#include "fs_tree.h"
+/**
+ * Derive the key for symmetric encryption/decryption from
+ * the public key and the label.
+ *
+ * @param skey where to store symmetric key
+ * @param iv where to store the IV
+ * @param label label to use for key derivation
+ * @param pub public key to use for key derivation
+ */
+static void
+derive_ublock_encryption_key (struct GNUNET_CRYPTO_AesSessionKey *skey,
+ struct GNUNET_CRYPTO_AesInitializationVector *iv,
+ const char *label,
+ const struct GNUNET_CRYPTO_EccPublicKey *pub)
+{
+ struct GNUNET_HashCode key;
+
+ /* derive key from 'label' and public key of the namespace */
+ GNUNET_assert (GNUNET_YES ==
+ GNUNET_CRYPTO_kdf (&key, sizeof (key),
+ "UBLOCK-ENC", strlen ("UBLOCK-ENC"),
+ label, strlen (label),
+ pub, sizeof (*pub),
+ NULL, 0));
+ GNUNET_CRYPTO_hash_to_aes_key (&key, skey, iv);
+}
+
+
/**
* Decrypt the given UBlock, storing the result in output.
*
const char *label,
void *output)
{
- GNUNET_break (0);
+ struct GNUNET_CRYPTO_AesInitializationVector iv;
+ struct GNUNET_CRYPTO_AesSessionKey skey;
+
+ derive_ublock_encryption_key (&skey, &iv,
+ label, ns);
+ GNUNET_CRYPTO_aes_decrypt (input, input_len,
+ &skey, &iv,
+ output);
}
GNUNET_FS_UBlockContinuation cont, void *cont_cls)
{
struct GNUNET_FS_PublishUblockContext *uc;
- struct GNUNET_HashCode key;
- struct GNUNET_HashCode seed;
- struct GNUNET_HashCode signing_key;
struct GNUNET_HashCode query;
- struct GNUNET_CRYPTO_AesSessionKey skey;
struct GNUNET_CRYPTO_AesInitializationVector iv;
+ struct GNUNET_CRYPTO_AesSessionKey skey;
struct GNUNET_CRYPTO_EccPrivateKey *nsd;
struct GNUNET_CRYPTO_EccPublicKey pub;
char *uris;
GNUNET_assert (mdsize >= 0);
uris = GNUNET_FS_uri_to_string (uri);
slen = strlen (uris) + 1;
- ulen = strlen (ulabel) + 1;
+ if (NULL == ulabel)
+ ulen = 1;
+ else
+ ulen = strlen (ulabel) + 1;
size = mdsize + sizeof (struct UBlock) + slen + ulen;
if (size > MAX_UBLOCK_SIZE)
{
}
ub_plain = GNUNET_malloc (size);
kbe = (char *) &ub_plain[1];
- memcpy (kbe, ulabel, ulen);
+ if (NULL != ulabel)
+ memcpy (kbe, ulabel, ulen);
kbe += ulen;
memcpy (kbe, uris, slen);
kbe += slen;
}
size = sizeof (struct UBlock) + slen + mdsize + ulen;
- /* derive signing seed from plaintext */
- GNUNET_CRYPTO_hash (&ub_plain[1],
- ulen + slen + mdsize,
- &seed);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Publishing under identifier `%s'\n",
label);
/* get public key of the namespace */
GNUNET_CRYPTO_ecc_key_get_public (ns,
&pub);
- /* derive key from 'label' and public key of the namespace */
- GNUNET_assert (GNUNET_YES ==
- GNUNET_CRYPTO_kdf (&key, sizeof (key),
- "UBLOCK-ENC", strlen ("UBLOCK-ENC"),
- label, strlen (label),
- &pub, sizeof (pub),
- NULL, 0));
- GNUNET_CRYPTO_hash_to_aes_key (&key, &skey, &iv);
+ derive_ublock_encryption_key (&skey, &iv,
+ label, &pub);
/* encrypt ublock */
ub_enc = GNUNET_malloc (size);
ub_enc->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_FS_UBLOCK);
/* derive signing-key from 'label' and public key of the namespace */
- GNUNET_assert (GNUNET_YES ==
- GNUNET_CRYPTO_kdf (&signing_key, sizeof (signing_key),
- "UBLOCK-SIGN", strlen ("UBLOCK-SIGN"),
- label, strlen (label),
- &pub, sizeof (pub),
- NULL, 0));
- nsd = GNUNET_CRYPTO_ecc_key_derive (ns, label);
+ nsd = GNUNET_CRYPTO_ecc_key_derive (ns, label, "fs-ublock");
GNUNET_CRYPTO_ecc_key_get_public (nsd,
&ub_enc->verification_key);
GNUNET_assert (GNUNET_OK ==
GNUNET_CRYPTO_hash (&ub_enc->verification_key,
sizeof (ub_enc->verification_key),
&query);
- GNUNET_CRYPTO_ecc_key_free (nsd);
+ GNUNET_free (nsd);
uc = GNUNET_new (struct GNUNET_FS_PublishUblockContext);
uc->cont = cont;