From fb85cf602c67994646c156aa9e05d2b9aa10816c Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Wed, 3 Jan 2018 10:11:40 +0100 Subject: [PATCH] -move abe functionality out of util; prepare for release --- configure.ac | 1 + Dockerfile => contrib/Dockerfile | 0 .../docker-entrypoint.sh | 0 po/POTFILES.in | 1 + src/Makefile.am | 7 +- src/abe/Makefile.am | 50 +++ src/abe/abe.c | 417 ++++++++++++++++++ .../test_crypto_abe.c => abe/test_cpabe.c} | 13 +- src/identity-provider/Makefile.am | 1 + .../gnunet-service-identity-provider.c | 77 ++-- src/include/gnunet_abe_lib.h | 143 ++++++ src/include/gnunet_crypto_lib.h | 82 ---- src/util/Makefile.am | 23 - 13 files changed, 663 insertions(+), 152 deletions(-) rename Dockerfile => contrib/Dockerfile (100%) rename docker-entrypoint.sh => contrib/docker-entrypoint.sh (100%) create mode 100644 src/abe/Makefile.am create mode 100644 src/abe/abe.c rename src/{util/test_crypto_abe.c => abe/test_cpabe.c} (87%) create mode 100644 src/include/gnunet_abe_lib.h diff --git a/configure.ac b/configure.ac index ac00bd5d6..017b4836c 100644 --- a/configure.ac +++ b/configure.ac @@ -1658,6 +1658,7 @@ src/vpn/vpn.conf src/zonemaster/Makefile src/zonemaster/zonemaster.conf src/rest/Makefile +src/abe/Makefile src/identity-attribute/Makefile src/identity-provider/Makefile pkgconfig/Makefile diff --git a/Dockerfile b/contrib/Dockerfile similarity index 100% rename from Dockerfile rename to contrib/Dockerfile diff --git a/docker-entrypoint.sh b/contrib/docker-entrypoint.sh similarity index 100% rename from docker-entrypoint.sh rename to contrib/docker-entrypoint.sh diff --git a/po/POTFILES.in b/po/POTFILES.in index e0654d4b4..2fcb74c09 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -1,3 +1,4 @@ +src/abe/abe.c src/arm/arm_api.c src/arm/arm_monitor_api.c src/arm/gnunet-arm.c diff --git a/src/Makefile.am b/src/Makefile.am index fcdd44bfb..6d0284157 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -14,9 +14,10 @@ if HAVE_EXPERIMENTAL rps # dv (FTBFS) if HAVE_ABE - EXP_DIR += identity-attribute \ - identity-provider \ - credential + EXP_DIR += abe \ + credential \ + identity-attribute \ + identity-provider endif endif diff --git a/src/abe/Makefile.am b/src/abe/Makefile.am new file mode 100644 index 000000000..308e6c67c --- /dev/null +++ b/src/abe/Makefile.am @@ -0,0 +1,50 @@ +# This Makefile.am is in the public domain +AM_CPPFLAGS = -I$(top_srcdir)/src/include + +plugindir = $(libdir)/gnunet + +libexecdir= $(pkglibdir)/libexec/ + +pkgcfgdir= $(pkgdatadir)/config.d/ + +dist_pkgcfg_DATA = \ + abe.conf + +if USE_COVERAGE + AM_CFLAGS = --coverage -O0 + XLIB = -lgcov +endif + +libgnunetabe_la_SOURCES = abe.c + +libgnunetabe_la_LIBADD = \ + $(GCLIBADD)\ + $(LIBGCRYPT_LIBS) \ + $(LTLIBICONV) \ + $(LTLIBINTL) \ + $(ABE_LIBADD) \ + -lgabe \ + -lpbc \ + -lglib-2.0 \ + -lltdl $(Z_LIBS) -lunistring $(XLIB) + +libgnunetabe_la_LDFLAGS = \ + $(GN_LIB_LDFLAGS) \ + -version-info 1:0:0 + +lib_LTLIBRARIES = libgnunetabe.la + +if ENABLE_TEST_RUN +AM_TESTS_ENVIRONMENT=export GNUNET_PREFIX=$${GNUNET_PREFIX:-@libdir@};export PATH=$${GNUNET_PREFIX:-@prefix@}/bin:$$PATH;unset XDG_DATA_HOME;unset XDG_CONFIG_HOME; +TESTS = $(check_PROGRAMS) +endif + +check_PROGRAMS = test_cpabe + +test_cpabe_SOURCES = \ + test_cpabe.c +test_cpabe_LDADD = \ + libgnunetabe.la \ + $(top_builddir)/src/util/libgnunetutil.la +check_PROGRAMS += \ + test_cpabe diff --git a/src/abe/abe.c b/src/abe/abe.c new file mode 100644 index 000000000..d008cc522 --- /dev/null +++ b/src/abe/abe.c @@ -0,0 +1,417 @@ +/* + This file is part of GNUnet. Copyright (C) 2001-2014 Christian Grothoff + (and other contributing authors) + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. + +*/ + +/** + * @file util/crypto_random.c + * @brief functions to gather random numbers + * @author Christian Grothoff + */ + + +#include "platform.h" +#include +#include + +#include "gnunet_crypto_lib.h" +#include "gnunet_abe_lib.h" + +struct GNUNET_ABE_AbeMasterKey +{ + gabe_pub_t* pub; + gabe_msk_t* msk; +}; + +struct GNUNET_ABE_AbeKey +{ + gabe_pub_t* pub; + gabe_prv_t* prv; +}; + +static int +init_aes( element_t k, int enc, + gcry_cipher_hd_t* handle, + struct GNUNET_CRYPTO_SymmetricSessionKey *key, + unsigned char* iv) +{ + int rc; + int key_len; + unsigned char* key_buf; + + key_len = element_length_in_bytes(k) < 33 ? 3 : element_length_in_bytes(k); + key_buf = (unsigned char*) malloc(key_len); + element_to_bytes(key_buf, k); + + memcpy (key->aes_key, key_buf, GNUNET_CRYPTO_AES_KEY_LENGTH); + GNUNET_assert (0 == + gcry_cipher_open (handle, GCRY_CIPHER_AES256, + GCRY_CIPHER_MODE_CFB, 0)); + rc = gcry_cipher_setkey (*handle, + key->aes_key, + sizeof (key->aes_key)); + GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); + memset (iv, 0, 16); //TODO make reasonable + rc = gcry_cipher_setiv (*handle, + iv, + 16); + GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); + + free(key_buf); + return rc; +} + +static int +aes_128_cbc_encrypt( char* pt, + int size, + element_t k, + char **ct ) +{ + gcry_cipher_hd_t handle; + struct GNUNET_CRYPTO_SymmetricSessionKey skey; + unsigned char iv[16]; + char* buf; + int padding; + int buf_size; + uint8_t len[4]; + init_aes(k, 1, &handle, &skey, iv); + + /* TODO make less crufty */ + + /* stuff in real length (big endian) before padding */ + len[0] = (size & 0xff000000)>>24; + len[1] = (size & 0xff0000)>>16; + len[2] = (size & 0xff00)>>8; + len[3] = (size & 0xff)>>0; + padding = 16 - ((4+size) % 16); + buf_size = 4 + size + padding; + buf = GNUNET_malloc (buf_size); + GNUNET_memcpy (buf, len, 4); + GNUNET_memcpy (buf+4, pt, size); + *ct = GNUNET_malloc (buf_size); + + GNUNET_assert (0 == gcry_cipher_encrypt (handle, *ct, buf_size, buf, buf_size)); + gcry_cipher_close (handle); + //AES_cbc_encrypt(pt->data, ct->data, pt->len, &key, iv, AES_ENCRYPT); + GNUNET_free (buf); + return buf_size; +} + +static int +aes_128_cbc_decrypt( char* ct, + int size, + element_t k, + char **pt ) +{ + struct GNUNET_CRYPTO_SymmetricSessionKey skey; + gcry_cipher_hd_t handle; + unsigned char iv[16]; + char* tmp; + uint32_t len; + + init_aes(k, 1, &handle, &skey, iv); + + tmp = GNUNET_malloc (size); + + //AES_cbc_encrypt(ct->data, pt->data, ct->len, &key, iv, AES_DECRYPT); + GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, ct, size)); + gcry_cipher_close (handle); + /* TODO make less crufty */ + + /* get real length */ + len = 0; + len = len + | ((tmp[0])<<24) | ((tmp[1])<<16) + | ((tmp[2])<<8) | ((tmp[3])<<0); + /* truncate any garbage from the padding */ + *pt = GNUNET_malloc (len); + GNUNET_memcpy (*pt, tmp+4, len); + GNUNET_free (tmp); + return len; +} + +struct GNUNET_ABE_AbeMasterKey* +GNUNET_ABE_cpabe_create_master_key (void) +{ + struct GNUNET_ABE_AbeMasterKey* key; + key = GNUNET_new (struct GNUNET_ABE_AbeMasterKey); + gabe_setup(&key->pub, &key->msk); + GNUNET_assert (NULL != key->pub); + GNUNET_assert (NULL != key->msk); + return key; +} + +void +GNUNET_ABE_cpabe_delete_master_key (struct GNUNET_ABE_AbeMasterKey *key) +{ + gabe_msk_free (key->msk); + gabe_pub_free (key->pub); + //GNUNET_free (key->msk); + //gabe_msk_free (key->msk); //For some reason free of pub implicit? + GNUNET_free (key); +} + +struct GNUNET_ABE_AbeKey* +GNUNET_ABE_cpabe_create_key (struct GNUNET_ABE_AbeMasterKey *key, + char **attrs) +{ + struct GNUNET_ABE_AbeKey *prv_key; + int size; + char *tmp; + + prv_key = GNUNET_new (struct GNUNET_ABE_AbeKey); + prv_key->prv = gabe_keygen(key->pub, key->msk, attrs); + size = gabe_pub_serialize(key->pub, &tmp); + prv_key->pub = gabe_pub_unserialize(tmp, size); + GNUNET_free (tmp); + GNUNET_assert (NULL != prv_key->prv); + return prv_key; +} + +void +GNUNET_ABE_cpabe_delete_key (struct GNUNET_ABE_AbeKey *key, + int delete_pub) +{ + //Memory management in gabe is buggy + gabe_prv_free (key->prv); + if (GNUNET_YES == delete_pub) + gabe_pub_free (key->pub); + GNUNET_free (key); +} + +ssize_t +write_cpabe (void **result, + uint32_t file_len, + char* cph_buf, + int cph_buf_len, + char* aes_buf, + int aes_buf_len) +{ + char *ptr; + uint32_t *len; + + *result = GNUNET_malloc (12 + cph_buf_len + aes_buf_len); + ptr = *result; + len = (uint32_t*) ptr; + *len = htonl (file_len); + ptr += 4; + len = (uint32_t*) ptr; + *len = htonl (aes_buf_len); + ptr += 4; + memcpy (ptr, aes_buf, aes_buf_len); + ptr += aes_buf_len; + len = (uint32_t*) ptr; + *len = htonl (cph_buf_len); + ptr += 4; + memcpy (ptr, cph_buf, cph_buf_len); + return 12 + cph_buf_len + aes_buf_len; +} + +ssize_t +read_cpabe (const void *data, + char** cph_buf, + int *cph_buf_len, + char** aes_buf, + int *aes_buf_len) +{ + int buf_len; + char *ptr; + uint32_t *len; + + ptr = (char*)data; + len = (uint32_t*)ptr; + buf_len = ntohl (*len); + ptr += 4; + len = (uint32_t*)ptr; + *aes_buf_len = ntohl (*len); + ptr += 4; + *aes_buf = GNUNET_malloc (*aes_buf_len); + memcpy(*aes_buf, ptr, *aes_buf_len); + ptr += *aes_buf_len; + len = (uint32_t*)ptr; + *cph_buf_len = ntohl (*len); + ptr += 4; + *cph_buf = GNUNET_malloc (*cph_buf_len); + memcpy(*cph_buf, ptr, *cph_buf_len); + + return buf_len; +} + +ssize_t +GNUNET_ABE_cpabe_encrypt (const void *block, + size_t size, + const char *policy, + const struct GNUNET_ABE_AbeMasterKey *key, + void **result) +{ + gabe_cph_t* cph; + char* plt; + char* cph_buf; + char* aes_buf; + element_t m; + int cph_buf_len; + int aes_buf_len; + ssize_t result_len; + + if( !(cph = gabe_enc(key->pub, m, (char*)policy)) ) + return GNUNET_SYSERR; + cph_buf_len = gabe_cph_serialize(cph, + &cph_buf); + gabe_cph_free(cph); + GNUNET_free (cph); + plt = GNUNET_memdup (block, size); + aes_buf_len = aes_128_cbc_encrypt(plt, size, m, &aes_buf); + GNUNET_free (plt); + element_clear(m); + result_len = write_cpabe(result, size, cph_buf, cph_buf_len, aes_buf, aes_buf_len); + GNUNET_free(cph_buf); + GNUNET_free(aes_buf); + return result_len; +} + +ssize_t +GNUNET_ABE_cpabe_decrypt (const void *block, + size_t size, + const struct GNUNET_ABE_AbeKey *key, + void **result) +{ + char* aes_buf; + char* cph_buf; + gabe_cph_t* cph; + element_t m; + int cph_buf_size; + int aes_buf_size; + int plt_len; + + read_cpabe(block, &cph_buf, &cph_buf_size, &aes_buf, &aes_buf_size); + cph = gabe_cph_unserialize(key->pub, cph_buf, cph_buf_size); + if( !gabe_dec(key->pub, key->prv, cph, m) ) { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "%s\n", gabe_error()); + GNUNET_free (aes_buf); + GNUNET_free (cph_buf); + gabe_cph_free(cph); + GNUNET_free (cph); + element_clear (m); + return GNUNET_SYSERR; + } + gabe_cph_free(cph); + GNUNET_free (cph); + plt_len = aes_128_cbc_decrypt(aes_buf, aes_buf_size, m, (char**)result); + GNUNET_free (cph_buf); + GNUNET_free (aes_buf); + element_clear (m); + //freeing is buggy in gabe + //gabe_prv_free (prv); + //gabe_pub_free (pub); + return plt_len; +} + +ssize_t +GNUNET_ABE_cpabe_serialize_key (const struct GNUNET_ABE_AbeKey *key, + void **result) +{ + ssize_t len; + char *pub; + char *prv; + int pub_len; + int prv_len; + + pub_len = gabe_pub_serialize (key->pub, &pub); + prv_len = gabe_prv_serialize (key->prv, &prv); + + len = pub_len + prv_len + 12; + write_cpabe (result, len, pub, pub_len, prv, prv_len); + + GNUNET_free (pub); + GNUNET_free (prv); + + return len; +} + +struct GNUNET_ABE_AbeKey* +GNUNET_ABE_cpabe_deserialize_key (const void *data, + size_t len) +{ + struct GNUNET_ABE_AbeKey *key; + char *pub; + char *prv; + int prv_len; + int pub_len; + + key = GNUNET_new (struct GNUNET_ABE_AbeKey); + read_cpabe (data, + &pub, + &pub_len, + &prv, + &prv_len); + key->pub = gabe_pub_unserialize (pub, pub_len); + key->prv = gabe_prv_unserialize (key->pub, prv, prv_len); + + GNUNET_free (pub); + GNUNET_free (prv); + return key; +} + +ssize_t +GNUNET_ABE_cpabe_serialize_master_key (const struct GNUNET_ABE_AbeMasterKey *key, + void **result) +{ + ssize_t len; + char *pub; + char *msk; + int pub_len; + int msk_len; + + pub_len = gabe_pub_serialize (key->pub, &pub); + msk_len = gabe_msk_serialize (key->msk, &msk); + + len = pub_len + msk_len + 12; + write_cpabe (result, len, pub, pub_len, msk, msk_len); + + GNUNET_free (pub); + GNUNET_free (msk); + + return len; +} + +struct GNUNET_ABE_AbeMasterKey* +GNUNET_ABE_cpabe_deserialize_master_key (const void *data, + size_t len) +{ + struct GNUNET_ABE_AbeMasterKey *key; + char *msk; + char *pub; + int msk_len; + int pub_len; + + key = GNUNET_new (struct GNUNET_ABE_AbeMasterKey); + read_cpabe (data, + &pub, + &pub_len, + &msk, + &msk_len); + key->pub = gabe_pub_unserialize (pub, pub_len); + key->msk = gabe_msk_unserialize (key->pub, msk, msk_len); + + GNUNET_free (pub); + GNUNET_free (msk); + + return key; +} diff --git a/src/util/test_crypto_abe.c b/src/abe/test_cpabe.c similarity index 87% rename from src/util/test_crypto_abe.c rename to src/abe/test_cpabe.c index cb36dccae..9b2062b23 100644 --- a/src/util/test_crypto_abe.c +++ b/src/abe/test_cpabe.c @@ -25,20 +25,21 @@ */ #include "platform.h" #include "gnunet_util_lib.h" +#include "gnunet_abe_lib.h" #define TESTSTRING "Hello World!" static int testAbecipher () { - struct GNUNET_CRYPTO_AbeMasterKey *msk; - struct GNUNET_CRYPTO_AbeKey *key; + struct GNUNET_ABE_AbeMasterKey *msk; + struct GNUNET_ABE_AbeKey *key; char *result; char **attrs; int size; char *res; - msk = GNUNET_CRYPTO_cpabe_create_master_key (); - size = GNUNET_CRYPTO_cpabe_encrypt (TESTSTRING, strlen (TESTSTRING) + 1, + msk = GNUNET_ABE_cpabe_create_master_key (); + size = GNUNET_ABE_cpabe_encrypt (TESTSTRING, strlen (TESTSTRING) + 1, "testattr", //Policy msk, (void*)&result); @@ -46,10 +47,10 @@ testAbecipher () attrs = GNUNET_malloc (2 * sizeof (char*)); attrs[0] = "testattr"; attrs[1] = NULL; - key = GNUNET_CRYPTO_cpabe_create_key (msk, + key = GNUNET_ABE_cpabe_create_key (msk, attrs); - size = GNUNET_CRYPTO_cpabe_decrypt (result, size, + size = GNUNET_ABE_cpabe_decrypt (result, size, key, (void*)&res); if (strlen (TESTSTRING) + 1 != size) diff --git a/src/identity-provider/Makefile.am b/src/identity-provider/Makefile.am index 5c5ddaa57..adf6af3b3 100644 --- a/src/identity-provider/Makefile.am +++ b/src/identity-provider/Makefile.am @@ -70,6 +70,7 @@ gnunet_service_identity_provider_LDADD = \ $(top_builddir)/src/namestore/libgnunetnamestore.la \ $(top_builddir)/src/identity/libgnunetidentity.la \ $(top_builddir)/src/statistics/libgnunetstatistics.la \ + $(top_builddir)/src/abe/libgnunetabe.la \ $(top_builddir)/src/credential/libgnunetcredential.la \ $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \ libgnunetidentityprovider.la \ diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index a5c178aa5..351308c3a 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -30,6 +30,7 @@ #include "gnunet_identity_service.h" #include "gnunet_gnsrecord_lib.h" #include "gnunet_namestore_service.h" +#include "gnunet_abe_lib.h" #include "gnunet_credential_service.h" #include "gnunet_statistics_service.h" #include "gnunet_gns_service.h" @@ -205,7 +206,7 @@ struct TicketIteration */ typedef void (*AbeBootstrapResult) (void *cls, - struct GNUNET_CRYPTO_AbeMasterKey *abe_key); + struct GNUNET_ABE_AbeMasterKey *abe_key); struct AbeBootstrapHandle @@ -233,7 +234,7 @@ struct AbeBootstrapHandle /** * The issuer egos ABE master key */ - struct GNUNET_CRYPTO_AbeMasterKey *abe_key; + struct GNUNET_ABE_AbeMasterKey *abe_key; }; /** @@ -264,7 +265,7 @@ struct AttributeIterator /** * The issuer egos ABE master key */ - struct GNUNET_CRYPTO_AbeMasterKey *abe_key; + struct GNUNET_ABE_AbeMasterKey *abe_key; /** * Namestore iterator @@ -355,7 +356,7 @@ struct AttributeStoreHandle /** * The issuer egos ABE master key */ - struct GNUNET_CRYPTO_AbeMasterKey *abe_key; + struct GNUNET_ABE_AbeMasterKey *abe_key; /** * QueueEntry @@ -423,7 +424,7 @@ struct ConsumeTicketHandle /** * The ABE key */ - struct GNUNET_CRYPTO_AbeKey *key; + struct GNUNET_ABE_AbeKey *key; /** * Attributes @@ -520,7 +521,7 @@ struct TicketRevocationHandle /** * The ABE master key */ - struct GNUNET_CRYPTO_AbeMasterKey *abe_key; + struct GNUNET_ABE_AbeMasterKey *abe_key; /** * Offset @@ -690,7 +691,7 @@ bootstrap_store_task (void *cls) struct GNUNET_GNSRECORD_Data rd[1]; char *key; - rd[0].data_size = GNUNET_CRYPTO_cpabe_serialize_master_key (abh->abe_key, + rd[0].data_size = GNUNET_ABE_cpabe_serialize_master_key (abh->abe_key, (void**)&key); rd[0].data = key; rd[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER; @@ -730,13 +731,13 @@ bootstrap_abe_result (void *cls, const struct GNUNET_GNSRECORD_Data *rd) { struct AbeBootstrapHandle *abh = cls; - struct GNUNET_CRYPTO_AbeMasterKey *abe_key; + struct GNUNET_ABE_AbeMasterKey *abe_key; int i; for (i=0;iproc (abh->proc_cls, abe_key); GNUNET_free (abh); @@ -744,7 +745,7 @@ bootstrap_abe_result (void *cls, } //No ABE master found, bootstrapping... - abh->abe_key = GNUNET_CRYPTO_cpabe_create_master_key (); + abh->abe_key = GNUNET_ABE_cpabe_create_master_key (); GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh); } @@ -767,7 +768,7 @@ bootstrap_abe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, abh->identity = *identity; if (GNUNET_YES == recreate) { - abh->abe_key = GNUNET_CRYPTO_cpabe_create_master_key (); + abh->abe_key = GNUNET_ABE_cpabe_create_master_key (); GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh); } else { abh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle, @@ -874,7 +875,7 @@ store_ticket_issue_cont (void *cls, int serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs, - const struct GNUNET_CRYPTO_AbeKey *rp_key, + const struct GNUNET_ABE_AbeKey *rp_key, struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey, char **result) { @@ -892,7 +893,7 @@ serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, struct GNUNET_HashCode new_key_hash; ssize_t enc_size; - size = GNUNET_CRYPTO_cpabe_serialize_key (rp_key, + size = GNUNET_ABE_cpabe_serialize_key (rp_key, (void**)&serialized_key); attrs_str_len = 0; for (le = attrs->list_head; NULL != le; le = le->next) { @@ -951,13 +952,13 @@ serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, static void issue_ticket_after_abe_bootstrap (void *cls, - struct GNUNET_CRYPTO_AbeMasterKey *abe_key) + struct GNUNET_ABE_AbeMasterKey *abe_key) { struct TicketIssueHandle *ih = cls; struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le; struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; struct GNUNET_GNSRECORD_Data code_record[1]; - struct GNUNET_CRYPTO_AbeKey *rp_key; + struct GNUNET_ABE_AbeKey *rp_key; char *code_record_data; char **attrs; char *label; @@ -983,7 +984,7 @@ issue_ticket_after_abe_bootstrap (void *cls, i++; } attrs[i] = NULL; - rp_key = GNUNET_CRYPTO_cpabe_create_key (abe_key, + rp_key = GNUNET_ABE_cpabe_create_key (abe_key, attrs); //TODO review this wireformat @@ -1014,9 +1015,9 @@ issue_ticket_after_abe_bootstrap (void *cls, GNUNET_free (label); GNUNET_free (attrs); GNUNET_free (code_record_data); - GNUNET_CRYPTO_cpabe_delete_key (rp_key, + GNUNET_ABE_cpabe_delete_key (rp_key, GNUNET_YES); - GNUNET_CRYPTO_cpabe_delete_master_key (abe_key); + GNUNET_ABE_cpabe_delete_master_key (abe_key); } @@ -1091,7 +1092,7 @@ cleanup_revoke_ticket_handle (struct TicketRevocationHandle *handle) if (NULL != handle->rvk_attrs) GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->rvk_attrs); if (NULL != handle->abe_key) - GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key); + GNUNET_ABE_cpabe_delete_master_key (handle->abe_key); if (NULL != handle->ns_qe) GNUNET_NAMESTORE_cancel (handle->ns_qe); if (NULL != handle->ns_it) @@ -1183,7 +1184,7 @@ ticket_reissue_proc (void *cls, struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le_rollover; struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; struct GNUNET_GNSRECORD_Data code_record[1]; - struct GNUNET_CRYPTO_AbeKey *rp_key; + struct GNUNET_ABE_AbeKey *rp_key; char *code_record_data; char **attr_arr; char *label; @@ -1263,7 +1264,7 @@ ticket_reissue_proc (void *cls, i++; } attr_arr[i] = NULL; - rp_key = GNUNET_CRYPTO_cpabe_create_key (rh->abe_key, + rp_key = GNUNET_ABE_cpabe_create_key (rh->abe_key, attr_arr); //TODO review this wireformat @@ -1294,7 +1295,7 @@ ticket_reissue_proc (void *cls, GNUNET_free (label); GNUNET_free (attr_arr); GNUNET_free (code_record_data); - GNUNET_CRYPTO_cpabe_delete_key (rp_key, GNUNET_YES); + GNUNET_ABE_cpabe_delete_key (rp_key, GNUNET_YES); } @@ -1362,7 +1363,7 @@ reenc_next_attribute (struct TicketRevocationHandle *rh) /** * Encrypt the attribute value and store in namestore */ - enc_size = GNUNET_CRYPTO_cpabe_encrypt (buf, + enc_size = GNUNET_ABE_cpabe_encrypt (buf, buf_size, policy, //Policy rh->abe_key, @@ -1463,7 +1464,7 @@ process_attributes_to_update (void *cls, static void get_ticket_after_abe_bootstrap (void *cls, - struct GNUNET_CRYPTO_AbeMasterKey *abe_key) + struct GNUNET_ABE_AbeMasterKey *abe_key) { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Finished ABE bootstrap\n"); @@ -1534,7 +1535,7 @@ static void cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle) { if (NULL != handle->key) - GNUNET_CRYPTO_cpabe_delete_key (handle->key, + GNUNET_ABE_cpabe_delete_key (handle->key, GNUNET_YES); if (NULL != handle->attrs) GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->attrs); @@ -1603,7 +1604,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, if (rd->record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR) { decrypt_duration = GNUNET_TIME_absolute_get (); - attr_len = GNUNET_CRYPTO_cpabe_decrypt (rd->data + sizeof (uint32_t), + attr_len = GNUNET_ABE_cpabe_decrypt (rd->data + sizeof (uint32_t), rd->data_size - sizeof (uint32_t), handle->key, (void**)&data); @@ -1745,7 +1746,7 @@ process_consume_abe_key (void *cls, uint32_t rd_count, scopes = GNUNET_strdup (buf); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Scopes %s\n", scopes); - handle->key = GNUNET_CRYPTO_cpabe_deserialize_key ((void*)(buf + strlen (scopes) + 1), + handle->key = GNUNET_ABE_cpabe_deserialize_key ((void*)(buf + strlen (scopes) + 1), rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) - strlen (scopes) - 1); @@ -1833,7 +1834,7 @@ cleanup_as_handle (struct AttributeStoreHandle *handle) if (NULL != handle->claim) GNUNET_free (handle->claim); if (NULL != handle->abe_key) - GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key); + GNUNET_ABE_cpabe_delete_master_key (handle->abe_key); GNUNET_free (handle); } @@ -1897,7 +1898,7 @@ attr_store_task (void *cls) /** * Encrypt the attribute value and store in namestore */ - enc_size = GNUNET_CRYPTO_cpabe_encrypt (buf, + enc_size = GNUNET_ABE_cpabe_encrypt (buf, buf_size, policy, //Policy as_handle->abe_key, @@ -1931,7 +1932,7 @@ attr_store_task (void *cls) static void store_after_abe_bootstrap (void *cls, - struct GNUNET_CRYPTO_AbeMasterKey *abe_key) + struct GNUNET_ABE_AbeMasterKey *abe_key) { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Finished ABE bootstrap\n"); @@ -2001,7 +2002,7 @@ static void cleanup_iter_handle (struct AttributeIterator *ai) { if (NULL != ai->abe_key) - GNUNET_CRYPTO_cpabe_delete_master_key (ai->abe_key); + GNUNET_ABE_cpabe_delete_master_key (ai->abe_key); GNUNET_CONTAINER_DLL_remove (ai->client->op_head, ai->client->op_tail, ai); @@ -2043,7 +2044,7 @@ attr_iter_cb (void *cls, { struct AttributeIterator *ai = cls; struct AttributeResultMessage *arm; - struct GNUNET_CRYPTO_AbeKey *key; + struct GNUNET_ABE_AbeKey *key; struct GNUNET_MQ_Envelope *env; ssize_t msg_extra_len; char* attr_ser; @@ -2067,14 +2068,14 @@ attr_iter_cb (void *cls, label, attr_ver); attrs[0] = policy; attrs[1] = 0; - key = GNUNET_CRYPTO_cpabe_create_key (ai->abe_key, + key = GNUNET_ABE_cpabe_create_key (ai->abe_key, attrs); - msg_extra_len = GNUNET_CRYPTO_cpabe_decrypt (rd->data+sizeof (uint32_t), + msg_extra_len = GNUNET_ABE_cpabe_decrypt (rd->data+sizeof (uint32_t), rd->data_size-sizeof (uint32_t), key, (void**)&attr_ser); - GNUNET_CRYPTO_cpabe_delete_key (key, + GNUNET_ABE_cpabe_delete_key (key, GNUNET_YES); //GNUNET_free (policy); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, @@ -2092,14 +2093,14 @@ attr_iter_cb (void *cls, msg_extra_len); GNUNET_MQ_send (ai->client->mq, env); GNUNET_free (attr_ser); - GNUNET_CRYPTO_cpabe_delete_master_key (ai->abe_key); + GNUNET_ABE_cpabe_delete_master_key (ai->abe_key); ai->abe_key = NULL; } void iterate_after_abe_bootstrap (void *cls, - struct GNUNET_CRYPTO_AbeMasterKey *abe_key) + struct GNUNET_ABE_AbeMasterKey *abe_key) { struct AttributeIterator *ai = cls; ai->abe_key = abe_key; @@ -2115,7 +2116,7 @@ iterate_after_abe_bootstrap (void *cls, void iterate_next_after_abe_bootstrap (void *cls, - struct GNUNET_CRYPTO_AbeMasterKey *abe_key) + struct GNUNET_ABE_AbeMasterKey *abe_key) { struct AttributeIterator *ai = cls; ai->abe_key = abe_key; diff --git a/src/include/gnunet_abe_lib.h b/src/include/gnunet_abe_lib.h new file mode 100644 index 000000000..77b0f9e99 --- /dev/null +++ b/src/include/gnunet_abe_lib.h @@ -0,0 +1,143 @@ +/* + This file is part of GNUnet. + Copyright (C) 2001-2018 GNUnet e.V. + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + +/** + * @file include/gnunet_crypto_lib.h + * @brief cryptographic primitives for GNUnet + * + * @author Martin Schanzenbach + * + * @defgroup abe ABE Crypto library: Attribute-Based Encryption operations + * + */ +#ifndef GNUNET_ABE_LIB_H +#define GNUNET_ABE_LIB_H + +#ifdef __cplusplus +extern "C" +{ +#if 0 /* keep Emacsens' auto-indent happy */ +} +#endif +#endif + +#include "gnunet_common.h" +#include + +/** + * @brief type for ABE master keys + */ +struct GNUNET_CRYPTO_AbeMasterKey; + +/** + * @brief type for ABE keys + */ +struct GNUNET_CRYPTO_AbeKey; + + + +/** + * @ingroup abe + * Create a new CP-ABE master key. Caller must free return value. + * + * @return fresh private key; free using #GNUNET_free + */ +struct GNUNET_ABE_AbeMasterKey * +GNUNET_ABE_cpabe_create_master_key (void); +void +GNUNET_ABE_cpabe_delete_master_key (struct GNUNET_ABE_AbeMasterKey *key); + +/** + * @ingroup abe + * Create a new CP-ABE key. Caller must free return value. + * + * @return fresh private key; free using #GNUNET_free + */ +struct GNUNET_ABE_AbeKey * +GNUNET_ABE_cpabe_create_key (struct GNUNET_ABE_AbeMasterKey *msk, + char **attrs); +void +GNUNET_ABE_cpabe_delete_key (struct GNUNET_ABE_AbeKey *key, + int delete_pub); + + +/** + * @ingroup abe + * Encrypt a block using sessionkey. + * + * @param block the block to encrypt + * @param size the size of the @a block + * @param sessionkey the key used to encrypt + * @param iv the initialization vector to use, use INITVALUE + * for streams. + * @return the size of the encrypted block, -1 for errors + */ +ssize_t +GNUNET_ABE_cpabe_encrypt (const void *block, + size_t size, + const char *policy, + const struct GNUNET_ABE_AbeMasterKey *key, + void **result); + +/** + * @ingroup abe + * Encrypt a block using sessionkey. + * + * @param block the block to encrypt + * @param size the size of the @a block + * @param sessionkey the key used to encrypt + * @param iv the initialization vector to use, use INITVALUE + * for streams. + * @return the size of the encrypted block, -1 for errors + */ +ssize_t +GNUNET_ABE_cpabe_decrypt (const void *block, + size_t size, + const struct GNUNET_ABE_AbeKey *key, + void **result); + +ssize_t +GNUNET_ABE_cpabe_serialize_key (const struct GNUNET_ABE_AbeKey *key, + void **result); + +struct GNUNET_ABE_AbeKey* +GNUNET_ABE_cpabe_deserialize_key (const void *data, + size_t len); + +ssize_t +GNUNET_ABE_cpabe_serialize_master_key (const struct GNUNET_ABE_AbeMasterKey *key, + void **result); + +struct GNUNET_ABE_AbeMasterKey* +GNUNET_ABE_cpabe_deserialize_master_key (const void *data, + size_t len); + + +#if 0 /* keep Emacsens' auto-indent happy */ +{ +#endif +#ifdef __cplusplus +} +#endif + + +/* ifndef GNUNET_ABE_LIB_H */ +#endif +/* end of gnunet_abe_lib.h */ diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 2fd67ae1b..e886a561c 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h @@ -395,11 +395,6 @@ struct GNUNET_CRYPTO_PaillierCiphertext unsigned char bits[GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8]; }; -/** - * @brief type for ABE master keys - */ -struct GNUNET_CRYPTO_AbeMasterKey; - /* **************** Functions and Macros ************* */ @@ -2142,83 +2137,6 @@ GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaPublicKey *public_key); -/** - * @ingroup crypto - * Create a new CP-ABE master key. Caller must free return value. - * - * @return fresh private key; free using #GNUNET_free - */ -struct GNUNET_CRYPTO_AbeMasterKey * -GNUNET_CRYPTO_cpabe_create_master_key (void); -void -GNUNET_CRYPTO_cpabe_delete_master_key (struct GNUNET_CRYPTO_AbeMasterKey *key); - -/** - * @ingroup crypto - * Create a new CP-ABE key. Caller must free return value. - * - * @return fresh private key; free using #GNUNET_free - */ -struct GNUNET_CRYPTO_AbeKey * -GNUNET_CRYPTO_cpabe_create_key (struct GNUNET_CRYPTO_AbeMasterKey *msk, - char **attrs); -void -GNUNET_CRYPTO_cpabe_delete_key (struct GNUNET_CRYPTO_AbeKey *key, - int delete_pub); - - -/** - * @ingroup crypto - * Encrypt a block using sessionkey. - * - * @param block the block to encrypt - * @param size the size of the @a block - * @param sessionkey the key used to encrypt - * @param iv the initialization vector to use, use INITVALUE - * for streams. - * @return the size of the encrypted block, -1 for errors - */ -ssize_t -GNUNET_CRYPTO_cpabe_encrypt (const void *block, - size_t size, - const char *policy, - const struct GNUNET_CRYPTO_AbeMasterKey *key, - void **result); - -/** - * @ingroup crypto - * Encrypt a block using sessionkey. - * - * @param block the block to encrypt - * @param size the size of the @a block - * @param sessionkey the key used to encrypt - * @param iv the initialization vector to use, use INITVALUE - * for streams. - * @return the size of the encrypted block, -1 for errors - */ -ssize_t -GNUNET_CRYPTO_cpabe_decrypt (const void *block, - size_t size, - const struct GNUNET_CRYPTO_AbeKey *key, - void **result); - -ssize_t -GNUNET_CRYPTO_cpabe_serialize_key (const struct GNUNET_CRYPTO_AbeKey *key, - void **result); - -struct GNUNET_CRYPTO_AbeKey* -GNUNET_CRYPTO_cpabe_deserialize_key (const void *data, - size_t len); - -ssize_t -GNUNET_CRYPTO_cpabe_serialize_master_key (const struct GNUNET_CRYPTO_AbeMasterKey *key, - void **result); - -struct GNUNET_CRYPTO_AbeMasterKey* -GNUNET_CRYPTO_cpabe_deserialize_master_key (const void *data, - size_t len); - - #if 0 /* keep Emacsens' auto-indent happy */ { #endif diff --git a/src/util/Makefile.am b/src/util/Makefile.am index cc9ff4745..eb655157d 100644 --- a/src/util/Makefile.am +++ b/src/util/Makefile.am @@ -119,18 +119,6 @@ libgnunetutil_la_LIBADD = \ $(LTLIBINTL) \ -lltdl $(Z_LIBS) -lunistring $(XLIB) -if HAVE_PBC -if HAVE_ABE -libgnunetutil_la_SOURCES += \ - crypto_abe.c -libgnunetutil_la_LIBADD += \ - $(ABE_LIBADD) \ - -lgabe \ - -lpbc \ - -lglib-2.0 -endif -endif - libgnunetutil_la_LDFLAGS = \ $(GN_LIB_LDFLAGS) \ -version-info 13:0:0 @@ -564,17 +552,6 @@ test_speedup_SOURCES = \ test_speedup_LDADD = \ libgnunetutil.la -if HAVE_PBC -if HAVE_ABE -test_crypto_abe_SOURCES = \ - test_crypto_abe.c -test_crypto_abe_LDADD = \ - libgnunetutil.la -check_PROGRAMS += \ - test_crypto_abe -endif -endif - perf_crypto_hash_SOURCES = \ perf_crypto_hash.c perf_crypto_hash_LDADD = \ -- 2.25.1