*/
#include "platform.h"
-#include "gnunet_common.h"
-#include "gnunet_crypto_lib.h"
+#include "gnunet_util_lib.h"
#include <gcrypt.h>
#define LOG(kind,...) GNUNET_log_from (kind, "util", __VA_ARGS__)
void
GNUNET_CRYPTO_symmetric_create_session_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key)
{
- gcry_randomize (key->aes_key,
+ gcry_randomize (key->aes_key,
GNUNET_CRYPTO_AES_KEY_LENGTH,
GCRY_STRONG_RANDOM);
- gcry_randomize (key->twofish_key,
+ gcry_randomize (key->twofish_key,
GNUNET_CRYPTO_AES_KEY_LENGTH,
GCRY_STRONG_RANDOM);
}
GNUNET_assert (0 ==
gcry_cipher_open (handle, GCRY_CIPHER_AES256,
GCRY_CIPHER_MODE_CFB, 0));
- rc = gcry_cipher_setkey (*handle,
- sessionkey->aes_key,
+ rc = gcry_cipher_setkey (*handle,
+ sessionkey->aes_key,
sizeof (sessionkey->aes_key));
GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
- rc = gcry_cipher_setiv (*handle,
- iv->aes_iv,
+ rc = gcry_cipher_setiv (*handle,
+ iv->aes_iv,
sizeof (iv->aes_iv));
GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
return GNUNET_OK;
int rc;
GNUNET_assert (0 ==
- gcry_cipher_open (handle, GCRY_CIPHER_TWOFISH,
+ gcry_cipher_open (handle, GCRY_CIPHER_TWOFISH,
GCRY_CIPHER_MODE_CFB, 0));
- rc = gcry_cipher_setkey (*handle,
- sessionkey->twofish_key,
+ rc = gcry_cipher_setkey (*handle,
+ sessionkey->twofish_key,
sizeof (sessionkey->twofish_key));
GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
- rc = gcry_cipher_setiv (*handle,
+ rc = gcry_cipher_setiv (*handle,
iv->twofish_iv,
sizeof (iv->twofish_iv));
GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
/**
- * Encrypt a block with the public key of another
- * host that uses the same cyper.
+ * Encrypt a block with a symmetric session key.
*
* @param block the block to encrypt
- * @param len the size of the @a block
+ * @param size the size of the @a block
* @param sessionkey the key used to encrypt
- * @param iv the initialization vector to use, use INITVALUE
- * for streams.
+ * @param iv the initialization vector to use, use INITVALUE for streams
* @param result the output parameter in which to store the encrypted result
- * @returns the size of the encrypted block, -1 for errors
+ * can be the same or overlap with @c block
+ * @returns the size of the encrypted block, -1 for errors.
+ * Due to the use of CFB and therefore an effective stream cipher,
+ * this size should be the same as @c len.
*/
ssize_t
-GNUNET_CRYPTO_symmetric_encrypt (const void *block, size_t len,
- const struct GNUNET_CRYPTO_SymmetricSessionKey *
- sessionkey,
- const struct GNUNET_CRYPTO_SymmetricInitializationVector *
- iv, void *result)
+GNUNET_CRYPTO_symmetric_encrypt (const void *block,
+ size_t size,
+ const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
+ const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
+ void *result)
{
gcry_cipher_hd_t handle;
- char tmp[len];
+ char tmp[size];
if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
return -1;
- GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, len, block, len));
+ GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, size, block, size));
gcry_cipher_close (handle);
if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
return -1;
- GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, len, tmp, len));
+ GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, tmp, size));
gcry_cipher_close (handle);
memset (tmp, 0, sizeof (tmp));
- return len;
+ return size;
}
/**
- * Decrypt a given block with the sessionkey.
+ * Decrypt a given block with the session key.
*
* @param block the data to decrypt, encoded as returned by encrypt
* @param size the size of the @a block to decrypt
* @param sessionkey the key used to decrypt
- * @param iv the initialization vector to use, use INITVALUE
- * for streams.
+ * @param iv the initialization vector to use, use INITVALUE for streams
* @param result address to store the result at
- * @return -1 on failure, size of decrypted block on success
+ * can be the same or overlap with @c block
+ * @return -1 on failure, size of decrypted block on success.
+ * Due to the use of CFB and therefore an effective stream cipher,
+ * this size should be the same as @c size.
*/
ssize_t
GNUNET_CRYPTO_symmetric_decrypt (const void *block, size_t size,
- const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
- const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
- void *result)
+ const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
+ const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
+ void *result)
{
gcry_cipher_hd_t handle;
char tmp[size];
memcpy (&aes_salt[salt_len], "AES!", 4);
memcpy (twofish_salt, salt, salt_len);
memcpy (&twofish_salt[salt_len], "FISH", 4);
- GNUNET_CRYPTO_kdf_v (iv->aes_iv, sizeof (iv->aes_iv),
- aes_salt, salt_len + 4,
- skey->aes_key, sizeof (skey->aes_key),
+ GNUNET_CRYPTO_kdf_v (iv->aes_iv, sizeof (iv->aes_iv),
+ aes_salt, salt_len + 4,
+ skey->aes_key, sizeof (skey->aes_key),
argp);
GNUNET_CRYPTO_kdf_v (iv->twofish_iv, sizeof (iv->twofish_iv),
- twofish_salt, salt_len + 4,
- skey->twofish_key, sizeof (skey->twofish_key),
+ twofish_salt, salt_len + 4,
+ skey->twofish_key, sizeof (skey->twofish_key),
argp);
}