS_CRYPTO_TruthKeyP *truth_enc_key,
const void *truth,
size_t truth_size,
@@ -439,7 +452,8 @@ ANASTASIS_CRYPTO_truth_encrypt (
{
const char *salt = "ect";
- anastasis_encrypt (truth_enc_key,
+ anastasis_encrypt (nonce,
+ truth_enc_key,
sizeof (struct ANASTASIS_CRYPTO_TruthKeyP),
truth,
truth_size,
diff --git a/src/util/test_anastasis_crypto.c b/src/util/test_anastasis_crypto.c
index d3a4ea7..dbaf4fe 100644
--- a/src/util/test_anastasis_crypto.c
+++ b/src/util/test_anastasis_crypto.c
@@ -174,16 +174,20 @@ test_truth (void)
size_t size_plaintext;
struct ANASTASIS_CRYPTO_TruthKeyP truth_enc_key;
int ret;
+ struct ANASTASIS_CRYPTO_NonceP nonce;
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "TRUTH_BEFORE: %s\n",
+ TALER_b2s (test,
+ strlen (test)));
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
&truth_enc_key,
sizeof (struct ANASTASIS_CRYPTO_TruthKeyP));
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "TRUTH_BEFORE: %s\n",
- TALER_b2s (test, strlen (test)));
-
- ANASTASIS_CRYPTO_truth_encrypt (&truth_enc_key,
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
+ &nonce,
+ sizeof (nonce));
+ ANASTASIS_CRYPTO_truth_encrypt (&nonce,
+ &truth_enc_key,
test,
strlen (test),
&ciphertext,
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-anastasis] branch master updated: allow encryption nonce to be fixed for truth encryption to ensure truth upload idempotency can be detected,
gnunet <=