2 This file is part of GNUnet.
3 Copyright (C) 2009-2013, 2018 GNUnet e.V.
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 * @file gnsrecord/gnsrecord_crypto.c
21 * @brief API for GNS record-related crypto
22 * @author Martin Schanzenbach
23 * @author Matthias Wachs
24 * @author Christian Grothoff
27 #include "gnunet_util_lib.h"
28 #include "gnunet_constants.h"
29 #include "gnunet_signatures.h"
30 #include "gnunet_arm_service.h"
31 #include "gnunet_gnsrecord_lib.h"
32 #include "gnunet_dnsparser_lib.h"
33 #include "gnunet_tun_lib.h"
36 #define LOG(kind,...) GNUNET_log_from (kind, "gnsrecord",__VA_ARGS__)
40 * Derive session key and iv from label and public key.
42 * @param iv initialization vector to initialize
43 * @param skey session key to initialize
44 * @param label label to use for KDF
45 * @param pub public key to use for KDF
48 derive_block_aes_key (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
49 struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
51 const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
53 static const char ctx_key[] = "gns-aes-ctx-key";
54 static const char ctx_iv[] = "gns-aes-ctx-iv";
56 GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey),
57 pub, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
58 label, strlen (label),
59 ctx_key, strlen (ctx_key),
61 GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector),
62 pub, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
63 label, strlen (label),
64 ctx_iv, strlen (ctx_iv),
70 * Sign name and records
72 * @param key the private key
73 * @param pkey associated public key
74 * @param expire block expiration
75 * @param label the name for the records
76 * @param rd record data
77 * @param rd_count number of records
78 * @return NULL on error (block too large)
80 struct GNUNET_GNSRECORD_Block *
81 block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
82 const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey,
83 struct GNUNET_TIME_Absolute expire,
85 const struct GNUNET_GNSRECORD_Data *rd,
86 unsigned int rd_count)
88 ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count,
90 struct GNUNET_GNSRECORD_Block *block;
91 struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey;
92 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
93 struct GNUNET_CRYPTO_SymmetricSessionKey skey;
94 struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL(rd_count)];
95 uint32_t rd_count_nbo;
96 struct GNUNET_TIME_Absolute now;
103 if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE)
108 /* convert relative to absolute times */
109 now = GNUNET_TIME_absolute_get ();
110 for (unsigned int i=0;i<rd_count;i++)
113 if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
115 struct GNUNET_TIME_Relative t;
117 /* encrypted blocks must never have relative expiration times, convert! */
118 rdc[i].flags &= ~GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
119 t.rel_value_us = rdc[i].expiration_time;
120 rdc[i].expiration_time = GNUNET_TIME_absolute_add (now, t).abs_value_us;
124 rd_count_nbo = htonl (rd_count);
126 char payload[sizeof (uint32_t) + payload_len];
128 GNUNET_memcpy (payload,
131 GNUNET_assert (payload_len ==
132 GNUNET_GNSRECORD_records_serialize (rd_count,
135 &payload[sizeof (uint32_t)]));
136 block = GNUNET_malloc (sizeof (struct GNUNET_GNSRECORD_Block) +
139 block->purpose.size = htonl (sizeof (uint32_t) +
141 sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
142 sizeof (struct GNUNET_TIME_AbsoluteNBO));
143 block->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
144 block->expiration_time = GNUNET_TIME_absolute_hton (expire);
145 /* encrypt and sign */
146 dkey = GNUNET_CRYPTO_ecdsa_private_key_derive (key,
149 GNUNET_CRYPTO_ecdsa_key_get_public (dkey,
150 &block->derived_key);
151 derive_block_aes_key (&iv,
155 GNUNET_break (payload_len + sizeof (uint32_t) ==
156 GNUNET_CRYPTO_symmetric_encrypt (payload,
157 payload_len + sizeof (uint32_t),
163 GNUNET_CRYPTO_ecdsa_sign (dkey,
178 * Sign name and records
180 * @param key the private key
181 * @param expire block expiration
182 * @param label the name for the records
183 * @param rd record data
184 * @param rd_count number of records
185 * @return NULL on error (block too large)
187 struct GNUNET_GNSRECORD_Block *
188 GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
189 struct GNUNET_TIME_Absolute expire,
191 const struct GNUNET_GNSRECORD_Data *rd,
192 unsigned int rd_count)
194 struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
196 GNUNET_CRYPTO_ecdsa_key_get_public (key,
198 return block_create (key,
208 * Line in cache mapping private keys to public keys.
215 struct GNUNET_CRYPTO_EcdsaPrivateKey key;
218 * Associated public key.
220 struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
226 * Sign name and records, cache derived public key (also keeps the
227 * private key in static memory, so do not use this function if
228 * keeping the private key in the process'es RAM is a major issue).
230 * @param key the private key
231 * @param expire block expiration
232 * @param label the name for the records
233 * @param rd record data
234 * @param rd_count number of records
235 * @return NULL on error (block too large)
237 struct GNUNET_GNSRECORD_Block *
238 GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
239 struct GNUNET_TIME_Absolute expire,
241 const struct GNUNET_GNSRECORD_Data *rd,
242 unsigned int rd_count)
245 static struct KeyCacheLine cache[CSIZE];
246 struct KeyCacheLine *line;
248 line = &cache[(*(unsigned int *) key) % CSIZE];
249 if (0 != memcmp (&line->key,
253 /* cache miss, recompute */
255 GNUNET_CRYPTO_ecdsa_key_get_public (key,
259 return block_create (key,
270 * Check if a signature is valid. This API is used by the GNS Block
271 * to validate signatures received from the network.
273 * @param block block to verify
274 * @return #GNUNET_OK if the signature is valid
277 GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block)
279 return GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
282 &block->derived_key);
289 * @param block block to decrypt
290 * @param zone_key public key of the zone
291 * @param label the name for the records
292 * @param proc function to call with the result
293 * @param proc_cls closure for proc
294 * @return #GNUNET_OK on success, #GNUNET_SYSERR if the block was
298 GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block,
299 const struct GNUNET_CRYPTO_EcdsaPublicKey *zone_key,
301 GNUNET_GNSRECORD_RecordCallback proc,
304 size_t payload_len = ntohl (block->purpose.size) -
305 sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) -
306 sizeof (struct GNUNET_TIME_AbsoluteNBO);
307 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
308 struct GNUNET_CRYPTO_SymmetricSessionKey skey;
310 if (ntohl (block->purpose.size) <
311 sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
312 sizeof (struct GNUNET_TIME_AbsoluteNBO))
315 return GNUNET_SYSERR;
317 derive_block_aes_key (&iv,
322 char payload[payload_len];
325 GNUNET_break (payload_len ==
326 GNUNET_CRYPTO_symmetric_decrypt (&block[1], payload_len,
329 GNUNET_memcpy (&rd_count,
332 rd_count = ntohl (rd_count);
335 /* limit to sane value */
337 return GNUNET_SYSERR;
340 struct GNUNET_GNSRECORD_Data rd[GNUNET_NZL(rd_count)];
342 struct GNUNET_TIME_Absolute now;
345 GNUNET_GNSRECORD_records_deserialize (payload_len - sizeof (uint32_t),
346 &payload[sizeof (uint32_t)],
351 return GNUNET_SYSERR;
353 /* hide expired records */
354 now = GNUNET_TIME_absolute_get ();
356 for (unsigned int i=0;i<rd_count;i++)
358 if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
360 /* encrypted blocks must never have relative expiration times, skip! */
365 if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD))
367 int include_record = GNUNET_YES;
368 /* Shadow record, figure out if we have a not expired active record */
369 for (unsigned int k=0;k<rd_count;k++)
373 if (rd[i].expiration_time < now.abs_value_us)
374 include_record = GNUNET_NO; /* Shadow record is expired */
375 if ( (rd[k].record_type == rd[i].record_type) &&
376 (rd[k].expiration_time >= now.abs_value_us) &&
377 (0 == (rd[k].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD)) )
379 include_record = GNUNET_NO; /* We have a non-expired, non-shadow record of the same type */
383 if (GNUNET_YES == include_record)
385 rd[i].flags ^= GNUNET_GNSRECORD_RF_SHADOW_RECORD; /* Remove Flag */
391 else if (rd[i].expiration_time >= now.abs_value_us)
393 /* Include this record */
403 (0 != rd_count) ? rd : NULL);
411 * Calculate the DHT query for a given @a label in a given @a zone.
413 * @param zone private key of the zone
414 * @param label label of the record
415 * @param query hash to use for the query
418 GNUNET_GNSRECORD_query_from_private_key (const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
420 struct GNUNET_HashCode *query)
422 struct GNUNET_CRYPTO_EcdsaPublicKey pub;
424 GNUNET_CRYPTO_ecdsa_key_get_public (zone,
426 GNUNET_GNSRECORD_query_from_public_key (&pub,
433 * Calculate the DHT query for a given @a label in a given @a zone.
435 * @param pub public key of the zone
436 * @param label label of the record
437 * @param query hash to use for the query
440 GNUNET_GNSRECORD_query_from_public_key (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
442 struct GNUNET_HashCode *query)
444 struct GNUNET_CRYPTO_EcdsaPublicKey pd;
446 GNUNET_CRYPTO_ecdsa_public_key_derive (pub,
450 GNUNET_CRYPTO_hash (&pd,
456 /* end of gnsrecord_crypto.c */