Home Explore Help
Sign In
OWEALs
/
gnunet
mirror of https://gnunet.org/git/gnunet.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: v0.12.2
Branches Tags
gnunet
/
src
/
util
/
crypto_abe.c

crypto_abe.c 11 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438 
  1. /*
    2. 

  2.      This file is part of GNUnet.  Copyright (C) 2001-2014 Christian Grothoff
    3. 

  3.      (and other contributing authors)
    4. 

  4. 

  5.      GNUnet is free software: you can redistribute it and/or modify it
    6. 

  6.      under the terms of the GNU Affero General Public License as published
    7. 

  7.      by the Free Software Foundation, either version 3 of the License,
    8. 

  8.      or (at your option) any later version.
    9. 

  9. 

  10.      GNUnet is distributed in the hope that it will be useful, but
    11. 

  11.      WITHOUT ANY WARRANTY; without even the implied warranty of
    12. 

  12.      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    13. 

  13.      Affero General Public License for more details.
    14. 

  14. 

  15.      You should have received a copy of the GNU Affero General Public License
    16. 

  16.      along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17. 

  17. 

  18.      SPDX-License-Identifier: AGPL3.0-or-later
    19. 

  19. 

  20.  */
    21. 

  21. 

  22. /**
    23. 

  23.  * @file util/crypto_random.c
    24. 

  24.  * @brief functions to gather random numbers
    25. 

  25.  * @author Christian Grothoff
    26. 

  26.  */
    27. 

  27. 

  28. 

  29. #include "platform.h"
    30. 

  30. #include <pbc/pbc.h>
    31. 

  31. #include <gabe.h>
    32. 

  32. 

  33. #include "gnunet_crypto_lib.h"
    34. 

  34. 

  35. struct GNUNET_CRYPTO_AbeMasterKey
    36. 

  36. {
    37. 

  37.   gabe_pub_t*pub;
    38. 

  38.   gabe_msk_t*msk;
    39. 

  39. };
    40. 

  40. 

  41. struct GNUNET_CRYPTO_AbeKey
    42. 

  42. {
    43. 

  43.   gabe_pub_t*pub;
    44. 

  44.   gabe_prv_t*prv;
    45. 

  45. };
    46. 

  46. 

  47. static int
    48. 

  48. init_aes (element_t k, int enc,
    49. 

  49.           gcry_cipher_hd_t*handle,
    50. 

  50.           struct GNUNET_CRYPTO_SymmetricSessionKey *key,
    51. 

  51.           unsigned char*iv)
    52. 

  52. {
    53. 

  53.   int rc;
    54. 

  54.   int key_len;
    55. 

  55.   unsigned char*key_buf;
    56. 

  56. 

  57.   key_len = element_length_in_bytes (k) < 33 ? 3 : element_length_in_bytes (k);
    58. 

  58.   key_buf = (unsigned char *) malloc (key_len);
    59. 

  59.   element_to_bytes (key_buf, k);
    60. 

  60. 

  61.   GNUNET_memcpy (key->aes_key,
    62. 

  62.                  key_buf,
    63. 

  63.                  GNUNET_CRYPTO_AES_KEY_LENGTH);
    64. 

  64.   GNUNET_assert (0 ==
    65. 

  65.                  gcry_cipher_open (handle, GCRY_CIPHER_AES256,
    66. 

  66.                                    GCRY_CIPHER_MODE_CFB, 0));
    67. 

  67.   rc = gcry_cipher_setkey (*handle,
    68. 

  68.                            key->aes_key,
    69. 

  69.                            sizeof(key->aes_key));
    70. 

  70.   GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
    71. 

  71.   memset (iv, 0, 16);  // TODO make reasonable
    72. 

  72.   rc = gcry_cipher_setiv (*handle,
    73. 

  73.                           iv,
    74. 

  74.                           16);
    75. 

  75.   GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
    76. 

  76. 

  77.   free (key_buf);
    78. 

  78.   return rc;
    79. 

  79. }
    80. 

  80. 

  81. 

  82. static int
    83. 

  83. aes_128_cbc_encrypt (char*pt,
    84. 

  84.                      int size,
    85. 

  85.                      element_t k,
    86. 

  86.                      char **ct)
    87. 

  87. {
    88. 

  88.   gcry_cipher_hd_t handle;
    89. 

  89.   struct GNUNET_CRYPTO_SymmetricSessionKey skey;
    90. 

  90.   unsigned char iv[16];
    91. 

  91.   char*buf;
    92. 

  92.   int padding;
    93. 

  93.   int buf_size;
    94. 

  94.   uint8_t len[4];
    95. 

  95. 

  96.   init_aes (k, 1, &handle, &skey, iv);
    97. 

  97. 

  98.   /* TODO make less crufty */
    99. 

  99. 

  100.   /* stuff in real length (big endian) before padding */
    101. 

  101.   len[0] = (size & 0xff000000) >> 24;
    102. 

  102.   len[1] = (size & 0xff0000) >> 16;
    103. 

  103.   len[2] = (size & 0xff00) >> 8;
    104. 

  104.   len[3] = (size & 0xff) >> 0;
    105. 

  105.   padding = 16 - ((4 + size) % 16);
    106. 

  106.   buf_size = 4 + size + padding;
    107. 

  107.   buf = GNUNET_malloc (buf_size);
    108. 

  108.   GNUNET_memcpy (buf, len, 4);
    109. 

  109.   GNUNET_memcpy (buf + 4, pt, size);
    110. 

  110.   *ct = GNUNET_malloc (buf_size);
    111. 

  111. 

  112.   GNUNET_assert (0 == gcry_cipher_encrypt (handle, *ct, buf_size, buf,
    113. 

  113.                                            buf_size));
    114. 

  114.   gcry_cipher_close (handle);
    115. 

  115.   // AES_cbc_encrypt(pt->data, ct->data, pt->len, &key, iv, AES_ENCRYPT);
    116. 

  116.   GNUNET_free (buf);
    117. 

  117.   return buf_size;
    118. 

  118. }
    119. 

  119. 

  120. 

  121. static int
    122. 

  122. aes_128_cbc_decrypt (char*ct,
    123. 

  123.                      int size,
    124. 

  124.                      element_t k,
    125. 

  125.                      char **pt)
    126. 

  126. {
    127. 

  127.   struct GNUNET_CRYPTO_SymmetricSessionKey skey;
    128. 

  128.   gcry_cipher_hd_t handle;
    129. 

  129.   unsigned char iv[16];
    130. 

  130.   char*tmp;
    131. 

  131.   uint32_t len;
    132. 

  132. 

  133.   init_aes (k, 1, &handle, &skey, iv);
    134. 

  134. 

  135.   tmp = GNUNET_malloc (size);
    136. 

  136. 

  137.   // AES_cbc_encrypt(ct->data, pt->data, ct->len, &key, iv, AES_DECRYPT);
    138. 

  138.   GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, ct, size));
    139. 

  139.   gcry_cipher_close (handle);
    140. 

  140.   /* TODO make less crufty */
    141. 

  141. 

  142.   /* get real length */
    143. 

  143.   len = 0;
    144. 

  144.   len = len
    145. 

  145.         | ((tmp[0]) << 24) | ((tmp[1]) << 16)
    146. 

  146.         | ((tmp[2]) << 8) | ((tmp[3]) << 0);
    147. 

  147.   /* truncate any garbage from the padding */
    148. 

  148.   *pt = GNUNET_malloc (len);
    149. 

  149.   GNUNET_memcpy (*pt, tmp + 4, len);
    150. 

  150.   GNUNET_free (tmp);
    151. 

  151.   return len;
    152. 

  152. }
    153. 

  153. 

  154. 

  155. struct GNUNET_CRYPTO_AbeMasterKey*
    156. 

  156. GNUNET_CRYPTO_cpabe_create_master_key (void)
    157. 

  157. {
    158. 

  158.   struct GNUNET_CRYPTO_AbeMasterKey*key;
    159. 

  159. 

  160.   key = GNUNET_new (struct GNUNET_CRYPTO_AbeMasterKey);
    161. 

  161.   gabe_setup (&key->pub, &key->msk);
    162. 

  162.   GNUNET_assert (NULL != key->pub);
    163. 

  163.   GNUNET_assert (NULL != key->msk);
    164. 

  164.   return key;
    165. 

  165. }
    166. 

  166. 

  167. 

  168. void
    169. 

  169. GNUNET_CRYPTO_cpabe_delete_master_key (struct GNUNET_CRYPTO_AbeMasterKey *key)
    170. 

  170. {
    171. 

  171.   gabe_msk_free (key->msk);
    172. 

  172.   gabe_pub_free (key->pub);
    173. 

  173.   // GNUNET_free (key->msk);
    174. 

  174.   // gabe_msk_free (key->msk); //For some reason free of pub implicit?
    175. 

  175.   GNUNET_free (key);
    176. 

  176. }
    177. 

  177. 

  178. 

  179. struct GNUNET_CRYPTO_AbeKey*
    180. 

  180. GNUNET_CRYPTO_cpabe_create_key (struct GNUNET_CRYPTO_AbeMasterKey *key,
    181. 

  181.                                 char **attrs)
    182. 

  182. {
    183. 

  183.   struct GNUNET_CRYPTO_AbeKey *prv_key;
    184. 

  184.   int size;
    185. 

  185.   char *tmp;
    186. 

  186. 

  187.   prv_key = GNUNET_new (struct GNUNET_CRYPTO_AbeKey);
    188. 

  188.   prv_key->prv = gabe_keygen (key->pub, key->msk, attrs);
    189. 

  189.   size = gabe_pub_serialize (key->pub, &tmp);
    190. 

  190.   prv_key->pub = gabe_pub_unserialize (tmp, size);
    191. 

  191.   GNUNET_free (tmp);
    192. 

  192.   GNUNET_assert (NULL != prv_key->prv);
    193. 

  193.   return prv_key;
    194. 

  194. }
    195. 

  195. 

  196. 

  197. void
    198. 

  198. GNUNET_CRYPTO_cpabe_delete_key (struct GNUNET_CRYPTO_AbeKey *key,
    199. 

  199.                                 int delete_pub)
    200. 

  200. {
    201. 

  201.   // Memory management in gabe is buggy
    202. 

  202.   gabe_prv_free (key->prv);
    203. 

  203.   if (GNUNET_YES == delete_pub)
    204. 

  204.     gabe_pub_free (key->pub);
    205. 

  205.   GNUNET_free (key);
    206. 

  206. }
    207. 

  207. 

  208. 

  209. ssize_t
    210. 

  210. write_cpabe (void **result,
    211. 

  211.              uint32_t file_len,
    212. 

  212.              char*cph_buf,
    213. 

  213.              int cph_buf_len,
    214. 

  214.              char*aes_buf,
    215. 

  215.              int aes_buf_len)
    216. 

  216. {
    217. 

  217.   char *ptr;
    218. 

  218.   uint32_t *len;
    219. 

  219. 

  220.   *result = GNUNET_malloc (12 + cph_buf_len + aes_buf_len);
    221. 

  221.   ptr = *result;
    222. 

  222.   len = (uint32_t *) ptr;
    223. 

  223.   *len = htonl (file_len);
    224. 

  224.   ptr += 4;
    225. 

  225.   len = (uint32_t *) ptr;
    226. 

  226.   *len = htonl (aes_buf_len);
    227. 

  227.   ptr += 4;
    228. 

  228.   GNUNET_memcpy (ptr, aes_buf, aes_buf_len);
    229. 

  229.   ptr += aes_buf_len;
    230. 

  230.   len = (uint32_t *) ptr;
    231. 

  231.   *len = htonl (cph_buf_len);
    232. 

  232.   ptr += 4;
    233. 

  233.   GNUNET_memcpy (ptr, cph_buf, cph_buf_len);
    234. 

  234.   return 12 + cph_buf_len + aes_buf_len;
    235. 

  235. }
    236. 

  236. 

  237. 

  238. ssize_t
    239. 

  239. read_cpabe (const void *data,
    240. 

  240.             char**cph_buf,
    241. 

  241.             int *cph_buf_len,
    242. 

  242.             char**aes_buf,
    243. 

  243.             int *aes_buf_len)
    244. 

  244. {
    245. 

  245.   int buf_len;
    246. 

  246.   char *ptr;
    247. 

  247.   uint32_t *len;
    248. 

  248. 

  249.   ptr = (char *) data;
    250. 

  250.   len = (uint32_t *) ptr;
    251. 

  251.   buf_len = ntohl (*len);
    252. 

  252.   ptr += 4;
    253. 

  253.   len = (uint32_t *) ptr;
    254. 

  254.   *aes_buf_len = ntohl (*len);
    255. 

  255.   ptr += 4;
    256. 

  256.   *aes_buf = GNUNET_malloc (*aes_buf_len);
    257. 

  257.   GNUNET_memcpy (*aes_buf, ptr, *aes_buf_len);
    258. 

  258.   ptr += *aes_buf_len;
    259. 

  259.   len = (uint32_t *) ptr;
    260. 

  260.   *cph_buf_len = ntohl (*len);
    261. 

  261.   ptr += 4;
    262. 

  262.   *cph_buf = GNUNET_malloc (*cph_buf_len);
    263. 

  263.   GNUNET_memcpy (*cph_buf, ptr, *cph_buf_len);
    264. 

  264. 

  265.   return buf_len;
    266. 

  266. }
    267. 

  267. 

  268. 

  269. ssize_t
    270. 

  270. GNUNET_CRYPTO_cpabe_encrypt (const void *block,
    271. 

  271.                              size_t size,
    272. 

  272.                              const char *policy,
    273. 

  273.                              const struct GNUNET_CRYPTO_AbeMasterKey *key,
    274. 

  274.                              void **result)
    275. 

  275. {
    276. 

  276.   gabe_cph_t*cph;
    277. 

  277.   char*plt;
    278. 

  278.   char*cph_buf;
    279. 

  279.   char*aes_buf;
    280. 

  280.   element_t m;
    281. 

  281.   int cph_buf_len;
    282. 

  282.   int aes_buf_len;
    283. 

  283.   ssize_t result_len;
    284. 

  284. 

  285.   if (! (cph = gabe_enc (key->pub, m, (char *) policy)))
    286. 

  286.     return GNUNET_SYSERR;
    287. 

  287.   cph_buf_len = gabe_cph_serialize (cph,
    288. 

  288.                                     &cph_buf);
    289. 

  289.   gabe_cph_free (cph);
    290. 

  290.   GNUNET_free (cph);
    291. 

  291.   plt = GNUNET_memdup (block, size);
    292. 

  292.   aes_buf_len = aes_128_cbc_encrypt (plt, size, m, &aes_buf);
    293. 

  293.   GNUNET_free (plt);
    294. 

  294.   element_clear (m);
    295. 

  295.   result_len = write_cpabe (result, size, cph_buf, cph_buf_len, aes_buf,
    296. 

  296.                             aes_buf_len);
    297. 

  297.   GNUNET_free (cph_buf);
    298. 

  298.   GNUNET_free (aes_buf);
    299. 

  299.   return result_len;
    300. 

  300. }
    301. 

  301. 

  302. 

  303. ssize_t
    304. 

  304. GNUNET_CRYPTO_cpabe_decrypt (const void *block,
    305. 

  305.                              size_t size,
    306. 

  306.                              const struct GNUNET_CRYPTO_AbeKey *key,
    307. 

  307.                              void **result)
    308. 

  308. {
    309. 

  309.   char*aes_buf;
    310. 

  310.   char*cph_buf;
    311. 

  311.   gabe_cph_t*cph;
    312. 

  312.   element_t m;
    313. 

  313.   int cph_buf_size;
    314. 

  314.   int aes_buf_size;
    315. 

  315.   int plt_len;
    316. 

  316. 

  317.   read_cpabe (block, &cph_buf, &cph_buf_size, &aes_buf, &aes_buf_size);
    318. 

  318.   cph = gabe_cph_unserialize (key->pub, cph_buf, cph_buf_size);
    319. 

  319.   if (! gabe_dec (key->pub, key->prv, cph, m))
    320. 

  320.   {
    321. 

  321.     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
    322. 

  322.                 "%s\n", gabe_error ());
    323. 

  323.     GNUNET_free (aes_buf);
    324. 

  324.     GNUNET_free (cph_buf);
    325. 

  325.     gabe_cph_free (cph);
    326. 

  326.     GNUNET_free (cph);
    327. 

  327.     element_clear (m);
    328. 

  328.     return GNUNET_SYSERR;
    329. 

  329.   }
    330. 

  330.   gabe_cph_free (cph);
    331. 

  331.   GNUNET_free (cph);
    332. 

  332.   plt_len = aes_128_cbc_decrypt (aes_buf, aes_buf_size, m, (char **) result);
    333. 

  333.   GNUNET_free (cph_buf);
    334. 

  334.   GNUNET_free (aes_buf);
    335. 

  335.   element_clear (m);
    336. 

  336.   // freeing is buggy in gabe
    337. 

  337.   // gabe_prv_free (prv);
    338. 

  338.   // gabe_pub_free (pub);
    339. 

  339.   return plt_len;
    340. 

  340. }
    341. 

  341. 

  342. 

  343. ssize_t
    344. 

  344. GNUNET_CRYPTO_cpabe_serialize_key (const struct GNUNET_CRYPTO_AbeKey *key,
    345. 

  345.                                    void **result)
    346. 

  346. {
    347. 

  347.   ssize_t len;
    348. 

  348.   char *pub;
    349. 

  349.   char *prv;
    350. 

  350.   int pub_len;
    351. 

  351.   int prv_len;
    352. 

  352. 

  353.   pub_len = gabe_pub_serialize (key->pub, &pub);
    354. 

  354.   prv_len = gabe_prv_serialize (key->prv, &prv);
    355. 

  355. 

  356.   len = pub_len + prv_len + 12;
    357. 

  357.   write_cpabe (result, len, pub, pub_len, prv, prv_len);
    358. 

  358. 

  359.   GNUNET_free (pub);
    360. 

  360.   GNUNET_free (prv);
    361. 

  361. 

  362.   return len;
    363. 

  363. }
    364. 

  364. 

  365. 

  366. struct GNUNET_CRYPTO_AbeKey*
    367. 

  367. GNUNET_CRYPTO_cpabe_deserialize_key (const void *data,
    368. 

  368.                                      size_t len)
    369. 

  369. {
    370. 

  370.   struct GNUNET_CRYPTO_AbeKey *key;
    371. 

  371.   char *pub;
    372. 

  372.   char *prv;
    373. 

  373.   int prv_len;
    374. 

  374.   int pub_len;
    375. 

  375. 

  376.   key = GNUNET_new (struct GNUNET_CRYPTO_AbeKey);
    377. 

  377.   read_cpabe (data,
    378. 

  378.               &pub,
    379. 

  379.               &pub_len,
    380. 

  380.               &prv,
    381. 

  381.               &prv_len);
    382. 

  382.   key->pub = gabe_pub_unserialize (pub, pub_len);
    383. 

  383.   key->prv = gabe_prv_unserialize (key->pub, prv, prv_len);
    384. 

  384. 

  385.   GNUNET_free (pub);
    386. 

  386.   GNUNET_free (prv);
    387. 

  387.   return key;
    388. 

  388. }
    389. 

  389. 

  390. 

  391. ssize_t
    392. 

  392. GNUNET_CRYPTO_cpabe_serialize_master_key (const struct
    393. 

  393.                                           GNUNET_CRYPTO_AbeMasterKey *key,
    394. 

  394.                                           void **result)
    395. 

  395. {
    396. 

  396.   ssize_t len;
    397. 

  397.   char *pub;
    398. 

  398.   char *msk;
    399. 

  399.   int pub_len;
    400. 

  400.   int msk_len;
    401. 

  401. 

  402.   pub_len = gabe_pub_serialize (key->pub, &pub);
    403. 

  403.   msk_len = gabe_msk_serialize (key->msk, &msk);
    404. 

  404. 

  405.   len = pub_len + msk_len + 12;
    406. 

  406.   write_cpabe (result, len, pub, pub_len, msk, msk_len);
    407. 

  407. 

  408.   GNUNET_free (pub);
    409. 

  409.   GNUNET_free (msk);
    410. 

  410. 

  411.   return len;
    412. 

  412. }
    413. 

  413. 

  414. 

  415. struct GNUNET_CRYPTO_AbeMasterKey*
    416. 

  416. GNUNET_CRYPTO_cpabe_deserialize_master_key (const void *data,
    417. 

  417.                                             size_t len)
    418. 

  418. {
    419. 

  419.   struct GNUNET_CRYPTO_AbeMasterKey *key;
    420. 

  420.   char *msk;
    421. 

  421.   char *pub;
    422. 

  422.   int msk_len;
    423. 

  423.   int pub_len;
    424. 

  424. 

  425.   key = GNUNET_new (struct GNUNET_CRYPTO_AbeMasterKey);
    426. 

  426.   read_cpabe (data,
    427. 

  427.               &pub,
    428. 

  428.               &pub_len,
    429. 

  429.               &msk,
    430. 

  430.               &msk_len);
    431. 

  431.   key->pub = gabe_pub_unserialize (pub, pub_len);
    432. 

  432.   key->msk = gabe_msk_unserialize (key->pub, msk, msk_len);
    433. 

  433. 

  434.   GNUNET_free (pub);
    435. 

  435.   GNUNET_free (msk);
    436. 

  436. 

  437.   return key;
    438. 

  438. }
    439.