added ft decryption routine

This commit is contained in:
mr-alice 2016-10-19 22:49:51 +02:00
parent 3ad0a81d8f
commit 9d32406669
4 changed files with 90 additions and 28 deletions

View File

@ -28,10 +28,13 @@
#include <string>
#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
#include <iostream>
#include <stdlib.h>
#pragma once
#define rotl(x,n) { x = (x << n) | (x >> (-n & 31)) ;}
namespace librs {
@ -431,10 +434,16 @@ void poly1305_tag(uint8_t key[32],uint8_t *message,uint32_t size,uint8_t tag[16]
tag[12] = (acc.b[3] >> 0) & 0xff ; tag[13] = (acc.b[3] >> 8) & 0xff ; tag[14] = (acc.b[3] >>16) & 0xff ; tag[15] = (acc.b[3] >>24) & 0xff ;
}
void AEAD_chacha20_poly1305(uint8_t key[32], uint8_t nonce[12],uint8_t *data,uint32_t data_size,uint8_t *aad,uint32_t aad_size,uint8_t tag[16])
bool AEAD_chacha20_poly1305(uint8_t key[32], uint8_t nonce[12],uint8_t *data,uint32_t data_size,uint8_t *aad,uint32_t aad_size,uint8_t tag[16])
{
#warning this part is not implemented yet.
memset(tag,0xff,16) ;
return false;
}
bool constant_time_memory_compare(const uint8_t *m1,const uint8_t *m2,uint32_t size)
{
return !CRYPTO_memcmp(m1,m2,size) ;
}
void perform_tests()
@ -658,7 +667,7 @@ void perform_tests()
uint8_t test_tag[16] = { 0xa8,0x06,0x1d,0xc1,0x30,0x51,0x36,0xc6,0xc2,0x2b,0x8b,0xaf,0x0c,0x01,0x27,0xa9 };
assert(!memcmp(tag,test_tag,16)) ;
assert(constant_time_memory_compare(tag,test_tag,16)) ;
}
std::cerr << " RFC7539 poly1305 test vector #001 OK" << std::endl;
@ -676,7 +685,7 @@ void perform_tests()
uint8_t test_tag[16] = { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 };
assert(!memcmp(tag,test_tag,16)) ;
assert(constant_time_memory_compare(tag,test_tag,16)) ;
}
std::cerr << " RFC7539 poly1305 test vector #002 OK" << std::endl;
@ -695,7 +704,7 @@ void perform_tests()
uint8_t test_tag[16] = { 0x36,0xe5,0xf6,0xb5,0xc5,0xe0,0x60,0x70,0xf0,0xef,0xca,0x96,0x22,0x7a,0x86,0x3e };
assert(!memcmp(tag,test_tag,16)) ;
assert(constant_time_memory_compare(tag,test_tag,16)) ;
}
std::cerr << " RFC7539 poly1305 test vector #003 OK" << std::endl;
@ -714,7 +723,7 @@ void perform_tests()
uint8_t test_tag[16] = { 0xf3,0x47,0x7e,0x7c,0xd9,0x54,0x17,0xaf,0x89,0xa6,0xb8,0x79,0x4c,0x31,0x0c,0xf0 } ;
assert(!memcmp(tag,test_tag,16)) ;
assert(constant_time_memory_compare(tag,test_tag,16)) ;
}
std::cerr << " RFC7539 poly1305 test vector #004 OK" << std::endl;
@ -731,7 +740,7 @@ void perform_tests()
uint8_t test_tag[16] = { 0x45,0x41,0x66,0x9a,0x7e,0xaa,0xee,0x61,0xe7,0x08,0xdc,0x7c,0xbc,0xc5,0xeb,0x62 } ;
assert(!memcmp(tag,test_tag,16)) ;
assert(constant_time_memory_compare(tag,test_tag,16)) ;
}
std::cerr << " RFC7539 poly1305 test vector #005 OK" << std::endl;
@ -749,7 +758,7 @@ void perform_tests()
uint8_t test_tag[16] = { 0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 } ;
assert(!memcmp(tag,test_tag,16)) ;
assert(constant_time_memory_compare(tag,test_tag,16)) ;
}
std::cerr << " RFC7539 poly1305 test vector #006 OK" << std::endl;
@ -767,7 +776,7 @@ void perform_tests()
uint8_t test_tag[16] = { 0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 } ;
assert(!memcmp(tag,test_tag,16)) ;
assert(constant_time_memory_compare(tag,test_tag,16)) ;
}
std::cerr << " RFC7539 poly1305 test vector #007 OK" << std::endl;
@ -786,7 +795,7 @@ void perform_tests()
uint8_t test_tag[16] = { 0x05,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 } ;
assert(!memcmp(tag,test_tag,16)) ;
assert(constant_time_memory_compare(tag,test_tag,16)) ;
}
std::cerr << " RFC7539 poly1305 test vector #008 OK" << std::endl;
@ -805,7 +814,7 @@ void perform_tests()
uint8_t test_tag[16] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 } ;
assert(!memcmp(tag,test_tag,16)) ;
assert(constant_time_memory_compare(tag,test_tag,16)) ;
}
std::cerr << " RFC7539 poly1305 test vector #009 OK" << std::endl;
@ -822,7 +831,7 @@ void perform_tests()
uint8_t test_tag[16] = { 0xfa,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff } ;
assert(!memcmp(tag,test_tag,16)) ;
assert(constant_time_memory_compare(tag,test_tag,16)) ;
}
std::cerr << " RFC7539 poly1305 test vector #010 OK" << std::endl;
@ -843,7 +852,7 @@ void perform_tests()
uint8_t test_tag[16] = { 0x14,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x55,0x00,0x00,0x00,0x00,0x00,0x00,0x00 } ;
assert(!memcmp(tag,test_tag,16)) ;
assert(constant_time_memory_compare(tag,test_tag,16)) ;
}
std::cerr << " RFC7539 poly1305 test vector #011 OK" << std::endl;
@ -863,7 +872,7 @@ void perform_tests()
uint8_t test_tag[16] = { 0x13,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 } ;
assert(!memcmp(tag,test_tag,16)) ;
assert(constant_time_memory_compare(tag,test_tag,16)) ;
}
}

View File

@ -37,7 +37,7 @@ namespace librs
* \param data data that gets encrypted/decrypted in place
* \param size size of the data.
*/
static void chacha20_encrypt(uint8_t key[32], uint32_t block_counter, uint8_t nonce[12], uint8_t *data, uint32_t size) ;
void chacha20_encrypt(uint8_t key[32], uint32_t block_counter, uint8_t nonce[12], uint8_t *data, uint32_t size) ;
/*!
* \brief poly1305_tag
@ -48,7 +48,7 @@ namespace librs
* \param tag place where the tag is stored.
*/
static void poly1305_tag(uint8_t key[32],uint8_t *message,uint32_t size,uint8_t tag[16]);
void poly1305_tag(uint8_t key[32],uint8_t *message,uint32_t size,uint8_t tag[16]);
/*!
* \brief AEAD_chacha20_poly1305
@ -62,24 +62,26 @@ namespace librs
* \param size size of the data
* \param tag generated poly1305 tag.
*/
static void AEAD_chacha20_poly1305(uint8_t key[32], uint8_t nonce[12],uint8_t *data,uint32_t data_size,uint8_t *aad,uint32_t aad_size,uint8_t tag[16]) ;
bool AEAD_chacha20_poly1305(uint8_t key[32], uint8_t nonce[12],uint8_t *data,uint32_t data_size,uint8_t *aad,uint32_t aad_size,uint8_t tag[16]) ;
/*!
* \brief constant_time_memcmp
* Provides a constant time comparison of two memory chunks. The implementation comes from the FreeBSD implementation.
* Provides a constant time comparison of two memory chunks. Calls CRYPTO_memcmp.
*
* \param m1 memory block 1
* \param m2 memory block 2
* \param size common size of m1 and m2
* \return
* false if the two chunks are different
* true if the two chunks are different
*/
static bool constant_time_memcmp(const uint8_t *m1,const uint8_t *m2,uint32_t size) ;
bool constant_time_memory_compare(const uint8_t *m1,const uint8_t *m2,uint32_t size) ;
/*!
* \brief perform_tests
* Tests all methods in this class, using the tests supplied in RFC7539
*/
static void perform_tests() ;
void perform_tests() ;
}
}

View File

@ -1014,13 +1014,13 @@ void ftServer::deriveEncryptionKey(const RsFileHash& hash, uint8_t *key)
SHA256_Final (key, &sha_ctx);
}
static const uint32_t ENCRYPTED_FT_INITIALIZATION_VECTOR_SIZE = 12 ;
static const uint32_t ENCRYPTED_FT_AUTHENTICATION_TAG_SIZE = 16 ;
static const uint32_t ENCRYPTED_FT_HEADER_SIZE = 4 ;
static const uint32_t ENCRYPTED_FT_EDATA_SIZE = 4 ;
bool ftServer::encryptItem(RsTurtleGenericTunnelItem *clear_item,const RsFileHash& hash,RsTurtleGenericDataItem *& encrypted_item)
{
static const uint32_t ENCRYPTED_FT_INITIALIZATION_VECTOR_SIZE = 12 ;
static const uint32_t ENCRYPTED_FT_AUTHENTICATION_TAG_SIZE = 16 ;
static const uint32_t ENCRYPTED_FT_HEADER_SIZE = 4 ;
static const uint32_t ENCRYPTED_FT_EDATA_SIZE = 4 ;
uint8_t initialization_vector[ENCRYPTED_FT_INITIALIZATION_VECTOR_SIZE] ;
RSRandom::random_bytes(initialization_vector,ENCRYPTED_FT_INITIALIZATION_VECTOR_SIZE) ;
@ -1088,9 +1088,59 @@ bool ftServer::encryptItem(RsTurtleGenericTunnelItem *clear_item,const RsFileHas
// Decrypts the given item using aead-chacha20-poly1305
bool ftServer::decryptItem(RsTurtleGenericTunnelItem *encrypted_item,const RsFileHash& hash,RsTurtleGenericDataItem *& decrypted_item)
bool ftServer::decryptItem(RsTurtleGenericDataItem *encrypted_item,const RsFileHash& hash,RsTurtleGenericTunnelItem *& decrypted_item)
{
decrypted_item = NULL ;
uint8_t encryption_key[32] ;
deriveEncryptionKey(hash,encryption_key) ;
uint8_t *edata = (uint8_t*)encrypted_item->data_bytes ;
uint32_t offset = 0;
if(encrypted_item->data_size < ENCRYPTED_FT_HEADER_SIZE + ENCRYPTED_FT_INITIALIZATION_VECTOR_SIZE + ENCRYPTED_FT_EDATA_SIZE) return false ;
if(edata[0] != 0xae) return false ;
if(edata[1] != 0xad) return false ;
if(edata[2] != 0x00) return false ;
if(edata[3] != 0x01) return false ;
offset += ENCRYPTED_FT_HEADER_SIZE ;
uint32_t aad_offset = offset ;
uint32_t aad_size = ENCRYPTED_FT_EDATA_SIZE + ENCRYPTED_FT_INITIALIZATION_VECTOR_SIZE ;
uint8_t *initialization_vector = &edata[offset] ;
std::cerr << "ftServer::decrypting ft item." << std::endl;
std::cerr << " item data : " << RsUtil::BinToHex(edata,std::min(50u,encrypted_item->data_size)) << "(...)" << std::endl;
std::cerr << " hash : " << hash << std::endl;
std::cerr << " encryption key : " << RsUtil::BinToHex(encryption_key,32) << std::endl;
std::cerr << " random nonce : " << RsUtil::BinToHex(initialization_vector,ENCRYPTED_FT_INITIALIZATION_VECTOR_SIZE) << std::endl;
offset += ENCRYPTED_FT_INITIALIZATION_VECTOR_SIZE ;
uint32_t edata_size = 0 ;
edata_size += ((uint32_t)edata[offset+0]) << 0 ;
edata_size += ((uint32_t)edata[offset+1]) << 8 ;
edata_size += ((uint32_t)edata[offset+2]) << 16 ;
edata_size += ((uint32_t)edata[offset+3]) << 24 ;
offset += ENCRYPTED_FT_EDATA_SIZE ;
uint32_t clear_item_offset = offset ;
uint32_t authentication_tag_offset = offset + edata_size ;
std::cerr << " authen. tag : " << RsUtil::BinToHex(&edata[authentication_tag_offset],ENCRYPTED_FT_AUTHENTICATION_TAG_SIZE) << std::endl;
if(!librs::crypto::AEAD_chacha20_poly1305(encryption_key,initialization_vector,&edata[clear_item_offset],edata_size, &edata[aad_offset],aad_size, &edata[authentication_tag_offset]))
return false;
std::cerr << " authen. result : ok" << std::endl;
std::cerr << " decrypted daya : ok" << RsUtil::BinToHex(&edata[clear_item_offset],std::min(50u,edata_size)) << "(...)" << std::endl;
decrypted_item = deserialiseItem(&edata[clear_item_offset],edata_size) ;
if(decrypted_item == NULL)
return false ;
return true ;
}
// Dont delete the item. The client (p3turtle) is doing it after calling this.

View File

@ -225,8 +225,9 @@ public:
virtual bool sendSingleChunkCRC(const RsPeerId& peer_id,const RsFileHash& hash,uint32_t chunk_number,const Sha1CheckSum& crc) ;
static void deriveEncryptionKey(const RsFileHash& hash, uint8_t *key);
static bool encryptItem(RsTurtleGenericTunnelItem *clear_item,const RsFileHash& hash,RsTurtleGenericDataItem *& encrypted_item);
static bool decryptItem(RsTurtleGenericTunnelItem *encrypted_item,const RsFileHash& hash,RsTurtleGenericDataItem *& decrypted_item);
bool encryptItem(RsTurtleGenericTunnelItem *clear_item,const RsFileHash& hash,RsTurtleGenericDataItem *& encrypted_item);
bool decryptItem(RsTurtleGenericDataItem *encrypted_item, const RsFileHash& hash, RsTurtleGenericTunnelItem *&decrypted_item);
/*************** Internal Transfer Fns *************************/
virtual int tick();