X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=src%2Futil%2Fcrypto_aes.c;h=8b031f3677a08f97dca0cd6a3189536bcd084e4c;hb=f491ac4fab469421986f77df0bbf79fefc417786;hp=28a65dfcaf3a785e1957168a8b5f35146302d8fc;hpb=0a217a8df1657b4334b55b0e4a6c7837a8dbcfd9;p=oweals%2Fgnunet.git diff --git a/src/util/crypto_aes.c b/src/util/crypto_aes.c index 28a65dfca..8b031f367 100644 --- a/src/util/crypto_aes.c +++ b/src/util/crypto_aes.c @@ -30,6 +30,8 @@ #include "gnunet_crypto_lib.h" #include +#define LOG(kind,...) GNUNET_log_from (kind, "util", __VA_ARGS__) + /** * Create a new SessionKey (for AES-256). */ @@ -39,7 +41,7 @@ GNUNET_CRYPTO_aes_create_session_key (struct GNUNET_CRYPTO_AesSessionKey *key) gcry_randomize (&key->key[0], GNUNET_CRYPTO_AES_KEY_LENGTH, GCRY_STRONG_RANDOM); key->crc32 = - htonl (GNUNET_CRYPTO_crc32_n (key, GNUNET_CRYPTO_AES_KEY_LENGTH)); + htonl (GNUNET_CRYPTO_crc32_n (key, GNUNET_CRYPTO_AES_KEY_LENGTH)); } /** @@ -56,7 +58,7 @@ GNUNET_CRYPTO_aes_check_session_key (const struct GNUNET_CRYPTO_AesSessionKey crc = GNUNET_CRYPTO_crc32_n (key, GNUNET_CRYPTO_AES_KEY_LENGTH); if (ntohl (key->crc32) == crc) return GNUNET_OK; - GNUNET_break (0); + GNUNET_break_op (0); return GNUNET_SYSERR; } @@ -72,32 +74,30 @@ GNUNET_CRYPTO_aes_check_session_key (const struct GNUNET_CRYPTO_AesSessionKey * @param result the output parameter in which to store the encrypted result * @returns the size of the encrypted block, -1 for errors */ -int -GNUNET_CRYPTO_aes_encrypt (const void *block, - uint16_t len, - const struct GNUNET_CRYPTO_AesSessionKey - *sessionkey, - const struct GNUNET_CRYPTO_AesInitializationVector - *iv, void *result) +ssize_t +GNUNET_CRYPTO_aes_encrypt (const void *block, size_t len, + const struct GNUNET_CRYPTO_AesSessionKey * + sessionkey, + const struct GNUNET_CRYPTO_AesInitializationVector * + iv, void *result) { gcry_cipher_hd_t handle; int rc; if (sessionkey->crc32 != - htonl (GNUNET_CRYPTO_crc32_n - (sessionkey, GNUNET_CRYPTO_AES_KEY_LENGTH))) - { - GNUNET_break (0); - return GNUNET_SYSERR; - } - GNUNET_assert (0 == gcry_cipher_open (&handle, - GCRY_CIPHER_AES256, - GCRY_CIPHER_MODE_CFB, 0)); + htonl (GNUNET_CRYPTO_crc32_n (sessionkey, GNUNET_CRYPTO_AES_KEY_LENGTH))) + { + GNUNET_break (0); + return -1; + } + GNUNET_assert (0 == + gcry_cipher_open (&handle, GCRY_CIPHER_AES256, + GCRY_CIPHER_MODE_CFB, 0)); rc = gcry_cipher_setkey (handle, sessionkey, GNUNET_CRYPTO_AES_KEY_LENGTH); GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); - rc = - gcry_cipher_setiv (handle, iv, - sizeof (struct GNUNET_CRYPTO_AesInitializationVector)); + rc = gcry_cipher_setiv (handle, iv, + sizeof (struct + GNUNET_CRYPTO_AesInitializationVector)); GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, len, block, len)); gcry_cipher_close (handle); @@ -106,43 +106,80 @@ GNUNET_CRYPTO_aes_encrypt (const void *block, /** * Decrypt a given block with the sessionkey. - * @param sessionkey the key used to decrypt + * * @param block the data to decrypt, encoded as returned by encrypt * @param size the size of the block to decrypt + * @param sessionkey the key used to decrypt * @param iv the initialization vector to use, use INITVALUE * for streams. * @param result address to store the result at * @return -1 on failure, size of decrypted block on success */ -int -GNUNET_CRYPTO_aes_decrypt (const struct GNUNET_CRYPTO_AesSessionKey - *sessionkey, const void *block, uint16_t size, - const struct GNUNET_CRYPTO_AesInitializationVector - *iv, void *result) +ssize_t +GNUNET_CRYPTO_aes_decrypt (const void *block, size_t size, + const struct GNUNET_CRYPTO_AesSessionKey * + sessionkey, + const struct GNUNET_CRYPTO_AesInitializationVector * + iv, void *result) { gcry_cipher_hd_t handle; int rc; if (sessionkey->crc32 != - htonl (GNUNET_CRYPTO_crc32_n - (sessionkey, GNUNET_CRYPTO_AES_KEY_LENGTH))) - { - GNUNET_break (0); - return GNUNET_SYSERR; - } - GNUNET_assert (0 == gcry_cipher_open (&handle, - GCRY_CIPHER_AES256, - GCRY_CIPHER_MODE_CFB, 0)); + htonl (GNUNET_CRYPTO_crc32_n (sessionkey, GNUNET_CRYPTO_AES_KEY_LENGTH))) + { + GNUNET_break (0); + return -1; + } + GNUNET_assert (0 == + gcry_cipher_open (&handle, GCRY_CIPHER_AES256, + GCRY_CIPHER_MODE_CFB, 0)); rc = gcry_cipher_setkey (handle, sessionkey, GNUNET_CRYPTO_AES_KEY_LENGTH); GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); - rc = - gcry_cipher_setiv (handle, iv, - sizeof (struct GNUNET_CRYPTO_AesInitializationVector)); + rc = gcry_cipher_setiv (handle, iv, + sizeof (struct + GNUNET_CRYPTO_AesInitializationVector)); GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); - GNUNET_assert (0 == - gcry_cipher_decrypt (handle, result, size, block, size)); + GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, block, size)); gcry_cipher_close (handle); return size; } +/** + * @brief Derive an IV + * @param iv initialization vector + * @param skey session key + * @param salt salt for the derivation + * @param salt_len size of the salt + * @param ... pairs of void * & size_t for context chunks, terminated by NULL + */ +void +GNUNET_CRYPTO_aes_derive_iv (struct GNUNET_CRYPTO_AesInitializationVector *iv, + const struct GNUNET_CRYPTO_AesSessionKey *skey, + const void *salt, size_t salt_len, ...) +{ + va_list argp; + + va_start (argp, salt_len); + GNUNET_CRYPTO_aes_derive_iv_v (iv, skey, salt, salt_len, argp); + va_end (argp); +} + +/** + * @brief Derive an IV + * @param iv initialization vector + * @param skey session key + * @param salt salt for the derivation + * @param salt_len size of the salt + * @param argp pairs of void * & size_t for context chunks, terminated by NULL + */ +void +GNUNET_CRYPTO_aes_derive_iv_v (struct GNUNET_CRYPTO_AesInitializationVector *iv, + const struct GNUNET_CRYPTO_AesSessionKey *skey, + const void *salt, size_t salt_len, va_list argp) +{ + GNUNET_CRYPTO_kdf_v (iv->iv, sizeof (iv->iv), salt, salt_len, skey->key, + sizeof (skey->key), argp); +} + /* end of crypto_aes.c */