-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathckvs_crypto.h
69 lines (62 loc) · 2.46 KB
/
ckvs_crypto.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
/**
* @file ckvs_crypto.h
* @brief client-side cryptographic routines.
*
* Defines the format of the primary in-memory data structure used by the client
*
* @author Edouard Bugnion
*/
#pragma once
#include "ckvs_utils.h"
#define BUFFER_SIZE 2 * CKVS_MAXKEYLEN + 2
/**
* @brief Holds the variables necessary to compute a master key
*/
typedef struct ckvs_memrecord {
ckvs_sha_t stretched_key; /**< SHA256( key + "|" + pwd ) */
ckvs_sha_t auth_key; /**< HMAC-SHA256( key= stretched_key ; "Auth Key" ) */
ckvs_sha_t
c1; /**< HMAC-SHA256( key= stretched_key ; "Master Key Encryption" ) */
ckvs_sha_t master_key; /**< HMAC-SHA256( key= c1 ; c2 ) */
} ckvs_memrecord_t;
/* *************************************************** *
* TODO WEEK 05 *
* *************************************************** */
/**
* @brief Generates stretched_key, auth_key and c1 and stores them into the
* memrecord.
*
* @param mr (struct ckvs_memrecord*) the record which will hold the keys
* @param key (const char*) the key used to compute stretched_key
* @param pwd (const char*) the password used to compute stretched_key
* @return int, error code
*/
int ckvs_client_encrypt_pwd(struct ckvs_memrecord *mr, const char *key,
const char *pwd);
/**
* @brief Generates master key from c1 stored in mr and the given c2.
*
* @param mr (struct ckvs_memrecord*) the record which will hold master_key. It
* must contains c1.
* @param c2 (const struct ckvs_sha*) the value of c2, taken from ckvs_entry
* @return int, error code
*/
int ckvs_client_compute_masterkey(struct ckvs_memrecord *mr,
const struct ckvs_sha *c2);
/**
* @brief Performs symmetric encryption/decryption using AES256_CBC.
*
* @param mr (struct ckvs_memrecord*), must contain the master_key
* @param do_encrypt (int) 1 for encryption, 0 for decryption
* @param inbuf (const unsigned char*) byte array to encrypt/decrypt
* @param inbuflen (size_t) length of inbuf
* @param outbuf (unsigned char*) byte array of length at least
* inbuflen+EVP_MAX_BLOCK_LENGTH
* @param outbuflen (size_t*) actual number of bytes that was written in the
* output
* @return int, error code
*/
int ckvs_client_crypt_value(const struct ckvs_memrecord *mr,
const int do_encrypt, const unsigned char *inbuf,
size_t inbuflen, unsigned char *outbufptr,
size_t *outbuflen);