/*
This file is part of GNUnet.
- (C) 2001, 2002, 2003, 2004, 2005, 2006, 2013 Christian Grothoff (and other contributing authors)
+ Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2013 GNUnet e.V.
GNUnet is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published
You should have received a copy of the GNU General Public License
along with GNUnet; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- Boston, MA 02111-1307, USA.
+ Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ Boston, MA 02110-1301, USA.
*/
/**
*/
#include "platform.h"
-#include "gnunet_util_lib.h"
+#include "gnunet_crypto_lib.h"
#include <gcrypt.h>
-#define LOG(kind,...) GNUNET_log_from (kind, "util", __VA_ARGS__)
+#define LOG(kind,...) GNUNET_log_from (kind, "util-crypto-symmetric", __VA_ARGS__)
/**
* Create a new SessionKey (for symmetric encryption).
void
GNUNET_CRYPTO_symmetric_create_session_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key)
{
- gcry_randomize (key->aes_key,
+ gcry_randomize (key->aes_key,
GNUNET_CRYPTO_AES_KEY_LENGTH,
GCRY_STRONG_RANDOM);
- gcry_randomize (key->twofish_key,
+ gcry_randomize (key->twofish_key,
GNUNET_CRYPTO_AES_KEY_LENGTH,
GCRY_STRONG_RANDOM);
}
GNUNET_assert (0 ==
gcry_cipher_open (handle, GCRY_CIPHER_AES256,
GCRY_CIPHER_MODE_CFB, 0));
- rc = gcry_cipher_setkey (*handle,
- sessionkey->aes_key,
+ rc = gcry_cipher_setkey (*handle,
+ sessionkey->aes_key,
sizeof (sessionkey->aes_key));
GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
- rc = gcry_cipher_setiv (*handle,
- iv->aes_iv,
+ rc = gcry_cipher_setiv (*handle,
+ iv->aes_iv,
sizeof (iv->aes_iv));
GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
return GNUNET_OK;
int rc;
GNUNET_assert (0 ==
- gcry_cipher_open (handle, GCRY_CIPHER_TWOFISH,
+ gcry_cipher_open (handle, GCRY_CIPHER_TWOFISH,
GCRY_CIPHER_MODE_CFB, 0));
- rc = gcry_cipher_setkey (*handle,
- sessionkey->twofish_key,
+ rc = gcry_cipher_setkey (*handle,
+ sessionkey->twofish_key,
sizeof (sessionkey->twofish_key));
GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
- rc = gcry_cipher_setiv (*handle,
+ rc = gcry_cipher_setiv (*handle,
iv->twofish_iv,
sizeof (iv->twofish_iv));
GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
/**
- * Encrypt a block with the public key of another
- * host that uses the same cyper.
+ * Encrypt a block with a symmetric session key.
*
* @param block the block to encrypt
- * @param len the size of the @a block
+ * @param size the size of the @a block
* @param sessionkey the key used to encrypt
- * @param iv the initialization vector to use, use INITVALUE
- * for streams.
+ * @param iv the initialization vector to use, use INITVALUE for streams
* @param result the output parameter in which to store the encrypted result
- * @returns the size of the encrypted block, -1 for errors
+ * can be the same or overlap with @c block
+ * @returns the size of the encrypted block, -1 for errors.
+ * Due to the use of CFB and therefore an effective stream cipher,
+ * this size should be the same as @c len.
*/
ssize_t
-GNUNET_CRYPTO_symmetric_encrypt (const void *block, size_t len,
- const struct GNUNET_CRYPTO_SymmetricSessionKey *
- sessionkey,
- const struct GNUNET_CRYPTO_SymmetricInitializationVector *
- iv, void *result)
+GNUNET_CRYPTO_symmetric_encrypt (const void *block,
+ size_t size,
+ const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
+ const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
+ void *result)
{
gcry_cipher_hd_t handle;
- char tmp[len];
+ char tmp[size];
if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
return -1;
- GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, len, block, len));
+ GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, size, block, size));
gcry_cipher_close (handle);
if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
return -1;
- GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, len, tmp, len));
+ GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, tmp, size));
gcry_cipher_close (handle);
memset (tmp, 0, sizeof (tmp));
- return len;
+ return size;
}
/**
- * Decrypt a given block with the sessionkey.
+ * Decrypt a given block with the session key.
*
* @param block the data to decrypt, encoded as returned by encrypt
* @param size the size of the @a block to decrypt
* @param sessionkey the key used to decrypt
- * @param iv the initialization vector to use, use INITVALUE
- * for streams.
+ * @param iv the initialization vector to use, use INITVALUE for streams
* @param result address to store the result at
- * @return -1 on failure, size of decrypted block on success
+ * can be the same or overlap with @c block
+ * @return -1 on failure, size of decrypted block on success.
+ * Due to the use of CFB and therefore an effective stream cipher,
+ * this size should be the same as @c size.
*/
ssize_t
-GNUNET_CRYPTO_symmetric_decrypt (const void *block, size_t size,
- const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
- const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
- void *result)
+GNUNET_CRYPTO_symmetric_decrypt (const void *block,
+ size_t size,
+ const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey,
+ const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
+ void *result)
{
gcry_cipher_hd_t handle;
char tmp[size];
*/
void
GNUNET_CRYPTO_symmetric_derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
- const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
- const void *salt, size_t salt_len, ...)
+ const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
+ const void *salt,
+ size_t salt_len,
+ ...)
{
va_list argp;
*/
void
GNUNET_CRYPTO_symmetric_derive_iv_v (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
- const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
- const void *salt, size_t salt_len, va_list argp)
+ const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
+ const void *salt,
+ size_t salt_len,
+ va_list argp)
{
char aes_salt[salt_len + 4];
char twofish_salt[salt_len + 4];
- memcpy (aes_salt, salt, salt_len);
- memcpy (&aes_salt[salt_len], "AES!", 4);
- memcpy (twofish_salt, salt, salt_len);
- memcpy (&twofish_salt[salt_len], "FISH", 4);
- GNUNET_CRYPTO_kdf_v (iv->aes_iv, sizeof (iv->aes_iv),
- aes_salt, salt_len + 4,
- skey->aes_key, sizeof (skey->aes_key),
+ GNUNET_memcpy (aes_salt, salt, salt_len);
+ GNUNET_memcpy (&aes_salt[salt_len], "AES!", 4);
+ GNUNET_memcpy (twofish_salt, salt, salt_len);
+ GNUNET_memcpy (&twofish_salt[salt_len], "FISH", 4);
+ GNUNET_CRYPTO_kdf_v (iv->aes_iv,
+ sizeof (iv->aes_iv),
+ aes_salt,
+ salt_len + 4,
+ skey->aes_key,
+ sizeof (skey->aes_key),
argp);
- GNUNET_CRYPTO_kdf_v (iv->twofish_iv, sizeof (iv->twofish_iv),
- twofish_salt, salt_len + 4,
- skey->twofish_key, sizeof (skey->twofish_key),
+ GNUNET_CRYPTO_kdf_v (iv->twofish_iv,
+ sizeof (iv->twofish_iv),
+ twofish_salt,
+ salt_len + 4,
+ skey->twofish_key,
+ sizeof (skey->twofish_key),
argp);
}
-/* end of crypto_aes.c */
+/* end of crypto_symmetric.c */
projects / oweals / gnunet.git / blobdiff