Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-05-02 14:16:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

turned turtle encryption routine into a generic authenticated encryption method in librs::crypto

Browse source
This commit is contained in:
csoler 2018-06-28 10:01:57 +02:00
parent a6edf47e00
commit db06c32e80
No known key found for this signature in database
GPG key ID: 7BCA522266C0804C
4 changed files with 287 additions and 165 deletions
Download patch file Download diff file Expand all files Collapse all files

175
libretroshare/src/turtle/p3turtle.cc
View file

@ -34,7 +34,7 @@
#endif
#include "rsserver/p3face.h"
#include "crypto/chacha20.h"
#include "crypto/rscrypto.h"
#include "pqi/authssl.h"
#include "pqi/p3linkmgr.h"
@ -2235,177 +2235,26 @@ std::string p3turtle::getPeerNameForVirtualPeerId(const RsPeerId& virtual_peer_i
return name;
}
static const uint32_t ENCRYPTED_TURTLE_INITIALIZATION_VECTOR_SIZE = 12 ;
static const uint32_t ENCRYPTED_TURTLE_AUTHENTICATION_TAG_SIZE = 16 ;
static const uint32_t ENCRYPTED_TURTLE_HEADER_SIZE = 4 ;
static const uint32_t ENCRYPTED_TURTLE_EDATA_SIZE = 4 ;
static const uint8_t ENCRYPTED_TURTLE_FORMAT_AEAD_CHACHA20_POLY1305 = 0x01 ;
static const uint8_t ENCRYPTED_TURTLE_FORMAT_AEAD_CHACHA20_SHA256 = 0x02 ;
bool p3turtle::encryptData(const unsigned char *clear_data,uint32_t clear_data_size,uint8_t *encryption_master_key,RsTurtleGenericDataItem *& encrypted_item)
{
uint8_t initialization_vector[ENCRYPTED_TURTLE_INITIALIZATION_VECTOR_SIZE] ;
RSRandom::random_bytes(initialization_vector,ENCRYPTED_TURTLE_INITIALIZATION_VECTOR_SIZE) ;
#ifdef SERVER_DEBUG
TURTLE_DEBUG() << "ftServer::Encrypting ft item." << std::endl;
TURTLE_DEBUG() << " random nonce : " << RsUtil::BinToHex(initialization_vector,ENCRYPTED_TURTLE_INITIALIZATION_VECTOR_SIZE) << std::endl;
#endif
uint32_t item_serialized_size = clear_data_size;//RsGenericSerializer().size(clear_item) ;
uint32_t total_data_size = ENCRYPTED_TURTLE_HEADER_SIZE + ENCRYPTED_TURTLE_INITIALIZATION_VECTOR_SIZE + ENCRYPTED_TURTLE_EDATA_SIZE + item_serialized_size + ENCRYPTED_TURTLE_AUTHENTICATION_TAG_SIZE ;
#ifdef SERVER_DEBUG
TURTLE_DEBUG() << " clear part size : " << size(clear_item) << std::endl;
TURTLE_DEBUG() << " total item size : " << total_data_size << std::endl;
#endif
unsigned char *encrypted_data = NULL ;
uint32_t encrypted_data_len = 0 ;
if(!librs::crypto::encryptAuthenticateData(clear_data,clear_data_size,encryption_master_key,encrypted_data,encrypted_data_len))
{
delete encrypted_item ;
return false ;
}
encrypted_item = new RsTurtleGenericDataItem ;
encrypted_item->data_bytes = rs_malloc( total_data_size ) ;
encrypted_item->data_size = total_data_size ;
if(encrypted_item->data_bytes == NULL)
return false ;
uint8_t *edata = (uint8_t*)encrypted_item->data_bytes ;
uint32_t edata_size = item_serialized_size;
uint32_t offset = 0;
edata[0] = 0xae ;
edata[1] = 0xad ;
edata[2] = ENCRYPTED_TURTLE_FORMAT_AEAD_CHACHA20_SHA256 ; // means AEAD_chacha20_sha256
edata[3] = 0x01 ;
offset += ENCRYPTED_TURTLE_HEADER_SIZE;
uint32_t aad_offset = offset ;
uint32_t aad_size = ENCRYPTED_TURTLE_INITIALIZATION_VECTOR_SIZE + ENCRYPTED_TURTLE_EDATA_SIZE ;
memcpy(&edata[offset], initialization_vector, ENCRYPTED_TURTLE_INITIALIZATION_VECTOR_SIZE) ;
offset += ENCRYPTED_TURTLE_INITIALIZATION_VECTOR_SIZE ;
edata[offset+0] = (edata_size >> 0) & 0xff ;
edata[offset+1] = (edata_size >> 8) & 0xff ;
edata[offset+2] = (edata_size >> 16) & 0xff ;
edata[offset+3] = (edata_size >> 24) & 0xff ;
offset += ENCRYPTED_TURTLE_EDATA_SIZE ;
memcpy(&edata[offset],clear_data,clear_data_size);
#ifdef SERVER_DEBUG
TURTLE_DEBUG() << " clear item : " << RsUtil::BinToHex(&edata[offset],std::min(50,(int)total_data_size-(int)offset)) << "(...)" << std::endl;
#endif
uint32_t clear_item_offset = offset ;
offset += edata_size ;
uint32_t authentication_tag_offset = offset ;
assert(ENCRYPTED_TURTLE_AUTHENTICATION_TAG_SIZE + offset == total_data_size) ;
//uint8_t encryption_key[32] ;
//deriveEncryptionKey(hash,encryption_key) ;
if(edata[2] == ENCRYPTED_TURTLE_FORMAT_AEAD_CHACHA20_POLY1305)
librs::crypto::AEAD_chacha20_poly1305(encryption_master_key,initialization_vector,&edata[clear_item_offset],edata_size, &edata[aad_offset],aad_size, &edata[authentication_tag_offset],true) ;
else if(edata[2] == ENCRYPTED_TURTLE_FORMAT_AEAD_CHACHA20_SHA256)
librs::crypto::AEAD_chacha20_sha256 (encryption_master_key,initialization_vector,&edata[clear_item_offset],edata_size, &edata[aad_offset],aad_size, &edata[authentication_tag_offset],true) ;
else
return false ;
#ifdef SERVER_DEBUG
TURTLE_DEBUG() << " encryption key : " << RsUtil::BinToHex(encryption_key,32) << std::endl;
TURTLE_DEBUG() << " authen. tag : " << RsUtil::BinToHex(&edata[authentication_tag_offset],ENCRYPTED_TURTLE_AUTHENTICATION_TAG_SIZE) << std::endl;
TURTLE_DEBUG() << " final item : " << RsUtil::BinToHex(&edata[0],std::min(50u,total_data_size)) << "(...)" << std::endl;
#endif
return true ;
encrypted_item->data_bytes = encrypted_data ;
encrypted_item->data_size = encrypted_data_len ;
return true;
}
// Decrypts the given item using aead-chacha20-poly1305
bool p3turtle::decryptItem(const RsTurtleGenericDataItem* encrypted_item, uint8_t *encryption_master_key, unsigned char *& decrypted_data, uint32_t& decrypted_data_size)
{
//uint8_t encryption_key[32] ;
//deriveEncryptionKey(hash,encryption_key) ;
uint8_t *edata = (uint8_t*)encrypted_item->data_bytes ;
uint32_t offset = 0;
if(encrypted_item->data_size < ENCRYPTED_TURTLE_HEADER_SIZE + ENCRYPTED_TURTLE_INITIALIZATION_VECTOR_SIZE + ENCRYPTED_TURTLE_EDATA_SIZE) return false ;
if(edata[0] != 0xae) return false ;
if(edata[1] != 0xad) return false ;
if(edata[2] != ENCRYPTED_TURTLE_FORMAT_AEAD_CHACHA20_POLY1305 && edata[2] != ENCRYPTED_TURTLE_FORMAT_AEAD_CHACHA20_SHA256) return false ;
if(edata[3] != 0x01) return false ;
offset += ENCRYPTED_TURTLE_HEADER_SIZE ;
uint32_t aad_offset = offset ;
uint32_t aad_size = ENCRYPTED_TURTLE_EDATA_SIZE + ENCRYPTED_TURTLE_INITIALIZATION_VECTOR_SIZE ;
uint8_t *initialization_vector = &edata[offset] ;
#ifdef SERVER_DEBUG
TURTLE_DEBUG() << "ftServer::decrypting ft item." << std::endl;
TURTLE_DEBUG() << " item data : " << RsUtil::BinToHex(edata,std::min(50u,encrypted_item->data_size)) << "(...)" << std::endl;
TURTLE_DEBUG() << " hash : " << hash << std::endl;
TURTLE_DEBUG() << " encryption key : " << RsUtil::BinToHex(encryption_key,32) << std::endl;
TURTLE_DEBUG() << " random nonce : " << RsUtil::BinToHex(initialization_vector,ENCRYPTED_TURTLE_INITIALIZATION_VECTOR_SIZE) << std::endl;
#endif
offset += ENCRYPTED_TURTLE_INITIALIZATION_VECTOR_SIZE ;
uint32_t edata_size = 0 ;
edata_size += ((uint32_t)edata[offset+0]) << 0 ;
edata_size += ((uint32_t)edata[offset+1]) << 8 ;
edata_size += ((uint32_t)edata[offset+2]) << 16 ;
edata_size += ((uint32_t)edata[offset+3]) << 24 ;
if(edata_size + ENCRYPTED_TURTLE_EDATA_SIZE + ENCRYPTED_TURTLE_AUTHENTICATION_TAG_SIZE + ENCRYPTED_TURTLE_INITIALIZATION_VECTOR_SIZE + ENCRYPTED_TURTLE_HEADER_SIZE != encrypted_item->data_size)
{
TURTLE_ERROR() << " ERROR: encrypted data size is " << edata_size << ", should be " << encrypted_item->data_size - (ENCRYPTED_TURTLE_EDATA_SIZE + ENCRYPTED_TURTLE_AUTHENTICATION_TAG_SIZE + ENCRYPTED_TURTLE_INITIALIZATION_VECTOR_SIZE + ENCRYPTED_TURTLE_HEADER_SIZE ) << std::endl;
return false ;
}
offset += ENCRYPTED_TURTLE_EDATA_SIZE ;
uint32_t clear_item_offset = offset ;
uint32_t authentication_tag_offset = offset + edata_size ;
#ifdef SERVER_DEBUG
TURTLE_DEBUG() << " authen. tag : " << RsUtil::BinToHex(&edata[authentication_tag_offset],ENCRYPTED_TURTLE_AUTHENTICATION_TAG_SIZE) << std::endl;
#endif
bool result ;
if(edata[2] == ENCRYPTED_TURTLE_FORMAT_AEAD_CHACHA20_POLY1305)
result = librs::crypto::AEAD_chacha20_poly1305(encryption_master_key,initialization_vector,&edata[clear_item_offset],edata_size, &edata[aad_offset],aad_size, &edata[authentication_tag_offset],false) ;
else if(edata[2] == ENCRYPTED_TURTLE_FORMAT_AEAD_CHACHA20_SHA256)
result = librs::crypto::AEAD_chacha20_sha256 (encryption_master_key,initialization_vector,&edata[clear_item_offset],edata_size, &edata[aad_offset],aad_size, &edata[authentication_tag_offset],false) ;
else
return false ;
#ifdef SERVER_DEBUG
TURTLE_DEBUG() << " authen. result : " << result << std::endl;
TURTLE_DEBUG() << " decrypted daya : " << RsUtil::BinToHex(&edata[clear_item_offset],std::min(50u,edata_size)) << "(...)" << std::endl;
#endif
if(!result)
{
TURTLE_ERROR() << "(EE) decryption/authentication went wrong." << std::endl;
return false ;
}
decrypted_data_size = edata_size ;
decrypted_data = (unsigned char*)rs_malloc(edata_size) ;
if(decrypted_data == NULL)
{
std::cerr << "Failed to allocate memory for decrypted data chunk of size " << edata_size << std::endl;
return false ;
}
memcpy(decrypted_data,&edata[clear_item_offset],edata_size) ;
return true ;
return librs::crypto::decryptAuthenticateData((unsigned char*)encrypted_item->data_bytes,encrypted_item->data_size,encryption_master_key,decrypted_data,decrypted_data_size);
}
void p3turtle::getInfo( std::vector<std::vector<std::string> >& hashes_info,